OSPF Single-Area Configuration

Static routes require manual updates every time the network changes — a time-consuming and error-prone process in larger networks. OSPF (Open Shortest Path First) is a link-state routing protocol that automatically discovers neighbors, shares network topology information, and calculates the best path to every known network using Dijkstra's Shortest Path First (SPF) algorithm. When a link fails or a new network is added, OSPF automatically updates all routers in the area within seconds.

OSPFv2 operates over IPv4 and is organised into areas — logical groupings of routers that share a common link-state database. All areas must connect to Area 0 (the backbone area). In a single-area deployment — the most common CCNA scenario — all routers belong to Area 0, share a complete map of the topology, and independently run SPF to build their routing tables.

Before starting, complete Hostname, Banner & Password Configuration and Static Route Configuration to understand routing fundamentals and Administrative Distance. For an OSPF conceptual overview see OSPF Overview.

1. How OSPF Works — The Three Tables

Every OSPF router builds and maintains three separate databases before it can forward traffic. Understanding these tables is essential for troubleshooting:

Table	Command to View	What It Contains	Populated By
Neighbor Table	`show ip ospf neighbor`	All directly connected OSPF routers that have formed adjacency	Hello packets exchanged on connected interfaces
Topology Table (LSDB)	`show ip ospf database`	Complete map of all links and routers in the area — Link State Database. See OSPF Areas & LSAs	LSAs (Link State Advertisements) flooded by all routers
Routing Table	`show ip route ospf`	Best paths calculated by SPF from the LSDB — routes marked O	SPF algorithm run locally on the LSDB

OSPF Neighbor Adjacency — Hello Protocol

OSPF routers discover each other by sending Hello packets to the multicast address 224.0.0.5 every 10 seconds on Ethernet links (Hello interval). A neighbor is declared dead if no Hello is received within 40 seconds (Dead interval = 4 × Hello interval). For two routers to become full neighbors, the following parameters must match:

Parameter	Must Match?	Default Value (Ethernet)	Notes
Area ID	✅ Yes	—	Both interfaces must be in the same OSPF area
Hello interval	✅ Yes	10 seconds	Mismatch prevents adjacency forming
Dead interval	✅ Yes	40 seconds	Must match on both sides
Subnet & mask	✅ Yes	—	Both interfaces must be on the same subnet
Authentication	✅ Yes	None	If configured, type and password must match
MTU	⚠️ Effectively	1500 bytes	MTU mismatch causes stuck in EXSTART/EXCHANGE state
Router ID	❌ No	—	Must be unique per router but does not need to match neighbors
Process ID	❌ No	—	Locally significant only — neighbors can use different process IDs

OSPF Router ID

Every OSPF router must have a unique Router ID (RID) — a 32-bit value written in dotted decimal notation (like an IP address). IOS selects the Router ID in this order:

Priority	Source	Notes
1 (Highest)	Manually configured: `router-id [IP]`	✅ Always use this — predictable and stable
2	Highest IP address on any active loopback interface	Stable — loopbacks never go down
3 (Lowest)	Highest IP address on any active physical interface	⚠️ Unstable — changes if the interface goes down

Always configure the Router ID manually with router-id [IP] before adding network statements. If the RID changes after OSPF starts (due to a new loopback being added), all adjacencies drop and OSPF reconverges — causing a network outage. After changing the RID, run clear ip ospf process to force IOS to adopt the new value.

OSPF Cost — How the Best Path Is Chosen

OSPF selects the best path based on cost — the lower the cost, the better the path. Cost is calculated as: Cost = 100 Mbps / Interface Bandwidth (Cisco default reference bandwidth).

Interface Type	Bandwidth	Default Cost	Problem?
Serial (T1)	1.544 Mbps	64	—
FastEthernet	100 Mbps	1	—
GigabitEthernet	1000 Mbps	1	⚠️ Same cost as FastEthernet — OSPF cannot distinguish
10 GigabitEthernet	10,000 Mbps	1	⚠️ Same cost — adjust reference bandwidth

Fix: Adjust the reference bandwidth so GigabitEthernet and FastEthernet get different costs: auto-cost reference-bandwidth 1000 (sets reference to 1 Gbps). This must be configured consistently on all routers in the area.

