VLAN
There’s two things you can set on the port for VLANs:
- tagged or untagged
- PVID
tagged / untagged is for packets leaving the switch
If the port is set as untagged, then it tells the switch that the device(s) connected to that port are VLAN unaware, so any packet to be forwarded from that port out of the switch must be forwarded with the VLAN tag removed. If the port is set as tagged, then the destination device is VLAN aware, and packets will be forwarded with VLAN tags. So tagged / untagged is for packets leaving the switch.
Packets arriving at the switch port
Now for packets arriving at the switch port. If the packet arrives with a VLAN tag, then, provided that port is in the VLAN matching the tag, the packet will be forwarded; so if you have set a server NIC for instance to apply a VLAN ID , then the packet arriving at the port will be tagged. So in this case you have a VLAN aware device forwarding packets already tagged , then you would configure the port into the appropriate VLAN as a tagged port. Note that if the packet arrives at the port tagged for a VLAN of which the port is not a member, the switch will drop the packet.
If a packet arrives at the port without a VLAN tag – PVID
If a packet arrives at the port from an end device carrying no VLAN tag, then the switch will add a VLAN tag which corresponds to the PVID, and then forward it within that VLAN; so the PVID mechanism allows you to have traffic originating from a non-VLAN aware device to become an 802.1q packet, so that it can traverse to other switches and still be contained within the correct VLAN; so PVID is for non tagged packets arriving at a port on the switch.