[rainsford]

That's an interesting idea, but it seems (without having played around with it or knowing you specific setup) like it comes with some security tradeoffs. In particular, MAC spoofing would be an effective way to VLAN hop, if not necessarily a threat you're worried about. It also seems like there is a possibility that devices connected to the same AP could talk to each other without having to go through the switch, bypassing the VLAN tagging entirely.

I'm honestly not sure if the second attack would work or if it would be AP specific, but I imagine most Wifi to wifi traffic through the same AP does not make a round trip through the Ethernet port. This wouldn't be an issue if the AP itself was applying and enforcing VLAN tags, but the MAC spoofing problem would still be an issue.