OSPF Troubleshooting Commands Cheat Sheet

OSPF Troubleshooting Commands Cheat Sheet

After writing a series of blog posts on OSPF, I thought it would be great to put together a list of OSPF troubleshooting commands that any network engineer can use in real-world situations.

These OSPF commands will help you in your daily job when solving OSPF network issues. This post is written based on my experience with medium to large Data Center and Service Provider networks.

I would recommend you go through these posts to grasp a solid understanding of OSPF.

Let’s start.

How to Troubleshoot OSPF – OSPF Troubleshooting Commands Cisco

You can use these OSPF troubleshooting commands to solve real-world OSPF issues.

I have divided the troubleshooting method into use case basis. I would advise you to start/check with the basics as explained in use-case 1 and then check for more complex scenarios as explained in later use cases.

The commands mentioned in this article have been tested on Cisco devices. Still, once you understand the concept and troubleshooting method, you can diagnose and solve OSPF issues on any vendor equipment.

For easiness, I have presented the commands in table form so that you can print them out and use them as an OSPF cheatsheet.

  1. Use case 1 – When looking at the configuration of a single router, think about the following:
  2. Use case 2 – When analyzing a huge OSPF area-wide problem, check the design:
  3. Use Case 3 – When checking OSPF neighbor adjacencies, look at the following things:
  4. Use Case 4 – When trying to fix problems with authentication, think about the following:
  5. Use Case 5 – Troubleshooting LSDB (Link state Database) related problems in OSPF:

Use case 1 – When looking at the configuration of a single router, think about the following:

What to CheckCommands to use
Are all the needed interfaces in a state of UP, UP (not admin shut)?show ip int brief
Have the IP addresses and corresponding subnet masks for all the interfaces been set up correctly?show int | include Inter|line
Check if network area statements under OSPF and IP addresses for the interfaces match up.show int | include Inter|line|network
Are the inverse or wildcard masks in the network area statements under OSPF correct and match with the OSPF Interfaces subnet mask?show ip ospf int brief
Do the network area statements put the interfaces in the right areas?show ip ospf int brief
Because of the “passive-interface default global statement,” are there any OSPF interfaces that should not be in passive mode?show ip ospf int | i line | Hello
Does every router have the right OSPF Router ID? Are there duplicates on the network?show ip ospf | inc ID
If address summarization is set up, is it applied to the right areas?show run | i area range | summary-add

Use case 2 – When analyzing a huge OSPF area-wide problem, check the design:

What to CheckCommands to use
Check if OSPF area 0 (backbone area) is contiguous, it must not be segregated. No Commands; check the existing design and diagrams. If required, validate existing documents.
Check if all OSPF areas are connected to the backbone area. Even if you use virtual links or GRE tunnels, ensure all areas connect to OSPF area 0.No Commands; check the existing design and diagrams. If required, validate existing documents.
Check if all routers in an area are configured with the same area types (Normal, stub, NSSA, etc.)No Commands; check the existing design and diagrams. If required, validate existing documents.
Are ABRs configured with the correct role for Totally Stub and Totally NSSA areas? For example, you must configure an ABR with the “area stub no-summary” command for a totally stubby area.show run | section ospf
Is there a virtual link that goes through a stub area, or is set up there? If this is the case, then configure the GRE tunnel instead.No Commands; check the existing design and diagrams. If required, validate existing documents.
Is there a default summary LSA that lets unknown/external subnets leave an area? For example, an NSSA area always needs a manual default route on ABR.Show ip route
Does the OSPF domain have an external LSA?show ip OSPF database external
Check if the forwarding address is known as an OSPF internal route.sh ip route [forwarding address ip]
Are you able to reach the forwarding address?ping [forwarding address ip]
When doing redistribution between two protocols:
– Check if you have the “subnet” keyword in the redistribution statement.
– For BGP only, check if the “external” keyword has been used.
– show run | section router ospf

Use Case 3 – When checking OSPF neighbor adjacencies, look at the following things:

What to CheckCommands to use
Always log the neighbor adjacency changes while troubleshooting.OSPF log-adjacency-changes
Check layer 2 ( mac addresses, ARP, etc.) and Layer3 reachability (ping, routes, etc.)ping [neighbor ip address]
Are both OSPF neighbors sending and getting hellos from each other?
– If hellos are not exchanged, check the network statements and interface addresses.
– Check the passive-interface default config or if any OSPF interface has been put in passive mode accidentally.
debug ip OSPF hello
show ip OSPF int brief
show run | inc passive
If you are using different OSPF network types, are they compatible?show ip ospf int | i line |Type
Neighbors’ hello/dead interval should match.show ip OSPF int | i line | Dead
Optional capability value should match between neighbors.show ip OSPF neighbor detail | include Option
Interfaces must be configured on the same subnet. P2p links are an exception.show ip ospf int brief
Is a router trying to form a neighbor to another router’s secondary IP address?sh run | i netw | area
Is OSPF protocol 89 being blocked by any access lists?sh ip interface | i line | list
In the case of the layer2/3 switch, are the MTUs compatible/match?debug ip ospf adj
Debug if you think the neighbors are unstable or have no other choice.debug ip ospf adj

Use Case 4 – When trying to fix problems with authentication, think about the following:

What to CheckCommands to use
Is authentication configured on all routers in a certain area?show ip ospf | i Area
Check authentication type (plain/md5) between OSPF neighbors. It must be of the same type.show ip ospf int {int} | i auth | line
With clear-text authentication, are the passwords for neighboring interfaces the same?show run | i auth . *key
Are the digest keys for MD5 authentication the same between neighboring interfaces?show run | i digest-key
Is authentication set up on all the virtual links?
Note: If authentication is set up for Area 0, then authentication is also needed for virtual links.
show run | i virtual-link
Debug adjacency to find out why authentication failed.debug ip ospf adj

What to CheckCommands to use
Check if the local router is generating the expected LSAs.show ip ospf database self-originate
Check if the local router is receiving the expected LSAs from a neighbor.show ip ospf database adv-router [ip address]
Check if any filters are configured to deny LSAs before entering an area. For example, ABRs are configured to filter type-3 LSAs.show run | i filter-list
Check if any distribute list is configured to deny entry in the local RIB (Routing Information Base).show run | i distribute-list
Is summarization the reason why LSAs aren’t seen?show run | i area range | summary-add
Do all the routers in a certain area have the same number of LSAs?
– If not, do any interfaces prevent LSAs from being sent out?
show ip ospf database database-summary
– show run | i database-filter
Do the checksums for every LSA in each router’s database match?show ip ospf database
Look at the Seq# in the show ip ospf database command to see if any LSAs have a higher number than others.
– This could mean the link is unstable because of all the LSA advertisements.
– Multiple LSAs with high sequence numbers might mean that there is a problem with a neighbor.
show ip ospf database
– show int {int} | i error| drops
– show ip ospf neighbor detail | i Neighbor
Are there many SPF calculations? Check if this is the cause.show ip ospf statistics
Check the memory and CPU utilization of a router. Check recent alarms on your monitoring software.sh process CPU history

OSPF Troubleshooting Cheat Sheet

Here is a handy OSPF troubleshooting command cheat sheet for reference. The details of the commands are provided in the article, so this is just a quick way to come to grips with the most basic and commonly used OSPF commands.

I will be adding the OSPF troubleshooting cheat sheet for download soon.

What Are Some Common OSPF Troubleshooting Questions Asked in Interviews?

What are some common ospf interview questions? Employers often ask candidates about troubleshooting OSPF networks. These questions assess the candidate’s understanding of OSPF concepts and their ability to resolve issues.

Conclusion

So, the next time you’re facing an OSPF problem or you need to verify that an OSPF configuration works, pull out this cheat sheet for a quick reference on the most common OSPF commands. If you find the cheat sheet helpful, share it with your network engineer and CCIE buddies, too!

Leave a Reply

Your email address will not be published. Required fields are marked *