F OSPF Lab Configuration Guide – Single Area, Multi-Area, Stub, NSSA & More - The Network DNA: Networking, Cloud, and Security Technology Blog
Home / networking / OSPF / routing / OSPF Lab Configuration Guide – Single Area, Multi-Area, Stub, NSSA & More

OSPF Lab Configuration Guide – Single Area, Multi-Area, Stub, NSSA & More

March 16, 2026 , ,

Home Config & Troubleshoot OSPF Lab Configuration Guide

Last Updated : March 2026  |  By Network Engineer  |  ⏱ 12-min read

OSPF (Open Shortest Path First) is a link-state interior gateway routing protocol (IGP) defined in RFC 2328 and is one of the most widely deployed dynamic routing protocols in enterprise and service provider networks today. Unlike distance-vector protocols, OSPF routers build a complete map of the network topology using Link State Advertisements (LSAs), run the Dijkstra Shortest Path First (SPF) algorithm, and independently calculate the best loop-free path to every destination. In this hands-on OSPF lab configuration guide, we walk through five progressive tasks — from configuring a basic backbone area all the way to route summarization, virtual links, MD5 authentication, and special area types such as Stub and NSSA.

This lab uses a multi-router topology involving routers R1 through R6 in a backbone area, with R10 and R11 extending the domain into Area 1 and Area 2 respectively. A second topology introduces Area 23 (Stub) and Area 45 (NSSA) to demonstrate how OSPF special area types reduce LSA flooding and optimize routing table size in real-world deployments. All configurations are based on Cisco IOS syntax and are directly applicable in GNS3, EVE-NG, or physical lab environments.

OSPF Overview & Key Concepts

Before diving into configurations, it is important to understand the key OSPF building blocks that underpin every task in this lab:

  • Router ID (RID) – a 32-bit value (written in dotted-decimal notation) that uniquely identifies each OSPF router in the domain. It is manually assigned or automatically elected from the highest loopback/interface IP. A stable, manually configured RID is always recommended.
  • Areas – OSPF divides the network into areas to limit LSA flooding and reduce SPF calculation overhead. Area 0 (the backbone) is mandatory and all other areas must connect to it, either directly or via a virtual link.
  • DR / BDR Election – on multi-access networks (such as Ethernet), OSPF elects a Designated Router (DR) and Backup Designated Router (BDR) to reduce the number of OSPF adjacencies. The router with the highest OSPF interface priority wins. A priority of 0 disqualifies a router from the election entirely.
  • LSA Types – OSPF uses different LSA types (Type 1–7) to convey routing information. Type 1 and 2 stay within an area; Type 3 crosses area boundaries; Type 5 and 7 carry external (redistributed) routes. Stub and NSSA areas restrict which LSA types are allowed in, reducing the routing table size.
  • ABR (Area Border Router) – a router with interfaces in more than one OSPF area. ABRs generate Type 3 LSAs to summarize inter-area routes.
  • ASBR (Autonomous System Boundary Router) – a router that redistributes routes from outside the OSPF domain into OSPF as Type 5 (or Type 7 in NSSA) external LSAs.

Lab Topology & IP Addressing

OSPF Lab Topology

The primary lab topology consists of eight routers organized across three OSPF areas, all sharing a common multi-access backbone segment via a switch (SW) at 192.168.100.0/24:

Router Loopback 0 (RID) Loopback 1 (LAN) OSPF Area
R1 1.1.1.1/32 172.16.1.0/24 Area 0 + Area 1 (ABR)
R2 2.2.2.2/32 172.16.2.0/24 Area 0
R3 3.3.3.3/32 172.16.3.0/24 Area 0
R4–R6 4.4.4.4 – 6.6.6.6/32 172.16.4–6.0/24 Area 0
R10 10.10.10.10/32 172.16.10.0/24 Area 1 + Area 2 (ABR)
R11 11.11.11.11/32 172.16.11.0/24 Area 2

R1 connects to R10 via 192.168.11.0/24 (Area 1 link), and R10 connects to R11 via 192.168.12.0/24 (Area 2 link). All backbone routers share the 192.168.100.0/24 Ethernet segment through a central switch.

