Consult the configuration case of AP+ dumb POE Switch + AC+ Layer-3 switch connected off-line

the reference answer GPT ᴼ ᴾ ᴱ ᴺ ᴬ ᴵ < br / > according to the information you provide, I can offer you the following suggestion:

1. Deploy AC6508 on a core switch S5720SI. Connect the AC6508 using a trunk port, connect vlan 10, 20, and 21 to the AC6508, and configure the SSID and corresponding vlan on the AC6508.
2. If an S1730 POE switch is used to connect to AP5761, configure a port on the S1730 as trunk, connect vlan 10, VLAN 20, and VLAN 21 to this port, and configure poe on this port.
3. If you want to isolate your wireless users from your wired users, you can configure a policy of user isolation on the AC6508.
4. If you want to control the access of wireless users through a firewall, configure the firewall on the link between the S5720SI core switch and AC6508.
5. Configure a VLANIF interface on the core switch for the S5720SI to assign IP addresses to each vlan for communication between vlans.

Here are examples of possible configurations:

Core switch:

vlan 10
vlan 20
vlan 21

interface GigabitEthernet0/0/1
 description To Firewall
 undo portswitch
 ip address x.x.x.x y.y.y.y
#
interface GigabitEthernet0/0/2
 description To Access Switch
 port link-type trunk
 port trunk allow-pass vlan 10 20 21
#
interface Vlanif10
 description Management VLAN
 ip address 10.10.10.1 24
#
interface Vlanif20
 description Wireless VLAN
 ip address 20.20.20.1 24
#
interface Vlanif21
 description Guest VLAN
 ip address 21.21.21.1 24
#

Wireless controller:

vlan 10
vlan 20
vlan 21

interface Vlanif10
 description Management VLAN
 ip address 10.10.10.2 24
#
interface Vlanif20
 description Wireless VLAN
 ip address 20.20.20.2 24
#
interface Vlanif21
 description Guest VLAN
 ip address 21.21.21.2 24
#
ap profile
 ssid WL-SSID
 vlan-id 20
 ssid-type employee
#

Access switch:

vlan 10
vlan 20
vlan 21

interface GigabitEthernet0/0/1
 description To Core Switch
 port link-type trunk
 port trunk allow-pass vlan 10 20 21
#

POE switch:

vlan 10
vlan 20
vlan 21

interface GigabitEthernet0/0/1
 description To AP
 port link-type trunk
 port trunk allow-pass vlan 10 20 21
 port poe enable
#

Please note that the above examples are for reference only, and the specific configuration depends on your network topology and requirements. In addition, to ensure network security, ensure that the management interface and login password of your network device are secure.