OSPF is a core topic on the CCNA 200-301 exam (objective 3.4), and it's also one of the most common sources of configuration errors in real networks. Candidates often lose points not because they don't understand OSPF concepts, but because they fall into predictable traps: mismatched areas, wrong network types, incorrect metrics, and forgetting that OSPF requires a reliable transport. This chapter exposes the exact mistakes that trip up exam takers and shows you how to avoid them, both on the test and in production.
Jump to a section
Imagine a large office building with multiple floors (areas) and a central mailroom (backbone area 0). Each floor has its own internal mail system (intra-area routing) that works efficiently. However, mail between floors must go through the central mailroom on the ground floor. If someone on floor 2 tries to send a package directly to floor 3 without going through the mailroom, it gets lost—because the mailroom is the only place that knows how to route between floors. This is exactly how OSPF works: all inter-area traffic must pass through area 0. A common mistake is to create a virtual link or simply misconfigure an area border router (ABR) so that traffic between areas bypasses area 0, which OSPF simply does not allow.
Now, consider the mailroom staff. They have a rule: they only accept packages that are clearly labeled with a destination floor and have a valid return address. If a package arrives without a label, it's discarded. In OSPF terms, this is like a router receiving a Hello packet with mismatched parameters—area ID, subnet mask, authentication, or hello/dead intervals. The routers will never form an adjacency; they just ignore each other.
Finally, think about the mailroom's internal routing: they use a specific set of rules to decide the fastest path for a package. If someone changes the rule without telling everyone, packages may take a longer route. In OSPF, changing the reference bandwidth or cost on one router without updating others can cause asymmetric routing or suboptimal paths. The analogy breaks down slightly because OSPF automatically adjusts costs based on interface bandwidth, but the key point is that consistency across the OSPF domain is critical.
What is OSPF and Why Does It Matter?
OSPF (Open Shortest Path First) is a link-state routing protocol that uses the Dijkstra SPF algorithm to compute the shortest path to each destination. It is widely used in enterprise networks because it scales well, converges quickly, and supports hierarchical design with areas. On the CCNA exam, you are expected to know how to configure single-area and multi-area OSPF, verify adjacencies, interpret LSAs, and troubleshoot common issues.
The Most Common OSPF Traps
1. Mismatched Hello/Dead Intervals
OSPF routers must agree on hello and dead intervals to form an adjacency. The default hello interval is 10 seconds on broadcast and point-to-point networks, and 30 seconds on NBMA (e.g., Frame Relay). The dead interval is 4 times the hello interval (40 seconds for broadcast, 120 seconds for NBMA). If you change these on one router, it will not form an adjacency with neighbors using different values. The show ip ospf interface command reveals the current timers.
2. Wrong Network Type
OSPF network type determines how OSPF behaves on an interface. Common types: broadcast, non-broadcast, point-to-point, point-to-multipoint. For example, if you have a point-to-point link but configure it as broadcast, OSPF will try to elect a DR/BDR, which is unnecessary and can cause issues. On the exam, a classic trap is configuring OSPF over a Frame Relay multipoint interface without explicitly setting the network type to non-broadcast or point-to-multipoint. The default network type for multipoint interfaces is non-broadcast, which requires manual neighbor statements.
3. Area Mismatch
Two routers on the same link must belong to the same area. If one router has the interface in area 0 and the other in area 1, they will not become neighbors. The show ip ospf neighbor command will show nothing for that link. Also, all areas must connect to area 0. A common mistake is to create a virtual link incorrectly or to have a discontiguous backbone.
4. Incorrect OSPF Router ID
OSPF uses the Router ID (RID) to identify routers. The RID is selected as the highest loopback IP, then the highest active physical IP. If you change the RID after OSPF has started, you must reload OSPF or use the clear ip ospf process command. A common trap is forgetting that the RID is used for DR/BDR elections; if you want a specific router to be the DR, you should set its RID higher than others.
