So that I can better understand what you want to achieve, I need to make sure I understand what you want. When you say multi-layer, I take it to mean using multi-layer switches, ala layer 3 switching, such as the cisco cat 4500 or cat 6000 series switches using msfc or nffc modules to perform routing. Am I correct on that point?
When you mean connecting switches, do you mean switches that may or may not be multi-layered, that is seperate cat switches such as the cat 2950 or cat 3550 that is connected to the multi-layer switch. Am I correct on this point too?
And I assume that the firewall will be a separate device, as you mentioned pix but not the FWSM - they both use the same firewall technology but accomplish it in different ways and I want to make sure that your firewall is not an intergrated cat 6000 module.
Lastly, the pix is not a multi-layer device, as it does not do layer 2 switching, even though it can process IEEE 802.1Q tagged packets for vlan processing. It only operates at layer 3 and only for the IP protocol, and does not send BPDU frames.