Telecom Monopoly CenturyLink’s Static IP / Modem / UPS Scam Outlined

I’m really sorry to say that I was excited when I found out CenturyLink offered gigabit 1000 up 1000 down fiber to the home in the neighborhood I just moved into. Dreams of things like having enough upload speed to leave the cloud and operate jamesachambers.com independently in my own home seemed like they could finally be a reality. Dreams were quickly shattered when I realized what kind of incompetence and dishonesty I would be dealing with.

Ordering

I checked to make sure static IPs were available through CenturyLink. Let’s check it out:

CenturyLink Static IP Order Page

Oh perfect, it looks like they definitely offer it! The one time charge is a little silly but assuming I will keep them for years it should still be worth it. Absolutely no indication here I won’t be able to get it with any CenturyLink provided service.

I ordered the service right through CenturyLink’s web site for $65 a month with no taxes or additional charges with the qualification that I must enroll in autopay. Fast internet here we come!

First Installation

The first installation was professional and extremely well done. Just kidding. Check it out:

CyberPower Outdoor UPS Installation
A “UPS” installation being used as a power strip drilled into my wall with no battery

There’s one of two things going on here. Either CenturyLink doesn’t install batteries on UPS units of customers who don’t have phones just to save a few bucks, or both of my techs took the batteries and sold them on eBay. That’s about it.

If you have a phone installed an installation like this may violate code in your area, so if you’re a CenturyLink customer (sorry) I recommend you go out to your box and see if you have one of these. Bet you there’s a good chance you don’t!

The UPS battery is there for service to keep running during power outages so it is a safety issue. This mostly impacts phone services but can definitely still help a lot with internet as well. You don’t want your equipment to go down with minor power fluctuations or if it’s only your house and the neighborhood is fine or if a breaker flips. People are relying more and more on VOIP for their phone which goes through your internet as well as other services like IP cameras that you want to keep protected and online especially if events are occurring that may cause power loss.

Either buy your own battery for it off eBay or call CenturyLink and let them know you don’t appreciate them putting your safety at risk to save themselves a few bucks.

CenturyLink PPPoE Modem
CenturyLink PPPoE Modem

And this right here is your actual modem. It is a ONT unit that interfaces with the fiber. If you open the inner panel you can see the fiber terminations although I would highly recommend leaving the inner part of it alone (unless you’re a fiber tech you can do no good in there, the connections can be very sensitive).

You actually don’t need CenturyLink’s modem at all no matter how much their sales/tech staff tell you that you need it. All you need is a router that is capable of PPPoE dialing and tagging your traffic as vlan201 (this is how CenturyLink hides their traffic from normal devices from normal gateways like your router) and establishing a PPPoE connection. More on that later.

Static IP Results – Installation #1

Here’s a link to CenturyLink’s static IP tool.

Upon logging into the tool:

CenturyLink Static IP Fail
CenturyLink Static IP Eligibility Denial Message

Oh boy, what happened? Well it turns out CenturyLink has something called “SimplePay” which is what they wanted me to sign up for. The “benefit” of it is it’s a flat rate without the usual taxes and fees all telecoms tack on there. The downside? It’s completely outsourced 100% to India and considered a prepaid plan and a lower tier of service. It’s not eligible for static IPs.

Gee, that would have been good to mention somewhere! Surely they can fix my account in the computer though right?

Nope. To fix it you will need to call them again and they will need to do ANOTHER installation. This one won’t be free, it will cost you $99. You also get taxes and fees added on to the rate every month unlike the previous plan. Great. I did it anyways because I need the static IP block to do *anything* I wanted to do with this connection.

They also left the line unburied. They said someone would come by in a couple of days to bury it. Nobody did.

Installation #2

I don’t have any pictures to share about the second installation. Why? Because they didn’t do anything. Literally they did not do anything.

We went to my basement and plugged in their new modem and he left. Then 5 minutes later I disconnected their new modem and put it back on my own. $99.

On the upside, after the SECOND installation, they actually came back and buried my line! That’s something at least!

Static IP Attempt #2

CenturyLink Static IP Fail #2
Surprised?

So after spending about 5 hours on the phone getting my new account set up and confirming it is a “postpaid plan” I still can’t access the tool. It turns out CenturyLink ordered me something called a “webshop” account. What is a webshop account? Good question, I never bought the service at a webshop, CenturyLink chose it for me when I told them I needed to get on a plan that does static IP addresses.

