Vlan ranges. (Good to know but not really needed most of the time)

Vlan ranges. (Good to know but not really needed most of the time)

by Cyrus Lok on Monday, August 9, 2010 at 11:56pm
0, 4095
0 is a default vlan for voice, if there’s no voice vlan defined by administrator, vlan 0 will be the assumed vlan for voice.
These two numbers are used by System and they are invisible, you cannot see these using sh vlan brief.
These two vlans do not propagate and cannot be created and deleted. It is just invisible.

default vlan for switches, cannot be deleted, can be propagated and use by administrator. Good for hackers to do double tagging attack.

2 – 1001
These are the truly usable vlan ids for your access ports. VTP version 1 and 2 supports these ids. Version 2 has vlan database consistency checking and transparent mode forwards vtp even if it comes from different domain.

1002 – 1005
Reserved for legacy ring protocol: FDDI and token ring. Cannot be deleted, they are in the switch already.

1006 – 1024
Reserved. Used by system only. Cannot be used or seen.

1025 – 4094
Extended vlan ranges. VTP version 1 and 2 do not support extended vlan range. Version 3 supports extended range propagation. Hence to configure extended vlans administrator has to configure vtp v1 or v2 to transparent mode. Administrator can only configure extended range manually.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s