Hello,

id like to ask on some advice for the following context and requirements:

- 3x EAP653

- OC200

- Smart Switches

- a few human users

- 50+ IoT devices

So far i thought to create a few VLANs: LAN(Management, Untagged), USER (Notebooks, Smartphones), IOT, DMZ and GUEST and have separate SSIDs for USER, IOT and GUEST. LAN and DMZ do not need to be accessible via WiFi.

Playing a bit with the recently purchased omada hardware, i realised i might not need separate SSIDs at all, since the PPSK features do allow to pin individual keys to specific VLANs.

Question 1: How secure is this separation? Is it simply logical, like when using tagged vlans via ethernet, or does omada somehow restrict clients from accessing other vlans and other wifi devices in the same SSID, but on different vlans?

Question 2: How big is the penalty on using separate SSIDs in terms of performance, especially given that this is not a high traffic environment and only a handful of users  do make actual traffic

Question 3: Having tested the PPSK w/o radius a bit, im unable to pin a client to a specific key. How can this be done? I can only see which SSID a client is connected too, but im missing crucial information on the PPSK and vlan/network being used. The vlan im only able to identify by matching the clients ip to my dhcp ranges.

Question 4: Ive read that PPSK are not compatible with Wifi 7 and 6 Ghz networks. Is this likely to change in the next 2 years or so? I guess i will have to upgrade to Wifi 7 APs at some point and would like to get around needing to set up the network and all the iot clients from scratch then.

Id really appreciate any advice / feedback on this.

Best
Moritz