The fairy tale of the VLAN internal allocation policy

glitchlist Blog Leave a Comment

Once upon a time there was a Cisco switch called CatOS, it had the power to transform its ports into a layer3 links, But it had a secret …

…and yes the secret is this:

vlan internal allocation policy ascending

This conf command! You can find him in CatOS and on more recent IOS Cisco firmware.

When we configure a routed-port on a switch:

CatLab01(config)#int gi0/3
CatLab01(config-if)#no switchport
CatLab01(config-if)#ip address

We tell our L2 device to act as a router on that port. But the Switch is not a Router so it may have a dedicated L2 VLAN to segregate the broadcast domain.

We can decide only ascending (from 1006 to 4094) or descending (from 4094 to 1006) VLAN id of the policy but we will never see them in our vlan-database. If we accidentally overlap these reserved VLANs we receive this message:

%Failed to create VLANs 1006
VLAN(s) not available in Port Manager.
%Failed to commit extended VLAN(s) changes.

The only way to verify the use of internal vlan is the following command:

CatLab01#sh vlan internal usage 

VLAN Usage
---- --------------------
1006 GigabitEthernet0/3

REMEMBER when you do vlan planning!


.glitchlist crew

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.