How to Configure VLAN Hopping for Cisco Switches on Attack Prevention

Text-only Preview

How to Configure VLAN
Hopping for Cisco Switch
http://www.router-switch.com/

VLAN Hopping

VLAN hopping (virtual local area network
hopping) is a method of attacking a network
by sending packets to a port that is not
normally accessible from a given end system.

The basic concept behind all VLAN hopping
attacks is for an attacking host on a VLAN to
gain access to traffic on other VLANs that
would normally not be accessible. There are
two primary methods of VLAN hopping:
switch spoofing and double tagging. Following
the easy steps to configure VLAN Hopping for
Cisco Switches on Attack Prevention.



Switch-1 (config)# vtp mode server

Switch-1 (config)# vtp domain rt

Switch-1 (config)#vtp pruning

Switch-1 (config)#vtp version 2

Switch-1 (config)#vtp password cisco

Switch-1(config)# vlan 99

Switch-1(config)# vlan 10

Switch-1(config-vlan)# name yanfa

Switch-1(config)#interface fastethernet 0/1

Switch-1(config-if)# switchport mode access

Switch-1(config-if)# switchport access vlan 10

Switch-1(config)# vlan 20

Switch-1(config-vlan)# name renshi

Switch-1(config)#interface fastethernet 0/2

Switch-1(config-if)# switchport mode access

Switch-1(config-if)# switchport access vlan 20

Switch-1(config)#interface fastethernet 0/24

Switch-1(config-if)#shutdown

Switch-1(config-if)#switchport trunk encapsulation dot1q

Switch-1(config-if)#switchport trunk allowed vlan 99,10,20

Switch-1(config-if)#switchport mode trunk

Switch-1(config-if)#switchport trunk native vlan 99

Switch-1(config-if)#switchport nonegotiate

Switch-1(config-if)#no shutdown


Switch-2 (config)#vtp domain rt

Switch-2 (config)#vtp password cisco

Switch-2 (config)#vtp pruning

Switch-2 (config)#vtp version 2

Switch-2 (config)#vtp mode client

Switch-2(config)#interface fastethernet 0/1

Switch-2 (config-if)# switchport mode access

Switch-2 (config-if)# switchport access vlan 10

Switch-2(config)#interface fastethernet 0/2

Switch-2 (config-if)# switchport mode access

Switch-2 (config-if)# switchport access vlan 20

Switch-2(config)#interface fastethernet 0/24

Switch-2(config-if)#shutdown

Switch-2(config-if)#switchport trunk encapsulation dot1q

Switch-2(config-if)#switchport trunk allowed vlan 99,10,20

Switch-2(config-if)#switchport mode trunk

Switch-2(config-if)#switchport trunk native vlan 99

Switch-2(config-if)#switchport nonegotiate

Switch-2(config-if)#no shutdown

VLAN Hopping Function
VLAN hopping can be used to steal
passwords and other sensitive
information from specific network
subscribers. VLAN hopping can also be
used to modify, corrupt, or delete data,
install spyware or other malware
programs, and propagate viruses, worms,
and Trojans throughout a network.
This example can be applied to all the
Cisco switches, like Catalyst 2960, 3560
series switch, Cisco 3750X, 3850 Cisco, etc.

Contact Us:
Website: http://www.router-
switch.com/
Tel: +1-626-239-8066 (USA)
+852-
9795-4940 / +852-3174-6166 (Hong
Kong)
Fax: +852-3050-1066 (Hong Kong)
Email: [email protected] (Sales
Inquiries)