Suppose you have a layer 2 switch with support for 802.1q, and want to route traffic from one VLAN to another VLAN you can use a linux box for that.

VLAN is Virtual Lan and it is created with equipments such as switches that support the 802.1q protocol, which manage to insert a ‘tag’ in the ethernet frame, this tag identifies the VLAN to which a packet belongs. If you have two VLANs in a switch is like having physically two switches, as the packets from one does not pass to the other, if you need to pass traffic from one to another VLAN you will a layer 3 switch, and enable the internal virtual router, but you can do that with a Linux Box, this way.

apt-get install vlan

– this is to install the vlan software –

modprobe 8021q

– This is to load the 802.1q module –

vconfig add eth0 2

vconfig add eth0 3

– Creating two vlans over the eth0 interface –

ifconfig eth0 0.0.0.0 up

– To make only the VLAN interfaces to have traffic, be sure you have the eth0 up or you will see no traffic at all –

ifconfig eth0.2 10.1.1.1 broadcast 10.1.1.255 netmask 255.255.255.0 up

ifconfig eth0.3 10.1.2.1 broadcast 10.1.2.255 netmask 255.255.255.0 up

– Asume you have this two VLANs 1 is 10.1.1.0/24 and the second is 10.1.2.0/24 and you want traffic between them –

Now you have this done, configure your one of your switch ports to belong to VLAN 2 and 3 at the same time, and connect your linux box to that port.

echo 1 > /proc/sys/net/ipv4/ip_forward

– To enable packet forwarding on the linux router –

route add -net 10.1.1.0 netmask 255.255.255.0 gw eth0.2

route add -net 10.1.2.0 netmask 255.255.255.0 gw eth0.3

That should be all. If you want to see what is happening you can use Ethereal on your linux and will get a graphic like this

http://www.go2linux.org/pics/single_pictures/Screenshot-vlan.png