Cisco OSPF Command Handbook

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.

< Free Open Study >

• Table of Contents
• Index
Cisco® OSPF Command and Configuration Handbook (CCIE Professional Development)

By William R. Parkhurst Ph.D.

Publisher: Cisco Press

Pub Date: April 19, 2002

ISBN: 1-58705-071-4

Pages: 528

Slots: 2

As one of the most predominantly deployed Interior Gateway Protocols, Open Shortest Path First (OSPF) demands a wealth of knowledge on
the part of internetworking professionals working with it on a daily basis. Unfortunately, publicly available documentation on the OSPF
command set varies from being too thin on coverage to being too demanding on the required equipment needed to test what the
documentation covers.

Cisco OSPF Command and Configuration Handbook is a clear, concise, and complete source of documentation for all Cisco IOS(r) Software
OSPF commands. The way you use this book will depend on your objectives. If you are preparing for the CCIE written and lab exams, then
this book can be used as a laboratory guide to learn the purpose and proper use of every OSPF command. If you are a network designer,
then this book can be used as a ready reference for any OSPF command.

Cisco OSPF Command and Configuration Handbook provides example scenarios that demonstrate the proper use of every OSPF command
that can be implemented on a minimum number of routers. This will enable you to learn each command without requiring an extensive and
expensive lab configuration. The scenarios clearly present the purpose and use of each command. Some of the examples lead you into
common non-working situations in order to reinforce the understanding of the operation of the particular OSPF command.

This book is part of the Cisco CCIE Professional Development Series, which offers expert-level instruction on network design, deployment,
and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams.

< Free Open Study >


< Free Open Study >

• Table of Contents
• Index
Cisco® OSPF Command and Configuration Handbook (CCIE Professional Development)

By William R. Parkhurst Ph.D.

Publisher: Cisco Press
Pub Date: April 19, 2002
ISBN: 1-58705-071-4
Pages: 528
Slots: 2

Copyright
About the Author
About the Technical Reviewers
Acknowledgments
Introduction
Recommended Reading
Icons Used in This Book
Command Syntax Conventions

Chapter 1. OSPF Process Configuration Commands
Section 1-1. router ospf process-id
Section 1-2. router ospf process-id vrf name
Chapter 2. OSPF Area Commands
Section 2-1. area area-id authentication
Section 2-2. area area-id authentication message-digest
Section 2-3. area area-id default-cost cost
Section 2-4. area area-id nssa
Section 2-5. area area-id nssa default-information-originate
Section 2-6. area area-id nssa no-redistribution
Section 2-7. area area-id nssa no-summary
Section 2-8. area area-id range ip-address mask
Section 2-9. area area-id range ip-address mask advertise
Section 2-10. area area-id range ip-address mask not-advertise
Section 2-11. area area-id stub
Section 2-12. area area-id stub no-summary


Section 2-13. area transit-area-id virtual-link router-id
Section 2-14. area transit-area-id virtual-link router-id authentication authentication-key password
Section 2-15. area transit-area-id virtual-link router-id authentication message-digest
Section 2-16. area transit-area-id virtual-link router-id authentication null
Section 2-17. area transit-area-id virtual-link router-id authentication-key password
Section 2-18. area transit-area-id virtual-link router-id dead-interval seconds
Section 2-19. area transit-area-id virtual-link router-id hello-interval seconds
Section 2-20. area transit-area-id virtual-link router-id message-digest-key key-id md5 password
Section 2-21. area transit-area-id virtual-link router-id retransmit-interval seconds
Section 2-22. area transit-area-id virtual-link router-id transmit-delay seconds
Chapter 3. Auto Cost
Section 3-1. auto-cost reference-bandwidth bandwidth
Troubleshooting
Chapter 4. Default Route Generation
Section 4-1. default-information originate
Section 4-2. default-information originate always
Section 4-3. default-information originate metric cost
Section 4-4. default-information originate always metric cost
Section 4-5. default-information originate metric-type type
Section 4-6. default-information originate always metric-type type
Section 4-7. default-information originate route-map route-map-name

Chapter 5. Setting the Default Metric for Redistributed Protocols
Section 5-1. default-metric cost
Chapter 6. Administrative Distance
Section 6-1. distance administrative-distance
Section 6-2. distance administrative-distance source-ip-address source-ip-mask
Section 6-3. distance administrative-distance source-ip-address source-ip-mask access-list-number
Section 6-4. distance ospf external administrative-distance
Section 6-5. distance ospf inter-area administrative-distance
Section 6-6. distance ospf intra-area administrative-distance
Chapter 7. Filtering Routes with Distribute Lists
Section 7-1. distribute-list access-list-number in
Section 7-2. distribute-list access-list-number in interface-type interface-number
Section 7-3. distribute-list access-list-number out
Section 7-4. distribute-list access-list-number out interface-type interface-number
Section 7-5. distribute-list access-list-number out routing-process
Section 7-6. distribute-list access-list-name in
Section 7-7. distribute-list access-list-name in interface-type interface-number
Section 7-8. distribute-list access-list-name out
Section 7-9. distribute-list access-list-name out interface-type interface-number
Section 7-10. distribute-list access-list-name out routing-process
Section 7-11. distribute-list prefix prefix-list-name in
Section 7-12. distribute-list prefix prefix-list-name in interface-type interface-number
Section 7-13. distribute-list prefix prefix-list-name out
Section 7-14. distribute-list prefix prefix-list-name out interface-type interface-number


Section 7-15. distribute-list prefix prefix-list-name out routing-process
Chapter 8. Handling of MOSPF LSAs
Section 8-1. ignore lsa mospf
Chapter 9. Logging OSPF Neighbor Changes
Section 9-1. log-adjacency-changes
Section 9-2. log adjacency-changes detail

