Can I segment my network based on two different criteria?

Solution 1:

Nested VLANs are a thing, but they're like building a tunnel inside a tunnel, and you'd have to have equipment that can support it (and licensing if required). A better method is to assign a specific subnet to a specific campus, then mirror your VLAN allocation across subnets. This would allow consistent VLAN usage across multiple campuses, while localizing traffic to specific subnets/campuses. It's also cleaner and natively supported on all layer 2 switches.

E.g.

enter image description here

Solution 2:

Nesting VLANs isn't really necessary and it's way overkill in your scenario.

You should use routed links between locations, not switched links. That way, VLANs don't span across locations at all, allowing you to re-use their IDs. However, I wouldn't recommend doing so - it's generally a good idea to not duplicate VLAN IDs but use a common scheme.

For instance, you could use VLAN 110 on location 1 and VLAN 210 on location 2 for the same purpose. That way, you could use a common VLAN plan across locations if that became necessary. Using duplicate IDs for distinct subnets would force you to renumber the VLANs which isn't much fun.

Regarding it would be nice to segment by campus - you shouldn't do so because it's nice or because you can. You should do so to improve network security. Plan for different security zones - like VoIP, physical security (electronic doors, alarm systems), servers, storage, staff access, students access, IoT devices, ... and use VLANs to separate those zones. Configure strict firewall rules between the zones to control the routing in between. Start with denying all traffic as default and only permit was is really required. Document well.