OSPF Interface Configuration¶
OSPF must use one or more interfaces to announce itself to neighbors and to receive announcements from neighbors. At least one interface must be configured and active in order to locate neighbors and form an adjacency.
Outside NAT interfaces (
ip nat outside) cannot be used as active interfaces in OSPF! The presence of NAT prevents OSPF from properly communicating with neighbors to form a full adjacency.
To configure an interface for use with OSPF, start in
config-ospf mode and
interface <if-name> command to enter
tnsr(config-ospf)# interface <if-name> tnsr(config-ospf-if)#
config-ospf-if mode contains the following commands:
- ip address (*|<ip4-address>)
These commands specify how OSPF will behave for all addresses on an interface (
*) for for a specific IPv4 address on an interface. In most cases, the
*form will be used here, but when there are multiple addresses available on an interface, a specific choice may be necessary.
- area <area-id>
This command defines the interface as a member of the given area. This is required to activate an interface for use by OSPF.
- authentication [message-digest|null]
Configures authentication for OSPF neighbors on this interface. All routers connected to this interface must have identical authentication configurations. This can also be enabled in the area settings.
When run without parameters, simple password authentication is used.
When set, enables MD5 HMAC authentication for this interface.
When set, no authentication is used by OSPF on this interface. This is the default behavior, but may be explicitly configured with this command to override the authentication configured for this area.
- authentication-key <key>
Configures a simple password to use for authentication when that type of authentication is active. This password may only have a maximum length of 8 characters.
This method of authentication is weak, and MD5 HMAC authentication should be used instead if it is supported by all connected routers.
- cost <link-cost>
A manual cost value to apply to this interface, rather than allowing automatic cost calculation to take place.
In situations where multiple paths are possible to the same destination, this allows OSPF to prefer one path over another when all else is equal.
- dead-interval <time>
Time, in seconds from
1-65535, without communication from a neighbor on this interface before considering it dead. This is also known as the
RouterDeadIntervaltimer in OSPF. Default value is
40. This timer should be set to the same value for all routers.
- dead-interval minimal hello <multiplier>
When active, the
dead-intervalis forced to a value of
1and OSPF will instead send
<multiplier>number of Hello messages each second. This allows for faster convergence, but will consume more resources.
When set, this overrides the values of both
hello-interval. Custom values configured with those commands will be ignored by OSPF.
- hello-interval <interval>
The interval, in seconds from
1-65535, at which this router will send hello messages. This is also known as the
HelloIntervaltimer in OSPF. Default value is
10. This timer should be set to the same value for all routers.
A lower value will result in faster convergence times, but will consume more resources.
- message-digest-key key-id <id> md5-key <key>
Configures MD5 HMAC authentication for use with
- key-id <id>
An integer value from
1-255which identifies the secret key. This value must be identical on all routers.
- md5-key <key>
The content of the secret key identified by
key-id, which is used to generate the message digest. Given as an unencrypted string, similar to a password. The maximum length of the key is 16 characters.
When present, OSPF will ignore the MTU advertised by neighbors and can still achieve a full adjacency when peers do not have matching MTU values.
- retransmit-interval <interval>
The interval, in seconds from
1-65535, at which this router will retransmit Link State Request and Database Description messages. This is also known as the
RxmtIntervaltimer in OSPF. Default value is
- priority <priority>
A priority value, from
0-255, assigned to this router. When determining which router will become the Designated Router (DR), the router with the highest priority is more likely to be elected as the DR.
The default value is
1. The value
0is special and will prevent this router from being chosen as DR.
- transmit-delay <delay>
The interval, in seconds from
1-65535, at which this router will transmit LSA messages. This is also known as the
InfTransDelaytimer in OSPF. Default value is
- ip network (broadcast|non-broadcast|point-to-multipoint|point-to-point)
Manually configures a specific type of network used on a given interface, rather than letting OSPF determine the type automatically. This controls how OSPF behaves and how it crafts messages when using an interface.
Broadcast networks, such as typical Ethernet networks, allow multiple routers on a segment and OSPF can use broadcast and multicast to send messages to multiple targets at once. OSPF assumes that all routers on broadcast networks are directly connected and can communicate without passing through other routers.
Non-broadcast networks support multiple routers but do not have broadcast or multicast capabilities. Due to this lack of support, neighbors must be manually configured using the
neighborcommand. When using this mode, OSPF simulates a broadcast network using Non-Broadcast Multi-Access (NMBA) mode, but transmits messages to known neighbors directly.
non-broadcastmode, but connections to manually configured neighbors are treated as a collection of point-to-point links rather than a shared network. Similar to a point-to-point network, OSPF disables DR election.
A point-to-point network links a single pair of routers. The interface is still capable of broadcast, and OSPF will dynamically discover neighbors. With this type of network, OSPF disables election of a DR.