How to set up a home wifi that works well for your family:
- If your Internet Service Provider (Spectrum, Charter, Telia, whatever) has given you a modem:
- Keep the modem.
- Immediately turn off the wifi part of the modem and never, ever use it again. ISP routers are crap.
- Buy a mesh-capable wifi router system.
- My recommendation is a Synology RT2600ac (slightly cheaper) - or a Synology RT6600ax (more expensive but newer and faster). 1
- If you need additional wifi access points to cover a larger area, buy one or more Synology MR2200ac access points. They work very well with the RT series routers and provide a seamless Internet experience across a large area.
- You can also look into the Ubiquity ecosystem, if you want to go the professional route (without enterprise pricing levels).
- Link up the mesh wifi units with cat5e ethernet cabling (or cat6 if you're really cool).
- Do not use wifi to connect them unless you're desperate.
- Also run cat5e (or cat6, cool boy) cabling to your office computer, your printer, and the TV.
- Give your most common devices (printer, TV, etc) fixed IP addresses (reserved DHCP addresses) so they stay the same.
- Secure your router.
- Replace the master password on the router immediately. Do not use the default password unless you have an urge to be part of a crime syndicate botnet and run cryptominers for other people.
- Enable automatic updates.
- Configure the router to restart weekly.
- Disable external access (access to the system administration from the internet) unless you really, really need it.
- Configure the Wifi portion.
- For 2.4 GHz networks, use channel 1, 6, or 11 for best results. This minimizes overlap with other possible Wifi networks (from your neighbors).
- For 5 GHz networks, set it to auto.
- Make sure you use WPA2-Personal security and a reasonably difficult password.
- Disable WPS. Do not use. Many implementations of WPS may be insecure.
- Feel free to set up a guest network. Make sure it's secured. Use time limits to block connectivity during the night.
- Configure parental controls.
- Synology has best-in-class parental controls.
- Change the DNS setting on the router to the IP address
220.127.116.11. This is a public DNS run by Cloudflare that protects against malware and pornography.
- The IPv6 version of the above is
2606:4700:4700::1003, if you run IPv6. 2
- While you're at it, you may want to configure your family's phones to use
Private DNS and set it to
family.cloudflare-dns.com- this is the same as 18.104.22.168 above but uses Private DNS, works over IPv4 and IPv6 networks, and effectively prevents DNS queries for any adult content - and it works regardless of whether you're on Wifi or not.
This should get you up and running with a decent system.
1) I would love to be sponsored by Synology, but alas, I am not.
2) I don't run IPv6 because Azure does weird things with IPv6 from time to time. Otherwise I would love to have it enabled. Synology routers handle IPv6 very well.