edit: Ok so got a lot of it straightened out, I think part due to order of operations and flipping between the web ui, which sucks for this, and cli.
vlan and dhcp is working for vlan200 now on assigned ports, I just need to get my ubiquity ap to properly worth with the vlan for the guest network only.
But yeah, if anyone else reading this has issues with setting up vlans, ignore the web ui entirely except for a visual check after.
OK so a couple of things
1) Post up your config
2) I assume based on what you have stated that you have a spare interface in OpnSense you can plug into the switch for the 200 VLAN ?
3) So the steps on the switch would be
a) Create VLAN 200 - login as root etc, then en, then conf t, then VLAN 200
b) add the ports to the VLAN - the least disruptive way is to have a spare port on OpnSense and plug it into one port and the AP into the other
c) lets say opnsense in port 1/1/34 and the ubiquiti is 1/1/35
d) so as per step a above we should still be in VLAN 200 config
e) type tag e 1/1/34 - this will remove it from VLAN 1 and put it into VLAN 200 as a tagged port only
f) then type tag e 1/1/35 - same as above
4) At this stage you have two devices that will have to support VLAN tagging and will only have access to VLAN 200
5) on Opensense you need to make sure the interface that is attached to port 1/1/34 has a tagged VLAN 200 defined on it
6) You need to assign it a valid IP address in the 200 subnet and then make sure the DHCP server is applied to that interface and is giving out IP addresses relevant to that subnet
7) You need to make sure the AP has a valid IP in the subnet and that you have turned off the DHCP server on the AP and it is bridging between the wireless interface and the LAN and it is putting devices into the 200 VLAN when they are successfully authenticated