Troubleshooting OSPF Adjacency Issues - Part 1

No neighbors showing under "Show ip ospf neighbors" command?  The reason could be one from the below problems:
  1. Have you enabled OSPF for the concerned interface/link? Either using "Network 10.10.12.0 0.0.0.255 area 0" command under the OSPF router process or by using an interface-level command "ip ospf 10 area 0".
  2. Check if OSPF Process ID and Area number are configured correctly. You could have configured incorrect Area ID or Process ID on both sides.
  3. Check the interface status. Layer 1/2 could be showing down. The interface could be admin down. The issue could be related to unplugged cable(down/down), faulty cable, a faulty physical port on router/switch, faulty SFPs(Transceivers), L2 issue at Provider side (port could be faulty on provider L2 device).
  4. Check if you have configured the "passive-interface Fa0/0" command under the OSPF router process for the concerned interface. Remove this command using "no passive-interface Fa0/0".
  5. Check if any access-list is blocking OSPF Hellos on interfaces at both ends of the link. Remove this ACL or add the entry allowing the required rule of OSPF communication.
  6. Check if you have configured an incorrect subnet mask. There could be subnet number/mask mismatch over a broadcast link.
  7. Check if Hello/dead intervals match at both sides.
  8. Check if the authentication type (plain text or MD5) has been mismatched. There could be a problem of authentication key mismatch
  9. Check if Stub/transit/NSSA area options are configured correctly.
  10. Check if you have configured OSPF adjacency that exists with the secondary IP address. OSPF neighborship will not come up with a Secondary IP address configured on the interface.
  11. An OSPF adjacency exists over an asynchronous interface.
  12. There could be an issue with the Network-type mismatch for the OSPF link. This could lead to timers mismatch and issues with establishing neighborship.
  13. Check if the "broadcast" keyword is missing on either/both sides, while you establish the frame-relay map/dialer map statement when you configure the PVC over FR links.
  14. If your OSPF domain has multiple Areas configuration (Stub/Totally Stub/NSSA), make sure you have configured the Area number correctly between the peers. 
  15. If two OSPF peers have the same Router-IDs, they will not form an adjacency.
  16. Troubleshooting tips for OSPF peers stuck in INIT, Two-Way, Exstart, Exchange, and Loading state are given int the article "Troubleshooting OSPF Adjacency Issues - Part 2"

Below are some commands to troubleshoot for some of the points mentioned above:

Router#Show ip ospf neighbor
Router#Show ip ospf interface brief

Router#Show ip ospf interface fa0/0 | i Passive
  No Hellos (Passive interface)                               >>>>>>>>>>

Example of access-list blocking OSPF communication:

 R1#sh run int F0/0
ip add 10.10.12.1 255.255.255.0
ip access-group 121 in

R1#sh ip access-lists 121     >>>>>> The ACL has implicit deny and blocked the protocol OSPF (89)
Extended IP access list 121
    10 permit tcp any any
    20 permit udp any any

Add below lines and neighborship will come up asap.

R1(config)#ip access-list extended 121
R1(config-ext-nacl)#30 permit ip any any     
R1(config-ext-nacl)#^Z

*Nov  8 16:23:28.103: %OSPF-5-ADJCHG: Process 10, Nbr 10.10.12.2 on FastEthernet0/0 from LOADING to FULL, Loading Done


Debug messages:

  • To check mismatch in Hello/dead timer parameters:
R1#debug ip ospf hello
*Nov  8 16:43:49.267: OSPF-10 HELLO Fa0/0: Mismatched hello parameters from 10.10.12.2 
*Nov  8 16:43:49.267: OSPF-10 HELLO Fa0/0: Dead R 40 C 20, Hello R 10 C 5 Mask R 255.255.255.0 C 255.255.255.0

  • To check mismatch in OSPF authentication:
R1#debug ip ospf adj
*Nov  8 17:06:15.191: OSPF-10 ADJ   Fa0/0: Rcv pkt from 10.10.12.2 : Mismatched Authentication type. Input packet specified type 0, we use type 1

Commands to configure OSPF authentication. Remember if you are using OSPF authentication, use the same authentication type on both sides.

Clear text:

R1(config)#router ospf 10 
R1(config-router)#area 0 authentication

R1(config)#int f0/0
R1(config-if)#ip ospf authentication

Authentication using MD5

R1(config)#router ospf 10 
R1(config-router)#area 0 authentication message-digest

R1(config)#int f0/0
R1(config-if)#ip ospf authentication message-digest


  • To check mismatch in OSPF area configuration:
R1#debug ip ospf adj
*Nov  8 17:19:42.187: %OSPF-4-ERRRCV: Received invalid packet: mismatched area ID, from backbone area, must be virtual-link but not found from 10.10.12.2, FastEthernet0/0