Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Open Shortest Path First is the dynamic routing protocol based a link-state algorithm. In the upcoming few posts I
will attempt to explain the basics of OSPF operation. Cisco CCNA level of expertise assumes that the candidates
know how to implement it in a single area. In my OSPF related posts I will go a bit beyond CCNA requirements but
not too much, just enough to help you appreciate this fascinating solution and put OSPF into practice.
Link-state algorithm is faster and more accurate in selecting the best path compared to distance vector approach. The
latter algorithm allows routers to know how far the destinations are (distance) and the next-hop router(s) the packets
should be sent to (vector). Thus, the routers do not know the topology of the network.
Routers using link-state algorithm create "a map" of the network which allows them to choose paths more
accurately. Even though they are more demanding hardware-wise (CPU and RAM memory) they supersede distance
vector based solutions.
1. Each router sends so called hello packets out of all OSPF-enabled interfaces. This way, the OSPF-enabled
router discovers directly connected routers which also run OSPF. If certain parameters in the hello packets
match between the neighboring routers, they form the relationship called the adjacency. It is a sort of
virtual communication between them.
2. Then, each router exchanges special packets called Link State Advertisements (LSAs) with its neighbors
(adjacent routers). In OSPF terminology the word link is the same as the interface. LSAs contain details
such as: addresses/network masks configured on the links (interfaces running OSPF of course), the metric,
the state of the link (which is its relation to the rest of the network), list of neighbors connected to the link.
3. Each router stores the LSAs in its Link State Database (LSDB). These LSAs are then flooded (advertised)
to all OSPF neighbors. As a result of the LSA flooding, all routers in the area have identical LSDBs. An
analogy would be having the same road map of a given country which all drivers use. Their journey's
starting point is different but the map is still the same.
4. Each router runs Dijkstra's algorithm to select the best path from this topological database (LSDB). This
way, each router creates loop free graph indicating the shortest (best) path to each network/subnet
advertised. The best paths end up in the routing table.
Transit Networks - Networks which have two or more attached routers. The packets might be originated
or passing through this type of network.
Stub Networks - Networks which have only one router attached (one exit point). Packets are either
originated or destined to these types of networks. A loopback interface is a type of stub network as well.
The loopbacks are by default advertised as /32 prefixes (255.255.255.255). If you want to advertise
loopbacks with their real network mask length, you must change the OSPF mode of operation to point-to-
point (presented in the upcoming posts).
More specifically OSPF defines five different types of networks it can operate on. These are:
2
Non Broadcast Multiple Access (NBMA) - such as Frame-Relay, ATM, X.25 (they may but do not have to
be fully meshed)
Point-To-Multipoint - such as Frame-Relay but treated as point-to-point links (Hub and Spoke)
Virtual Links - used in special situations if the OSPF area 0 (backbone area) is partitioned or if an OSPF
area cannot be connected to the area 0 directly
There are some differences in OSPF operation, depending on what type of network it runs on. I will explain the
relevant details in the upcoming posts.
OSPF routers will go through multiple states with their neighbors before they are ready to route the packets. Some
of them will be used on all type of the networks but others only on specific types of networks listed above.
Down
In this state, a router has not heard a hello packet from any OSPF neighbor yet.
Attempt
This state is applied only on NBMA networks in which the neighbors are not discovered dynamically but must be
configured manually ('neighbor' statement in the config-router context).
Init
A router has heard a hello packet from its neighbor(s), which among other parameters the Router IDs of all the
neighbors are listed (look at hello packet structure in the next post).
3
2-Way
A router has seen its own Router ID in the hello packet from the neighbor(s). This means that bidirectional
communication has been established between the routers.
ExStart
In this state the master/slave relationship is established necessary to exchange Database Description Packets. Since
all the packets have their sequence number allowing routers to detect more recent information, initial numbers are
negotiated in this state. The router with the highest Router ID becomes the master.
Exchange
The routers will send Database Description packets (description of the LDSB). Link State Request packets to
request more recent LSAs are also sent in this state.
Loading
The Link State Request packets are sent to neighbors in the loading state. They request more recent LSAs
discovered in the Exchange state. Link State Updates are sent in response to LSRs.
Full
OSPF neighbors are fully adjacent. All information about networks/subnets have been exchanged and
acknowledged.
Type 1 - Hello
This packet type is used to discover neighbors and maintain the adjacencies between them. More details regarding a
hello packet will be presented in the next post.
