Our 1100ap is setup as a DHCP server. I've attempted to add an access-list to f0 that blocks bootpc and bootps requests from coming on that interface so that addresses will only be assigned on requests coming in on the Dot11Radio0 interface:
no ip address
ip access-group 111 in
Extended IP access list 111
deny udp any host xxx.xxx.xxx.23 eq bootpc
deny udp any host xxx.xxx.xxx.23 eq bootps
permit ip any any
Unfortunately this does not work. IP addresses are still being assigned to machines on the f0 side of the AP. Neither does setting the access-group to outbound work. My understanding of ACLs on switches is that the explicit denys have to come before the permit statements. Not much experience with ACLs yet, but I'm learning.