But they didn’t chose the right one. And guess what? They can’t fix this one in the computer either. They have to come install it again, and I will be charged $99 again. I will not be refunded for my previous installation. What did I pay for the second time they charged me and came out to install the service again? Nobody can tell me.

CenturyLink’s Unnecessary Backdoored Malware Modem

Now surely I must have lost my mind with this heading. It sounds like crazy cooky Alex Jones stuff to say that CenturyLink’s “modem” is backdoored and isn’t even necessary for the service to work.

Nope. Afraid not. CenturyLink has a long and proud tradition of backdooring their modems and those backdoors being insecure and leaked out/discovered. I’ll just share with you some of the ones in the past few years but these go way back. Here’s some examples:

ExploitDB #1 – 2017 – CenturyLink built in backdoor username: admin password: CenturyL1nk – boy they’ll never figure out that one and have unfettered backdoor access to my entire home!

ExploitDB #2 – Same exploit for the common Zyxel modem

Packetstorm #1 – Once you get in with the CenturyL1nk password you can change to root by using the password “zyad5001”. Great!

Now if you think that the 2020 versions of these modems don’t just have a different more secure password and that CenturyLink doesn’t still have ROOT ACCESS to a hardware device in your dwelling and subsequently your network….

Wrong!

Bypassing Modem

To do this you will need a router capable of vlan tagging and PPPoE connections. Note that some areas might not use vlan tagging as the router has an option to turn it off although I suspect this is pretty standard. If you have any doubts log into your CenturyLink modem and in your advanced WAN settings it will tell you if vlan tagging is enabled and which one they’re using.

First you will need your PPPoE credentials. CenturyLink will give these to you (for now) if you call technical support. I had the tech give me them to me in person on the second install because they type them into your modem. It’s part of the 5 minute unnecessary setup and best I can tell is the only reason they insist they have to send a tech and charge you. These credentials will not be your normal username and password. In fact, it’s likely the email address is one you will have never seen before ending in @centurylink.net. They are special creds set up for you by CenturyLink to connect through the ONT device I showed earlier.

Once you have that all you need to do is tag your WAN port as vlan201. For my home I used a Fortigate FG-30E which is my whole house firewall. These are enterprise grade devices and are quite expensive (especially with AV and IPS signature subscriptions) but newer higher end Linksys and Netgear and many other brands of routers also support basic vlan tagging now. If you have a newer router that cost more than $100 it probably has it. Just look up whether your current router supports vlan tagging and PPPoE addressing and if it does you already have everything you need.

After tagging my WAN port with vlan201 I just let it retrieve everything else with PPPoE:

Fortigate PPPoE Settings
Bypassing CenturyLink’s “Modem” w/ FortiGate FG-30E – set vlan201 on WAN
Fortigate PPPoE Configuration
Changed addressing mode to PPPoE and entered PPPoE credentials provided by CenturyLink tech support

There you go. Bye bye backdoored modem/router!

A Note About CenturyLink’s “Secure WiFi”

My modem and these new modems apparently come with some built in service called “Secure WiFi”. This sounds like some really fancy technology that you wouldn’t want to give up!

Well let’s take a little bit closer of a look here.

This page gives us what little information CenturyLink will tell you about what exactly this is. Let’s take a look at an entry and see if we can figure out if this has any real value. How about the “Hoes does Secure WiFi work entry:

Q: How does Secure WiFi work?

A: Secure WiFi uses a McAfee powered technology called Global Threat Intelligence (GTI) to identify dangerous websites. The protection works as follows:
GTI constantly monitors websites around the world for malicious and dangerous content.
When malicious content is found on a website, GTI 'flags' the site as risky.
When any of your devices attempt to visit a website, Secure WiFi checks that the website is not on the 'risky' list.
If the website is risky, Secure WiFi stops the device from accessing that site and displays a warning page.

Okay, so Secure WiFi is just basic web/IP filtering installed network wide and provided through McAfee’s service/list. This may actually have some value to regular Joe internet users as common botnet C&C sites and malware distribution sites will be on the list.

It also means that CenturyLink tracks every connection you make it and sends it to a server to decide (and log) whether it’s going to allow you to connect.