Chapter 10. Multiple Path Configuration
Section 10-1. maximum-paths number-of-paths
Chapter 11. OSPF neighbor Commands
Section 11-1. neighbor ip-address
Section 11-2. neighbor ip-address cost cost
Section 11-3. neighbor ip-address database-filter all out
Section 11-4. neighbor ip-address poll-interval interval
Section 11-5. neighbor ip-address priority priority
Chapter 12. OSPF network Command
Section 12-1. network ip-address wild-card-mask area area-id
Chapter 13. Passive OSPF Interfaces
Section 13-1. passive-interface interface-name interface-number
Section 13-2. passive-interface default
Chapter 14. Route Redistribution
Section 14-1. redistribute routing-process process-id
Section 14-2. redistribute routing-process process-id metric ospf-metric
Section 14-3. redistribute routing-process process-id metric-type metric-type
Section 14-4. redistribute routing-process process-id subnets
Section 14-5. redistribute routing-process process-id tag tag-value
Section 14-6. redistribute routing-process process-id route-map route-map-name
Chapter 15. Controlling the OSPF Router ID
Section 15-1. router-id ip-address
Chapter 16. Summarizing External Routes
Section 16-1. summary-address ip-address mask
Section 16-2. summary-address ip-address mask not-advertise
Section 16-3. summary-address ip-address mask tag value
Chapter 17. OSPF Timers
Section 17-1. timers lsa-group-pacing seconds
Section 17-2. timers spf delay interval
Chapter 18. Traffic Sharing
Section 18-1. traffic-share min across-interfaces

Chapter 19. Interface Configuration Commands
Section 19-1. ip ospf authentication
Section 19-2. ip ospf authentication authentication-key password
Section 19-3. ip ospf authentication message-digest
Section 19-4. ip ospf authentication null
Section 19-5. ip ospf cost cost
Section 19-6. ip ospf database-filter all out
Section 19-7. ip ospf dead-interval seconds


Section 19-8. ip ospf demand-circuit
Section 19-9. ip ospf flood-reduction
Section 19-10. ip ospf hello-interval seconds
Section 19-11. ip ospf message-digest-key key-id md5 password
Section 19-12. ip ospf mtu-ignore
Section 19-13. ip ospf network broadcast
Section 19-14. ip ospf network non-broadcast
Section 19-15. ip ospf network point-to-multipoint
Section 19-16. ip ospf network point-to-multipoint non-broadcast
Section 19-17. ip ospf network point-to-point
Section 19-18. ip ospf priority priority
Section 19-19. ip ospf retransmit-interval seconds
Section 19-20. ip ospf transmit-delay seconds
Chapter 20. show Commands
Section 20-1. show ip ospf
Section 20-2. show ip ospf process-id
Section 20-3. show ip ospf border-routers
Section 20-4. show ip ospf process-id border-routers
Section 20-5. show ip ospf database
Section 20-6. show ip ospf process-id database
Section 20-7. show ip ospf database adv-routerrouter-id
Section 20-8. show ip ospf process-id database adv-router router-id
Section 20-9. show ip ospf database asbr-summary
Section 20-10. show ip ospf process-id database asbr-summary
Section 20-11. show ip ospf database asbr-summary asbr-id
Section 20-12. show ip ospf process-id database asbr-summary asbr-id
Section 20-13. show ip ospf database database-summary
Section 20-14. show ip ospf process-id database database-summary
Section 20-15. show ip ospf database external
Section 20-16. show ip ospf process-id database external
Section 20-17. show ip ospf database network
Section 20-18. show ip ospf process-id database network
Section 20-19. show ip ospf database nssa-external
Section 20-20. show ip ospf process-id database nssa-external
Section 20-21. show ip ospf database router
Section 20-22. show ip ospf process-id database router
Section 20-23. show ip ospf database self-originate
Section 20-24. show ip ospf process-id database self-originate
Section 20-25. show ip ospf database summary
Section 20-26. show ip ospf process-id database summary
Section 20-27. show ip ospf flood-list
Section 20-28. show ip ospf process-id flood-list
Section 20-29. show ip ospf flood-list int-name int-number
Section 20-30. show ip ospf process-id flood-list int-name int-number
Section 20-31. show ip ospf interface


Section 20-32. show ip ospf process-id interface
Section 20-33. show ip ospf interface int-name int-number
Section 20-34. show ip ospf process-id interface int-name int-number
Section 20-35. show ip ospf neighbor
Section 20-36. show ip ospf process-id neighbor
Section 20-37. show ip ospf neighbor neighbor-id
Section 20-38. show ip ospf process-id neighbor neighbor-id
Section 20-39. show ip ospf neighbor int-name int-number
Section 20-40. show ip ospf process-id neighbor int-name int-number
Section 20-41. show ip ospf neighbor detail
Section 20-42. show ip ospf process-id neighbor detail
Section 20-43. show ip ospf neighbor detail neighbor-id
Section 20-44. show ip ospf process-id neighbor detail neighbor-id
Section 20-45. show ip ospf neighbor int-name int-number
Section 20-46. show ip ospf process-id neighbor int-name int-number
Section 20-47. show ip ospf request-list
Section 20-48. show ip ospf process-id request-list
Section 20-49. show ip ospf request-list neighbor-id
Section 20-50. show ip ospf process-id request-list neighbor-id
Section 20-51. show ip ospf request-list int-name int-number
Section 20-52. show ip ospf process-id request-list int-name int-number
Section 20-53. show ip ospf retransmission-list
Section 20-54. show ip ospf process-id retransmission-list
Section 20-55. show ip ospf retransmission neighbor-id
Section 20-56. show ip ospf process-id retransmission neighbor-id
Section 20-57. show ip ospf retransmission int-name int-number
Section 20-58. show ip ospf process-id retransmission int-name int-number
Section 20-59. show ip ospf summary-address
Section 20-60. show ip ospf process-id summary-address
Section 20-61. show ip ospf virtual-links
Section 20-62. show ip ospf process-id virtual-links
Chapter 21. debug Commands
Section 21-1. debug ip ospf adj
Section 21-2. debug ip ospf events
Section 21-3. debug ip ospf flood
Section 21-4. debug ip ospf floodip-access-list-number
Section 21-5. debug ip ospf lsa-generation
Section 21-6. debug ip ospf lsa-generation ip-access-list-number
Section 21-7. debug ip ospf packet
Section 21-8. debug ip ospf retransmission
Section 21-9. debug ip ospf spf
Section 21-10. debug ip ospf spf external
Section 21-11. debug ip ospf spf external access-list-number
Section 21-12. debug ip ospf spf inter
Section 21-13. debug ip ospf spf inter access-list-number


Section 21-14. debug ip ospf spf intra
Section 21-15. debug ip ospf spf intra access-list-number
Chapter 22. clear Commands
Section 22-1. clear ip ospf counters
Section 22-2. clear ip ospf process-id counters
Section 22-3. clear ip ospf process-id counters neighbor
Section 22-4. clear ip ospf process-id counters neighbor int-name int-number
Section 22-5. clear ip ospf process
Section 22-6. clear ip ospf process-id process
Section 22-7. clear ip ospf redistribution
Section 22-8. clear ip ospf process-id redistribition
Index
< Free Open Study >

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks
.

