Question 122 of 1,819
IP RoutinghardMultiple ChoiceObjective-mapped

OSPFv3 Authentication Mismatch: IPsec Hellos Dropped

This 200-301 practice question tests your understanding of ip routing. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

R1# show running-config | section router ospfv3
router ospfv3 1
 router-id 1.1.1.1
 area 0 authentication ipsec spi 256 md5 1234567890ABCDEF1234567890ABCDEF
!
interface Serial0/0/0
 ipv6 address 2001:DB8:1:1::1/64
 ospfv3 1 ipv6 area 0

R2# show running-config | section router ospfv3
router ospfv3 1
 router-id 2.2.2.2
!
interface Serial0/0/0
 ipv6 address 2001:DB8:1:1::2/64
 ospfv3 1 ipv6 area 0

An engineer is troubleshooting an OSPFv3 adjacency issue between two routers R1 and R2 connected over a serial link. The link is up/up on both sides, and IPv6 is enabled on the interfaces. However, the 'show ipv6 ospf neighbor' command shows no neighbors. The engineer checks the OSPFv3 configuration. What is the most likely cause of the missing adjacency?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Exhibit

R1# show running-config | section router ospfv3
router ospfv3 1
 router-id 1.1.1.1
 area 0 authentication ipsec spi 256 md5 1234567890ABCDEF1234567890ABCDEF
!
interface Serial0/0/0
 ipv6 address 2001:DB8:1:1::1/64
 ospfv3 1 ipv6 area 0

R2# show running-config | section router ospfv3
router ospfv3 1
 router-id 2.2.2.2
!
interface Serial0/0/0
 ipv6 address 2001:DB8:1:1::2/64
 ospfv3 1 ipv6 area 0

Quick Answer

The answer is an OSPFv3 authentication mismatch using IPsec, specifically that authentication is configured on R1 but not on R2. This is correct because OSPFv3 relies entirely on IPsec for authentication and integrity, unlike OSPFv2 which uses plaintext or MD5 within the packet itself. When one router has IPsec security policies applied to its OSPFv3 traffic and the other does not, the receiving router will drop the Hello packets as invalid or unauthenticated, preventing any neighbor adjacency from forming. On the CCNA 200-301 v2 exam, this scenario tests your understanding that OSPFv3 authentication is not configured under the OSPF process or interface like OSPFv2, but rather through IPv6 IPsec security associations. A common trap is assuming the issue is a mismatched area ID or network type, but the silent neighbor table with a working link points directly to authentication. Remember the memory tip: OSPFv3 uses IPsec, so if Hellos vanish, check your security associations on both sides.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

OSPFv3 authentication is configured on R1 but not on R2.

Option B is correct because OSPFv3 uses IPsec for authentication, unlike OSPFv2 which uses plaintext or MD5 authentication. If authentication is configured on one router but not the other, the OSPFv3 Hello packets will be dropped, preventing neighbor adjacency from forming. The 'show ipv6 ospf neighbor' command will show no neighbors because the routers cannot exchange Hello packets successfully.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The serial interface on R2 is administratively down.

    Why it's wrong here

    The exhibit shows the interface is up/up on both sides, so this is not the issue.

  • OSPFv3 authentication is configured on R1 but not on R2.

    Why this is correct

    R1 has IPsec authentication under router ospfv3, but R2 does not. This mismatch prevents adjacency formation.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The IPv6 address on R2 is in a different subnet than R1.

    Why it's wrong here

    Both interfaces have addresses in the 2001:DB8:1:1::/64 subnet, so the subnet matches.

  • The OSPFv3 router-id is not configured on R2.

    Why it's wrong here

    R2 has a router-id of 2.2.2.2 configured, so this is not the problem.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

OSPFv3 authentication is configured on R1 but not on R2.Correct answer

Why this is correct

R1 has IPsec authentication under router ospfv3, but R2 does not. This mismatch prevents adjacency formation.

The serial interface on R2 is administratively down.Wrong answer — click to see why

Why this is wrong here

The question states the serial link is up/up on both sides, meaning the interface is not administratively down. An administratively down interface would show as 'administratively down' in the interface status, not 'up/up'.

Why candidates choose this

Students may think that an interface being down is a common cause for OSPF adjacency failure, but the given information explicitly rules this out.

The IPv6 address on R2 is in a different subnet than R1.Wrong answer — click to see why

Why this is wrong here

Both interfaces have IPv6 addresses in the 2001:DB8:1:1::/64 subnet, so the subnet matches. OSPFv3 does not require interfaces to be in the same subnet for adjacency, but it does require link-local addresses to be reachable. However, the given addresses are global unicast, and the subnet match is not the issue here.

Why candidates choose this

In OSPFv2, mismatched subnets prevent adjacency, so students may incorrectly apply the same logic to OSPFv3. However, OSPFv3 uses link-local addresses for neighbor discovery and does not require matching global prefixes.

The OSPFv3 router-id is not configured on R2.Wrong answer — click to see why

Why this is wrong here

The router-id is configured on R2 as 2.2.2.2, as stated in the existing explanation. OSPFv3 requires a router-id, and it is present, so this is not the cause.

Why candidates choose this

A missing router-id is a common OSPF issue, but in this case it is configured. Students might overlook the configuration details and assume it is missing.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the misconception that OSPFv3 requires matching subnets (like OSPFv2) or that authentication is optional, when in fact OSPFv3 uses IPsec and any mismatch breaks adjacency silently.

Trap categories for this question

  • Command / output trap

    The exhibit shows the interface is up/up on both sides, so this is not the issue.

Detailed technical explanation

How to think about this question

OSPFv3 (RFC 5340) uses IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) to authenticate OSPF packets, rather than the simple authentication fields in OSPFv2. The authentication is configured per interface using the 'ipv6 ospf authentication' command, and mismatched keys or algorithms will cause the routers to silently discard each other's Hello packets. In real-world scenarios, this is a common misconfiguration when migrating from OSPFv2 to OSPFv3, as engineers may forget to apply matching IPsec policies on both ends.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A network engineer at a university connects two campus buildings via a fibre link. Both routers run OSPF, but no adjacency forms — even though both routers can ping each other. The engineer finds one router is in area 0 and the other in area 1. OSPF adjacency requires matching area numbers, hello/dead timers, and network type. IP reachability alone is not enough.

Visual reference

R1 R2 R3 R4 10 100 10 100 OSPF picks R1→R2→R4 (cost 20) over R1→R3→R4 (cost 200)

Quick reference

Routing Protocol Comparison

ProtocolMetricMax HopsAlgorithmType
RIP v2Hop count15Bellman-FordDistance vector
OSPFCost (bandwidth)UnlimitedDijkstra (SPF)Link state
EIGRPComposite metricUnlimitedDUALHybrid
IS-ISCostUnlimitedDijkstraLink state
BGPPolicy / attributesUnlimitedPath vectorPath vector

RIP's 15-hop limit makes it unsuitable for large networks. OSPF and EIGRP dominate modern enterprise deployments.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

IP Routing — This question tests IP Routing — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: OSPFv3 authentication is configured on R1 but not on R2. — Option B is correct because OSPFv3 uses IPsec for authentication, unlike OSPFv2 which uses plaintext or MD5 authentication. If authentication is configured on one router but not the other, the OSPFv3 Hello packets will be dropped, preventing neighbor adjacency from forming. The 'show ipv6 ospf neighbor' command will show no neighbors because the routers cannot exchange Hello packets successfully.

What should I do if I get this 200-301 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More 200-301 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.