2. Lab Topology & IP Addressing

Three routers in a triangle topology — every router connects to the others, giving OSPF multiple paths to evaluate. All routers will be in OSPF Area 0.

                      192.168.10.0/24
                      (LAN — PC1)
                           |
                        Gi0/0
                    ┌──────────────┐
                    │ NetsTuts_R1  │  RID: 1.1.1.1
                    │              │
                    └──────────────┘
                   Gi0/1         Gi0/2
                10.0.12.1       10.0.13.1
                    |               |
              10.0.12.0/30    10.0.13.0/30
                    |               |
                10.0.12.2       10.0.13.2
                   Gi0/0         Gi0/1
      ┌──────────────┐             ┌──────────────┐
      │ NetsTuts_R2  │             │ NetsTuts_R3  │
      │ RID: 2.2.2.2 │             │ RID: 3.3.3.3 │
      └──────────────┘             └──────────────┘
                   Gi0/1         Gi0/0
                10.0.23.1       10.0.23.2
                    |               |
                    └───────────────┘
                      10.0.23.0/30
                           |
                        Gi0/0
                    192.168.30.0/24
                    (LAN — PC3, on R3)

Device	Interface	IP Address	OSPF Network
NetsTuts_R1	Gi0/0	192.168.10.1 /24	192.168.10.0 /24
NetsTuts_R1	Gi0/1	10.0.12.1 /30	10.0.12.0 /30
NetsTuts_R1	Gi0/2	10.0.13.1 /30	10.0.13.0 /30
NetsTuts_R2	Gi0/0	10.0.12.2 /30	10.0.12.0 /30
NetsTuts_R2	Gi0/1	10.0.23.1 /30	10.0.23.0 /30
NetsTuts_R3	Gi0/0	192.168.30.1 /24	192.168.30.0 /24
NetsTuts_R3	Gi0/0	10.0.23.2 /30	10.0.23.0 /30
NetsTuts_R3	Gi0/1	10.0.13.2 /30	10.0.13.0 /30

3. Step 1 — Configure OSPF on NetsTuts_R1

The correct sequence is: enable the OSPF process with a process ID, set the Router ID, adjust reference bandwidth, then advertise networks with network statements. Finally, suppress Hello packets on LAN interfaces using passive-interface.

NetsTuts_R1>en
NetsTuts_R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

! ── Start OSPF process 1 ──────────────────────────────────
NetsTuts_R1(config)#router ospf 1

! ── Set Router ID manually (best practice) ───────────────
NetsTuts_R1(config-router)#router-id 1.1.1.1

! ── Adjust reference bandwidth for GigabitEthernet ───────
NetsTuts_R1(config-router)#auto-cost reference-bandwidth 1000

! ── Advertise networks in Area 0 ─────────────────────────
NetsTuts_R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
NetsTuts_R1(config-router)#network 10.0.12.0 0.0.0.3 area 0
NetsTuts_R1(config-router)#network 10.0.13.0 0.0.0.3 area 0

! ── Passive interface — no OSPF Hellos on LAN ────────────
NetsTuts_R1(config-router)#passive-interface GigabitEthernet0/0
NetsTuts_R1(config-router)#exit
NetsTuts_R1(config)#end
NetsTuts_R1#wr
Building configuration...
[OK]
NetsTuts_R1#

The LAN interface (Gi0/0) is set to passive — it advertises the 192.168.10.0/24 network in OSPF but does not send or receive Hello packets. This prevents OSPF from waiting for a non-existent neighbor on the PC segment and stops unnecessary Hello traffic from reaching end devices.

network Command — Wildcard Mask Explained

The network command uses a wildcard mask (inverse of the subnet mask) to match interfaces. Any interface whose IP address falls within the matched range is added to OSPF and begins sending Hellos:

network Statement	Wildcard	Matches Interface	Meaning
`network 10.0.12.0 0.0.0.3 area 0`	0.0.0.3	Gi0/1 (10.0.12.1)	Match any IP from 10.0.12.0 to 10.0.12.3
`network 192.168.10.0 0.0.0.255 area 0`	0.0.0.255	Gi0/0 (192.168.10.1)	Match any IP from 192.168.10.0 to 192.168.10.255
`network 0.0.0.0 255.255.255.255 area 0`	255.255.255.255	All interfaces	Match any IP — advertise all interfaces in one command

Shortcut: network 0.0.0.0 255.255.255.255 area 0 matches every interface on the router — useful in labs to avoid calculating individual wildcard masks. In production, use specific network statements for better control over which interfaces participate in OSPF.

