3.8 OSPF Troubleshooting Scenarios

OSPF troubleshooting is a favorite CCNA 200-301 topic. You will likely face at least one scenario where you must diagnose why an adjacency won't form or why a route is missing. Memorize the five neighbor-matching requirements — area ID, Hello/Dead timers, authentication, subnet/mask, and MTU — because they explain the majority of failures.

Scenario 1: No OSPF Neighbor Seen

Symptom: show ip ospf neighbor is empty.

Checklist:

1. Is OSPF active on the interface? → show ip ospf interface brief
2. Is the interface passive? → show ip protocols (lists passive interfaces)
3. Same subnet on both ends? → show ip interface brief
4. Interface up/up? → show ip interface brief
5. Are Hellos sent? → debug ip ospf hello
6. ACL blocking IP protocol 89? → show access-lists
7. Area mismatch or authentication on only one side?

Scenario 2: Neighbor Stuck in INIT

Symptom: Neighbor appears but never leaves Init.

Cause: One-way Hellos — your router hears the neighbor, but the neighbor never sees your Router ID in a returned Hello (or vice versa).

Common causes: an ACL or firewall blocking OSPF in one direction, multicast not delivered on one side, or a unidirectional media fault.

Scenario 3: Neighbor Stuck in EXSTART/EXCHANGE

Symptom: Neighbor never advances past ExStart or Exchange.

Cause: Almost always an MTU mismatch. During DBD exchange the larger side's database packet exceeds the smaller side's MTU and is dropped.

Router(config-if)# ip mtu 1500          ! Make both interfaces match

As a last resort (not recommended in production):

Router(config-if)# ip ospf mtu-ignore

Scenario 4: Neighbor Full but Routes Missing

Symptom: Adjacency is Full, yet expected prefixes are absent from show ip route.

Possible causes:

• The remote router has no network statement for that subnet, so it never advertises it.
• The remote interface is passive (advertised but no Hellos — still a valid cause if mis-applied).
• A distribute-list or route filter is dropping the prefix.
• A lower-AD route (e.g., a static, AD 1) for the same prefix is winning.

Verify the LSA is actually present with show ip ospf database before assuming a routing-table bug.

Scenario 5: Suboptimal Path Selection

Symptom: Traffic takes a longer path than the topology suggests.

Cause: Cost calculation can't tell fast links apart because the reference bandwidth is still the 100 Mbps default, so every Gigabit-and-faster link costs 1.

Router(config-router)# auto-cost reference-bandwidth 10000   ! Apply identically everywhere

The value must be the same on every router, or each device computes inconsistent costs and chooses different best paths.

Scenario 6: DR/BDR Election Problems

Symptom: The wrong router is DR, or no DR is elected.

Cause: Misconfigured ip ospf priority, or every router set to priority 0 (no one is eligible). Remember the election is non-preemptive, so raising priority after the fact requires clear ip ospf process to re-elect.

Quick OSPF Troubleshooting Reference

The Five Matches (Memorize)

On the Exam: When OSPF misbehaves, run through these five first. Four of the five block the adjacency outright; only an MTU mismatch lets the neighbor begin and then stall in ExStart — that distinction is itself a frequent test point.

Worked Example: Diagnosing a Dead Adjacency

Two routers share an Ethernet link but show ip ospf neighbor is empty. Walk the five matches with output. show ip ospf interface gi0/0 reveals the area, the Hello/Dead timers, the network type, and the configured cost. If R1 reports Area 0 while R2 reports Area 1, that alone blocks the adjacency. If areas agree, compare timers — R1 at Hello 10/Dead 40 and R2 at Hello 30/Dead 120 will never peer. Still nothing? Confirm both interface IPs sit in the same subnet with show ip interface brief; a /30 typo placing one router in the wrong subnet is a classic culprit.

Only after these four pass should you suspect authentication or an ACL blocking IP protocol 89.

Verifying Routes Are Actually Advertised

When a neighbor is Full but a prefix is missing, prove whether the LSA even exists before blaming the local router. On the router that owns the missing subnet, run show ip ospf interface brief — if the interface is not listed, no network statement matched it and OSPF is not advertising that subnet at all. Then on the receiving router, show ip ospf database should contain an LSA for the prefix; if it does but show ip route does not, suspect a competing lower-AD route or a filter. This LSDB-versus-RIB comparison pinpoints whether the problem is advertisement (sending side) or installation (receiving side).

The Passive-Interface Double Edge

A passive interface is correct on host-facing LANs but catastrophic on a router-to-router link: it advertises the subnet yet suppresses Hellos, so the two routers silently fail to peer while the network still appears in OSPF configuration. Symptom: the subnet is advertised but no adjacency forms across it. Check show ip protocols, which lists every passive interface; if the transit link is in that list, remove it with no passive-interface. This is a deliberately sneaky exam scenario because everything else — areas, timers, subnets — looks perfect.