Hi, I am new at VLAN so please be patient!:) A*s far as I understood the concept of the VLAN it is useful for separating different LANS from each other improving the security. I tried a really easy use of VLAN package and I was not able to get it work as I desired. VLAN2 eth3 eth2 VLAN3 PC A ----------------------------------------> PC B ----------------------------------> PC C All of them are Linux boxes. At PC B there is IP forwarding switched on. So I configured at PCB eth2.3 interface and eth3.2 interface with class C addresses and different subnets. The eth3 and eth2 interfaces at PC B are up with 0.0.0.0 ip address. The PC A and PC C interfaces are also set to use vlan tags. In this case PC A eth1.2 PC C is eth1.3. If I try to ping from PCA the PC C than I can do that!!! How can it be?! Why should I use iptables to DROP those packages?! It think VLAN should do this by itself?! How can I do that that there is a subnet instead of PC A and all the VLAN3 tagged package goes to PC C but nothing from another VLAN?! Another question about VLAN over MAC address. Is that already in use?! Shouldn't be there a table which tells which MAC address is associated with which VLAN ?! How can I filter out the wrong packages not to send to wrong VLAN based on MAC address? Thank you in advice. Csaba --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.751 / Virus Database: 502 - Release Date: 9/2/2004