Do you trust them to keep that information safe and not sell it to third parties? This company tells you when you call their support phone number that they will sell your information for marketing and repair purposes unless you ask the agent to flag your call/account as not consenting. So for me the answer was obviously no, and so I was perfectly willing to go without this service, and in fact wanted to actively remove it.

However, I wanted to mention that it is better protection than nothing and you should be aware that if you don’t secure your network in other ways you are giving something up even if it’s pretty basic in reality. In my case the Fortigate came with a year subscription of their professional web filtering service as well as active antivirus and IPS threat signatures, etc. so I knew I was protected in other ways.

My Personal CenturyLink Modem Collection

CenturyLink Tower of Shame
CenturyLink Tower of Shame

This is the CenturyLink Tower of Shame. How many modems will I end up with before CenturyLink can figure out how static IP addresses work? How tall will the tower reach? Do you think they’ll bill me for all these modems even though I haven’t been asked to return them? Have you had a personal experience with this company like I have? Let me know!

Update 7/9/20: Credit Score Change – Pulls from CenturyLink

I received an alert from my bank that CenturyLink has now done what is called a “hard pull” on my credit twice for both of these postpaid plans. This can impact your credit score and I received an option to dispute it. They may pull it again if I actually have them go ahead with another $99 install that probably won’t get me anywhere again. This is just another warning and another thing to watch out for.

Update 7/14/20: Account Migration Attempt Breaks Account (Service Disruption)

I worked with an “Account Specialist” who attempted to migrate my account. To do this I had to cancel my current account and he placed an order to start the new account without calling a dispatch. Essentially he was trying to fix it in the computer without me having to pay another $99 and have another installation/modem.

This technician finally figured out the reason I can’t access the CenturyLink static IP tool is that they are switching billing systems and their systems have not been updated to recognize the account #s from this new system. Their system is actually broken for new types of accounts and they have to attempt to migrate you. They said I need a “normal” account with a 10 digit account number to be recognized by the system. The Customer Advocacy group told me to ask for a “CRIS residential account migration”.

I was rightfully very nervous at this point because they have tried so many things unsuccessfully. I’ve heard this kind of stuff from them before and it has never panned out. My main concern was that they would make it worse (ESPECIALLY since this hair-brained scheme involved cancelling my current working plan).

The first sign of trouble was that a tech tried to contact me at 9 AM to do another install and had another modem. I refused this time as I was tired of paying the $99 and knew there was not supposed to be a dispatch. Sure enough at 5 PM my working account deactivated and my new account did not come online.

I spent about 3 hours on the phone with CenturyLink and was told that my account was stuck in a “Pending” state because the tech flagged it as a cancellation. The solution? I would need to start completely over with a new order and another hard credit pull against my name.

My account was so broken at this point they could not even schedule a tech to come and look at it because their system now showed that I had service at my address that was stuck in a broken state. My current status is I have been completely disconnected and have no internet at home for several days. I gave up and reordered the original prepaid “SimplePay” service I had for $65 a month and will come Thursday online through their web site. That was the only way I could get an install since they couldn’t order one for me with the “Pending” stuck account.

Will update further!

Update 7/17/20 – Back Online (Where I Started)

CenturyLink came and installed the original prepaid $65 a month with no taxes or fees that I started with. I’m giving up as having no internet at home was pretty painful!

20 thoughts on “Telecom Monopoly CenturyLink’s Static IP / Modem / UPS Scam Outlined”

  1. Avatar for Tim Salo

    Thank you for writing this up.

    I wanted to upgrade my CenturyLink DSL service, which is horribly slow and currently isn’t working very well. But, it does have a static IP address, which I need for my servers.

    I ordered CentruyLink small business Internet service over the web, which was advertised to operate at 940 Mbps. Fortunately, I figured out that I couldn’t get static IP addresses for my Internet service, because it was prepaid. CentryLink wanted to sell me some service for over $150/month (plus cost of static IP address, plus probably a bunch of taxes, fees, and fines). I do give CenturyLink credit for being able to cancel this installation before it happened.

    Now, I’m back shopping for business Internet that doesn’t cost an arm and a leg and that supports static IP addresses. Any suggestions?

