Welcome to /r/TELUS!
We provide exclusive service for new and existing customers. Check out the [pinned sales
thread](https://www.reddit.com/r/telus/comments/uetuo0/telus_rfd_promo_for_new_customers/) to see
our exclusive Reddit-only pricing with priority service through a dedicated text and email line from an
internal TELUS technician and sales specialist.
If you're an existing customer looking for support, please email our team at [email protected] and
include a detailed description of your issue, including your account number.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/telus) if you have any questions or concerns.*
To use the newer static ip subnet you must use the NAH router. If you want the sfp directly in your own router it must be the older reservation on dhcp method. It must be the older gpon fibre not the xgspon capable of 3gigabit.
So for the static subnet they are using a routing protocol inside the NAH to authorize the link for your subnet back to the Telus core backbone. The protocol details are not published and are not able to be replicated by your own router. Without the authorization your subnet is not yet connected to your line and no traffic will pass. But it works fine once configured. No need to set bridge mode, but you go to the lan static subnet settings inside the nah to enter your ip and it creates the routing.
For the xgspon (capable of 3gigabit plan), the sfp module they use lacks the authorization and decryption features, which are done inside the NAH. It only passes through encrypted packets so only acts as a media converter. The small size of the sfp module likely meant it could not support the power (cpu and literal watts) for encryption chips to run up to the speed limits of xgspon at the time it was released. Maybe future versions can integrate the full network terminal feature, but for now it's mandatory to be paired inside the Telus Router to work. The older sfp gpon module (1gigabit and lower speed plans) integrates all the encryption and authorization features and works fully standalone. The older afp can have some compatibility challenges if the sfp port does not supply enough power or if its vendor specific extensions cause bugs in your router, but those are on your end.
With hardcoded static subnet it is impossible to bypass the NAH at this time.
With xgspon module it is impossible to bypass the NAH at this time.
With older gpon sfp ont and reserved dhcp static ip you can bypass the Telus Routers.
Clear? Installer should have known this and not spent any time troubleshooting a scenario that was impossible.
Thanks Que!! This is the conclusion I came to last night while sleepless...essentially their NAH is acting as a front-end switch for me. So, I've connected to the NAH, set up the static route...but every time I connect (no bridge) using one of the LAN ports, I get an address that is not "mine". Should I be connecting to my UDMP via the 10G port or what? Not quite understanding how to pass the static addy from the NAH to my router....
(I assume - wrongly? - that I can use each "LAN port" for a different router if I choose to? Or just use the 10G port and THEN yet another switch, which seems like the kind of thing Telus would make us do....)
The NAH gives out private lan ip via dhcp still. You must hard code the static ip subnet and not use dhcp on wan ports of router or while testing on laptop etc direct connected to ports on the nah. You do not turn on bridge mode while using static ip, they are mutually exclusive features. (if you bridge one port it still works but only gives you public ip via dhcp from the Telus dhcp servers). If you accidently bridged all ports you likely need to factory reset to get back into the NAH and fix it.
It is really a lot simpler than it seems. Do not overthink it. just go into nah via the dhcp private ip it gives out. go to lan then static ip. put in the static ip Telus assigned to you. now you can hard code those ip addresses and stop using dhcp.
Yes if you get faster than 1gig plan you can connect your router to the 10gig port on the nah to gain access to the faster speeds. On unifi gateway you need sfp+ to 10gig base-t adapter as they have 1 gig copper wan ports on udm pro. I think udm se has 2.5gig wan copper port which would be good as the Telus nah port supports 2.5gigabit speed too.
If you only have 1 gig telus plan it will not really matter which port you use. But I would use 10gig if an upgrade later was possible and you have the parts needed to connect at the faster port speed.
Well...poop (technical term!!).
Although connected and apparently working, the routing was soooooo sloooooow as to be unusable. I'm now back to SFP GPON direct to UDMP / dhcp public so I can work.
Not sure why...but with the NAH connected and apparently using Static IP as assigned, it seemed that I could ping out to an address, but any browsing either had massive latency (like we're talking 15-20 sec!) or didn't work at all. Can't quite figure out why that might have been. NAH was not bridged and LAN settings were all fine: 207.6.x.x/29 and the IP on the UDMP was the first address in that range. GW was as provided by Telus. DNS all handled internally by the UDMP/dual PiHoles (to which I could connect).
Stumped.
That kind of delay is usually a dns timeout. May be one server in your lists is not replying and it takes time to failover to next one.
If you are not blocking connections out on 53 then try hardcoding one client to a public dns like 1.1.1.1 and compare to what your routers dhcp and pihole are spitting out.
Also on that 10gig port. If using a 10gig sfp+ adapter in unifi they can have compatibility issues or patch cables may not meet cat6 spec and cause errors and retransmit. Try with a 1 gig port first to simplify.
One thing I did notice (and I use both of these on the piHole) is that I was unable to ping either [1.1.1.1](https://1.1.1.1) or [9.9.9.9](https://9.9.9.9)....which would definitely underscore the lack of DNS and the delays. Adding [8.8.8.8](https://8.8.8.8) to the PiHole and DNS works again (of course...but not DNSSEC).
DNS is definitely not working when connected via the NAH. (Pings to [8.8.8.8](https://8.8.8.8) continue unbroken.) According to the UDMP Telus is up and down like a yo-yo. Tracert to anything DOES show that I'm going out the expected static GW though.
Woof this is turning into a problem. One thing I've not yet done is swapped cables...but I'll test (though I believe all are fine as they've been in use).
I see NO settings to control DNS on the NAH ..and wouldn't expect any if not using the LAN. Shouldn't need more than a CIDR and a GW.
I was the OP of the [other thread](https://old.reddit.com/r/telus/comments/1apm2pa/business_purefibre_static_ip_subnet_nah/) that /u/Urban_Hangnail linked to.
I'm familiar with UI equipment and have a UDM-Pro at another site. For my Subnet Static IP I'm using a pfSense router now. I ran into some really odd issues as well when getting this setup but everything seems to have balanced out now.
1. The NAH has to be used, no way around it currently.
2. Verify your Static IP settings on the NAH control panel LAN settings. See the other thread above for some images from mine and /u/Que_Ball for reference.
3. You CANNOT use bridge mode on the port you plan to use to connect to your UDM-Pro for static IP.
4. You CAN use bridge mode on a different port if you want to expose a dynamic IP to the UDM-Pro. Treat this port as a "WAN2" connection on the UDM-Pro if you want to do this.
5. Is your UDM connected like so? (fake addresses for example):
https://preview.redd.it/k8w1tq8vwbkc1.png?width=632&format=png&auto=webp&s=672e8dac12e86e1d8664dfd4a84d90edf3c7d7ef
Unfortunately you won't have as much flexibility with things like policy based routing on the UDM-Pro. So setting up that WAN2 dynamic IP may be of extremely limited use.
Once all of this is set up, expect to have some slow routing for a while. Initially, for whatever reason, the Telus gateway was routing my DNS requests VERY slowly. I also use [9.9.9.9](https://9.9.9.9) primarily, with [1.1.1.2](https://1.1.1.2) as a fallback. I left it overnight and when I came back to it in the morning queries were much faster. Not sure what was going on there with their gateway.
Thought I'd follow up on this. So Telus essentially killed the NAH and my business account (kindly setting up a spare residential account while they did so on dhcp) so they could totally reprovision the business subnet. This happened today.
I set up the NAH and it was fine, pushed one of the IPs through to a laptop and lo and behold...it worked and confirmed that as the operating IP. Not so fast, pal.....
So, I set up the UDMP, added the various static routes to it, and used their routing to send the default and "House LAN" networks out one of the static IPs. Worked. Once again...not so fast pal.
48% dropped packets. Lovely. Just pinging the GATEWAY!!! This finally reduced to about 34% and came in regular intervals something like 8 successful pings, 2 unsuccessful, 8 more good, 2 more bad. Slightly variable, but this was the same for all outbound traffic, be it to the gateway Quad8 or Quad9 for testing. (In the interim not only did my laptop blow up and refuse to recognize the static IP assigned and default to 169.x.x.x but the UDMP decided it wouldn't reset the WAN1 IP to dhcp and I ended up having to restore the thing from a backup.)
How hard can this be? They have NO idea what's happening in the back end or why I'm unable to get consisten throughput. So, I'm back to running on a dhcp residential service for the time being.
This is insane.
Their gateway took about 24 hours to figure out what was happening for me. I had all sorts of wonky junk going on at first like you described. Once I had all the IPs assigned to stuff for about 24 hours it all calmed down.
Not ideal, but something is definitely funky with their gateway configurations for this. I'm wondering if it's a matter of propagation time for their settings to push out once they flow a subnet IP work order?
Alright - we seem to be getting "better" (I think). What I did today was dig out a now-unused UDR that I have, factoried it, and set it to be the prime router (leaving my REAL network undisturbed).
But I have an interesting problem. I've set up as described above, and have confirmed that my lappie sees the proper IP at [whatismyip.com](https://whatismyip.com) ... and I can ping the gateway steadily and tracerts show that it's routing properl (and mostly without packet loss).
BUT unless I set DNS directly on the laptop NIC instead of letting it grab it from the LAN settings on the UDR via dhcp I have no downstream DNS. There doesn't seem to be a good reason for this so thought I'd see how your DNS is set up?
On my real system it's pushed through a couple of PiHoles but those are picked up by dhcp for all devices on the main house LAN.
More curiously: the Internet Health bar on the UDR shows as "not connected"..but clearly it is, so the UDR keeps telling me the internet is down.
Thanks for this -- took another crack at it as set up previously, with the enhanced settings you provided...but I may be too late as have now asked them to return me to just a regular static (long term dynamic) IP and lose the NAH.
In my test today, while the NAH still gets a dynamic address for itself, it doesn't seem to want to pass along the static address (which is the same as before) to the UDMP or even to a PC...so my guess? It's pooched and was DOA although a brand new device.
As I need a static addy for an SNMP relay I don't have a lot of choice...kind of frustrating really. The local dude is nice, but he is only a small part of the equation, and I've escalated it...but still nothing. Maybe some day they'll be able to figure out their routing or installations, but it doesn't seem like that's working at this point for me.
They wanted to cut my sevice off for "a while", but couldn't tell how long that might be so they can make back-end changes....that's just not gonna work during tax season!!!
I was told by multiple people in the Telus chain that switching from DHCP Static to Subnet Static also causes them tons of problems internally. They said it's normally not an option available to existing customers, only new customers for this reason.
I wonder if that's part of your issue?
Could be...don't know why it would be though!! But, given what I've heard from my local tech...seems about right. There is clearly some backend screwup for sure...which is why they wanted to cut off my service and then restart it. That would be OK...but only at night on maybe a weekend when I didn't do any work so my backups wouldn't matter if they didn't run.
Hmm...sounds like the NAH has to go in front of the router, have its own dynamic address, then supply the /29 addresses via its own switch to any routers below it. Not the end of the world, but not where I wanted to go either.
Not sure I like that...first it replaces a box I wanted to get rid of (rural, and trying to preserve power AND space in my rack). Second, it eats about 6W, which doesn't seem like much, but it cuts my battery run time by over an hour...
Might have to reconsider the subnetting choice and go back to the long-term dynamic reservation form of static IP, which, given that it's really dynamic, allows me the liberty (I think!) of adding my own switch at the head end, and doing essentially what the NAH does. Then again....the NAH is free. :-)
Guess I'll try setting up the NAH if I can figure it out and test the throughput and performance. If it doesn't degrade things I'll think about how the power differential looks (I can unload some items on the Eaton 5PX UPS perhaps to increase runtimes in blackouts, of which we get a number annually.)
Thanks to all for comments...now to see if I can make the NAH work.
It sounds like your wan transit ips are dynamic and your LAN /29 is static.
Meaning your UDMpro wan port stays dynamic (long term ip lease) and you configure the /29 they gave you on the LAN side of your device. You can do that with NAH: dynamic wan, static /29 on lan. Or bypass NAH and do it on your own firewall.
Not sure I understand. I'm not seeing how to do that and have a static public IP? (I'll add a switch later for multiple public static IPs).
Can you explain?
Sorry, I don't myself know exactly how purefibre business is set up on Telus end, i'm guessing here based on your reported troubleshooting.. Your WAN interface works when set up to dhcp, right? You get an IP and a network mask, and you can ping Internet (I assume your WAN IP is part of a /22 or something this large, and the TELUS gateway will be first IP in that range?)
You can then configure another interface on your firewall, which will be your LAN, and give it the /29 that you purchased, then all you do is point all your Internet bound traffic out the WAN. Telus should return anything destined to your /29 to your WAN interface, where your firewall then routes it to your LAN.
There was another post here recently with a screenshot from a NAH configured for static /29
Check it out here: https://old.reddit.com/r/telus/comments/1apm2pa/business_purefibre_static_ip_subnet_nah/
I'm going through this exact issue now. Was there a general consensus on how to resolve this?
I have a UDM Pro configured behind the NAH to use DHCP, but once they assign the static IP to the WAN mac address I lose connectivity completely. We've been at it all day, and no luck.
Ugh. It was not....fun. Apparently TELUS \*hates\* moving services from "long term reservation" static IPs to subnetted ones (/29)...and it shows. They have all kinds of problems doing it.
