@ArjanKS 

Hey

This is possible indeed

Just thinking out loud here but it should work for you.   Im guessing you want to offer 3x internet type packages?   50  100  300 as you mentioned?    If so you would be best setting 3x VLANs and using them to control your bandwidths for each vlan.. that's simple enough

Have the 3x VLANs connected to 3x SSIDs and use the new PPSK feature..  that way it will allow you to allocate different Passkeys to each apartment on the same SSID. 

EG,  Apartments 1-4 all want the 300mbps offering so connect to the 300mbps SSID and VLAN.    Apartment one you create the passkey  1234   apartment 2  abcd    apartment 3   4567  etc etc..   They connect their devices as they need.  Should someone in apartment 1 scan for devices, he will only see the device connected with his key, not the other apartments, even though they are on the same SSID.. hope that makes sense?   Might be an option for you!  Basically each apartment will have their own passkey

To do this you will need hardware that supports its, this a VERY new feature so firmware are only just out for it.. do some checks first cause I'm not 100% offhand what devices have the updated firmware at present.. i know most of the ceiling mounted APs do, not sure on the wall models.

Also WiFi6 (EAP6xx wall) devices are now out, may be a good option to splash the extra $$ now.  Means should you upgrade to 1gbps internet its not swoping wall boxes everywhere to handle the new speeds.

My one concern would be the actual ports on the wall versions (the jack for plugging in), you may need to disable them or stick them on a guest vlan to stop anyone bypassing the vlans.. one to think about.

In terms of hardware..  you would need to go full omada on this one and ditch the HP switch

- 1x OC200   (OC300 would be overkill)

- 12x EAP225-Wall   (consider the 6xx range)

- 3x TP GB Switch     Could you get away with one 24 port POE?  something like the TL-SG2428P

- 1x  Omada Router.  The ER605 would suffice, you will need the router to terminate the vlans. 

Hopefully helps?

  @Philbert 

Other option is 12 vlans with 12 ssids - 1 for each apartment, set bandwidths on each vlan individually as required

Then enable only that one SSID on the appropriate AP for that apartment.

Its another way of doing this...  may require more admin time however.. 

  @Philbert 

Thanks for the reply (and sorry for the late reply!) I wrote it, but forgot to publish and had to rewrite it.

Yes, that's correct. Right now they just share their 500MB with everyone. But because there are some people abusing it (uploading almost 80% of the day). With the solution they have now, they have to accept it (since they can't make any changes)

I assume the AEP615-wall should be good enough. (price is ~90 euro)
megekko . nl/product/0/910627/TP-LINK-Access-Point-EAP615-WALL-Omada

The AEP235 cost ~70 euro

computeruniverse . net/en/p/90825240

TP Link SG116 Switch

computeruniverse . net/en/p/90736252

ER605

megekko . nl/product/2144/1120883/Bedrade-Routers/TP-LINK-Router-VPN-ER605-Omada

Their internet is 500MB and will not be upgraded in the next 1 to 2 years because the 500MB is the fastest they can go now.

I know there are 6 apartments that are using their own access point on it because they have some devices connected with a cable. So this has to be separated. (right now, they can see all the devices and got complaints from people especially looking for them)

The hardware:

1x OC200 ~85 euro

12x  EAP235 ~ 800 euro
3x SG116 ~150 euro
1x ER605 ~50 euro

The cost if we take the 235 will be around 1100 euro

If we take the EAP6XX it will be around 1400 euros.

Right now, the access points having as their SSID the apartment numbers eg. 102/103/201/202/301/etc. Is there a way to keep it this way and give each EAP235/EAP615 their own SSID (eg 102) with 50mb (eg 203 100MB)?

Never used the Omada, so sorry for the questions.

Thanks again

Arjan

PS; have an amazing weekend!
 

  @ArjanKS 

Hey Arjan

Sounds like you have the makings of a plan there!   However one thing isn't right for your setup, as you are going to be using VLANs then you need a SDN compatible switch to handle this, which the the SG116 is not.     Also unless you are intending to run a heck of a lot of injectors, you are going to need a POE switch to power the APs, if this is at all possible then one 24 port POE SDN switch would be better than multiple.   Something like the SG2428P would be my recommendation, or the SG2210MP if you only want 10 port switches.    Sadly this is going to increase your costings..

Are the 6 apartments that have their own APs getting new APs?  or sticking to their own?   If sticking to their own, create then a VLAN and apply it to the port in their apartment, that way as soon as they jack in their own hardware its going to be on that's apartments VLAN, that will also stop them seeing anyone else.  

VLAN for each apartment is likely the best way to do this if honest, more work setting up but offers you more control overall.  You can then apply bandwidth controls as you feel necessary based on those VLANs.

AP wise, yeah you can create 12 SSIDs (one for each apartment) and then apply those SSIDs to the VLANs.   Note the APs only broadcast a max of 8 SSIDs, so turn off the non used ones on each AP.. eg.. on Apartment 102  disable SSID 101  103  201  etc etc.  leaving just 102 broadcast.  Sadly the APs try to broadcast all by default! 

To control bandwidth, easy..   you can create bandwidth controls on the controller as you feel  (500 down / 50 up etc).  Then apply them to the VLANs as needed. 

I have added a screenshot below of what I think this should look like.   Sorry but you will need an SDN switch 

  @ArjanKS 

Then in that case you will get away with just a standard / Non POE switch, provided its part of the SDN range and manageable via the controller

  @Philbert 

Thank you again! Sorry for the short answer, but it was late, and didn't want to reply after too much time.  

I can use the " T1600G-28TS V3 JetStream 24-Port Gigabit Smart Switch with 4 SFP Slots" since it's noted that it's supported by Omada? Or do I need a different model?

If the T1600G can be used, it will be the following hardware I need:

1x ER605
1x OC200

1x T16000G-28TS V3
12x EAP235 or EAP615

I will set up the controller on an old PC to see how it looks and get myself familiar with it (or maybe just get a controller, since its lifetime warranty, and maybe I will use it more in the future if it all works fine)

Thanks again!

Arjan
 

  @ArjanKS 

Hey

Unfortunately you will need a different model, the T1600G-28TS switch is of an older generation and not compatible with the latest version of SDN.   For a full compatibility list its best checking the controller firmware release notes, these list the actual devices it supports.

Link below to the latest OC200 firmware release notes, should give you more info

https://static.tp-link.com/upload/firmware/2022/202205/20220512/OC200.pdf

Honestly, its best no scrimping too much on a switch, ultimately remember this is the central point of your network and its where most of your controls and performance comes from.   Any switch starting 2xxxx is the older generation, 3xxxx is the latest.   There is nothing wrong with using a 2xxxx switch if its cheaper, just wont be supported as long for future upgrades.

  @Philbert 

So it will be the "TL-SG3428"  (computeruniverse(.)net/en/p/90829638) because the other ones are the older generation and the other ones are either 8port or 48 ports. The TP-Link TL-SX3016F is also an option, but its 10GB and they will not have that anytime soon and it will be overkill for now. It would be better just to replace it when the time comes.

  @ArjanKS 

Yes that will do you perfectly!    No don't be splashing out for 10gb switches, that would be totally overkill for what you need

As you say its unlikely any WAN speed over 1gb is going to appear in the next few years for you, therefore 1gb ports are more than sufficient.   Should that miraculously change in 2-3 years the price of 2.5gbps ports should have dropped to more affordable by then