@LittleRob Assuming the clients are getting the correct IPs and the router ACLs are properly blocking interVLAN traffic.  With all ports selected for VLAN 1, that likely means that VLAN 1 is the untagged VLAN for all ports.  This doesn't match the PVID settings so all the clients will see VLAN 1 data.  Start with setting ports that don't need multiple VLANs to have only one and the VLAN untag is set for the matching PVID for the port (aka change trunk ports to access ports).  There should also be only one untagged VLAN on a port.

For example, Port 3 has both VLAN 1 and 200, but a PC usually can't make use of multiple VLANs.  So it would be best to set it to only VLAN 200, by removing VLAN 1 membership to Port 3 (uncheck the untag setting of VLAN 1 for Port 3).  Once VLAN 1 is removed from Port 3, VLAN 200 can be set to untagged for Port 3.

For the AP, also remove VLAN 1, unless the AP uses VLAN 1 for management, then VLAN 1 will need to be tagged and VLAN 800 untagged and the AP set correctly for a tagged management VLAN.