switch
double shooting
he hacker stacks VLAN tags in Ethernet frames. When the first, legitimate tag is removed by a switch, the second, illegitimate tag is revealed, tricking a switch into forwarding the transmission on to a restricted VLAN.
trunking
A single switch can support traffic belonging to several VLANs across the network, thanks to the technique known as trunking.
switch spoofing
An attacker connects to a switch and then makes the connection look to the switch as if it's a trunk line. The switch might autoconfigure its port into trunk mode when it detects trunk mode on the other end of the connection. A hacker can then feed his own VLAN traffic into that port and access VLANs throughout the network.
Trunk Port
Connects the switch to a router or another switch (or possibly a server). This interface manages traffic from multiple VLANs (see Figure 8-23). A trunk line (or just "trunk") is a link between two trunk ports.
• access port
Connects the switch to an endpoint, such as a workstation. The computer connected to an access port does not know which VLAN it belongs to, nor can it recognize other VLANs on the same switch.
VlN Hooping
Hackers sometimes take advantage of the way VLANs are tagged to implement an attack called VLAN hopping. The attacker generates transmissions that appear, to the switch, to belong to a protected VLAN, then crosses VLANs to access sensitive data or inject harmful software.