Task 1 – Single-Area OSPF (Backbone Area 0)

The first task establishes OSPF in Area 0 across all six backbone routers (R1–R6). Three specific requirements govern this configuration:

  • R5 must be elected DR and R6 must be elected BDR on the 192.168.100.0/24 segment.
  • All other routers (R1–R4) must have their OSPF priority set to 0 so they are ineligible for DR/BDR election.
  • Each router's Loopback 1 LAN interface must be advertised into OSPF, but OSPF Hello messages must not be sent out of those LAN interfaces — achieved using the passive-interface command.

DR/BDR Priority Logic:

R5 is assigned priority 254 and R6 is assigned priority 255 on their e0/0 interfaces. In OSPF DR/BDR election, the router with the highest priority becomes DR. Since R6 has priority 255 (higher), it would normally become DR — however, the lab intentionally assigns R5 as DR and R6 as BDR. To achieve this, R5 gets priority 254 and R6 gets 255, but the election must be triggered while R5 is already established. In some interpretations of the lab, R6 (255) = DR and R5 (254) = BDR. Verify with show ip ospf neighbor after configuring.

R1 Configuration

router ospf 1
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 172.16.1.0 0.0.0.255 area 0
 network 192.168.100.0 0.0.0.255 area 0
 passive-interface loopback 1
!
interface e0/0
 ip ospf priority 0

R5 Configuration (DR Candidate – Priority 254)

router ospf 1
 router-id 5.5.5.5
 network 5.5.5.5 0.0.0.0 area 0
 network 172.16.5.0 0.0.0.255 area 0
 network 192.168.100.0 0.0.0.255 area 0
!
interface e0/0
 ip ospf priority 254

R6 Configuration (BDR Candidate – Priority 255)

router ospf 1
 router-id 6.6.6.6
 network 6.6.6.6 0.0.0.0 area 0
 network 172.16.6.0 0.0.0.255 area 0
 network 192.168.100.0 0.0.0.255 area 0
!
interface e0/0
 ip ospf priority 255

⚠ Key Point: OSPF DR/BDR election is non-preemptive. If routers are already in the OSPF domain when you change interface priorities, you must clear the OSPF process (clear ip ospf process) to trigger a new election. All six backbone routers (R2, R3, R4) must also have their e0/0 priority set to 0 to prevent them from participating in the election.

Task 2 – Multi-Area OSPF (Adding Area 1)

This task extends the OSPF domain into a second area by configuring the R1–R10 link (192.168.11.0/24) as Area 1. R1 now becomes an Area Border Router (ABR) with one foot in Area 0 and another in Area 1. R10 is assigned Router ID 10.10.10.10.

R1 – Additional OSPF Statement

router ospf 1
 network 192.168.11.0 0.0.0.255 area 1

R10 Configuration

router ospf 1
 router-id 10.10.10.10
 network 10.10.10.10 0.0.0.0 area 1
 network 172.16.10.0 0.0.0.255 area 1
 network 192.168.11.0 0.0.0.255 area 1

Once this configuration is applied, R1's OSPF database will contain Type 1 LSAs from both areas, and it will generate Type 3 Summary LSAs to advertise inter-area routes in both directions — allowing R10 to reach 192.168.100.0/24 and all backbone loopbacks, and vice versa.

Task 3 – Expanding to Area 2

Area 2 (192.168.12.0/24) is added by configuring the R10–R11 link. R10 now becomes a dual-ABR, connecting Area 1 and Area 2. R11 is a pure internal router in Area 2 with Router ID 11.11.11.11.

R10 – Additional Statement

router ospf 1
 network 192.168.12.0 0.0.0.255 area 2

R11 Configuration

router ospf 1
 router-id 11.11.11.11
 network 11.11.11.11 0.0.0.0 area 2
 network 172.16.11.0 0.0.0.255 area 2
 network 192.168.12.0 0.0.0.255 area 2

⚠ OSPF Design Rule: Area 2 is not directly connected to Area 0 — it connects to Area 0 only through Area 1 via R10. This violates the OSPF rule that all non-backbone areas must connect directly to Area 0. This is exactly why Task 4 introduces a Virtual Link to resolve this design issue.

