vlan hopping

[New2Opn]

A friend was telling me vLAN hopping makes vLAN generally ineffective. However, I was reading a little about vLAN hopping the other day and it seems this can be mitigated if vlans are configured in a particular manner.  Essentially, it said: "Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use".

Are standard vlans, created in OPNsense, vulnerable to vlan hopping? If so, is there a way to set up Opnsense vlans as described above?

[Patrick M. Hausen]

Are standard vlans, created in OPNsense, vulnerable to vlan hopping?

No. All mentioned mitigations apply to switches. Badly configured ones, if they use e.g. dynamic trunking.

[netnut]

A friend was telling me vLAN hopping makes vLAN generally ineffective.

I hope it's a nice friend to drink a beer with, but don't listen to his network advice ;-)

However, I was reading a little about vLAN hopping the other day and it seems this can be mitigated if vlans are configured in a particular manner.  Essentially, it said: "Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use".

DTP or MVRP are other concerns than your initial statement, your last sentence however is a best practice which is preached in multiple ways throughout this forum (or better, don't use Native VLAN by default if you can).
So buy a decent switch and configure trunk ports with tagged VLAN's only and you're fine.

Are standard vlans, created in OPNsense, vulnerable to vlan hopping? If so, is there a way to set up Opnsense vlans as described above?

VLAN's aren't vulnerable to anything, certain (switch) configurations and or make/models (handling VLANs wrong) are.