4. Step 2 — Configure OSPF on NetsTuts_R2 and NetsTuts_R3

NetsTuts_R2

NetsTuts_R2>en
NetsTuts_R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NetsTuts_R2(config)#router ospf 1
NetsTuts_R2(config-router)#router-id 2.2.2.2
NetsTuts_R2(config-router)#auto-cost reference-bandwidth 1000
NetsTuts_R2(config-router)#network 10.0.12.0 0.0.0.3 area 0
NetsTuts_R2(config-router)#network 10.0.23.0 0.0.0.3 area 0
NetsTuts_R2(config-router)#exit
NetsTuts_R2(config)#end
NetsTuts_R2#wr
Building configuration...
[OK]
NetsTuts_R2#
%OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done

IOS immediately displays the adjacency message when R2 forms a Full neighbor relationship with R1 (Nbr 1.1.1.1). This is the confirmation that OSPF is working between R1 and R2.

NetsTuts_R3

NetsTuts_R3>en
NetsTuts_R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NetsTuts_R3(config)#router ospf 1
NetsTuts_R3(config-router)#router-id 3.3.3.3
NetsTuts_R3(config-router)#auto-cost reference-bandwidth 1000
NetsTuts_R3(config-router)#network 192.168.30.0 0.0.0.255 area 0
NetsTuts_R3(config-router)#network 10.0.23.0 0.0.0.3 area 0
NetsTuts_R3(config-router)#network 10.0.13.0 0.0.0.3 area 0
NetsTuts_R3(config-router)#passive-interface GigabitEthernet0/0
NetsTuts_R3(config-router)#exit
NetsTuts_R3(config)#end
NetsTuts_R3#wr
Building configuration...
[OK]
NetsTuts_R3#
%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done

R3 forms adjacency with both R2 and R1 simultaneously — two FULL adjacency messages appear. The triangle topology is now complete with all three OSPF neighbor relationships established.

5. Step 3 — Passive Interface & Default Route

passive-interface — Best Practice for LAN Ports

The passive-interface command tells OSPF to include the interface's network in its advertisements but stop sending and receiving Hello packets on it. This is essential for access-facing interfaces where no OSPF neighbor ever exists:

Behavior	Normal OSPF Interface	Passive Interface
Sends Hello packets	✅ Yes — every 10 seconds	❌ No
Receives Hello packets	✅ Yes	❌ No
Network advertised in OSPF	✅ Yes	✅ Yes — still included in LSAs
Forms neighbor adjacency	✅ Yes (if neighbor present)	❌ No — by design

Global Passive with Selective Exceptions

In networks where most interfaces are LAN-facing, it is cleaner to make all interfaces passive by default, then selectively enable OSPF hellos only on inter-router links:

NetsTuts_R1(config)#router ospf 1
NetsTuts_R1(config-router)#passive-interface default
NetsTuts_R1(config-router)#no passive-interface GigabitEthernet0/1
NetsTuts_R1(config-router)#no passive-interface GigabitEthernet0/2

All interfaces start as passive — then Gi0/1 and Gi0/2 (inter-router links) are re-enabled for Hello exchange. Gi0/0 (LAN) stays passive automatically.

Advertising a Default Route via OSPF

If R1 has a default route to the internet (or an upstream router), it can share it with all OSPF neighbors so they automatically learn where to send unknown destinations:

NetsTuts_R1(config)#ip route 0.0.0.0 0.0.0.0 203.0.113.1
NetsTuts_R1(config)#router ospf 1
NetsTuts_R1(config-router)#default-information originate

default-information originate causes R1 to generate an External Type 2 LSA for the default route — all OSPF routers in Area 0 automatically install R1 as their Gateway of Last Resort. The route appears as O*E2 on neighboring routers.