< Free Open Study >

Copyright
Copyright© 2002 Cisco Systems, Inc.

Published by:

Cisco Press

201 West 103rd Street

Indianapolis, IN 46290 USA

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the
inclusion of brief quotations in a review.

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0

First Printing April 2002

Library of Congress Cataloging-in-Publication Number: 2001094058

Warning and Disclaimer

This book is designed to provide information about Cisco IOS Software OSPF commands. Every effort has been made to make this book as
complete and as accurate as possible, but no warranty or fitness is implied.

The information is provided on an "as is" basis. The authors, Cisco Press, and Cisco Systems, Inc., shall have neither liability nor
responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of
the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco
Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of
any trademark or service mark.

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision,
undergoing rigorous development that involves the unique expertise of members from the professional technical community.

Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this

.

book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com. Please make sure to
include the book title and ISBN in your message.

We greatly appreciate your assistance.

Credits

Publisher

John Wait

Editor-In-Chief

John Kane

Cisco Systems Program Manager

Michael Hackert

Managing Editor

Patrick Kanouse

Development Editor

Christopher Cleveland

Project Editor

Marc Fowler

Copy Editor

Doug Lloyd

Technical Editors

Mike Bass

Brian Morgan

Bill Wagner

Robert White

Team Coordinator

Tammi Ross

Book Designer

Gina Rexrode

Cover Designer

.

Louisa Klucznik

Production Team

Argosy

Indexer

Tim Wright

Corporate Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

European Headquarters

Cisco Systems Europe

11 Rue Camille Desmoulins

92782 Issy-les-Moulineaux Cedex 9

France

http://www-europe.cisco.com

Tel: 33 1 58 04 60 00

Fax: 33 1 58 04 61 00

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA


Tel: 408 526-7660

Fax: 408 527-0883

Asia Pacific Headquarters


Cisco Systems Australia, Pty., Ltd

Level 17, 99 Walker Street

North Sydney

NSW 2059 Australia


Tel: +61 2 8448 7100

Fax: +61 2 9957 4350

Cisco Systems has more than 200 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the
Cisco Web site at www.cisco.com/go/offices

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China • Colombia • Costa Rica • Croatia • Czech Republic •
Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan •
Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico •
Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain Sweden • Switzerland • Taiwan •
Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

Copyright © 2000, Cisco Systems, Inc. All rights reserved. Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me,
CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco
Systems Networking Academy, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core,
Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The iQ Logo, Kernel Proxy,
MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder,
RateMUX, ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, TrafficDirector, TransPath,
VlanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack are trademarks of Cisco Systems, Inc.; Changing
the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST,
BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco
Systems Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS,
IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe,
TeleRouter, are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries.

All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the
word partner does not imply a partnership relationship between Cisco and any other company. (0010R)

Dedications

To my family and friends. In the final analysis, what else is there?

< Free Open Study >


< Free Open Study >

About the Author
William R. Parkhurst, Ph.D., CCIE #2969, is a program manager with the CCIE group at Cisco Systems. Bill is responsible for the CCIE
Communications and Services exams. Prior to joining the CCIE team, Bill was a Consulting Systems Engineer supporting Sprint. Bill first
became associated with Cisco Systems while he was a Professor of Electrical and Computer Engineering at Wichita State University (WSU).
In conjunction with Cisco Systems, WSU established the first CCIE Preparation Laboratory.

< Free Open Study >


< Free Open Study >

About the Technical Reviewers

Mike Bass has worked for 22 years in computer networking, the last 17 years at Sprint. Mike's networking experience began with
mini-computer and mainframe networks and now consists of planning and design for distributed and peer-to-peer systems supporting voice,
video, and data services. Mike is currently responsible for the introduction of new networking technologies to support Sprint internal
associates.

Brian Morgan, CCIE #4865, CCSI, is the Director of Data Network Engineering at Allegiance Telecom, Inc. He's been in the networking
industry for over 12 years. Prior to going to Allegiance, Brian was an instructor/consultant teaching ICND, BSCN, BSCI, CATM, CVOICE, and
BCRAN. Brian is a co-author of the Cisco Press Remote Access Exam Certification Guide and technical editor of numerous other Cisco Press
titles.

Bill Wagner works as a Cisco Certified System Instructor for Mentor Technologies. He has 23 years of computer programming and data
communications experience. He has worked for corporations and companies such as Independent Computer Consultants, Numerax, Mc
Graw-Hill/Numerax, and Standard and Poor. His teaching experience started with the Chubb Institute, Protocol Interface Inc, Geotrain, Mentor
Technologies. He is currently teaching at Skyline Computers Corporation.

Robert L. White is an IP Network Design Engineer with Sprint's Long Distance Division internal data network. Robert's design expertise
focuses on routing protocols, external gateway connectivity, and IP address administration on a large multi-protocol network.

< Free Open Study >


< Free Open Study >

Acknowledgments
I would like to acknowledge the superb effort of all those involved with the development of this handbook. The reviewers of this book, Mike
Bass, Brian Morgan, Bill Wagner, and Robert White, not only found the errors in the book but also contributed suggestions on how to improve
the content and clarity of this handbook. Their efforts are greatly appreciated. I would also like to thank John Kane and Chris Cleveland of
Cisco Press for their guidance and help in bringing this project to a successful completion. Finally, I want to thank my wife, Debbie, for her
encouragement and support during the many evenings and weekends while I was spending more time with routers than with her. She was
also the initial reviewer of this book and found misspellings, grammatical errors, and things that just didn't make sense. Once again she made
me look good in the eyes of my editor.

