OSPF (Open Shortest Path First) is the dominant link-state routing protocol in enterprise networks and a major topic on both CCNA and CCNP ENCOR. This guide covers configuring OSPF from scratch on Cisco IOS — including the common mistakes that candidates make in lab and exam scenarios.
Enable OSPF and set the process ID
The OSPF process ID is locally significant — it identifies which OSPF instance you're configuring on this router. It does not need to match the process ID on neighbouring routers (unlike EIGRP's AS number).
Router(config)# router ospf 1
Router(config-router)# !
! The '1' is the process ID — local only
! Multiple OSPF processes are possible (router ospf 2, etc.)
! but typically you run only oneProcess IDs only matter locally. Two routers can form an OSPF adjacency with different process IDs. What matters is that they are in the same area and agree on subnet, hello/dead timers, and area type.
Configure the router ID
The router ID (RID) uniquely identifies this router in the OSPF domain. If you don't set it explicitly, Cisco uses the highest loopback IP, then the highest active interface IP. Explicitly setting it prevents RID changes when interfaces go down.
Router(config)# router ospf 1
Router(config-router)# router-id 1.1.1.1
! Verify
Router# show ip ospf
! Look for: "Router ID 1.1.1.1"
! After changing RID, you must clear OSPF to apply it
Router# clear ip ospf process
! WARNING: This drops all OSPF adjacencies — don't do in production without a windowBest practice: configure loopback interfaces (e.g., Lo0 = 1.1.1.1/32 on router 1, 2.2.2.2/32 on router 2) and set the router ID to match. Loopbacks are always up, making the RID stable.
Advertise networks with the network command
The network command tells OSPF which interfaces to run on and which networks to advertise. The wildcard mask defines which interface IPs to match.
Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# network 10.0.0.0 0.0.0.3 area 0
! Alternative: configure OSPF directly on the interface (preferred)
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip ospf 1 area 0
! This is more explicit and easier to verifyThe network command uses wildcard masks, not subnet masks. A common exam trap: using '255.255.255.0' instead of '0.0.0.255' in the network command. Wildcard masks are the inverse of subnet masks.
Verify OSPF neighbours
After enabling OSPF on both sides of a link, verify the adjacency has formed. The neighbour state must reach FULL for route exchange to occur.
Router# show ip ospf neighbor
! Expected output:
! Neighbor ID Pri State Dead Time Address Interface
! 2.2.2.2 1 FULL/DR 00:00:38 192.168.1.2 Gig0/0
! State meanings:
! FULL/DR = full adjacency, this neighbour is the DR
! FULL/BDR = full adjacency, this neighbour is the BDR
! FULL/- = full adjacency, point-to-point (no DR/BDR election)
! 2WAY/DROTHER = bidirectional, not full (only DROthers see this)
! EXSTART/EXCHANGE = database exchange in progress
! LOADING = waiting for LSAs
! Stuck in EXSTART = MTU mismatch (ip ospf mtu-ignore on both interfaces)If a neighbour appears in 'show ip ospf neighbor' but never reaches FULL, check: area mismatch, authentication mismatch, hello/dead timer mismatch, stub area type mismatch. These mismatches prevent adjacency.
Configure passive interfaces
Passive interfaces still advertise the network into OSPF but do not send hello packets on that interface. Use this on interfaces connected to end hosts (not routers) to prevent unnecessary OSPF hellos and potential route injection attacks.
Router(config)# router ospf 1
Router(config-router)# passive-interface GigabitEthernet0/1
! Make ALL interfaces passive by default, then enable on specific ones
Router(config-router)# passive-interface default
Router(config-router)# no passive-interface GigabitEthernet0/0 ! the uplink
! Verify
Router# show ip ospf interface GigabitEthernet0/1
! Should show: "No Hellos (Passive interface)"'passive-interface default' is best practice in production — it prevents OSPF hellos from flooding to end hosts, which wastes bandwidth and could expose the routing topology. Then selectively enable OSPF hellos only on router-to-router links.
Verify routes are being received
After adjacency forms, check that OSPF routes appear in the routing table. OSPF routes are marked with 'O' for intra-area and 'O IA' for inter-area.
Router# show ip route ospf
! Example output:
! O 10.0.0.0/8 [110/2] via 192.168.1.2, 00:01:23, GigabitEthernet0/0
! O IA 172.16.0.0/16 [110/3] via 192.168.1.2, 00:01:23, GigabitEthernet0/0
! [110/2] = [administrative distance / metric]
! AD 110 is OSPF default
! Metric 2 = cost (based on bandwidth: cost = 100Mbps / interface bandwidth)
! Check OSPF database
Router# show ip ospf databaseOSPF cost = 100,000,000 / bandwidth in bps. A FastEthernet interface (100 Mbps) has cost 1. A Serial (1.5 Mbps) has cost 64. Gigabit Ethernet also has cost 1 by default — adjust with 'auto-cost reference-bandwidth 1000' to differentiate GigE from FastEthernet.
Key tips
Always set the router ID explicitly with 'router-id' — never rely on automatic RID election in production or exam labs.
Use 'ip ospf [process] area [area]' on the interface rather than the 'network' command — it's more explicit and easier to troubleshoot.
Make all interfaces passive by default, then selectively enable on uplinks — reduces attack surface and noise.
OSPF neighbours that are stuck in EXSTART usually have an MTU mismatch — fix with 'ip ospf mtu-ignore' on both sides, or match the MTU.
The OSPF cost formula assumes 100 Mbps as the reference bandwidth. In modern networks with GigE and 10GigE, set 'auto-cost reference-bandwidth 10000' to get meaningful cost differences.
Frequently asked questions
Does the OSPF process ID need to match on both routers?
No. The process ID is locally significant and only identifies the OSPF instance on that router. Two routers with process IDs 1 and 100 will still form a neighbour adjacency if all other parameters match.
What causes OSPF neighbours to be stuck in EXSTART?
Almost always an MTU mismatch. If Router A has MTU 1500 and Router B has MTU 1400, the database description packets will be too large for Router B and the exchange will never complete. Fix with 'ip ospf mtu-ignore' on both interfaces, or match the MTU.
What is the difference between OSPF area 0 and other areas?
Area 0 is the backbone area. All other areas (area 1, area 2, etc.) must connect to area 0, either directly or through a virtual link. OSPF routes between non-backbone areas always transit through area 0.
Related glossary terms
Dynamic route
A route that is automatically learned and updated by a router using a routing protocol, rather than being manually configured.
Bash script
A Bash script is a text file containing a sequence of commands for the Unix shell Bash, allowing users to automate repetitive tasks and streamline system administration on Linux and macOS.
File Transfer Protocol
File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network.
Public IP address
A globally unique IP address assigned to a device that allows it to communicate directly over the internet.
Persistent Disk
Persistent Disk is a durable, high-performance block storage service for Google Cloud virtual machines that retains data even after the VM is shut down or deleted.
Extensible Authentication Protocol
Extensible Authentication Protocol (EAP) is a flexible authentication framework used in network access control, particularly in wireless and point-to-point connections, that supports multiple authentication methods without requiring changes to the underlying protocol.
Practice with real exam questions
Apply what you just learned with exam-style practice questions.