Hi,
I'm looking for some best practices or recommendations concerning how to implement a secure ethernet out-of-band management of a network infrastructure with mainly cisco catalyst switches.
I already found some information in the SAFE design guide (http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg.pdf).
Furthermore, does anybody know if it's possible to deactivate inband mangement completely when using oob ethernet mgmt ports, for example on a cat4500e with sup6?
Or alternatively allow management access only to one defined ip interface, without using acls on all ip interfaces?
Best Regards,
Thorsten