Virtual Local Area Networks (VLANs) separate broadcast domains for security or performance. Many organizations use VLANs to separate highly sensitive systems from more general networks. This makes the highly sensitive VLANs attractive targets for attackers.

There are two common attacks to perform VLAN hopping: double tagging and switch spoofing.

Double Tagging is used for 802.1Q trunked interfaces. The ethernet frame allows a second VLAN tag in the packet. When the packet is read, the outer tag or service provider tag, is found immediately after the source MAC address and read first. Then, the inner, or customer tag is read second. Attackers will input the native VLAN as the first tag and the target VLAN as the second. The packet will be switched on the native VLAN, then the next switch will read the second tag, allowing the packet to traverse the secure VLAN.

Switch Spoofing makes the attacker's system look like a trunking switch, this allows the system to view traffic sent over other VLANS.