Hi Prince,
Normally when a switch receives a tagged frame, it will remove the tag and then forwards it on access interfaces or other trunks. If it is sent on other trunk interfaces, then it will be tagged again.
With VLAN hopping, the VLAN of the attacker has to be the same as the native VLAN on the trunk. Here’s what happens:
- The attacker sends a double tagged frame, an inner (20) and outer (1) VLAN tag. The outer tag matches the native VLAN of the trunk.
- The switch receives the double tagged frame, looks at the outer VLAN (1) tag and removes it.
- The switch forwards the frame on all interfaces that belong to the native VLAN (1), this includes trunks.
- The frame (with one tag left) is forwarded to the other switch, which looks at the VLAN (2) tag and forwards it on all interfaces that belong to that VLAN 20.
Rene