It is used to describe the LSAs so that the receiving router (neighbor) can determine if all LSAs have been
synchronized between them (all routers in the area must have the same LSDB). It is accomplished by exchanging the
headers of LSAs (Database Description packets aka DD packets) with the neighbor(s). The receiving router will
check if it has a match for all LSAs in its local database. If not, LSR packets are sent to retrieve the missing LSAs.
This lesson's terminology should make it easier for you to understand some details of OSPF operation presented in
the upcoming lessons.
In my next post, I will focus in on the process of building adjacency between OSPF routers.
Following the previous post, let's continue to look at OSPF basic operation. In this lesson we will focus our attention
on the exchange of OSPF Hello packets in order to reach the state allowing LSA exchange.
If these two posts (38 and 39) are a bit too much for you, try to read them again and next week look at my youtube
channel. I should have some video published there showing you these things again but this time in on the command
line interface.
Before OSPF routers distribute the routing information among their neighbors, they will go through certain stages of
operation as explained in Lesson 38. OSPF packets are utilized to take a router from the DOWN state all the way up
to the FULL state of operation. We must then, take a closer look at OSPF packets, especially at the Hello packet
without which this magic would not be possible.
OSPF uses five types of packets to communicate (explanation of OSPF packet type can be found in my previous
post). They are encapsulated in the OSPF header. The whole packet looks like shown in pic. 1.
5
Version - The OSPF version, currently used version is 2. Version 3 is OSPF for IPv6.
Type 1 - Hello
Packet Length - The length of the protocol in bytes including the standard OSPF header.
Router ID - The router identifier in OSPF (OSPF labs in my advanced study blog).
Area ID - The 32 bit number representing the area in which the interface operates.
Checksum - The number used to check the integrity of the packet including the header (excluding authentication).
0 - no authentication
2 - MD5 authentication
Hello Packet
In order for OSPF routers to exchange their routing databases, they must first discover themselves using so called
Hello protocol and agree on a number of parameters. Hello packet (OSPF Type 1 packet) is used to discover the
neighbors and exchange these initial parameters.
Hello packets advertise certain parameters (some of the must match in order to become the router's
neighbor).
On Broadcast or NBMA networks Hello packets are used to elect DR/BDR roles.
Hello packets are used as a keepalive mechanism. If the router does not hear the neighbors' Hello packets in
a given time (DeadInterval), it considers it down and invalidates information obtained from it.
Hello packets ensure bidirectional communication. The router must see its own RouterID in the 'neighbor'
field of the Hello packet it receives.
Before I explain what must match in the Hello packets for the routers to reach so called 2-way state, let's take a look
at the Hello packet structure.
7
Options - OSPF options. One of them is a 1 bit flag called: E-bit which denotes the type of area in which the
interface operates (1=normal, 0=stub).
Router Priority - Used on Broadcast and NBMA networks to elect DR/BDR. The higher the number, the more
likely for the router to become DR and the second highest number becomes BDR. After the election has been
accomplished, the number is no longer used to influence DR/BDR role (non-preemptive).
Router Dead Interval - The maximum time before a silent router is declared down (no Hello packet from it in this
time).
Designated Router - DR is elected in Broadcast and NBMA network. This field in the Hello packet carries the IP
address of the DR on the common subnet (only Broadcast and NBMA networks).
Backup Designated Router - BDR is elected in Broadcast and NBMA network. This is the IP address of DR on the
common subnet (only Broadcast and NBMA networks).
Neighbor - The router IDs from which valid Hello packet was received in the last DeadInterval time.
2-way State
OSPF-enabled router is a bit picky when it comes to its operation and choosing its neighbors. In order for the OSPF
routers to exchange LSAs (information about network reachability), they must reach the 2-way state first which
indicates that some mandatory parameters in their Hello packets are identical between them. The OSPF header
encapsulates the Hello packet. Below picture shows this encapsulation and the light-red dots indicate the parameters
that must match between the neighbors.
So, in a nutshell, the following conditions must be met for the two routers to become neighbors:
1. The routers must be on common subnet (it's true for all IGP routing protocols).
2. The Hello and DeadInterval timers must be identical between the neighbor candidates.
3. The area ID, where the OSPF-enabled interfaces of both neighbors operate, must be identical.
4. The type of area where the two neighbors must be identical (either normal or stub area).
5. The type and authentication password (if used) must match between neighbors.
Only if the routers agree on the parameters mentioned above (exact match) and their router IDs are listed in the
neighbor's Hello packet '(neighbor' field in the Hello packet) can they reach the 2-way state and proceed to
ExStart, Exchange, Loading and finally Full state. I will show you the process of going through all phases in the
next post using 'debug ip ospf adj' command.
