Why doesn't IOS include an ability to disable VTP completely like CatOS?

CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
I'm reading Network Warrior and it looks like CatOS has an option to completely disable VTP with the command being "set vtp mode off". How come, at best you can only set them to transparent mode in IOS? I know that transparent switches forward VTP updates that they recieve to other switches, but why isn't there an option to still disable it completely in IOS?
Currently reading: Network Warrior, Unix Network Programming by Richard Stevens

Comments

  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    I was wondering this as well. But how dare we question Cisco's way of doing things? ;)
  • ChickenNuggetzChickenNuggetz Member Posts: 284
    I was wondering this as well. But how dare we question Cisco's way of doing things? ;)

    I, for one, welcome our Cisco overlords!
    :study: Currently Reading: Red Hat Certified Systems Administrator and Engineer by Ashgar Ghori

    Certifications: CCENT; CCNA: R&S; Security+

    Next up: RHCSA
  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    There's a lot of "odd ball" things in the IOS.

    My personal favorite: access-class for vty, and access-group for interfaces.

    ...Or the fact for "you can change the TOS value for eigrp's metric weight command - but the reason why it's there has never been implemented, so it's always a 0 value.

    Wild-card masks, othertimes Subnet Masks... ya.
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • martell1000martell1000 Member Posts: 389
    ciscos official way to "disable" vtp is to put the switch into transparent mode. which is pretty much considered as best practice nowadays. but beware of the vlan.dat which gets rewritten from the startup config everytime you reboot. (we had a nice thread about that yesterday)
    And then, I started a blog ...
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    ciscos official way to "disable" vtp is to put the switch into transparent mode. which is pretty much considered as best practice nowadays. but beware of the vlan.dat which gets rewritten from the startup config everytime you reboot. (we had a nice thread about that yesterday)
    Wait, the VLAN configuration for a transparent switch comes from that switch itself. Stores the configuration in both the running ( and if written to, the startup config ) as well as the vlan.dat file. I tried this just now in PT and the configuration stays, does not appear to be rewriting the vlan.dat file after reboots. Maybe I misunderstand you but I'm not so sure that the vlan.dat file gets rewritten.

    Edit: if you simply delete this file, it does get recreated because of the information stored in startup-config. Someone correct me if i'm wrong

    EDIT #2 Heh, I guess thats exactly what you said huh... Sorry to repeat you.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • martell1000martell1000 Member Posts: 389
    CodeBlox wrote: »
    Wait, the VLAN configuration for a transparent switch comes from that switch itself. Stores the configuration in both the running ( and if written to, the startup config ) as well as the vlan.dat file. I tried this just now in PT and the configuration stays, does not appear to be rewriting the vlan.dat file after reboots. Maybe I misunderstand you but I'm not so sure that the vlan.dat file gets rewritten.

    Edit: if you simply delete this file, it does get recreated because of the information stored in startup-config. Someone correct me if i'm wrong

    if you delete the vlan.dat it is gone, if you dont clear them out in the startup config aswell the file magicly reappears. so i assume it gets rewritten in the startup process....
    And then, I started a blog ...
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    That's what I meant to say, that it's gone. And it comes back because the information is in the startup-config still.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • martell1000martell1000 Member Posts: 389
    right. but till yesterday i wasnt awsre of that. because anytime i had to "clear" a switch i did a write erase and then kicked out the vlan.dat. yesterday i prepared this 2950 for my lab, it looked nice and clean - just a few vlans on it so i decided to just delete the vlan dat.

    did this about 5 times in a row till i went here and we discussed this issue over in the other thread. i think its kinda confusing but also good thing to know :D
    And then, I started a blog ...
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    I'm reading the 100-101 Odom Study guide. (Going over the changes to ICND1 before attempting ICND2) The new exams ignore VTP, however Odom briefly mentions that all the switches used in the examples of his book either have been set to VTP transparent mode, or had VTP disabled w/ the vtp mode off global config command.

    Have newer IOS versions enabled the ability to completely disable VTP?

    I was extremely confused when I read that line.

    (Sorry to bump an old, indirectly relevant thread to ask my question.)

    Edit: I don't know what CatOS is.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • Dieg0MDieg0M Member Posts: 861
    I think Cisco is trying to push VTPv3 with IOS. Also, in NX-OS VTP is disabled by default.
    Follow my CCDE journey at www.routingnull0.com
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Disabled or set in transparent mode?
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • Dieg0MDieg0M Member Posts: 861
    I believe if VTP feature is not enabled, VTP is disabled (not in transparent mode). I might be wrong though.
    Follow my CCDE journey at www.routingnull0.com
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I believe you are correct Dieg0M. In NX most features are disabled by default and you have to enable the ones you want to use. That is where the licensing comes into play.
    An expert is a man who has made all the mistakes which can be made.
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    So NX-OS and CatOS allows VTP to be completely disabled. And it's possible IOS is slowly moving towards adopting that feature as well?

    Odom says he has the feature disabled on some of his devices he used when creating the 100-101 book. Is it possoble some IOS devices currently already allow for VTP to be disabled? ("vtp mode off" command)
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    I would assume that you could block VTP updates from being forwarded with an access-list.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • Dieg0MDieg0M Member Posts: 861
    If you do not want VTP updates to be passed in IOS, just set it to VTPv3 Off Mode.
    Follow my CCDE journey at www.routingnull0.com
  • Magic JohnsonMagic Johnson Member Posts: 414
    DoubleNNs wrote: »
    So NX-OS and CatOS allows VTP to be completely disabled. And it's possible IOS is slowly moving towards adopting that feature as well?

    Odom says he has the feature disabled on some of his devices he used when creating the 100-101 book. Is it possoble some IOS devices currently already allow for VTP to be disabled? ("vtp mode off" command)

    Can confirm that, but I checked CISCO docs and they say the vtp mode off command is available only on catOS switches.
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Dieg0M wrote: »
    If you do not want VTP updates to be passed in IOS, just set it to VTPv3 Off Mode.

    Is this something you can do on all IOS? Prior to that one line in the Odom book, I was udner the belief that the only way you could disable VTP would be to put the switch in VTP Transparent mode, and that there wasn't any commands available to disable it.

    But seeing as I'm only a CCENT, admittedly, there's a limit to my knowledge.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • Dieg0MDieg0M Member Posts: 861
    VTPv3 might not have been mentioned in Odom's book because it is fairly new and it is not supported on older platforms like the 2950.
    Follow my CCDE journey at www.routingnull0.com
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Got it. Understood.

    Thank you!
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
Sign In or Register to comment.