Hello,

basically, you just create your three SVIs, and then apply access lists:

interface Vlan5
ip address 192.168.5.1 255.255.255.0

interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip access-group 101 in

interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip access-group 102 in

access-list 101 deny ip 192.168.10 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 deny ip 192.168.20 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip any any

access-list 102 deny ip 192.168.20 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.10 0.0.0.255 192.168.20.0 0.0.0.255
access-list 102 permit ip any any

What about Vlan 5 access to Vlan 10 and Vlan 20 ? Should that be allowed or denied ?