You could do both, but at least do the ACS. The firewall will block traffic you designate, but it won't (unless it contains capability of doing so beyond most firewalls) authenticate the wireless users. ACS will perform the AAA - authenticating, authorizing, and accounting - to verify those connecting to your LAN. And with wireless, you need to perform MUTUAL authentication - ACS would use LEAP or the newer PEAP to do this - these are based on the de facto pending 802.1x security standard (de facto since WEP is known to be generally worthless so most implementations use proprietary versions of EAP, like LEAP and now PEAP).
Putting the WLAN in a VLAN would also segment that wireless traffic and allow you to treat it differently once dumped into your core infrastructure devices. Hope that helps. Regards, Eric R. Young - CCNP, CCDP, MCSE Network Engineer / Owner Schultz, Young & Associates Ph./Fx. 877.651.8016 Email: [EMAIL PROTECTED] VCard: www.ureach.com\schultz_young_assoc ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag
