Think of the ZoneDirector as a WLAN management appliance hanging off your
network. We do assume that you have routing/switching in place for VLANs and
a DHCP server servicing each. Your WLANs that specify a VLAN, will tag the
authenticated clients packet with that VLAN-ID, so from the AP directly or the
ZD (if tunneling your WLAN), the client DHCP discovers should be seen and
answered by the DHCP server on VLAN 30.
If you take off the 802.1x/RADIUS authentication, using just Open Auth for a test,
do clients connect right away, and get a VLAN 30 subnet IP address ok? If yes,
that is a good start.
Which type of EAP you employ for 802.1x/RADIUS will determine what your client
needs, either a certificate (EAP-TLS), or username/password (EAP-PEAP, with or
without a client side cert). It sounds like you wish to use PEAP. A Windows PC
should pop-up a login balloon, requesting username/password. You ought to be
able to configure the Properties of your wireless Profile, to get this first-time login
prompt. Say not to use PC credentials.
Due to 802.1x complexity, please open a ticket with tech support if you need
further troubleshooting assistance.