Functional Home Gigabit with Century Link

TL;DR (skip to the part you care about and not my rambling in boredom)

I’ve been using Comcast (Xfinity) for my home Internet service since 2003, prior to that I lived in a house that had multiple T1s (back when megabits of home Internet was very rare).  It is somewhat hard to imagine that in such a short period of time we went from hardwired home Internet being measured in kilobits to almost every mobile device we own being capable of sustaining 10s of megabits while roaming about.

I had been holding onto my Comcast Teleworker discounted ‘business’ Internet after leaving VMware, waiting for Google Fiber to come to town as Portland was supposed to be on the relatively near future roadmap and I was trying to avoid adding more unsightly aerial cabling to the exterior of my 110 year old house.  As neat as modern technology is, it doesn’t really go well with the architectural detail of an old craftsman home.  Since Google Fiber is now dead I decided to proceed with the next best option, Century Link.

I never thought I’d suggest that Century Link (formerly Qwest, formerly US West, aka US Worst) was a “best” option for anything.  I worked for large national ISPs for my early career, and US Worst was always one of the most problematic carriers to deal with.  I still have flashbacks about the escalations and yelling customers, but best was when their tech and manager didn’t realize they were connected to voicemail while planning how they were going to lie to explain way their fault on a prolonged outage impacting several of our customers.

Fast forward to today, I ordered Century Link Gigabit to be delivered to my house.  I had read many nightmare stories about this on Nextdoor but figured I’d go the lower risk route and order it online where I could have a paper trail, I tend to never sign up for a contract sold by a solicitor that knocks on my door.  The order went smoothly online, and amazingly they were able to install in less than a week later.  The tech arrived at the beginning of the instal window and spent much of the day running the fiber around our house to the only possible entry point.

What didn’t go well is that Century Link forces you to either buy or lease a “modem”, which is their name for a really crappy router.  The only thing special this “modem” does is it supports VLAN tagging on the WAN interface.  This router offers WiFi, but it only supports 802.11n at the fastest…you are reading correctly, you are required to buy a router that has a max wireless rate of around 100 megabit in order to buy gigabit service.

I had found a few blog posts online hinting at how to bypass their router by putting into “transparent bridge” mode, but I didn’t see any reason to even power this crappy device.  The tech hadn’t even finished cleaning up outside before I had converted back to using my Asus router, my 4-year old Asus readily blows away this brand new required POS.

How did I do it?  Its not so bad, there are a few blogs that you’d have to go to get all of the hints but they all leave out how to get the full thing working.  I was able to get better service using my own router than using the one provided, especially when you include IPv6 in the comparison.

TL;DR start here

I’m not going to include screen shots of all of the steps, as I would like to believe that anyone tackling this can figure it out from the high level steps (and I am too lazy to turn the CL router back on in order to document it).  In my case the CenturyLink 2100T  ZyXEL C1100Z was what was “sold” to me against my wishes.

I assume you know what cables to plug into where on your router and that you know you would need to move the WAN link that comes from the ONT from the Century Link router to your own, so I won’t include that detail here.  

I have Internet *only*, if you are also subscribing to PrismTV there may be additional settings required.

Collect PPPoE Details

  1. Login to the web interface of your Century Link router
  2. Skip to the advanced configuration section
  3. Find the remote management portion, enable telnet (likely the only time you will ever hear/see me suggest to use telnet) and set a password
  4. Telnet to your router IP (likely 192.168.0.1) and login as admin with your set password
  5. Type:
    sh
  6. Press enter, you are now in a  busybox shell.
  7. Run the command:
    /usr/bin/pidstat -l -C pppd
  8. You will get an output string that includes the runtime values being used too configure PPPoE, the parts you care about will look something like this:
    pppd -u lastfirst@qwest.net -p TXlQYXNzd29yZAo= -f 0 -M 1492 -D 0 -n 1 -L 0 -e 1 -X 120
  9. You just need to capture username and the encoded password, the username is the “lastnamefirstname@qwest.net” string and the password is the string after the -p, “TXlQYXNzd29yZAo=” in my example (be sure to include the entire string, including the equal sign as in my example)
  10. You can perform the next step natively on a Mac or you would need to use Linux, I use a Mac so it is easy.  Open a terminal window (aka shell) and run the following command to decide the password:
    echo TXlQYXNzd29yZAo= | base64 --decode
  11. You should get a decoded password back, like this:
    ~# echo TXlQYXNzd29yZAo= | base64 --decode
    
    MyPassword

Congratulations, you now have the PPP info to configure your personal router.  You can proceed to configuring PPPoE on your router WAN link, the only other thing you need to know is that you must tag the WAN with VLAN 201.  On my router’s 3rd party firmware this is under the settings for IPTV.

