>Well its not much of a firewall if everything is on one physical network.
>However if your next-thing is a router like a cisco then it may be 
>workable.

Hello,

A properly configured VLAN capable switch will offer the same effective 
isolation as seperate physical networks. There are some known methods of 
attack for VLANs (.1q) but decent switches should prevent these (Cisco has 
some examples in a white paper).

Regards,

Kris.