DM***時使用OSPF時鄰居不斷UPDOWN

配置完OSPF後一直報錯。

*Aug  4 03:18:38.935: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXCHANGE to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:39.655: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done
Hub(config-router)#
*Aug  4 03:18:43.787: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:44.011: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:44.603: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done
Hub(config-router)#
*Aug  4 03:18:53.567: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:53.779: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXCHANGE to DOWN, Neighbor Down: Adjacency forced to reset
*Aug  4 03:18:54.387: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done

拓撲以下

hub:

interface tunnel 0

 ip ospf network broadcast

 ip ospf priority 255

spoke (R4 R5) 配置以下

interface tunnel 0

 ip ospf network broadcast

 ip ospf priority 0

完美解決，這是由於tunnel默認爲point-point端口類型，tunnel的鄰居超過兩個，致使鄰居關係一直UPDOWN。這也是OSPF 基礎知識點啦。

附完整配置：（本實驗SPOKE1爲穿越NAT的客戶1，SPOKE2爲標準客戶2。即模擬了標準的DM×××+OSPF，又結合了NAT穿越的場景。使用用戶能更好的掌握相關技能。）

HUB：

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
!
!        
crypto ipsec transform-set test esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile testprofile
 set transform-set test

!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip address 192.168.1.254 255.255.255.0
 ip ospf network point-to-point
!
interface Tunnel0
 ip address 172.16.1.100 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 10
 ip nhrp cache non-authoritative
 ip nhrp redirect
 ip ospf network broadcast
 ip ospf cost 255
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile testprofile

！

interface FastEthernet0/0
 ip address 10.0.12.1 255.255.255.0
 duplex auto
 speed auto

！

router ospf 1
 log-adjacency-changes
 network 172.16.1.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.0.12.2
no ip http server
no ip http secure-server

！

NAT1：

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.23.3 255.255.255.0
 ip nat outside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.35.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto

！

ip route 0.0.0.0 0.0.0.0 10.0.23.2
ip route 172.16.1.1 255.255.255.255 10.0.35.5
ip route 192.168.5.0 255.255.255.0 10.0.35.5
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload

SPOKE1（R5）

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile testprofile
 set transform-set test

！

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback5
 ip address 192.168.5.254 255.255.255.0
 ip ospf network point-to-point
!        
interface Tunnel0
 ip address 172.16.1.1 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco
 ip nhrp map multicast 10.0.12.1
 ip nhrp map 172.16.1.100 10.0.12.1
 ip nhrp network-id 10
 ip nhrp nhs 172.16.1.100
 ip nhrp cache non-authoritative
 ip nhrp shortcut
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile testprofile
!
interface FastEthernet0/0
 ip address 10.0.35.5 255.255.255.0
 duplex auto
 speed auto
!

router ospf 1
 log-adjacency-changes
 network 172.16.1.0 0.0.0.255 area 0
 network 192.168.5.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.0.35.3

spoke（R4）：

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile testprofile
 set transform-set test

！

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Tunnel0
 ip address 172.16.1.2 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco
 ip nhrp map multicast 10.0.12.1
 ip nhrp map 172.16.1.100 10.0.12.1
 ip nhrp network-id 10
 ip nhrp nhs 172.16.1.100
 ip nhrp cache non-authoritative
 ip nhrp shortcut
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile testprofile
!
interface FastEthernet0/0
 ip address 10.0.24.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.46.4 255.255.255.0
 duplex auto
 speed auto

！

router ospf 1
 log-adjacency-changes
 network 10.0.46.0 0.0.0.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.0.24.2
no ip http server
no ip http secure-server

R6：

interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface Loopback6
 ip address 192.168.6.254 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 ip address 10.0.46.6 255.255.255.0
 duplex auto
 speed auto

！

router ospf 1 log-adjacency-changes network 10.0.46.0 0.0.0.255 area 0 network 192.168.6.0 0.0.0.255 area 0