This is a much needed feature! We get around it right now using the method you mention (layered radius vip). To get more detailed info, like the session ID, we append it to the session.logon.last.username before the call to radius in VPE. Then in the irule we have on the radius virtual, we parse the username attribute, then set the appropriate attributes with RADIUS::avp. Note, there is a length limit to the username for radius. I know we hit it, but don't recall what it was.
So, in VPE have variable assign:
session.logon.last.username = return "[mcget {session.logon.last.username}]|[mcget {session.key}]"
then in irule for radius vip:
Code
when CLIENT_DATA {
set username {}
set key {}
scan [RADIUS::avp 1 "string"] {%[^|]|%s} username key
if {$key ne {}} {
log local0.err "found key, setting attribute 22 with $key"
RADIUS::avp insert 22 $key string
RADIUS::avp replace 1 $username string
}
}