    1. Avatar for James A. Chambers

      Hey Tim,

      I’ve been stuck in the same situation unfortunately. I was offered the same style of “small business” internet which is literally the same speed as my existing service for around the same price as yours (maybe even a little bit more if I remember correctly, they quoted me as high as $300/mo once but my more recent one was closer to yours). I am literally unwilling to pay a minimum of 3x as much for the *exact* same plan (even the same speeds!) and a bunch of other addons I don’t want. That is more expensive than keeping the CenturyLink and getting a second ISP.

      It made more sense to me to try to go for something like a dual WAN setup (having two internet connections). It literally would be cheaper for me to buy Comcast AND CenturyLink than to switch to their “business” plan. This was actually my plan as I knew Comcast would give me a static IP. I would still have my fast upload with something like a dual WAN setup and then I would get my “Inbound” connection split through Comcast (which they are very fast at and even offer above 1G in my area for an outrageous amount of money) and CenturyLink. Something like the Unifi UDM Pro has dual WAN ports so you would plug CenturyLink into one and Comcast into the other. You would get the static IP from the other provider essentially.

      Recently my city just signed an agreement for Google Fiber to build here. I’m holding out for that since I believe it is 2G internet (I recently built a 10G home network with Unifi equipment so my home is ready for >1G speeds). This would have dropped my upload to < 100mbit per second which with CenturyLink fiber you really do get close to your 940Mbps upload typically. This really helps with my web work for uploading files, etc. and I did not want to give this up. I do have one suggestion for you which is to punch your zip code into this site. I’ve found this very old web site to give the most complete list of options that are available in your area. It will say the % of your zip code that is covered by the service. I’ve sometimes been surprised at the options on here. This may be worth a try for you for sure to see if there are any lesser known providers in your area that may offer something interesting. Another popular one is whistleout as this tool checks all the way down to the service address instead of just by zip code.

      I’m still without my static IP for the moment due to this issue but it sounds like I should be able to get some better options before too long. With any luck there may already be some in your area. If there aren’t any other options (and you know that’s extremely unlikely to change) you may want to try something like a dual WAN setup with 2 ISPs as it is hard to imagine that not being literally cheaper than CentryLink’s business plans (unless the competing ISP is something like $90/mo or more) that they require for a static IP and it has several other advantages like greatly improved reliability (if one is out it will failover to the working connection), load balancing and more.

      Depending on how you needed to use the static IP you would configure your dual WAN differently. If you were connecting to a service that requires you to have a static IP you would put it in failover mode with your static IP provider as the primary. If you need a static IP for inbound purposes / connecting from the outside you would be able to use either load balancing mode (it will send traffic over the line that is less busy) or failover mode because the inbound traffic will always get there in either mode.

      It’s the press of a button on most devices to switch modes so you can even switch it on demand if you need to go into “static ip mode” to connect to work stuff. At the end of the day you could switch it back to load balancing so if people are streaming / gaming / anything like that it will spread out the traffic over both connections greatly improving performance. It is roughly combining your two connection’s power together. It won’t let you download files at the speeds added together (except in the case of something like torrents which takes advantage of multiple connections at once to download a file), but spread out over multiple connections you will get essentially the combined total bandwidth/throughput of both connections.

      Hopefully that helps!

      1. Avatar for Gary

        You could use a Mikrotik router in bonding mode (active/active) to multiplex the two ISP connections together.

        1. Avatar for James A. Chambers

          Hey Gary,

          I’m definitely hoping to do that here when Google Fiber comes to my location (it has been announced, they’re building it and it’s probably getting close as it has been almost a year since they told me).

          The CenturyLink is pretty cheap and reliable all things considered and combined with a second WAN connection I think is worthwhile (although I am really excited for the Google Fiber and it’s significantly faster).

          I’ll definitely give an update when I get this!

  2. Avatar for Bill

    What a great 🙁 story. I’ve tried to ditch the CL ‘modem’ to use my Asus router but couldn’t figure out a way. I was briefly able to use transparent bridging but when I did an NTP update (the time/date was showing way off in the logs) it broke it and I’ve been totally unsuccessful since. It’s incredibly frustrating and ridiculous. Thanks for your posts!

  3. Avatar for Tony Gonzalez

    Hi James,

    Thanks for writing this blog post. I also have CL’s $65/month plan. I want to ditch the modem router that they give you and install either a virtual fw (Sophos XG, Pfsense, etc) or just purchase a Ubiquiti USG and carve out VLANs on my Cisco 3750 switch.

