I'm not sure what you're asking here, and also don't understand Alessandro's response. By definition, a non-trunk port must not pass tagged traffic. So if it's not tagged, there's no tags to apply nor strip. Please clarify what you're really trying to do.
daphnissov
The idea is this: Suppose I am connect a WAN to a physical Nic connected to the vSwitch0. I would like to segregate that traffic to a vlan, say, vlan 60, so that only VM's connected to a port group assigned to that vlan would get that traffic.
Usually this is done by connecting the WAN to a physical switch and assigning that port to a vlan, but I wonder if it is possible to do it directly on a Nic, not going through a physical switch.
Another use case would be to select which port groups and its vlans would have data flowing through the uplink, so that we could block some traffic from getting out of the switch.
No, VLANs aren't just imaginary--they have to physically exist and be tagged external to the host. So if you need VLAN segregation, you need a managed switch capable of 802.1q tagging.
The Great vSwitch Debate – Part 1 | Ken's Virtual Reality
Scroll down to figure #7 but you should read all chapters
Regards,
Joerg