If I have a wireless LAN in a building connected to Cisco Catalyst 3524 switches and want this wirless network to gain access to the LAN which is also connected to Catalyst 3548 switches. More like a campus enviroment, no public network involved. Do I have to have PIX to isolate the boundry between two switches one is connected to the local LAN and the other one is connected to the Wirless LAN. I thought I could create VLANS between those networks and then can use the external router to route traffic between them and then build my access-list to permit and deny the traffic. Someone is using the PIX as treating outside interface for Wireless network and Inside interface as an Internal Network. Any suggestions.
Without a PIX you will not be firewalling your lan from your wlan. If the switch gets compromised, your security is no more. Also, vlans and access-lists on the switches do not inspect the traffic as a true firewall does. I would place a firewall there if need warrants security.