Standard VLANs
Range 1-1005
When using Server or Client mode for VTP, this information is saved in the VLAN database. However, both the database and the running configuration file will store the VLANs when the mode is set to Transparent.
Includes a couple of Cisco switch-specific VLANs:
VLAN 1 – This is the default access VLAN and is native VLAN by default
The fact that it is used for some control plane traffic ( includes CDP, VTP, and PAgP )makes it impossible to delete. This Vlan can be manually pruned from Trunks. This vlan cannot be pruned by VTP. It is recommended that port assignments should not be made using VLAN 1, as this is not the best practice. Altering the default behavior and utilizing a different VLAN as the native VLAN on trunk ports is another thing you should consider.
VLANs 1002-1005 – Token Ring and FDDI are examples of legacy applications that employ these VLANs. These VLANs cannot be removed but can be manually pruned. This range of VLANs cannot be pruned by VTP & should not be used for port assignments.
Extended VLANs
Range from 1006 to 4094
- Only when the switch is set to transparent mode can VTP versions 1 and 2 be utilized.
- It is compatible with VTP version 3.
- This range of Vlans are saved in the running configuration.
- There are some extended VLANs that can only be used for internal VLANs. If you try to make a VLAN that already exists as an internal VLAN, you will get an error message.
Internal VLANs
These VLANs are reserved for internal applications. Ports that are routed typically make use of this. An internal vlan is created in the extended range whenever a layer 3 port is formed. You may view all of the active internal VLANs by using the “show vlan internal usage” command. You can observe below that we established an internal VLAN after making a routed port in this example.
Switch#show vlan internal usage
VLAN Usage
---- --------------------
Switch(config)#int Et0/3
Switch(config-if)#no switchport
Switch(config-if)#ip address 10.10.1.1 255.255.255.0
Switch(config-if)#no shu
Switch(config-if)#no shutdown
Switch(config-if)#end
Switch#show vlan internal usage
VLAN Usage
---- --------------------
1006 Ethernet0/3
As you can see, this switch’s initial internal VLAN is 1006.
Voice VLAN
The ability to use a single interface for both data and voice traffic is made possible by voice VLANs. When two devices, such a phone and a computer, are connected via a switch, this happens frequently. In order to distinguish between voice and data traffic, Voice VLAN establishes a dedicated trunk. Because of this, the switch can also get CoS values from the phone.
Keep in mind that the switch will recognize the phone and send instructions to the phone to set up the port via CDP.
This is an example of a basic configuration:
Switch(config)#int Et0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 101
Switch(config-if)#switchport voice vlan 201
We are able to observe that the interface is now visible under both VLANs by examining the results of the show vlan short command. When compared to regular 802.1Q trunks, which do not show up in the output at all, this is a significant difference.
Switch#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
100 PC's active Et0/0, Et0/1
101 VLAN0101 active Et0/2
201 VLAN0201 active Et0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
There are a few different options available for the switchport voice vlan command; however, the one that we used in this example is the one that is most frequently used.
- switchport voice vlan #: This command will configure the phone to use a specific VLAN for all voice traffic. By default, the voice traffic will be sent with a priority of 5.
- switchport voice vlan dot1p: The command will tag the Voice traffic with VLAN 0 & will carry the CoS priority.
- switchport voice vlan none: This is the default. The port is not a trunk, and it sends all data on the access VLAN that was set up.
- switchport voice vlan untagged: The voice traffic will not be tagged on the switchport but the port will carry CoS priority bits.
Private VLANs
Cisco switches include a layer 2 security feature called private VLANs. There are two main uses of them:
- Instead of configuring a whole VLAN for every customer, service providers can install just one port per customer and still segment their traffic.
- A better way to manage IP blocks and avoid wasting addresses is using private VLANs, which let numerous VLANs share a single subnet.