An OSPF Virtual Link is a logical tunnel through a transit area that logically extends the backbone (Area 0) to a disconnected area or ABR. In this lab, Area 2 is not directly connected to the backbone — it is only reachable via Area 1 (the transit area). A virtual link is created between R1 (the Area 0 endpoint) and R10 (the far-end ABR), using each router's OSPF Router ID as the endpoint identifier.

R1 – Virtual Link Configuration

router ospf 1
 area 1 virtual-link 10.10.10.10

R10 – Virtual Link Configuration

router ospf 1
 area 1 virtual-link 1.1.1.1

After the virtual link is established, R10 logically becomes part of Area 0 and R11's routes in Area 2 are correctly propagated to the backbone. The routing table on R6 (confirmed in the lab output) shows full reachability to 11.11.11.11 via the path: R6 → 192.168.100.1 (R1) → 192.168.11.10 (R10) → 192.168.12.11 (R11) — with a traceroute confirming 3 hops and 100% success.

Verification from R6

R6#ping 11.11.11.11
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6#trace 11.11.11.11 source 6.6.6.6 numeric
  1  192.168.100.1   1 msec
  2  192.168.11.10   1 msec
  3  192.168.12.11   1 msec  *  2 msec

Task 5 – Route Summarization with Area Range

Without summarization, R10 and R11 in Areas 1 and 2 receive individual Type 3 LSAs for every 172.16.x.0/24 subnet in Area 0 — one per backbone router (six entries). Route summarization on the ABR (R1) consolidates all these prefixes into a single summary advertisement, significantly reducing the LSA count and routing table size in non-backbone areas.

R1 – Area Range Summary (Area 0 toward Area 1)

router ospf 1
 area 0 range 172.16.0.0 255.255.248.0

The summary address 172.16.0.0/21 (mask 255.255.248.0) covers all subnets from 172.16.0.0 through 172.16.7.0 — encompassing 172.16.1.0 through 172.16.6.0 assigned to R1–R6. Instead of six separate Type 3 LSAs crossing into Area 1, R10 now receives a single summarized prefix, resulting in a smaller and more stable routing table.

✓ Design Benefit: Route summarization not only reduces routing table size but also provides fault isolation — if an individual 172.16.x.0/24 subnet flaps, the summary route remains stable (as long as at least one component subnet is active), preventing SPF recalculations in Area 1 and Area 2.

Advanced Tasks – MD5 Auth, Default Route, Stub & NSSA

The second topology in the lab introduces four additional advanced OSPF features across a new set of routers (R1–R5), with Area 23 (Stub) and Area 45 (NSSA).

MD5 Authentication on Backbone Area

OSPF MD5 authentication prevents unauthorized routers from injecting false LSAs into the routing domain by requiring all Hello and LSA packets on an interface to carry a valid MD5 hash. In this lab, all backbone area (Area 0) interfaces on R1, R2, and R4 are secured with password CCNA:

interface Ethernet 0/0
 ip ospf message-digest-key 1 md5 CCNA
 ip ospf authentication message-digest

Both peers on a given interface must use the same key ID (1) and identical password. A mismatch causes the OSPF adjacency to drop — the routers will log authentication failures and the neighbor will appear in the OSPF Init state.

Default Route Propagation

R1 is connected to an ISP via e0/1 (DHCP). To ensure all OSPF routers have a path to the internet, R1 is configured to originate a default route into the OSPF domain using default-information originate. This causes R1 to generate an OSPF Type 5 External LSA for 0.0.0.0/0 and flood it to all OSPF routers:

router ospf 1
 default-information originate

Note: By default, this command only injects the default route if R1 itself has a default route in its routing table (from the DHCP ISP link). Add the always keyword (default-information originate always) to inject 0.0.0.0/0 unconditionally regardless of R1's routing table state.