< Free Open Study >


< Free Open Study >

Introduction
I have been involved with the world of networking from many directions. My experiences in education, network consulting, service provider
support, and certification have shown me that there is a common thread that frustrates people in all of these arenas. That common thread is
documentation. There are many factors that cause documentation to be frustrating but the most common are amount, clarity, and
completeness. The amount of documentation available, especially in regards to OSPF, can be overwhelming. For a person who is beginning
to learn OSPF, the question is, "Where do I begin?" There are very good books, RFCs, white papers, and command references available, but
it is difficult to know where to start. The clarity of documentation depends on your personal situation. For a seasoned OSPF designer, the
documentation may be clear and concise. To an individual preparing for a professional certification such as the CCIE, the same
documentation may be confusing. Even if the documentation is clear it is sometimes not complete. You may understand the words but be
confused by the application. The purpose of this book is to provide an OSPF handbook that is clear, concise, and complete. This book is not
meant to be read from cover to cover. The way you use this book will depend on your objectives. If you are preparing for the CCIE written and
lab exams, this book can be used as a laboratory guide to learn the purpose and proper use of every OSPF command. If you are a network
designer then this book can be used as a ready reference for any OSPF command. In order to satisfy these varying audiences the structure
of this book is reasonably simple. Each OSPF command is illustrated using the following structure:

Listing of the command structure and syntax

Syntax description for the command with an explanation of all command parameters

The purpose of the command and the situation where the command is used

The first release of the IOS in which the command appeared

One or more configuration examples to demonstrate the proper use of the command

Procedures and examples to verify that the command is working properly

How to troubleshoot the command when things are not working as intended

The example scenarios that demonstrate the proper use of the OSPF commands can be implemented on a minimum number of routers. This
will allow you to learn each command without requiring an extensive and expensive lab configuration. The scenarios are presented so that the
purpose and use of each command can be presented without clouding the issue. Some of the examples lead you into common non-working
situations in order to reinforce the understanding of the operation of the particular OSPF command.

My hope is that this handbook will help you prepare for the CCIE exam, allow you to properly use OSPF in your network, or both.

< Free Open Study >


< Free Open Study >

Recommended Reading

This book assumes that you have a working knowledge of OSPF theory of operation and OSPF terminology. The following references can be
used to supplement your knowledge of OSPF.

OSPF Network Design Solutions, Thomas M. Thomas II, Cisco Press (second edition will be released December 2002)

Routing TCP/IP Volume 1, Jeff Doyle, Cisco Press

< Free Open Study >


< Free Open Study >

Icons Used in This Book


< Free Open Study >


< Free Open Study >

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the Cisco IOS Software Command
Reference. The Command Reference describes these conventions as follows:

Vertical bars (|) separate alternative, mutually exclusive elements.

Square brackets [ ] indicate optional elements.

Braces { } indicate a required choice.

Braces within brackets [{ }] indicate a required choice within an optional element.

Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not
general command syntax), boldface indicates commands that are manually input by the user (such as a show command).

Italics indicate arguments for which you supply actual values.

< Free Open Study >


< Free Open Study >

Chapter 1. OSPF Process Configuration Commands
Section 1-1. router ospf process-id

Section 1-2. router ospf process-id vrf name

< Free Open Study >

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks .

< Free Open Study >

1-1 router ospf process-id

Syntax Description:

process-id— The OSPF process ID. The range of values is 1 to 65535.

Purpose: Used to enable one or more OSPF processes on a router. The process ID is only significant on the local router. Use the form of
no
the command to remove an OSPF process.

Initial IOS Software Release: 10.0

Configuration Example: Enabling an OSPF Process

Before you enable an OSPF process, there must be at least one active interface with an assigned IP address. OSPF uses the highest IP
address assigned to an active interface as the OSPF Router ID. If loopback interfaces have been configured, then OSPF will use the highest
loopback address as the Router ID even if the highest loopback IP address is smaller than the IP address of any active physical interface.
Using a loopback interface on an OSPF router is recommended because a loopback interface is never down. A loopback interface will
produce a stable OSPF router ID. The network in Figure 1-1 demonstrates that the OSPF Router ID (RID) is the highest IP address assigned
to an active physical interface. If a loopback interface is used, then OSPF will use the loopback IP address as the OSPF RID.

Figure 1-1. OSPF Router ID Selection

.

Start by removing all IP addresses and loopback interfaces from Router B. Now, attempt to configure an OSPF process on Router B.

rtrB#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

rtrB(config)#router ospf 1

OSPF: Could not allocate router id

OSPF cannot be enabled on Router B because OSPF needs a RID and there are no IP addresses assigned on Router B. Configure the serial
interfaces on Routers A and B and then configure an OSPF process on Router B.

Router A

interface Serial0/1

bandwidth 64

ip address 10.1.1.1 255.255.255.252

clockrate 64000

_______________________________________________________________________

Router B

interface Serial0

ip address 10.1.1.2 255.255.255.252

bandwidth 64

router ospf 1

The configuration of the OSPF process on Router B was successful. Examine the OSPF RID on Router B using theshow ip ospf command.

rtrB#show ip ospf

Routing Process "ospf 1" with ID 10.1.1.2

Supports only single TOS(TOS0) routes

SPF schedule delay 5 secs, Hold time between two SPFs 10 secs

Number of DCbitless external LSA 0

.

Number of DoNotAge external LSA 0

Number of areas in this router is 0. 0 normal 0 stub 0 nssa

The only active interface on Router B is Serial0, so OSPF will use the IP address assigned to Serial0 for the router ID. Add a loopback
interface to Router B and then re-examine the OSPF RID on Router B.

Router B

interface Loopback0

ip address 2.2.2.2 255.255.255.255

rtrB#show ip ospf







The OSPF RID has not changed. This is a stability feature of OSPF. The router ID will not change unless the OSPF process is restarted or if
the interface used for the RID goes down. Shut down the serial interface on Router B, re-enable the serial interface on Router B, and examine
the effect on the OSPF RID.

Verification

Verify that the OSPF RID on Router B is equal to the IP address assigned to the loopback interface.

rtrB#show ip ospf








Troubleshooting

Verify that a loopback interface has been configured and an IP address assigned before configuring OSPF. A loopback interface is not
mandatory, but it will add stability to your OSPF network.

< Free Open Study >


1-2 router ospf process-id vrf name

Syntax Description:

process-id— The OSPF process ID. The range of values is 1 to 65535.

name— VPN Routing/Forwarding Instance (VRF) name. Routes learned by the OSPF process will be placed in the VRF instead
of the global IP routing table.

Purpose: In a Multiprotocol Label Switching (MPLS) virtual private network (VPN) environment, this formof the OSPF router command is
used to transfer VPN customer routes between the service provider and the VPN customer. In an MPLS/VPN environment, there are three
types of routers, as shown in Figure 1-2.

