Suppose you have a layer 2 switch with support for 802.1q, and want to route traffic from one VLAN to another VLAN you can use a linux box for that.

VLAN is Virtual Lan and it is created with equipments such as switches that support the 802.1q protocol, which manage to insert a ‘tag’ in the ethernet frame, this tag identifies the VLAN to which a packet belongs. If you have two VLANs in a switch is like having physically two switches, as the packets from one does not pass to the other, if you need to pass traffic from one to another VLAN you will a layer 3 switch, and enable the internal virtual router, but you can do that with a Linux Box, this way.

apt-get install vlan

– this is to install the vlan software –

modprobe 8021q

– This is to load the 802.1q module –

vconfig add eth0 2

vconfig add eth0 3

– Creating two vlans over the eth0 interface –

ifconfig eth0 up

– To make only the VLAN interfaces to have traffic, be sure you have the eth0 up or you will see no traffic at all –

ifconfig eth0.2 broadcast netmask up

ifconfig eth0.3 broadcast netmask up

– Asume you have this two VLANs 1 is and the second is and you want traffic between them –

Now you have this done, configure your one of your switch ports to belong to VLAN 2 and 3 at the same time, and connect your linux box to that port.

echo 1 > /proc/sys/net/ipv4/ip_forward

– To enable packet forwarding on the linux router –

route add -net netmask gw eth0.2

route add -net netmask gw eth0.3

That should be all. If you want to see what is happening you can use Ethereal on your linux and will get a graphic like this