diff --git a/configMaker.nix b/configMaker.nix
index 601ac4a..db938c3 100644
--- a/configMaker.nix
+++ b/configMaker.nix
@@ -33,9 +33,12 @@ let module_inst = {
       };
     };
     vlans = {
-      "users" = [ { begin = 3045; end = 4094; } ];
-      "admin" = [ 3000 ];
-      "uplink-cri" = [ 223 ];
+      "users".ids = [ { begin = 3045; end = 4094; } ];
+      "admin" = {
+        ids = [ 3000 ];
+        management = "10.0.0.2/22";
+      };
+      "uplink-cri".ids = [ 223 ];
     };
   };
   module = import ./moduleMaker.nix [
diff --git a/moduleMaker.nix b/moduleMaker.nix
index 9227414..643e39a 100644
--- a/moduleMaker.nix
+++ b/moduleMaker.nix
@@ -8,8 +8,23 @@ in with lib; {
         begin = mkOption { type = types.ints.unsigned; };
         end = mkOption { type = types.ints.unsigned; };
       };
+      vlan_type.options = {
+        ids = mkOption {
+          type = types.listOf (types.either types.ints.unsigned (types.submodule range_type));
+          default = [ ];
+        };
+        management = mkOption {
+          # FIXME : support ipv4 and ipv6, either static or dhcp (with the coffee)
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            IP address with wich to permit management on this vlan.
+            Only one vlan can set an IP (this module limitation, not switch).
+          '';
+        };
+      };
     in mkOption {
-      type = types.attrsOf (types.listOf (types.either types.ints.unsigned (types.submodule range_type)));
+      type = types.attrsOf (types.submodule vlan_type);
     };
     interfaces = let
       template = name: {
@@ -94,16 +109,37 @@ in with lib; {
             "${builtins.toString id.begin}-${builtins.toString id.end}";
         in ''<vlan-id-list>${list}</vlan-id-list>'';
       vlan_map = vlan: let
-        ids = map id_map cfg.vlans.${vlan};
+        ids = map id_map cfg.vlans.${vlan}.ids;
+        mgmt_flag = if !builtins.isNull cfg.vlans.${vlan}.management
+          then "<l3-interface>irb.0</l3-interface>" else "";
       in ''
         <vlan>
           <name>${vlan}</name>
+          ${mgmt_flag}
           ${builtins.concatStringsSep "\n" ids}
         </vlan>'';
     in map vlan_map (builtins.attrNames cfg.vlans);
+    irb_intf = let
+      addresses = map (vlan: vlan.management) (builtins.attrValues cfg.vlans);
+      addr = builtins.foldl' (acc: addr: if !builtins.isNull addr then addr else acc) null addresses;
+    in if !builtins.isNull addr then ''
+      <interface>
+        <name>irb</name>
+        <unit>
+          <name>0</name>
+          <family>
+            <inet>
+              <address><name>${addr}</name></address>
+            </inet>
+          </family>
+        </unit>
+      </interface>
+    ''
+    else "";
   in [ ''
     <interfaces>
-    ${builtins.concatStringsSep "\n" interface_xmls}
+      ${builtins.concatStringsSep "\n" interface_xmls}
+      ${irb_intf}
     </interfaces>
     <vlans>
     ${builtins.concatStringsSep "\n" vlans}