Who rated this post

Looks good so far.  No, you don't need the bond0 interfaces; that's just an example from my other customer. 

On the switch, "show mac addr vlan 340" should should you MAC addresses on Gig0/4 and Gig/0/11.  Gig0/4 will be that AP MAC, and Gig0/11 will be the MAC addr of your 3200 appliance eth4 interface.

"show mac addr int gi/0/11" will show you VLANs 340-344 and the same MAC addr for the 3200 appliance eth4 interface.

If you don't see that, then did you define the VLANs? Spanning tree instances have to be created for them.

conf t
vlan 340
name Net_10.20.0
vlan 341
name Net_10.20.1
vlan 342
name Net_10.20.2
vlan 343
name Net_10.20.3
vlan 344
name Net_10.20.4
end
!
show vlan brief
show span vlan 340
show span vlan 341
show span vlan 342
show span vlan 343
show span vlan 344

Also prune all the VLANs from your AP port (or just set "sw tr allow vlan X-Y").  Otherwise, BUMs on VLAN 1 are forwarding out that port, too.

If you have VLANs, and spanning-tree, and you see MACs on the expected ports, then check your DHCP configuration, wherever your DHCP server is.  If you're using DHCP-relay (bootp relay) on the firewall, then the bootp relay commands need to specify the interface (or VLAN sub interface) to listen for those packets and forward them.