[cisco-nas] vlan information via accounting

[Hefin James [ahj]]

Hi Everyone,

I'm just altering the way we log things here, and looking to see if I can use perl within FreeRadius to log information directly into an SQL database, but I'm having a little bit of trouble with accounting logs from switches not containing the Tunnel information. (eg: Tunnel-Private-Group-Id, Tunnel-Type, Tunnel-Medium-Type) All out switch ports are dot1x enabled, with dynamic vlan assignment, hence needing to know if the switch has set the switch port to what we've authorised it too. 
Accounting from Wireless authenticated users (from Cisco Wireless Controllers) contains all  this information, but I can't seem to get the correct configuration for Cisco switches, and am beginning to think that it's not possible to get this information via accounting.

Anybody have any idea? (This covers 2960, 2960X, 3560, etc)

Config example - 

aaa accounting dot1x default start-stop group radius

int gi1/0/1
 description DOT1X
 switchport access vlan XX
 switchport mode access
 switchport voice vlan YY
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 authentication control-direction in
 authentication port-control auto
 authentication periodic
 mls qos trust device cisco-phone
 mls qos trust cos
 dot1x pae authenticator
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

Thanks,
Hefin

--------------------------------------------------------------
Hefin James
Rheolwr Gwrp Seilwaith TGC / ICT Infrastructure Group Manager 
Gwasanaethau Gwybodaeth / Information Services, 
Prifysgol Aberystwyth / Aberystwyth University.
--------------------------------------------------------------