As many of you may know I have been deploying Cisco Aironet wireless nodes. I have configured the node with WPA2 Enterprise using the built-in RADIUS server with LEAP authentication. Now I have another hurdle to jump.... separating the wireless network from the internal network. The equipment at the sites is SOHO, so there are no provisions for VLANs on the router (standard linksys affair). I was hoping I could configure the Cisco Aironet AP to block wireless nodes from accessing the internal network. The idea of creating a separate network using VLANs is the first idea that popped in my head... hopefully I can use the DHCP server built-in to the router.... not sure though. I am not familiar with VLANs, so I am directionless on this one. I think I might need a VLAN capable router/switch to make this happen. Correct me if I am wrong? Any other ideas would be greatly appreciated.