6. Verification

show ip ospf neighbor

NetsTuts_R1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:31    10.0.12.2       GigabitEthernet0/1
3.3.3.3           1   FULL/DR         00:00:38    10.0.13.2       GigabitEthernet0/2

Two neighbors — both in FULL state, which means the LSDB is fully synchronized. Any state other than FULL (or 2WAY on multi-access networks) indicates a problem. The Neighbor ID matches each router's configured Router ID (2.2.2.2 and 3.3.3.3).

show ip ospf neighbor — State Field Reference

State	Meaning	Normal?
FULL	LSDB fully synchronized — neighbor relationship complete	✅ Yes — goal state
2WAY	Hello received and sent — normal for non-DR/BDR routers on multi-access networks	✅ Yes — normal for DROther peers
EXSTART	Negotiating master/slave for database exchange	⚠️ Transitional — if stuck, check MTU
EXCHANGE	Exchanging DBD (Database Description) packets	⚠️ Transitional — if stuck, check MTU
LOADING	Requesting missing LSAs from neighbor	⚠️ Transitional — should quickly move to FULL
INIT	Hello received but own Router ID not in the Hello — one-way communication	❌ Problem — check area ID, subnet mismatch
DOWN	No Hellos received within Dead interval	❌ Problem — check interface, connectivity, timers
ATTEMPT	Attempting to contact neighbor (NBMA networks only)	⚠️ Only on non-broadcast networks

show ip route ospf

NetsTuts_R1#show ip route ospf
Codes: O - OSPF

O     10.0.23.0/30 [110/2] via 10.0.12.2, 00:05:44, GigabitEthernet0/1
                   [110/2] via 10.0.13.2, 00:05:44, GigabitEthernet0/2
O     192.168.30.0/24 [110/2] via 10.0.12.2, 00:05:44, GigabitEthernet0/1
                      [110/2] via 10.0.13.2, 00:05:44, GigabitEthernet0/2

OSPF routes are marked O with AD 110. Two equal-cost paths exist to both remote networks — OSPF automatically load-balances over both GigabitEthernet links (ECMP — Equal Cost Multi-Path). The cost [110/2] means AD=110, metric=2 (two GigabitEthernet hops at cost 1 each with reference bandwidth 1000).

show ip ospf — Process Information

NetsTuts_R1#show ip ospf
 Routing Process "ospf 1" with ID 1.1.1.1
 Start time: 00:10:34.123, Time elapsed: 00:05:52.456
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
 IETF NSF helper support enabled
 Cisco NSF helper support enabled
 Reference bandwidth unit is 1000 mbps

    Area BACKBONE(0)
        Number of interfaces in this area is 3 (1 passive)
        Area has no authentication
        SPF algorithm last executed 00:04:21.456 ago
        SPF algorithm executed 3 times
        Area ranges are
        Number of LSA 7. Checksum Sum 0x03A210
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0

Key fields: ID 1.1.1.1 confirms the Router ID. Reference bandwidth unit is 1000 mbps confirms the auto-cost change applied. 3 interfaces (1 passive) confirms Gi0/0 is passive. SPF algorithm executed 3 times shows how many topology recalculations have occurred.

show ip ospf interface brief

NetsTuts_R1#show ip ospf interface brief
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Gi0/0          1   0               192.168.10.1/24       1  DROTH 0/0
Gi0/1          1   0               10.0.12.1/30          1  DR    1/1
Gi0/2          1   0               10.0.13.1/30          1  DR    1/1

Nbrs F/C = Full / Count neighbors. Gi0/1 and Gi0/2 each show 1/1 — one full neighbor out of one total neighbor. Gi0/0 shows 0/0 — no neighbors expected (passive interface, LAN-facing). Cost 1 per interface reflects GigabitEthernet at reference bandwidth 1000.

show ip ospf database

NetsTuts_R1#show ip ospf database

            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         367         0x80000004 0x00A210 3
2.2.2.2         2.2.2.2         362         0x80000003 0x00B312 2
3.3.3.3         3.3.3.3         359         0x80000003 0x00C414 3

The LSDB contains one Router LSA from each router in the area. All three routers (1.1.1.1, 2.2.2.2, 3.3.3.3) are present, confirming a complete and synchronized topology database across the area.

Verification Command Summary

Command	What It Shows	Primary Use
`show ip ospf neighbor`	All OSPF neighbors, their state, dead timer, and interface	First check — confirm FULL adjacency
`show ip route ospf`	Only OSPF-learned routes with AD and metric	Confirm routes are being learned correctly
`show ip ospf`	OSPF process details — Router ID, timers, area info, SPF count	Verify RID, reference bandwidth, area configuration
`show ip ospf interface brief`	Per-interface OSPF state, cost, DR/BDR role, neighbor counts	Confirm interfaces are participating in correct area
`show ip ospf database`	The Link State Database — all LSAs in the area	Verify all routers are present and LSDB is synchronized
`show ip route`	Full routing table — OSPF routes shown as O or O*E2	Final end-to-end route verification
`show ip ospf interface [int]`	Detailed interface parameters — Hello/Dead timers, area, cost, DR/BDR	Troubleshoot timer mismatches or adjacency issues

7. Troubleshooting OSPF Adjacency Issues

Problem	Symptom	Cause	Fix
Neighbor stays in INIT state	`show ip ospf neighbor` shows INIT — never reaches FULL	Area ID mismatch — one side uses area 0, other uses area 1. Or subnet/mask mismatch on the link.	Verify `show ip ospf interface [int]` on both sides — confirm area ID and subnet match
Neighbor stuck in EXSTART or EXCHANGE	State bounces between EXSTART and EXCHANGE — never reaches LOADING or FULL	MTU mismatch between interfaces — DBD packets are too large for one side	Match MTU on both interfaces: `ip mtu [value]`, or add `ip ospf mtu-ignore` as a workaround
No neighbor appears at all	`show ip ospf neighbor` is empty — no neighbors discovered	Interface not participating in OSPF — `network` statement missing or wrong wildcard, or passive-interface set on inter-router link	Check `show ip ospf interface brief` — confirm both interfaces are in OSPF. Verify no `passive-interface` on the inter-router link
OSPF route missing from routing table	Neighbor is FULL but a specific network is not in `show ip route`	Network statement on the remote router does not include that interface — it is not being advertised	Check the remote router's `show ip ospf interface brief` — confirm all required interfaces are listed
Hello/Dead timer mismatch	Neighbor appears briefly then disappears — Dead timer expires	Hello or Dead timers differ between the two sides (one customised, other default)	Use `show ip ospf interface [int]` on both sides to compare timers. Set them equal with `ip ospf hello-interval` and `ip ospf dead-interval`
Duplicate Router ID	Adjacency forms then drops — log shows "Duplicate Router ID" warning	Two routers have the same Router ID — OSPF cannot distinguish them	Change the RID on one router: `router-id [unique-IP]`, then `clear ip ospf process` to apply

Key Points & Exam Tips

OSPF uses three tables: Neighbor table (adjacencies), LSDB (topology map), and Routing table (best paths). All three must be healthy for OSPF to work.
OSPF process ID (router ospf 1) is locally significant only — neighbors can use different process IDs and still form adjacency.
Always configure the Router ID manually with router-id before adding network statements. The RID must be unique across all routers in the OSPF domain.
The network command uses a wildcard mask (not a subnet mask). To match a /30 subnet (255.255.255.252), the wildcard is 0.0.0.3.
Parameters that must match for adjacency: Area ID, Hello interval, Dead interval, subnet and mask. Process ID and Router ID do not need to match.
passive-interface advertises the network in OSPF but suppresses Hello packets — use it on all LAN-facing interfaces where no OSPF neighbor will ever exist.
OSPF cost = Reference bandwidth / Interface bandwidth. Default reference is 100 Mbps — change to 1000 Mbps (auto-cost reference-bandwidth 1000) so GigabitEthernet gets a lower cost than FastEthernet.
The goal neighbor state is FULL. Stuck in EXSTART or EXCHANGE usually means an MTU mismatch. Stuck in INIT means area ID or subnet mismatch.
default-information originate under the OSPF process advertises the router's static default route to all OSPF neighbors — they learn it as O*E2.
OSPF AD is 110. OSPF routes appear as O in the routing table, with equal-cost paths automatically load-balanced (ECMP up to 4 paths by default).

Next Steps: With OSPF dynamically distributing routes across all routers, explore DHCP Server Configuration to provide dynamic IP addressing to hosts on OSPF-routed networks. To scale OSPF beyond a single area, see OSPF Multi-Area Configuration. For injecting a default route into OSPF, see Default Route Redistribution into OSPF. For deep-dive adjacency troubleshooting, see Troubleshooting OSPF Neighbor Adjacency. For securing management access across the routed infrastructure, revisit SSH Configuration and AAA Authentication Methods.

