I found this thread whilst looking for information on Windows 7 and VLAN tagging support. imagoon, who is obviously trying to be very helpful, is off on quite a few routing/switching comments, so I am going to clarify and correct.
You network cannot exist without multicast (I really meant broadcast here even though it is the same basic tech at layer 2). Switches only keep MAC addresses in the table for a certain amount of time before they drop (ie not see frames from that mac on that port) after that the frame will get flooded out all ports that the frame didn't arrive on. If there is any place in the network where that frame can loop back and land at the switch, it will keep being flooded until the segment collapses.
Your network absolutely can exist without multicast. It is completely different. It uses a one-to-many method. Only IPv4 networks require broadcast, which is a one-to-all method used for building ARP tables, which are used for delivering packets within a broadcast domain. IPv6 does not use broadcast.
Switches don't have "MAC" tables. They have ARP tables, in which an IP address is mapped to a MAC address. Much like a cookie in a browser, the entry in the ARP table refreshes as long as you keep the session active. ARP entries do time out, but only after some inactivity.
sw1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.254.246 6 10bf.48bc.10ea ARPA Vlan254
Internet 10.0.254.241 0 001d.92dd.c610 ARPA Vlan254
Internet 10.0.254.226 145 0090.a99f.768c ARPA Vlan254
If there is no IP -> MAC entry, no "frames" go to all ports. An ARP request is then broadcast and, if there is an ARP reply, a new entry is put into the ARP table. Packets containing actual data (headers and payload) only make their way to every port if you are using a hub.
Bridges are rarely 802.1q aware. They are very stupid devices and not used anymore. The software ones are just as stupid and typically just spit out whatever arrives on one side to the other. So if this bridge decides to start bridging both VLANs on to the second NIC that you have the test device attached to you will see frame leakage and the like. Also if one guy decided to bridge it wrong, there may not be and issue until user #2 makes a mistake and you end up with 2 bridges on that network forming the loop for example.
You're confusing a hub for a bridge. Hubs are indeed "dumb" and seldom used anymore. A bridge is entirely different. A bridge is taking a router port (not a switch) and bridging two broadcast domains, in order to create one. In order to do this, you need a router and it has to be managed in order to configure it as a bridge port, or simplified, you are turning a router port into a switch port.
I am not saying you can't make it work, I am more concerned about putting network config like this in that hands of developers who likely have varying understandings of the mess the could potentially cause. I know as an IT guy I wouldn't even consider exporting 802.1q frames out to a workstation like that.
I disagree. VLAN tagging is an excellent way to minimize network cabling and simplify network management. I have three tagged VLANs on my FreeBSD workstation and I've never had an issue; it only increases topology efficiency and security.
If you are worried about this being above someone's pay grade, then perhaps hiring a network engineering consultant for a day or two is something you should consider.