After achieving bidirectional communication between the routers (2-way), they will enter the ExStart state. During
this phase the routers are going to elect the Master and Slave roles to perform the database synchronization in an
orderly fashion. During the ExStart state they will also check their MTU size. If it does not match, they will not go
any further (no LSA exchange is possible). This is generally not a problem between routers, but if you create
configuration between a multilayer switch and a router, this might be a problem if the switch uses larger MTU size
than 1500 bytes.
Routers typically use MTU=1500 bytes. On a multilayer switch running OSPF you can check it by issuing the
following command:
If MTU is not 1500 bytes, you can disable MTU check on the interfaces in question:
9
Before I finish this post I must mention that there are two multicast IP addresses reserved for OSPF communication:
224.0.0.5 = All OSPF speaking routers
224.0.0.6 = AllDRouters (DR/BDR listen on this address).
Unfortunately, sometimes these multicast addresses cannot be used on certain types of media (X.25, Frame-Relay,
ATM, which are NBMA types of networks). In such situations, by default, unicast transmission must be used to send
OSPF packets (the 'neighbor' statement under OSPF process changes mutlicast into unicast transmissions). But this
is beyond the scope of this tutorial. If you want to learn more details you might look at my Advanced Study Blog to
see these types of connections put into practice (soon more posts area going to be available).
Wrapping things up, I need to add that some states require a bit more explanation (for instance, DR/BDR election on
Broadcast/NBMA networks), but it will be easier to show it practically in my next post which is going to be about
implementation of OSPF on two types of network: Broadcast and Point-to-Point. Running OSPF on these types of
network fall under CCNA level of expertise
There are two more notions I need to touch upon before we implement OSPF in our topology. These are: OSPF
Router ID and special roles of the routers which are appointed in Broadcast and NBMA (Non-Broadcast Multiple
Access) networks called Designated Router (DR) and Backup Designated Router (BDR). I thought I would do
the practical implementation here as well, but I want to keep the post as short as possible.
OSPF routers exchange LSAs by flooding them to all OSPF neighbors. This flooding results in creating the same
Link-State Database (LSDB) on all routers in the area. LSDB is a topology database, (kind of a "road map"), shared
by all routers in the area. Then, each router runs Dijkstra's SPF algorithm to choose the best path to each destination,
placing itself as a the root (starting point). The product of SPF algorithm operation is the routing table. Recall that
all OSPF packets are encapsulated in the OSPF header (loot at previous post). So, LSAs are signed with the Router
ID when the router originates and floods them.
Router ID
Router ID is going to be chosen automatically unless configured manually, using the 'router-id A.B.C.D'
command in OSPF configuration context. The A.B.C.D are four bytes just like an IP address representing the router
ID. It can be changed at a later stage but this may require the process clearing (once the router had its ID chosen,
changing it always requires this command):
Clearing the OSPF process is disruptive since the router will need to re-establish adjacency with its neighbors.
Initially, a router tries to choose its ID based on the following order of operation:
1. Router chooses numerically the highest IP address off of the loopback interface.
2. In case there is no loopback interface configured, the router is going to choose numerically the highest IP
address off of the physical interface.
10
You can find in more in-depth information with regards to the applications of router ID in my Cisco Advanced Study
Blog (short, practical posts geared for the CCNPs who want to refresh their skills and primarily for those who want
to go beyond the CCNP level).
OSPF DR/BDR
Another concept that requires some explanation is the election of Designated Router (DR) and Backup Designated
Router (BDR) elected on Broadcast and NBMA networks (such as Frame-Relay, ATM, X.25). It is a role that is
valid on per link basis (Broadcast and NBMA). This means that a router can be DR on F0/0 interface (segment of
the network) but BDR or DRother on F0/1 interface.
As you recall, all routers need to establish adjacency (full state) with their neighbors. Only then, are their LSDBs
synchronized. The process of sending updates to a great number of neighbors in Broadcast and NBMA networks
would be very inefficient as their number can be significant. The routers would create the number of adjacencies
according to the following (full mesh) formula:
Number_of_Adjacencies = n(n-1)/2
where the 'n' stands for the number of routers neighbored. In case an LSU (update) is sent, there would be a number
of exchanges occurring between all neighbors according to the following formula:
The next picture shows in part the LSU propagation of the same failed network on R3. This is only a partial picture.
