Which approach is better -- Multiple SSIDs or Single SSID

Question

I am setting up wireless network in an university where we have a broad base of users type like Students (some are of graduation course, some of PG, Ph.D students and others); supporting staff, faculties, resident staff (along with their families).

I have to design the wireless network keeping all those user base in mind.

I have two options for providing wireless access to the users;

I need inputs (pros and cons) on these options -

OPTION I

Separate SSID for each user category (like separate SSID for IT students, separate SSID for commerce students; and so on).
If i go with this approach, i will ends up in creating roughly 20 SSIDs and in this approach i will be able to apply policies based on user category and can also limit the time period for different user group.

OPTION II

Second option, i am thinking about creating single SSID for all the users (or may be 2/3 SSID). In this approach, i will need not be required to create 'n' number of SSIDs and will only needs to advertise ONE SSID for all the users (and this will help me in keeping the things simple).
But what i will miss in this approach is the granularity and will not be able to apply different policies for different user base.

I am open for any other approach also and i want to do the things in best possible manner.
Please suggest with which approach i should go ahead and if possible, explain pros and cons of the same.

Answer 1

Option with large number of SSIDs is undesirable because access points will broadcast beacons for each SSID 10 times per second on the lowest mandatory speed. It may consume significant airtime especially if you need to support legacy 802.11b/g standards. There are recommendations to use no more than 3-5 SSIDs on any single AP (link1, link2). Depending on the functionality of the network equipment different policies may be applied on a per-client or per-user basis.

Answer 2

You could differentiate user groups by using a radius server and certificates. I believe some AP can even use this to set specific VLANs. You get a lot of flexibility but you need to assign a certificate to every potential client.

or you could assign each user group to a different subnet thanks to the DHCP server (but that does not sound very secure as people could manually change their IP to get more priviledges)