OMG i just need to scream at somebody.

I work for a large government agency. I don't know if it matters that I
am based in Maryland while my production machinery is housed in New Mexico.

Part of ${LGA}'s security policy is that network switches cannot have ports
just turned on and waiting. I need to have a specific machine, that has
been approved to connect to that specific network; and I need to request
a specific port be activated for this specific machine. [1]

So far so good. However...

Another part of $LGA policy, a machine can only be attached to one port. [2]
So even though we allegedly have a pair of "redundant switches", each
machine is plugged into one or the other.

For our own convenience, we assign the switche ports as a pair, so if
(say) port 12 is in use on switch A, it will be empty on switch B. So in
theory, it's easy to tell the on-site people "Take all of the cables
out of Switch B and plug them into the like-numbered ports on Switch A."

At least, it would be easy... However...

The redundant ports are not turned on. That would be against $LGA policy.

As I found out just this morning, having a dead switch is not sufficient
to bypass the normal turning-on-a-switch-port procedure -- identify
the machine(s), submit a request, wait for the appropriate number of
signatures, and wait for the network team to turn the port on.

So in sum, I've got
* a dead switch
* 2 inaccessable machines
* a live "redundant" switch that I cannot plug these machines into

[1] Even further, the switches monitor the MAC address of the devices plugged
into it, so if I change the machine plugged into a port, the port will
auto-off itself.

[2] This is not 100% accurate, as we have machines with multiple networks
that are plugged into ports on other switches. I freely admit that I
don't fully understand the policies in question.

--hymie! http://lactose.homelinux.net/~hymie ***@lactose.homelinux.net