Monday, 5 January 2026

OSPF Peering Process

 ✅ 1. Verify OSPF Process Is Running


 show ip protocols
 show ip ospf
• Ensure OSPF is enabled.
 • Correct process ID and routing information present.
✅ 2. Check OSPF Interface Participation
show ip ospf interface brief
• Interface must be in the right area.
 • Roles should be DR, BDR, or DROTHER.
✅ 3. Verify Interface IP and Subnet
show ip interface brief
 show run interface <interface>
• Both routers should be in the same subnet.
 • Interface must be up and not shutdown.
✅ 4. Check OSPF Hello and Dead Timers
show ip ospf interface <interface>
• Hello & Dead timers must match.
 • Default: Hello = 10s, Dead = 40s
✅ 5. Check OSPF Network Type
show ip ospf interface <interface>
• Must match on both sides:
 • broadcast, point-to-point, or non-broadcast
interface <interface>
 ip ospf network <broadcast | point-to-point | non-br
✅ 6. Check for Passive Interface
show run | section router ospf
• Passive interfaces won’t form neighbors.
router ospf <process-id>
 no passive-interface <interface>
✅ 7. Check OSPF Authentication
show ip ospf interface <interface>
• Both routers must use:
 • Same authentication type (None, Simple, MD5)
 • Same password
interface <interface>
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 <password>
router ospf <process-id>
 area <area-id> authentication message-digest
✅ 8. Clear OSPF Neighbor Relationships (if needed)
clear ip ospf process
 clear ip ospf neighbor <neighbor-ip>
✅ 9. Verify OSPF Neighbor State
show ip ospf neighbor
• Desired state: FULL
✅ 10. Check Logs for Clues
show log
Look for:
 • Interface flaps
 • Timer mismatches
 • Area mismatches
✅ 11. Check for Duplicate Router IDs
show ip ospf
• Router IDs must be unique within the OSPF domain.
✅ 12. Check for MTU Mismatch
show interface <interface> | include MTU
• MTU mismatch can cause stuck state at EXSTART/EXCHANGE.
✅ 13. Verify Stub Area Configuration
show ip ospf
• Both routers must agree on stub/NSSA settings.
✅ 14. Check Access Lists or Firewalls
show ip access-lists
 show running-config | include access-group
• Ensure no ACL or firewall blocks OSPF protocol 89.
✅ 15. Final Verification
show ip ospf neighbor
 show ip ospf interface
 ping <neighbor-ip>
• Confirm OSPF peering is established and stable.
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

🔥 The Hidden Risk of “Wide Open” Internal Policies — And How To Remove Them Safely

In one of my recent projects, I noticed a wide open internal traffic policy in place. Later, I was asked to work on this issue and remove th...