Useful commands

show ip ospf neighbor
debug ip packet
debug ip ospf adj

Neighbor relations ships are formed in seven distinct phases:

  1. Down
  2. Attempt (optional)
  3. Init
  4. 2-Way
  5. Exstart
  6. Exchange
  7. Loading
  8. Full

No Hellos have been received on the interface. You would see this when you have OSPF configured but you do not have any neighbors.


Attempting to contact the neighbor. You would not normally see this unless you have statically defined neighbors, you would see this state whilst the router is attempting to reach it's neighbor.


A hello has been received. If a router is stuck in the INIT state then one-way communication means that this


Both routers have received a hello, there is a connection between the two routers but they are not exchanging routes. An example of a reason that routers will become stuck in 2-Way is in a multi-access network, a router will only build a full adjacency with the DR and the BDR all other routers will be seen as stuck in 2-way.


Sequence number is selected. so that LSAcks can confirm reliable exchange of the information.


DBD packets are sent between the routers.


LSRs are sent for new routes, LSUs are sent containing requested information, LSAcks are sent confirming receipt of the routes.


Both routers are converged.[/cs_text]

Neighbor Authentication


Useful Commands

Plain Text Authentication

Router(config)# int fa0/0
Router(config-if)# ip ospf authentication-key
Router(config-if)# exit
Router(config)# router ospf 1
Router(config-router)# area 0 authentication

MD5 Authentication
Router(config)# int fa0/0
Router(config-if)# ip ospf message-digest-key 1 md5 
Router(config-if)# exit
Router(config)# router ospf 1
Router(config-router)# area 0 authentication message-digest

By default authentication of OSPF is not enabled

Neighbor Authentication is not so crucial on point-to-point link as there is not really a way for someone to join themselves in to that routing process. However, on a multi-access network there is the possibility that someone could get a rogue router on to the network and they would be able to affect the network if there is no authentication. There are two types of OSPF authentication:

  1. Plain Text Authentication.
  2. MD5 Authentication.

There is not a lot of point in using plain text authentication as all the passwords that secure the authentication of the routing process are sent in plain text on the wire (hence the name). MD5 Authentication is the secure version of the two although this now is also not that secure anymore, the most secure version now is SHA-256 though this is only available in the latest routers. Only MD5 Authentication is covered in the exam.

If you need a new website or your website needs updating go to

10 Kinds Technology
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram