How To

Configure Single-Area OSPF on Cisco IOS

Josphat Mutai Updated Jun 21, 2026 · 9 min read

Static routes work fine until you have more than a few of them. Single-area OSPF is where most networks reach for a dynamic routing protocol: the routers discover each other, exchange a map of the topology, and keep their routing tables in sync on their own, with no more static routes to maintain. The whole thing takes only a handful of commands per router.

Original content from computingforgeeks.com - post 169375

This guide configures single-area OSPFv2 on three Cisco routers two different ways (the network-statement method and the newer interface method), makes the LAN interfaces passive, advertises a default route into the area, then verifies everything with the show commands that prove it converged. Every command and all output below come from a real lab, not a simulator. If you are studying for the Cisco CCNA 200-301 exam, OSPF configuration is one of the simulation items, so the lab challenge near the end rehearses exactly that flow.

Configured and captured on three Cisco IOS 15.2 routers in GNS3, June 2026. Every command and every show output below is from that lab.

If you have not met the moving parts yet (neighbors, DR/BDR, the link-state database, cost), read the companion guide on OSPF concepts first. This article is the hands-on counterpart: it assumes you know what OSPF does and focuses on getting it running.

The lab topology

Three routers sit in a line, all in OSPF area 0. R1 is the edge router with a path to the internet, R2 is the transit router in the middle, and R3 is a branch. Each router has a LAN, and R1 hands a default route to the rest of the area so R2 and R3 know how to reach the outside world.

Single-area OSPF lab topology, three routers in OSPF area 0, R1 advertises a default route

The addressing is deliberately simple so the routes are easy to read later. Every link is a /30, every LAN is a /24, and the router IDs are clean numbers:

DeviceInterfaceAddressPurpose
R1Gi0/010.0.12.1/30Link to R2
R1Loopback110.1.1.1/24LAN (passive)
R2Gi0/010.0.12.2/30Link to R1
R2Gi1/010.0.23.2/30Link to R3
R2Loopback110.2.2.2/24LAN (passive)
R3Gi0/010.0.23.1/30Link to R2
R3Loopback110.3.3.3/24LAN (passive)

In the lab each LAN is a loopback, with ip ospf network point-to-point set so it advertises the whole /24 instead of a /32 host route. On real hardware that LAN is the physical interface facing your switch, which advertises as a /24 with no extra step, and every command below is identical. The complete R1, R2, and R3 configurations are in the companion lab repo if you want to load them directly. Here is the same lab as it ran in GNS3 on c7200 routers:

GNS3 canvas of three Cisco routers configured for single-area OSPF

Assume the interfaces are already addressed as shown in the table. Everything from here is OSPF configuration, starting on R1.

Step 1: Enable OSPF and set the router ID

Start the OSPF process and pin the router ID by hand. On R1:

configure terminal
router ospf 1
 router-id 1.1.1.1

The 1 after router ospf is a process ID. It is locally significant, so R1 can run process 1 while another router runs process 50 and they still form an adjacency. R2 and R3 get the same two lines with their own IDs, 2.2.2.2 and 3.3.3.3.

Always set the router ID explicitly. Left to itself OSPF picks the highest loopback IP, or failing that the highest active interface IP, and a clean manual ID makes every later show command readable. One catch: the router ID is chosen once, when the process starts. If you change it on a process that is already running, it does not take effect until you restart the process:

clear ip ospf process

That command prompts with Reset ALL OSPF processes? [no]:, so type yes to confirm. It drops and rebuilds every adjacency, so use it deliberately on a live network.

Step 2: Advertise the interfaces, two ways

An interface only runs OSPF once you tell the process about it. There are two ways to do that, and this lab uses both so you can see them side by side.

The network-statement method (R1 and R3)

Under the OSPF process, a network statement matches interfaces by address and drops them into an area. On R1:

router ospf 1
 network 10.0.12.0 0.0.0.3 area 0
 network 10.1.1.0 0.0.0.255 area 0

The trailing value on each line is a wildcard mask, not a subnet mask. It is the inverse: a /30 (255.255.255.252) becomes 0.0.0.3, and a /24 becomes 0.0.0.255. The statement matches any interface whose address falls in that range and activates OSPF on it. R3 is configured the same way for its own subnets:

router ospf 1
 network 10.0.23.0 0.0.0.3 area 0
 network 10.3.3.0 0.0.0.255 area 0

That handles the two routers using network statements. R2, sitting between them, is configured a different way.

