I recently installed an 8 AP (1832i) fabric connected to some 2960s. This install is one where I need to run 2 VLANs. Guest and Private. The Private VLAN 10 has a server on it which also acts as the DHCP server for the LAN
On the Guest network, VLAN 20, I intended to use the ASA as the DHCP server.
However, if any of you have tried to do thios before, you know what the problem is.
On the WAPs and the Mobility Express Controller I've upgraded the code from 8.4.100 to 8.8.100 thinking that may fix the issue.
It appears that the WAP does not respect the tag when it placed the frame on the wire. Hence, wireless clients never see the DHCP server on the ASA and end up getting an IP address form the Windows server on VLAN 10
IF I use the DHCP server on the controller, they get a proper IP, mask, gateway and DNS but, they're traffic out still gets dropped onto the native VLAN, which is also 10

So VLAN 10 is the management network, it's tagged and it's the native. VLAN 20 is tagged and therefore trarrif from wireless clients on VAN 20 should never see anything on VLAN 10

But again, I believe this is an ongoing issue from what I've read where the AP doesn't respect the tagging once the traffic is going on the wire.
The switchport config is pretty simple

interface GigabitEthernet1/0/1
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20
switchport mode trunk