VLAN with interval route to single server

we have a stack of two N2048 switches - we only need VLAN on 1

VLAN default = 1

Vlan 2 PVID = 21

We need a single port for an ESXI host to carry all traffic - which appears to be working -
We need 10 ports on the VLAN to only get the VLAN traffic un TAGGED so no tagging on Desktops - 

default LAN is 10.10.0.0
VLAN 21 192.168.50.0
Switch has a VLAN 21 IP interface set at 192.168.50.100

there is an internal Firewall (opnsense on vmware) - working  on VLAN 21 IP 192.168.50.1 it may allow some traffic to outside - but we want single ip passthrough between lans 

we want two way traffic from an AD server to & From VLAN AD server is at 10.10.0.60 which is on the same switch as the VLAN and two other servers - we want the VLAN firewall to provide DNS for those the AD server providing AD DNS but could propagate to opnsense in VLAN.

Default gateway in office is 10.10.0.254
This should be super simple - through the GUI it is not supported well by documentation but I see CLI may be quick and easy.