Hi s_sa, you may try to make port 1 and 2 as protected port. Any port which is a protected port can't communicate to any other port but the upstram (port 3 uplink). This is not prohibiting intervlan communication but if your scenario is as simplified as the diagram, then this is a working solution since the port 1 and 2 won't talk to each other but they will both talk to the port 3 subnet and port 3 subnet will talk to both of them.
If that is not sufficient, you need to build an ACL for this and apply to each affected port. Keep in mind, the ACL is INGRESS only. Here is an example-
First navigate to Access Control -> IPV4 Based ACL
Next click the IPv4-Based ACE Table and add a rule, on my example deny 192.168.1.0 to 192.168.2.0. This means all INBOUND traffic where this ACL is applied will block 192.168.1.0 traffic to the 192.168.2.0 but the 192.168.2.0 INBOUND to the 192.168.1.0 is NOT blocked. Also note, the priority. I use increments of 10 so I made add needed rules in between. Please note you will need a permit any, any ACE rule as all access list have an explicit deny all (you can't see)
Lastly, apply this to the desired interface
-Tom
Please rate helpful posts
-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/