5. Passive Interface Misconfiguration
A passive interface does not send or receive OSPF Hello packets. It is used on interfaces that should not form OSPF adjacencies (e.g., towards end users). If you accidentally make an interface passive that should be active, no neighbor will form. Conversely, if you forget to make an interface passive on a LAN segment, OSPF might try to form an adjacency with a host that doesn't run OSPF, wasting resources.
6. Metric Calculation Traps
OSPF cost is calculated as reference bandwidth / interface bandwidth. The default reference bandwidth is 100 Mbps. On a 1 Gbps link, cost = 100/1000 = 0.1, which truncates to 1? Actually, OSPF uses integer cost, so it becomes 1 (since it rounds down? No, it's reference/bandwidth, and if result < 1, it's set to 1). On a 10 Gbps link, cost = 100/10000 = 0.01, also 1. This means all high-speed links have the same cost, which can cause suboptimal routing. The fix is to change the reference bandwidth with auto-cost reference-bandwidth on all routers. A common exam trap is asking about the cost of a 1 Gbps link without changing the reference; the answer is 1.
Verification Commands
show ip ospf neighbor – displays neighbor state and RID.
show ip ospf interface – shows network type, timers, area, and cost.
show ip ospf database – shows the link-state database.
show ip route ospf – shows OSPF-learned routes.
debug ip ospf adj – debugs adjacency formation (use with caution).
Example output of show ip ospf interface GigabitEthernet0/0:
GigabitEthernet0/0 is up, line protocol is up
Internet Address 10.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 10.1.1.1
Backup Designated router (ID) 2.2.2.2, Interface address 10.1.1.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03Interaction with Other Protocols
OSPF uses IP protocol 89. It does not use TCP or UDP. It relies on multicast addresses 224.0.0.5 (all OSPF routers) and 224.0.0.6 (all DR/BDR). OSPF can authenticate using MD5 or SHA, and it can be used with MPLS or as the IGP for BGP.
Identify neighbor state issues
Use `show ip ospf neighbor` to check if adjacencies form. If no neighbors appear, verify that interfaces are up/up, that IP addresses are in the same subnet, and that OSPF is enabled on the interface. A common trap is forgetting to enable OSPF under the interface with `ip ospf <process-id> area <area-id>`. Check the OSPF process with `show ip protocols` to confirm networks are advertised.
Check Hello/Dead timer consistency
Use `show ip ospf interface` to display the current hello and dead timers. If they don't match between neighbors, OSPF will not form a full adjacency. You can change timers with `ip ospf hello-interval <seconds>` and `ip ospf dead-interval <seconds>`. Remember that the dead interval must be at least 4 times the hello interval, but it's usually auto-adjusted if you change hello.
Verify network type and DR/BDR election
Use `show ip ospf interface` to see the network type. On broadcast multiaccess networks, OSPF elects a DR and BDR. A common trap is assuming that a point-to-point link needs a DR; it doesn't. If you see neighbors stuck in 2WAY/DROTHER state, that's normal for non-DR routers. If you want a specific router to be DR, set its OSPF priority higher (default 1) with `ip ospf priority <0-255>`. A priority of 0 means the router will never be DR/BDR.
Confirm area assignment and backbone connectivity
Use `show ip ospf interface` to verify the area ID. All interfaces on the same link must be in the same area. For multi-area OSPF, ensure that all ABRs have at least one interface in area 0. If an area is not directly connected to area 0, you need a virtual link. A common exam trap is configuring a virtual link incorrectly: the virtual link must be configured on both ABRs, and the transit area must be a regular area (not stub, not area 0).
Examine OSPF database for missing routes
Use `show ip ospf database` to see the LSDB. If routes are missing, check if the router is receiving LSAs. For example, if you have a stub area, type 5 LSAs are blocked. Use `show ip route ospf` to see installed routes. A common trap is forgetting that OSPF prefers intra-area routes over inter-area routes; if a route is showing as inter-area, it might be because the intra-area path is costlier or missing.
Check for passive interface and authentication
Use `show ip ospf interface` to see if the interface is passive. If it is, no Hellos are sent. To verify, use `show running-config | section router ospf`. Also, if OSPF authentication is configured, all routers on the link must use the same authentication type and key. A common trap is enabling authentication on one router and not on the neighbor, causing adjacency to fail. Use `debug ip ospf adj` to see authentication errors.
