Hi Basically you build a parallel mgmt network through the mgmt ports on your devices all connecting back to mgmt switches to a firewall and then source all mgmt traffic through that port ssh/syslog/ntp etc , it separates production traffic from mgmt traffic so even say you have a storm that took down the network , you could still access over mgmt network and reach all devices. Separates control data plane completely in terms of access