Unable to Obtain DHCP address when I have ACL rules


Requesting assistance on below issue.

Have a DHCP pool associated with VLAN111 for WLAN2. I want to block access to other local VLAN 1. However when corresponding ACL are added to do this - WLAN2 clients can no longer obtain an IP address from this DHCP pool. I have tried several combinations of rules to achieve this - allow access to default gw etc but nothing works. 

ACL rules:


VLAN 111:

DHCP Pool:

Without the ACL rules, everything works - VLAN 111/WLAN 2 clients obtain IP from the DHCP pool 1, they can access the Internet BUT also have access to all other VLANs on the network. 

WLAN 2 is supposed to be a hotspot network and we cannot allow access to production LAN from WLAN 2.

What am I missing?

Clients connected to WLAN2 on VLAN111 gets the ip with subnet 192.168.111.x, and VLAN1 is

If you want to block access  to VLAN1 for clients  

Below should be ACL rule with "Deny" policy and "in" Direction

                                   Source IP/Mask                                        Destination IP/Mask

Deny    in     ip

Can you please check with above rule?