Why doesn't IOS include an ability to disable VTP completely like CatOS?

I'm reading Network Warrior and it looks like CatOS has an option to completely disable VTP with the command being "set vtp mode off". How come, at best you can only set them to transparent mode in IOS? I know that transparent switches forward VTP updates that they recieve to other switches, but why isn't there an option to still disable it completely in IOS?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

veritas_libertas

I was wondering this as well. But how dare we question Cisco's way of doing things?

ChickenNuggetz

veritas_libertas wrote: »

I was wondering this as well. But how dare we question Cisco's way of doing things?

I, for one, welcome our Cisco overlords!

Roguetadhg

There's a lot of "odd ball" things in the IOS.

My personal favorite: access-class for vty, and access-group for interfaces.

...Or the fact for "you can change the TOS value for eigrp's metric weight command - but the reason why it's there has never been implemented, so it's always a 0 value.

Wild-card masks, othertimes Subnet Masks... ya.

martell1000

ciscos official way to "disable" vtp is to put the switch into transparent mode. which is pretty much considered as best practice nowadays. but beware of the vlan.dat which gets rewritten from the startup config everytime you reboot. (we had a nice thread about that yesterday)

CodeBlox

martell1000 wrote: »

ciscos official way to "disable" vtp is to put the switch into transparent mode. which is pretty much considered as best practice nowadays. but beware of the vlan.dat which gets rewritten from the startup config everytime you reboot. (we had a nice thread about that yesterday)

Wait, the VLAN configuration for a transparent switch comes from that switch itself. Stores the configuration in both the running ( and if written to, the startup config ) as well as the vlan.dat file. I tried this just now in PT and the configuration stays, does not appear to be rewriting the vlan.dat file after reboots. Maybe I misunderstand you but I'm not so sure that the vlan.dat file gets rewritten.

Edit: if you simply delete this file, it does get recreated because of the information stored in startup-config. Someone correct me if i'm wrong

EDIT #2 Heh, I guess thats exactly what you said huh... Sorry to repeat you.

martell1000

CodeBlox wrote: »

Wait, the VLAN configuration for a transparent switch comes from that switch itself. Stores the configuration in both the running ( and if written to, the startup config ) as well as the vlan.dat file. I tried this just now in PT and the configuration stays, does not appear to be rewriting the vlan.dat file after reboots. Maybe I misunderstand you but I'm not so sure that the vlan.dat file gets rewritten.

Edit: if you simply delete this file, it does get recreated because of the information stored in startup-config. Someone correct me if i'm wrong

if you delete the vlan.dat it is gone, if you dont clear them out in the startup config aswell the file magicly reappears. so i assume it gets rewritten in the startup process....

CodeBlox

That's what I meant to say, that it's gone. And it comes back because the information is in the startup-config still.

martell1000

right. but till yesterday i wasnt awsre of that. because anytime i had to "clear" a switch i did a write erase and then kicked out the vlan.dat. yesterday i prepared this 2950 for my lab, it looked nice and clean - just a few vlans on it so i decided to just delete the vlan dat.

did this about 5 times in a row till i went here and we discussed this issue over in the other thread. i think its kinda confusing but also good thing to know

DoubleNNs

I'm reading the 100-101 Odom Study guide. (Going over the changes to ICND1 before attempting ICND2) The new exams ignore VTP, however Odom briefly mentions that all the switches used in the examples of his book either have been set to VTP transparent mode, or had VTP disabled w/ the vtp mode off global config command.

Have newer IOS versions enabled the ability to completely disable VTP?

I was extremely confused when I read that line.

(Sorry to bump an old, indirectly relevant thread to ask my question.)

Edit: I don't know what CatOS is.

Dieg0M

I think Cisco is trying to push VTPv3 with IOS. Also, in NX-OS VTP is disabled by default.

DoubleNNs

Disabled or set in transparent mode?

Dieg0M

I believe if VTP feature is not enabled, VTP is disabled (not in transparent mode). I might be wrong though.

networker050184

I believe you are correct Dieg0M. In NX most features are disabled by default and you have to enable the ones you want to use. That is where the licensing comes into play.

DoubleNNs

So NX-OS and CatOS allows VTP to be completely disabled. And it's possible IOS is slowly moving towards adopting that feature as well?

Odom says he has the feature disabled on some of his devices he used when creating the 100-101 book. Is it possoble some IOS devices currently already allow for VTP to be disabled? ("vtp mode off" command)

theodoxa

I would assume that you could block VTP updates from being forwarded with an access-list.

Dieg0M

If you do not want VTP updates to be passed in IOS, just set it to VTPv3 Off Mode.

Magic Johnson

DoubleNNs wrote: »

So NX-OS and CatOS allows VTP to be completely disabled. And it's possible IOS is slowly moving towards adopting that feature as well?

Odom says he has the feature disabled on some of his devices he used when creating the 100-101 book. Is it possoble some IOS devices currently already allow for VTP to be disabled? ("vtp mode off" command)

Can confirm that, but I checked CISCO docs and they say the vtp mode off command is available only on catOS switches.

DoubleNNs

Dieg0M wrote: »

If you do not want VTP updates to be passed in IOS, just set it to VTPv3 Off Mode.

Is this something you can do on all IOS? Prior to that one line in the Odom book, I was udner the belief that the only way you could disable VTP would be to put the switch in VTP Transparent mode, and that there wasn't any commands available to disable it.

But seeing as I'm only a CCENT, admittedly, there's a limit to my knowledge.

Dieg0M

VTPv3 might not have been mentioned in Odom's book because it is fairly new and it is not supported on older platforms like the 2950.

DoubleNNs

Got it. Understood.

Thank you!