My current setup is almost the most complex setup ever. I have a dynamic Public IP address assigned to my WAN FastEthernet port on my Cisco 2621. It gets NATTED to the LAN FastEthernet port where my 48 port 10/100mbps Cisco Catalyst 3550 is hooked up to it. That switch is has three VLANS on it. All of these VLANS route via EIGRP on both the Switch and Router. There is also some ports that have QOS configured. OSPF will be implemented soon to replace EIGRP.
SecurNet which contains all my services and Internet. Including my server that does VPN, DNS, FTP, SMB, AddressBook, iCal, Web, RADIUS, Podcast, Printing, and more. That network also has an Airport Extreme wireless access point that is setup with 802.1x (WPA2-Enterprise) with certificates via RADIUS for wireless access and authentication. So if you don’t have a username, password, and my certificate you aren’t logging on.
PubNet which contains partial services to my network and a 1.5mbps connection to the Internet. This network also has a Wireless access point configured with DD-WRT with WPA2-PSK encryption. So if you hack it your only going to have limited services not to mention your own computer will be hacked so bad on you.
VOIPNet which contains nothing but QOS based technologies. Primarily my Skype VOIP phone and maybe Cisco CallManager in the future if I even know how that works.
All of these networks are configured on my Cisco Switch along with DHCP pushing IP’s to the correct VLANS. Another thing is the server has a reservation made on the Switch.