XEN server, UniFi and VLANS

I dug myself in to a VLAN hole which I now know the reason for but I can’t find an explanation as to why this is the case …

I have a VLAN on my XEN server for servers/management interfaces.
I have a dedicated NIC that I expose this on.
I set the Unifi Switch port profile to the same VLAN and everything became inaccessible.
Worse still my Unifi controller was on this network on a Docker host.

Having read further I found this :
"To configure the switch on a VLAN network, you must configure it as follows: Port connected to XenServer on the switch must be configured as trunk port. "

I don’t understand why this is the case.
Why does Xen Server need trunk access on this NIC/port to negotiate the VLAN?
Are there any security issues with this?

How did you setup your VLANs on Xen server? Is there a router involved in your setup?

An external network attached to a NIC.
Assigned to a number of VMs.