You would probably want three vlans. One VLAN for resources (printing and servers), a second VLAN as the standard data VLAN, and a third VLAN for Kid Data. Uplinks between network devices should be untagged, hosts should be tagged for their appropriate vlan. At the core you these three VLANs should be untagged for the ports going to resources (printing and servers) and the internet…
It’s best practice to not use VLAN 1… but in your situation the network is probably not a target of threat actors.
The WiFi networks can be added to the main data vlan. If you need the SSIDs separated, the. Make a fourth VLAN for the secondary SSID. These VLANs just need to cross over to whatever resources they need. This can be done with routing or just simple vlan tags on your L3 device…
You would probably want three vlans. One VLAN for resources (printing and servers), a second VLAN as the standard data VLAN, and a third VLAN for Kid Data. Uplinks between network devices should be untagged, hosts should be tagged for their appropriate vlan. At the core you these three VLANs should be untagged for the ports going to resources (printing and servers) and the internet… It’s best practice to not use VLAN 1… but in your situation the network is probably not a target of threat actors. The WiFi networks can be added to the main data vlan. If you need the SSIDs separated, the. Make a fourth VLAN for the secondary SSID. These VLANs just need to cross over to whatever resources they need. This can be done with routing or just simple vlan tags on your L3 device…