CompTIA Network+ Practice Test

How can you prevent attacks that utilize double tagging?

• A. Use a greater number of VLANs
• B. Change the native VLAN ID and force tagging
• C. Disable all VLAN traffic
• D. Increase the switch’s broadcast data rate

The correct answer is: Change the native VLAN ID and force tagging

Changing the native VLAN ID and forcing tagging is an effective method for preventing attacks that utilize double tagging. Double tagging attacks typically exploit the way switches handle VLAN tags. In such an attack, an attacker sends frames that contain two VLAN tags. When these frames reach a switch, the first tag can be stripped off, allowing the packet to be forwarded to a different VLAN than intended. By changing the native VLAN ID, you ensure that the default native VLAN (which is typically VLAN 1) is not used, thereby making it more challenging for an attacker to guess the native VLAN that their double-tagged frames would need to reach. Additionally, forcing tagging means that all VLAN traffic must be tagged, which reduces the risk of untagged frames being processed in ways that can be exploited by attackers. For other approaches, simply using a greater number of VLANs, disabling all VLAN traffic, or increasing the switch’s broadcast data rate do not directly address the vulnerabilities associated with double tagging. They either do not alter the behavior of VLAN management in relation to tagging or actually inhibit the necessary functions of VLANs, without providing a tangible security benefit against this specific attack vector. Therefore, adjusting the native VLAN ID and enforcing tagging protocols directly tackles the root of the double tagging