|
This might come across wrong, but what's the point of running the Contivity client if the WLAN isn't going to be separated from the LAN? Seems like another layer of overhead to me, especially if the same services are being offered over the WLAN and the LAN at the same time.
If you don't have a firewall solution in place, you could get broken into without too much difficulty. 30 APs and requisite clients will generate enough traffic for someone to scoop up enough weak keys for an attempted WEP break. Once your nefarious individual has the key, all that needs to be done is spoof the MAC address of one of your clients, and you won't be able to figure out who.
The point of the FW, is that if anyone does indeed go through the trouble and gets onto the WLAN, then they're paralyzed unless they can snoop and break an IPsec stream. This can be avoided as easily as having a *nix box with a couple of NICs in it. All-in-all, WLAN segments should be trusted as much as your Internet connection...nada.
If you're going to jump through the hoops and spend some good bread and resources on the Nortel VPN solution, and configuring RADIUS, you should be able to firewall the wireless segment. If your security is as important as you suggest it is, you're better off going overboard instead of going "good enough".
__________________
-A.G.-
|