Hi Everyone,
I'm just altering the way we log things here, and looking to see if I can use perl within FreeRadius to log information directly into an SQL database, but I'm having a little bit of trouble with accounting logs from switches not containing the Tunnel information. (eg: Tunnel-Private-Group-Id, Tunnel-Type, Tunnel-Medium-Type) All out switch ports are dot1x enabled, with dynamic vlan assignment, hence needing to know if the switch has set the switch port to what we've authorised it too.
Accounting from Wireless authenticated users (from Cisco Wireless Controllers) contains all this information, but I can't seem to get the correct configuration for Cisco switches, and am beginning to think that it's not possible to get this information via accounting.
Anybody have any idea? (This covers 2960, 2960X, 3560, etc)
Config example -
aaa accounting dot1x default start-stop group radius
int gi1/0/1
description DOT1X
switchport access vlan XX
switchport mode access
switchport voice vlan YY
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication port-control auto
authentication periodic
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
Thanks,
Hefin
--------------------------------------------------------------
Hefin James
Rheolwr Gwrp Seilwaith TGC / ICT Infrastructure Group Manager
Gwasanaethau Gwybodaeth / Information Services,
Prifysgol Aberystwyth / Aberystwyth University.
--------------------------------------------------------------
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
I'm just altering the way we log things here, and looking to see if I can use perl within FreeRadius to log information directly into an SQL database, but I'm having a little bit of trouble with accounting logs from switches not containing the Tunnel information. (eg: Tunnel-Private-Group-Id, Tunnel-Type, Tunnel-Medium-Type) All out switch ports are dot1x enabled, with dynamic vlan assignment, hence needing to know if the switch has set the switch port to what we've authorised it too.
Accounting from Wireless authenticated users (from Cisco Wireless Controllers) contains all this information, but I can't seem to get the correct configuration for Cisco switches, and am beginning to think that it's not possible to get this information via accounting.
Anybody have any idea? (This covers 2960, 2960X, 3560, etc)
Config example -
aaa accounting dot1x default start-stop group radius
int gi1/0/1
description DOT1X
switchport access vlan XX
switchport mode access
switchport voice vlan YY
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication port-control auto
authentication periodic
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
Thanks,
Hefin
--------------------------------------------------------------
Hefin James
Rheolwr Gwrp Seilwaith TGC / ICT Infrastructure Group Manager
Gwasanaethau Gwybodaeth / Information Services,
Prifysgol Aberystwyth / Aberystwyth University.
--------------------------------------------------------------
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas