An L2 device can not route, so no, inter-vlan routing can not occur on it directly, and aggregating the VLANs on the modem would require that the modem device can trunk and route VLANs.
I'd recommend getting a used cheap Cisco L3 (or equivalent) switch, enable inter-vlan routing, and create VLAN Access Control Lists to define who can see what from where. You'd have three VLANs... marketing, dev and WAN.
You'd allow both VLANs access to WAN (stateful), marketing/management stateful access to dev, and block all inbound from dev to marketing (and likewise block WAN to either internal).
Two separate VLANs must communicate through a layer-3 device, like a router.
Devices on a VLAN communicate with each other using layer-2. Layer-3 must be used to communicate between separate layer-2 domains.
Assuming the most common communications (layer-2 is ethernet and layer-3 is IP), when a host on a VLAN wants to communicate with another host on the same VLAN, it discovers the other hosts layer-2 (e.g. MAC) address with something like ARP, and it sends the frame to the MAC address.
When a host on one VLAN wants to send something to a host on another VLAN, it must use a layer-3 (e.g. IP) address. The host will use layer-2 to send the frames to its defined gateway (router). The router will strip off the layer-2 frame and inspect the layer-3 packet for the destination layer-3 address. The router will then look up the next hop for the layer-3 address. It will then create a new layer-2 frame for the layer-3 packet based on the layer-2 LAN on the interface where it needs to send the packet for the next hop. Other routers which may be in the path to the end LAN will repeat this process until the frame is placed on the final VLAN, where the receiving host gets the frame.
You should search for the OSI model and learn how it works. Just remember that it is a model, and some things in the real world don't necessarily work exactly like the model would predict, but it will give you a gross understanding of how data travel from an application on one host to an application on another host.
Best Answer
Brief answer, they don't. A VLAN is a virtual LAN. It is a means of logically dividing one physical switch into multiple virtual switches.
If you have two different physical switches (no VLANs configured) can the devices connected to each switch communicate? No, not unless there is something that facilitates or allows the communication between the separate switches.
Simplest solution is then providing a physical connection between the two switches (i.e. connect a network cable between the two). This now allows devices on one switch to communicate devices on the second switch...at least at L2. This also works with VLANs. If you simply want L2 communication between two different VLANs, all you need to do is provide a connection between the two.
A router is necessary for L3 communication to take place. Say you have multiple devices all connected to one switch with no VLANs (or all to a single VLAN) with half of the devices using a 192.168.10.0/24 subnet and the other half using 10.168.10.0/24. Can any two devices on different subnets communicate with each other? The answer is yes and no.
Yes, they can when you are talking about L2 communications. But if you want to connect to them using L3 (i.e. IP), then no. To allow devices on two different L3 subnets to communicate, the traffic must be routed across the L3 boundary. This is where the router comes into the picture.
The likely source of your question is the common perception that a single VLAN is associated to a single IP subnet. While this is often the case, it is not always so. You can use multiple different IP subnets on a single VLAN, and you can use a single subnet on multiple VLANs. Both are possible, although you really should understand how this works and more importantly why you would want to do so before you do.