Is is a good idea to put SMTP Shadow replication on the same VLAN as DAG replication?

Q1. Should shadow replication be limited to the site? Should it go across the WAN?

-> It depends on how your AD-Sites are configured, and what are the requirements for message routing. If you are going to consolidate all smtp traffic and send it out through one-site, then you can have shadow redundancy configured across WAN.

to quote the Technet article on Shadow Redundancy:

For any message delivered to a mailbox database that's part of a DAG, the shadow copy for that message is retained in the transport dumpster until that message is replicated to all DAG members. Similarly, any message submitted to Hub Transport servers from a DAG member has two copies, one in the Hub Transport server queue waiting for delivery, and a shadow copy in the sender's Sent Items folder. This approach is a key component of shadow redundancy.

However, when the Hub Transport and Mailbox server roles coexist on the same server, and you have mailbox databases that are part of a DAG, Hub Transport servers may have to route a message through an extra hop to avoid having the primary message and the shadow message on the same server hardware.

http://technet.microsoft.com/en-us/library/dd351027.aspx

Q2. If so should it be on a separate VLAN?

-> Ideally you would want to isolate your message-routing, so the answer is Yes.