Security, WIDS/WIPS and Aruba ECS

Occasional Contributor I

Wireless VLAN hopping

Hi -

Does anyone know if wireless VLAN hopping is feasible or has seen a PoC in the real world?

In wired environments, clients can doubly tag frames. One with the correct VLAN, and one with the target "hopped" VLAN. When the switch processes the correct VLAN, it strips the information, leaving only the target VLAN. Then the client is able to 'hop' onto the target VLAN.

In another scenario, the client is able to spoof a switch that supports trunking and is able to send frames to the target VLAN to be processed by the upstream switch.

Is this technically feasible given the different layer 2 characteristics of Ethernet and wireless? Also, if the option "Preserve Client VLAN" is enabled on the virtual AP profile, could you be opening yourself up to this type of attack?

Guru Elite

Re: Wireless VLAN hopping

We have not seen this on wireless.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: