The best design is to place all BMC and management interfaces on an isolated Out-of-Band network with access restricted by firewall rules. Out-of-Band management provides administrative access for hardware monitoring, remote console, power operations, firmware maintenance, and recovery actions even when the host operating system or production network is unavailable. Because BMC interfaces are powerful administrative control points, they should not share the same network as user traffic or the high-performance compute fabric. NVIDIA DGX guidance recommends restricting IPMI or BMC ports to an isolated, dedicated management network, using a separate firewalled subnet, or using a separate VLAN for BMC traffic when a dedicated network is unavailable. Allowing access from any subnet increases the attack surface and weakens operational security. Sharing the same switch or VLAN as production traffic can also expose management interfaces to congestion or unauthorized access. A dedicated OOB network improves security, reliability, and serviceability for DGX BasePOD operations.