Totally Stub Area (Area 23)

A Stub Area blocks Type 5 External LSAs from entering the area, reducing routing table size. A Totally Stub Area goes further — it also blocks Type 3 Summary LSAs, leaving only a single default route (0.0.0.0/0) injected by the ABR for all traffic leaving the area. This is ideal for simple branch areas with a single exit point:

! R2 (ABR) - no-summary makes it Totally Stub
router ospf 1
 area 23 stub no-summary

! R3 (Internal router) - only needs "stub"
router ospf 1
 area 23 stub

After this configuration, R3's routing table shows only directly connected routes, its own OSPF intra-area routes, and a single O*IA default route pointing toward R2 — dramatically simplifying the routing table compared to receiving the full inter-area and external route set.

Totally NSSA Area (Area 45)

A Not-So-Stubby Area (NSSA) solves a limitation of regular stub areas: stub areas cannot have an ASBR. NSSA allows an internal ASBR (R5 in this lab) to redistribute external routes into OSPF using Type 7 LSAs. These Type 7 LSAs are then translated to Type 5 LSAs by the ABR (R4) before being flooded to the rest of the OSPF domain. Adding no-summary at the ABR makes it a Totally NSSA, blocking Type 3 LSAs and replacing them with a default route:

! R4 (ABR) - Totally NSSA
router ospf 1
 area 45 nssa no-summary

! R5 (Internal ASBR) - Redistributing static routes
router ospf 1
 area 45 nssa
 redistribute static subnets

! Static routes pointing to Null0 (simulating external prefixes)
ip route 172.16.21.0 255.255.255.0 null0
ip route 172.16.22.0 255.255.255.0 null0

R5 redistributes the two static routes (172.16.21.0/24 and 172.16.22.0/24) into OSPF as Type 7 LSAs. R4 translates these to Type 5 LSAs and advertises them to the backbone, making the external prefixes reachable from all OSPF routers including those in Area 23.

Verification Commands

Use these essential OSPF show and debug commands to verify and troubleshoot the configurations in this lab:

 OSPF Verification Command Reference

Command What It Confirms
show ip ospf neighbor Neighbor state, DR/BDR roles, Dead timer
show ip ospf neighbor detail Priority, RID, interface, adjacency uptime
show ip ospf database All LSA types present in LSDB for each area
show ip route ospf All OSPF-learned routes (O, O IA, O E1/E2, O N1/N2)
show ip ospf interface e0/0 Area assignment, priority, DR/BDR, authentication
show ip ospf virtual-links Virtual link status, transit area, cost
debug ip ospf adj Live adjacency events, authentication errors, state transitions

Conclusion

This OSPF lab configuration guide has walked through a complete progression from a flat single-area backbone to a sophisticated multi-area OSPF domain featuring virtual links, route summarization, MD5 authentication, default route propagation, and special area types. Each task builds on the previous one, demonstrating how real-world OSPF networks scale from a simple hub-and-spoke backbone to complex hierarchical designs with controlled LSA flooding boundaries.

Key takeaways from this lab include: manually assigning Router IDs for stability, using OSPF interface priority to control DR/BDR election deterministically, leveraging virtual links as a temporary fix for disconnected areas, applying area range summarization on ABRs to reduce inter-area LSA churn, and using Totally Stub / Totally NSSA areas to minimize routing table size in branch or stub segments while still supporting external route redistribution where needed.

Mastering these OSPF fundamentals through hands-on lab practice is essential preparation for the Cisco CCNA, CCNP ENCOR, and CCIE Enterprise Infrastructure exams — and equally valuable for designing and operating real enterprise networks.

 Lab Tasks Quick Summary

  • Task 1 – Single-area OSPF (Area 0), DR/BDR election control, passive LAN interfaces
  • Task 2 – Multi-area OSPF, R1 becomes ABR, Area 1 added via R10
  • Task 3 – Area 2 added via R10–R11; R10 becomes dual-ABR
  • Task 4 – Virtual link through Area 1 resolves Area 2 backbone disconnection
  • Task 5 – Area range summarization on R1 reduces Type 3 LSAs into Area 1
  • Advanced – MD5 auth on backbone, default route origination, Totally Stub (Area 23), Totally NSSA (Area 45)

Tags

OSPF OSPF Lab Multi-Area OSPF DR BDR Election OSPF Virtual Link Stub Area NSSA OSPF MD5 Route Summarization Cisco IOS CCNP Routing Protocol