This would have to be done 16 times.
This situation would be very chaotic indeed. Instead, the system on Broadcast and NBMA networks elect one
representative called Designated Router which is going to be responsible for propagation of all updates on this
segment. In case of the failure of DR there is going to be a Backup Designated Router elected to assume the role of
DR. These roles are initially based on the highest 'priority number' assigned on the interface. The default number is
1, so in case of a tie, the highest Router ID is becoming DR and the second highest becomes the BDR. If a router's
interface is set to the priority value of 0, the router automatically becomes DRother and does not participate in the
election process.
NOTICE!
DR is the only router authorized to pass the updates on to other routers on Broadcast and NBMA networks. It must
have FULL reachability to other routers on the segment.
This is the reason, there are two different addresses reserved for OSPF:
Hello packets are sent to 224.0.0.5 (unless unicast is used i.e. NBMA networks)
Updates are sent 224.0.0.5 except Broadcast and NBMA network which use 224.0.0.6 address instead.
So, in our example (pic 1, and pic.2), if R3 loses its directly connected network, it sends the update towards
224.0.0.6 (to DR/BDR), and DR is sending this back to all other routers using 224.0.0.5 address. R3 is also going to
receive it, but it will silently ignore it as it is the same update (sequence number). Consider the below picture.
This post ends the theory aspects in relation to OSPF in one area as per CCNA requirements.
In the next post, I will finally put this OSPF knowledge into practice. Then, we will troubleshoot OSPF using the
tools learned in the next one.
In this post, I'm going to present the commands and verification steps with regards to OSPF implementation in a
single area. Configuration will also include the authentication of OSPF packets.
If you want to go fancy with OSPF the configuration can be quite challenging. Configuring basic OSPF in a single
area is very simple though. There are two basic steps required:
2. Instruct the OSPF process which interfaces should be enabled for OSPF and in which areas the links should
operate.
Here is the simple topology we are going to use to see the configuration steps.
Wildcard mask is an inversed network mask. The bits in the wildcard mask which are set to '0' will check the
corresponding bits in the IP address. The bits in the wildcard mask which are set to '1' will ignore the corresponding
bits in the IP address.
Look at the Pic. 2 again. According to the network statement, OSPF will be enabled on F1/0 and S0/1 of R1 (pic. 1).
What network statement could we use in order to enable OSPF on s0/1 interface but not on F1/0?
I can give you a couple of examples. Remember that wildcard mask will use '0s' to check bits in the address and '1s'
will ignore them.
Example 1
R1(config)#router ospf 1
R1(config-router)#network 10.1.13.0 0.0.0.255 area 0
This way the wildcard bits are going to check if there are any interfaces which use IP addresses according to
10.1.13.x (where x is any number). These will be OSPF-enabled.
Example 2
R1(config)#router ospf 1
R1(config-router)#network 10.1.13.1 0.0.0.0 area 0
The second example will enable OSPF on the interface that has the EXACT IP address 10.1.13.1. The wildcard bits
consists of all '0s' so ALL the corresponding bits in the IP address used must match in order for the interface to be
running OSPF protocol.
As you already know, the moment we enable OSPF on an interface, the routing process begins to send the 'hello'
packets trying to discover the neighbor(s). If they are discovered the system begins to check parameters in the OSPF
header and hello packet. If they agree on the mandatory fields (hello/dead intervale etc.) the are going through
several phases to finally synchronize their LSDBs.
Of course, the network statement with wildcard mask does not influence what network mask is going to be
advertised along with the IP address. OSPF, being a classless routing protocol, will advertise their networks/subnets
as per configuration on the interfaces. If you want to see this in action please, watch the following video I posted on
Youtube:
http://www.youtube.com/watch?v=jECzZJbT5NI
So, let's configure OSPF as per topology diagram (pic. 1) and observe the process of reaching the FULL state
(adjacency) using the debug. I will use the most specific wildard mask here but you already know there are a lot of
options available to start OSPF on the interfaces.
R1 Configuration:
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
R1(config-router)#network 10.1.13.1 0.0.0.0 area 0
R1(config-router)#network 172.16.101.1 0.0.0.0 area 0
R1(config-router)#
R3 Configuration:
R3(config)#router ospf 1
R3(config-router)#network 10.1.3.3 0.0.0.0 area 0
R3(config-router)#network 10.1.13.3 0.0.0.0 area 0
R3(config-rotuer)#network 172.16.103.3 0.0.0.0 area 0
R3(config-router)#
Now, here's the output of the debug statement on R3. Pay attention to the highlighted words and compare them with
the OSPF Neighbor State Machine (lesson 38 in the archive of this blog).
