Why bother using up an interface on the device. Look into using the serial port of the PC and the console port of the device (assuming the device has a console port, most do).

On most network devices (a switch being an arguable exception) Ethernet ports are in enough demand that using one up for management is not only overkill but also expensive.

Oh and if you are using an overlapped VLAN or even just a regular VLAN, any host on the switch can still sniff the traffic with ARP Poisoning, a little harder to do, but with EtterCap it's not even that hard.

Your latest solution is better, but still not that secure, Telnet never will be in it's current incarnation unless you use something like IPSec to encrypt it (which is a good idea if the device supports IPSec). You really need to examine your Security Models a little closer, modern attacks are very good and there is very little that people won't try. The best example is monitoring a home DSL line for an evening, see how many malicious hits you get!

"Nothing is sure but death and taxes" I say combine the two and its death to all taxes!