Here is an example using ACL's to create a guest network. This prevents internal users from accessing internal private addresses and allows them to the internet.

interface Vlan199

description Guest

ip address 10.97.199.1 255.255.255.0

ip access-group 199 in

ip helper-address 10.xx

ip helper-address 10.xx

access-list 199 permit eigrp any any

access-list 199 permit udp any any eq bootps

access-list 199 deny ip any 10.0.0.0 0.255.255.255

access-list 199 deny ip any 172.16.0.0 0.15.255.255

access-list 199 deny ip any 192.168.0.0 0.0.255.255

access-list 199 permit ip any any