IntermediateNetwork Configuration 10 min read

How to Configure OSPF on Cisco Routers

From basic single-area OSPF to multi-area with passive interfaces — Cisco IOS commands included

OSPF (Open Shortest Path First) is the dominant link-state routing protocol in enterprise networks and a major topic on both CCNA and CCNP ENCOR. This guide covers configuring OSPF from scratch on Cisco IOS — including the common mistakes that candidates make in lab and exam scenarios.

1

Enable OSPF and set the process ID

The OSPF process ID is locally significant — it identifies which OSPF instance you're configuring on this router. It does not need to match the process ID on neighbouring routers (unlike EIGRP's AS number).

Cisco IOS
Router(config)# router ospf 1
Router(config-router)# !

! The '1' is the process ID — local only
! Multiple OSPF processes are possible (router ospf 2, etc.)
! but typically you run only one

Process IDs only matter locally. Two routers can form an OSPF adjacency with different process IDs. What matters is that they are in the same area and agree on subnet, hello/dead timers, and area type.

2

Configure the router ID

The router ID (RID) uniquely identifies this router in the OSPF domain. If you don't set it explicitly, Cisco uses the highest loopback IP, then the highest active interface IP. Explicitly setting it prevents RID changes when interfaces go down.

Cisco IOS
Router(config)# router ospf 1
Router(config-router)# router-id 1.1.1.1

! Verify
Router# show ip ospf
! Look for: "Router ID 1.1.1.1"

! After changing RID, you must clear OSPF to apply it
Router# clear ip ospf process
! WARNING: This drops all OSPF adjacencies — don't do in production without a window

Best practice: configure loopback interfaces (e.g., Lo0 = 1.1.1.1/32 on router 1, 2.2.2.2/32 on router 2) and set the router ID to match. Loopbacks are always up, making the RID stable.

3

Advertise networks with the network command

The network command tells OSPF which interfaces to run on and which networks to advertise. The wildcard mask defines which interface IPs to match.

Cisco IOS
Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# network 10.0.0.0 0.0.0.3 area 0

! Alternative: configure OSPF directly on the interface (preferred)
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip ospf 1 area 0

! This is more explicit and easier to verify

The network command uses wildcard masks, not subnet masks. A common exam trap: using '255.255.255.0' instead of '0.0.0.255' in the network command. Wildcard masks are the inverse of subnet masks.

4

Verify OSPF neighbours

After enabling OSPF on both sides of a link, verify the adjacency has formed. The neighbour state must reach FULL for route exchange to occur.

Cisco IOS
Router# show ip ospf neighbor

! Expected output:
! Neighbor ID  Pri State      Dead Time  Address        Interface
! 2.2.2.2      1   FULL/DR    00:00:38   192.168.1.2   Gig0/0

! State meanings:
! FULL/DR     = full adjacency, this neighbour is the DR
! FULL/BDR    = full adjacency, this neighbour is the BDR
! FULL/-      = full adjacency, point-to-point (no DR/BDR election)
! 2WAY/DROTHER = bidirectional, not full (only DROthers see this)
! EXSTART/EXCHANGE = database exchange in progress
! LOADING     = waiting for LSAs

! Stuck in EXSTART = MTU mismatch (ip ospf mtu-ignore on both interfaces)

If a neighbour appears in 'show ip ospf neighbor' but never reaches FULL, check: area mismatch, authentication mismatch, hello/dead timer mismatch, stub area type mismatch. These mismatches prevent adjacency.

5

Configure passive interfaces

Passive interfaces still advertise the network into OSPF but do not send hello packets on that interface. Use this on interfaces connected to end hosts (not routers) to prevent unnecessary OSPF hellos and potential route injection attacks.

Cisco IOS
Router(config)# router ospf 1
Router(config-router)# passive-interface GigabitEthernet0/1

! Make ALL interfaces passive by default, then enable on specific ones
Router(config-router)# passive-interface default
Router(config-router)# no passive-interface GigabitEthernet0/0  ! the uplink

! Verify
Router# show ip ospf interface GigabitEthernet0/1
! Should show: "No Hellos (Passive interface)"

'passive-interface default' is best practice in production — it prevents OSPF hellos from flooding to end hosts, which wastes bandwidth and could expose the routing topology. Then selectively enable OSPF hellos only on router-to-router links.

6

Verify routes are being received

After adjacency forms, check that OSPF routes appear in the routing table. OSPF routes are marked with 'O' for intra-area and 'O IA' for inter-area.

Cisco IOS
Router# show ip route ospf

! Example output:
! O    10.0.0.0/8 [110/2] via 192.168.1.2, 00:01:23, GigabitEthernet0/0
! O IA 172.16.0.0/16 [110/3] via 192.168.1.2, 00:01:23, GigabitEthernet0/0

! [110/2] = [administrative distance / metric]
! AD 110 is OSPF default
! Metric 2 = cost (based on bandwidth: cost = 100Mbps / interface bandwidth)

! Check OSPF database
Router# show ip ospf database

OSPF cost = 100,000,000 / bandwidth in bps. A FastEthernet interface (100 Mbps) has cost 1. A Serial (1.5 Mbps) has cost 64. Gigabit Ethernet also has cost 1 by default — adjust with 'auto-cost reference-bandwidth 1000' to differentiate GigE from FastEthernet.

Key tips

  • Always set the router ID explicitly with 'router-id' — never rely on automatic RID election in production or exam labs.

  • Use 'ip ospf [process] area [area]' on the interface rather than the 'network' command — it's more explicit and easier to troubleshoot.

  • Make all interfaces passive by default, then selectively enable on uplinks — reduces attack surface and noise.

  • OSPF neighbours that are stuck in EXSTART usually have an MTU mismatch — fix with 'ip ospf mtu-ignore' on both sides, or match the MTU.

  • The OSPF cost formula assumes 100 Mbps as the reference bandwidth. In modern networks with GigE and 10GigE, set 'auto-cost reference-bandwidth 10000' to get meaningful cost differences.

Frequently asked questions

Does the OSPF process ID need to match on both routers?

No. The process ID is locally significant and only identifies the OSPF instance on that router. Two routers with process IDs 1 and 100 will still form a neighbour adjacency if all other parameters match.

What causes OSPF neighbours to be stuck in EXSTART?

Almost always an MTU mismatch. If Router A has MTU 1500 and Router B has MTU 1400, the database description packets will be too large for Router B and the exchange will never complete. Fix with 'ip ospf mtu-ignore' on both interfaces, or match the MTU.

What is the difference between OSPF area 0 and other areas?

Area 0 is the backbone area. All other areas (area 1, area 2, etc.) must connect to area 0, either directly or through a virtual link. OSPF routes between non-backbone areas always transit through area 0.

Related glossary terms

Browse full glossary →

Practice with real exam questions

Apply what you just learned with exam-style practice questions.

Related guides