To simplify what I am after, the zone directors can be ping or accessed via web interface on a static ip in vlan 80. (172.17.80.10)

BUT they cannot talk to our Ad server/DNS servers etc....

They are on vlan 1000 (172.20.1.10 etc)

Also the APs cannot get a dhcp address from windows dhcp server. The VLAN 80 is setup on all switches as tagged ports. Do I really need to trunk any ports?

The dhcp server range is activate.

The zone directors are plugged into an hp 48 port switch which connects to a layer 3com in turn connects to two core 5406 HPs.

I have ACLs on the two core switches which allow 172.17.80.0 access to all.

My servers are also connected into the same 48 port switch but on a different vlan.

I don't understand what I'm missing.

Please ask as many questions as possible