I have need to prevent devices with a specific VLAN tag from receiving DHCP on a group of ports on one particular switch - they instead must be set as statics.  I want to force this so the users must set a static on the device before it can work rather than relying on DHCP.  I need DHCP to continue to serve all the rest of the network as normal for that VLAN. 

Things I have tried:

Switch ACL to prevent "Network - Tech" > DHCP Server IP Ports 67-68 UDP applied to only that group of switch ports specifically

Switch ACL to prevent DHCP Server IP Ports 67-68 UDP > "Network - Tech" applied to only that group of switch ports specifically (reverse of above)

Switch ACL to prevent UDP Ports 67-68 > IPgroup_Any applied to only those ports

Switch ACL to prevent IPgroup_Any > UDP Ports 67-68 applied to only those ports (reverse of above)

I have tried the above 4 ACLs using the DHCP servers source switch port instead

I have tried using the DHCP servers MAC address in a MAC group, and used ACLs in both directions to and from it.

I still, always get DHCP served on those ports!

WHY ?????

The only way i can seem to block DHCP is a blanket UDP 67-68 > IP_Group_Any applied to all switch ports across entire network.

Can anyone assist?