From: Anderson Mota Alves (mota_anderson@hotmail.com)
Date: Tue Dec 18 2007 - 14:34:22 ART
Hi guys,
The concept I have about vlan hopping is that basically you disable DTP in a
cisco to not let the attacker change the port to a trunk and the second method
that can be used is to avoid the attacker to send traffic from one switch to
another using two 802.1Q tags one for the attacking switch and the other for
the victim and in a 802.1Q it goes under native (untagged packet) so my
question is.
Imagine I have in my company the need to configure a port in trunk mode with
voice going to one vlan and data to another, let's say data for vlan 45 and
voice vlan 50.
I would do something like this:
int fa0/0
switchport trunk encapsulation dot1q
switchport mode trunk
no switchport negotiation
switchport voice vlan 50
switchport access vlan 50
switchport trunk vlan native 500
my question is that my config above would be a better approach, also if
putting the native vlan in the router in a vlan that doesn't exist in the
switch or without ports assign into it would avoid the two tagging of 802.1Q.
Could someone shed a light here since I've been reading forums and books and
I'm still confused about it.
Thanks a million
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST