TL;DR (skip to the part you care about and not my rambling in boredom)
I’ve been using Comcast (Xfinity) for my home Internet service since 2003, prior to that I lived in a house that had multiple T1s (back when megabits of home Internet was very rare). It is somewhat hard to imagine that in such a short period of time we went from hardwired home Internet being measured in kilobits to almost every mobile device we own being capable of sustaining 10s of megabits while roaming about.
I had been holding onto my Comcast Teleworker discounted ‘business’ Internet after leaving VMware, waiting for Google Fiber to come to town as Portland was supposed to be on the relatively near future roadmap and I was trying to avoid adding more unsightly aerial cabling to the exterior of my 110 year old house. As neat as modern technology is, it doesn’t really go well with the architectural detail of an old craftsman home. Since Google Fiber is now dead I decided to proceed with the next best option, Century Link.
I never thought I’d suggest that Century Link (formerly Qwest, formerly US West, aka US Worst) was a “best” option for anything. I worked for large national ISPs for my early career, and US Worst was always one of the most problematic carriers to deal with. I still have flashbacks about the escalations and yelling customers, but best was when their tech and manager didn’t realize they were connected to voicemail while planning how they were going to lie to explain way their fault on a prolonged outage impacting several of our customers.
Fast forward to today, I ordered Century Link Gigabit to be delivered to my house. I had read many nightmare stories about this on Nextdoor but figured I’d go the lower risk route and order it online where I could have a paper trail, I tend to never sign up for a contract sold by a solicitor that knocks on my door. The order went smoothly online, and amazingly they were able to install in less than a week later. The tech arrived at the beginning of the instal window and spent much of the day running the fiber around our house to the only possible entry point.
What didn’t go well is that Century Link forces you to either buy or lease a “modem”, which is their name for a really crappy router. The only thing special this “modem” does is it supports VLAN tagging on the WAN interface. This router offers WiFi, but it only supports 802.11n at the fastest…you are reading correctly, you are required to buy a router that has a max wireless rate of around 100 megabit in order to buy gigabit service.
I had found a few blog posts online hinting at how to bypass their router by putting into “transparent bridge” mode, but I didn’t see any reason to even power this crappy device. The tech hadn’t even finished cleaning up outside before I had converted back to using my Asus router, my 4-year old Asus readily blows away this brand new required POS.
How did I do it? Its not so bad, there are a few blogs that you’d have to go to get all of the hints but they all leave out how to get the full thing working. I was able to get better service using my own router than using the one provided, especially when you include IPv6 in the comparison.
TL;DR start here
I’m not going to include screen shots of all of the steps, as I would like to believe that anyone tackling this can figure it out from the high level steps (and I am too lazy to turn the CL router back on in order to document it). In my case the
CenturyLink 2100T ZyXEL C1100Z was what was “sold” to me against my wishes.
I assume you know what cables to plug into where on your router and that you know you would need to move the WAN link that comes from the ONT from the Century Link router to your own, so I won’t include that detail here.
I have Internet *only*, if you are also subscribing to PrismTV there may be additional settings required.
Collect PPPoE Details
- Login to the web interface of your Century Link router
- Skip to the advanced configuration section
- Find the remote management portion, enable telnet (likely the only time you will ever hear/see me suggest to use telnet) and set a password
- Telnet to your router IP (likely 192.168.0.1) and login as admin with your set password
- Press enter, you are now in a busybox shell.
- Run the command:
/usr/bin/pidstat -l -C pppd
- You will get an output string that includes the runtime values being used too configure PPPoE, the parts you care about will look something like this:
pppd -u firstname.lastname@example.org -p TXlQYXNzd29yZAo= -f 0 -M 1492 -D 0 -n 1 -L 0 -e 1 -X 120
- You just need to capture username and the encoded password, the username is the “email@example.com” string and the password is the string after the -p, “TXlQYXNzd29yZAo=” in my example (be sure to include the entire string, including the equal sign as in my example)
- You can perform the next step natively on a Mac or you would need to use Linux, I use a Mac so it is easy. Open a terminal window (aka shell) and run the following command to decide the password:
echo TXlQYXNzd29yZAo= | base64 --decode
- You should get a decoded password back, like this:
~# echo TXlQYXNzd29yZAo= | base64 --decode MyPassword
Congratulations, you now have the PPP info to configure your personal router. You can proceed to configuring PPPoE on your router WAN link, the only other thing you need to know is that you must tag the WAN with VLAN 201. On my router’s 3rd party firmware this is under the settings for IPTV.
Now you just need to configure your router, I will include screen shots to help you on this portion. Your settings may be called something different than what is shown, but there should be a functional equivalent. If you do not have the ability to configure VLANs on your router you have two options, installed 3rd party firmware or just accept using the Century Link router in “transparent bridge mode” (as set on the WAN configuration under protocol settings).
Configure Your Router
On my Asus this is what I configured (obviously without quotes):
- WAN Connection Type: “PPPoE”
- PPPoE & MAN access: “DHCP or Static”
- Get MAN IP Automatically: “Enabled”
- PPP VPN Client Settings (PPPoE settings):
- Username: “firstname.lastname@example.org”
- Password: “MyPassword”
- Authentication Algorithm: “Auto”
- MTU: “1492”
- MRU: “1492”
- Ports Isolation and VLAN Filtering:
- Choose IPTV STB Port: “No”
- VLAN Tagged Traffic Filter: “Enabled”
- VLAN CPU (Internet): VID “201”, PRIO “0”
- VLAN CPU (IPTV): defaults
That should get you up and running on the Internet, however I wanted IPv6 support as I use it for some work projects.
I tried to guess at this but realized the best plan was to reconnect the Century Link router, go into the advanced settings and enable the IPv6 network features and capture the details for re-use. I don’t know how generic these values are, some of them could be region specific or they may use any cast addresses allowing them to be universal. Based on the Century Link support pages I assume these are universal.
You may need to reconnect your clients so that they get new DHCP info after making these changes, if you use static IPs on your workstations you will need to do your own magic to get them to also work with IPv6. I use static IPv4 addresses on some devices, but just leave IPv6 configured for DHCP.
After making these changes I am able to score 19/20 on the IPv6 test, only lacking inverse DNS which I can’t do much about. I did have to also enable “Respond Ping Request from WAN” on the firewall pages, as IPv6 requires more ICMP control messages than IPv4.
If you hit a wall you can drop a comment and I’ll try to fill in any details I missed. If I end up swapping to a different router (e.g. something running pfSense) I will post an update, but the settings should be the same regardless it is just a matter of translating them to a specific configuration nomenclature.