http://discussions.citrix.com/topic/246981-how-to-pass-a-trunked-interface-to-a-vm/

http://support.citrix.com/article/CTX123489

• VLANs allow a single physical network to support multiple logical networks.
• To use VLANs with XenServer, the host's NIC must be connected to a VLAN trunk port (switch or router).
• Creating a VLAN in XenServer is done through the process of creating additional virtual interfaces that correspond to a specific VLAN tag. This is done through the XenCenter Host Network tab by adding an External network name and assigning an NIC with a VLAN number.
• XenServer VLANs are represented by additional PIF objects representing VLAN interfaces corresponding to a specified VLAN tag.
• XenServer networks can then be connected to the PIF representing the physical NIC to see all traffic on the NIC, or to a PIF representing a VLAN to see only the traffic with the specified VLAN tag.
• When using VLANs the XenServer host handles all interpretation of the VLAN tags and strips the VLAN tags before routing packets to VMs.
• If the XenServer host has one or more VLAN networks configured on an interface or bond, it will perform the VLAN tag/untag operations for all packets that enter/leave that interface/bond.
• However, if no VLAN networks/bridges/whatever-the-term-may-be are configured on the interface/bond, then XenServer leaves 802.1q VLAN tags alone and passes the packets straight to the VM.
• If there are any VLAN interfaces configured on top of the base interface (either a simple physical interface or a non-tagged bond), XenServer strips off the tags, as it is responsible for both tagging and untagging of packets on that base interface.
• XenServer will leave 802.1q VLAN tags alone if there are no VLAN networks configured on top of your base interface, be that a single physical interface or a logical interface such as a bond.