Double tagging attack

A type of VLAN hopping attack aimed at gaining unauthorized access to a VLAN. A data packet containing two VLAN tags is sent to a port accessible to the attackers, one tag belonging to a segment they can access, the other pointing to the closed target network. The first router to receive the packet checks and removes the attacker’s VLAN tag, and the data is transmitted to the second switch as a legitimate packet for the VLAN being attacked.