As part of practical exercise, try to use the same debug in you lab on routers connected using broadcast (Ethernet)
links. Watch for DR/BDR election.
First, let's check if our network statement was correct (OSPF is enabled on the appropriate interfaces).
You can also see a detailed output which shows more information with regards to OSPF running on an interface.
Check it out.
Then, I want to make sure that R1 is in FULL state with R3. Here's my command:
Two more commands will be useful as well. First one showing the brief output of LSDB (more detailed output is
beyond the scope of this tutorial).
Notice that both R1 and R3 advertise four links. The loopback0, F1/0, and S0/1 which counts as two links (point-to-
point interfaces are advertised as two: the IP address of the next hop and the subnet/network IP).
OSPF Authentication
As part of implementation we can authenticate OSPF packets to prevent some rouge routers joining our OSPF
domain. If someone configures and plugs in the router, it won't become adjacent with others in the domain unless the
17
2. MD5 - The password is not sent at all. The digest is created using the shared password between neighbors.
Method 2
R1(config)#interface serial0/1
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key S3cr3t
R1(config-if)#
The first command enables OSPF authentication using Simple Password method (area 0 authentication or
ip ospf authentication)
The second command specifies the password that is going to be used (ip ospf authentication-key)
In the first method, OSPF authentication is enabled on ALL interfaces configured to operate in area 0. The second
method allows more control as to which interfaces will be sending authenticated OSPF packets.
Method 2
18
R1(config)#interface serial0/1
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 S3cr3t
R1(config-if)#
Both the password (here: S3cr3t) and the key number (here: 1) must match between the neighbors.
You might try out the following two commands and see what they show:
R1#show ip protocols
R1#show ip ospf
The next post is going to be the last one in the OSPF series. We are going to configure OSPF in the more complex
topology as well as use some troubleshooting techniques to fix the common configuration issues.
I try to keep these posts as short and informative as possible. Since it takes a moment to do this lab and analyze the
results, the troubleshooting section is going to be included in the form of a video presentation at the end of this post
(available soon).
Here is our topology. I have removed Frame-Relay links as it goes beyond the scope of this tutorial (some really
crazy workbook/journal I started a few days ago might give you an idea about this complexity.
Since there are five different routers and three types of networks (broadcast, point-to-point and loopback) I will
create an action plan and implement it step by step. I'll include some stipulations in order to show you a few things
which I might have not talked about yet.
Task List
General Requirements:
ALL loopback addresses must be advertises with their configured network mask length (/24) or (/28).
1. Enable OSPF in the broadcast network connecting R1, R2 and R3. Make sure that R1 is elected the DR
and R2 is elected the BDR in the broadcast segment (172.31.123.0/24).
2. Advertise the loopback subnets on R1, R2 and R3. On R3 do NOT use the network statement to advertise
the subnet of Loopback1. On R3, while enabling OSPF on Loopback2 using the 'network' statement, use
the wildcard bits corresponding to the network mask configured (/28).
3. Enable OSPF between R1 and R4. Advertise the subnet found on R4's loopback0.
4. Enable OSPF between R2 and R5. On R5 use only one network statement to enable OSPF on ALL
interfaces (also the ones created in the future).
5. Enable the Simple Password authentication in area 0. Use the password 'cisco'.
Lab Solution
Step 1
Enable OSPF in the broadcast network connecting R1, R2 and R3.
Note!
Configuration must be done in this order to ensure R1 is elected the DR, R2 is elected the BDR.
R1 Configuration:
!
R1#conf t
R1(config)#interface f1/0
R1(config)#ip ospf priority 20
R1(config-if)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 172.31.123.1 0.0.0.0 area 0
R1(config-router)#exit
R2 Configuration:
!
R2#conf t
R2(config)#interface f1/0
R2(config-if)#ip ospf priority 10
R2(config-if)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 172.31.123.2 0.0.0.0 area 0
20
R2(config-router)#exit
R3 Configuration:
!
R3#conf t
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 172.31.123.3 0.0.0.0 area 0
R3(config-router)#exit
Now, let's give the routers a few seconds to go through the finding neighbors, creating adjacencies. Then a quick
verification step shows the following:
Step 2
Advertise the loopback subnets on R1, R2 and R3. On R3 do NOT use the network statement to advertise the subnet
of Loopback1.
