vlan and hotspot

hi all,
explain my problem …
i’ve read other posts but i’ve understanded very very low
i’m searching to make working an hotspot controller .
i’ve installed it in our NOC on the same switch where our customers are using to navigate …
installing a wireless ap (2.4) behind a canopy all works fine with nat disabled because if i enable nat the access controller authenticate just one time the mac address of canopy and all navigate free without authentication …
so i disable nat and receive dhcp address from access controller and all works fine (apparently) but the problem is that if i change my ip address in another class (customer class 10.1.x.x ) i navigate free …
the question is :
how can i isolate traffic of ap controller from customer class with vlan …
in our noc we have two (inside and dmz) managed switch procurve 2626
net diagram is like this

switch inside
pix firewall and internet ---- port 2 (
access controller (lan port) — port3
switch dmz
access controller (wan port) ----- port 1
pix firewall (dmz) and internet ---- port 2
radius and other server – other ports

i’ve tried to make a vlan id 69 and insert in port3 of switch inside but configuring on the canopy vlan 69 nothing change and i can arrive to cisco pix interface inside …

anyone can help me ?
thank you thousand and excuse me for the confusion and my poor english !


http://motorola.canopywireless.com/supp ... hlight=yay