Management Network Best Practices

networking best-practices vlan network-design

Don't permission your desktop; instead, have a bastion host (preferably a physical server rather than a VM) which is permitted to access the management VLAN, and ensure that only IT staff have credentials to log in to the machine. This is more scaleable than restricting access to your workstation, for two reasons:

1) If you (and your workstation) need to move to another floor/building, there are no implications to network management.

2) A single administrative control point; if/when you hire other administrators, all you need to do is give them access to the bastion host, rather than permission their machines on every network device they need to manage.


We do it by ACL. The network team is all on a vlan and that vlan can access the mgmt network. This may not work depending on the size of your organization. If there are only 1 or 2 members needing access, doing it by individual IP should work fine.

I tend to avoid multi-homing a machine, just because it feels dirty.

Related

Proper network configuration for a KVM guest to be on the same networks at the host
how can I draw a connecting line between the label and the plot in R
Creating paired array based on file name prefix match in bash
Multiple charactor match with LIKE clause
confused about this sentence
"[Brand] Terms and Privacy" vs. "the [Brand] Terms and Privacy"
confused about “…I may have tripped over someone else who's hiding”
Do I need the definite article? "In life" or "In the life"? [closed]
Do "No A or B" and "No A and B" mean the same thing? [duplicate]
I don't like it too [duplicate]
An adjective for a question that is right on the nail?
Term for "something that pursues goals" [closed]