I need to provide wireless access to customers in my customer lounge. I would like to hang a relatively inexpensive AP such as Linksys WAP54GX on one of my C2950 switches and allow these users to connect "only" to the internet. I know that having them PAT to a different network IP and setting DHCP for them will prevent ping scans but not network sniffing to determine a valid address for instance to static an IP on my corporate LAN. I know the safest solution is to provide a completely separate ISP connection but would like to avoid this. What would be the best way to achieve this. Would hanging the AP on a switch port configured to a different VLAN with corresponding ACL's provide this. If so how does one configure a VLAN 2 for instance that only has access to the gateway and does not broadcast to the AP users corporate LAN packets.
Any input greatly appreciated, I have delayed this project for some time do to security implications but need to get done.