Mikrotik makes a few that are rack ready. Not sure about rack size. They are extremely customizable and pretty cheap in the grand scheme. I absolutely love mine. some things I am using it for:

• natively supports Wireguard, allowing me to keep everything private and just wireguard into my home network
• I have set up firewall rules that force all DNS through my pihole, including those pesky LG/google devices that try to bring their own hardcoded DNS servers.
• I have backed up my config to a script and literally trashed a switch a few weeks ago, bought a replacement and was up and running with the same config in <30 minutes of setup.

My one qualm with them, is their warranty service is pretty jank. The devices themselves are generally very good, but having had one die on me after 3 years, I was a little dejected I couldn’t really get it replaced (they do still offer support though). If you need a specific recommendation the RB5009 is really solid for homelab stuff. The one saving grace is the routers are pretty cheap if you know what you need…replacing them (compared to a unifi or something else) is easier? if you’re ok with that

You need something other than your ISP provided router, otherwise you’ll be constantly limited by a few basic settings they allow you to change. Check with your ISP if you can use your own router directly, if their routers have a bridge mode or if you can buy an alternative modem that does bridging.

If you want a simple and cohesive ecosystem, Unifi is the one to beat. They offer routers and switches and you can manage them all from a single dashboard.

For an open source router, the best option is OPNsense. Get one of the multi port x86 boxes from Aliexpress (e.g. Qotom) and install it on that.

Personally, I don’t like OpenWRT, but that would be an option to flash a cheap consumer router.

TP-Link offers some great switches, look at their JetStream series. They’re usually a bit cheaper than equivalent Unifi switches as well.

As an anti-recommendation I’ll mention Mikrotik. Their hardware is great and they provide great value, but the UI is extremely confusing for newcomers. It’s all well documented (in the form of terminal commands, but the UI is basically built like that), but you need to know networking before you can find what and how you need to change settings.

If you’re into reading, this is how I got started a decade ago https://intronetworks.cs.luc.edu/
Just reading free resources on the interweb.

Whats your goal? Your current network works presumably, what are you trying to achieve by upgrading? Faster network? Reliability? Expansion options?

I’m not sure what you’re asking

In your position, I would want a VPN. I like wire guard, it’s pretty simple compared to other options… But just comparatively

If you want to do networking to network, I can suggest all sorts of things… None of them is practical for normal use cases, but some are pretty neat

I’m also not sure what you’re asking. But if you want to know how all of this works, read up on tcp/ip, dhcp and dns.

Of course the former is a huge chunk so don’t sweat it.

I use Unifi stuff. It’s really nice, but quite expensive. I run my own controller for it with Docker.

OpenWRT is amazingly flexible and would be a great place to start.

I switched from DD-WRT last year and have been amazed how good OpenWRT is. There are thousands of software packages that allow you to do pretty much anything you can think of on inexpensive hardware. Used Netgear R7800s are available for less than $50 on ebay or there are plenty of newer hardware options if you want to spend more. Those thousands of downloadable software packages include Wireguard and Adguard Home, plus there are OpenWRT integrations for Home Assistant. The forum is full of people who are happy to help newcomers.

I started by running OpenWRT in a virtual machine to get familiar with the UI and moved on to a live installation. Highly recommended, especially if you enjoy learning.

I’d recommend using unifi/ubiquiti switches. They’re a bit pricey but they’re incredibly solid and you can manage them with a self hosted container of unifi controller software.

A good place to start is one of their 8port POE switches. I have a couple and they’re L3 switches (so you can do VLAN stuff like you want), and I’ve never ever had a problem with any of them. Even with the inexpensive ones their POE budget is pretty good, and great to power other switches or APs. They don’t power some cameras so you might need injectors for some thirsty gear.

The controller software is pretty good, and will let you manage the switches without getting into command line config at first (which can be a crutch so be cautious of that, especially if you want to branch out into other cheaper switches or take advantage of good 2nd hand gear deals you find).