Note!
Loopback interfaces are considered the 'stub' networks by OSPF process and advertised with /32 network mask by
default. In order to change it, the 'ip ospf network point-to-point' should be used on loopback
interfaces.
Note!
After you have enabled OSPF on the loopbacks, you should check before proceeding to the next router's
configuration. Use the following command:
Router#show ip ospf int brief
R1 Configuration:
!
R1(config)#
R1(config)#interface loopback 1
R1(config-if)#ip ospf network point-to-point
R1(config-if)#router ospf 1
R1(config-router)#network 172.31.1.1 0.0.0.0 area 0
R1(config-router)#exit
R2 Configuration:
!
R2(config)#
R2(config)#interface loopback 1
R2(config-if)#ip ospf network point-to-point
R2(config-if)#router ospf 1
R2(config-router)#network 172.31.2.1 0.0.0.0 area 0
R2(config-router)#exit
21
Note!
The task stipulates that the subnet of Loopback1 must NOT be advertised like others (no network statement). Also,
while enabling OSPF on the Loopback2 use the wildcard mask corresponding to the network mask configured there
(/28).
R3 Configuration:
!
R3(config)#
R3(config)#interface loopback 2
R3(config-if)#ip ospf network point-to-point
R3(config-if)#interface loopback 1
R3(config-if)#ip ospf network point-to-point
R3(config-if)#ip ospf 1 area 0
R3(config-if)#router ospf 1
R3(config-router)#network 172.31.3.16 0.0.0.15 area 0
R3(config-router)#
Step 3
Enable OSPF between R1 and R4. Advertise the subnet found on R4's loopback1.
R1 Configuration:
!
R1(config)#
R1(config)#router ospf 1
R1(config-router)#
R1(config-router)#network 172.31.14.1 0.0.0.0 area 0
R1(config-router)#exit
R4 Configuration:
!
R4(config)#interface loopback1
R4(config-if)#ip ospf network point-to-point
R4(config-if)#router ospf 1
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 172.31.14.4 0.0.0.0 area 0
R4(config-router)#network 192.168.4.1 0.0.0.0 area 0
R4(config-router)#exit
Step 4
Enable OSPF between R2 and R5. On R5 use only one network statement to enable OSPF on ALL interfaces (also
the ones created in the future).
R2 Configuration:
!
R2(config)#
R2(config)#router ospf 1
R2(config-router)#network 172.31.25.2 0.0.0.0 area 0
R2(config-router)#exit
R5 Configuration:
22
!
R5(config)#interface loopback1
R5(config-if)#ip ospf network point-to-point
R5(config-if)#router ospf 1
R5(config-router)#router-id 5.5.5.5
R5(config-router)#network 0.0.0.0 255.255.255.255 area 0
R5(config-router)#exit
Note!
Of course, before you proceed to the the final step (OSPF authentication) you should check if all neighbors are
adjacent and all routers can reach all the addresses in the network.
Step 5
Enable the Simple Password authentication in area 0. Use the password 'cisco'.
Note!
This configuration is going to break and re-establish OSPF adjacency.
R1 Configuration:
!
R1(config)#
R1(config)#router ospf 1
R1(config-router)#area 0 authentication
R1(config-router)#int f1/0
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#int s0/2
R1(config-if)#ip ospf authentication-key cisco
R2 Configuration:
R2(config)#
R2(config)#router ospf 1
R2(config-router)#area 0 authentication
R2(config-router)#int f1/0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#int s0/2
R2(config-if)#ip ospf authentication-key cisco
R3 Configuration:
R3(config)#
R3(config)#router ospf 1
R3(config-router)#area 0 authentication
R3(config-router)#int f1/0
R3(config-if)#ip ospf authentication-key cisco
R4 Configuration:
R4(config)#
R4(config)#router ospf 1
R4(config-router)#area 0 authentication
R4(config-router)#int s0/2
R4(config-if)#ip ospf authentication-key cisco
R5 Configuration:
23
R5(config)#
R5(config)#router ospf 1
R5(config-router)#area 0 authentication
R5(config-router)#int s0/2
R5(config-if)#ip ospf authentication-key cisco
After OSPF authentication has been configured you should check if all the adjacencies have been formed and
reachability is restored. If you have a problem with this lab in the troubleshooting sections you will find some tips
helping you make this lab work.