What is the behavior of an access port when a tagged packet is received?
Answers
Answered by
0
1q tag on access switchport
Hello Mate,
>> This is probably a security feature to disallow injection of tagged frames into the network on ports where no tagging is expected at all.
yes a countermeasure to dual vlan hopping attack where the external vlan tag is equal to the access vlan id on the port.
I would add that older switches like a C5500 CATOS accept tagged frames with any vlan-id defined on the switch allowing for single vlan hopping attack.
an 802.1Q haeder with all zeroes would mean vlan-id = 0 802.1P bits =0 and canonical format indicator = 0 => ethernet so yes it would be a good match for voice-vlan 802.1p command on the switchport
I was used to the behaviour you have described in first two bullets.
I Hope it help.~♥~
Similar questions