Courseiva
OSPFCCNA 200-301

OSPF Neighbor Adjacency Not Forming at All

Presenting Symptom

OSPF neighbor adjacency is not forming between two directly connected routers; the neighbor state remains stuck in INIT or DOWN.

Network Context

Two Cisco routers (R1 and R2) are directly connected via GigabitEthernet0/0 in a small branch office. Both run IOS 15.x and are configured with OSPF process ID 1 in area 0. The link is up/up, but show ip ospf neighbor shows no neighbors or only INIT state.

Diagnostic Steps

1

Check OSPF neighbor status

show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.0.0           0    DOWN             -           0.0.0.0         GigabitEthernet0/0

If no neighbors appear or state is DOWN/INIT, OSPF is not receiving Hello packets. If state is INIT, Hello was received but not seen in return.

2

Verify OSPF interface configuration

show ip ospf interface gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
  Internet Address 10.1.1.1/30, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 1.1.1.1, Interface address 10.1.1.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:03
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

Check that the interface is in the correct area, has an IP address, and OSPF is enabled. If 'OSPF not enabled' appears, the network command is missing or incorrect.

3

Verify OSPF configuration on both routers

show running-config | section router ospf
router ospf 1
 network 10.1.1.0 0.0.0.3 area 0

Ensure the network statement covers the interface IP. A mismatch in wildcard mask or area ID can prevent adjacency. Also verify router-id is unique.

4

Check for ACLs or interface filters blocking OSPF

show ip access-lists
Extended IP access list BLOCK_OSPF
    10 deny ospf any any (4 matches)
    20 permit ip any any

If an ACL denies OSPF (protocol 89) on the interface, Hello packets are dropped. Check both inbound and outbound ACLs on the interface.

5

Verify Layer 2 connectivity and MTU

ping 10.1.1.2 repeat 10
!!!!!

If ping fails, Layer 2 issue or IP addressing mismatch. Also check MTU: OSPF requires matching MTU on both sides; use 'show interfaces' to compare.

Root Cause

An inbound ACL on R2's GigabitEthernet0/0 denies OSPF protocol (IP protocol 89), blocking Hello packets from R1. R1 sees R2's Hello (since outbound is not filtered), but R2 never receives R1's Hello, so neighbor state stays INIT on R1 and DOWN on R2.

Resolution

Remove the ACL or add a permit statement for OSPF. On R2: R2(config)# ip access-list extended BLOCK_OSPF R2(config-ext-nacl)# no deny ospf any any R2(config-ext-nacl)# permit ospf any any R2(config-ext-nacl)# exit Alternatively, remove the ACL from the interface: R2(config)# interface gigabitEthernet 0/0 R2(config-if)# no ip access-group BLOCK_OSPF in

Verification

Run 'show ip ospf neighbor' on R1: Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/DR 00:00:38 10.1.1.2 GigabitEthernet0/0 Also verify with 'show ip ospf neighbor' on R2 showing FULL state.

Prevention

1. Use explicit permit statements for OSPF (protocol 89) in ACLs applied to OSPF-enabled interfaces. 2. Avoid ACLs on transit links unless necessary; if required, apply them consistently on both sides. 3. Use 'debug ip ospf hello' during initial setup to verify Hello packet exchange.

CCNA Exam Relevance

On the CCNA 200-301 exam, OSPF neighbor adjacency issues are tested in troubleshooting scenarios (drag-and-drop or multiple choice). The exam expects candidates to identify that ACLs blocking OSPF, mismatched areas, or incorrect network statements prevent adjacency. Key fact: OSPF uses IP protocol 89, and ACLs must permit it.

Exam Tips

1.

Remember that OSPF uses IP protocol 89, not TCP/UDP port numbers.

2.

If neighbor state is INIT, the router received a Hello but did not see its own Router ID in the neighbor's Hello; check for mismatched areas or ACLs.

3.

The 'show ip ospf interface' command quickly reveals if OSPF is enabled on an interface and its network type.

Commands Used in This Scenario

show ip access-lists

Displays the contents of all current IP access lists or a specific access list, including the number of matches for each entry, used to verify and troubleshoot ACL configuration and traffic filtering.

show ip ospf interface

Displays OSPF interface parameters and status, used to verify OSPF configuration and troubleshoot neighbor relationships.

show ip ospf neighbor

Displays OSPF neighbor information to verify adjacency formation and troubleshoot OSPF neighbor relationships.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions