RoutingOSPF Config

network [ip] [wildcard] area [id]

Configures an OSPF network statement to enable OSPF on interfaces matching the specified IP address and wildcard mask, and assigns them to a specific OSPF area.

Overview

The 'network' command in OSPF configuration mode is used to specify which interfaces participate in the OSPF routing process. It defines the interfaces on which OSPF will run and the area to which they belong. The command uses an IP address and a wildcard mask to match interface IP addresses. The wildcard mask is the inverse of a subnet mask: bits set to 0 must match exactly, bits set to 1 are ignored. For example, 0.0.0.255 matches any IP address where the first three octets are identical. This command is essential for OSPF configuration on Cisco ASA firewalls, which support OSPFv2 for IPv4. On ASA, OSPF is configured under 'router ospf <process-id>', and the network statement is applied similarly to Cisco IOS routers. The command is used in initial OSPF setup to define the OSPF domain and area boundaries. In troubleshooting, verifying network statements helps ensure OSPF is enabled on the correct interfaces.

Syntax·OSPF Config
network <ip-address> <wildcard-mask> area <area-id>

When to Use This Command

  • Enable OSPF on a specific subnet, e.g., 192.168.1.0/24, and place it in area 0.
  • Advertise a loopback interface into OSPF by matching its IP address with a host wildcard (0.0.0.0).
  • Configure OSPF on multiple interfaces by using a wildcard mask that covers a range of IP addresses.
  • Assign different subnets to different OSPF areas, such as area 0 for backbone and area 1 for a branch.

Parameters

ParameterSyntaxDescription
ip-addressA.B.C.DThe IP address used to match interfaces. Combined with the wildcard mask, it determines which interfaces run OSPF.
wildcard-maskA.B.C.DThe wildcard mask that defines which bits of the IP address must match. A 0 bit means exact match, a 1 bit means ignore.
area-id<0-4294967295> or A.B.C.DThe OSPF area to which the matching interfaces will be assigned. Can be a decimal number or an IP address format.

Command Examples

Enable OSPF on a subnet in area 0

network 192.168.1.0 0.0.0.255 area 0

This command enables OSPF on any interface with an IP address in the 192.168.1.0/24 range and places those interfaces into OSPF area 0.

Advertise a loopback interface with host wildcard

network 10.0.0.1 0.0.0.0 area 0

The wildcard mask 0.0.0.0 matches only the exact IP address 10.0.0.1, typically used to advertise a loopback interface into OSPF area 0.

Understanding the Output

The 'network' command itself does not produce output; it configures OSPF. To verify OSPF neighbors and routes, use 'show ospf neighbor' and 'show ip route ospf'. The 'show running-config' will display the configured network statements under 'router ospf'. A healthy OSPF configuration shows neighbors in FULL state and routes in the routing table. Problem values include neighbors stuck in INIT or EXSTART, or missing routes.

Configuration Scenarios

Basic OSPF Configuration on ASA

Configure OSPF on an ASA with two interfaces: inside (192.168.1.1/24) and outside (10.0.0.1/30). Place inside in area 0 and outside in area 1.

Topology

[Inside] --- ASA --- [Outside] 192.168.1.0/24 10.0.0.0/30

Steps

  1. 1.Enter global configuration mode.
  2. 2.Create OSPF process: router ospf 1
  3. 3.Configure network for inside: network 192.168.1.0 0.0.0.255 area 0
  4. 4.Configure network for outside: network 10.0.0.0 0.0.0.3 area 1
Configuration
! OSPF configuration
router ospf 1
 network 192.168.1.0 0.0.0.255 area 0
 network 10.0.0.0 0.0.0.3 area 1

Verify: Use 'show ospf interface' to verify OSPF is enabled on interfaces. Use 'show ospf neighbor' to see neighbors.

Watch out: Ensure the interface IP addresses are within the network statements; otherwise OSPF won't run on them.

Troubleshooting with This Command

When troubleshooting OSPF on ASA, start by verifying that the network statements are correctly configured. Use 'show running-config | include network' to list all network statements. If an interface is not participating in OSPF, check if its IP address matches any network statement. Use 'show ospf interface' to see if OSPF is enabled on the interface; if not listed, the network statement is missing or incorrect. Also check the wildcard mask: a common mistake is using a subnet mask instead of wildcard. For example, 255.255.255.0 should be 0.0.0.255. If OSPF neighbors are not forming, ensure that the network statement includes the correct area and that the interface is not passive (use 'passive-interface default' and then 'no passive-interface' for specific interfaces). On ASA, OSPF hello and dead timers can be adjusted but default to 10 and 40 seconds. Use 'debug ospf packet' to see hello exchanges. If routes are missing, verify that the network statements advertise the correct subnets and that redistribution is configured if needed.

CCNA Exam Tips

1.

Remember that the wildcard mask is the inverse of a subnet mask; for a /24, use 0.0.0.255.

2.

On ASA, OSPF configuration is similar to IOS but note that ASA uses 'router ospf <pid>' and network statements are under that.

3.

Be careful: the 'network' command does not create a route; it enables OSPF on interfaces that match the IP/wildcard.

Common Mistakes

Using a subnet mask instead of a wildcard mask (e.g., 255.255.255.0 instead of 0.0.0.255) – the command will be rejected or behave unexpectedly.

Forgetting to specify the area ID – the command requires 'area <id>'.

Mismatching the IP address and wildcard such that no interfaces match – OSPF will not be enabled on any interface.

Platform Notes

On Cisco ASA, OSPF configuration is similar to Cisco IOS but with some differences. ASA uses 'router ospf <process-id>' and supports up to two OSPF processes. The 'network' command syntax is identical. However, ASA does not support OSPFv3 for IPv6 in all versions; check version. Also, ASA has a concept of 'management-only' interfaces that cannot run OSPF. In ASA version 9.x and later, OSPF features are more aligned with IOS. Equivalent commands on other platforms: on Juniper JunOS, use 'set protocols ospf area <area-id> interface <interface-name>'; on Fortinet FortiGate, use 'config router ospf' with 'network' statements. For ASA, remember that the 'network' command is under 'router ospf' and not under interface configuration.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions