Most folks are aware that extending 802.1Q VLAN trunks into the ESX host is a best practice recommendation. It enables logical separation and scale of the various traffic types (management, IP storage, VM applications, etc) without being constrained by the number of physical NIC ports. We call this Virtual Switch Trunking (VST). As the name implies, we are extending the VLAN trunk into the virtual switch from the adjacent physical switch. In this mode, the vswitch is the VLAN termination point, so the virtual links to the guest VM vnics, vmkernel, and service console are access ports. The Port Group definitions denote VLAN membership for these ports. The .1Q VLAN tag is stripped on ingress and applied on egress.
Note that while VST is the usual and best practice recommendation, it is just one of three modes available of using VLANs with ESX. Virtual Guest Trunking (VGT) and Externel Switch Tagging (EST) are the others. With VGT, the VLAN trunk is extended all the way to the guest VM. The VM then has access to all the trunked VLANs through the vnic. VGT is configured by selecting VLAN 4095 in the Port Group definition for the VM(s). With EST mode, the physical nics (vmnics) are connected to "access" ports on the physical switch with no VLAN tagged traffic reaching the ESX host and no VLANs configured through the port groups on the vswitch.
