Here are some configuration examples that can be used to achieve the desired solution in the above scenario:
A. Chassis CBS1
1) XOS CLI configuration
#
circuit outside
device-name out
vap-group fw
ip-forwarding
default-egress-vlan-tag 76 hide-vlan-header
ip 172.16.15.1/24 172.16.15.255
#
interface ethernet 1/2
logical l12 ingress-vlan-tag 76 76
circuit outside
#
2) RSW OSPF configuration
interface out
ip ospf hello-interval 1
ip ospf dead-interval 6
!
router ospf 100
ospf router-id 192.168.33.170
area 4.4.1.4 nssa default-information-originate
network 172.16.15.0/24 area 4.4.1.4
!
B. Chassis CBS2
1) XOS CLI configuration
#
circuit outside
device-name out
vap-group fw
ip-forwarding
default-egress-vlan-tag 47 hide-vlan-header
ip 10.128.1.21/24 10.128.1.255
#
circuit inside
device-name in
vap-group fw
ip-forwarding
default-egress-vlan-tag 76 hide-vlan-header
ip 172.16.15.11/24 172.16.15.255
#
interface ethernet 1/2
logical l12 ingress-vlan-tag 76 76
circuit inside
interface ethernet 1/4
logical l14 ingress-vlan-tag 47 47
circuit outside
#
ip route 0.0.0.0 0.0.0.0 10.128.1.11 vap-group fw circuit outside
#
2) RSW OSPF configuration
interface in
ip ospf hello-interval 1
ip ospf dead-interval 6
!
interface out
!
router ospf 100
ospf router-id 192.168.33.50
passive-interface in
area 4.4.1.4 nssa default-information-originate
network 10.128.1.0/24 area 4.4.1.4
network 172.16.15.0/24 area 4.4.1.4
With this configuration, we can verify the OSPF routing table on the chassis CBS1 (with default N2 route via CBS2):
ospfd#show ip ospf route
OSPF process 100:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
N2 0.0.0.0/0 [20/1] via 172.16.15.11, out, Area 4.4.1.4
O 10.128.1.0/24 [20] via 172.16.15.11, out, Area 4.4.1.4
C 172.16.15.0/24 [10] is directly connected, out, Area 4.4.1.4
ospfd#
Important note: When distributing the default-route in OSPF NSSA, the configuration should be done in the OSPF area context, not in the OSPF global context; see the example below.
router ospf 100
area 4.4.1.4 nssa default-information-originate (OSPF area context; this is the correct configuration)
default-information originate (OSPF global context; this will take effect only on backbone areas)
Workaround
N/A