The interface method (R2)

The cleaner alternative skips network statements entirely. You enable OSPF directly on each interface, which is far easier to read on a router with many interfaces. R2 uses this method:

interface GigabitEthernet0/0
 ip ospf 1 area 0
interface GigabitEthernet1/0
 ip ospf 1 area 0
interface Loopback1
 ip ospf 1 area 0

The ip ospf 1 area 0 command creates process 1 if it does not exist, so on R2 you only drop back to router ospf 1 to set the router ID. Both methods produce identical adjacencies and routes; pick one per router and stay consistent.

Step 3: Make the LAN interfaces passive

A LAN holds end hosts, not routers, so there is no reason to send OSPF Hellos out of it. Sending them anyway wastes effort and exposes the protocol to anyone who plugs in. Mark the LAN passive:

router ospf 1
 passive-interface Loopback1

Passive does not remove the network from OSPF. The subnet is still advertised to the rest of the area; the router just stops forming adjacencies out that interface. On a router with many user-facing interfaces, the usual pattern is to flip the default and re-enable only the links you want:

router ospf 1
 passive-interface default
 no passive-interface GigabitEthernet0/0

With the links adjacency-ready and the LANs quiet, one piece is missing: the branch routers still have no way out to the internet.

Step 4: Advertise a default route into OSPF

R2 and R3 have no idea how to reach the internet. Rather than configure a static default on each of them, let R1 inject one route that every router in the area inherits. R1 first needs a default route of its own (here a placeholder pointing at Null0 stands in for the real internet next hop), then it originates it:

ip route 0.0.0.0 0.0.0.0 Null0
router ospf 1
 default-information originate

The default-information originate command only injects a default if one already exists in the routing table, unless you append always. Once it fires, R1 becomes an autonomous system boundary router and the default appears on every other router as an external OSPF route. This is the dynamic-routing version of what you would otherwise hand-craft with static routes on each device.

Step 5: Verify the adjacencies

Configuration done. The first thing to confirm is that the routers actually became neighbors. On R2, which sits between the other two, show ip ospf neighbor should list both, and show ip ospf interface brief gives a one-line summary of every OSPF-enabled interface:

R2 show ip ospf neighbor with two FULL adjacencies and show ip ospf interface brief with cost

Both neighbors show FULL, which means their link-state databases are synchronized. The role after the slash is the result of the DR/BDR election that runs on every Ethernet segment, even a two-router /30 link: R2 is the DR toward R1 and the BDR toward R3. The interface brief confirms the interface method worked, listing Gi0/0, Gi1/0, and Lo1 all in area 0, each with a cost of 1.

To check the other side, show ip protocols on R1 summarizes how the process is actually configured. It is the fastest way to confirm the network statements, the passive interface, and the default-route origination all landed:

R1 show ip protocols showing OSPF router ID, advertised networks, passive interface, and ASBR

Router ID 1.1.1.1, the two advertised networks, Loopback1 listed as passive, and the line “It is an autonomous system boundary router” confirming the default origination, all in one screen.

Step 6: Verify the routes

Adjacencies up is not the goal; routes in the table is. On R3, at the far end of the lab, show ip route ospf should hold every subnet it did not configure itself, plus the default that R1 originated. The ping proves the data path actually works end to end:

R3 show ip route ospf with O routes, O*E2 default, and a 100 percent successful ping across the OSPF area

Read the codes left to right. O is an OSPF route, O*E2 is the external default that R1 injected, and the bracketed pair is the administrative distance and cost. R3 learned R1’s LAN as O 10.1.1.0/24 [110/3]: distance 110, cost 3, the sum of the three cost-1 links the path crosses to reach it. The ping from R3’s LAN to R1’s LAN succeeds at 100 percent, which means the routes on every router in between agree.

R1 sees the mirror image. Its show ip route ospf learns R3’s LAN at the same three-hop cost from the opposite direction:

R1# show ip route ospf
      10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
O        10.0.23.0/30 [110/2] via 10.0.12.2, 00:00:22, GigabitEthernet0/0
O        10.2.2.0/24 [110/2] via 10.0.12.2, 00:00:32, GigabitEthernet0/0
O        10.3.3.0/24 [110/3] via 10.0.12.2, 00:00:22, GigabitEthernet0/0

For a deeper walk through every code and column in this output, see the guide on reading the routing table.

Step 7: Tune the OSPF cost

Look back at the interface brief: every link shows a cost of 1. That is because OSPF cost is the reference bandwidth (100 Mbps by default) divided by the interface bandwidth, with a floor of 1, so Gigabit and faster links all collapse to the same value. On a modern network that hides real differences between a 1G and a 10G link.

