配置完OSPF后一直报错。
*Aug 4 03:18:38.935: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXCHANGE to DOWN, Neighbor Down: Adjacency forced to reset*Aug 4 03:18:39.655: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading DoneHub(config-router)#*Aug 4 03:18:43.787: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset*Aug 4 03:18:44.011: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset*Aug 4 03:18:44.603: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading DoneHub(config-router)#*Aug 4 03:18:53.567: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset*Aug 4 03:18:53.779: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.254 on Tunnel0 from EXCHANGE to DOWN, Neighbor Down: Adjacency forced to reset*Aug 4 03:18:54.387: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done
拓扑如下
hub:
interface tunnel 0
ip ospf network broadcast
ip ospf priority 255
spoke (R4 R5) 配置如下
interface tunnel 0
ip ospf network broadcast
ip ospf priority 0
完美解决,这是因为tunnel默认为point-point端口类型,tunnel的邻居超过两个,导致邻居关系一直UPDOWN。这也是OSPF 基础知识点啦。
附完整配置:(本实验SPOKE1为穿越NAT的客户1,SPOKE2为标准客户2。即模拟了标准的DM×××+OSPF,又结合了NAT穿越的场景。使用用户能更好的掌握相关技能。)
HUB:
crypto isakmp policy 10 authentication pre-sharecrypto isakmp key test address 0.0.0.0 0.0.0.0!! crypto ipsec transform-set test esp-3des esp-md5-hmac mode transport!crypto ipsec profile testprofile set transform-set test
!interface Loopback0 ip address 1.1.1.1 255.255.255.255!interface Loopback1 ip address 192.168.1.254 255.255.255.0 ip ospf network point-to-point!interface Tunnel0 ip address 172.16.1.100 255.255.255.0 no ip redirects ip nhrp authentication cisco ip nhrp map multicast dynamic ip nhrp network-id 10 ip nhrp cache non-authoritative ip nhrp redirect ip ospf network broadcast ip ospf cost 255 tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel protection ipsec profile testprofile
!
interface FastEthernet0/0 ip address 10.0.12.1 255.255.255.0 duplex auto speed auto
!
router ospf 1 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0!ip route 0.0.0.0 0.0.0.0 10.0.12.2no ip http serverno ip http secure-server
!
NAT1:
interface Loopback0 ip address 3.3.3.3 255.255.255.255!interface FastEthernet0/0 ip address 10.0.23.3 255.255.255.0 ip nat outside ip nat enable ip virtual-reassembly duplex auto speed auto!interface FastEthernet0/1 ip address 10.0.35.3 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto
!
ip route 0.0.0.0 0.0.0.0 10.0.23.2ip route 172.16.1.1 255.255.255.255 10.0.35.5ip route 192.168.5.0 255.255.255.0 10.0.35.5no ip http serverno ip http secure-server!!ip nat inside source list 1 interface FastEthernet0/0 overload
SPOKE1(R5)
crypto isakmp policy 10 authentication pre-sharecrypto isakmp key test address 0.0.0.0 0.0.0.0!!crypto ipsec transform-set test esp-3des esp-md5-hmac mode transport!crypto ipsec profile testprofile set transform-set test
!
interface Loopback0 ip address 5.5.5.5 255.255.255.255!interface Loopback5 ip address 192.168.5.254 255.255.255.0 ip ospf network point-to-point! interface Tunnel0 ip address 172.16.1.1 255.255.255.0 no ip redirects ip nhrp authentication cisco ip nhrp map multicast 10.0.12.1 ip nhrp map 172.16.1.100 10.0.12.1 ip nhrp network-id 10 ip nhrp nhs 172.16.1.100 ip nhrp cache non-authoritative ip nhrp shortcut ip ospf network broadcast ip ospf priority 0 tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel protection ipsec profile testprofile!interface FastEthernet0/0 ip address 10.0.35.5 255.255.255.0 duplex auto speed auto!
router ospf 1 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 network 192.168.5.0 0.0.0.255 area 0!ip route 0.0.0.0 0.0.0.0 10.0.35.3
spoke(R4):
crypto isakmp policy 10 authentication pre-sharecrypto isakmp key test address 0.0.0.0 0.0.0.0!!crypto ipsec transform-set test esp-3des esp-md5-hmac mode transport!crypto ipsec profile testprofile set transform-set test
!
interface Loopback0 ip address 4.4.4.4 255.255.255.255!interface Tunnel0 ip address 172.16.1.2 255.255.255.0 no ip redirects ip nhrp authentication cisco ip nhrp map multicast 10.0.12.1 ip nhrp map 172.16.1.100 10.0.12.1 ip nhrp network-id 10 ip nhrp nhs 172.16.1.100 ip nhrp cache non-authoritative ip nhrp shortcut ip ospf network broadcast ip ospf priority 0 tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel protection ipsec profile testprofile!interface FastEthernet0/0 ip address 10.0.24.4 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1 ip address 10.0.46.4 255.255.255.0 duplex auto speed auto
!
router ospf 1 log-adjacency-changes network 10.0.46.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0!ip route 0.0.0.0 0.0.0.0 10.0.24.2no ip http serverno ip http secure-server
R6:
interface Loopback0 ip address 6.6.6.6 255.255.255.255!interface Loopback6 ip address 192.168.6.254 255.255.255.0 ip ospf network point-to-point!interface FastEthernet0/0 ip address 10.0.46.6 255.255.255.0 duplex auto speed auto
!
router ospf 1 log-adjacency-changes network 10.0.46.0 0.0.0.255 area 0 network 192.168.6.0 0.0.0.255 area 0