How can you mitigate attacks in which the attacker attaches more than one VLAN tag to a packet?

– by 5

How can you mitigate attacks in which the attacker attaches more than one VLAN tag to a packet?
A. Assign an access VLAN to every active port on the switch.
B. Enable transparent VTP on the switch.
C. Explicitly identify each VLAN allowed across the trunk.
D. Disable EtherChannel on the switch.

cisco-exams

5 thoughts on “How can you mitigate attacks in which the attacker attaches more than one VLAN tag to a packet?

  2. Double Tagging can be mitigated by any of the following actions (Incl. IOS example):

    Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1 to every access port
    Switch(config-if)# switchport access vlan 2

    Change the native VLAN on all trunk ports to an unused VLAN ID.
    Switch(config-if)# switchport trunk native vlan 999

    Explicit tagging of the native VLAN on all trunk ports. Must be configured on all switches in network autonomy.
    Switch(config)# vlan dot1q tag native

    Reply

  3. Maybe A is the right answer because Double Tagging can be mitigated by move all ports off VLAN 1 (The default VLAN).

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.