|Anyway, what's with people continually telling me to disable web access to machines?|
Most important are security related issues. Viruses, worms, trojans etc on your network. However, if you're using Deep Freeze for the OS on the lab computers, or something like it, it's a moot issue as once you reboot, any changes made since boot up are gone.
Then there's the time wasted issue. Instead of paying attention or doing their course work, they'll be on facebook wasting time surfing unrelated things.
Those are the reason's, since you asked. If however, it's integral that you have internet access, I highly recommend something like Deep Freeze on the lab computers.
So I have to assign both vlans to the port??? You can assign multiple vlans to a port?
Since the two VLAN's are on different subnets you will still need a router to route between the two networks to allow internet access to the lab.
For instance, if your gateway is: 192.168.102.xxx any/all traffic coming from the 101 network will not get out until it has a route.
Yes, you can assign multiple VLAN's to a single port. This is normally only done in the case of trunk ports and I have some trunk's that have up to 20 different VLAN's on them. We however have a large environment and many VLANs/Subnets.
Essentially, this port of yours is a trunk port since it's the trunk between your switch and your gateway.