Currently I am using the simple solution as you shown in the screen shot .That is permitted ip .
I am trying to learn something new .
I can just creat a vlan in dc .
But my worry is if someone put a deny policy and he can deny management network also ?
Under normal circumstances you really can't create security policy which will block access to the management interface and prevent access.