Cisco Aironet 350 on subnet

I've got a FreeBSD server as my home gateway/firewall, and have the
Aironet WAP plugged into the internal LAN switch. My goal is to have
all WAP clients on a different subnet (A.B.111.0) from the local LAN
(A.B.1.0).

My first attempt was to create an alias IP on the server's LAN
interface, add rules to dhcpd.conf to handle the new subnet, then
configure the WAP to obtain it's own IP from the new subnet. Well the
WAP gets the right IP and router info, but WAP clients are still
getting assigned IPs from the regular LAN subnet which is not what I
want.

I have a feeling this is because the WAP is acting as a passthru device
as all requests show up as 0.0.0.0.bootpc > 255.255.255.255.bootps

It makes logical sense that if I could have the WAP change the requests
to 0.0.0.0.bootpc > A.B.111.255.bootps then that might do the
trick, but I have a feeling that's not possible or even valid.

Can I accomplish my goal on a single switch (cheap Netgear) without
resorting to hard coded MAC addresses in dhcpd?

Ok well I was able to get this working. I was playing with the VLAN
settings, and not being too familiar just went ahead and configured one
on the Aironet, and made it native, and that appears to force WAP to
route it's requests according to it's current network configuration. I
already had it configured on the newsubnet so it worked like a charm.

The only issue I had was the WAP clients listed the DHCP server as
being on the wrong subnet. I dug through the dhcpd options and found
this one that did the trick:

server-identifier A.B.111.1;

So now I have all my WAP clients on the new subnet, and have added
rules to my IPFilter config to disallow any traffic except through the
gateway so they are isolated. How isolated are they really though? Is
there anything else I can do to lock things down, without too much
hastle?