GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan

So I have a Unifi AP serving 3 SSIDs- normal traffic, an IOT vlan, and a Guest vlan. The AP is connected over a single cable to the GS110EMX into port 5 and the GS110EMX is connected to a PFsense router. I also have 4 CCTV IP cameras- 3 are feeding to an unmanaged POE switch, and one that connects directly to the GS110EMX. The POE plugs into ports 3 and the other cam into port 4 on the GS110EMX.

The AP is configured to tag packets for IOT as 2 and guest as 3. So the GS110EMX recives the packets on port 5 already tagged or some as no tag.

I'm trying to create a vlan on the switch for the CCTV cameras. I've assigned ports 3 and 4 to vlan 4. 

Here is the basics of my vlan setup:

VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)

VLAN 4: 1 (T); 3 (U); 4 (U)

This setup results in the vlan 4 working fine, but I lose any wifi traffic that is tagged. When no vlan is enabled on the switch, all traffic from the AP passes through the switch to the router with the tag intact and is assigned to the correct vlan by the router. When I create vlan 4 on the swtich, the wifi traffic that is tagged no longer is passed to the router. The wifi traffic that isn't tagged passes through just fine.

I don't know much about vlans, I'm still learning. As an experiment, I tried to create vlans on the switch for each of the wifi vlans, like so:

VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)

VLAN 2: 1 (T); 5 (U)

VLAN 3: 1 (T); 5 (U)

VLAN 4: 1 (T); 3 (U); 4 (U)

In this case, it does seem that the packets tagged 2 and 3 are passed from the switch and sent to the router. The router logs show a dhcp request for devices in the 2 and 3 vlan, but the dhcp requests just time out and no addresses are assigned. I'm not sure why the tagged wifi traffic gets routed and recieves an address just fine with passing through the switch, but when I set up vlans, the router can't do anything with them.

Hope this makes sense and TIA!