3

I am connected to 3 layer switch used to create IP subnet-based VLANs. Is there any way to do VLAN hopping? Note that this isn't using 802.1q; it's not port-based L2.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
user1028
  • 437
  • 4
  • 8
  • 14

1 Answers1

2

This can be easy as changing your IP address to one of the other subnets. Since you mentioned that this isn't port-based, then if there is no anti-spoofing rules on that switch you can do vlan hopping just like that. Try various gateways too, e.g. IP address from one LAN, and gateway from another. Sometimes works - on default setup with no filtering or routing policy this is the case on most switches.

You can see one vendor's implementation of subnet-based VLans and how they interact with the switch here starting on page 12: http://www.alliedtelesis.com/media/fount/how_to_note_alliedware_plus/overview_vlans.pdf

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
Andrew Smith
  • 1
  • 1
  • 6
  • 19
  • i tried this but it did not work – user1028 Aug 10 '12 at 09:48
  • i think if i spoofed an ip address, existed in my LAN, then the response packet will be forwarded by the 3 layer switch to that ip i spoofed. right ?! and this will happen due to the routing table in that 3 layer switch. what do u think about that?!!! – user1028 Aug 10 '12 at 11:33