New Wifi network with multiple suites/businesses

  • 1
  • Question
  • Updated 5 months ago

I'm having a very interesting setup for a site that's been put into my inbox, there are 8 AP and a switch connected to a router.
The site is 12 suites, which are rented out to small businesses. Some of the suites accommodate 2 people others up to around 8. Probably around 70 seats in total.
What they are wanting to do is have each of the 12 suites connect to the wifi network with there own password. Which is changed when that suite is rented to another business. They don't each device in the suite to use different passwords.

The router is running a DHCP server serving IPs on Currently there are 12 SSIDs on the wifi network which is definately something that needs changing. There is no need for a guest network.

What I'm thinking, and please tell me if I'm on the right track here, is to create a single SSID, using PPSK for each of the 12 suites?

So first thing is to remove the 12 SSIDs to get rid of the congestion. I've never setup PPSK before and not to sure as to the process of having to do this or if I'm even on the right path here.

Photo of Wayne Steed

Wayne Steed

  • 2 Posts
  • 0 Reply Likes

Posted 6 months ago

  • 1
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
It sounds like you’re on the right path. Create 12 SSIDs using PPSK on twelve vlans and subnets with firewalling to prevent traffic between the suites and perhaps even perform traffic shaping so no single suite hogs all the bandwidth.
Photo of Doug


  • 14 Posts
  • 0 Reply Likes
This sounds like a great plan BJ. Appreciate your input on this.
Photo of Paul Smith

Paul Smith

  • 9 Posts
  • 0 Reply Likes
A single ssid with ppsk would work. You'd need to decide if you wanted to disable inter station traffic or not. With it enabled they'd all potentially see each others clients. With it disabled clients in the same suite wouldn't be able to share resources.

If there was an AP in each suite it would be the perfect use case for the new private client groups feature. You'd have 1 SSID, 12 PPSK's and tether each ppsk to a suite, all traffic for that ppsk is then tunneled through that AP and visible to any device using the same ppsk. At the moment you can only tether one ppsk per AP so would need the extra AP's.
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
To expand on what BJ and Paul mentioned, the PPSK option gives you nearly unlimited flexibility in the approach.  You can create 12 User Groups with 1 PPSK in each group.  Assign each PPSK group to a unique User Profile (matching VLANs and Attribute numbers) and you could get the segregation that you seek while unifying every tenant under a single SSID.  

Add/remove a PPSK from the specific group tied to each suite when an existing tenant leaves and/or new tenant arrives and you should also have a pretty quick and easy new deployment.  

With each User Group, you get the flexibility of firewall policies and any other feature applicable under that umbrella per "group".  
Photo of Wayne Steed

Wayne Steed

  • 2 Posts
  • 0 Reply Likes
Sorry for the late response guys, been busy with some personal issues. Will give these a read tonight. Quickly reading through them however seems that I'm on the right path here. I'm most certainly going to have some more questions when i've digested these responses.