1、形成邻居条件：

1）区域ID相同；

2）hello，dead时间一致； 3）认证，认证密码一致； 4）区域性质一致（例都是普通区域，或者都是末节区域等等）。  

2、验证

2.1、基本配置

R1:

en conf t no ip domain-lookup host R1 inter s1/1 ip add 10.10.1.1 255.255.255.252 description  to-R2-s1/0 no shut exit interface Loopback100  ip address 1.1.1.1 255.255.255.0 router ospf 100  network 10.10.1.1 0.0.0.0 area 0

R2:

en conf t no ip domain-lookup host R2 inter s1/0 ip add 10.10.1.2 255.255.255.252 description  to-R1-s1/1 no shut inter s1/1 ip add 10.10.2.1 255.255.255.252 description  to-R3-s1/0 no shut exit interface Loopback200  ip address 2.2.2.2 255.255.255.0 router ospf 200  network 10.10.1.2 0.0.0.0 area 0

//此邻居关系理论上已经建立成功：

R1#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

2.2.2.2           0   FULL/  -        00:00:39    10.10.1.2       Serial1/1

R2#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

1.1.1.1           0   FULL/  -        00:00:31    10.10.1.1       Serial1/0

2.2、验证过程

2.2.1、区域不同

把R2的区域修改成area 1

R2(config-router)#network 10.10.1.2 0.0.0.0 area 1

R2(config-router)# *Oct 23 15:53:50.927: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Oct 23 15:53:50.935: %OSPF-6-AREACHG: 10.10.1.2/32 changed from area 0 to area 1 *Oct 23 15:53:57.755: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 10.10.1.1, Serial1/0

//更改区域后，提示邻居关系已经中断，原因是区域号不一致，建议通过虚拟链路来实现。

R2(config-router)#do sh ip ospf nei

R2(config-router)#

//查看R2邻居已经丢失。

R1#sh ip ospf neighbor

R1#sh ip ospf neighbor

//查看R1邻居也已经丢失。

R2(config-router)#network 10.10.1.2 0.0.0.0 area 0

R2(config-router)# *Oct 23 15:58:03.699: %OSPF-6-AREACHG: 10.10.1.2/32 changed from area 1 to area 0 *Oct 23 15:58:03.759: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done R2(config-router)#do sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface

1.1.1.1           0   FULL/  -        00:00:33    10.10.1.1       Serial1/0 R2(config-router)#

//R2配置还原成area 0，邻居关系马上恢复。

R1#

*Oct 23 15:58:04.019: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Serial1/1 from LOADING to FULL, Loading Done

//R1邻居关系也恢复。

2.2.2 hello，dead时间一致；

注：基于接口来修改时间，修改hello时，dead时间同时修改，保持为hello的4倍。

默认的时间如下：

R2(config-if)#do sh ip ospf inter s1/0

Serial1/0 is up, line protocol is up   Internet Address 10.10.1.2/30, Area 0   Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     oob-resync timeout 40     Hello due in 00:00:05   Index 1/1, flood queue length 0   Next 0x0(0)/0x0(0)   Last flood scan length is 1, maximum is 1   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 1, Adjacent neighbor count is 1     Adjacent with neighbor 1.1.1.1   Suppress hello for 0 neighbor(s)

 

修改如下：

R2(config-if)#ip ospf hello-interval 20

//由10s修改20s

R2(config-if)#do sh ip ospf inter s1/0 Serial1/0 is up, line protocol is up   Internet Address 10.10.1.2/30, Area 0   Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 20, Dead 80, Wait 80, Retransmit 5     oob-resync timeout 80     Hello due in 00:00:18   Index 1/1, flood queue length 0   Next 0x0(0)/0x0(0)   Last flood scan length is 1, maximum is 1   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 1, Adjacent neighbor count is 1     Adjacent with neighbor 1.1.1.1   Suppress hello for 0 neighbor(s)

