Netgear smart switch: don't understand VLAN

Solution 1:

The normal use of VLANs is to separate subnets (e.g. 192.168.0.0/24, 10.20.0.0/16, etc) without using separate switches for each subnet.

The point of the PVID is to have the switch tag incoming untagged packets, say from a workstation or server. Normal NIC configurations do not tag packets for most devices.

If you were to connect a device capable of tagging its own packets, then it could talk along any VLANs the port has been given membership to. This is handy when you're connecting switches together, connecting to a router that understands VLANS, or using a server that needs to be able to connect to several subnets (virtualization, especially).

Solution 2:

Rather embarrassingly, after a spot of lunch and a reboot of the switch, it started behaving exactly as I imagined it should. I think this validates my original bullet-point understanding of the situation detailed in my question.

I'm going to leave the question up because, although the original question was perhaps bogus ("Why doesn't it work?", when it did), it does answer the underlying question and this (along with the valuable points made by Hyppy and blankabout) may be useful to others.

Just to reiterate: I wanted to know whether or not I could separate traffic between two VLANs but share a connection to the same router just by manipulating VLAN assignments in the switch (rather than having a more sophisticated VLAN-capable router as well). The answer is "yes, the switch can do it on its own", and for the record, I'm using a single subnet and one DHCP server, a configuration which is apparently fine.

Anything attached to port x can communicate with devices attached to ports a and b (and vice versa), but devices attached to ports a and b cannot communicate with one another.