Figure 1-2. General MPLS/VPN Architecture

Provider (P) routers

Customer edge (CE) routers

Provider edge (PE) routers

P routers are routers in the service provider network that have no connections to CE routers. PE routers are the interface routers between the
customer and the service provider. Tag or label switching and an interior gateway protocol (IGP), such as OSPF, are run between P and PE
routers to exchange internal service provider routes. These routes are installed in the global IP routing table on the P and PE routers. The PE
routers have additional IP routing tables, one for each attached VPN customer. These routing tables are called VRF instances. When OSPF
is configured using the vrf option, routes learned from the CE will be placed into the appropriate VRF on the PE router. These VPN routes will
be exchanged between PE routers via multiprotocol IBGP. For a detailed discussion of MPLS and MPLS VPNs, see the Cisco Press book
MPLS and VPN Architectures by Ivan Pepelnjak and Jim Guichard.

Initial IOS Software Release: 12.0

< Free Open Study >


< Free Open Study >

Chapter 2. OSPF Area Commands
Section 2-1. area area-id authentication

Section 2-2. area area-id authentication message-digest

Section 2-3. area area-id default-cost cost

Section 2-4. area area-id nssa

Section 2-5. area area-id nssa default-information-originate

Section 2-6. area area-id nssa no-redistribution

Section 2-7. area area-id nssa no-summary

Section 2-8. area area-id range ip-address mask

Section 2-9. area area-id range ip-address mask advertise

Section 2-10. area area-id range ip-address mask not-advertise

Section 2-11. area area-id stub

Section 2-12. area area-id stub no-summary

Section 2-13. area transit-area-id virtual-link router-id

Section 2-14. area transit-area-id virtual-link router-id authentication authentication-key password

Section 2-15. area transit-area-id virtual-link router-id authentication message-digest

Section 2-16. area transit-area-id virtual-link router-id authentication null

Section 2-17. area transit-area-id virtual-link router-id authentication-key password

Section 2-18. area transit-area-id virtual-link router-id dead-interval seconds

Section 2-19. area transit-area-id virtual-link router-id hello-interval seconds

Section 2-20. area transit-area-id virtual-link router-id message-digest-key key-id md5 password

Section 2-21. area transit-area-id virtual-link router-id retransmit-interval seconds

Section 2-22. area transit-area-id virtual-link router-id transmit-delay seconds

< Free Open Study >


2-1 area area-id authentication

NOTE

This command requires the following additional commands:

For a physical interface: ip ospf authentication-key password (see Section 19-2)

For a virtual link if authentication is used in area 0: area transit-area virtual-link router-id authentication-key password
(see Section 2-17)

Syntax Description:

area-id— OSPF area ID. This value can be entered as a decimal number in the range of 0 to 4,294,967,295 or in IP address
format in the range 0.0.0.0 to 255.255.255.255. This command will enable simple password authentication in the indicated OSPF
area. By default, authentication is not enabled.

transit-area— The OSPF area across which the virtual link is configured.

password— Clear-text password to be used for authentication in the selected area on the selected interface or virtual link. The
password is an alphanumeric string from 1 to 8 characters.

router-id— OSPF router ID of the router at the remote end of the virtual link.

Purpose: To enable simple clear-text password authentication in an OSPF area. OSPF simple authentication requires the use of the router
configuration command to enable authentication in an area and the interface or virtual-link command for password configuration. Because this
router configuration command enables authentication in an area, you must configure every interface in the area for authentication if using
Cisco IOS Software Release 11.X or earlier. In Cisco IOS Software Release 12.X, the authentication used on an interface can be different
than the authentication enabled for an area. When using Cisco IOS Software Release 12.X, the authentication method used on different
interfaces in the same area does not need to be the same. You can remove authentication from selected interfaces using the interface
command ip ospf authentication null (see Section 19-1). The password does not need to be the same on every interface in the area, but
both ends of a common link must use the same password. Authentication is enabled by area (Cisco IOS Software Release 11.X and earlier),
so it is possible to employ authentication in one area without using authentication in other areas. The clear-text password is not encrypted, so
it will be possible for someone to intercept OSPF protocol packets and compromise the password.

Initial Cisco IOS Software Release: 10.0

Configuration Example: Simple Password Authentication

For the network in Figure 2-1, start by configuring OSPF without authentication in Area 0.

Figure 2-1. Network Used to Demonstrate OSPF Authentication Configuration and
Troubleshooting


Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/0

ip address 10.1.1.9 255.255.255.252

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router B

interface Loopback0

.

ip address 2.2.2.2 255.255.255.255

!

interface Serial0

ip address 10.1.1.2 255.255.255.252

!

interface Serial1

ip address 10.1.1.5 255.255.255.252

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router C

interface Loopback0

ip address 3.3.3.3 255.255.255.255

!

interface Serial0

ip address 10.1.1.6 255.255.255.252

!

interface Serial1

ip address 10.1.1.10 255.255.255.252

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.15 area 0

Verify the OSPF configuration on Routers A, B, and C by displaying the state of each router's OSPF neighbors.

.

rtrA#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 1 FULL/ - 00:00:38 10.1.1.10 Serial0/0

2.2.2.2 1 FULL/ - 00:00:37 10.1.1.2 Serial0/1

_______________________________________________________________________

rtrB#show ip ospf neighbor


1.1.1.1 1 FULL/ - 00:00:35 10.1.1.1 Serial0

3.3.3.3 1 FULL/ - 00:00:30 10.1.1.6 Serial1

_______________________________________________________________________

rtrC#show ip ospf neighbor


2.2.2.2 1 FULL/ - 00:00:30 10.1.1.5 Serial0

1.1.1.1 1 FULL/ - 00:00:37 10.1.1.9 Serial1

Verify that OSPF is not using authentication.

rtrA#show ip ospf




Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs

Number of external LSA 0. Checksum Sum 0x0


.



Area BACKBONE(0)

Number of interfaces in this area is 2

Area has no authentication

SPF algorithm executed 6 times

Area ranges are

Number of LSA 3. Checksum Sum 0x25F8D

Number of DCbitless LSA 0

Number of indication LSA 0

Number of DoNotAge LSA 0

Modify the configurations on Routers A, B, and C by adding simple password authentication to Area 0. For this example, you will use the
clear-text password "cisco".

Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/0

ip address 10.1.1.9 255.255.255.252

ip ospf authentication-key cisco

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252


clock rate 64000

!

router ospf 1

area 0 authentication

.

network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router B

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface Serial0

ip address 10.1.1.2 255.255.255.252


!

interface Serial1

ip address 10.1.1.5 255.255.255.252


clock rate 64000

!

router ospf 1


network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router C

interface Loopback0

ip address 3.3.3.3 255.255.255.255

!

interface Serial0

ip address 10.1.1.6 255.255.255.252


.

!

interface Serial1

ip address 10.1.1.10 255.255.255.252


clock rate 64000

!

router ospf 1


network 10.1.1.0 0.0.0.15 area 0

Verification

Verify that the OSPF neighbor relationships are still active.



3.3.3.3 1 FULL/ - 00:00:31 10.1.1.10 Serial0/0

2.2.2.2 1 FULL/ - 00:00:30 10.1.1.2 Serial0/1

_______________________________________________________________________



1.1.1.1 1 FULL/ - 00:00:38 10.1.1.1 Serial0

3.3.3.3 1 FULL/ - 00:00:33 10.1.1.6 Serial1

_______________________________________________________________________

.



2.2.2.2 1 FULL/ - 00:00:33 10.1.1.5 Serial0

1.1.1.1 1 FULL/ - 00:00:30 10.1.1.9 Serial1

Verify that simple authentication is enabled for Area 0.

rtrA#show ip ospf









Area BACKBONE(0)


Area has simple password authentication


Area ranges are

Number of LSA 3. Checksum Sum 0x24F95




The password used can be seen by anyone looking at your configuration. For added security, the password in the configuration can be
encrypted using the global configuration command service password-encryption, as shown in the following configuration.

Router A

service password-encryption

.

Listing the configuration will show that the password has been encrypted. Although the password is encrypted in the configuration, it will still
be sent in clear text by OSPF.

rtrA#show running-config

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime


!

hostname rtrA

!

ip subnet-zero

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

no ip directed-broadcast

!

interface Serial0/0

ip address 10.1.1.9 255.255.255.252


ip ospf authentication-key 7 121A0C041104

no ip mroute-cache

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

.


ip ospf authentication-key 7 02050D480809

clockrate 64000

Troubleshooting

Step 1. Before enabling authentication in an OSPF area, verify that there is a neighbor relationship among all OSPF routers by
using the show ip ospf neighbor command.

Step 2. Verify that authentication has been enabled for every OSPF router with an interface in the area where authentication is
being deployed.

Step 3. Verify that every interface in an OSPF area that is using authentication is configured with the proper password.

Step 4. If any OSPF neighbor relationships disappear after configuring authentication, then debugging can be used to determine
the problem. For example, change the password on Router A, Interface Serial 0/0, to bosco, as shown here.

Router A

interface Serial0/0

ip address 10.1.1.9 255.255.255.252

ip ospf authentication-key bosco

List the OSPF neighbors for Router A.



2.2.2.2 1 FULL/ - 00:00:36 10.1.1.2 Serial0/1

Router A has lost Router C as a neighbor. Enable debugging on Router A to see if the problem can be determined.

rtrA#debug ip ospf events

OSPF events debugging is on

rtrA#

.

03:41:09: OSPF: Rcv hello from 2.2.2.2 area 0 from Serial0/1 10.1.1.2

03:41:09: OSPF: End of hello processing

03:41:09: OSPF: Rcv pkt from 10.1.1.10, Serial0/0 : Mismatch Authentication Key

- Clear Text

Be careful when configuring passwords. A space is a valid character, so if you use the passwordcisco<space> then there will be a password
mismatch, but you won't be able to tell by looking at the configuration.

Change the password on Router A, serial 0/0, back to cisco and remove the OSPF router configuration command area 0 authentication.

Router A

interface Serial0/0

ip address 10.1.1.9 255.255.255.252


!

router ospf 1

no area 0 authentication

Router A should drop both OSPF neighbors.



3.3.3.3 1 INIT/ - 00:00:38 10.1.1.10 Serial0/0

2.2.2.2 1 INIT/ - 00:00:39 10.1.1.2 Serial0/1

Now debug the OSPF traffic on Router B or C to determine the problem.

rtrB#debug ip ospf events


rtrB#

03:55:35: OSPF: Rcv pkt from 10.1.1.1, Serial0 : Mismatch Authentication type. I

nput packet specified type 0, we use type 1

03:55:40: OSPF: Rcv hello from 3.3.3.3 area 0 from Serial1 10.1.1.6



Routers B and C are using type 1 authentication (simple password) and Router A is using type 0 authentication (none).

< Free Open Study >


< Free Open Study >

2-2 area area-id authentication message-digest

NOTE


For a physical interface: ip ospf message-digest-key key-id md5 password (see Section 19-9)

For a virtual link if authentication is used in Area 0: area transit-area virtual-link router-id message-digest-key key-id md5
password (see Section 2-20)

Syntax Description:

area-id— OSPF area ID. This value can be entered as a decimal number in the range of 0 to 4,294,967,295 or in IP address
format in the range 0.0.0.0 to 255.255.255.255. This command will enable simple password authentication in the indicated OSPF
area. By default, authentication is not enabled.

key-id— Key used to encrypt a password. The range of values is 1 to 255. Both ends of a link must use the same key and password.

password— Password to be used for authentication in the selected area on the selected interface or virtual link. The password is
an alphanumeric string from 1 to 8 characters.

transit-area— The OSPF area across which the virtual link is configured.

router-id— OSPF router ID of the router at the remote end of the virtual link.

Purpose: To enable MD5 password authentication in an OSPF area. OSPF MD5 authentication requires the use of the router configuration
command to enable authentication in an area and the interface or virtual link command for key and password configuration. Since this router
configuration command enables authentication in an area, every interface in the area must be configured with an authentication key and
password if using Cisco IOS Software Release 11.X or earlier. In Cisco IOS Software Release 12.X, the authentication used on an interface
can be different from the authentication enabled for an area. When using Cisco IOS Software Release 12.X, the authentication method used
on different interfaces in the same area does not need to be the same. Authentication can be turned off on selected interfaces using the
command ip ospf authentication null (see Section 19-1). The key and password do not need to be the same on every interface, but both
ends of a common link need to use the same key and password. Authentication is enabled by area (Cisco IOS Software Release 11.X and
earlier) so it is possible to employ authentication in one area without using authentication in other areas. The password is encrypted, so it is
extremely difficult for someone to intercept OSPF protocol packets and compromise the password.


