Clients connected to WLAN2 on VLAN111 gets the ip with subnet 192.168.111.x, and VLAN1 is 192.168.100.141.
If you want to block access to VLAN1 for clients
Below should be ACL rule with "Deny" policy and "in" Direction
Source IP/Mask Destination IP/Mask
Deny in ip 192.168.111.0/255.255.255.0 192.168.100.0/255.255.255.0
Can you please check with above rule?