Victor
If you have created the VLANs and have configured appropriate routing so that they can communicate with each other and now you want to restrict some access you would need to create some access lists and apply those access lists to the layer 3 interfaces where the routing is being done.
You have not indicated what IP addressing you are using so we can not create exact examples. But assuming that VLAN 101 is using addresses in 172.16.101.0 and that VLAN 103 is using addresses in 172.16.103.0 then the access lists might look something like this:
access-list 101 deny ip 172.16.103.0 0.0.0.255 any
access-list 101 permit ip any any
!
access-list 103 deny ip 172.16.101.0 0.0.0.255 any
access-list 103 permit ip any any
Then on the layer 3 interface for VLAN 101 you would configure:
ip access-group 101 in
and on the layer 3 interface for VLAN 103 you would configure:
ip access-group 103 in
These access lists will not let any traffic sourced from VLAN 103 to get into VLAN 101 and will allow all other traffic. And it will not let any traffic sourced from VLAN 101 to get into VLAN 103 and will allow all other traffic.
HTH
Rick
HTH
Rick