I have set up VLANs using the 802.11Q feature, but I noticed that even from a client that gets tagged with e.g. VLAN 86 that it can still access the web admin feature on port 80 and e.g. try to guess passwords repeatedly or submit bad requests that might make its web server crash.

Is there a way to have the web admin that is built into the switch (and also whatever port the configuration tool uses) only respond to connections from VLAN 1 and not accept connections from "untrusted" VLANs?