I am broading up more this unanswered question: VLAN tagging and access port
Let's assume I am trying to accomplish Double Tagging Attack. From my understanding, prerequisites of this attack is to be connected to access port, which has the same VLAN as Native VLAN on trunk ports.
As an attacker, I create frame with two tags inside. The inner tag being the VLAN of my target and the outer tag being the tag of Native VLAN.
So what happens when access port sees the tagged traffic? It would make sense that it would just discard it, preventing this attack from happening. From the materials what I've seen, switch strips the VLAN tag and since it was native VLAN, it doesn't add new tag on trunk link, therefore it passes my frame with target VLAN, effectively reaching my target.
I would understand that this can happen if I use it with combination of Switch spoofing and creating trunk link between my PC and Switch (using DTP for example). But then, there is no reason to double tag it, because I am on trunk link and there is no need for modification and I can just use my target VLAN.
Can someone clarify this for me?