Question : Wireless Network configuration

I run a corporate network. The network consists of 2 Level1 gigabit switches which are linked together and a single Windows 2003 domain controller server which does DHCP and DNS.  Internet is provided by an ADSL connection, the gateway for which is a Cisco ASA5505 firewall device.

I've just set up three wireless access points in the building to provide wireless network access  in addition to 30 workstations that sit on the wired LAN.  The wireless APs are 2x Netgear WG602v4 units and 1 Netgear DG834PN router configured as an access point and connected to the second network switch  The wired LAN has a DHCP range of 192.168.0.60 - 192.168.0.200.  The three wireless access points have static IP addresses outside the DHCP scope (192.168.0.6, 192.168.0.228, 192.168.0.229).

I intend that DHCP for wireless clients be handled by the central domain controller.  I've configured the three access points in access point mode with the same subnet as the wired LAN and a default gateway of 192.168.0.201 (the Cisco ASA firewall).  On the network switches, I have created one default port-based VLAN for the wired network (VLAN1) and a second VLAN (VLAN2) for the wired network.  The linked ports on each switch are configured in trunk mode.  VLAN1 includes all ports on the two switches apart from the three that the wireless access points connect to.  VLAN2 includes the three wireless ports, the domain controller port and the gateway port.

Does this sound like a sensible and secure setup?  I have an ARP monitor running on the domain controller (Xarp) and for some reason (I'm remote from this site) it picks up a fair few 169.254 addresses corresponding to MAC addresses on the network.  I wonder if I've configured the wireless setup correctly or why these 169.254 addresses are coming from.  I want separation between the wired and wireless side of things but obviously I need wireless clients to get DHCP, DNS etc. and access to the Internet gateway.  Perhaps I should be using DHCP on each access point to assign IPs to wireless clients, but then we'd have multiple DHCP servers on the same network.

Any thoughts or suggestions much appreciated.

Answer : Wireless Network configuration

The 169.254.XX.XX adresses are obviously coming from computers not being able to communicate to the DHCP and get an IP address.

The VLAN configuration is ok, although I would start troubleshooting by connecting the 3 access points to the "rest of the network" (VLAN1) set of ports.

For the Wireless security you may safely rely on the Access Points' WPA encrytion. WEP is unsafe.