Cisco switch management port interface
The Cisco management port interface could be located at the back or front of the switch and has a yellow band around it like the picture below:
It is a layer 3 (routed) port and is typically named Fa0/0 or Gi0/0 with full duplex and autonegotiation.
Management Port in a stack
When the switches are in a stack, the interfaces can be plugged into a hub or a switch and will be active on the stack master switch as shown below:
Although the picture shows the ports connected to a hub, a switch will also work as long as the ports are all on the same VLAN. Upon a stack master failure, the management port will automatically migrate to the next master.
How to configure the port
The management port is a routed interface so the IP is assigned like a router port.
interface GigabitEthernet0/0 description MGMT Port vrf forwarding Mgmt-vrf ip address x.x.x.x 255.255.255.0 no shut
The Cisco switch creates a management vrf (virtual route forwarding) routing table by default, so you will need to put the default gateway for that interface in the management vrf routing table.
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0
To display the management port’s routing table issue the following:
show ip route vrf Mgmt-vrf
Depending on the features you use, below are optional configurations that you need to configure for each feature to use the management interface – Mgmt-vrf
Configure AAA authentication
Your radius and tacacs+ servers will need to be configured to use the Mgmt-vrf
aaa group server radius RADIUS server name x.x.x.x ip vrf forwarding Mgmt-vrf
aaa group server tacacs+ TACACS server name x.x.x.x ip vrf forwarding Mgmt-vrf
Configure VTY access-list
If you are using access-lists on your SSH server, you will also need to configure it to use Mgmt-vrf
line vty 0 15 access-class ACL in vrf-also transport input ssh
Configure NTP server
Your NTP servers will need to be configured to your the Mgmt-vrf
ntp server vrf Mgmt-vrf x.x.x.x
flow exporter EXPORTER destination x.x.x.x vrf Mgmt-vrf