If a switch dynamically negotiates trunking, and the attacker pretends he is a switch and establishes a trunk to the switch, the attacker can gain access all the VLANs allowed on the trunk port, by simply using the 802.1q trunk tagging. The attacker can now "hop" onto any VLAN that is available on the trunk.
the reason why it works when one pc is on an access port is that access port has to be on the native vlan so the frame isnt taged when it goes over a trunk link.
the pc sends data on the native vlan but places 2 tag's on the frame befoure it is sent out. the first tag being the native vlan and the second being the vlan the attack wants to get to.
so the switch sees the first tag and sees that it has been taged for the native vlan so the switch does what is ment to and removes the tag. but it dosnt remove the second tag. once the frame gets to the other side the switch recives the frame and reads its tag and gets placed onto the other vlan ( the vlan the attacker wants to get to)
hope this helps.
برای جامپ از یک vlan به دیگر vlan ها استفاده میشه و برای اینکه بهتر متوجه بشی میتونی از این لینک استفاده کنی :