But for your network I think an 8 port and a WAP are a good place to start. Get away from using your combo router as your wireless AP (or use both) and get some VLANs set up, and work on inter-VLAN routing and firewall rules.

How do you want to segment your network?

I recommend you have the following to start:

-management VLAN

-trusted devices

-guest/IoT devices

Just getting those three set up correctly will teach you a lot and let you environment. Firewall/routing rules to allow connections through in certain directions and not others is… fun to get the hang of if you’re new.

What are you planning on using as your router? Your combo router might tie your hands if that’s what you plan to use for everything. Combo routers generally suck at everything. You can get a cheap router also, edgerouter er-x is a fine choice but it’s not the best, but it’ll still outdo whatever you currently have, I’m sure. Put it behind your modem at your network edge and you can manage your vlan routing and your firewall on one device.

Additionally you can set up a VPN server on one of your PCs and set up static routes to allow you to tunnel in and access your network when you’re out (wireguard for the win).

Good luck on your journey! There’s a lot to learn so don’t get frustrated then your stuff doesn’t work. Back up your configs so you can revert back and be REALLY careful because it’s easy enough to make your stuff insecure by trying to make stuff work. Yeah it’ll function but next thing you know you’ve got a ransomware virus on your entire network… Not fun, I hear.

As you set up your VLANs look into VLAN traversal, it’s a means of network attack that allows attackers to cross over from one VLAN to another when you set up trunk/switch ports and VLAN tagging incorrectly. Again, your stuff will work but it’ll be vulnerable (not really a problem at home as long as your firewall works fine but still).

Edit: you can go with a router with several ports but I’d recommend you shy away from that if you have the money for dedicated devices. Routers are better at routing (L3) and switches are better at switching (L2). Their guts are built for different things and your network will be much faster if you use them for their intended purpose.

If you don’t have a specific goal, here are some ideas.

Build a NAS.

Use a bunch of small PCs or pis, build a CA, a DNS server. Make an db server and an app server.

Get shit running on your network.

Suit them all up with ELK stack.

Misbehave on your own network. Go find evidence for your misbehaving.

DoS yourself.

Without goals it’s tough to give ideas beyond general like this.

The h4 already can be a managed switch itself (2" 2,5gbit + 4*1gbit with the nic addon.) if you want it to be one. Linux as the host OS (VLANs, bridges) - netplan works well for me. Some VMs and containers on top (lxd, incus, some use proxmox) for router/ firewall/ vpn-gateway (opnsense, ipfire,…) and other functionality which you don’t want to run on the host OS directly. The cpu is fast enough to run all your services at once. It all comes down to RAM.

IMO there is not one right way. It all depends on what you want to achieve. Also a lot depends on, whether you want results fast or if you enjoy the tinkering while learning.

PorkBunter

Firstly the best way would normally be to have a separate switch and router.

The router only having 2 ports WAN and LAN. And then get a great MANAGED switch for your lan.

For your router basically any old x86 PC loaded with OPNSense would be great.
The network card you will buy depends of your internet speed.
(And try to find Intel chip network card)

Next for the switch, definitely get a managed switch (you won’t regret it).
The number of ports depends on your needs. Basically a 8 ports could be just enough or maybe very too little.
That really depends.
For the switch port speed it again really depends. Do not get 100Mb switches at least. But the sky is the limit.
1G is plenty for a lot of people. But 2.5G could be good too. (In my opinion 10G is overkill for most of the people)
The problem is that switches prices are exponential with the speed. You can get really good 1G for cheap. More difficult with 2.5G and impossible for 10G.
And lastly PoE or not PoE that’s the question. I would say a huge NO (except specific use cases). If you got 20 cameras, 38 motion sensors and 76 APs, YES a PoE switch is a good idea.
If you have a small amount of PoE devices, simply buy a cheap unmanaged PoE switch.
If you only have one or two of them, just buy injector.

If you have any questions concerning a brand or anything else feel free to ask

EDIT : formatting