A broad topic, I know..... I have some more specific networking questions myself, but thought it would be interesting to start with a broader discussion.
I want to try and contain the conversation to better understood concepts and setups, rather than the those more commonly seen in the homes of network engineers... But I don't know how best to set the parameters... So all I can ask is for people to try and KISS....
My particular interest does (I would say) break these boundaries, in that I am interested about how to have more than one router managing the network at any time, allowing one to go down and the secondary to pick up the slack.
From an engineering approach wires always work, you have to contend with what is supported for signaling for the wire plant which is normally nework switches for ethernet. I have done RS422 networking (serial line) for smart switches and control panels in the past and they were rock solid but there are very few devices today that use serial line protocol.
Moving forward to today's standards everything that is "consumer" grade seems to be moving to WIFI and ZigBee. These networks are also reliable as long as you account for the devices that are you attaching. Most home hardware can't do more that like 40 to 50 devices on WIFI due to how those routers are configured in firmware, how chatty devices are, and if the device is battery what is the connect, send/receive data, and disconnect transactions have on the network.
As for setting up us "Professional Consumers" have isolated the networks for IoT, automation, cameras, etc. This does provide security and isolation based on function which makes the network more reliable.
If you want to see something really cool look at the networking they do in space with time triggered ethernet and even that has come under some security concerns but that is way out of the consumer league:
I am not a network engineer but after screwing around with consumer grade gear for far too long I took the plunge and went with a fully managed network, Every switch and AP is an end run back to a distribution switch, all of it is PoE, and everything that can easily be reached with wires is wired. I also have my network segmented so home automation traffic and IoT traffic are isolated from the rest of the network, and there's a gamers/guest network too.
It was expensive and time consuming to set up but it has been awesome. I should have gone this route years ago and stopped screwing around with all that mesh stuff.
Kind of feel like this is a loaded question to a point.
I think what @brad5 presented above is probably a best practice. That kind of setup would help in so many ways. Improved security, ability to manage network devices independently and scale up for more if needed. overall better visability into their activity, dedicated hardware for specific purposes vs trying to handle everything on piece of kit.
Perhaps not in this forum, but I would imagine most folks though wouldn't be interested in going down the network rabbit hole this much. That is why home routers exist the way they do now. The best consumer grade gear should in theory should be a robust true Mesh network system that is supported wherever possible by wired backhaul/network connectivity. But the term Mesh network has even been polluted by marketing BS that makes the term mean nearly nothing and is frequently misleading.
I fully agree with what @brad5 stated above. I don't consider myself a person that has signficant technical skills. I am good with logic puzzles and like using computers, so HE is a good fit for me, but I have nowhere near the technical skills I see displayed on this forum by many members. But even I, went with a fully managed network. Access points in and outside my home, with wired backhaul to the switch, most of the computers wired back to the switch. I feel it is orders of magnitude better than an all-in-one router/switch/wifi device, and probably an order of magnitude better than something like Google Nest Wifi Pro (although I believe this option already has a thread router built in).
I looked at Ubiquiti UniFi and TP-Link Omada, and after talking with the network administrator of the high school I work in, I went with Omada. I felt Ubiquiti was superior, but Omada was signficantly less expensive and I am still light years ahead of my old setup.
Easy enough, with the above setup, to put IOT devices on their own vlan, and things like cameras on their own vlan with no internet access. Wifi performance in and outside the house is beyond great and I would be comfortable with any amount of smart devices that are wifi based.
One of the reasons I run cisco switches...My main backbone. Watchguard Firewall and Unifi AP's with gigabit backhaul. You get tired of failure after a while. Easy to read too
Haha, I have the same 3750 switch, but haven't deployed it yet. I'm using an old trash picked(from work) Cisco 2960 POE but have filled all 24 ports. It's been the most reliable thing I've ever plugged in in the last 4 years. I run PFsense on an old I7 4000 series(Datto SB2000) with a 4 port Dell PCI network card, and use 3- Orbi satellites in AP mode. The AP's all use ethernet backhaul.
Have you ever had a router go down? I never have, and I've been online at home since the early 1990's with my sexy Zyxel (and I miss you, Compuserve).
Seriously, double routers seems like overkill (but that's what we do around here, right?).
UPS everywhere is my motto, as loss of power is a real thing that does happen to me. As noted already, Ethernet first, WiFi if I must.
Buy the best router and APs you can afford (and can understand how to set up). VLANs! Separate IoT, family, and work devices. VPN! If you can't access your network when you're not home you're going to regret it at some point.
Backup router and network settings & configs! At some point either you or a vendor update will hose things up in a bad way. Be ready to restore backups if needed, that means having the backup files, and knowing how to restore them.
I actually went down the UPS route recently, got two APC's, one for the Study and one for the Lounge Room where all the cool stuff lives. Came home the other day and everything seemed to have reset itself. Not a big deal, stuff still worked, I probably rebooted a few hubs and things, but it was ok (I do still have to get my washing machine Kasa plug back online).
Probably not the exact situation I am looking to solve, more the case when I need to restart the router, for whatever reason. Would be nice to have something else to pick up the slack.
And like others have mentioned, separation of IoT and home does seem like a good thing to do, though without additional users in the house 99% of the time, would feel like overkill. I expect amongst all of this, wiring more of my devices and probably an AP downstairs in the garage would be the things to focus on for me.
