OSPF

Open Shortest Path First area design, neighbor adjacencies, and route summarization on Cisco routers.

Basic OSPF Configuration

Enable OSPF process and advertise networks into areas — router-id should be set explicitly

configure terminal
router ospf 1
 router-id 1.1.1.1
 network 10.50.1.0 0.0.0.255 area 0
 network 10.50.2.0 0.0.0.255 area 0
 passive-interface default
 no passive-interface GigabitEthernet0/0/0
end

Passive-interface default — suppress OSPF hellos on all interfaces except explicitly enabled ones; best practice for security

configure terminal
router ospf 1
 passive-interface default
 no passive-interface GigabitEthernet0/0/0
 no passive-interface GigabitEthernet0/0/1
end

OSPF Neighbor Verification

Show OSPF neighbors — state should be FULL (or 2WAY on broadcast for DROthers)

show ip ospf neighbor

Show OSPF neighbor detail — dead timer, DR/BDR election, adjacency uptime

show ip ospf neighbor detail

OSPF Database

Show OSPF link-state database — LSA types: Router (1), Network (2), Summary (3/4), External (5/7)

show ip ospf database

Show specific LSA type

show ip ospf database router
show ip ospf database external
show ip ospf database summary

OSPF Interface Verification

Show OSPF-enabled interfaces — cost, hello/dead timers, network type, DR/BDR

show ip ospf interface
show ip ospf interface brief
show ip ospf interface GigabitEthernet0/0/0

OSPF Area Types

Stub area — blocks Type 5 (external) LSAs; injects default route instead

configure terminal
router ospf 1
 area 10 stub
end

Totally stubby area — blocks Type 3 (summary) and Type 5 LSAs; ABR injects default only; Cisco proprietary

! On ABR only
configure terminal
router ospf 1
 area 10 stub no-summary
end

NSSA (Not-So-Stubby Area) — blocks external Type 5 but allows local redistribution via Type 7 LSAs

configure terminal
router ospf 1
 area 20 nssa
end

Totally NSSA — blocks Type 3 and Type 5; allows Type 7; ABR injects default

! On ABR only
configure terminal
router ospf 1
 area 20 nssa no-summary
end

OSPF Cost Manipulation

Modify interface cost — OSPF cost = reference bandwidth / interface bandwidth; lower cost preferred

configure terminal
interface GigabitEthernet0/0/0
 ip ospf cost 10
end

Change reference bandwidth — default 100 Mbps makes all GigE+ links cost 1; set to 10000 for 10G environments

configure terminal
router ospf 1
 auto-cost reference-bandwidth 10000
end

Default Route Origination

Inject default route into OSPF — always keyword advertises even without 0.0.0.0/0 in RIB

configure terminal
router ospf 1
 default-information originate
end

! Force default route advertisement regardless of local default
configure terminal
router ospf 1
 default-information originate always
end

OSPF Authentication

MD5 authentication per interface — both sides must match key ID and key string

configure terminal
interface GigabitEthernet0/0/0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 <key-string>
end

HMAC-SHA authentication (IOS-XE 16.x+) — stronger than MD5

configure terminal
key chain OSPF-KEYS
 key 1
  key-string <key-string>
  cryptographic-algorithm hmac-sha-256
!
interface GigabitEthernet0/0/0
 ip ospf authentication key-chain OSPF-KEYS
end

Area-level authentication — enables authentication for all interfaces in the area

configure terminal
router ospf 1
 area 0 authentication message-digest
end

OSPF Redistribution

Redistribute static routes into OSPF — subnets keyword is critical; without it only classful networks redistribute

configure terminal
router ospf 1
 redistribute static subnets
 redistribute connected subnets
end

Redistribute with route-map for control

configure terminal
route-map STATIC-TO-OSPF permit 10
 match ip address prefix-list STATIC-PREFIXES
 set metric 100
 set metric-type type-1
!
router ospf 1
 redistribute static subnets route-map STATIC-TO-OSPF
end

OSPFv3 for IPv6

OSPFv3 — configured per interface, not under router process with network statements

configure terminal
ipv6 unicast-routing
!
router ospfv3 1
 router-id 1.1.1.1
!
interface GigabitEthernet0/0/0
 ospfv3 1 ipv6 area 0
end

OSPFv3 address-family mode (IOS-XE) — carries both IPv4 and IPv6 in a single OSPFv3 process

configure terminal
router ospfv3 1
 router-id 1.1.1.1
 address-family ipv4 unicast
  passive-interface default
  no passive-interface GigabitEthernet0/0/0
 address-family ipv6 unicast
  passive-interface default
  no passive-interface GigabitEthernet0/0/0
end

Verification Summary

Key show commands for OSPF troubleshooting

show ip ospf neighbor
show ip ospf database
show ip ospf interface brief
show ip route ospf
show ip ospf
show ip ospf border-routers