You can't extract MAC from SLAACed IPv6 due to privacy extensions (RFC 4941).
Ah, I had already forgotten about that.
I like one-VLAN-per customer idea, but it doesn't always scale (in some environments you'd run out of VLANs).
Q-in-Q helps with the scaling, but admittedly only up to a certain point. As mentioned, we also have to come up with an alternative solution for the group-VLANs. So far DHCPv6 seems like the way to go in that case, but vendor support is still lacking. DHCPv6 IA_PD would be nice, but in 98% of the time we don't have control over the CPE. As Ivan mentioned, DHCPv6 Option37/38 would enable the same for IPv6, but the support just isn't there yet. Also, it's one thing to get vendor support and another thing to get bitstream operators to support it as well. ____________________________________ Tero Toikkanen Network Engineer Nebula Oy