I suggest you do some research on VLAN to get familiar with the feature.  There are many resources online (try google search) also there are some whitepapers here:

 

that discusses VLANs (not for the 27xx specifically but at least provide you with general info on how VLAN works for other switches).

There are many considerations for setting up VLANs but to answer your questions specifically:

• Whether you setup the VLAN member as "T" (tagged) or "U" (untagged) depends on whether you want the packet to be sent out the port with the VLAN tag or without.  If the device you connected to the port is a VLAN aware device (such as another switch) then you can send tagged packets especially if you were trying to trunk multiple VLANs through the port.  If the device is a host/workstation and if it is connected to more then one VLAN (e.g. some servers may need to communicate on more then one VLANs) and if the host is using a VLAN aware NIC then you might want to tag the packet going to the host to allow the host to distinguish between packets on different VLAN.  However, in your configuration, I'm assuming you have a host connecting to each port which is probably not VLAN aware.  In this case you probably would want the packets to be "untagged" when it gets to the host since the host would not know what to do with the VLAN tag and may drop the traffic.
• Regarding "Admit tag only".  Again this depends on whether the device connected to the port sends tag or untag frame.  If the device is a host which is not VLAN aware, chances are that it sends untag frame so if you enable "admit tag only" you will drop untag packets from the device.  So probably this is not what you want to do.  Now the problem is if the traffic comes in untag then how does the switch knows what VLAN the traffic is intended to be on?  Well you can configure that by setting the "PVID" (permanent VLAN ID) also known as the "native VLAN ID" for the port.  This means that the switch will treat all untag packets as if they are member of the PVID VLAN.
• The ingress filtering enable tells the switch to not allow ingress traffic for VLAN to which the port is not a member and should be left on normally.

Cuong.

Thanks for the info. It helped greatly. I created a VLAN PVID=3. This VLAN has traffic on the same subnet of the switch. (switch 192.168.1.185 255.255.255.0) I cannot access the switch, however from a computer plugged into a port in the VLAN. The VLAN ports are marked "U" , assigned to PVID=3, and "Admit All". Am I configuring something incorrectly? Thanks!

On the fully managed switches (PowerConnect 53xx, 33xx, 34xx, and 60xx series of switches) you would normally be able to configure an IP address for management on each VLAN which allows you to get to the switch management IP address on any VLAN you access.  However on the 27xx which is a basic switch with only some configuration, the management VLAN is restricted to VLAN 1 only.  So when you configure the IP address of the switch the IP address is assigned to only VLAN 1.  So on a port that's not a member of VLAN 1 you would not be able to access the 27xx management IP address.

On a different port, try leaving that port membership on VLAN 1 with PVID = 1 and then see if you can get to the management IP address from that port.

So on any other fully managed switches, you can define an IP address for any of the VLAN on the switch.  This would allow you to access the switch management interface from any of the VLAN.

Cuong.