Wireless Access

I have a question on setting up a private network for my AP's on the same copper as my trusted/guest traffic. The answer is probably obvious but I'm missing it.  Here's an example. 

Vlan 10 = Trusted Network 10.10.10.0

Vlan 20 = Guest Network  192.168.1.0

Vlan 30 = Aruba network (Private AP network) 192.168.2.0

I set the VLAN to use under the SSID configuration for Trusted and Guest Networks.  How do I get the AP's to automatically operate on VLAN 30?

My goal is to use DHCP with Option 60 for automatic deployment.

'm just not sure how to tell the AP's to use the VLAN. 

Putting the AP's on a seperate VLAN and private network also alows me to show some level of security greater than the 802.11x when running guest and trusted on the same network as our End user network.  I'm just not sure how to tell the AP's to use the VLAN. 

Any help is appreciated. 

Your access points can be on any vlan that is routable to the "controller-ip".  Your access points would also need a discovery mechanism like DNS,  broadcast/multiast, DHCP options, or you can set them statically ahead of time to point to the controller-ip.  One caveat is if the access point discovers the controller on a different ip address, it will always send its traffic to the controller-ip, so the access point ip address needs to be routable, as well as have firewall access to the controller-ip.

I hope that answers some of your questions.

I think I figured it out.  Since the controller has the trusted and guest VLAN.  The AP can be plugged into a port with the Aruba vlan.  I don't need to trunk all 3, as The controller will pass data to the end user device over the tunnel for  Trusted and Guest. 

That way the AP is automatically on the VLAN I assign. I setup DHCP with Option 60 (Provides the controller IP to the AP) and I have an independent AP network for AP configuration that also acts as a tunnel carrier for 802.1x data to the end user device. 

Thanks.