I have a switch that trunks in VLANs from pfSense and seems to be working. Confusion simply starts where I have a client connected to the switch that can ping devices in the VLAN but the port in which the client is connected to it not trunked… am I missing something here?
This would happen if your trunk port also happens to have a router at the other end. Some switches have this they are called Layer 3 switches because they can do inter vlan links. Standard managed L2 switches don’t do this.
What is likely going on, Device on untaged vlan 2 port, traffic up the trunk - trunk over to router, router has access to multiple vlans. Routes traffic to vlan 1.
PF Sense is a router so it would stand to reason that your not getting vlan isolation as expected because your routing the traffic between vlans.
As a test just unplug the trunk port to pfsense and see if your client can still talk to other clients in other vlans.
A vlan is just a L2 collision domain separator. If you trunk vlan 1 and 2 into a router and allow an ANY/ANY rule on any firewall then your going to get cross vlan traffic. Either remove the route from the table, or add a firewall filter to block traffic.