Common reasons why an OSPF neighbor relationship between S series switches cannot change to the Full state

10

Question: What are common reasons why an OSPF neighbor relationship cannot change to the Full state?

Answer: Common causes of this problem include the following:
1. The OSPF network is a non-broadcast multiple access (NBMA) network, and no neighbor is configured.
2. The interval at which the OSPF neighbor sends Hello packets is longer than the aging time of the neighbor relationship.
3. In a stub area or not-so-stubby area (NSSA) area, some switches are not configured as stub or NSSA.
4. The configuration of OSPF verification is incorrect.
5. The OSPF router IDs on two ends of the OSPF link are the same.
6. The network types on two ends of the OSPF link are different.
7. The MTU values on two ends of the OSPF link are different.
8. OSPF is not enabled on the local or remote device.
9. The area numbers on two ends of the OSPF link are different.

Other related questions:
What are common reasons why an OSPF neighbor relationship cannot change to full state
Common causes of this problems are: The OSPF network is a non-broadcast multiple access (NBMA) network, and no neighbor is configured. The interval at which the OSPF neighbor sends Hello packets is longer than the aging time of the neighbor relationship. In a stub area or not-so-stubby area (NSSA) area, some devices are not configured as stub routers or NSSA routers. The configuration of OSPF verification is incorrect. The OSPF router IDs on two ends of the OSPF link are different. The network types on two ends of the OSPF link are different. The MTU values on two ends of the OSPF link are different. OSPF is not enabled on the local or remote device. The area numbers on two ends of the OSPF link are different.

Why does an OSPF neighbor relationship between two S series switches remain in the 2-Way state
Question: Why are Full/DR, FULL/BDR, and 2-WAY/DR OTHER displayed in the display ospf peer command output? A: To reduce broadcast network (such as the Ethernet, FDDI, and token ring network) media to be flooded, only the DR and BDR can establish Full neighbor relationships with DR Others. The neighbor relationship between two DR Others remains in the 2-Way state.

Why is the setup of an OSPF neighbor relationship between S series switches on a broadcast network slow
On a broadcast network, when two devices establish a 2-Way OSPF neighbor relationship, they elect the DR and BDR. Generally, the DR and BDR are elected after the Waiting timer expires, and the default value of the Waiting timer is 40s. Therefore, the setup of a Full OSPF neighbor relationship requires about 1 minute. Advertising a route to a loopback interface is useless. This is because a loopback interface cannot connect to a physical network, and traffic to a network segment cannot be routed to a loopback interface.

An OSPF neighbor relationship between S series switches stays in the Exstart/Exchange state for a long time
Question: How can I identify the cause when an OSPF neighbor relationship between S series switches stays in the Exstart/Exchange state for a long time? Answer: The Exstart/Exchange state indicates that the local switch is exchanging Database Description (DD) packets with a neighbor. If the Exstart/Exchange state lasts for a long time, check the following items: 1. Whether the MTU values on the local interface and neighboring interface are the same 2. Whether the router IDs of the switches are the same (Two switches must have different router IDs.) 3. Whether the size of received packets exceeds the MTU of the interface (If yes, packets sent from the neighbor are dropped.)

Problem and solution when the OSPF status is abnormal
To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps: 1. Check the OSPF status. Check whether the OSPF neighboring relationship can be established between the firewall and the peer device. 2. If no, check the security policy configuration. Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function. To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded. For details, see OSPF can not step into full state caused by security policy deny.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top