Troubleshooting OSPF Adjacency Problems - Part 1
Are you not seeing any output or neighbors under "Show ip ospf neighbors" command? In blog guides you in Troubleshooting OSPF Adjacency Issues - Part 1.
- Have you enabled OSPF for the concerned interface/link? Either using "Network 10.10.12.0 0.0.0.255 area 0" command under the OSPF router process or by using an interface-level command "ip ospf 10 area 0".
- Check if OSPF Process ID and Area number are configured correctly. You could have configured incorrect Area ID or Process ID on both sides.
- Check the interface status. Layer 1/2 could be showing down. The interface could be admin down. The issue could be related to unplugged cable(down/down), faulty cable, a faulty physical port on router/switch, faulty SFPs(Transceivers), L2 issue at Provider side (port could be faulty on provider L2 device).
- Check if you have configured the "passive-interface Fa0/0" command under the OSPF router process for the concerned interface. Remove this command using "no passive-interface Fa0/0".
- Check if any access-list is blocking OSPF Hellos on interfaces at both ends of the link. Remove this ACL or add the entry allowing the required rule of OSPF communication.
- Check if you have configured an incorrect subnet mask. There could be subnet number/mask mismatch over a broadcast link.
- Check if Hello/dead intervals match at both sides.
- Check if the authentication type (plain text or MD5) has been mismatched. There could be a problem of authentication key mismatch
- Check if Stub/transit/NSSA area options are configured correctly.
- Check if you have configured OSPF adjacency that exists with the secondary IP address. OSPF neighborship will not come up with a Secondary IP address configured on the interface.
- An OSPF adjacency exists over an asynchronous interface.
- There could be an issue with the Network-type mismatch for the OSPF link. This could lead to timers mismatch and issues with establishing neighborship.
- Check if the "broadcast" keyword is missing on either/both sides, while you establish the frame-relay map/dialer map statement when you configure the PVC over FR links.
- If your OSPF domain has multiple Areas configuration (Stub/Totally Stub/NSSA), make sure you have configured the Area number correctly between the peers.
- If two OSPF peers have the same Router-IDs, they will not form an adjacency.
- Troubleshooting tips for OSPF peers stuck in INIT, Two-Way, Exstart, Exchange, and Loading state are given int the article "Troubleshooting OSPF Adjacency Issues - Part 2"
Troubleshooting OSPF - Commands
Router#Show ip ospf neighbor
Router#Show ip ospf interface brief
Router#Show ip ospf interface fa0/0 | i Passive
No Hellos (Passive interface)
Example of access-list blocking OSPF communication:
R1#show run int F0/0
ip add 10.10.12.1 255.255.255.0
ip access-group 121 in
ip add 10.10.12.1 255.255.255.0
ip access-group 121 in
R1#sh ip access-lists 121 >>>>>> The ACL has implicit deny and blocked the protocol OSPF (89)
Extended IP access list 121
10 permit tcp any any
20 permit udp any any
Add below lines and neighborship will come up asap.
R1(config)#ip access-list extended 121
R1(config-ext-nacl)#30 permit ip any any
R1(config-ext-nacl)#^Z
*Nov 8 16:23:28.103: %OSPF-5-ADJCHG: Process 10, Nbr 10.10.12.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
Troubleshooting OSPF - Mismatch in Hello/dead timer parameters
R1#debug ip ospf hello
*Nov 8 16:43:49.267: OSPF-10 HELLO Fa0/0: Mismatched hello parameters from 10.10.12.2
*Nov 8 16:43:49.267: OSPF-10 HELLO Fa0/0: Dead R 40 C 20, Hello R 10 C 5 Mask R 255.255.255.0 C 255.255.255.0
Troubleshooting OSPF - Mismatch in OSPF authentication
R1#debug ip ospf adj
*Nov 8 17:06:15.191: OSPF-10 ADJ Fa0/0: Rcv pkt from 10.10.12.2 : Mismatched Authentication type. Input packet specified type 0, we use type 1
*Nov 8 17:06:15.191: OSPF-10 ADJ Fa0/0: Rcv pkt from 10.10.12.2 : Mismatched Authentication type. Input packet specified type 0, we use type 1
Commands to configure OSPF authentication. Remember if you are using OSPF authentication, use the same authentication type on both sides.
Clear text:
R1(config)#router ospf 10
R1(config-router)#area 0 authentication
R1(config)#int f0/0
R1(config-if)#ip ospf authentication
Authentication using MD5
R1(config)#router ospf 10
R1(config-router)#area 0 authentication message-digest
R1(config)#int f0/0
R1(config-if)#ip ospf authentication message-digest
Troubleshooting OSPF- Mismatch in OSPF area configuration
R1#debug ip ospf adj
*Nov 8 17:19:42.187: %OSPF-4-ERRRCV: Received invalid packet: mismatched area ID, from backbone area, must be virtual-link but not found from 10.10.12.2, FastEthernet0/0