EXTENDED & VOICE VLAN

Extended VLAN:

- Historically, Cisco Catalyst switches have supported only up to 1024 VLANs

- ISL uses 10-bit VLAN ID which supports up to 1024 VLAN

- 802.1Q includes a 12-bit VLAN ID which supports upto 4096 VLAN

- Cisco refers to the VLANs between 1025 to 4096 as extended-range VLANs

Cisco catalyst switches support extended-range VLANs under the following restrictions,

VTP cannot be used for VLAN management

VTP must be configured in transparent mode or off

Only Ethernet VLANs are supported

INTER VLAN ROUTING

Inter-VLAN: 

It allows the users from one VLAN to access resources of other VLANs.

Requirements:

- Need at-least one router

- Every VLAN must have a default gateway

Inter-VLAN Routing Methods:

- Separate physical gateway on router

- Using sub-interface

- Using Layer3 switch

Inter-VLAN routing using separate interface:

Lab:

Inter-VLAN routing using sub-interface:

Lab:

Inter-VLAN routing using Multi-Layer Switching:

- Need at-least one Multi-layer switche

- Gateway using SVI(Switch Virtual Interface) interfaces

- Enable IP routing on switch

Lab: 

Native VLAN:

- If a packet is received on a dot1q link, that does not have VLAN tagged, it assumes that it belongs to native VLAN

- Default native vlan is VLAN 1

Native VLAN best practices:

- Best practice is to configure the Native VLAN ID to VLAN 666 and to ensure that this VLAN is not used anywhere in the network

- No ports should be assigned to the native VLAN

- An attacker who attempts to use the VLAN hopping attack will end up in a dead VLAN that has no hosts to leverage

Lab: