However, VLANs really aren't a substitute for firewalls. Many organizations use some type of firewall, WLAN gateway, or WLAN switch to control wireless network access. For example, a WLAN gateway from Bluesocket or Vernier can require every user to log in to reach the network on the far side of the gateway. Visitors can be granted access to the Internet and selected applications/ports, while authenticated users (employees) can be granted access to additional destinations and applications in accordance with group or user level policies. In this configuration, you can still have separate SSIDs to apply different airlink security policies, or you could have one common SSID and use VPN tunnels to secure employee traffic over the air.
This was first published in March 2004