Rainer Nagel wrote: > Hi Tomfi, > > On Tue, Aug 07, 2007 at 09:07:48AM +0200, tomfi wrote: > >> Yes at this point you must "only" strongly remember that it is >> default/native vlan so not so secure (people are not error prune :) ) >> I think one of good practices is to use this vlan as "guest vlan". > > Good practice is, not to use it. > In addition the native vlan on links between your switches > (infrastructure devices) should be different than that on links between > your switches and connected hosts if these get trunks. > Than double tagging VLAN hopping is prevented. > > Ciao Sorry but I must say your interpretation is not correct ... even whorse is Vlan hooping helper... if you have not consistent native vlan across all trunks you are nice to your hackers...
maybe it is only English language problem ... see this page, there are anti Vlan hooping practices: http://www.ciscopress.com/articles/article.asp?p=474239&seqNum=2&rl=1 section Mitigating VLAN Hopping Attacks PS: I thing you ware trying to mention that dont use native vlan on trunks same as native vlan on access ports. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