Now you just need to configure your router, I will include screen shots to help you on this portion.  Your settings may be called something different than what is shown, but there should be a functional equivalent.  If you do not have the ability to configure VLANs on your router you have two options, installed 3rd party firmware or just accept using the Century Link router in “transparent bridge mode” (as set on the WAN configuration under protocol settings).

Configure Your Router

On my Asus this is what I configured (obviously without quotes):

  1. WAN Connection Type: “PPPoE”
  2. PPPoE & MAN access: “DHCP or Static”
  3. Get MAN IP Automatically: “Enabled”
  4. PPP VPN Client Settings (PPPoE settings):
    1. Username: “lastnamefirstname@qwest.net”
    2. Password:  “MyPassword”
    3. Authentication Algorithm: “Auto”
    4. MTU: “1492”
    5. MRU: “1492”asus-pppoe-settings
  5. Ports Isolation and VLAN Filtering:
    1. Choose IPTV STB Port: “No”
    2. VLAN Tagged Traffic Filter: “Enabled”
    3. VLAN CPU (Internet): VID “201”, PRIO “0”
    4. VLAN CPU (IPTV):  defaults
      asus-vlan-settings

That should get you up and running on the Internet, however I wanted IPv6 support as I use it for some work projects.

Configure IPv6

I tried to guess at this but realized the best plan was to reconnect the Century Link router, go into the advanced settings and enable the IPv6 network features and capture the details for re-use.  I don’t know how generic these values are, some of them could be region specific or they may use any cast addresses allowing them to be universal.  Based on the Century Link support pages I assume these are universal.

Asus IPv6.png

You may need to reconnect your clients so that they get new DHCP info after making these changes, if you use static IPs on your workstations you will need to do your own magic to get them to also work with IPv6.  I use static IPv4 addresses on some devices, but just leave IPv6 configured for DHCP.

After making these changes I am able to score 19/20 on the IPv6 test, only lacking inverse DNS which I can’t do much about.  I did have to also enable “Respond Ping Request from WAN” on the firewall pages, as IPv6 requires more ICMP control messages than IPv4.

IPv6 Test Results.png

If you hit a wall you can drop a comment and I’ll try to fill in any details I missed.  If I end up swapping to a different router (e.g. something running pfSense) I will post an update, but the settings should be the same regardless it is just a matter of translating them to a specific configuration nomenclature.

Advertisements

15 thoughts on “Functional Home Gigabit with Century Link

  1. Laura James says:

    I’m also in Portland with CL fiber since September. I have a Tomato flashed Asus that I’m trying to use to replace it but not having much success so far. I contacted CL to get my PPPOE creds but the Asus just hangs in Connecting state forever. While trying to follow your instructions to decode the PPPOE credentials today, thinking maybe CL gave me the wrong ones, I didn’t even see a pppd proc running on the modem. I also noticed the modem was running IPOE and not PPPOE. I’m going to try and connect with IPOE in a bit. Its interesting you’re also in PDX and on PPPOE. I would think we’re all setup the same.

    Regardless, your post has given me some things to try. I appreciate you taking the time to doc everything.

    • effndc says:

      Did you set the WAN VLAN to 201? They sold be the C1100z, which is way worse than the C2100. Either way they should both be using PPPoE, I was able to get it to work on ASUS routers with Padavan firmware, ASUS WRT firmware and Merlin firmware. The most important piece is the IPTV/WAN VLAN 201, nothing else will work without it…unless you leave the 2100T in place in transparent bridge mode, and then it is doing the VLAN piece.

      I’m not using the Century link hardware at all, i am 100% using only my hardware. Currently an ASUS N56U with padavan firmware on it.

      I am in NE Portland and might be able to lend a hand if you can’t get it.

      • Laura James says:

        Ok so I just plugged the cat5 coming from the ONT to the wan port on the Asus (running Tomato). VLAN is set to 201. Changed the WAN connection settings on the Asus to plain old DHCP. Rebooted and it is magically working with the C2100T not on the wire at all. Eureka! 🙂

        I’m actually out by Mall205 so you’re likely not too far away. I am definitely not on PPPOE. Wondering if its because I was originally installed with Prism when I bought the house in August?

        Now I just have to figure out why my IPVanish/OpenVPN connection is so slow.

        Thanks again!

