Let me offer a different take on switch and router selection. Here at Dismal Manor I use Ubiquity UniFi switches and routers. The reason that I do is that they are affordable managed kit. I can use the management bits to troubleshoot issues in the network (rare). All of my Roon Endpoints are on Wired Ethernet. Roon server and the Roon Server and lounge endpoints are connected to a common switch.
The key thing for me is that UniFi kit has far fewer open vulnerabilities than Netgear, Linksys, and similar home and SOHO kit. Most of these run older versions of Linux that have not been patched up to date. It is not uncommon to find the console and SSH root login secured by weak or well known passwords (release default). I don’t know that they have improved security practices with new product.
UniFi management nodes and router/switches will prompt you to change the management account passwords. The management host will offer the opportunity to configure 2 factor authentication using FIDO. I find this convenient as 1Password will compute FIDO tokens and 1Password Apple Watch App will let you use your watch to view them.
Ubiquity are keeping vulnerabilities closed and steadily improving the product line with periodic software updates. Software updates and the management framework are included with the equipment purchase. Hardware is robust and well behaved. Software is robust and well behaved. I have one WiFi access point that is obsolescent but UI have warned me that it is no longer available and is on limited term support.
As you add each UniFi device, the controller adopts it for management and the device local management portal is disabled. Management authentication happens at the network controller. The controller also enforces WiFi wireless access policy and logs in guests.
UniFi Controller automatically updates the WiFi access points as new firmware is released. I manually update the switches and controllers. UniFi will E-mail me when updates are available. It will also E-mail me when something needs attention. It easily configures Gmail using an APP password from Google accounts. The Email event notifications are configurable.
Checking my traffic volumes, I’m coming nowhere near saturating a 1GB link or any of my 1GB switches. I’ve put my money toward robust business grade devices and wired Ethernet. You will see no advantage from 10GB links however improved firmware in the newer 10 GB devices may be more robust than in your older 1GB devices.
I live next to Norfolk Airport, the Navy and its Aegis destroyers and cruisers are 4 miles down the road. The F-18 master jet base and Fleet Anti-air warfare training people are 12 miles down the road. The associated training ranges are off shore. So I’m in a wicked EMI environment. The UniFi kit is smart enough to move out of the way of an arriving or departing aircraft radar and the big air search radars in the area. The management server logs each occurrence of radar interference.
You can move up to UniFi in stages. The switches can be added at any point as funds allow. I’d start with a UniFi “Dream Machine” which provides the complete network core in one package, management server, router, Ethernet switch, and WiFi access point. I’d see how well it covers your spaces.
The Dream Machine Pro includes 2 fiber optic SFP ports that can be added when fiber to the home becomes available. They can be used as uplinks or downlinks. It has an 8 port switch plus WiFi and surveillance NVR. This is a very attractive device that replaces four from the prior product line.
Dream Machine offers a simplified management environment that reduces configuration effort relative to UniFi. If you are not a computing professional, you may prefer it to the Cloud Key and separate router and WiFi. Increasingly, you describe the environment and the management server handles the configuration details. Dream Machine is a step up in assisted configuration from the older Cloud Key controllers.
If you find you have some WiFi dead zones, you have 2 options: add a mesh access point or add an in-wall access point at one of your existing Ethernet endpoints. The In Wall access points have a 4 port bridge plus the WiFi kit allowing you to insert the access point between the network drop and a shelf switch.
The UniFi switches come in regular and POE versions. POE is useful when a switch serves a VoIP phone or surveillance camera powered by POE. UniFi has just added some new Gen 2 rack switches and new user point of service shelf switches.
My WiFi access points are all In-Wall devices with bridges handing off to the shelf switches. I have 4 networks, one for in-house iThings, one for IOT things, and one for guests, and a fourth because I was too lazy to reconfigure the Nest stuff. Each access point can support multiple WiFi networks.