VLAN Hopping

VLAN Hopping

VLAN hopping involves plugging into a less sensitive VLAN, for example an end user port and attempting to switch (hop) into more sensitive networks, such as management networks. Typically management networks have far greater access to network ranges, devices and could bypass user restrictions.

We offer network VLAN hopping and segregation testing to establish if users are able to access more sensitive networks.


VLAN Hopping is the process of testing separation between networks. This is typically conducted between less sensitive networks, such as the internal corporate network and more sensitive networks such as management networks or cardholder data environments (CDE).

VLAN Hopping combines the assessment of traffic sniffing and modifying of network protocols, to bypass the security controls of the VLAN.

Armadillo Sec specialise in this area and are the authors of the Frogger VLAN hopping tool, which is used to test for VLAN hopping by pentesters worldwide. We have also presented on new methods at the 44Con security conference on VLAN testing.

For complete assurance any VLAN testing should also be combined with switch configuration reviews of the complete running config export. VLAN Hopping is port specific, so unless every switch port is tested, complete assurance is not possible.

VLAN Hopping testing checks the networks devices and procotols are configured in line with security best practice and that there are no miss-configurations that could leave the network or device vulnerably.  If vulnerabilities are found these can be rectified before an attack or security breach occurs.

Network security reviews and testing will enable you to:

  • Manage vulnerabilities
  • Identify any security configuration issues
  • Standardise build procedures for devices
  • Avoid extra cost and reputation damage from a security breach
  • Provide evidence of compliance with regulatory and certification standards
  • Provide assurance to customers and suppliers that their data is secure

Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.

Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.

VLAN Hopping | Segregation Testing
Accredited Company
Certified Testers
Security Cleared Staff
No Cancellation Fees
Report Walk Through

Frequently Asked Questions

A typical penetration test normally targets a group of systems or applications and does not always include a detailed configuration build review of the operating system itself.

Penetration testing tends to look for vulnerabilities across multiple systems, whereas VLAN Hopping assessments only focus is to test separation between VLANs.

All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.

CREST CertificationsCertified Testers
Practitioner Security Analysts
Registered Penetration Testers
Certified Web Application Testers
Certified Infrastructure Testers
Certified Simulated Attack Specialist
Certified Simulated Attack Manager

crest approved

Our CREST member status can be viewed, along with the certified tester types we have on the below link:


Our testers are also CHECK Team Leaders (CTL's)  or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.

CHECK StatusCertified Testers
CHECK Team Member (CTM)
CHECK Team Leader (CTL) - Infrastructure
CHECK Team Leader (CTL) - Applications

Our CHECK status can be viewed on the below link: 


It is recommended that VLAN Hopping testing is conducted annually as cyber threats are constantly evolving.

If major changes are made to the the network design or infrastructure, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new configuration issues or vulnerabilities into the environment.

Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.

VLAN Hopping testing prices are based on the number of devices or networks that are required to be reviewed, therefore there is not an off-the-shelf price for VLAN Hopping testing.

For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.

We supply a full network security review report, which covers the following:

  • Executive management summary - Non technical overview of issues for management board level
  • Detailed technical findings - A complete list of all issues identified
  • Affected devices - A list of all devices/networks affected, including any associated information
  • Risk level - Impact, likelihood and overall risk ratings are listed for each issue
  • Examples - Output or screenshots to demonstrate the issue
  • Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist

A sample report can be supplied upon request.

We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.

We offer the full range of cyber security testing services

Ready to discuss your project?

misson banner scs
VLAN Hopping | Segregation Testing