Ok you have a few things going on here that relates to a real world WiFi set up.
In the class we use a windows 2008 server set up with VLAN 10, and 11. this server provides the DHCP for the AP and the Employee SSID. also note VLAN 10 and 11 are trunked off the controller on port 1/0. in the class this trunk goes back to the server.
VLAN 10 is your local or maintenance VLAN and would simulate the local network that the controller and AP are connected to. this is your existing LAN in the real world.
VLAN 11 is the IP range that will be handed out to the clients when they attach to the employee SSID - this SSID is configured in a L2 deployment and hands out a default gateway that is upstream from the controller.
The Guest SSID uses VLAN 13 and is deployed in a L3 deployment, this means that the controller ends or terminates the VLAN. VLAN 13 is not trunked off the controller and must be routed (hence L3 not L2) this requires that VLAN 13 either have a dhcp service on the conteoller or use a dhcp helper to send dhcp requests out to the production network. we commonly use this on the guest network because the simple dhcp service on the controller does not expose anything from the corp network to the guest
I hope this helps
Kelly