VLAN Hopping & Switch Security

VLANs are the segmentation almost every defence quietly leans on — "those hosts are on a different VLAN, they can't reach us." VLAN hopping is what happens when that assumption is wrong. Two techniques — tricking a switch into trunking, and stacking two 802.1Q tags so the second one survives — let a frame jump out of its VLAN. Here is how 802.1Q tagging works, both hops in detail, the wider switch attacks that ride alongside them, and the small config checklist that shuts the whole lot down.