If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?

If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack?
A . The trunk port would go into an error-disabled state.
B . A VLAN hopping attack would be successful.
C . A VLAN hopping attack would be prevented.
D . The attacked VLAN will be pruned.

View Answer

Answer: C

Explanation:

VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging.

Double Tagging can only be exploited when switches use "Native VLANs". Double Tagging can be mitigated by either one of the following actions:

+ Simply do not put any hosts on VLAN 1 (The default VLAN)

+ Change the native VLAN on all trunk ports to an unused VLAN ID

Source: https://en.wikipedia.org/wiki/VLAN_hopping