The fix is to raise the reference bandwidth, and the rule is to set the same value on every router so the math stays consistent:

router ospf 1
 auto-cost reference-bandwidth 10000

When you need to steer traffic onto or off a specific link regardless of bandwidth, set the cost directly on the interface instead:

interface GigabitEthernet0/0
 ip ospf cost 50

A direct interface cost always overrides the bandwidth-derived value, which makes it the cleanest tool for path selection when you have two ways to reach the same place.

Lab challenge: configure OSPF yourself

This is the part the exam tests with a simulation, so practice it without looking. You are handed R3 with its interfaces addressed (Gi0/0 at 10.0.23.1/30 toward R2, Loopback1 at 10.3.3.3/24 as the LAN) but no routing protocol running. Your task:

  • Start OSPF process 1 with router ID 3.3.3.3.
  • Advertise both connected subnets into area 0 using network statements.
  • Make the LAN interface passive.
  • Confirm R3 reaches FULL with R2 and learns the default route.

Configure it, then check yourself against the solution.

Solution

The whole task is six lines:

configure terminal
router ospf 1
 router-id 3.3.3.3
 network 10.0.23.0 0.0.0.3 area 0
 network 10.3.3.0 0.0.0.255 area 0
 passive-interface Loopback1
 end

Then verify the adjacency formed and the default arrived:

R3# show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/BDR        00:00:31    10.0.23.2       GigabitEthernet0/0

If you see R2 as FULL and an O*E2 0.0.0.0/0 entry in show ip route ospf, you configured it correctly. If the neighbor never appears, the usual causes are a wildcard mask that does not match the interface, a missing no shutdown, or mismatched timers between the two ends.

Test yourself on OSPF configuration

Ten questions on the commands you just ran, from network statements and wildcard masks to passive interfaces and default-route origination. Each answer is doc-checked or verified on the lab above.

Loading quiz...

Drill the commands until they are automatic with the flashcard deck. You can also download the same cards as an Anki deck and review them on your phone.

Loading flashcards...

Your single-area OSPF verification checklist

OSPF is configured the same way every time, and it is verified the same way every time. When you finish a configuration, walk these four commands in order and you will catch almost any mistake before it bites:

  1. show ip ospf neighbor confirms the adjacencies reached FULL. Anything stuck below FULL is a neighbor problem, not a routing problem.
  2. show ip protocols confirms you advertised the right networks, made the right interfaces passive, and originated a default if you meant to.
  3. show ip ospf interface brief confirms which interfaces are in OSPF and at what cost, the fastest way to spot an interface you forgot or a cost you need to tune.
  4. show ip route ospf confirms the routes actually landed, with the expected O and O*E2 codes and a cost that matches the hop count.

Single-area OSPF is the foundation the rest of the routing topics build on. Once this is second nature, the natural next steps are inter-VLAN routing and first-hop redundancy, both of which sit on top of a working OSPF core. For the full path through the certification, follow the CCNA 200-301 study roadmap, and if you want the theory behind these commands, the routing protocols overview explains why link-state routing behaves the way it does.

Josphat Mutai

Founder of Computingforgeeks. Senior Systems Engineer with over a decade of hands-on experience building and managing production infrastructure. Core expertise in Linux/UNIX administration, cloud platforms (AWS, GCP, Azure), and Kubernetes ecosystems (EKS, GKE, OpenShift). Deep experience with virtualization (KVM, Proxmox, OpenStack), infrastructure as code (Terraform, Terragrunt, Ansible, Crossplane), GitOps workflows (ArgoCD, FluxCD), Nix/NixOS, and container orchestration at scale. Currently focused on integrating AI and LLMs into DevOps and platform engineering workflows. Every guide on this site is tested on real systems before publishing.

Keep reading

Configure Samba File Share on Debian 13 / 12 Debian Configure Samba File Share on Debian 13 / 12 Setup WireGuard VPN on Ubuntu 24.04 / Debian 13 / Rocky Linux 10 Debian Setup WireGuard VPN on Ubuntu 24.04 / Debian 13 / Rocky Linux 10 Use NetworkManager nmcli on Ubuntu and Debian Debian Use NetworkManager nmcli on Ubuntu and Debian Configure Inter-VLAN Routing with a Layer 3 Switch (SVI) Networking Configure Inter-VLAN Routing with a Layer 3 Switch (SVI) Configure Router-on-a-Stick Inter-VLAN Routing on Cisco Networking Configure Router-on-a-Stick Inter-VLAN Routing on Cisco Nmap on Kali Linux: Network Scanning Guide Kali Linux Nmap on Kali Linux: Network Scanning Guide

Leave a Comment

Press ESC to close