First page Back Continue Last page Image
VLAN Double-Tagging Attacks
- Step 1: Attacker sends a double-tagged 802.1Q frame to switch
- Step 3: The second switch looks only at the inner 802.1Q tag and sees that the frame is destined the target VLAN
- Step 4: The second switch sends the frame on to the target
Step 2: First switch, processes first 4-byte 802.1Q tag
The switch forwards the packet out all native VLAN ports after stripping the VLAN tag
The frame is not retagged, it is part of the native VLAN
At this point, the inner VLAN tag is still intact