Current Setup:
Separate Networks via Router

Is this possible?
Separate Networks via VLAN?

Let me know if you have any questions about what i have here and if it is possible to seperate those networks with VLANs.

Thank You!

Generally speaking if your switch supports ACL's you can drop anything at that switch targeted between VLAN's. This will allow clients access to the router for regular queries and prevent inter VLAN fraternization.
You will need to check your switches manual for that information.

Well, first of all you said VLAN's and I don't see how you will benefit from the picture you presented, all your segments, including the internal IP of the firewall, are on the same segment - so you can just use switches chained together, avoiding loops. If you really ment to have 2 different networks for the intranets and a different network for uplink to the firewall then your switch (infront of the firewall) should support VLAN tagging (essentially, port connected to the firewall should be configured as trunk) - dot1q as an industry standard, or ISL or dot1q for Cisco equipment. On top of all that your firewall must have appropriate support for trunking (support for virtual interfaces, etc.). Unfortunately (or fortunately), mostly I have to deal with Cisco equipment on a daily basis, so I am not sure how other manufacturers' networking equipment is configured.
Hope this helps,
Best,
Boris.

Also, I assumed the switches are layer 2 only, and appropriate access control lists should be defined on the firewall to prevent one network to talk to another. If you use a layer2/3 switch between your fw and the intranets, the switch can be configured so that the routing decisions will be made on that switch for separate VLANs, in that case yu can apply access control lists on the Vlan interfaces of that switch, but if your fireawall has only one internal interface (from teh picture I thought it was the case), you wlll still need to dedicate one port on the switch to be in a trunk configuration, and slice the firewall's internal interface into 2 virtual interfaces if your intranets need access to outside world.

So if I were to go with a Cisco Layer 2/3 switch what would I be looking at in the way of hardware and the price?

Thanks ALOT for the replies - I still have allot of learning to do =)

As soon as I finish up college I will probably be looking into Cisco Certifications... You certified?

Sorry, didn't reply earlier. As far as cisco gear concerned - expensive. If you are willing to spend a premium go for 3750 series switches with advanced services image (if you are planning on layer2/3 make sure you get an EMI version of the switch - enhanced multilayer image), as for me, i could do with a standard multilayer image - SMI and trunk the uplink port(s) to the router - cost saving is sufficient to buy other pedigree for your network.
As for the certification - no I am not certified, I was thinking about getting CCNA and then CCNP, but I have no time whatsoever, job keeps me busy.
Regrds,
Boris.

NewBie question:

Are there any way to setup a simple or small size VLan with Cisco router but not layer2/3 switch?

The answer to your question is yes and no.

Yes: If your switch is capable of vlan tagging and trunking.

No: If your switch is not capable of vlan tagging and trunking. (like a $50.00 linksys switch)

FWIW: A cisco router can be configured to do vlan switching on a single (physical) interface, but without the vlan tagging by the switch, the router does not know how to re-encapsulate the packet. i.e. the sub-interfaces

A good example of your question can be found here Skip to the network diagram chapter.

fhleung,

VLANs only exist in switched networks, so if you want to use a router and no switches, then VLANs make no sense. If on the other hand, you mean "is it possible to set up VLANs using a standard layer 2 switch and a Cisco router?" then the answer is yes - you can use "router on a stick". See the Cisco website for details on how to do this.

Hope this helps.