I'm pretty sure you don't need the bridge protocol ieee used at the end of your config. Also, can you post your router config? This looks properly configured, but there may be an issue on your router.

Make sure your Gigabit interface to the AP is configured for trunking.

The official word from Cisco Tech Support is as follows:

"After looking further into this issue, I’ve been able to determine that the documentation is unclear. You can have a maximum of 2 vlans, and 10 SSIDs. If you do not map the SSIDs to VLANs, the ISR can hold a total of 10 SSIDs, with only one broadcasted. If you map them to VLANs, however, you will be unable to have more than 2 SSIDs enabled on your router. So the functionality to create more than 2 working WLANs on your AP is not there on the 861W. "

I think that you're right about the "bridge protocol ieee" command. However, I think that it's the defualt bridge protocol. If I try to execute "no bridge protocol ieee", the sub-interface is deleted.

In any case, here's the router config I had been using:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname pa-router

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

!

!

no ip source-route

no ip dhcp conflict logging

!

ip dhcp pool 0

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 209.198.87.24

!

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 209.198.87.24

domain-name voicesforvtkids.org

!

ip dhcp pool 2

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 209.198.87.24

!

!

ip cef

ip domain name publicassets.org

ip name-server 209.198.87.24

!

!

!

!

username Thomas privilege 15 secret 5

!

!

!

archive

log config

hidekeys

!

!

ip ssh version 2

!

!

!

interface FastEthernet0

no cdp enable

!

interface FastEthernet1

no cdp enable

!

interface FastEthernet2

no cdp enable

!

interface FastEthernet3

switchport access vlan 2

no cdp enable

!

interface FastEthernet4

ip address 207.136.xxx.xxx 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0 secondary

ip address 207.136.xxx.xxx 255.255.255.252

ip nat inside

ip virtual-reassembly

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan3

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 207.136.xxx.xxx permanent

no ip http server

no ip http secure-server

!

ip nat inside source list NAT interface FastEthernet4 overload

!

ip access-list standard NAT

permit 192.168.0.0 0.0.0.255

permit 192.168.1.0 0.0.0.255

permit 192.168.2.0 0.0.0.255

!

no cdp run

!

That's crazy - I've never heard that before. Only 2 SSIDs? Have you tried just running 2 SSIDs? Does that work?

I don't see anything wrong with your config. What exactly happens with what you have configured? Do you see any of the SSIDs you have configured?

Yeah, and that fact that it has only two Vlans is not terribly well documented either.

I do see the three SSIDs; they are being broadcast and I can associate to all three. However, only two of them will pass data. Clients on the third one cannot connect to the DHCP server. The other two work fine.

Well, I guess the issue can't be fixed then, if Cisco is saying that 2 SSIDs is your max.

So weird... I've still never heard of that before.