API capabilities
Alan DeKok
aland at deployingradius.com
Thu Feb 1 19:24:36 CET 2018
On Feb 1, 2018, at 1:03 PM, Tunc Gunergun <tgunergun at gmail.com> wrote:
>
> I never installed/used free radius before however I'm tasked to assess
> its Rest API capabilities and see whether following 802.1.x use case
> is workable.
FreeRADIUS implements RADIUS. It doesn't implement a REST API.
It can *call* a REST API. But if you want a REST server, you'll need to install a web server.
> - Controller asks FreeRadius to block a specific IP address via API;
No. FreeRADIUS is a RADIUS server. You can't query it via an API.
All of the bulk data in FreeRADIUS is stored in databases. If you want to update IPs, users, etc, then put them into a database. And just use normal database calls to write to the database.
> - FreeRadius finds who owns that IP from authenticated user list;
This is a job for a database. Your application needs to query a database to find this information.
> - FreeRadius sends Radius CoA to 802.1x authenticator (Switch)
Your application can use "radclient" to send CoA packets.
> a. to reset user session (reject user authentication at next attempt
> or put user into default plan)
You need to mark up the database so that the user is rejected on their next authentication attempt.
> b. to reset user session and put user into a quarantine vlan X
> - Controller ask FreeRadius to unblock (release) a specific IP address via API.
Again, you need to put this information into a database. Then, just write to the database.
Alan DeKok.
More information about the Freeradius-Users
mailing list