Everytime i do something with vlan's on the tp-link switch i am getting confused.

I have a Pfsense firewall / router on a netgate 1100 and configured port 24 as the uplink to the lan port on the pfsense.

I have 5 vlan's configured on the tp-link switch. 1 vlan default and 4 other vlan's.

some ports are untagged member of a particular vlan and port 24 is a tagged member of all 4 vlan's. Every port is untagged member of default vlan. Also the port on the switch where my ubiquiti is on is tagged to all vlan's this is port 7. The AP has multiple vlan's configured and the AP itself is on port 7 PVID 1 (default vlan). The SSID's on the AP are the other vlan's, vlan only.

When i connect to the Ubiquiti AP with a client let's say to a vlan 3 SSID i get an IP from vlan 1, thats wrong but that means i did something wrong with the ports tagged of untagged i think. The vlan's on Pfsense are the same as the vlan's on the tp-link switch.

When the configuration of the vlan's is like this:

VLAN 1: all ports untagged

VLAN 2: ports with PVID 2 untagged member of this vlan and port 7 and 24 tagged

VLAN 3: idem but now the ports have PVID 3.

etc.

Above is the right setting with tagged and untagged trafic?

When a client connects to a SSID in vlan 3 it must get an ip from Pfsense from vlan 3 because the traffic is tagged in vlan 3 an goes to port 7 and 24 to Pfsense i believe.

I also did connect the OPT port in Pfsense to port 9 on the tp-link switch. Port 9 on tp-link is PVID 10 and no tagged ports on port 9. Made an vlan 10 in Ubiquiti AP and a SSID connected to that network. I can connect with the SSID in vlan 10 but get an ipnumber of another vlan....

So must port 9 be tagged to certain vlan's on the tp-link switch? how does the port knows if traffic from vlan 10 must go through port 9 which has no vlan 10 on pfsense?