Think that you would need Allow any any at the end of your lists to allow everything else.
Also the initial DHCP request goes to 255.255.255.255 (broadcast), which in your list is not allowed.
It works. I leave photo here for reference.
Both ways below are work.
Visitors are able to get ips from dhcp server, unable to access intranet, able to access internet.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.