    Now that you are back where you started, on the $65 plan. Do you still have the FortiGate as your edge device? I wasn’t sure if I still needed the modem part of the CL device, but it doesn’t seem like it, and use my $100+ router as an AP to extend my network.

    Thanks again.

    1. Avatar for James A. Chambers

      Hey Tony,

      Thanks for the kind words! I am absolutely still using a Fortigate FG-61F as my edge device to this day on the $65/month plan.

      You are correct about not needing the modem part of the CL setup at this point. The only thing you will need is your PPPoE password (if you don’t already have it). Use VLAN201 to communicate with the ONT as that seems to be where most of CL’s ONTs are hiding to make this more difficult for users who aren’t familiar with VLAN or don’t have enterprise grade equipment to utilize them. If you are on the same plan as me I would definitely bet yours is on that same VLAN201 and that you likely have the exact same lineup of modems!

      This is how I laid it out:

      Config Layout #1

      Config Layout #2

      IPv6 doesn’t really work in this layout since CenturyLink uses 6rd (at least in my area, I’ve heard native IPv6 is available in some areas). I’ve calculated the values and if you put everything in it all works and you can have 6rd through the Fortigate and full internet IPv6 connectivity but every time your IP changes the config needs to be updated.

      I know there’s devices out ther that you can likely get 6rd configured to work using a dynamic IP much easier than I could with the Fortigate. This seems to be a sore spot with the Fortigate and is easier on many other devices. I thought about writing a script that just updates the values every time the IP changes but it really is a pain to do on a Fortigate without a static IP!

      Hopefully that helps, take care!

      1. Avatar for Tony Gonzalez

        Thanks for your reply James. I ended up using a virtual appliance and installed Sophos XG. I got it to work, but I still am a bit fuzzy with the detail on the interfaces and vlan tagging. I do have my PPPoE creds and typed them in and tagged it on VLAN 201 which you nailed (CL is using 201) but didn’t get any external IP on Port 2 where my WAN is configured.

        I disabled DCHP on CLs modem and enabled it on my firewall, all my appliances are now catching the IP from my firewall but I am still using the CL appliance. Can I ping you and maybe do a quick zoom sessh. I am on Twitter and I believe you are as well because I also used your walkthrough to build a Minecraft server. Thanks btw 🙂

        1. Avatar for James A. Chambers

          Hey Tony,

          That’s fantastic! It sounds like you just about have it here.

          One detail I didn’t see yet is what did you use for the unnumbered IP? It looks like this is called the “Preferred IP” in Sophos XG according to this. For some reason I think this needs to be the same as the CenturyLink router assigns itself which was 192.168.0.1 for it to actually connect to the modem.

          Another one to double check is that you included your @centurylink.com in your email address (like my screenshot). I was confused about this piece at first when I set it up but it definitely needed it so I figured I’d mention it.

          I think it’s probably the way the vlan201 tagging is set up. Did you set it for port 2 with something like this or is it set in the GUI?

          On the Fortigate it actually creates a separate “dummy” interface for the vlan201 network. So basically I have my WAN interface like in the screenshot and then collapsed below it is the vlan201 interface. On my network that is the only device on vlan201 and everything else is untagged. It looks like the Sophos XG can also create additional dummy interfaces.

          The above is an older post but it’s the exact issue you’re facing. It looks like just like Fortigate does not like IPv6 6RD deployments very much as a quirk that Sophos XG is a little tricky to do this on. It definitely looks like it’s possible though! I found another one here that looks like exactly the same type of configuration I have on the Fortigate with a “dummy” interface.

          I think you’re super close. It has to just be one of the Sophos quirks in these threads that is holding things up. It definitely sounds like the “port2” created by the wizard is not set up correctly to do it according to the last link I gave. Definitely give that stuff and try and let me know how it goes and if it’s still being problematic we could definitely set up something!

          1. Avatar for Tony Gonzalez

            Thanks James. Totally appreciate you looking up these KBs for me.

            on the port 2 interface (WAN) I configured PPPoE and entered the whole username and included the @centurylink.net email domain and tagged that interface with VLAN201 but on the GUI not the console.

