Inter VLAN routing with a wireless twist (Cisco SG300, Engenius EAP600)

I have two Cisco SG300 switches (which I am configuring with the GUI).  I also have an Engenius EAP600 WAP that has two VLANs setup (1 and 2).

I need to make it so that VLAN 1 can access VLAN 2, and the internet (router local interface on VLAN 1).
I also need to make it so that VLAN 2 can access VLAN 1, but not the internet (I can configure the router to block VLAN 2 IPs outbound)

Current setup:
Windows SBS 2008 with two DHCP scopes:  172.16.10.0/24 (VLAN 1),   10.1.1.0/24 (VLAN 2)
Cisco 1941 ISR:  172.16.10.1
Cisco SG300-52 Layer 3 Switch: 2 of them connected via LAG 1 [four gigabit ports]
Engenius EAP600:  3 of them configured with VLAN 1 and VLAN 2 (untagged, not currently isolated)

I have tried to configure this numerous ways, and have followed numerous instructions.  I'm about to slam my head in the door on this one.  When I connect via the SSID on VLAN 2, I get no IP address (if the profile is isolated).  If I do get an IP (when the profiles are not isolated), I get a VLAN 1 IP address.  I have tried connecting directly to the switch via cable (to a port that is assigned to VLAN 2), and received no IP address.

I'm obviously doing something wrong.  Is there someone that would be willing to treat me like I don't know anything and help me through this?
LVL 5
Eric GreeneDirector of TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Is the Windows server connected to a port that is configured as a trunk?  If so, is VLAN1 and VLAN2 both tagged?

It sounds like the BOOTP requests are not getting to the Windows server "correctly."  Like the Windows server is setup to use VLAN1 untagged and the WAP is sending VLAN2 traffic untagged.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eric GreeneDirector of TechnologyAuthor Commented:
I am so sorry I have not responded.  We were so busy that night trying to get things resolved that I forgot I had a question posted.

It turned out that the EnGenius units, though they say they can handle VLAN tagging -- were not tagging traffic correctly so the switch port setup was not working.  We abandoned the EnGenius units and moved on to new hardware.
Eric GreeneDirector of TechnologyAuthor Commented:
You were correct that the BOOTP traffic wasn't reaching the server -- it was because the wireless units were not properly tagging traffic.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.