This has been long overdue...
Forgive me, Machine God, for I have sinned.
I've neglected my home network for far too long, leaving it a mess as provided by my lovely ISP.
In my defense, I've long since wanted to do it, but both money and my chronic laziness when it comes to taking care of myself have always won out over me.
But no more! So come along friends, and let's see what I've cooked up. Perhaps it will give you some inspiration.
The Router
The ideal solution is obvious. Build your own router, using either OPNSense or pfSense. There are entire communities that have proven this is possible, enough tutorials and walk throughs to hold your hand so that even a novice can do it.
Alas, it's not the way I went - not yet anyway.
Why not?
Simply: Time and cost.
I wanted to get this thing over with and get an improvement right away rather than spend weeks sourcing the components, as the market for these things, even second hand, is almost non-existent in my country.
Before you even consider this, an important question to ask yourself is:
Does my ISP even allow it?
It's a sad reality that even in the year 2024, ISP's will still cockblock power users from managing their own end points the way they want.
And this might shock you, but I will play Devil's advocate here, and lay out the reasoning behind it - being a Support Engineer by profession.
You decide to start your own ISP. Maybe you will offer Fiber, ADSL, 4G LTE.
Whatever is the case, you need to engineer your network, and decide what will be supplied to the end user, and how to provide support to those end users.
You may develop your custom firmware for these devices to allow your support agents direct monitoring access to verify the performance of the network and report on any errors there might be. More critically, you are looking for a solution that will offer the best balance of performance/cost for your company. You need to test it to make sure "It just works" and train your personnel accordingly. Field technicians need to be trained how to effectively install it and troubleshoot issues during attendances that remote support is unable to fix. A service/uptime guarantee is required.
There are simply a lot of considerations when engineering a service like this. Every angle has to be considered, every failure kept to a minimum, and every possible issue known and documented so it can be dealt with. It has to be uniform, manageable.
But then, you also decide to be a good guy. That last part of the network, the router? You give your end user the power to switch it out if he wants.
And then you have Dumbus McGoofus. He has no technical knowledge of any description. He is not a power user. The most he does is watch Netflix and browses Reddit and some news sites.
One day, he comes across something. A Le Reddit post, perhaps a news article calling out ISP's and how the routers they provide to their end users are terrible.
He will not stand for this, so he right away searches for a new router on the electronics retailer of his choice. But he has no reference point, no idea what a router should cost. Is 70$ too much? Not enough?
Whatever! He will spend as little as possible. How much can this thing cost anyway?
He is smart and heard of this website called AliExpress, he can find something there.
So he spends some time browsing, and eventually by some miracle buys the cheapest router possible, avoiding the pitfall of just buying a repeater.
It arrives, he fumbles around with the cables and connects it. He has no further idea how to set it up, so he just uses the default WiFi SSID it gives him, using the default password with no further changes.
Any number of things can happen from this point.
The whole device just fails upon the first power surge.
The signal quality will be from 2001 and degrade his experience even more.
An enterprising individual will just want to mess with him and break through the flimsy default-password protection in a few minutes and cause havoc (Hello Greg!)
His network is broken. And he is very very angry.
So he calls your support hotline.
Your representative tries to help. They can't see the usual end point in their tools, so they inquire if he is using a custom router. He confirms that is the case.
So they inquire what kind?
He doesn't know. Something he bought off AliExpress.
Support still tries to help, painstakingly walking him through troubleshooting, but he is not having any of it. So he screams, he escalates the call, he wants a technician there. And he gets one. After all, you provide the internet, you fix it!
Your technician arrives, finds the piece of shit AliExpress router and just throws it out, as he does not know how to work with it, what it's pitfalls are and how to configure it. He reconnects your companies router. Everything jumps back into action and works smoothly.
That is the best case scenario.
Worst case scenario, the customer gets even angrier that you intentionally sabotaged him and threatens to sue, and cancels the contract.
What a headache.
You might consider the above scenario very pessimistic. But trust me: I have been there. I have seen things. Heard things. Spend hours trying to help people like that.
Yet, sitting here, considering all that, I want to have that option.
So what would be the middle ground?
A clause in the contract signed upon service commissioning that if you decide to replace the end point, you take responsibility and full liability to troubleshoot it yourself.
The option to call support, or visit a local office, make a verbal agreement or signed agreement that I wish to use my own router and take all responsibility for this choice.
There simply should be an option that I can go for and agree to it with my name if needed.
Fun question: Does your employer allow custom routers?
No.
To be really really fair to us, our "router" is a highly specialized piece of equipment, costing over 1000USD/unit, and the entire rest of the network is engineered around it, with further equipment which costs more money than I can feasibly imagine to engineer and maintain to keep it running.
Get to the point! Does your ISP allow it?
Honestly, I didn't know until now. I went in blind, not doing any research or bothering to ask.
My approach was: Either the answer is Yes, which is good for me, or No, so I will just take that L and setup a "Router behind Router" to be done with it.
As of now I had my ISP provided MikroTik router. The thing is hopeless.
It's permanently overheating, has no customization options, no mounting options, and from what I can tell is running the WiFi 4 standard. If I were living in a larger house, it long since would have been gone.
This is the replacement I chose:
https://www.tp-link.com/baltic/home-networking/wifi-router/archer-ax23/
Why TP-Link?
I have had long-term good experiences with the company. Previous router I used before the internet switch was from them as well. In 7 years of service, it needed to be restarted once...when the cats pulled it down.
Further it is WiFi 6 equipped, a nice upgrade from me (but then I am basically in the stone age right now, as far as wireless is considered)
Their devices are also, pardon the term, absolutely idiot proof. Even the individual in our story above would be able to set this thing up, and if they really wanted to grasp it's further functionality. At the same time, a power user has enough fun stuff to play around with to keep him interested. A nice balance you see.
The Setup
So the moment of truth approached me.
I first setup the TP-Link router in Bridge mode to test it's functionality, create some WiFi networks so that the TV can live "separately".
A tip in case you are having issues with Printers/Smart TV.
For whatever reason, some WiFi printers and Smart TV's just don't like Mesh networks, or being on the same network as many other devices.
If you are experiencing this, try creating a sub-WiFi network (separate SSID) in your router/access point and slap them on there. Had good results in my previous job.
Afterwards I disconnect the MikroTik tragedy, switch around the cables and...nothing.
Hmmmm....
I try a few different access protocols, Google around for information.
That is where I stumble upon a forum post from fellow customers of my current ISP, asking the same question. One of them contacted support and got answered that the MikroTik router "Is critical to access the network and authorize into it, containing the APN and other information, as such customers are not allowed to swap it."
Now I call bullshit on that.
The SIM is inserted in the antenna on the roof, and must therefore contain all of the APN information. Tracing down the type of antenna and researching further I find that is indeed the case.
The authorization part could still be true, but I believe there is a way around it.
You see the technician that was here for commissioning was a fellow nerd, very pleasant, and we chatted a lot, during which he revealed one information that proved critical all these years ago:
"[ISP Name] actually changed the MAC address of the router, for some reason."
The TP-Link router has a MAC cloning feature built in. So I find the MAC address of the MikroTik router with some trial and error, enter it in, hit Connect.
Boom. We are in!
With glee, I remove the MikroTik router and switch over all devices to the new WiFi network.
Mission Status: Complete
The Switch
I will not lie, I do not actually need to have a separate switch right now.
I am only connecting a single device - my computer - through Ethernet.
As such just using the provided LAN port's on the router itself would have served the same purpose.
The idea here is simple: future proofing.
As I mentioned above, I will eventually create my own custom router.
Before that I for sure plan on adding a NAS. Perhaps my own home-lab server for various tasks, be it trying different Linux distros, or to play around with different development technologies.
A console will find it's way into my setup down the line for sure.
