The Frame Group

ICT and digital transformation services

  • Home
  • Capabilities
  • Industries
  • Case studies
  • Insights
  • About
  • Contact

Tech.Bit: What’s the deal with internal VLANs?

Written by Michael Rutherford

solution graphic

Have you ever seen this command as part of the default configuration of a switch?

vlan internal allocation policy ascending

Let me give you a rundown of what they’re all about …

Switches automatically assign themselves virtual local area network numbers (VLAN) for internal usage.

Funnily enough, these are called ‘internal VLANs’.

Behind the scenes, switches do some sneaky things using internal VLANs

For example, when you convert a Layer 2 switch port into a Layer 3 routed port, the switch really just puts the port into access mode on an automatically generated VLAN. An IP address is then assigned to that VLAN’s switched virtual interface (SVI).

The switch can then route traffic between SVIs as you’d expect when using a regular SVI. This helps to explain why you can’t configure sub-interfaces on a switch. Layer 3 ports essentially run as access ports and send untagged frames.

If you now tried to use this internal VLAN, the switch would reject your command and throw up an error. To free up this VLAN, the Layer 3 port would need to be shutdown.

So that’s what internal VLANs are, but how are they chosen?

They’re always chosen from the extended VLAN range (1006–4095) in a next-available fashion. Depending on the switch model and configuration, it can be chosen from low VLAN numbers and work its way up, or from the high VLAN numbers and work its way down.

Now, without telling you, I bet you can guess what these commands do:

vlan internal allocation policy ascending
vlan internal allocation policy descending

To check the allocated VLANs, just run the show vlan internal usage command.

SW1#show run interface fastethernet 0/3
interface FastEthernet0/3
no switchport
               <<<<<<<< Converted to an L3 port ip address 1.1.1.1 255.255.255.0               <<<<<<<< IP address assigned SW1#show vlan internal usage
VLAN Usage
1006 FastEthernet0/3
               <<<<<<<< Internal VLAN assigned

My recommendation for playing it safe

If you use the extended VLAN numbers, make sure that you’re aware of the allocation policy in use.

This needs to be checked across all platforms as they use different methods for allocation: ascending or descending. If possible, change the policy to descending and stick to the lower VLAN numbers.

About Michael Rutherford

A well-rounded ICT professional, Michael's experience and expertise ranges from designing and implementing defence classified networks to supporting global financial networks.

Read more articles by Michael Rutherford.

Other articles you might like

  • solution graphicWhy containerised data centres are in demand
  • solution graphicHow to manage your data centre assets automatically, using active radio frequency identification (RFID)
  • solution graphicHow to get effective in-building mobile coverage for your business
  • solution graphicWhat will happen to your business data if your cloud storage provider goes bankrupt?

Choose a topic

  • Australian Privacy Act
  • business and ICT operations
  • business process; customer experience
  • cloud
  • connectivity; mobility; the IoT
  • Data breach notification
  • data centres
  • Data privacy
  • Data Protection
  • Data regulation
  • digital; the web
  • EU-GDPR
  • general data protection regulation
  • governance
  • projects; programs
  • Risk and Compliance
  • security
  • strategy
Advice, integrated solutions and services for ICT and digital transformation

Understanding what matters most to your organisation, The Frame Group provides clarity, insight and hands-on delivery of ICT and digital services for better ways of doing business.

Man focusing
Frame makes a difference because we cut through the noise and zero in on what you need.

That’s the advantage of clarity.

Explore Frame’s capabilities

ADVISORY SERVICES
Business consulting
Customer experience
Digital strategy
Governance, risk management and compliance
Process management and optimisation
Smart communities
Strategic portfolio management
ICT consulting
Disaster recovery strategy and planning
Enterprise architecture
ICT frameworks
ICT outsourcing optimisation
ICT sourcing and procurement
ICT strategic planning
ICT AND DIGITAL SOLUTIONS
Cloud solutions
Migration
Orchestration and automation
Strategy
Connectivity solutions
Audio and video
Collaboration
ICT infrastructure
Software-defined X
The Internet of Things
Wireless and mobility
Data centre solutions
Data centre solutions overview
Implementation, relocation, migration and transition
Management and policy
module48 — modular data centre
Sourcing and selection
Strategy and design
Thermal modelling and airflow studies
Information solutions and analytics
Application development and integration
Big data and analytics
Dynamic digital signage
Occu-Pi — meeting room booking system
Security solutions
Assurance strategy
Policy and guidelines
Risk and threat assessment
DELIVERY SERVICES
Managed services
Managed services overview
ICT and digital operations optimisation
ICT and digital support services
Network as a service
Video meeting room as a service
Solution delivery
Program management
Project management
Solution implementation and deployment
Contract Staff
Frame logo

construction icon defence icon education icon finance icon government icon health icon transport icon

Call1300 252 789
Connectlinkedin icon twitter icon mail icon
Careerspeople icon

© The Frame Group Pty Limited 2013–2022   |   ABN 48 095 369 403   |   Privacy statement    |   Terms of use

  • Home
  • Capabilities
  • Industries
  • Case studies
  • Insights
  • About
  • Contact