WiFi Network Security Options

Current homelab configuration:

1/ Pfsense 23.09 on SG-1100 managing all vlans

2/ Zyxel Access Points on SG-1100 OPT port in a mesh configuration

3/ Each wireless network is on a separate vlan. One untrusted wifi network for smart tvs, chromecast devices, echo dot smart speakers, roku devices, etc. The other wifi network is for users with higher levels of trust.

My question is should I enable Layer 2 blocking and/or intra-BSS traffic blocking for any or all of these wifi networks? Seems like L2 blocking is not needed because each network in on a separate vlan but I’m not sure about the pros/cons of intra-BSS blocking.

Any recommendations would be greatly appreciated.

As long as you have firewall rules that isolate the VLAN traffic from each other you should be good.