control-plane-agent and net store unlock state on a per-VLAN basis. However, monorail does not; it enables all tech ports when unlocked. This could be confusing if someone sends unlock commands on multiple ports; monorail's time-based unlock will fire at the time set by the most recent unlock.
We should either
Make monorail smarter (configuring the VLANs to enable one or both tech ports, instead of always enabling both), or
Make the other tasks dumber, with a single locked / unlocked state controlling their behavior
I'm leaning towards the latter, because it's hard to imagine a case where someone authorized is connected to TP1 and someone malicious is connected to TP2.
control-plane-agentandnetstore unlock state on a per-VLAN basis. However,monoraildoes not; it enables all tech ports when unlocked. This could be confusing if someone sends unlock commands on multiple ports;monorail's time-based unlock will fire at the time set by the most recent unlock.We should either
monorailsmarter (configuring the VLANs to enable one or both tech ports, instead of always enabling both), orI'm leaning towards the latter, because it's hard to imagine a case where someone authorized is connected to TP1 and someone malicious is connected to TP2.