      • effndc says:

        Interesting. I will have to try not having PPPoE turned on, as it is the weak link in performance for a lot of routers. Glad to hear you got it working.

        I had been with Comcast since 2003, most of the time on a business line through work…when our hopes for Google Fiber went up in smoke i decided to try CL. $10 more per month for 20X the download and 100x the upload.

        One thing you can try is to login to your router through SSH and run ‘top’ while you test your VPN. Most routers don’t do encryption very well, some have very specific cryptographic offloads for specific types…otherwise you might just be maxing out the little CPU.

        I’m waiting for my new router (Mikrotik) to arrive as my old ASUS isn’t adequate anymore and the new one I bought was worse.

      • effndc says:

        I am guessing that you are getting IPoE instead of PPPoE due to having had Prism, which is interesting. I really wish I didn’t have the added overhead/complexity of PPPoE, however I can’t find any details for how I would get converted to native IPoE instead…I have seen discussions where even people with Prism had PPPoE. I don’t see Prism in my future, we cut cable almost 2 years ago and haven’t missed it. I did try out DirecTVNOW, which was entirely horrible and a waste of money and have since canceled it.

  2. Laura James says:

    Top results don’t show anything close to being capped except the nic.

    [H[JMem: 49460K used, 206172K free, 268K shrd, 6356K buff, 15908K cached
    CPU: 1.5% usr 1.1% sys 0.0% nic 96.7% idle 0.0% io 0.0% irq 0.4% sirq
    Load average: 0.08 0.06 0.10 1/50 18388
    [7m PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND[0m
    2001 1 root S 3460 1.3 0 0.0 /etc/openvpn/vpnclient1 –cd /etc/
    1949 1 root S 2820 1.1 0 0.0 httpd
    972 1 root S 1672 0.6 0 0.0 nas
    1049 1 root S 1672 0.6 0 0.0 nas
    2184 1 nobody S 1616 0.6 0 0.0 dnsmasq -c 4096 –log-async
    1 0 root S 1608 0.6 0 0.0 /sbin/preinit
    736 1 root S 1596 0.6 0 0.0 blink_5g

    Speedtest without the vpn running returns 100/50 while with it running I’m only getting 20/20ish. I tried servers in San Jose and Seattle. Both returned similar results. San Jose had faster ping times but only by a small margin.

    I picked up this Asus RT-AC68U off Craiglist last week. It was already flashed with Tomato and I was looking for a recent router with either tomato or DD-wrt. I already had an RT-N66W I’d bought when I was on Fibersphere. Oh how I miss them and Condonet. The downside of home ownership is you end up stuck with the worst ISPs..

    I work from home and CL seemed like the slightly lesser of the two evils.

  3. CJ says:

    Thanks so much for all this information! I’ll be using this hopefully on my ASUS router (the 8 port version of the AC3100, AC88u) tomorrow after my fiber install and want to skip whatever modem CenturyLink will give me. I’m in Foster Powell so not far from Laura James, hoping for a nice, easy install in my old house. I do have one question, did you use hardware acceleration or NAT acceleration on your ASUS router? I know it is an option on the stock Asus firmware as well as the modified Merlin firmware that I’m using. Unsure of when they started to do that. I had trouble with it on my Comcast connection which is why I ask, it slowed everything down to a crawl for some reason. Thanks again!

    • effndc says:

      I did use HW accelerated NAT, though I was using different hardware. The new Asus I bought to test with was the RT-AC68U, but it was slower than my old RT-N56U so I returned the new one. My old RT-N56U offered more hardware acceleration than the 68U did, which is why it was faster…but still wasn’t fast enough for my wishes. I have since switched to another device entirely (Mikrotik) as I wanted hardware that would fully support the symmetrical gigabit speeds. The RT-AC88U is only tested to about 1406Megabits bidirectional traffic, which may be adequate for your needs: https://www.smallnetbuilder.com/wireless/wireless-reviews/32910-asus-rt-ac88u-dual-band-wireless-ac3100-gigabit-router-reviewed?showall=&start=2

      When I get time I plan to write an article about configuring my Mikrotik, they are far more advanced and thus more complex than any Asus product.

      • Mufti says:

        Thanks for that information. I looked up the Microtik, a very interesting device. As an IT guy in work life, definitely up my alley. Maybe I’ll return the AC88U and get that instead! But so far it’s been solid and I like the Merlin firmware and the 8 gigabit ports. More speed is always good of course, but I’ve been very happy with 100 Mbps for a while now so I’ll see how this pans out. Guessing in a couple of years I’ll be playing with pfSense and building my own router, using the ASUS as an access point only for the wireless devices. Hopefully tomorrow goes smoothly! (this is CJ by the way, WordPress weirdness changed the name on me).

