Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISG session with duplicate mac addresses - ASR 1k

Hello all,

I have an issue with current ISG implementation on ASR 1k.

We have subset of subscribers that are authenticated based on their mac address and another subset that are authenticated based on their c-vlan/s-vlan tag which is derived from nas-port-id. If two subscribers have identical mac addresses and one is authed based on mac and the other is based on c-vlan/s-vlan, the last one to auth kicks the previous authenticated session and takes it's place, which is totaly unacceptable. 

For subscribers with mac based auth, session initiatior is unclassified mac address, as for c-vlan/s-vlan based auth it is dhcp request.

Forgive the lack of details, if anything I am ready to supply any available and open info. Personaly I think this is just shortcoming of ASR 1k s ISG implementation, because I know for a fact that 9K BNG handles this situation very well and has a more precise definition of c-vlan/s-vlan than 1k.

Any ideas on how to tackle this?

  • Other Service Provider Subjects
1 REPLY
Cisco Employee

Hi,Not sure if it would be

Hi,

Not sure if it would be possible since mac address is probably being used as a session key for both sessions (that's why the latest subscriber to come up, takes over the first one) even if you are using different identifiers (mac-address vs c-vlan/s-vlan).

Are these L2 subscribers or routed subscribers?

Could you provide a configuration of the ISG?

Regards.

66
Views
0
Helpful
1
Replies
This widget could not be displayed.