ok, I might have answered my question..

To test this out I have now connected the FaE0 to a dedicated temporary firewall on a physical interface and the same subnet both my switch and my management laptop. Both of them get the correct IP from DHCP. Both of them can ping each other in the this configuration.

However, initially I tried something different. I have configured one port of this switch as switchport mode access with a specific VLAN. Then I have plugged this port (GiE) to the FastEthernet0 port on the same switch. Same again, both laptop and FaE0 are on the same subnet. Both get the correct IP from DHCP. But now my switch is not pingable, nor can it ping anyone else, including my laptop.

So I think I am doing something wrong here. Can I not "hack" the OOB port in such a way? Does it truly mean I have to use another hardware set to connect to the switch over the OOB, because by plugging the same switch to itself essentially creates a switching loop, even though they are on a dedicated switchport VLAN?

Friends, you have interfafe abd it is l3 interface so there is no l2, the link connected SW to FW

Even if you connect to ant port abd use same subnet this not work

That different when you config vlan which have l2 and can connect to l2 port assign to that vlan

MHM

Sorry, I don't really understand what you are trying to say here..

The initial configuration was also L3, because OOB FastEthernet0 was connected to a FW via the _same switch_. Meaning, physically connected FastEthernet0 to GiE17, which had switchport access configured and the laptop is on the same subnet (and VLAN) and the FastEthernet0. I mean, you can't have L3 without L2

But I am not able to manage my switch from the same switch, right? I must put a L3 device between the FW and the FastEthernet0 and configure routing on my FW, so that I can then manage the switch, right?

Interface connection to FW did have vlan?

Vlan is not assign to l3 port 

That make PC abd interference connect to FW isolated. 

MHM