Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multi-Tenant security on Cisco 3750

Hi guys,

I have a 3750 switch with IP routing enabled and have lots of VLANs configured on this switch.

What is the best way to prevent VLANs from talking to each other?

At the same time, hosts inside their respective VLANs should not be blocked from reaching any private networks as they could be doing some L2L with another site.

Blocking the VLANs from accessing/telnetting the switch was very simple as I was able to do this in the VTY line section. However blocking VLANs from accessing the other VLANs on the switch seem to be hard and I think there has to be a recommended way of doing this. For example, if hosts in one of my VLANs, in this case VLAN-204 ( want to hack or scan hosts on one of my other VLANs, in this case VLAN-330 (, how can I accomplish this without blocking VLAN-204 hosts from accessing another network they have a site to site tunnel with with the same destination address of



  • LAN Switching and Routing
Everyone's tags (4)

Re: Multi-Tenant security on Cisco 3750

Hey bigcat,

I see an ACL, source routing, VRF (but only in software possible on 3750) to archives your goals. In the moment I have no other idea, it would be much helpful to get a complete overview about the situation and which should be allowed and which traffic has to be blocked.



pls. rate if that help.

Cisco Employee

Multi-Tenant security on Cisco 3750

Please use private vlans. This will be you best bet in addition to what Seb has mentioned above.

Hope this helps.


-amit singh