            For the physical connections, I have an ethernet drop coming from the ONT device on the side of my house to my media closet in my basement. That drop is connected to the modem/router then from the modem/router to my trunk interface (port1) on my cisco 3750g switch. I bypassed the modem and connected the CL drop from the outside directly to my switch trunk port. I haven’t configured VLAN on the switch yet so I have everything on the default vlan.

            You gave me something to go off. Let me dig a bit more and will get back to you.

            Thanks again, appreciate you for blogging about this.

            Separate note:
            I had to revert back to CL modem/router again because apps like Disney+, Amazon prime, etc would work when I cast them using my chromecast. Anyway I have to tweak the filtering setting on the XG. Alas, I will get to it once I figure out this network thing.

            Thanks

            1. Avatar for James A. Chambers

              Hey Tony,

              Awesome, it sounds like you’re making progress! It’s definitely tricky and each set of equipment has it’s own pieces that are going to be a pain for sure. My drop from my ONT is plugged directly into the WAN port on the Fortigate.

              The Chromecast situation is a little tricky but it did make me wonder. I did have to configure some advanced Fortigate settings:

              fortigate # config system interface
              fortigate (interface) # edit vlan201
              fortigate (vlan201) # show
              config system interface
              edit "vlan201"
              set vdom "root"
              set mode pppoe
              set distance 25
              set allowaccess ping https fgfm probe-response fabric ftm
              set broadcast-forward enable
              set vlanforward enable
              set external enable
              set alias "vlan201"
              set device-identification enable
              set estimated-upstream-bandwidth 985661
              set estimated-downstream-bandwidth 985661
              set role wan
              set snmp-index 8
              set ap-discover disable
              config ipv6
              set ip6-mode pppoe
              set ip6-allowaccess ping https fgfm fabric
              set dhcp6-information-request enable
              end
              set ipunnumbered 192.168.0.1
              set username "a@centurylink.net"
              set password ENC a
              set disc-retry-timeout 10
              set padt-retry-timeout 10
              set interface "wan1"
              set vlanid 201
              next
              end
              fortigate (vlan201) # end
              fortigate # config system interface
              fortigate (interface) # edit wan1
              fortigate (wan1) # show
              config system interface
              edit "wan1"
              set vdom "root"
              set allowaccess ping https fgfm probe-response fabric ftm
              set broadcast-forward enable
              set vlanforward enable
              set type physical
              set device-identification enable
              set estimated-upstream-bandwidth 1024
              set estimated-downstream-bandwidth 1024
              set role wan
              set snmp-index 1
              config ipv6
              set ip6-allowaccess ping https fgfm fabric
              end
              next
              end

              I bolded a couple to watch out for. Broadcast forwarding will depend on how you want to configure your network but is something to consider if you haven’t already configured this and could have an impact on Chromecast potentially if broadcasts are being dropped. It looks like Chromecast does try to use broadcast as well as multicasting it even sounds like and it can cause headaches in this type of a configuration.

              The key part I wanted to mention though was the vlan forwarding option. From the Fortigate manual:

              VLAN forwarding
              VLAN forwarding allows you to forward all VLANs traffic of a trunk that was connecting two network devices and where the FortiGate has been introduced, without having to perform any further configuration.

              This might be part of why I’m not experiencing these type of problems. I did not find an exact equivalent for Sophos XG but I did find something that may help.

              Most likely you can also go with a DHCP Interface on the Physical port. Like Port5 DHCP ON. So this IP will stay “dead”.
              Then you go with a VLAN Interface on the Port5.
              This should work fine, if everything is in place.
              You can verify it via tcpdump.
              Start with a ‘ifconfig’
              You should see Port5 and Port5.34
              If you start to perform a ‘tcpdump -ni Port5’ you should see all traffic (VLAN included).
              And with ‘tcpdump -ni Port5.34’ should show you the “plain traffic”.

              This is really similar to my Fortigate FG-61F setup. On my WAN port I have 0.0.0.0 as the IP but it looks like this person said to just set it to DHCP so it would stay “dead”. Yours isn’t exactly identical to this since it has the PPPoE component but it’s very close.

              I think those tcpdump commands on your port2 though would be very revealing for all these issues and see what is being tagged and how the traffic is flowing. Theoretically you could also set up your entire network on vlan201 but that would definitely be sloppy and probably cause all kinds of other issues and I think we’re just missing one/two key config lines or changes.

