DM***时使用OSPF时邻居不断UPDOWN

配置完OSPF后一直报错。

*Aug  4 03:18:38.935: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXCHANGE to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:39.655: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done
Hub(config-router)#
*Aug  4 03:18:43.787: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:44.011: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:44.603: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done
Hub(config-router)#
*Aug  4 03:18:53.567: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:53.779: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXCHANGE to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:54.387: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done

拓扑如下

hub:

interface tunnel 0

 ip ospf network broadcast

 ip ospf priority 255

spoke (R4 R5) 配置如下

interface tunnel 0

 ip ospf network broadcast

 ip ospf priority 0

完美解决，这是因为tunnel默认为point-point端口类型，tunnel的邻居超过两个，导致邻居关系一直UPDOWN。这也是OSPF 基础知识点啦。

附完整配置：（本实验SPOKE1为穿越NAT的客户1，SPOKE2为标准客户2。即模拟了标准的DM×××+OSPF，又结合了NAT穿越的场景。使用用户能更好的掌握相关技能。）

HUB：

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
!
!        
crypto ipsec transform-set test esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile testprofile
 set transform-set test

!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip address 192.168.1.254 255.255.255.0
 ip ospf network point-to-point
!
interface Tunnel0
 ip address 172.16.1.100 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 10
 ip nhrp cache non-authoritative
 ip nhrp redirect
 ip ospf network broadcast
 ip ospf cost 255
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile testprofile

！

interface FastEthernet0/0
 ip address 10.0.12.1 255.255.255.0
 duplex auto
 speed auto

！

router ospf 1
 log-adjacency-changes
 network 172.16.1.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.0.12.2
no ip http server
no ip http secure-server

！

NAT1：

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.23.3 255.255.255.0
 ip nat outside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.35.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto

！

ip route 0.0.0.0 0.0.0.0 10.0.23.2
ip route 172.16.1.1 255.255.255.255 10.0.35.5
ip route 192.168.5.0 255.255.255.0 10.0.35.5
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload

SPOKE1（R5）

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile testprofile
 set transform-set test

！

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback5
 ip address 192.168.5.254 255.255.255.0
 ip ospf network point-to-point
!        
interface Tunnel0
 ip address 172.16.1.1 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco
 ip nhrp map multicast 10.0.12.1
 ip nhrp map 172.16.1.100 10.0.12.1
 ip nhrp network-id 10
 ip nhrp nhs 172.16.1.100
 ip nhrp cache non-authoritative
 ip nhrp shortcut
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile testprofile
!
interface FastEthernet0/0
 ip address 10.0.35.5 255.255.255.0
 duplex auto
 speed auto
!

router ospf 1
 log-adjacency-changes
 network 172.16.1.0 0.0.0.255 area 0
 network 192.168.5.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.0.35.3

spoke（R4）：

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile testprofile
 set transform-set test

！

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Tunnel0
 ip address 172.16.1.2 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco
 ip nhrp map multicast 10.0.12.1
 ip nhrp map 172.16.1.100 10.0.12.1
 ip nhrp network-id 10
 ip nhrp nhs 172.16.1.100
 ip nhrp cache non-authoritative
 ip nhrp shortcut
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile testprofile
!
interface FastEthernet0/0
 ip address 10.0.24.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.46.4 255.255.255.0
 duplex auto
 speed auto

！

router ospf 1
 log-adjacency-changes
 network 10.0.46.0 0.0.0.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.0.24.2
no ip http server
no ip http secure-server

R6：

interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface Loopback6
 ip address 192.168.6.254 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 ip address 10.0.46.6 255.255.255.0
 duplex auto
 speed auto

！

router ospf 1
 log-adjacency-changes
 network 10.0.46.0 0.0.0.255 area 0
 network 192.168.6.0 0.0.0.255 area 0

转载于:https://blog.51cto.com/ringwater/1841525