On Fri, 18 Dec 2015 08:36:18 +0100 Gro-Anita Hillestad Vindheim gro-anita.vindheim@ntnu.no wrote:
At NTNU, we use Arnold to automatic disable switchports based on netflow-statistics. Our netflow-server provides a list of IP-addresses (a file). This file is transferred to the nav-server (ssh, I think), and Arnold disables the switchports where the IP-addresses were last seen. Morten is the creator of it, and knows all the details J
Usage of this system is documented:
https://nav.uninett.no/doc/4.3/reference/arnold.html?#start-arnold-py
This does sound somewhat like what Tal Bar-Or is asking for.
As long as the NAV API has only one token “to rule them all”, I’m a bit skeptical to allow the API to disable ports.
We would not want to add write-type API endpoints until we change the token auth system, no. We have multiple users asking for this by now, so we should definitely have a look at it in 2016.
-- Morten Brekkevold UNINETT