OSPF Stub and NSSA configuration

You have been hired as a Network Engineer in an International Chemical Company. They have been running OSPF for very long time.  External routes are redistributed on router R1 which are propagating all through the OSPF domain. Recently they have done partnership with one of the Local Export company which run RIP in their Network.

  1. For efficiency, configure area 50 as a Stub.
  2. Redistribute RIP routes on R4 into OSPF domain.
  3. Configure area 50 as a nssa.
  4. Make sure that the area 50 can reach the External routes redistributed through Backbone ASBR.


Download the gns3 topology here:

OSPF Special Areas.rar
OSPF Special Areas_Solved.rar

IOS: c3660-ik9o3s-mz.124-15.T6.bin

1: To configure area 50 as stub, we have to to do the following configuration on R5 and R6.
R5(config)#router ospf 10
R5(config-router)#area 50 stub
R6(config)#router ospf 10
R6(config-router)#area 50 stub
 We can verify on router R6 that we are not getting External routes.

stub area

2: To redistribute RIP routes on R4 into OSPF domain, issue the following commands on R4.
router ospf 10
 redistribute rip subnets

3: To configure area 50 as a nssa, we have to do following configuration on R2, R3 and R4.
R2(config-router)#router ospf 10
R2(config-router)#area 11 nssa
R3(config-router)#router ospf 10
R3(config-router)#area 11 nssa
R4(config-router)#router ospf 10
R4(config-router)#area 11 nssa

We can verify on router R3 that now after configuring area 11 as a nssa, we are not getting Type-5 LSA (External routes), but at the same time we are receiving the external routes from R4 in the form of Type-7 LSAs.

nssa area

4: While verifying the solution for objective 3 i.e. the routes on R3 (above image), we can see that R3 can only receive external routes from the ASBR in the same area i.e. from R4, but cannot reach the external routes advertised by Backbone ASBR i.e. R3 cannot reach 10.x.x.x subnets advertised by R1. To resolve this issue, we can make the ABR of area 11 i.e. R2 to inject a default route into the area so that the routes in area 11 can reach the routes advertised by R1. To do so, we can use the following command.
R2(config-router)#router ospf 10
R2(config-router)#area 11 nssa default-information-originate

 Now we can see that R3 is receiving a default route.

So, our all objectives are completed. You can also download this lab for your practice.


Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration