Introduction to OSPF

Solutions to Common OSPF Problems

OSPF Routers Not Establishing Neighbors

Symptom: OSPF routers are not establishing neighbor relationships properly. The result is that routing information is not properly exchanged between routers.

Possible Problem: Misconfigured or missing network router configuration command.

Solution:: Perform the following procedure:

1.  Use the show ip ospf interfaces EXEC command to see in which interfaces OSPF is enabled.

2.  If the output indicates that an interface that should be running OSPF is not doing so, use the show running-config privileged EXEC command to view the router configuration.

3.  Make sure that network router configuration commands are specified for each interface on which OSPF should run.
For example, if the IP address of Ethernet interface 0 is 192.168.52.42 with a subnet mask of 255.255.255.0, enter the following commands to enable OSPF on the interface:

    c4500(config)# router ospf 100    c4500(config-router)# network 192.168.52.0 0.0.0.255 area 0 

Make sure the proper process IDs, addresses, wildcard masks, and other variables are properly specified.
Take note that there is no correlation between OSPF wildcard masks (used in OSPF network commands) and the subnet mask configured as part of an interface IP address.

4.  Check other OSPF routers on the network by using the preceding steps. Make sure that OSPF is configured properly on all neighboring routers so that neighbor relationships can be established.

Possible Problem: Mismatched Hello or dead timers, E-bits (set for stub areas), area IDs, authentication types, or network masks.

Solution: The values set for the Hello timer and dead timer intervals, E-bits (this bit is set if the router is configured in a stub area), area IDs, authentication types, and network masks should all be the same throughout an OSPF area and in some cases the entire OSPF network. Use the following procedure:

1.  Use the show ip ospf neighbor privileged EXEC command to identify the OSPF neighbors of each router.

2.  If the output does not list an expected neighbor, use the show ip ospf interface privileged EXEC command on the router and its expected neighbor. Examine the Hello and dead timer interval values configured on OSPF interfaces.

    C7010# show ip ospf interface    [...] 

Timer intervals configured, Hello 12, Dead 48, Wait 40, Retransmit 5

3.  Compare the values configured for the timers on each router. If there is a mismatch, reconfigure the timer values so that they are the same on the router and its neighbor.
For example, to change the Hello timer interval to 10 on Ethernet interface 0/1, enter the following commands:

    C7010(config)# interface e0/1    C7010(config-if)# ip ospf hello-interval 10 

4.  Use the debug ip ospf adj privileged EXEC command. Check the output for mismatched values.
In the following example, there is a network mask mismatch. The mask received from router 141.108.10.3 is 255.255.255.0, and the mask configured on the router C4500 is 255.255.255.252:

    C4500# debug ip ospf adj    OSPF: Mismatched hello parameters from 141.108.10.3    Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.0 C    255.255.255.252 

---

TIPS:  
You might need to use the term monitor command if you are not on the console port. A virtual terminal port (vty) does not monitor without this command.

---

5.  If mismatches are indicated in the debug output, try to resolve the mismatch. For detailed information about configuring OSPF, see the Cisco IOS Network Protocols Configuration Guide, Part 1.

6.  Perform the same types of steps for all of these parameters. Check that all routers in an area have the same area ID, whether all routers in the area are configured as stub routers, whether the same authentication type is configured for all routers, and so forth. For information on configuring these parameters, consult the Cisco IOS Network Protocols Configuration Guide, Part 1. Take note that the timer values are extremely important when Cisco routers interoperate with routers from other vendors.

Possible Problem: Access list is misconfigured

Solution: Perform the following procedure:

1.  Use the show access-list privileged EXEC command on suspect routers to see if there are IP access lists configured on the router.

2.  If there are IP access lists enabled on the router, disable them using the appropriate commands. For example, to disable input access list 10, use the following commands:

    ROUTER_A# conf t    ROUTER_A(conf)# int s0    ROUTER_A(config-if)# no ip access-group 10 in 

3.  After disabling all access lists on the router, determine if the router is able to establish neighbor relationships normally. Use the show ip ospf neighbor privileged EXEC command. If the proper neighbor relationships have been established, an access list is probably filtering OSPF hello packets.

4.  To isolate the problem access list, enable access lists one at a time until the router cannot establish neighbors (use the clear ip ospf neighbors privileged EXEC command to force 1the router to clear the neighbor table).

5.  Check the access list to see if it is filtering traffic from port 89, the port used by OSPF. Remember that every access list ends with an implicit deny any statement. If an access list denies OSPF traffic, enter an explicit permit statement for port 89 to ensure that neighbor relationships can be established properly. (You can also use the ospf keyword when configuring the access list.)
For example, to configure input access list 101 to allow OSPF traffic to pass, enter the following command on the router:

    ROUTER_A(config)# access-list 101 permit ospf any any 

6.  If you altered an access list, enable the list. Then enter the show ip ospf neighbor command to see if neighbor relationships are established normally.

7.  If the router is establishing neighbors, perform the preceding steps for other routers in the path until all access lists are enabled and the router can still establish neighbors normally.