Internal VLANs

By Leonir Hoxha on June 30, 2014 • ( 1 )

All of us or most of us are aware of the famous VLAN types, the Standard and Extended VLAN’s, which to some extent makes sense. The Standard VLAN’s have a range starting from 1 up to 1005 including the last four VLAN’s in the same range for legacy technologies/protocols.

In the other side the Extended range of VLAN’s start from 1006 up to 4094 and not all the time or not everywhere you can use them, this comes with some limitations. For example trying to assign a VLAN number between 1006-4094 in a Layer 2 switchport would most of the time not be allowed, especially in older Cisco Catalyst switches. Anyway to be able to use the Extended VLAN’s one of the solutions is to have the Switch running VTP version 3, and another solution is to use VTP version 2 but the Catalyst switch must be running in VTP Transparent Mode.

I guess that’s something most of us are aware already, however before going to our Topic of today which is the Internal VLAN’s, I assume it’s not a bad idea to recall some high level details about Standard and Extended VLAN’s. Anyway, back to our topic.

Internal VLAN’s simply operate under Extended VLAN’s umbrella, what it exactly means is that the range the Internal VLAN’s uses is 1006-4094. A policy exists as well that specifies if the Internal VLAN’s will use the number’s starting from 1006 up to 4094 (ascending) or starting from 4094 going down to 1006 (descending), and we are able to choose which of them we want to use.

Now, where and how exactly is an Internal VLAN used is an interesting part of the story. Internal VLAN’s are used and created most of the time without our knowledge, kind of behind of the scene task. One of examples might be when we want to use a Catalyst Layer 2 port as a Layer 3 switchport, simply by adding the “no switchport” command under the interface configuration mode. What happens is that first of all STP is disabled in this Port since it’s converted to a L3 Port, by giving you the opportunity to assign an IP address on it, and use it for all other relevant L3 services.

This sounds simple enough, but what really happens is that at the moment when you give the “no switchport” command the Switch automatically creates an Internal VLAN (1006-4094) and uses it as a SVI for routing purposes as well, which means behind the scene the Switch still treats the L3 Switchport as a L2 with SVI capabilities. To see which Internal VLAN your switch assigned to the L3 Switchport after adding the “no switchport” command you can use the “show vlan internal usage“, and you can see which VLAN is used by which L3 switchport.