A malicious user can easily gain access to data on another VLAN to which he is not authorised to access using VLAN hopping. A VLAN Hoping attack can be launched by using a Switch Spoofing or Double Tagging of 802.1q trunking protocol. To have a quick insight into VLAN Hopping, click here.
You can prevent VLAN Hopping in Cisco Switches as follows:
VLAN Hopping is a Layer 2 security exploit by which a malicous user connected to a switchport on a Switch assigned to a VLAN can hop on and gain access to another VLAN which otherwise is not accessible. This security exploit allows the malicous hacker to bypass the IP Securities implemented at Layer 3.
Trunk Ports are switchports on Cisco switches that interconnect switches. The trunk port carries traffic for all the VLans across the switches it interconnects. switchport can be enabled and configured as trunks without much trouble.
The following procedure helps setting a switchport into a Trunk port with 802.1q encapsulation.
Yersinia is a free Network Penetration testing tool used to test and analyse some of the most commonly used protocols on your network. Penetration testing tools of this kind will provide deep insight on network security issues. Yersinia is a UNIX based tool that works on Linux, Solaris 8, FreeBSD.
NOTE: The tool is described as a tool to perform network tests and exercise responsible actions when performing tests which includes obtaining the permission from responsible authorities. DO NOT USE THIS TOOL FOR ANY UNAUTHROSIED HACKING PURPOSES