Thanks for looking at it, Ali.

Unfortunately, I'm still seeing the same behavior that suggestion.  My current config is attached.

yes the configuration now is correct , 

is it working now ? 

No.  The router is still not receiving any of the broadcast packets from the wireless.

can you share the show run from the root AP ? 

is it cisco or non-cisco AP ? 

collect show brdige and show arp from the WGB .

and show run from 3200 mobility router

do you see the DHCP packet going out the wired/wireless clients behind the WGB , but no reply from the other side ? or you are checking from the root AP side , 

if you connect a wired client behind the bridge to vlan 20 , does it take ip address ?

Sorry for the delay.  Thanks again for looking at this.

can you share the show run from the root AP ? 

> attached

is it cisco or non-cisco AP ? 

> Cisco, for testing purposes

collect show brdige and show arp from the WGB .

> 

vehicle-router-ap#show bridge 

Total of 300 station blocks, 299 free
Codes: P - permanent, S - self

Bridge Group 1:

    Address       Action   Interface       Age   RX count   TX count
6cfa.89d5.84a2   forward   Gi0.11            0          5          0
vehicle-router-ap#show arp    

vehicle-router-ap#

and show run from 3200 mobility router

> That's a bit tough due to all the customer specific data.  Here are some relevant snippets:

dot11 ssid (redacted)
   vlan 11
   authentication open eap eap_methods1
   authentication network-eap eap_methods1
   authentication key-management wpa
   accounting acct_methods1
   dot1x credentials TLS
   encryption mode ciphers tkip
!

bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 ssid (redacted)
 !
 antenna transmit right-a
 antenna receive right-a
 station-role workgroup-bridge universal 1cdf.0fcc.7052
 rts threshold 4000
 no cdp enable
 infrastructure-client
!
interface Dot11Radio0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet0.11
 description IP address here needed to support SNMP signaling to MARC
 encapsulation dot1Q 11 native
 ip address 10.255.253.251 255.255.255.0
 no ip route-cache
 bridge-group 1
!
interface FastEthernet0.20
 description Sub-interface for consistent access/administration whether inside or outside of 802.11 coverage
 encapsulation dot1Q 20
 ip address 10.255.255.251 255.255.255.0
 no ip route-cache
 bridge-group 20
!
interface BVI1
 description Bridge Virtual Address - On Vlan11 from MARC's perspective
 ip address 10.255.254.251 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.255.255.254
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip
bridge 1 aging-time 120
bridge 20 aging-time 86400

do you see the DHCP packet going out the wired/wireless clients behind the WGB , but no reply from the other side ? or you are checking from the root AP side , 

> I have a monitor session on the switchport  the root AP is connected to

> I see the broadcasted DISCOVER from the WGB and a broadcasted OFFER.  There's no indication in the router receives it (based on the output from debug dhcp)

if you connect a wired client behind the bridge to vlan 20 , does it take ip address ?

> yes.  Other clients (laptops/iPhones) also work when connecting to the root AP

on the AP of the 3200 add this subinterface :

interface Dot11Radio0.20

encapsulation dot1q 20

bridge-group 20

----------------------------------------

on the root AP, you can copy and paste :

add below :

interface Dot11Radio0.20

encapsulation dot1q 20

bridge-group 20

interface Dot11Radio0.11

encapsulation dot1q 11 native

bridge-group 1

interface FastEthernet0.20

encapsulation dot1q 20

bridge-group 20

interface FastEthernet0.11

encapsulation dot1q 11 native

bridge-group 1

dot11 ssid iotwifi

vlan 11

===========

it should work , 

if not collect show bridge again from both sides .