The Frame Group

ICT and digital transformation services

Tech.Bit: What’s the deal with internal VLANs?

Written by

solution graphic

Have you ever seen this command as part of the default configuration of a switch?

vlan internal allocation policy ascending

Let me give you a rundown of what they’re all about …

Switches automatically assign themselves virtual local area network numbers (VLAN) for internal usage.

Funnily enough, these are called ‘internal VLANs’.

Behind the scenes, switches do some sneaky things using internal VLANs

For example, when you convert a Layer 2 switch port into a Layer 3 routed port, the switch really just puts the port into access mode on an automatically generated VLAN. An IP address is then assigned to that VLAN’s switched virtual interface (SVI).

The switch can then route traffic between SVIs as you’d expect when using a regular SVI. This helps to explain why you can’t configure sub-interfaces on a switch. Layer 3 ports essentially run as access ports and send untagged frames.

If you now tried to use this internal VLAN, the switch would reject your command and throw up an error. To free up this VLAN, the Layer 3 port would need to be shutdown.

So that’s what internal VLANs are, but how are they chosen?

They’re always chosen from the extended VLAN range (1006–4095) in a next-available fashion. Depending on the switch model and configuration, it can be chosen from low VLAN numbers and work its way up, or from the high VLAN numbers and work its way down.

Now, without telling you, I bet you can guess what these commands do:

vlan internal allocation policy ascending
vlan internal allocation policy descending

To check the allocated VLANs, just run the show vlan internal usage command.

SW1#show run interface fastethernet 0/3
interface FastEthernet0/3
no switchport               <<<<<<<< Converted to an L3 port ip address 1.1.1.1 255.255.255.0               <<<<<<<< IP address assigned SW1#show vlan internal usage
VLAN Usage
1006 FastEthernet0/3               <<<<<<<< Internal VLAN assigned

My recommendation for playing it safe

If you use the extended VLAN numbers, make sure that you’re aware of the allocation policy in use.

This needs to be checked across all platforms as they use different methods for allocation: ascending or descending. If possible, change the policy to descending and stick to the lower VLAN numbers.

Other articles you might like

Frame logo

construction icon defence icon education icon finance icon government icon health icon transport icon

Call1300 252 789
Connectlinkedin icon twitter icon mail icon
Careerspeople icon