TEST WHAT YOU LEARNED

1. R1 and R2 are both running OSPF. R1 is in Area 0 and R2 is in Area 1 on the same link. What neighbor state will they reach and why?

A. FULL — area IDs only matter for multi-area OSPF, not single-area B. INIT — R1 receives R2's Hello but the area ID does not match, so R1 never acknowledges R2 as a valid neighbor. The adjacency never progresses beyond INIT C. 2WAY — they detect each other but cannot exchange the LSDB due to area mismatch D. DOWN — Hello packets are dropped at the IP layer when area IDs differ

Correct answer is B. Area ID is a mandatory matching parameter. When R2 sends a Hello with Area 1, R1 checks the area field — it does not match Area 0, so R1 discards the Hello without adding R2 to its neighbor table. R2 may see R1 in INIT (because R1 does send Hellos that R2 receives) but neither router progresses to 2WAY or FULL. Check with show ip ospf interface [int] to confirm the area configured on each side.

2. An engineer configures `network 0.0.0.0 255.255.255.255 area 0` on R1. What is the effect?

A. Only the default route is advertised into OSPF Area 0 B. The command is rejected — the wildcard 255.255.255.255 is invalid for OSPF C. R1 advertises only its directly connected networks matching 0.0.0.0 D. Every interface on R1 with an IP address is matched and placed into OSPF Area 0 — all networks are advertised in a single command

Correct answer is D. The wildcard mask 255.255.255.255 means "ignore all bits" — any IP address matches. Combined with network address 0.0.0.0, this matches every interface on the router regardless of its IP. All interfaces are placed into Area 0 and begin participating in OSPF. This is a convenient shortcut for labs, though specific network statements give finer control in production.

3. OSPF neighbors on R1 are stuck in EXSTART state and never progress to FULL. What is the most likely cause?

A. MTU mismatch — one interface has MTU 1500 and the other has MTU 1476 (common on tunnels). DBD packets exceed the smaller MTU and are dropped, preventing database exchange B. The Router IDs are identical on both routers C. The Hello interval is mismatched between the two routers D. The OSPF process IDs are different on the two routers

Correct answer is A. EXSTART is the state where OSPF negotiates master/slave roles before exchanging DBD (Database Description) packets. When MTU sizes differ, the larger DBD packets sent by the higher-MTU side exceed the smaller MTU of the other side and are silently dropped. The session never progresses to EXCHANGE. Resolve by matching MTU on both interfaces or adding ip ospf mtu-ignore as a temporary workaround.

4. R1 is configured with `passive-interface GigabitEthernet0/0` under OSPF. What is the effect on the 192.168.10.0/24 network connected to Gi0/0?

A. The 192.168.10.0/24 network is completely removed from OSPF — other routers cannot learn it B. Gi0/0 still sends Hellos but does not accept incoming Hellos from other routers C. The 192.168.10.0/24 network is still advertised to OSPF neighbors via LSAs, but no Hello packets are sent or received on Gi0/0 — no adjacency can form on that interface D. Gi0/0 is completely shut down by OSPF until passive-interface is removed

Correct answer is C. passive-interface has two specific effects: it suppresses Hello packets (so no OSPF neighbors can form on that interface) AND it continues to include the interface's network in OSPF LSA advertisements. Remote routers still learn the 192.168.10.0/24 prefix and can route traffic to it — they just cannot form an OSPF adjacency through that interface. This is the correct and recommended configuration for LAN-facing ports.

5. R1 has GigabitEthernet interfaces with the default OSPF reference bandwidth (100 Mbps). What cost does OSPF assign to a GigabitEthernet link and what is the problem?

A. Cost 10 — GigabitEthernet is always 10x cheaper than FastEthernet by default B. Cost 4 — GigabitEthernet cost is 100/1000 rounded to 4 C. Cost 0 — links faster than the reference bandwidth get cost 0, effectively unlimited D. Cost 1 — same as FastEthernet (100/100=1 and 100/1000=0.1 rounded up to 1). OSPF cannot distinguish between 100 Mbps and 1 Gbps links, possibly choosing a suboptimal path

Correct answer is D. OSPF cost is calculated as reference bandwidth / interface bandwidth, with a minimum of 1. At 100 Mbps reference: FastEthernet cost = 100/100 = 1, GigabitEthernet cost = 100/1000 = 0.1 → rounded up to 1. Both get cost 1 — OSPF treats them as equal. This is a known limitation. Fix it with auto-cost reference-bandwidth 1000, giving GigabitEthernet cost 1 and FastEthernet cost 10.