//已修改成为20s，同时dead时间也修改成80s

R2(config-if)#

R2(config-if)# *Oct 23 16:05:07.747: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

//提示邻居关系已中断，原因是dead时间不匹配。

还原配置：

R2(config-if)#no ip ospf hello-interval 20

R2(config-if)#do sh ip ospf inter s1/0    Serial1/0 is up, line protocol is up   Internet Address 10.10.1.2/30, Area 0   Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     oob-resync timeout 40     Hello due in 00:00:07   Index 1/1, flood queue length 0   Next 0x0(0)/0x0(0)   Last flood scan length is 1, maximum is 1   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 0, Adjacent neighbor count is 0   Suppress hello for 0 neighbor(s) R2(config-if)# *Oct 23 16:07:27.843: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

//邻居关系恢复。

单独修改dead时间：

R2(config-if)#ip ospf dead-interval 50

R2(config-if)#do sh ip ospf inter s1/0 Serial1/0 is up, line protocol is up   Internet Address 10.10.1.2/30, Area 0   Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 50, Wait 50, Retransmit 5     oob-resync timeout 50     Hello due in 00:00:00   Index 1/1, flood queue length 0   Next 0x0(0)/0x0(0)   Last flood scan length is 1, maximum is 1   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 1, Adjacent neighbor count is 1     Adjacent with neighbor 1.1.1.1   Suppress hello for 0 neighbor(s)

//只修改dead时间，hello时间不变

R2(config-if)#

*Oct 23 16:09:27.739: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

//邻居关系也会中断，提示与hello时间不同的现象一样。

R2(config-if)#no ip ospf dead-interval 50

*Oct 23 16:10:29.531: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

//再还原配置。

2.2.3 认证，认证密码一致；

1）3认证类型

无认证；

明文认证；

MD5认证；

2）必要条件

认证类型和密码都要一致。

3）各种情况验证

第一种：两端无认证，默认的配置就符合这种情况，故不在此做验证。

第二种：两端都为明文认证，此情况不需要在此做验证，真有疑问，请找cisco研发；

第三种：两端都为MD5认证，同上；

第四种：无认证+明文认证；

R1：配置不改

R2：改为明文认证

R2(config-if)#ip ospf authentication         

R2(config-if)#ip ospf authentication-key cisco R2(config-if)# *Oct 23 16:24:07.747: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired R2(config-if)#

//配置完成后，提示邻居已经中断；

在R1上开启debug后输出信息如下：

R1#debug ip ospf events

OSPF events debugging is on R1# *Oct 23 16:24:47.983: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/1 from 10.10.1.1 *Oct 23 16:24:49.675: OSPF: Rcv pkt from 10.10.1.2, Serial1/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0

//提示对方使用type 1（明文认证），我(R1)使用type 0（无认证）

 

第五种：无认证+MD5认证；

R1：配置不改

R2：改为MD5认证

R2(config-if)#ip ospf authentication message-digest

R2(config-if)#ip ospf authentication-key cisco

//邻居关系自然也是不能建立的。

查看R1的debug信息如下：

Oct 23 16:30:07.987: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/1 from 10.10.1.1

*Oct 23 16:30:09.639: OSPF: Rcv pkt from 10.10.1.2, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 0

//提示对方使用type 2（MD5认证），我(R1)使用type 0（无认证）

第六种：明文认证+MD5认证+key相同；

R2保持上面配置，

R1改为明文认证：

R1(config-if)#ip ospf authentication-ke

R1(config-if)#ip ospf authentication-key cisco

在R2上开启debug信息如下：

*Oct 23 16:34:49.411: OSPF: Send with youngest Key 0

*Oct 23 16:34:49.411: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 10.10.1.2 *Oct 23 16:34:57.763: OSPF: Rcv pkt from 10.10.1.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2

//提示认证类型不同。

还原认证配置。

2.2.4、区域性质一致

有点累了，所以省略，有时间再做了------------