              These are just some rough ideas for troubleshooting/experimenting though, I’m sure a seasoned network engineer could tear my config/ideas to shreds (I know some that probably would if I showed them to them) and I’m sure there’s other ways to set this up but it has been working well enough so far. Let me know what you find out!

              1. Avatar for Tony Gonzalez

                Hi James,

                I did a little more research and after careful consideration. I am going to ditch the virtual firewall (Sophos XG) for a Ubiquiti UDM Pro. It’s set to arrive later today so I’m very excited. I haven’t research if I can tag the WAN interface with VLAN 201 then enter my CL creds. But I believe upon connecting the device (UDM) during the initial setup, it ask you what type of connection you are going to use. DCHP, Static or PPPoE.

                I will report back once my fw is online. Now if I can’t tag the WAN interface. Then I will settle with using the CL appliance as a modem in transparent bridge mode.

                Moreover, the reason I am ditching the virtual fw is I don’t want to depend on running my DL380 due to the electrical cost. I don’t have critical workloads running on my vSphere environment yet. But want to segment all my traffic from the rest of the house, and a vFW will not allow me that w/o jeopardizing everyone’s iNET connectivity when I am tinkering.

                Thank you for your support and your great blog.

                Cheers,

                -tony

              2. Avatar for Tony Gonzalez

                Hi James,

                I am happy to report that I have updated my network and added the UDM Pro w/o the CL router/modem appliance. I am so happy I don’t have to rely on my ISP’s device for connectivity. Can’t wait to figure the UDM out and begin segmenting the network. Thanks again for your support and links.

                You are the man. I would show you pictures of my setup, but I don’t think I can upload pictures to your comment thread. I will blog about it.

                cheers,

                Happy resurrection weekend!

                -tony

  4. Avatar for delta-siera

    I’ve had plenty of bad experiences with CenturyLink even as a business customer! A very unreliable DSL service got swapped out for Yondoo fiber when they came into that market… it’s been roses ever since!

    Trying to get a new custom fiber build at one of our new locations… took about 6 months, was a very painful process, has DSL side-ordered to provide at least some kind of internet connection earlier in the process but contractor said it would actual take longer than the fiber build. Cancelled with contractor, had a future call from the contract that CL still had the order in. Also cancelled directly with a CL support person. Almost a year later, a full year’s bill showed up for the DSL that we cancelled before it was ever installed and brought online. Was given a phone number to someone that I called over a half dozen times and email address that I never got a response. Finally got back with another CL person and got the charges dropped. Wow. Outrageous monthly bill on this 50 Mbps up/down fiber connection at almost $1K/month. We’ll be outsourcing once this contract is up.

    I might have 1 in 10 customer support engagements with them that are actually positive or “good”. Comcast is bad but IMO CenturyLink is worse. I’ve heard plenty of horror stories, and I’m just not seeing it get better at all.

    Our local ISP devised a long-term, big investment plan to bring fiber-to-the-home to a huge region around us. Customer support is great, the internet service is extremely reliable and always fast as the plan calls for, the install is only $99, pricing for the dl/ul speed is extremely competitive, and their service doesn’t require PPPoE credentials — I assume the line is authenticated at the GPON and everything afterwards is fair game, e.g. user-provided router just hooks up and works. The only downfall I can mention is that their in-house Wi-Fi router is even worse that the other big telcos, namely in terms of coverage distance. It’s has a 802.11ac chipset but honestly feels more like 802.11n. Running my old Asus AC-66U solved that right quick.

    James: could we get a status update?

    1. Avatar for James A. Chambers

      Hey delta-siera,

      I can’t even imagine how many headaches you must have had. At my previous place of employment we had an industrial warehouse that we had them come and wire and had a similar experience/timeframe. Even after the project was complete we had to call them several times to get all the IP addresses assigned correctly and get everything talking!

      It’s frustrating because there are a lot of companies laying down fiber. My home I built last year has a bunch of fiber companies that bought fiber to my curb but they don’t sell directly to consumers. I’m not sure what these companies long term play is going to be. Maybe they want to resell it to other providers later, but even with all these providers at my curb basically Comcast and CenturyLink were still my only choices! This is a residential-only neighborhood too so I have no idea why they would lay it and not sell it to anyone!

