Usually ISPs provide you with an all-in-one appliance for your setup. Their device(s) includes modem, router, switch and access point features.
Although this might be good for a very small office, it might be better to separate the functions for a bigger network. This will avoid having a single point of failure and increase security and efficiency.
If possible, set up the ISP router in pass-through mode and disable the Wireless feature. Set up your own router equipment such as your Firewalla or another Firewall. Make sure that you don’t have any other internal resources except your firewall plugged-in to your ISP modem.
On your Firewall you will plug your switch and/or Access Point(s).
We usually promote UniFi equipment but it requires either a UniFi controller software installed on site (which might not be possible in small offices), on the cloud (paid option) or a cloud key (paid option). For very small offices using another Wi-Fi vendor such as Netgear or TP-Link might be an alternative. Prefer the latest WiFi standard (802.11ac ⇒ WiFi5 or even better 802.11ax ⇒ WiFi6) and security standards (WPA2 for WiFi5 or even better WPA3 for WiFi6).
For security reasons, always remember to change the default password on all your equipment and make sure to install the latest firmware versions.
Consider whether to broadcast the WiFi signal on the 2.4 GHz band, the 5 GHz band, or both. Some info comparing 2.4 GHz with 5 GHz can be found here.
- 5 GHz can carry about 3x the bandwidth as 2.4 GHz, but the signal is more easily degraded by walls and solid objects. So 2.4 GHz has a range about 3x greater than 5 GHz.
- Many Access Points offer simultaneous 2.4 GHz and 5 GHz signals, which lets each device decide which band is better for its particular location. This is the ideal configuration.
- But if your network runs off of backup power for a significant part of the time, then it might be wise to use only the 2.4 GHz band in order to reduce power consumption. Users will have less available bandwidth, but you will need fewer Access Points to cover the same area.
It’s good practice to use a WiFi scanner to scan the networks and check for nearby signals. If using 2.4Ghz, follow the rule to leave at least 3 empty channels between neighboring channels and the one you want to use to avoid interference (this does not apply to 5Ghz). Create a great SSID, a long password and you are good to go.
If you have a Firewalla you can watch this webinar to see how to use your Firewalla app to check the quality of your WiFi near your users.
Whenever possible consider creating a guest WiFi SSID to give to visitors and make sure this network only has access to the Internet but does not have access to your LAN.
Think about the resilience of your WiFi network. Installing only one AP creates a single point of failure. You might want to consider installing more than one to overcome this issue. The same question arises should you have many APs. It might be good to physically install them so that another can cover the area, even in degraded condition, should the main AP have a problem.
You might like to view this video
Windows Network Connections
Securing a SOHO Network