Configuration Example 1: MD5 Password Authentication


For the network in Figure 2-2, initially configure OSPF without authentication in Area 0.

Figure 2-2. Network Used to Demonstrate OSPF MD5 Authentication Configuration and
Troubleshooting

Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/0

ip address 10.1.1.9 255.255.255.252

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

clock rate 64000

!


router ospf 1

network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router B

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface Serial0

ip address 10.1.1.2 255.255.255.252

!

interface Serial1

ip address 10.1.1.5 255.255.255.252

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router C

interface Loopback0

ip address 3.3.3.3 255.255.255.255

!

interface Serial0

ip address 10.1.1.6 255.255.255.252

!

interface Serial1

ip address 10.1.1.10 255.255.255.252

.

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.15 area 0

Verify the OSPF configuration on Routers A, B, and C by displaying the state of each router's OSPF neighbors.



3.3.3.3 1 FULL/ - 00:00:38 10.1.1.10 Serial0/0

2.2.2.2 1 FULL/ - 00:00:37 10.1.1.2 Serial0/1

_______________________________________________________________________



1.1.1.1 1 FULL/ - 00:00:35 10.1.1.1 Serial0

3.3.3.3 1 FULL/ - 00:00:30 10.1.1.6 Serial1

_______________________________________________________________________



2.2.2.2 1 FULL/ - 00:00:30 10.1.1.5 Serial0

1.1.1.1 1 FULL/ - 00:00:37 10.1.1.9 Serial1

Verify that OSPF is not using authentication.

rtrA#show ip ospf


.








Area BACKBONE(0)


Area has no authentication


Area ranges are

Number of LSA 3. Checksum Sum 0x25F8D




Modify the configurations on Routers A, B, and C by adding MD5 password authentication to area 0. For this example, use the passwords
ciscoab, ciscobc, and ciscoac to demonstrate that multiple passwords can be used in an area.

Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/0

ip address 10.1.1.9 255.255.255.252

ip ospf message-digest-key 1 md5 ciscoac

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

.

ip ospf message-digest-key 2 ciscoab

clock rate 64000

!

router ospf 1

area 0 authentication message-digest

network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router B

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface Serial0

ip address 10.1.1.2 255.255.255.252

ip ospf message-digest-key 2 md5 ciscoab

!

interface Serial1

ip address 10.1.1.5 255.255.255.252

ip ospf message-digest-key 3 md5 ciscobc

clock rate 64000

!

router ospf 1


network 10.1.1.0 0.0.0.15 area 0

_______________________________________________________________________

Router C

interface Loopback0

.

ip address 3.3.3.3 255.255.255.255

!

interface Serial0

ip address 10.1.1.6 255.255.255.252

ip ospf message-digest-key 3 ciscobc

!

interface Serial1

ip address 10.1.1.10 255.255.255.252

ip ospf message-digest-key 1 md5 ciscoac

clock rate 64000

!

router ospf 1


network 10.1.1.0 0.0.0.15 area 0

Verification

Verify that the OSPF neighbor relationships are still active.



3.3.3.3 1 FULL/ - 00:00:31 10.1.1.10 Serial0/0

2.2.2.2 1 FULL/ - 00:00:30 10.1.1.2 Serial0/1

_______________________________________________________________________


.


1.1.1.1 1 FULL/ - 00:00:38 10.1.1.1 Serial0

3.3.3.3 1 FULL/ - 00:00:33 10.1.1.6 Serial1

_______________________________________________________________________



2.2.2.2 1 FULL/ - 00:00:33 10.1.1.5 Serial0

1.1.1.1 1 FULL/ - 00:00:30 10.1.1.9 Serial1

Verify that MD5 authentication is enabled for Area 0.

rtrA#show ip ospf









Area BACKBONE(0)


Area has message digest authentication


Area ranges are

Number of LSA 3. Checksum Sum 0x14A19



.


The password used can be seen by anyone looking at your configuration. For added security, the password in the configuration can be
encrypted using the global configuration command service password-encryption, as shown in the following configuration.

Router A


Listing the configuration will show that the password has been encrypted.

rtrA#show running-config

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime


!

hostname rtrA

!

ip subnet-zero

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255


!

interface Serial0/0

ip address 10.1.1.9 255.255.255.252


ip ospf message-digest-key 1 md5 7 02050D4808090E22

.

no ip mroute-cache

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252


ip ospf message-digest-key 2 md5 7 045802150C2E4D4C

clockrate 64000

Configuration Example 2: Changing Keys and Passwords

For additional security, you may choose to periodically change the key and password. With clear-text authentication, changing passwords will
cause a loss of OSPF connectivity from the time you change the password on one interface until you change the password at the other end of
the link. With MD5 authentication, you can configure a new key and password on a link while leaving the old key and password in place. The
old key and password will continue to be used until the new key and password are configured on the other end of the link. Modify the key and
password on the link between Routers A and B. Add a new key and password on Router A in order to observe the behavior when the new
key and password have only been configured on one end of the link.

Router A

interface Serial0/1

ip address 10.1.1.1 255.255.255.252



ip ospf message-digest-key 4 md5 cisconew

clockrate 64000

Verify that the OSPF neighbor relationship between Routers A and B is still active.



3.3.3.3 1 FULL/ - 00:00:34 10.1.1.10 Serial0/0

2.2.2.2 1 FULL/ - 00:00:35 10.1.1.2 Serial0/1

.

You can determine if Router A is using both keys when communicating with Router B by viewing the interface properties or by enabling
OSPF debugging.

rtrA#show ip ospf interface s0/1

Serial0/1 is up, line protocol is up

Internet Address 10.1.1.1/30, Area 0

Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:08

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 2.2.2.2

Suppress hello for 0 neighbor(s)

Message digest authentication enabled

Youngest key id is 4

Rollover in progress, 1 neighbor(s) using the old key(s):

key id 2



rtrA#





01:30:30: OSPF: Send with youngest Key 1

01:30:30: OSPF: Send with key 2

01:30:30: OSPF: Send with key 4

Notice that both keys are being used for authentication. Configure the new key and password on Router B while leaving the old key and

.

password in place.

