Netgear VLAN – Understanding VLAN Configuration on Netgear Smart Switch

I'm having some difficulty getting my head around the VLAN settings in a NetGear Smart Switch (GS724TS). Can anyone help me?

My understanding is:

• All incoming packets effectively have
  a VLAN number which is determined
  from a tag attached by another device
  or (if no tag is present) based on
  the port's PVID value.
• Outgoing packets can then be sent only to
  those ports which are members of the
  VLAN to which the packet belongs (set
  in the "membership" part of the
  switch's UI).
• Optionally, ports can tag outgoing packets.

Ports and PVIDS are 1-1 mapped, but a port may be a "member" of several VLANS. My problem is that I don't seem to be able to make this feature do anything useful… what am I misunderstanding?

If I assign the following:

Port    PVID    VLAN Membership
===============================
a       2       2, 10
b       3       3, 10
x       10      2, 3, 10

I would expect traffic to flow between ports a and x (and b and x). Presumably a and b would be isolated from one another, unless the device connected to x itself routed traffic between them. In my experiments, all traffic comes in and leaves untagged (no other VLAN capable devices are working on the network).

What I'm seeing is that no traffic (to be precise DHCP requests fail, web requests from computers with already assigned addresses timeout) flows unless the PVID of X is set to 2. Of course, this is no use for devices attached to port b.

Have I missed something? What is the point of ports being in multiple VLANs if they only route incoming traffic based on the PVIDs matching on both incoming and outgoing port?

Edit: I'm trying to determine whether I can share an Internet connection between two VLANs (without members of one having visibility of the other) using just the switch or whether I will need a VLAN aware router as well.