Your router/access point/firewall is the most important piece of network equipment that you own. It passes traffic to and from the internet, keeps you safe and provides (or lays the groundwork for) your WIFI service. If you were going to splurge in one area of your network I'd urge you to do so here.To really understand your router, you're going to have to know a bit about how internet addresses work.

Your router's central purpose is to take internet data from your ISP (basically the world) and "route" it to your network (and vice versa). A router plugs into the internet and creates its own private network behind itself (which becomes your home network). It hands out unique private addresses

to every internet-capable device on your network and it's via these addresses that all internet magic happens, as each of your devices is assigned a unique identifier to the world. By convention, there are 255 possible addresses in your home network and their format is this: 192.168.1.X where X is a number from 1 to 255.¹ That should be more than enough for all but the most gigantic of homes.

You could individually assign your devices addresses; this is called giving a device a static address. Usually somewhere in the devices setup (a printer say) you'll have the opportunity to assign it a static address. The other option is to use what's known as a dynamic address. Every time your device starts up, as part of the startup it "asks" the router for an address and the router gives it one. This address is only good for a certain amount of time. Each time your device starts it might get a different address. This type of service is called DHCP for Dynamic Host Configuration Protocol, and was designed to make things easier for you. You only have to connect things to the network and turn them on, they will get their own addresses. Most devices default to this and it's fine.

A typical router will reserve about 100 of its possible 255 addresses to be handed out as dynamic addresses. You can see in the picture on the left, my router reserves the range of from 192.168.1.100 through 192.168.1.199 for dynamic addresses. You can also see that you can adjust this any way that you want. I usually leave it alone. 100 dynamic addresses are plenty for me. FYI it's good to know this range because if you ever want to assign something a static address you'll know NOT to put it in the dynamic range of addresses.² FYI this screen also shows you the default router address...the router is always known as the network gateway, and it's address 192.168.1.1. Most routers are configured like this. Alternatively you might see it configured as 192.168.0.1. Usually you'll never need to change or deal with this but it's very helpful to know your router's address if only to access it via the web in order to it to make configuration changes.

You'll see in the router configuration a lot of possible things to tweak. If your router is also a wireless access point, you'll be able to configure it here as well as things like a guest wireless network. You can configure its NAT services (name and address translation), DNS and a dynamic DNS (if you use one), most will have parental and access controls (mine uses MAC addresses to allow and deny traffic). You'll also be able to configure security which brings us to a brief discussion of

Firewalls (usually part of your router)

As the name implies, a firewall is a barrier. It takes its name from the walls in construction that are built of non-flammable material to keep fires from spreading. A firewall is a barrier to keep destructive things away from your network "property". Most routers have firewalls built in. This is especially important because one port of your firewall is plugged into is your ISP, or essentially the world: the wide-open and lawless internet. This port will be constantly scanned by malicious entities and probed to gain access. Your firewall should prevent most of this.

My router has a "Stateful Packet Inspection" firewall built in. It says:

"Stateful Packet Inspection (SPI) helps to prevent cyber attacks by tracking more state per session. It validates that the traffic passing through the session conforms to the protocol. SPI Firewall is enabled by factory default. If you want all the computers on the LAN exposed to the outside world, you can disable it."

Don't do that (unless you have a standalone firewall device attached), you'll very much regret it.

My firewall also has VPN passthroughs to be enabled or disabled. If you use a VPN (Virtual private Network, more about these in the upcoming security article), this option will allow the VPN tunnel to pass through the router/firewall. My firewall also has the ability to enable or disable Application Layer Gateways; this is useful for certain applications like FTP.

Wireless Service

Your router may have wireless service built into it, in which case it might also be referred to as an "Access Point" (AP). As an access point, your router broadcasts a wireless signal outward allowing your various wireless devices (phone, laptop, printer, whatever) to connect to your network, and via your network, to the internet.

Almost all routers have built-in access points and many work very well, but in my opinion this is not the optimum set-up. Remember they are radiating outward from their location, so unless that location is very centrally located in your home, there may be a part or parts of your home that gets weaker signals. Portions of your home (walls, refrigerators etc.) might block or attenuate the wireless signal, also weakening wireless service in some parts of your house. Ideally your home WiFi should be provided by 2 to 3 different access points - but, you may get great service with only one access point. A multiple AP solution is (of course) more expensive. My home has one router/access point (and a signal booster, more about that later). My home is also pretty small as homes go.

When purchasing and installing a router/access point, here's a few pointers to optimize your WIFI:

Make sure your wired internet works well. Plug a computer directly into your ISP box and run some speed tests (speedtest.net and fast.com are good places to start). If the speed you're seeing doesn't match the speed you're paying for, call your ISP and ask them why. If it does match what you're paying for but still seems slow, you may need to upgrade your internet plan. See my article on determining what speed you need for your home for more information.

Buy the best router that you can afford. By best I mean the one that conforms to the latest standards and one that is most highly rated, both by users and companies. Latest standards reference latest WIFI standard. Refer back to one of my articles regarding upgrading your own computer for specific information about wireless standards. You'll want a router/access point that's Wi-Fi 5 (802.11ac) compliant, don't settle for anything less. Read the reviews; also read Wirecutter to see what they recommend (their "budget pick" is my current router, a TP-Link Archer A7, though when I bought it, it was less of a budget pick).

Periodically, upgrade your router's firmware. All manufacturers provide a way to upgrade their router's firmware. The firmware is the software that's hardwired into the router that makes it work, and manufacturers sometimes upgrade it to add new features, new performance or fix security issues, so it does pay to check for updates and update it periodically. Sometimes it's as easy as clicking a button, sometimes you have to visit the manufacturer's page, find your exact model, download the latest firmware for it, then upload it to your router. Tedious but necessary.

