I rescue a fair bit of kit. Much of it "(networked) appliances". As I've no idea of its past pedigree, I typically bring it up using a sacrificial laptop (one that I can wipe and rebuild in a matter of minutes) on a two node network (the laptop and the DUT).
I'm *tempted* (but wary) to serve up a small subnet off my main network via DHCP (most appliances seem to want dynamically assigned IP's -- if not "as is", then "when reset to factory defaults").
But, this opens up the hosts on the network to any malware on the device in question. If I introduce a firewall/filter between the particular router ports and the device, then I've got to deal with tweaking that "as appropriate" for the particular device -- and, hope I don't overlook something (like how it may have been configured for the previous device, days/weeks/months earlier).
I.e., it doesn't look like there's a "100% safe" way to do this. That I should stick to the sacrificial laptop approach?
How do others handle this? Or, just blissful ignorance? :>