Hi guys.
We have a "Guest" Wireless Network with Standalone APs and we want to go out to the Internet without having access to the other internal Subnets-Networks.
We also have an ASA and under that we have Distribution Layer Switches were happens all the Routing for all the Subnets with SVIs.
My Question is, which is the Best Practise (Including security) to where the Routing for the Guest Vlan should happen?
A. To the Distribution Layer Switches with the SVIs and VACLs that deny the communication to the other VLANs or
B. To the ASA
Thank you.