The switch does not allow management access from a device on the same VLAN
The implicit
deny any
function that the switch automatically applies as the last entry in any ACL always blocks packets having the same DA as the switch's IP address on the same VLAN. That is, bridged packets with the switch itself as the destination are blocked as a security measure.
To preempt this action, edit the ACL to include an ACE that permits access to the switch's DA on that VLAN from the management device.