6. Two OSPF neighbors use different process IDs — R1 uses `router ospf 1` and R2 uses `router ospf 99`. Will they form a neighbor adjacency?

A. Yes — the OSPF process ID is locally significant only. It is never included in Hello packets and has no effect on neighbor adjacency formation B. No — process IDs must match for OSPF Hellos to be accepted C. Partially — they can exchange Hellos but cannot synchronize the LSDB with different process IDs D. Only if both use the same Router ID to compensate for the process ID difference

Correct answer is A. The OSPF process ID is purely a local identifier — it is used by IOS to distinguish between multiple OSPF processes running on the same router (e.g., router ospf 1 and router ospf 2). It is never carried in OSPF protocol messages. Routers only check Area ID, Hello/Dead timers, subnet/mask, and authentication in Hello packets. Process ID differences have zero effect on adjacency.

7. What does the **O*E2** route code mean in `show ip route`?

A. An OSPF internal route learned from Area 2 B. An OSPF summary route that spans two areas C. An OSPF External Type 2 route — a route redistributed into OSPF from outside the OSPF domain (typically a default route or a redistributed static route). The asterisk marks it as the candidate default (Gateway of Last Resort) D. An equal-cost OSPF route with two paths available

Correct answer is C. O = OSPF, E2 = External Type 2 (the metric does not change as the route crosses routers — it stays at the value set at the redistribution point). The asterisk (*) marks it as the candidate default route — the Gateway of Last Resort. This is the typical result of default-information originate on the border router — all OSPF neighbors learn the default route as O*E2.

8. R1's Router ID was automatically selected as 10.0.13.1 (highest IP at startup). A loopback interface with IP 172.16.1.1 is later added. What happens to the Router ID?

A. The RID immediately changes to 172.16.1.1 — loopbacks always override physical interfaces B. The RID does not change automatically — OSPF keeps 10.0.13.1 until clear ip ospf process is run, at which point it adopts 172.16.1.1 as the new loopback-based RID C. IOS rejects the loopback IP because it conflicts with the existing OSPF RID D. The RID changes to 172.16.1.1 at the next Hello interval

Correct answer is B. Once OSPF selects a Router ID at process startup, it does not change mid-operation — even if a higher-priority source becomes available (like a new loopback). The current RID stays in place to maintain stability. To apply the new RID, run clear ip ospf process — this resets all OSPF adjacencies and restarts the process, at which point IOS selects 172.16.1.1 (loopback) as the new RID. This is a disruptive operation and should be done during a maintenance window.

9. `show ip route ospf` on R1 shows two equal-cost paths to 192.168.30.0/24 — one via R2 and one via R3. How does OSPF handle traffic to this destination?

A. OSPF installs only the first path learned — the second is kept as a backup B. OSPF uses the path with the lower next-hop IP address as the primary C. The path via the neighbor with the higher Router ID is preferred D. Both paths are installed in the routing table simultaneously — OSPF performs Equal Cost Multi-Path (ECMP) load balancing across both links, up to 4 equal-cost paths by default

Correct answer is D. When OSPF calculates equal-cost paths to the same destination, it installs all of them in the routing table simultaneously — this is ECMP (Equal Cost Multi-Path). IOS load-balances traffic across all equal-cost paths using a per-destination or per-packet hash (configurable). The default maximum is 4 equal-cost paths, adjustable with maximum-paths [num] under the OSPF process. This provides both increased throughput and redundancy.

10. Which command reveals OSPF neighbors that are configured but NOT currently in FULL state — making it the first command to run when OSPF connectivity is reported broken?

A. show ip route ospf B. show ip ospf database C. show ip ospf neighbor D. show ip ospf interface brief

Correct answer is C. show ip ospf neighbor is always the first OSPF troubleshooting command. It immediately shows every neighbor, their current state (FULL, INIT, EXSTART, DOWN, etc.), and which interface they are on. A neighbor in any state other than FULL (or 2WAY for DROther peers) tells you exactly where the problem is and what type of issue it is — guiding your next troubleshooting step. If the table is empty, OSPF Hellos are not reaching the neighbor at all.

Back to Home