In a large enterprise network, OSPF is often used as the IGP to support BGP for external connectivity. One common scenario is a dual-homed connection to an ISP where OSPF redistributes a default route. A misconfiguration here can cause blackholing. For example, if an ABR redistributes a default route into a stub area, the stub area routers will reject it because stub areas block type 5 LSAs. The engineer must use default-information originate always and ensure the area is not a stub if they want to inject a default.
Another real-world example: a company acquires another company and merges networks. The acquired company uses a different OSPF process ID or area numbering. The network engineer must decide whether to merge the OSPF domains or use redistribution. A common trap is trying to form adjacencies between routers with different process IDs—they can, actually, because process ID is locally significant. But area IDs must match. The engineer might also forget to change the router IDs to avoid conflicts.
Performance considerations: OSPF can be CPU-intensive during SPF recalculations. In a network with frequent flapping, you might see high CPU usage. Tuning SPF timers (with timers throttle spf) can help, but the default timers are usually fine. A common mistake is setting the hello timer too low (e.g., 1 second) to achieve fast convergence, which can cause excessive flooding and CPU load. A better approach is to use Bidirectional Forwarding Detection (BFD) for fast failure detection.
When OSPF is misconfigured, symptoms include routing loops, black holes, and suboptimal routing. For example, if two routers have mismatched MTU values, OSPF might not form adjacency (since OSPF checks MTU in Database Description packets). This is a real-world issue that often goes unnoticed because the link appears up. The fix is to ensure consistent MTU across the path or disable MTU mismatch detection with ip ospf mtu-ignore.
On the CCNA 200-301 exam, OSPF is tested under objective 3.4 (Configure and verify single-area and multi-area OSPFv2). You will see multiple-choice questions, drag-and-drop, and simlets. The exam focuses on:
Neighbor states: Know the sequence: Down -> Init -> 2Way -> ExStart -> Exchange -> Loading -> Full. A common wrong answer is to think that 2Way is the final state for DR/BDR; actually, DR/BDR go to Full, non-DR/BDR stay in 2Way with the DR/BDR.
DR/BDR election: The router with the highest OSPF priority becomes the DR. If tie, highest RID. A trap: a priority of 0 means the router will never be DR/BDR, but it can still be a neighbor.
Metric calculation: Cost = reference bandwidth / interface bandwidth. Default reference is 100 Mbps. Know that a 1 Gbps link has cost 1 (since 100/1000 = 0.1, truncated to 1). If you change reference to 1000, cost becomes 1000/1000 = 1 for 1 Gbps, but 1000/100 = 10 for 100 Mbps. A common trap: candidates forget to apply the change globally.
Area types: Standard, stub, totally stubby, NSSA, totally NSSA. Know what LSAs are allowed in each. For example, a stub area blocks type 5 LSAs but allows type 3. A totally stubby area blocks type 3 and 5, allowing only type 1 and 2. NSSA allows type 7.
Virtual links: Used to connect a non-backbone area to area 0 through a transit area. A common wrong answer is that virtual links can be used to connect two non-backbone areas directly.
Authentication: OSPF supports simple password (type 1) and MD5 (type 2). A trap: the key ID must match between routers for MD5.
Elimination strategy: For scenario questions, first identify the problem (e.g., no neighbor). Check if they are in the same area and subnet. Then check timers. Then check network type. If it's a multi-access network, consider DR/BDR election. If routes are missing, check area type and LSA filtering.
OSPF neighbor formation requires matching hello/dead intervals, area ID, subnet, and authentication.
Default hello interval is 10 seconds on broadcast/P2P, 30 seconds on NBMA; dead interval is 4x hello.
OSPF cost = reference bandwidth (default 100 Mbps) / interface bandwidth; cost is an integer.
DR/BDR election: highest priority (0-255) wins; tie broken by highest Router ID.
A passive interface does not send or receive OSPF Hellos; use on non-neighbor interfaces.
