VLAN hopping bypasses VLAN segmentation using switch spoofing (attacker becomes a trunk port) or double tagging (crafting frames with two 802.1Q tags).
Prevention: disable DTP (Dynamic Trunking Protocol) on access ports, use dedicated native VLANs, never put user devices on the native VLAN. VLAN hopping is why VLANs alone aren't sufficient — add firewall controls.