This suggestion depends a lot on how your vlans are set up and what version of Windows (I sure Windows 7 can do this) you are running, and there may be other security implications (local firewall on the Windows PC's), but here's one possible solution:
On the PC's running AirServer/Displaynote set up a virtual NIC, give it an IP or dhcp on your guest VLAN.
Now the iDevices should see those AirServers as being on the same network without having to join your domain VLAN.
That would mean tagging every port, its a possibility, plus forgot to mention all the machines are still on XP... (so airserver is moot afaik) I am going to recommend all the machines are upgraded to 7 during the summer.
On BYOD ? I've no idea of numbers yet - won't be a whole heap - seems a lot of work doing it that way, though I suppose once they are done they are done (although entering the network key would be interesting (how do you do that?)). The other issue with this would be lack of authentication on their devices - not a huge problem they would just have to be told to enter their domain username and password. Just trying to make this as transparent as possible!
We have some appletvs on the guest network at present, but if they were on domain they'd be a bit more flexible with displaynote / airserver (cheaper too) and similar apps, plus I'm not a huge fan of them (dropouts, picture size etc.)
Domain trusted computers on an untrusted networks, ummmmmm, eeep.
Surely the devil is in the detail (aka, I can't come up with any better - can you?). I'm sure you can say the same about just about any VPN connection. The questions would be who as physical access/uses the machine(s) with the VPN connection(s), how does the VPN initiate and what does it have access to once it's connected.
The other answer so far is to put BYOD devices on the domain...
You can see the conundrum I'm having, I don't think there is a single answer to it. It has to be one thing or another, can't think of one easy free solution
I'm thinking raspberry pi, but rather not have a full distro of xbmc on there (plus I think it only mirrors video and audio correct me if I'm wrong)
I looked around to see if some bright spark came up with just an airplay mirroring distro - not sure if one's been done yet.
Got the raspberry pi working on lan via vlan no problem, but this still isn't going to help with PC apps (which is moot until they decide I can upgrade everything to windows 7)
Staff IPads on the Domain IP range. Fine they are under your control so you can trust them. BYOD, no way even with NAC, accidents or maliciousness could turn your network to Swiss cheese before you knew what was going on.