Hello all,
I have an issue with current ISG implementation on ASR 1k.
We have subset of subscribers that are authenticated based on their mac address and another subset that are authenticated based on their c-vlan/s-vlan tag which is derived from nas-port-id. If two subscribers have identical mac addresses and one is authed based on mac and the other is based on c-vlan/s-vlan, the last one to auth kicks the previous authenticated session and takes it's place, which is totaly unacceptable.
For subscribers with mac based auth, session initiatior is unclassified mac address, as for c-vlan/s-vlan based auth it is dhcp request.
Forgive the lack of details, if anything I am ready to supply any available and open info. Personaly I think this is just shortcoming of ASR 1k s ISG implementation, because I know for a fact that 9K BNG handles this situation very well and has a more precise definition of c-vlan/s-vlan than 1k.
Any ideas on how to tackle this?