All non-backbone areas must connect to area 0; virtual links connect through a transit area.
Stub areas block type 5 LSAs; totally stubby blocks type 3 and 5; NSSA allows type 7.
These come up on the exam all the time. Here's how to tell them apart.
OSPF
Link-state protocol; uses SPF algorithm.
Metric: cost based on bandwidth (default reference 100 Mbps).
Supports multiple areas; area 0 is mandatory.
Uses multicast 224.0.0.5 and 224.0.0.6.
Requires careful planning for network type and timers.
EIGRP
Advanced distance vector; uses DUAL algorithm.
Metric: composite metric (bandwidth, delay, reliability, load, MTU).
Supports multiple autonomous systems; no area concept.
Uses multicast 224.0.0.10.
Simpler configuration; no DR/BDR election on broadcast links.
Mistake
OSPF uses TCP port 89.
Correct
OSPF uses IP protocol 89, not TCP or UDP. It is a Layer 3 protocol that is encapsulated directly in IP.
Candidates confuse OSPF with BGP (TCP 179) or EIGRP (IP protocol 88).
Mistake
Changing the OSPF router ID takes effect immediately.
Correct
The new RID is used only after reloading OSPF with `clear ip ospf process` or reloading the router. Until then, the old RID persists.
Candidates think OSPF dynamically updates the RID when a loopback is added, but it only happens at process start.
Mistake
In a multi-area OSPF, a router can belong to multiple non-backbone areas without being an ABR.
Correct
A router is an ABR only if it has at least one interface in area 0 and one in another area. A router with interfaces in two non-backbone areas is not an ABR and cannot perform inter-area routing.
Candidates think any router with multiple areas is an ABR, but area 0 is required.
Mistake
OSPF will automatically form a neighbor if both routers have the same process ID.
Correct
The process ID is locally significant and does not need to match. OSPF forms neighbors based on matching area ID, timers, and subnet, not process ID.
Candidates confuse OSPF process ID with EIGRP autonomous system number, which must match.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
INIT state means the router has received a Hello from a neighbor but the neighbor has not seen a Hello from this router. This usually indicates a one-way communication issue. Check if the interface is up, if the subnet mask matches, if the area ID matches, and if the interface is not passive. Also verify that the neighbor's Hello interval matches yours. Use `debug ip ospf adj` to see detailed messages.
On a broadcast network, OSPF elects a DR and BDR and uses multicast 224.0.0.6 for updates to the DR. On a point-to-point network, no DR/BDR election occurs; OSPF uses multicast 224.0.0.5 for all OSPF packets. Point-to-point is simpler and faster for serial links or Ethernet links that are used as point-to-point.
You cannot change the RID dynamically. You must either reload OSPF with `clear ip ospf process` or reload the router. After the clear, OSPF will re-select the RID based on the current loopback and physical interfaces. Be aware that clearing OSPF will temporarily disrupt routing.
A virtual link is used to connect a non-backbone area to area 0 through a transit area. It is configured on the two ABRs that sit at the edges of the transit area. For example, if area 1 is not directly connected to area 0, you can create a virtual link between the ABR in area 1 and the ABR in area 0 through area 1 (or another area). The virtual link acts as a point-to-point link belonging to area 0.
The default reference bandwidth is 100 Mbps. Cost = reference / interface bandwidth. For a 10 Gbps link: 100 Mbps / 10,000 Mbps = 0.01, which is truncated to 1 (OSPF uses integer costs). To get more granular costs, change the reference bandwidth with `auto-cost reference-bandwidth <value>` on all routers in the OSPF domain.
The adjacency will fail. OSPF authentication must be consistent on both sides. If one router expects authentication and the other does not, the Hellos will be rejected. Use `debug ip ospf adj` to see authentication errors. The authentication type (simple or MD5) and the key must match.
Yes. The OSPF process ID is locally significant and only identifies the OSPF process on the router. It does not affect neighbor formation. Two routers can have different process IDs and still become neighbors as long as other parameters (area, timers, subnet, etc.) match.
You've just covered Exam Trap: OSPF Common Mistakes — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?