Configure OSPF special areas on S series switches

2

1. Configure a stub area.
A stub area is a special area where ABRs do not flood received AS external routes, significantly reducing the routing table size and transmitted routing information of routers. A border area on an OSPF network is often configured as a stub area. For example, configure Area1 as a stub area.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] stub
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
Precautions:
1. To configure an area as a stub area, you must run the stub command on all the devices in this area.
2. To configure an area as a totally stub area, run the stub no-summary command on the ABR in this area and run the stub command on other devices in this area. This prevents the ABR from transmitting Type 3 LSAs to the stub area, making the area a totally stub area.

2. Configure an NSSA area.
In an NSSA, an ABR does not flood AS external routes received from other areas, similar to the situation in a stub area. The difference is that an ABR can import and flood AS external routes to the entire OSPF domain. A border area connected to another AS on an OSPF network is often configured as an NSSA. For example, configure Area2 as an NSSA.
[SwitchB] ospf 1
[SwitchB-ospf-1] area 2
[SwitchB-ospf-1-area-0.0.0.2] nssa
[SwitchB-ospf-1-area-0.0.0.2] quit
[SwitchB-ospf-1] quit
Precautions:
1. To configure an area as an NSSA, you must run the nssa command on all the devices in this area.
2. To configure an area as a totally NSSA, run the nssa no-summary command on the ABR in this area and run the nssa command on other devices in this area. This prevents the ABR from transmitting Type 3 LSAs to the NSSA, making the area a totally NSSA.

Other related questions:
Can I configure only an OSPF non-backbone area on S series switches
OSPF partitions an AS into different areas to resolve the problem of frequent LSDB updates and improve network efficiency. An area is regarded as a logical group, and each group is identified by an area ID. A switch, not a link, resides at the border of an area. A network segment or link belongs only to one area. The area to which each OSPF-enabled interface belongs must be specified. On an OSPF network, the backbone area connects to all other OSPF areas and transmits inter-area routes. A single non-backbone area (for example, Area 3) can be configured to implement intra-area communication. However, if multiple non-backbone areas are configured, a backbone area is required to enable communication between the non-backbone areas. Therefore, all devices on a small network can be added to Area 0 (the backbone area). You are advised not to configure a single non-backbone area.

Differences between interface authentication and area authentication for OSPF on S series switches
Rules for OSPF authentication on S series switches supporting OSPF are as follows: If an interface is configured with authentication, the authentication method configured on the interface is used. If the authentication is set to null, the interface is not authenticated. If the interface is not configured with authentication (null does not indicate no configuration), area authentication is used. If the area is not configured with authentication either, no authentication is performed.

Can an S series switch correctly calculate routes when OSPF backbone areas are not continuous
For S series switches supporting OSPF, if OSPF backbone areas are not continuous, some areas may be unreachable and loops may occur on inter-area and external routes.

Configure OSPF neighbor authentication on an S series switch
OSPF authentication of S series switches includes area authentication and interface authentication. 1. Area authentication Run the authentication-mode command in an OSPF area view to set the authentication mode and password for the OSPF area. For example: [HUAWEI] ospf 100 [HUAWEI-ospf-100] area 0 [HUAWEI-ospf-100-area-0.0.0.0] authentication-mode simple cipher huawei To configure MD5 authentication, run the following command: [HUAWEI-ospf-100-area-0.0.0.0] authentication-mode md5 1 cipher huawei 2. Interface authentication The interface authentication mode is used among neighbor switches to set the authentication mode and password. Its priority is higher than that of the area authentication mode. Run the ospf authentication-mode command in the interface view to set the authentication mode and password for adjacent switches. For example: [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ospf authentication-mode simple cipher huawei To configure MD5 authentication, run the following command: [HUAWEI-Vlanif100]ospf authentication-mode md5 1 cipher huawei Note: When configuring area authentication or interface authentication, all switches involved must have the same authentication mode and password. If not, the switches may fail to set up an OSPF neighbor relationship.

On S series switches, why cannot inter-area OSPF route summarization take effect
Question: Why cannot inter-area OSPF route summarization take effect? Answer: As defined in RFC 2328, when an ABR summarizes inter-area routes, it directly generates a Type 3 LSA regardless of the configured range value. When the ABR summarizes intra-area routes, it generates a Type 3 LSA based on the configured range value. However, route summarization can cause more LSAs being transmitted into the backbone area, making the network unstable.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top