07-07-2022 01:07 PM
I have a firepower running OS 6.4, trying to configure basic ospf but its not working. I get this "Area BACKBONE(0) (Inactive)". Not sure what to check now.
Below is the output of show ospf-
Routing Process "ospf 1" with ID xx.xx.xx.xx
Start time: 12w3d, Time elapsed: 01:15:46.160
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 0 msecs
Minimum hold time for LSA throttle 5000 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0xbed8
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0) (Inactive)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 01:15:41.160 ago
SPF algorithm executed 1 times
Area ranges are
Number of LSA 1. Checksum Sum 0xdb44
Number of opaque link LSA 0. Checksum Sum 0x0
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Solved! Go to Solution.
07-07-2022 02:03 PM
OSPF header errors
Length 0, Auth Type 0, Checksum 0, Version 0,
Bad Source 0, No Virtual Link 0, Area Mismatch 0,
No Sham Link 0, Self Originated 0, Duplicate ID 0,
Hello 0, MTU Mismatch 0, Nbr Ignored 0,
LLS 0, Unknown Neighbor 0, Authentication 248,
This shows an authentication issue, may be key ?
07-07-2022 01:22 PM - edited 07-07-2022 01:24 PM
"Area BACKBONE(0) (Inactive)".
what is another side device - what message are you getting from another side?
check good video :
http://www.labminutes.com/sec0240_ftd_61_routing_ospf_1
07-07-2022 01:25 PM
That is a challenge, I do not have access to the other side device.
Its a router ISR4331.
Actually I have replaced the ASA with firepower, OSPF is the only thing not coming up.
07-07-2022 01:28 PM - edited 07-07-2022 01:29 PM
check the video check the config, and make sure it is configured correctly :
it says "autonomous system boundary router"
Do you have an old ASA config?
Post below config :
> show runn router ospf
> show ospf neig
07-07-2022 01:30 PM
Yes I have it-
interface GigabitEthernet1/2
nameif LAN
security-level 100
ip address 10.xx.xx.xx 255.255.255.0
ospf authentication-key *****
ospf authentication message-digest
router ospf 1
router-id xx.xx.xx.xx
network xx.xx.xx.xx 255.255.255.0 area 0
log-adj-changes
default-information originate metric 100000
07-07-2022 01:32 PM
ok post from FTD below :
> show runn router ospf
> show ospf neig
07-07-2022 01:33 PM
and this is from firepower cli-
interface Ethernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address xx.xx.xx.xx
ospf message-digest-key 7 md5 *****
ospf authentication message-digest
router ospf 1
router-id xx.xx.xx.xx
network xx.xx.xx.xx 255.255.255.0 area 0
area 0
timers throttle lsa 0 5000 5000
log-adj-changes detail
default-information originate metric 100000 metric-type 2
07-07-2022 01:42 PM - edited 07-07-2022 01:43 PM
old one have this:
ospf authentication-key *****
ospf authentication message-digest
new one :
ospf message-digest-key 7 md5 ***** ( do with normal with out 7 - try and check)
ospf authentication message-digest
07-07-2022 01:44 PM
let me try it now
07-07-2022 01:46 PM - edited 07-07-2022 01:49 PM
When you select this option, two commands are added: ospf authentication and ospf authentication-key key . Click the variable to configure the following:
key —Select the secret key object that contains the password. The password can be up to 8 characters. You can include blank space between two characters. Spaces at the beginning or end of the password are ignored. If the object does not yet exist, click Create New Secret Key at the bottom of the list and create it now.
When you select this option, two commands are added: ospf authentication message-digest and ospf message-digest-key key-id md5 key . Click the variables to configure the following:
key-id —The authentication key ID number, from 1 to 255. You must configure the neighbor router with the same key ID and associated MD5 key.
key —Select the secret key object that contains the MD5 key. The key is an alphanumeric password up to 16 characters. You can include spaces between characters. Spaces at the beginning or end of the key are ignored. If the object does not yet exist, click Create New Secret Key at the bottom of the list and create it now.
07-07-2022 01:49 PM
it looks something like this now-
interface Ethernet1/2
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address xx
ospf authentication-key *****
ospf authentication
07-07-2022 01:51 PM
sure what is the outcome :
> show ospf neig
07-07-2022 01:54 PM
shows blank output
07-07-2022 01:55 PM
> show ospf traffic
post above output - Hope you able to ping other side IP address ?
07-07-2022 02:00 PM
Yes it pings.
output-
OSPF Router with ID (xx) (Process ID 1)
OSPF queue statistics for process ID 1:
InputQ UpdateQ OutputQ
Limit 0 200 0
Drops 0 0 0
Max delay [msec] 0 0 0
Max size 1 0 1
Invalid 0 0 1
Hello 1 0 0
DB des 0 0 0
LS req 0 0 0
LS upd 0 0 0
LS ack 0 0 0
Current size 0 0 0
Invalid 0 0 0
Hello 0 0 0
DB des 0 0 0
LS req 0 0 0
LS upd 0 0 0
LS ack 0 0 0
Interface statistics:
Interface inside
Last clearing of interface traffic counters never
OSPF packets received/sent
Type Packets Bytes
RX Invalid 0 0
RX Hello 0 0
RX DB des 0 0
RX LS req 0 0
RX LS upd 0 0
RX LS ack 0 0
RX Total 0 0
TX Failed 0 0
TX Hello 249 21304
TX DB des 0 0
TX LS req 0 0
TX LS upd 0 0
TX LS ack 0 0
TX Total 249 21304
OSPF header errors
Length 0, Auth Type 0, Checksum 0, Version 0,
Bad Source 0, No Virtual Link 0, Area Mismatch 0,
No Sham Link 0, Self Originated 0, Duplicate ID 0,
Hello 0, MTU Mismatch 0, Nbr Ignored 0,
LLS 0, Unknown Neighbor 0, Authentication 248,
TTL Check Fail 0
OSPF LSA errors
Type 0, Length 0, Data 0, Checksum 0
Summary traffic statistics for process ID 1:
OSPF packets received/sent
Type Packets Bytes
RX Invalid 0 0
RX Hello 0 0
RX DB des 0 0
RX LS req 0 0
RX LS upd 0 0
RX LS ack 0 0
RX Total 0 0
TX Failed 0 0
TX Hello 249 21304
TX DB des 0 0
TX LS req 0 0
TX LS upd 0 0
TX LS ack 0 0
TX Total 249 21304
OSPF header errors
Length 0, Auth Type 0, Checksum 0, Version 0,
Bad Source 0, No Virtual Link 0, Area Mismatch 0,
No Sham Link 0, Self Originated 0, Duplicate ID 0,
Hello 0, MTU Mismatch 0, Nbr Ignored 0,
LLS 0, Unknown Neighbor 0, Authentication 248,
TTL Check Fail 0
OSPF LSA errors
Type 0, Length 0, Data 0, Checksum 0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide