Help with network setup

Hi, i have been stuffing around with my working network to make administration a bit easier. How i would like it to work is have my ER Lite setup so it becomes the DHCP for all my vlans and then have the cambium access points centrally managed via the cloud admin tool. My problem at the moment is that everything on VLAN 1 is working fine but a seperate VLAN (30) does not appear to work as expected. The wifi client just gets stuck on trying to retrieve IP .

The E600 is set up as follows:

ACL:

Trunk:

VLAN:

On my DLINK switch:

And finally, on the erlite:

firewall {all-ping enablebroadcast-ping disablegroup {network-group IOT_VLAN_BLOCK_NETS {description "Drop IoT traffic to other VLANs"network 192.168.1.0/24network 192.168.20.0/24}network-group LAN_NETWORKS {description "RFC1918 LAN Networks"network 192.168.0.0/16network 172.16.0.0/12network 10.0.0.0/8}network-group VIDEO_VLAN_BLOCK_NETS {description "Drop Video Camera traffic to other VLANs"network 192.168.20.0/24}}ipv6-receive-redirects disableipv6-src-route disableip-src-route disablelog-martians enablename IOT_WIFI_PROTECT_IN {default-action acceptrule 10 {action acceptdescription "Accept IoT WiFi Established/Related"protocol allstate {established enablerelated enable}}rule 30 {action dropdescription "Drop IOT_VLAN_BLOCK_NETS"destination {group {network-group IOT_VLAN_BLOCK_NETS}}protocol all}}name IOT_WIFI_PROTECT_LOCAL {default-action droprule 10 {action acceptdescription "Accept DNS"destination {port 53}protocol udp}rule 20 {action acceptdescription "Accept DHCP"destination {port 67}protocol udp}}name WAN_IN {default-action dropdescription "WAN to internal"rule 10 {action acceptdescription "Allow established/related"state {established enablerelated enable}}rule 30 {action dropdescription "Drop invalid state"state {invalid enable}}}name WAN_LOCAL {default-action dropdescription "WAN to router"rule 10 {action acceptdescription "Allow established/related"state {established enablerelated enable}}rule 20 {action dropdescription "Drop invalid state"state {invalid enable}}}options {mss-clamp {mss 1412}}receive-redirects disablesend-redirects enablesource-validation disablesyn-cookies enable}interfaces {ethernet eth0 {description "Internet (PPPoE)"duplex autopppoe 0 {default-route autofirewall {in {name WAN_IN}local {name WAN_LOCAL}}mtu 1492name-server auto}speed auto}ethernet eth1 {address 192.168.1.1/24description Localduplex autospeed autovif 30 {address 192.168.30.1/24description IoTfirewall {in {name IOT_WIFI_PROTECT_IN}local {name IOT_WIFI_PROTECT_LOCAL}}mtu 1500}}ethernet eth2 {address 192.168.2.1/24description "Local 2"disableduplex autospeed auto}loopback lo {}}port-forward {auto-firewall enablehairpin-nat enablelan-interface eth1wan-interface eth0}service {dhcp-server {disabled falsehostfile-update disableshared-network-name LAN1 {authoritative enablesubnet 192.168.1.0/24 {default-router 192.168.1.1dns-server 192.168.1.1domain-name xxxxxllease 86400start 192.168.1.38 {stop 192.168.1.243}}}shared-network-name VLAN30_IOT {authoritative disablesubnet 192.168.30.0/24 {default-router 192.168.30.1dns-server 192.168.30.1lease 86400start 192.168.30.50 {stop 192.168.30.100}}}static-arp disableuse-dnsmasq enable}dns {forwarding {cache-size 400listen-on eth1listen-on eth1.30name-server 192.168.1.1name-server 1.1.1.1}}gui {http-port 80https-port 443older-ciphers enable}nat {rule 1 {description "DNS Redirection"destination {port 53}inbound-interface eth1inside-address {address 192.168.1.1port 53}log disableprotocol tcp_udpsource {address 192.168.1.2-192.168.1.254}type destination}rule 5010 {description "masquerade for WAN"outbound-interface pppoe0type masquerade}}ssh {port 22protocol-version v2}unms {disable}}

Please advise.

Image already added