Designated VLANs

The switch uses these static, port-based VLAN types to separate switch management traffic from other network traffic. While these VLANs are not limited to management traffic, they provide improved security and availability.

Default VLAN:

This port-based VLAN is always present in the switch and, in the default configuration, includes all ports as members. See VLAN support and the default VLAN.

Except for an IP address and subnet, no configuration steps are needed.

A switch in the default VLAN configuration

In this example, devices connected to these ports are in the same broadcast domain.

Primary VLAN:

The switch uses this port-based VLAN to run certain features and management functions, including DHCP/Bootp responses for switch management. In the default configuration, the Default VLAN is also the Primary VLAN. However, any port-based, non-default VLAN can be designated the Primary VLAN. See The primary VLAN.

Secure Management VLAN:

This optional, port-based VLAN establishes an isolated network for managing switches that support this feature. Access to this VLAN and to the switch's management functions are available only through ports configured as members. See The primary VLAN.

Voice VLANs:

This optional, port-based VLAN type enables separating, prioritizing, and authenticating voice traffic moving through your network, avoiding the possibility of broadcast storms affecting VoIP Voice-over-IP) operation. See Using voice VLANs.


In a multiple-VLAN environment that includes older switch models there may be problems related to the same MAC address appearing on different ports and VLANs on the same switch. In such cases, the solution is to impose cabling and VLAN restrictions. For more on this topic, see Multiple VLAN considerations.