Cisco switches are tanks. I have at least 8 of these on the shelf brand new. They never die. Maybe the power supplies go (rarely) but easy to hot swap out. The one above is poe and all ports. (actually all of them are)
Honestly I hate pfsense. The amount of tweaking and then the way it does web blocking is maddening. Almost as bad as Sonicwall.... (Nothing is as bad as Sonicwall. Have no idea how they're still in business)
APC 1350VA (Sine Wave)
AT&T Fiber BGW320-500 modem
Pfsense on a (old) Dell T620
Ubiquiti USW-24-POE
Ubiquiti U6-Enterprise (6E) AP's
The modem is "free" with the AT&T fiber service but I hate that I'm intrinsically paying for a switch, router and AP (not to mention worthless HBO MAX) when all I want is a modem.
Being able to configure whether updates are applied automagically or manually is a must. I'm tired of getting unexpectedly porked by a vendor update. One reason I like HE so much. Sure, some of the updates cause issues (which are identified and corrected with remarkable rapidity), but at least you have control over when it's applied.
Backing up configurations automatically is a must too. Lots of residential routers have the option to backup or export a config file. I want nightly backups to the cloud.
I also want a fully managed network from a single console. It makes things so much easier to manage and troubleshoot. And yes I know that limits my flexibility and tends to lock me into a single vendor but that's a tradeoff I don't mind making, I've been on way too many calls where we're trying to figure out is it the ISP, an MPLS issue, the Palos, the Cisco gear, the F5, etc. (Only to find out it's an application issue, which we kind of knew it would be all along, yet we still have to prove it.). That's ok in the enterprise space where best-in-breed advantages outweigh, but man I don't wish to recreate it at home.
I forgot to add that most ISP providers equipment is crap also. AT&T and their Fiber and VDSL offering doesn't just give you a simple port for termination you have to run everything though their firewall/gateway and even with "pass though" you have to content with packet loss because all they do is address re-writing when received which slows things down. Their WiFi standards are lowest common denominator for features and they send a lot of telemetry back to the ISP on what is on your network and how devices use it. You can't slice and dice your network other than sometimes having the option for a "Guest" network.
I have 3 VLAN's and distributed AP's using Unifi AP's. My switches were Cisco until some license key expired in the equipment I purchased used and turned off my core and distribution switches. We all know that Cisco loves licenses. I since moved from Cisco to Netgear then to Unifi switches for the vlan support. My router sits behind a AT&T gateway and it's a Protectli 4 port running Untanged and has been rock solid for 5 years.
I have to ask this question. How often do we really suffer a network problem at home on consumer gear. I can count the times I have at home on one hand since the 1990's. I started with that linksys wireless B router with a 4 port 10/100 switch, then a WRT54G with a 4 port swtich and latter 8 port switch, then a WNDR3700 from Netgear, then for a while use my ISP's router, after moving got a Netgear WNDR6200V2, and now have been on Google Wifi since. The router,AP,Switch combo was never really be a problem. The issue I have had are related to other gear doing stupid things on the network like a Eufy Wireless camera breaking all zigbee in my house, or a Dell Laptop doing a multicast flood making the Netgear 8 port switch shut down.
Beside those two events that occurred to me, I remember being at a friends house for some gaming and we had issues because someone else brought over a computer that had some nasty stuff on it and flooded the network.
From a basic functionality I haven't seen all these problems that people seem to be talking about here. Don't get me wrong I don't doubt for a second the best practice is what Brad5 has stated and has been repeated, but i really don't see it as bad as other are stating here. This is especially the case depending on the users desire to tinker. The change to something more should be for additional features and control as I doubt reliability is much of a issue.
@mavrrick58 I would say that 20 years ago consumer equipment had all sorts of issues. You had to content with ISP that were popping up like dandelions in your lawn and having different standards and TOS for their services. Many didn't even think you would be sharing there services with multiple devices. If you put a router behind their services they could terminate you because their business models were based on "number of devices" connected.
As the market for ISP's started to roll up to the big telecoms and cable companies we then started to see multi device support with customer provided routers and the market exploded from companies like D-Link, Linksys, and others. Those routers were mostly solid for NAT since most used open source code to create their router/firewall.
Then the Wifi revolution started and every vender bolted on Wifi to their routers and that started the issue with stability. The old routers were wired very stable, Wifi was in infancy and constantly evolving. Every 3 to 4 months new devices were coming out with outrageous performance numbers promised. Hardware kept getting faster for embedded systems, Wifi standards and radio chips kept coming out and the consume we left in the cesspool of competing standards.
The the ISP's decided to solve this muddled world with their gateway that were gong to do all the handwork of making it simple for the consumer and also reduce the support costs of running the ISP. At this point in time standards solidified less things failed to connect but we are still missing out on protecting our devices, that is the next step in the evolution. Those that crack the IoT security along with personal device security and do it cheap, easy, and ubiquitous will be the next winner.
I think most failures weren't in hardware but software and configuration as the root cause. But the average consumer doesn't understand that and assume they have a hardware failure. But just in case I do maintain a LTE backup for my internet if/when AT&T has issues. There are some consumer devices that have dual WAN ports (Asus I think). But I would state not many folks use them.
