⚠️ PCNSE OSPF Exam Gotchas

1. Advanced Routing vs. Virtual Routers

When Advanced Routing is enabled in PAN-OS 10.2 and later, OSPF configurations are managed under Logical Routers instead of traditional Virtual Routers. Be cautious when interpreting exam questions that mention "Advanced Routing"—they refer to Logical Routers.

2. OSPF on Tunnel Interfaces

Assigning OSPF to tunnel interfaces without proper IP addressing can lead to recursive routing issues. Ensure that each tunnel interface has a unique IP address before enabling OSPF to avoid routing loops.

3. Redistribution Profiles

When redistributing routes into OSPF, it's essential to:

• Configure a Redistribution Profile with the correct source type (e.g., static, connected).
• Apply the Redistribution Profile under the OSPF Export Rules.

Failure to do both will result in routes not being advertised into OSPF.

4. OSPF Area Types and LSA Propagation

Understanding the behavior of different OSPF area types is crucial:

• Stub Areas: Do not allow Type 5 LSAs (external routes).
• Totally Stubby Areas: Block both Type 3 (inter-area) and Type 5 LSAs.
• NSSA (Not-So-Stubby Areas): Permit external routes using Type 7 LSAs, which are converted to Type 5 by the ABR.

Misconfiguring area types can lead to unexpected routing behaviors.

5. OSPF Neighbor Adjacency States

OSPF neighbor relationships progress through several states. A common pitfall is assuming that a "2-Way" state indicates full adjacency. However, full adjacency is achieved in the "Full" state. Use the CLI command show routing protocol ospf neighbor to verify neighbor states.

6. OSPF Timers Mismatch

Ensure that OSPF Hello and Dead intervals match on neighboring interfaces. A mismatch will prevent neighbor relationships from forming. These settings can be verified and configured under the interface's OSPF settings.

7. Authentication Mismatches

If OSPF authentication is enabled, both neighbors must have matching authentication types and passwords. A mismatch will prevent the formation of neighbor relationships.

8. MTU Mismatches

OSPF requires matching MTU settings on both ends of a link. A mismatch can lead to neighbor relationships forming but failing to reach the "Full" state. Use the command show routing protocol ospf neighbor to check the state and troubleshoot accordingly.

9. Passive Interfaces

Marking an interface as passive in OSPF will prevent the sending of Hello packets, thereby stopping neighbor relationships from forming on that interface. Ensure that interfaces intended to form neighbor relationships are not set as passive.

10. Administrative Distances

Be aware of the default administrative distances in PAN-OS:

• OSPF Internal: 30
• OSPF External: 110
• Static Routes: 10
• Connected Routes: 0
• eBGP: 20
• iBGP: 200
• RIP: 120

Understanding these values is crucial when multiple routing protocols are in use, as the route with the lowest administrative distance is preferred.