I noticed that there was support for a per user mac/wpa if there was 30 users with different authentication phrases then would there be a very heavy load on the system, I have been looking for something to use with a public saftey agency where if some one was sniffing they would only see there packets in there group like DTF could only see there packets with a sniffer and Patrol could not sniff DTF's packets .

Atheros uses hardware encryption and does not degrade much, if at all..

There are two kinds of WPA, one is WPA-PSK (pre-shared key), and WPA-EAP (authentication via radius server).

With WPA-PSK, this is the easiest to setup however there is one shared secret per BSS, and not per-user.

WPA-EAP is designed for those needing higher level of security, however it will authenticate against your own back-end radius server. Depending on the EAP methods you choose, (such as PEAP, TTLS, TLS, etc.) you can have your customers use a variety of different authentication methods / pass phrases. There is no additional load on the AP using either of these methods as the radius server will be doing a majority of the work for key exchanges.