      • effndc says:

        I had considered using pfSense, but the hardware to run it to actually support a symmetric gigabit connection was expensive or extremely power hungry (aka expensive over time). I settled on the Mikrotik HEx 750gr3, it uses <5watts and can pass full bidirectional wire speed based on my actual testing. I don't know what I would ever gain by using pfSense, other than something that requires more maintenance and ultimately cost far more. The HEx 750gr3 is available for $50, you would have to spend 4X or more to get hardware to run pfSense that won't even compare to this for performance.

        So I am using the HEx as a pure router, and then I am using 2 dual-band Mikrotik WAP ac RBwAPG-5HacT2HnD-US (~$70 each) units for my access points…the Asus I returned was $150, I have $190 invested in Mikrotik and have full house coverage of WiFi and a superior router with infinitely better control over firewall policies, especially as it relates to IPv6, which Asus fails miserably at. I did add a $70 VLAN capable PoE switch to power everything too, which simplified my network greatly as now I only have to have 1 UPS to keep the entire network functional with power glitches…and as someone that works from home frequently that is critical. I have the UPS (which is monitored by the HEx), the HEx router and PoE switch in my utility closet…and that powered the 2 remote access points and a remote PoE powered switch in my office.

        The Mikrotik definitely takes a bit more time to setup than the Asus, but that is because it can do so much more…likely similar in setup complexity to pfSense, however the fact that I can run the same OS for my router and access points is great…and I can manage the access points from one place via policies. I have 4 virtual access points on each physical access point providing full traffic isolation using VLANs to protect my network from rogue devices (e.g. ill-maintained IoT devices) with bandwidth limits on any untrusted devices. You would have to spend thousands of dollars to get these features from a big name vendor (e.g. Cisco/Meraki).

        Additionally you can leverage complex overlay networks if you want, they also offer full VPN support including MPLS and full routing protocol support. Since these are carrier focused they offer some amazing features. I had thought about buying one of the CCR1009 routers but the refreshed ones weren't available yet, so I went with the HEx 750gr3 expecting I would just upgrade later if it wasn't powerful enough for my gigabit services…however it has proven that it will pass full wire speed 1900megabits of traffic even with my paranoia level firewall rules.

      • CJ says:

        That is super cool. I might be looking into that at a future date. I also looked into Ubiquiti’s EdgeRouter and their wireless access points, but of course, then I’d be wiring my whole house with Cat 6 or Cat 7, access points in every room for blanket AC wireless, etc, etc. Right now, after my fiber install, I’m enjoying the glorious speeds! Cheers.

  4. CJ says:

    By the way, I did have trouble getting my router to work with the VLAN tag so currently I have the crappy C1100Z that they also gave you running in bridge mode to do that. They gave it to me for free so it isn’t a big deal but I read on a different site that if you call CenteryLink, they can take the VLAN tag off your connection. Might give that a shot so I can pop this thing in a closet.

    • effndc says:

      Wow, they gave you the C1100Z for free? I got totally ripped off as they made me pay $100 for the stupid thing…are you sure they aren’t charging you a monthly lease fee for it? Did you buy a bundled service promo with a contract? I am really curious, so far the only thing about CTL service that truly bothers me is that they forced me to buy this antiquated hardware.

      • CJ says:

        Well, as they say in the parlance of politics, “I know a guy”. I was extremely unhappy with Comcast’s data caps (I got a 4K TV this month and the Ultra HD streaming ate into my data cap in three weeks!) and was complaining about it at work, and a coworker has a friend who works for CenturyLink. I was skeptical because of all the bad stories I’d but I called him up and it’s really been a very stellar experience. It’s unfortunate that’s not how it is for everyone and I wish it was. The install guy did offer me the better router but since I was planning on skipping over it anyway, I took what they gave me. And yes, I do have a contract, for two years. My Asus router, while causing me some grief, has now finally decided to work with the VLAN tag so I have no real need for the C1100Z but will probably hold onto it just in case I need a router in an emergency.

  5. D says:

    I was able to get my PPPoE password on my Technicolor C2100T a lot easier. I just logged in to my router (192.168.0.1) and went to “Quick Setup” where my credentials were already prefilled (though hidden). Then, from my browser’s web inspector console, ran:

    document.querySelector(“input[name=admin_password]”).value

    which output the unhidden, unencoded password to the console. After copy + pasting and applying, I verified that it worked.

Contribute to the discussion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: