Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
1
Replies

ISG session with duplicate mac addresses - ASR 1k

David Tsulaia
Level 1
Level 1

‎03-27-2014 06:02 AM - last edited on ‎03-25-2019 02:21 PM by Community Manager

Hello all,

I have an issue with current ISG implementation on ASR 1k.

We have subset of subscribers that are authenticated based on their mac address and another subset that are authenticated based on their c-vlan/s-vlan tag which is derived from nas-port-id. If two subscribers have identical mac addresses and one is authed based on mac and the other is based on c-vlan/s-vlan, the last one to auth kicks the previous authenticated session and takes it's place, which is totaly unacceptable. 

For subscribers with mac based auth, session initiatior is unclassified mac address, as for c-vlan/s-vlan based auth it is dhcp request.

Forgive the lack of details, if anything I am ready to supply any available and open info. Personaly I think this is just shortcoming of ASR 1k s ISG implementation, because I know for a fact that 9K BNG handles this situation very well and has a more precise definition of c-vlan/s-vlan than 1k.

Any ideas on how to tackle this?

Labels:
0 Helpful
1 Reply 1

Manuel Rodriguez
Cisco Employee
Cisco Employee

‎04-12-2014 03:24 AM

Hi,

Not sure if it would be possible since mac address is probably being used as a session key for both sessions (that's why the latest subscriber to come up, takes over the first one) even if you are using different identifiers (mac-address vs c-vlan/s-vlan).

Are these L2 subscribers or routed subscribers?

Could you provide a configuration of the ISG?

Regards.

0 Helpful
Customers Also Viewed These Support Documents