Security, WIDS/WIPS and Aruba ECS

Occasional Contributor I

Wireless VLAN hopping

Hi -

Does anyone know if wireless VLAN hopping is feasible or has seen a PoC in the real world?

In wired environments, clients can doubly tag frames. One with the correct VLAN, and one with the target "hopped" VLAN. When the switch processes the correct VLAN, it strips the information, leaving only the target VLAN. Then the client is able to 'hop' onto the target VLAN.

In another scenario, the client is able to spoof a switch that supports trunking and is able to send frames to the target VLAN to be processed by the upstream switch.

Is this technically feasible given the different layer 2 characteristics of Ethernet and wireless? Also, if the option "Preserve Client VLAN" is enabled on the virtual AP profile, could you be opening yourself up to this type of attack?

Guru Elite

Re: Wireless VLAN hopping

We have not seen this on wireless.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide