I have an 871W configured with 3 vlans, 2 are encrypted using EZVPN. Wired machines can get DHCP assigned, A hard phone, on the voice vlan, gets an IP, workstation on the work vlan gets an IP, wireless clients on the non encrypted bvi gets DHCP. I have an 1131 AP on the network and all wireless clients can get an IP. The only wireless clients that can get an IP from the 871 wireless is the non encrypted one. For some reason I have tied it down to the crypto ipsec client ezvpn VPN inside. When I remove it from the BVI interface, the 7921 phones can get an IP, but of course cant reach the server since the encryption is removed. I have 3 BVI interfaces, vlan 2,3 &4, and all three are setup with a wireless interface. All 3 are identical. the only exception is the EZVPN.
crypto ipsec client ezvpn EZVPN
group Ezvpn-Split key keyname
username guessing password uwillneverknow
xauth userid mode local
Everything except getting an IP from vlan 2 and 3 on the wireless is working fine. I even hardcoded the IP on the phone and it still didnt work. I tried adding the crypto to the subinterface on the radio, but that didnt work either.