Hi s_sa, you may try to make port 1 and 2 as protected port. Any port which is a protected port can't communicate to any other port but the upstram (port 3 uplink). This is not prohibiting intervlan communication but if your scenario is as simplified as the diagram, then this is a working solution since the port 1 and 2 won't talk to each other but they will both talk to the port 3 subnet and port 3 subnet will talk to both of them.
If that is not sufficient, you need to build an ACL for this and apply to each affected port. Keep in mind, the ACL is INGRESS only. Here is an example-
First navigate to Access Control -> IPV4 Based ACL
Next click the IPv4-Based ACE Table and add a rule, on my example deny 192.168.1.0 to 192.168.2.0. This means all INBOUND traffic where this ACL is applied will block 192.168.1.0 traffic to the 192.168.2.0 but the 192.168.2.0 INBOUND to the 192.168.1.0 is NOT blocked. Also note, the priority. I use increments of 10 so I made add needed rules in between. Please note you will need a permit any, any ACE rule as all access list have an explicit deny all (you can't see)
Lastly, apply this to the desired interface
-Tom Please rate helpful posts
Please mark answered for helpful posts
Article ID:4006 Configure Secure Shell (SSH) Server Authentication
Settings on a Switch Objective Secure Shell (SSH) is a protocol that
provides a secure remote connection to specific network devices. This
connection provides functionality that is similar...
Article ID:4982 Access an SMB Switch CLI using SSH or Telnet Objective
The Cisco Small Business Managed Switches can be remotely accessed and
configured through the Command Line Interface (CLI). Accessing the CLI
allows commands to be entered in a termina...
Article ID:5735 Convert Configuration Files using the Configuration
Migration Tool on Cisco Small Business Switches Introduction The Cisco
Configuration Migration Tool allows you to convert configuration files
from previous generation of Cisco Small Busin...