Management Network Best Practices
Don't permission your desktop; instead, have a bastion host (preferably a physical server rather than a VM) which is permitted to access the management VLAN, and ensure that only IT staff have credentials to log in to the machine. This is more scaleable than restricting access to your workstation, for two reasons:
1) If you (and your workstation) need to move to another floor/building, there are no implications to network management.
2) A single administrative control point; if/when you hire other administrators, all you need to do is give them access to the bastion host, rather than permission their machines on every network device they need to manage.
We do it by ACL. The network team is all on a vlan and that vlan can access the mgmt network. This may not work depending on the size of your organization. If there are only 1 or 2 members needing access, doing it by individual IP should work fine.
I tend to avoid multi-homing a machine, just because it feels dirty.