Courseiva
IP AddressingCCNA 200-301

CIDR Aggregate Route Too Broad — Non-Existent Routes Advertised

Presenting Symptom

Remote networks are unreachable, and routing tables show routes to networks that do not exist in the network.

Network Context

A small branch office with two routers (R1 and R2) connected via serial link. R1 is connected to the corporate WAN and has a summary static route pointing to R2. The network uses OSPF as the IGP. The problem occurs after a network engineer configured a CIDR aggregate route on R1 to reduce routing table size.

Diagnostic Steps

1

Check the routing table on R1

show ip route
Codes: C - connected, S - static, O - OSPF
      S   10.0.0.0/8 [1/0] via 192.168.1.2
      C   192.168.1.0/24 is directly connected, Serial0/0/0
      O   172.16.0.0/16 [110/2] via 192.168.1.2, 00:00:12, Serial0/0/0

Look for routes that are too broad. A static route to 10.0.0.0/8 may be covering networks that don't exist, causing traffic to be sent to R2 unnecessarily.

2

Check the routing table on R2

show ip route
Codes: C - connected, S - static, O - OSPF
      C   10.1.1.0/24 is directly connected, GigabitEthernet0/0
      C   10.1.2.0/24 is directly connected, GigabitEthernet0/1
      C   192.168.1.0/24 is directly connected, Serial0/0/0
      O   172.16.0.0/16 [110/2] via 192.168.1.1, 00:00:15, Serial0/0/0

R2 should have specific routes to its connected networks. If R2 is receiving a summary route from R1 that includes non-existent networks, it may be forwarding traffic incorrectly.

3

Examine the OSPF database on R1

show ip ospf database
       OSPF Router with ID (1.1.1.1) (Process ID 1)
                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         123         0x80000002 0x00A1B2 1
2.2.2.2         2.2.2.2         124         0x80000001 0x00C3D4 2

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.1.2     2.2.2.2         125         0x80000001 0x00E5F6

Check if there are any summary LSAs (Type 3) that might be advertising a broad range of networks. If a summary route is being injected, it will appear as a Type 3 LSA.

4

Check the OSPF configuration on R1 for any summary-address commands

show running-config | section router ospf
router ospf 1
 network 192.168.1.0 0.0.0.255 area 0
 summary-address 10.0.0.0 255.0.0.0

The presence of 'summary-address 10.0.0.0 255.0.0.0' indicates that R1 is injecting a summary route for the entire 10.0.0.0/8 block into OSPF. This is too broad if R2 only has specific subnets.

Root Cause

The network engineer configured a 'summary-address 10.0.0.0 255.0.0.0' under OSPF on R1, which injects a single route covering all 10.x.x.x networks into the OSPF domain. This causes R1 to advertise a route to 10.0.0.0/8 even though only specific subnets (10.1.1.0/24 and 10.1.2.0/24) exist behind R2. As a result, traffic destined to non-existent 10.x.x.x networks is forwarded to R2, which then drops it or sends it back, causing unreachability.

Resolution

Remove the overly broad summary route and configure a more specific summary that covers only the actual subnets. Commands: 1. Enter global configuration mode: configure terminal 2. Enter OSPF configuration: router ospf 1 3. Remove the broad summary: no summary-address 10.0.0.0 255.0.0.0 4. Add a precise summary: summary-address 10.1.0.0 255.255.0.0 (This assumes all subnets are within 10.1.x.x. Adjust as needed.) 5. Exit and save: end, write memory

Verification

After applying the fix, verify the routing tables and OSPF database. Commands: 1. show ip route on R1: Should show the new summary route (e.g., 10.1.0.0/16) instead of 10.0.0.0/8. 2. show ip route on R2: Should not show any route for 10.0.0.0/8; only specific routes or the new summary. 3. show ip ospf database on R1: The Type 3 LSA should now advertise 10.1.0.0/16 instead of 10.0.0.0/8. 4. ping from R1 to a non-existent 10.x.x.x address (e.g., 10.2.2.2) should fail (no route), confirming the broad route is gone.

Prevention

1. Always summarize with the most specific prefix that covers only the actual subnets. Use route aggregation only when you are certain of the address space. 2. Use 'show ip route' and 'show ip ospf database' to verify the routes being advertised before and after configuration. 3. Implement route filtering (distribute-list) to prevent unwanted routes from being injected into the routing domain.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of OSPF route summarization and its impact on routing tables. Questions may present a troubleshooting scenario where a summary route causes reachability issues, and you must identify the misconfiguration. The exam expects you to know the 'summary-address' command and how it creates Type 3 LSAs. A candidate must be able to differentiate between a summary that is too broad and one that is correctly scoped.

Exam Tips

1.

Remember that 'summary-address' is configured under the OSPF process on the ASBR (or ABR) and creates a Type 3 LSA.

2.

Be careful: a summary route that is too broad can cause black holes or suboptimal routing. The exam may show a routing table with a /8 route when only /24s exist.

3.

Know the 'show ip ospf database' command to identify Type 3 LSAs and their prefix lengths.

Commands Used in This Scenario

show ip ospf database

Displays the OSPF link-state database (LSDB) to verify OSPF adjacencies, check for missing or corrupt LSAs, and troubleshoot OSPF routing issues.

show ip route

Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions