OSPF Stub Area Blocking External Routes Needed by Users
Presenting Symptom
Users in the branch office cannot reach external networks (Internet) even though OSPF routes for internal networks are present.
Network Context
A small branch office connects to the corporate headquarters via a WAN link. The branch router (R2) is configured as an OSPF stub area (Area 1) to reduce the routing table size. The headquarters router (R1) is the ABR. Users in the branch need to access external routes (e.g., default route to the Internet) injected into OSPF via a Type 5 LSA from an ASBR. The stub area configuration blocks Type 5 LSAs, preventing the default route from being learned.
Diagnostic Steps
Check OSPF neighbor state
show ip ospf neighborNeighbor ID Pri State Dead Time Address Interface 10.0.0.1 1 FULL/DR 00:00:34 10.0.1.1 GigabitEthernet0/0
If neighbor state is FULL, OSPF adjacency is up. If not, troubleshoot Layer 2 or OSPF parameters.
Check OSPF database for external routes
show ip ospf database externalOSPF Router with ID (10.0.0.2) (Process ID 1)
Type-5 AS External Link States
LS age: 100
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 0.0.0.0 (External Network Number)
Advertising Router: 10.0.0.3
LS Seq Number: 80000001
Checksum: 0x1234
Length: 36
Network Mask: /0
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0If the output shows Type 5 LSAs, the stub area is not blocking them (unexpected). If the output is empty, external routes are being blocked, which is expected in a stub area but problematic if users need them.
Check OSPF area type on the branch router
show ip ospf interface gigabitEthernet 0/0GigabitEthernet0/0 is up, line protocol is up
Internet Address 10.0.1.2/24, Area 1
Process ID 1, Router ID 10.0.0.2, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 10.0.0.1, Interface address 10.0.1.1
Backup Designated router (ID) 10.0.0.2, Interface address 10.0.1.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.0.0.1 (Designated Router)
Suppress hello for 0 neighbor(s)
Area 1 is configured as a stub areaThe line 'Area 1 is configured as a stub area' confirms the area is stub. In a stub area, Type 5 LSAs are blocked, so external routes are not learned.
Check for default route in routing table
show ip route ospfO 10.0.0.0/8 [110/2] via 10.0.1.1, 00:12:34, GigabitEthernet0/0 O IA 172.16.0.0/16 [110/3] via 10.0.1.1, 00:12:34, GigabitEthernet0/0
If no default route (0.0.0.0/0) appears, the stub area is not receiving a default route. In a stub area, the ABR should inject a default route (Type 3 LSA) automatically. If missing, the ABR may not have a default route itself or the 'default-information originate' command is missing.
Root Cause
The branch router (R2) is configured as an OSPF stub area (Area 1), which blocks Type 5 LSAs (external routes). The ABR (R1) does not have a default route in its routing table, so it does not inject a Type 3 default route into the stub area. Users need external connectivity, but the stub area design prevents learning any external routes, including a default route to the Internet.
Resolution
Verification
On R2, run: show ip route ospf Expected output should include: O*IA 0.0.0.0/0 [110/2] via 10.0.1.1, 00:00:05, GigabitEthernet0/0 Also run: show ip ospf database Expected output should show a Type 3 LSA for 0.0.0.0 (default route) from the ABR.
Prevention
1. When designing stub areas, ensure the ABR has a default route (static or from another routing protocol) and injects it using 'default-information originate'. 2. Use 'show ip ospf' to verify area type and default route advertisement. 3. Consider using a totally stubby area (stub no-summary) if only a default route is needed, but ensure the ABR generates the default.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests understanding of OSPF stub areas and their behavior regarding external routes. Questions may present a troubleshooting scenario where users cannot reach the Internet, and the candidate must identify that a stub area is blocking Type 5 LSAs. The exam may ask which command to verify the area type or how to inject a default route. Key fact: Stub areas block Type 5 LSAs but allow a default route (Type 3) injected by the ABR.
Exam Tips
Remember that stub areas block Type 5 LSAs but the ABR automatically injects a Type 3 default route if it has one.
The command 'show ip ospf interface' displays the area type (stub, NSSA, etc.).
If a stub area lacks a default route, check if the ABR has a default route and is using 'default-information originate'.
Commands Used in This Scenario
show ip ospf database
Displays the OSPF link-state database (LSDB) to verify OSPF adjacencies, check for missing or corrupt LSAs, and troubleshoot OSPF routing issues.
show ip ospf interface
Displays OSPF interface parameters and status, used to verify OSPF configuration and troubleshoot neighbor relationships.
show ip ospf neighbor
Displays OSPF neighbor information to verify adjacency formation and troubleshoot OSPF neighbor relationships.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions