VLANs offer segmentation—but they’re not invulnerable. In this episode, we look at how attackers can bypass VLAN boundaries using VLAN hopping techniques like double-tagging and switch spoofing. You’ll learn how misconfigured trunk ports, native VLANs, and default switch behaviors create opportunities for unauthorized access between VLANs.

We also explore other Layer 2 vulnerabilities, including MAC flooding and CAM table exhaustion, which can disrupt switch behavior or enable packet sniffing. The episode includes hardening tips like disabling unused ports, setting the native VLAN to an unused ID, and restricting VLAN access to known interfaces. This is essential material for defending against internal threats and securing your switch infrastructure.