Unable to Obtain DHCP address when I have ACL rules

Products Residential Wi-Fi
1

Hello,

Requesting assistance on below issue.

Have a DHCP pool associated with VLAN111 for WLAN2. I want to block access to other local VLAN 1. However when corresponding ACL are added to do this - WLAN2 clients can no longer obtain an IP address from this DHCP pool. I have tried several combinations of rules to achieve this - allow access to default gw etc but nothing works. 

ACL rules:

Selection_043.png
Selection_043.png1426×607 44.5 KB

VLAN 1:

VLAN1.png
VLAN1.png1175×775 55.8 KB

VLAN 111:

VLAN111.png
VLAN111.png1122×735 52 KB

DHCP Pool:

dhcppool.png
dhcppool.png1248×424 35 KB

Without the ACL rules, everything works - VLAN 111/WLAN 2 clients obtain IP from the DHCP pool 1, they can access the Internet BUT also have access to all other VLANs on the network. 

WLAN 2 is supposed to be a hotspot network and we cannot allow access to production LAN from WLAN 2.

What am I missing?

2

Clients connected to WLAN2 on VLAN111 gets the ip with subnet 192.168.111.x, and VLAN1 is 192.168.100.141.

If you want to block access  to VLAN1 for clients  

Below should be ACL rule with "Deny" policy and "in" Direction

                                   Source IP/Mask                                        Destination IP/Mask

Deny    in     ip         192.168.111.0/255.255.255.0       192.168.100.0/255.255.255.0

Can you please check with above rule?