Any traffic between VLANs must pass through a router or other layer 3 devices. VLANs are configured for a variety of reasons, including security. An attacker can, however, circumvent these security measures through a technique known as 'VLAN Hopping.'
The following mitigations can be used to prevent VLAN hopping from being exploited: Disable DTP to ensure that ports are not set to automatically negotiate trunks: NEVER EVER Unused ports should be disabled and placed in an unused VLAN. All trunk ports should have their own VLAN ID.
Despite the fact that regular network traffic over a trunk connection requires a VLAN tag in the headers, switch-to-switch control-plane communication does not. Because native VLANs are processed/interpreted by the switch, this is where VLAN 1 becomes a problem.
Cyber Forensics Masterclass with Hands on learning