Try to locate the router/access point centrally within your house as best you can.  Mount it as high as you can. Don't put it on the floor. There should be some air around it. Don't mount it close to appliances or electronics. Walls between your workspace and the router will degrade WIFI performance. Locating it centrally might involve some work on your part. For the longest time, I suffered with my AP in the basement as it was close to my cable modem (but I had it up near the ceiling at least). I still had issues with wireless in some parts of my home. Finally I bit the bullet and built two customer Ethernet cables, drilled some holes through the floor and ran those cables such that my AP now lives on top of a cabinet in my kitchen. This is about as central as I can make it and WIFI coverage is noticeably better. That's it on the left. I put aluminum foil on the wall behind it as that's an exterior wall facing to my neighbor's house, and I was hoping that the WIFI would bounce off it and back into my own home. A harmless fancy!

Use the right WIFI. While looking inside your administrative interface, note that you probably have a 2.4 GHz band and a 5 GHZ band. Note what name they broadcast under (or change the names). Try to use the 5 GHz signal, as this will give you more throughput (but doesn't tend to carry as far as the 2.4 Ghz). You could disable the 2.4 GHz channel, or name the two different SSID's so you could be sure to attach to the 5 GHz channel, or in your device there might be a setting to set a preference to 5 GHz when available.

Change Channels. Look in the administrative interface of your router and find the channels that your WIFI broadcast on. Now, using your cell phone, go to the Play Store (Android) and find an app called WIFI Analyzer by FarProc (or look at this article if you have an iPhone). Download and install it. When you run it, you'll see all the various WIFI signals in your area and what channels they are on. This is what I saw when I launch it here:

Note that 1. The area around my house isn't congested by a lot of WIFI signals, yours might be. And 2. All the WIFI signals seem to be on either channel 1, 3, 6 or 11. In the administrative section of your router you will be able to change the channel that your router broadcasts on. Simply change the channel to one without any other signals or a small number of signal. Less contention for signals equal better throughput. NOTE: The strong red signal on the right is my Dell laser printer that sits a few feet from my screen. It's broadcasting wirelessly but I don't use wireless to connect to it, so based on this I turned off its wireless broadcasting. One more security hole plugged!

Use a wired network. If your home workspace is near your ISP's hand-off device (cable modem or AT&T box), then bypass wireless entirely and plug your computer into the router (or a switch) with an Ethernet cable. Your performance will be faster, the connection can't be hacked and it will never degrade. More about hardwired networks in the next section.

If you (inevitably) have one or more WIFI dead zones in your home, consider using a mesh network or installing a WIFI extender. A mesh network consists of 2 or 3 WIFI AP's, optimally located throughout your house to provide excellent coverage. The cool thing about them is that you don't have to hardwire all the AP's or "nodes". The one closest to your ISP box needs to be hardwired, the rest communicate with it wirelessly. Included in this group are the original Eero, Google's version (the "nest" wifi), Netgear's Orbi and many more. Again, be sure to read reviews, both trade publications and user reviews. What does wirecutter say?

Story time: I had consistently poor WIFI reception in my backyard. And at one point I wanted to mount a Wyze pan camera on my garage under the eave to watch the alley as there had been garage thefts in the area. This would require good WIFI out as far as the alley, and it didn't even extend into my backyard. I tried powerline Ethernet adapters to the garage³ but they worked poorly because my wiring is original to the house which goes back to the mid 1950's. So I tried a WIFI extender. These pick up your original WIFI signal, amplify it and re-broadcast it. I've not had great luck with these in the past at various customer installations but sometimes they do seem to do the trick. I researched which ones were good and inexpensive and settled on a TP-Link RE200, which was at the time a Wirecutter recommendation. They now recommend the upgraded RE220. Here's what they say:

The TP-Link RE220 is a dirt-cheap, dual-band Wi-Fi extender that improved the Wi-Fi quality and connection reliability of our standalone router in testing. Plus, it’s easy to set up, it isn’t too bulky, and it has an Ethernet port for connecting wired devices. At a typical price of $25, it’s a simple fix that costs a lot less than a major hardware upgrade. If you have a compatible TP-Link router, you can use the RE220’s OneMesh feature—when we tried it out, it was easy to use and improved performance even more with the TP-Link Archer A7 router. The RE220 isn’t a panacea, as it improves reliability at the cost of a drop in speed, but it is a quick fix for dropped Wi-Fi connections in a small part of your home.

I mounted mine high up on a porch windows overlooking the back yard maybe 30 feet from my router/access point. Now I have a good WIFI signal in the backyard and in the nearest portion of my garage, but it doesn't extend to the alley, so I've temporarily given up the pan-cam idea. And by good signal I mean good, not great. Good for web browsing, WiFi phone calls and such.

By carefully selecting your router/access point, and thoughtfully locating, installing and configuring it you'll have wireless service that should be the best that can be for your home.

NEXT: YOUR HARDWIRED NETWORK

¹If you really want to know why the addresses are in that strange format, or anything else about them, check out "How Stuff Works".

²Ideally rather than give a device a static address, you can go into your router and have the router give it the address you want every time. You use the MAC address of the device (a unique hardware identifier...no two computer devices have the same MAC address) and basically tell it to give this MAC address this IP address. In this way you can centrally control addressing, though this is much more important in businesses where you don't want to walk around and physically change device addresses. In my router you configure this under DHCP in a section called "Address Reservation".

³ By using Powerline ethernet adapters, you can send your network signal through your home power lines. This is slick and worth trying if you need good network connectivity in one room. See Digitaltrends for an explanation and more info.