Perhaps I will meet a lady friend that will find the way I get hypnotized by nerdy stuff endearing and she will want her own desk next to me, and I for sure will not leave her without a wired connection.
(I CAN DREAM ALRIGHT?)
So this is what I got:
https://www.tp-link.com/us/business-networking/easy-smart-switch/tl-sg108e/
Now the "no configuration required" is a bit of a bait - it does indeed require very minimal setup to get working...and a functional brain cell that makes you plug the cables in properly on the first try.
If you are struggling yourself:
Make sure you have modified the Private Network IP range in your router to something else other than the default, as it will create a conflict between the Switch and Router (in my case both wanted 192.168.0.1)
Afterwards I recommend taking the MAC address of your Switch, and reserving a permanent IP for it in the DHCP server.
Then just take the LAN cable connecting your PC to the router, and slap it into the Switch. In my case this resolved all issues and picked it up right away.
Gigabit Ethernet, VLAN's, IGMP Snooping, QoS management. It almost has it all.
The lack of PoE ports can be a drawback for some however I do not mind. In my limited experience, I always needed to reach for a PoE injector after the fact.
Speaking of that!
PoE Injector
The injector provided by my ISP is the most hopeless thing I have ever seen... and also strangely discomforting?
For a start, I can't seem to...trace it.
There is no serial number, no manufacturer identification. Only a label that reads "Made in China" with no further information.
There isn't even an LED to indicate it is functioning. Nothing. Just a tiny, black box, that for all I know has been beaming my porn preferences sensitive data to a Chinese server for the past 2 years.
Yet that is not what even pisses me off about this thing. It's how impractical the port layout is:
This might not seem like a big deal and actually logical. But why not have both Ethernet cables come out at the same side? Why have one side take two cables with different purposes?
That is not mentioning how flimsy this whole thing is. It has no weight or heft to it, meaning there is no way no anchor it in place, short of strapping it down or jerry-rigging some kind of wall mount. But none of that would help the way it just makes the cabling look and feel wrong. The slightest movement causes it to twist and turn, causing a cable spaghetti.
This is the replacement:
https://eu.store.ui.com/eu/en/collections/uisp-accessory-tech-poe-surge-adapters/products/poe-24?variant=poe-24-7w-g-wh-eu
Ubiquiti is a known, reputable player in the business. So already a good start. I know who makes it! (I am well aware it's most likely still from China)
Power comes IN on one side, and both Ethernet cables are on the other side.
There is a nice, simple "Yes, I am on, bro." LED on the front, and boy, does this thing pack some heft. It comes with an included wall mount, but I don't even need it. The weight and design of the thing itself prevents cable salads from being formed.
The price for me as a consumer? 15 Euros. I spend more on a single order of Mexican food.
Yet, my ISP feels the need to mass-purchase some disaster just to save a buck.
This of course will not matter to the average home user but those who look out for this sort of thing? Does not leave a good impression...
Next steps
So what comes next?
The primary concern for me is the 12 year old cable run going from the LTE antenna into the house.
Ignoring the age here, to be honest.
Ethernet cables are very long lived. Most of them are static parts of a network. Run them once, in such a way that they will not be stepped on or run over and you are golden. It's advancements in the underlying technology that makes them obsolete, rather than an outright technical failure. I have seen only a few truly broken cables in my time, and all of them had the same root cause: bad location, worn out over time, or just intentionally damaged.
This to be fair is not the doing of my current ISP. It was installed by the previous tragics, and during the commissioning of the new internet connection I agreed with the attending technician to just use it, as he was very friendly and I didn't want to bother him with crawling around the attic.
This thing...I wish I could tell you it's specs. I have no idea.
There is no marking on the cable itself, anywhere. My best guess it's Cat 5...something. FTP? STP? I have literally no idea. Only thing I am sure of is it's the cheapest thing that was on hand all those years.
The termination on either end is also a story on itself. I am constantly scared of the thing just snapping off whenever I have to move things around a little bit.
So next time we talk about my home network, I shall show you how to do your own loooong cable run.
See you then!
