Devil’s VLAN 666? (NETWORKING/CISCO)
PROBLEM: What the hell stands VLAN 666 for?
SOLUTION: Native VLAN feature!
[?] What is VLAN?
In most of the times, you can observe Vlan1 on your switch to be down / administratively down. And this is fine and correct, simply because of security reasons. Vlan1 is default Vlan so it cannot be deleted, but we can disable it and create another Vlan and force it to behave as the native one. By default, all ports are under Vlan 1, which is a high-security risk, because the attacker can easily connect to the unused port on the switch and start a VLAN hopping attack.
And this is why VLAN 666 comes on the scene (or any other number you would like to use – it’s up to you)! This VLAN should be set as a native one and all unused ports should be assigned to it. It is good to make this VLAN as a disabled and do not use it anyway for other purposes.
It is a very good practice to do this, just during your first trunk configuration. Exclude your “black hole” VLAN 666 from the trunk and your connection becomes more secure.
Switch# conf t
Switch(config)# interface fastEthernet 0/1
Switch(config-if)# switchport trunk native vlan 666
Switch(config-if)# switchport trunk allowed vlan 5,10,15