We have a relatively small simple LAN behind a Cisco ASA 5510 firewall. Macs & PCs. On the same LAN are a couple of wifi routers which allow the option of using the internet & file servers via ethernet or wifi.
I would like to change this so that people connecting on wifi are on a separate, blocked-off network solely for internet/whatever. Aim is (a) improve security & (b) disable bonjour & improve network performance & server access on the 'main' LAN.
We have a lease line internet connection, would you order an additional broadband line for the wifi devices or set up a separate VLAN on the firewall - if so, can anyone point me to a 'dummies' guide? Is it possible to disable bonjour on one network & allow it on another? The additional cost would not bother me too much, I could budget for that.
I came up with a solution eventually by utilising 2 old OSX mac minis as DHCP/DNS servers, one for each network. The wifi boxes are configured manually on the wifi network so not exactly a Cisco solution.