After writing a series of blog posts on OSPF, I thought it would be great to put together a list of OSPF troubleshooting commands that any network engineer can use in real-world situations.
Table of Contents
show
These OSPF commands will help you in your daily job when solving OSPF network issues. This post is written based on my experience with medium to large Data Center and Service Provider networks.
I would recommend you go through these posts to grasp a solid understanding of OSPF.
- What is OSPF in Networking
- OSPF States
- Types of OSPF Routers
- OSPF LSA Types
- OSPF Area Types
- OSPF Network Types
- OSPF Virtual Link
- OSPF Path Selection Process
Let’s start.
How to Troubleshoot OSPF – OSPF Troubleshooting Commands Cisco
You can use these OSPF troubleshooting commands to solve real-world OSPF issues.
I have divided the troubleshooting method into use case basis. I would advise you to start/check with the basics as explained in use-case 1 and then check for more complex scenarios as explained in later use cases.
The commands mentioned in this article have been tested on Cisco devices. Still, once you understand the concept and troubleshooting method, you can diagnose and solve OSPF issues on any vendor equipment.
For easiness, I have presented the commands in table form so that you can print them out and use them as an OSPF cheatsheet.
- Use case 1 – When looking at the configuration of a single router, think about the following:
- Use case 2 – When analyzing a huge OSPF area-wide problem, check the design:
- Use Case 3 – When checking OSPF neighbor adjacencies, look at the following things:
- Use Case 4 – When trying to fix problems with authentication, think about the following:
- Use Case 5 – Troubleshooting LSDB (Link state Database) related problems in OSPF:
Use case 1 – When looking at the configuration of a single router, think about the following:
| What to Check | Commands to use |
|---|---|
| Are all the needed interfaces in a state of UP, UP (not admin shut)? | show ip int brief |
| Have the IP addresses and corresponding subnet masks for all the interfaces been set up correctly? | show int | include Inter|line |
| Check if network area statements under OSPF and IP addresses for the interfaces match up. | show int | include Inter|line|network |
| Are the inverse or wildcard masks in the network area statements under OSPF correct and match with the OSPF Interfaces subnet mask? | show ip ospf int brief |
| Do the network area statements put the interfaces in the right areas? | show ip ospf int brief |
| Because of the “passive-interface default global statement,” are there any OSPF interfaces that should not be in passive mode? | show ip ospf int | i line | Hello |
| Does every router have the right OSPF Router ID? Are there duplicates on the network? | show ip ospf | inc ID |
| If address summarization is set up, is it applied to the right areas? | show run | i area range | summary-add |
Use case 2 – When analyzing a huge OSPF area-wide problem, check the design:
| What to Check | Commands to use |
|---|---|
| Check if OSPF area 0 (backbone area) is contiguous, it must not be segregated. | No Commands; check the existing design and diagrams. If required, validate existing documents. |
| Check if all OSPF areas are connected to the backbone area. Even if you use virtual links or GRE tunnels, ensure all areas connect to OSPF area 0. | No Commands; check the existing design and diagrams. If required, validate existing documents. |
| Check if all routers in an area are configured with the same area types (Normal, stub, NSSA, etc.) | No Commands; check the existing design and diagrams. If required, validate existing documents. |
| Are ABRs configured with the correct role for Totally Stub and Totally NSSA areas? For example, you must configure an ABR with the “area stub no-summary” command for a totally stubby area. | show run | section ospf |
| Is there a virtual link that goes through a stub area, or is set up there? If this is the case, then configure the GRE tunnel instead. | No Commands; check the existing design and diagrams. If required, validate existing documents. |
| Is there a default summary LSA that lets unknown/external subnets leave an area? For example, an NSSA area always needs a manual default route on ABR. | Show ip route |
| Does the OSPF domain have an external LSA? | show ip OSPF database external |
| Check if the forwarding address is known as an OSPF internal route. | sh ip route [forwarding address ip] |
| Are you able to reach the forwarding address? | ping [forwarding address ip] |
| When doing redistribution between two protocols: – Check if you have the “subnet” keyword in the redistribution statement. – For BGP only, check if the “external” keyword has been used. | – show run | section router ospf |
Use Case 3 – When checking OSPF neighbor adjacencies, look at the following things:
| What to Check | Commands to use |
|---|---|
| Always log the neighbor adjacency changes while troubleshooting. | OSPF log-adjacency-changes |