Router B

interface Serial0

ip address 10.1.1.2 255.255.255.252



ip ospf message-digest-key 4 md5 cisconew

Routers A and B will now use the youngest key (the last key configured).

rtrA#show ip ospf interface s0/1

Serial0/1 is up, line protocol is up

Internet Address 10.1.1.1/30, Area 0

Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:02

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 2.2.2.2

Suppress hello for 0 neighbor(s)

Message digest authentication enabled

Youngest key id is 4

The old key and password can now be removed from routers A and B using the no form of the interface command.

Troubleshooting

Step 1. Before enabling authentication in an OSPF area, verify that there is a neighbor relationship among all OSPF routers by
using the show ip ospf neighbor command.

.

Step 2. Verify that authentication has been enabled for every OSPF router with an interface in the area where authentication is
being deployed.

Step 3. Verify that every interface using authentication in an OSPF area has been configured with the proper key and password.

Step 4. If any OSPF neighbor relationships disappear after configuring md5 authentication, debugging can be used to determine
the problem. For example, change the key-id on router B, interface Serial 0, to 5. Use the no form of the command to remove the
original key and password before applying the new key.

Router B

interface Serial0

ip address 10.1.1.2 255.255.255.252

no ip ospf message-digest-key 2 md5 ciscoab


List the OSPF neighbors for Router A.



3.3.3.3 1 FULL/ - 00:00:31 10.1.1.10 Serial0/0

Router A has lost Router C as a neighbor. Enable debugging on Router A to see if you can determine the problem.



rtrA#

00:09:34: OSPF: Rcv pkt from 10.1.1.2, Serial0/1 : Mismatch Authentication Key -

No message digest key 5 on interface

Be careful when configuring passwords. A space is a valid character, so if you use the password cisco<space> then there will be a password
mismatch, but you won't be able to tell by looking at the configuration, especially if the password is encrypted in the configuration.

On Router A, remove the OSPF router configuration command area 0 authentication message-digest. Restore the proper key on Serial0
on Router B.

Router A

interface Serial0/0

.

ip address 10.1.1.9 255.255.255.252


!

router ospf 1

no area 0 authentication message-digest

_______________________________________________________________________

Router B

interface Serial0

ip address 10.1.1.2 255.255.255.252

no ip ospf message-digest-key 5 md5 ciscoab


Router A should drop both OSPF neighbors.



3.3.3.3 1 INIT/ - 00:00:38 10.1.1.10 Serial0/0

2.2.2.2 1 INIT/ - 00:00:39 10.1.1.2 Serial0/1

Now debug the OSPF traffic on Router B or C to determine the problem.

rtrB#debug ip ospf events


rtrB#

21:43:04: OSPF: Rcv hello from 3.3.3.3 area 0 from Serial1 10.1.1.6




21:43:08: OSPF: Rcv pkt from 10.1.1.1, Serial0 : Mismatch Authentication type. I


nput packet specified type 0, we use type 2

Routers B and C are using type 2 authentication (MD5) and Router A is using type 0 authentication (none).

< Free Open Study >


< Free Open Study >

2-3 area area-id default-cost cost

NOTE


area area-id nssa (see Section 2-4)

or

area area-id stub (see Section 2-11)

Syntax Description:

area-id— OSPF area ID. This value can be entered as a decimal number in the range of 0 to 4,294,967,295 or in IP address form
in the range 0.0.0.0 to 255.255.255.255.

cost— The default cost of an OSPF stub area's advertised external default route metric. The range of values is 0 to 16,777,215.
The default value is 1. The cost value will be added to the cost of reaching the Area Border Router (ABR) that is advertising the
default route.

Purpose: External networks will not be advertised into a stub or totally stubby area. External networks are networks that have been
redistributed into OSPF. External OSPF routes and inter-area OSPF routes are not advertised into a totally stubby area. When an OSPF area
is configured as a stub area, a default route will be generated by the ABR into the stub area in place of the external routes. When an OSPF
area is configured as a totally stubby area, the default route replaces the external and inter-area routes. The purpose of this command is to
set the cost of the default route advertised into a stubby, totally stubby, or not-so-stubby area. If this command is not used, then the cost of
the default route will be 1. When configuring stub areas, all routers with interfaces in the stub area must be configured with the same stub
area type.


Configuration Example: Setting the Default Cost for a Stub Area

Initially, the network in Figure 2-3 is configured without a stubby area to compare the differences between the routes advertised into a normal
area with those advertised into a stubby area. You will redistribute the loopback interface on Router C in order to generate an external route
on Routers A and B.

Figure 2-3. External OSPF Routes Are Not Advertised into an OSPF Stub Area. Inter-area and
External Routes Are Not Advertised into a Totally Stubby Area


Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.3 area 1

_______________________________________________________________________


Router B

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface Serial0

ip address 10.1.1.2 255.255.255.252

!

interface Serial1

ip address 10.1.1.5 255.255.255.252

clock rate 64000

!

router ospf 1

network 10.1.1.0 0.0.0.3 area 1

network 10.1.1.4 0.0.0.3 area 0

_______________________________________________________________________

Router C

interface Loopback0

ip address 3.3.3.3 255.255.255.255

!

interface Serial0

ip address 10.1.1.6 255.255.255.252

!

router ospf 1

redistribute connected subnnets

network 10.1.1.4 0.0.0.3 area 0

.

If you examine the IP routing table on Router A, you can see that all OSPF routes are being advertised into Area 1.

rtrA#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback0


O E2 3.3.3.3 [110/20] via 10.1.1.2, 00:00:04, Serial0/1


C 10.1.1.0 is directly connected, Serial0/1

O IA 10.1.1.4 [110/128] via 10.1.1.2, 00:00:04, Serial0/1

Modify the configurations on Routers A and B so that Area 1 is a stub area.

Router A

router ospf 1

area 1 stub

network 10.1.1.0 0.0.0.3 area 1

_______________________________________________________________________

Router B

router ospf 1

Cisco OSPF Command Handbook

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to Cisco OSPF Command Handbook

Similar to Cisco OSPF Command Handbook (20)

More from 1 2d

More from 1 2d (20)

Recently uploaded

Recently uploaded (20)

Cisco OSPF Command Handbook