08-21-2025 03:41 AM - edited 08-21-2025 03:43 AM
Hi all,
I am looking to move an existing AE1 interface which operates as an single OSPF transit to another AE3 port with other sub interfaces also configured.
What changes should be completed and considered when doing this to retain network connectivity?
Existing port
New port
I have amended the virtual router to use the new AE3.3501 interface instead of AE1.
The existing AE1 connects to a core switch which is a port-channel.
I am thinking this will need to be reconfigured as an SVI
int vlan3501
description pa3420 - Corp-OSPF
ip address 10.205.250.2 255.255.255.252
ip ospf network point-to-point
storm-control broadcast level bps 2m
vlan 3501
name - OSPF-CORP
I have also added the no passive interface command to vlan 3501
no passive-interface vlan3501
switchport trunk allowed vlan add 3501 to the switch side core uplinks.
The core currently uses AE1 to 10.205.250.1 as a default route. Will this be updated automatically from the Palo?
Can anyone assist with what else I may be missing switch and palo side?
08-21-2025 02:31 PM
Hello @M.Allen
thanks for post!
To me your configuration on both switch side as well as Firewall side looks complete. The only thing, I would considered to add is on Firewall side interface AE3.3501 as OSPF interface type p2p to match setting on switch side: configure-ospf (Point No. 5 in the manual).
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
