I have a netware 4.11 server (ipx/spx) connected to a 3300 3com sw. Most computers connect to this switch. I also have some other sw connected to the 3300 (just for port expansion). This takes care of the file/print services.
Now comes the real problem (Internet).
I have a modem/router wich is connected to the 3300 SW, and because I needed more ports, I am also using the built-in ethernet ports to connect some computers.
I have the network set up so that all the clients use fixed IPs, and I have sub-netted it (f.f.f.224), hopping to hide clients from one range of IPs to another.
The router is configured so that the internet gateway is 192.168.1.250 with a mask of f.f.f.f (and it works).
Next I have to add a WAP (most likely connected to the 3300 Sw).
All clients have some sort of firewall and anti-virus, but I cannot control the wireless clients.
I thought about putting a firewall (m0n0wall) between the router and the 3300 Sw. But this will not secure the whole network (because of physical limitations).
Any Ideas on how to improve security without too many physical changes?
You will need to setup the VLAN's on the switch your AP connects to.
Another idea is get IPcop.. its a free open-source firewall that has support for a green (trusted) orange (DMZ) red (Internet) and blue (Wi-fi) interfaces...
Sounds like just what you need.. and its a snap to setup..
Furthermore, you can try MAC address filtering on the AP, add whatever little protection WEP will give you, and then if you're doing something important, tunnel your traffic over IPSEC, SSL or similar..