Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
1
Helpful
5
Replies

why LSA 4 generated, need answer

Go to solution
babayagafebruary
Level 1
Level 1

‎12-31-2025 01:05 AM

Hello Team, I have quick query:Routing, 

I have Sophos firewall along with 2 cisco router 

Firewall192.168.15.1---------------192.168.15.2(CISCOR12)192.168.17.1---------------192.168.17.2(R4)

CISCOR12- network

192.168.15.0\24 in area 0 with process id 1

192.168.16.0/24 in area 0 with process id 1

192.168.17.0/24 in area 5 with process id 1

R4 router has 2 network

192.168.17.0/24 and loopback address -15.15.15.15 in area 5 along with process id 1

Sophos Firewall

192.168.15.0/24 and 192.168.10.0/24 in area 0

 

My question is why I am getting LSA 4 here. Please find attached the screenshot

CISCOR12

babayagafebruary_0-1767171625634.png

 

R4

babayagafebruary_1-1767171726378.png

 

 

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-31-2025 01:20 AM

CISCOR12 as ABR: Your CISCOR12 router acts as an ABR because it has interfaces in both Area 0 (connecting to Sophos) and Area 5 (connecting to R4)

LSA Type 4 (ASBR Summary LSA) is a normal behavior triggered by the redistribution of external routes.

Routers in Area 5 (like R4) receive this Type 5 LSA, but they do not have a Type 1 (Router LSA) for the Sophos Firewall because Type 1 LSAs do not cross area boundaries.

check learning post :

https://learningnetwork.cisco.com/s/question/0D53i00000KsppkCAB/ospf-lsa-45

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to babayagafebruary

‎12-31-2025 02:24 AM

ABRs are the Only Creators of Type 4 LSAs

A Type 4 LSA (ASBR Summary) exists for only one reason: to tell routers in other areas how to find the ASBR.

all routers (including the Sophos Firewall and CISCOR12) already have the Type 1 LSA (Router LSA)

You can verify on routers :

Show ip ospf database asbr-summary

Again, this theory is based on RFC; check Sophos Firewall documentation to match the same behaviour.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to babayagafebruary

‎01-01-2026 11:48 PM - edited ‎01-01-2026 11:49 PM

Hello @babayagafebruary ,

the Sonic Firewall is only in area 0, the LSA type 4 is generated and fllooded in other areas area 5 in your case.

This is why the sonic firewall do not list an LSA type 4. It is not needed in area 0 because the ASBR node is directly connected to area 0 and routers in area 0 can check the E bit in the Router LSA of the ASBR node to check liveness.

The E bit in router LSA and the LSA type 4 in other areas allow each router to make an additional check before installing external routes i.e. LSA type 5.

if an LSA type 5 is present in OSPF DB but the originator ASBR is not also stating it is still an ASBR via E bit / LSA type 4 the LSA type 5 is ignored and not used.

Hope to help

Giuseppe

 

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-31-2025 01:20 AM

CISCOR12 as ABR: Your CISCOR12 router acts as an ABR because it has interfaces in both Area 0 (connecting to Sophos) and Area 5 (connecting to R4)

LSA Type 4 (ASBR Summary LSA) is a normal behavior triggered by the redistribution of external routes.

Routers in Area 5 (like R4) receive this Type 5 LSA, but they do not have a Type 1 (Router LSA) for the Sophos Firewall because Type 1 LSAs do not cross area boundaries.

check learning post :

https://learningnetwork.cisco.com/s/question/0D53i00000KsppkCAB/ospf-lsa-45

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
babayagafebruary
Level 1
Level 1

‎12-31-2025 02:04 AM - edited ‎12-31-2025 02:22 AM

Hello @balaji.bandi , just one more query, why in the Sophos Firewall I am not able to see LSA 4, this is expected that in Area0 only ABR has lsa4 . please find attached the screenshot of Sophos Firewall :

babayagafebruary_0-1767175451724.png

r12

babayagafebruary_0-1767176501860.png

 

 

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to babayagafebruary

‎12-31-2025 02:24 AM

ABRs are the Only Creators of Type 4 LSAs

A Type 4 LSA (ASBR Summary) exists for only one reason: to tell routers in other areas how to find the ASBR.

all routers (including the Sophos Firewall and CISCOR12) already have the Type 1 LSA (Router LSA)

You can verify on routers :

Show ip ospf database asbr-summary

Again, this theory is based on RFC; check Sophos Firewall documentation to match the same behaviour.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
babayagafebruary
Level 1
Level 1

‎12-31-2025 02:05 AM

router id on the Sophos Firewall is 7.7.7.7

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to babayagafebruary

‎01-01-2026 11:48 PM - edited ‎01-01-2026 11:49 PM

Hello @babayagafebruary ,

the Sonic Firewall is only in area 0, the LSA type 4 is generated and fllooded in other areas area 5 in your case.

This is why the sonic firewall do not list an LSA type 4. It is not needed in area 0 because the ASBR node is directly connected to area 0 and routers in area 0 can check the E bit in the Router LSA of the ASBR node to check liveness.

The E bit in router LSA and the LSA type 4 in other areas allow each router to make an additional check before installing external routes i.e. LSA type 5.

if an LSA type 5 is present in OSPF DB but the originator ASBR is not also stating it is still an ASBR via E bit / LSA type 4 the LSA type 5 is ignored and not used.

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents