Management IP address for switches

Super99

Good morning boys and girls.
I have a question regarding management ip addresses for switches.
Is it best practice to have a management vlan such as 99 or 999 for management in a large network?
Also, would this be a routed and trunked vlan?

d4nz1g

Management out of band (management traffic separated from data traffic) is always recommended. Wether by using vlans or some sort of physical segregation.

In a layer 3 switch, you can configure an IP address for an SVI interface on that vlan and assign it to an access port (or trunk) connecting it to your management infrastructure.

You can also issue a "no switchport" command on a switchport, assign a layer 3 address to it and connect it to an access port on your management vlan.

Some switch models are shipped with a dedicated management interface, that consists of a separate NIC (physical segregation from the data traffic at hardware level) that enables IP connectivity even in the case of a major hardware failure on the device (very useful for modular/chassis devices).

Priston

I've never seen vlan 99 or 999 used as a management vlan in a production environment.

If I'm given an address block of 172.18.192.0/20 and I plan on using all /24s in my network, I'm going to use the 3rd octet for my vlan numbering.

vlan 192 would be 172.18.192.0/24
vlan 193 would be 172.18.193.0/24

I would most likely reserve the first or last two subnets for management and infrastructure.

Also to add to what d4nz1g posted, VRFs can also be used to separate management interfaces from the rest of the network traffic.

Node Man

Yes a management vlan is a good idea. A Terminal Server are also another good idea.