      That’s amazing that you are having some positive movement with your local ISPs! Local ISPs and fiber co-ops seem to be the way to go. My old apartment complex I lived in before I built my home had 500Mbps fiber that the apartment complex bought wholesale for all 200 units and it was a fantastic experience compared to dealing with CenturyLink. I honestly believe if we didn’t stop enforcing the antitrust laws in this country decades ago we would not be facing such a predatory (and SLOW, relative to the rest of the developed world) ISP situation here in the US!

      So for the status update this probably won’t surprise you, but I *still* can’t get a static IP address! Right now jamesachambers.com is hosted on AWS by Jeff Bezos but this is not what I wanted. I have two old HP Gen8 surplus servers that I bought 128GB of RAM for (DDR3 pretty cheap these days) that would (more than) easily run this web site. All I need is for CenturyLink to catch up to 1970s technology and be able to deploy a static IP address!

      Specifically, when I go to the static IP tool my account type (the numbers and letters my billing account # make up apparently can be used to tell this) is not supported! I was hoping this would be resolved within a few months.

      Comcast is still an option, but it’s more expensive and I believe it’s a lot more “shared” on the hubs in the neighborhood still than CenturyLinks which seems to give me my full 1000 Mbps to myself for this home (they used to be, but maybe they’ve improved their technology since back in the day). Sorry that it doesn’t have a happy ending yet but I don’t think you’ll surprised!

      I will definitely keep trying as this is still one of my goals!

      One funny sidenote from this article: I talked about how to ditch the CenturyLink modem before the root password got leaked/hacked. Again. This happened since I posted this.

      They leaked the root passwords again, just like clockwork. There are other CenturyLink provided modems out there besides Zyxel but that is the one they gave me all 3 times and is what makes up the CenturyLink tower of shame!

  5. Avatar for Jim "JR"

    Why does this not surprise me. . . .

    I wonder where you are. My brother tried internet with CenturyLink a few years ago and it was a Fuster-Cluck from the word “Go!” If there was a way they could have screwed it up, they did it. When he did get Internet and Telephone service from them, it worked if and when it darn well felt like it. Perhaps there was a particular relationship between the phases of the moon and/or the positions of various constellations and planets that was required, but we never figured it out.

    The icing on the cake was that he had the damnedest time even PAYING their bills! He’d pay and it would either be lost, refused, spontaneously cancelled, or whatever. His service spent more time being blocked for non-payment, (though he paid and had screen-shots of the payment processing through his bank), than it spent working. Then they started dinging his credit rating for non-payment.

    Eventually he told ’em to bloody-well ‘naff-off, cancelled their service, blocked their attempts to auto-pay, opened disputes with everyone and their brother, and hasn’t looked back.

    1. Avatar for James A. Chambers

      Hey Jim,

      That sounds like your brother was burned by the big billing changeover that CenturyLink is trying to do. That is actually the same root cause as my static IP issue ended up being. The static IP tool does not recognize accounts from the “new” billing system. This appears to still be true to this day as I still cannot load their static IP tool saying I have the wrong type of plan.

      After my service interruption I gave up and started using a dynamic DNS service. I figure that unless I get a real wizard on the phone I’m going to get my service turned off again and it’s not worth it!

      I was tempted to switch as well but my only other option is Comcast and for Gigabit speeds from them in this neighborhood it’s over $200 a month to CenturyLink’s $65!

      1. Avatar for Jim "JR"

        Righty-O!

        Not only was my brother having billing issues, he was having service issues as well. Even when his service wasn’t blocked for “non-payment”, it worked if, and when, it decided it wanted to work. Since my brother has a few health issues and he absolutely, positively, needs his phone service to work, (can you say “life or death”? Ahh! I KNEW you could!), and nothing he, or I, did was any help whatsoever.

        Quite frankly, I’m waiting for some hungry lawyer to file the class-action lawsuit.

        What really infuriates me about this is that they can support a crappy service model and a SQA department run by the now famous “million monkeys using a million typewriters” because everyone else is so expensive. In essence, they “got ‘ya by the short-an’-curlies”.

        I just hope their keypunch machines don’t jam before they finish the billing changeover! 😉

Leave a Comment

Your email address will not be published. Required fields are marked *

Type here..

Exit mobile version