If you have the ability to tag on all VLAN's you might as well do it. The only reason not to would be for devices that do not support VLAN tagging i.e. Computer hooked up to a Phone and phone hooked up to the switch. In this case, we have a device, pfsense, that has the ability to tag all traffic for the appropriate VLAN, you might as well do it. Just my 2 cents worth. I didn't say it wouldn't work in the way it is setup. I only stated that the difference between my config and his was that tagging.
Curtis
