Simple switches; no vlan tags.If I had to guess, I'd say the switch is passing the traffic but it's the hosts that are dropping the traffic. The switch will have its table populated with all the MAC addresses its learned, so when a frame comes in, it just pushes it off to the host as it should. I'd guess that the destination host receives the frame but because the vlan tag on the packet doesn't match it's own vlan, the host drops the packet. Though this wouldn't explain why two hosts in the same vlan couldn't communicate....Wireshark could probably shed some light on what's going on if you were so inclined.
I've seen switches labeled as vlan capable, which I imagine means it's a managed switch that allows you to set vlan configurations per port, causing the switch to build separate mac tables for each vlan.
If I had to guess, I'd say the programming on the switch cut corners for speed and firmware size, so learned only the characteristics of the first network it saw and built it's arp->port table relative to that.
So instead of aa:bb:cc:dd:ee:ff = 192.168.2.1, it might be aa:bb:cc:dd:ee:ff = 1, knowing that the network is 192.168.2.0/24.
Someday I may test that hypothesis out.