| Check layer 2 ( mac addresses, ARP, etc.) and Layer3 reachability (ping, routes, etc.) | ping [neighbor ip address] |
| Are both OSPF neighbors sending and getting hellos from each other? – If hellos are not exchanged, check the network statements and interface addresses. – Check the passive-interface default config or if any OSPF interface has been put in passive mode accidentally. | debug ip OSPF hello show ip OSPF int brief show run | inc passive |
| If you are using different OSPF network types, are they compatible? | show ip ospf int | i line |Type |
| Neighbors’ hello/dead interval should match. | show ip OSPF int | i line | Dead |
| Optional capability value should match between neighbors. | show ip OSPF neighbor detail | include Option |
| Interfaces must be configured on the same subnet. P2p links are an exception. | show ip ospf int brief |
| Is a router trying to form a neighbor to another router’s secondary IP address? | sh run | i netw | area |
| Is OSPF protocol 89 being blocked by any access lists? | sh ip interface | i line | list |
| In the case of the layer2/3 switch, are the MTUs compatible/match? | debug ip ospf adj |
| Debug if you think the neighbors are unstable or have no other choice. | debug ip ospf adj |
Use Case 4 – When trying to fix problems with authentication, think about the following:
| What to Check | Commands to use |
|---|---|
| Is authentication configured on all routers in a certain area? | show ip ospf | i Area |
| Check authentication type (plain/md5) between OSPF neighbors. It must be of the same type. | show ip ospf int {int} | i auth | line |
| With clear-text authentication, are the passwords for neighboring interfaces the same? | show run | i auth . *key |
| Are the digest keys for MD5 authentication the same between neighboring interfaces? | show run | i digest-key |
| Is authentication set up on all the virtual links? Note: If authentication is set up for Area 0, then authentication is also needed for virtual links. | show run | i virtual-link |
| Debug adjacency to find out why authentication failed. | debug ip ospf adj |
| What to Check | Commands to use |
|---|---|
| Check if the local router is generating the expected LSAs. | show ip ospf database self-originate |
| Check if the local router is receiving the expected LSAs from a neighbor. | show ip ospf database adv-router [ip address] |
| Check if any filters are configured to deny LSAs before entering an area. For example, ABRs are configured to filter type-3 LSAs. | show run | i filter-list |
| Check if any distribute list is configured to deny entry in the local RIB (Routing Information Base). | show run | i distribute-list |
| Is summarization the reason why LSAs aren’t seen? | show run | i area range | summary-add |
| Do all the routers in a certain area have the same number of LSAs? – If not, do any interfaces prevent LSAs from being sent out? | show ip ospf database database-summary – show run | i database-filter |
| Do the checksums for every LSA in each router’s database match? | show ip ospf database |
| Look at the Seq# in the show ip ospf database command to see if any LSAs have a higher number than others. – This could mean the link is unstable because of all the LSA advertisements. – Multiple LSAs with high sequence numbers might mean that there is a problem with a neighbor. | show ip ospf database – show int {int} | i error| drops – show ip ospf neighbor detail | i Neighbor |
| Are there many SPF calculations? Check if this is the cause. | show ip ospf statistics |
| Check the memory and CPU utilization of a router. Check recent alarms on your monitoring software. | sh process CPU history |
OSPF Troubleshooting Cheat Sheet
Here is a handy OSPF troubleshooting command cheat sheet for reference. The details of the commands are provided in the article, so this is just a quick way to come to grips with the most basic and commonly used OSPF commands.
I will be adding the OSPF troubleshooting cheat sheet for download soon.
What Are Some Common OSPF Troubleshooting Questions Asked in Interviews?
What are some common ospf interview questions? Employers often ask candidates about troubleshooting OSPF networks. These questions assess the candidate’s understanding of OSPF concepts and their ability to resolve issues.
Conclusion
So, the next time you’re facing an OSPF problem or you need to verify that an OSPF configuration works, pull out this cheat sheet for a quick reference on the most common OSPF commands. If you find the cheat sheet helpful, share it with your network engineer and CCIE buddies, too!
I'm Afroz, a Network Engineer and CCIE with 17 years of experience in Computer Networking, Data Centers, Telecom, Internet Services and ISPs. Currently, I work as a Network Designer for a leading ISP equipment vendor. I share my expertise through my blog and courses, aiming to share my knowledge and simplify complex networking concepts for both beginners and experienced professionals.
Latest posts by Afroz Ahmad (see all)
