Using a non-routable VLAN is not the best option, it won't improve your security, ACLs aren't a guarantee either but at least you can make some restrictions. What will guarantee the security of your network are a series of features, my favorite in particular is using authentication on the wired network, because at least that way you prevent anyone who connects a cable to your network from being able to use it. Not even a firewall guarantees 100% security, it is enough for a user to access something improper that your entire network can be compromised. So in my opinion, the more security features you use, the more restricted you can make your network.
... View more