Hello, I was wondering what standard procedure was with regards to switch management VLANs.
i.e. I have created an out-of-band vlan on a series of switches for the purpose of management.
I have spare interfaces on these switches. Do I go ahead now and assign ports to the management VLAN, or is it better practice to wait until you actually need to manage the switch and then assign a port to the management VLAN at that time ? Perhaps this is a better for security purposes ?
Is either way standard practice, or does it not really matter ?
There is no standard practice. There are 2 ways to manage your devices, in band or out of band.
for in band, you create a vlan that has no physical port assign to it. You create an SVI for this vlan on each switch, give it an IP address and add the vlan to the trunk.
for out of band, you create a vlan and assign a physical port to it. You give an IP address to that physical port and connect the physical port to a management switch. Than connect the management switch to the rest of you network with proper routing configured. Best practice is to configure your management network before you configure the rest of the network. This way you can simply SSH or Telnet to the devices and not console.