Hello!,
I have a question about vlan hopping and how to prevent such misconfiguration.
So im using a switch a tp-link sg1016de, the default vlan ids is 1 on the switch, and on the access port I have a OpenWrt router being setup as dumbap.
Vlan 50 is tagged and is for wlan0.
So basically I have 1 as untagged traffic, and 50 as tagged from the switch.
Now my questions:
From what I can find also on the tp-link forums they say I can better set vlan 1 as not a member in the switch, but if I do that the dumbap have no managed internet for opkg etcetera, is this the good way to work around the hopping ?, Or can I tag vlan 1 instead of untagged on that port?, Or should I make a complete new tagged vlan for management?
Note I have not put the wan port of the router in the br-lan bridge because I want it for management purpose, does that mean the switch in the router isolates vlan 1 from vlan 50?
And if I use the untagged ports in a switch to another switch, like trunking 3 vlans with one default untagged vlan id 1, to a other switch does it make it still vulnerable to the clients behind the second switch if the second switch does not untag the default id?
Im trying to understand this correctly I think im making it more complicated than it is.
Thanks😁