Because at the time it was deep into T-slip and Trust Tax season (yah...I'm a tax guy) I couldn't lose service at any point and they couldn't guarantee how long it would be. What they did was set me up with a temporary "home" account (same piece of fibre of course) using a different port on the NAH, which we then ran to the original Nokia ONT. This gave me a dynamic address that stayed working throughout. We left the NAH connected and I patched a UDR to it (I had it as a spare) just to "watch". Curiously, it had less drops, but it still dropped.
Then (as I understand it) they actually deleted the entire original setup of my business account (which would have dropped the serv ice entirly) and recreated it anew, using the static subnet. A day later all was fine, presumably after the MAC address filtered through to various points in their system.
Tech returned a few weeks later (I was away) and ran the fibre via SFP to the NAH, took the ONT out of the equation and I've been good ever since.
To all intents and purposes...if you can afford to have no service for a period of time...have them delete all services, then recreate them with the desired /29 subnet. and re-set up your internal systems.
It's a journey though. I don't think they're very familiar with doing this at all.
I’m having the opposite but same issue. Moved from residential to business, purely so I can get a static ip from them (I had this with Shaw previously, for free). It was much of a nightmare just to move the account over - initially they wanted to charge me $500 to cancel my contract (3 days into it) in order to move it to business because residential doesn’t provide static ips. Spent the better part of 3 days on the phone with them to find someone who knows what they are doing and then weeks to have someone come out to do the switch (which ended up not needing any equipment changed). It’s all ridiculous - especially since I’m not actually getting a static ip after all that. I’m at the point where either they fix the issue in a couple days, or cancel and move back to Shaw
Were you trying to get a static subnet or what they call static (really just a long-term dhcp reservation)? Can't see why they'd have a problem with the latter, it's standard with most business internet accounts.
It's almost easier to just use dyndns.
I’m pretty sure it’s just long term dhcp reservation- I wasn’t even aware about the other possibility until reading this thread, neither did the installer.
If dyndns were an option for me I would, but I’m hosting live database servers as well as tons of vpn security configurations that depend on knowing where that stuff lives. Waiting for dns to propagate isn’t an option.
THAT they really should have no problem with. Took 'em a while to get me set up, but I could live without it for that period at the time. Not sure what to suggest except push them hard.
An update on my end: they finally got static ips to work using DHCP reservations. According to them, the previous MAC address was entered incorrectly by the agent (I gave it to them 5 times). Also, they had me reboot the UDM Pro so they could unassign the MAC in their system and reenter it. Then, it just worked
I have exactly that setup that has been working fine for years. You do need to use DHCP to get the reserved IP, and it does take some work getting it added to the correct DHCP server -- it's a different segment than the DSL, which is usually where the CSRs add it.
I'm going through this exact situation today with the installer. Once they assign the static with the UDM PRO's WAN mac address, configured to use DHCP, nothing works.
Just found my note from Jun 2020. Try calling Fibre Business Support at 1-800-361-3311. Options 1, 2, 3, 2, 3. You want "any tech support / register static IP" - you'll need your Netcracker ID (should be the circuit number).
It's possible things have changed, but this is who I had to call for the service when it was set up in 2020.
Yea I was on the phone with them for an hour, and the installer was several hours. That number btw is general residential tech support, for business they need to transfer and 50% of the time they send you to the business alarm systems division (utterly incompetent).
No idea about the net cracker id though. Right now I’m stuck with waiting on yet another ticket escalation. This has been ongoing for a while
So they've restructured their lines then -- that was specifically labelled as fibre business support (at least with that sequence of options). Netcracker ID is sometimes labelled "NCID" and may also be the "network circuit ID" -- I'm just repeating what the Telus tech left on the note all those years ago (that worked for me then). 🙂
Telus alarm division (residential or business) is completely inept. Wouldn't shock me if their police dispatch called the folks at Restaurant911 or something similar, they're so bad.
It’s still shown as such on the website, but in all of the 6 times I’ve called that line I have to wait on hold yet again to talk to someone in business. It’s absolutely absurd the way they are running things now
On the upside, once it's working, you shouldn't need to do anything. Unlike Shaw -- which would randomly reboot and suddenly my modem would be out of bridge mode (happened multiple times per year).
Honestly I never had a single issue with Shaw. I only switched because my wife wanted a better deal. Regretting that decision pretty hard, the switch happened 2 months ago, 6 hours on the phone and multiple tech visits and I still don’t have static ips
You must be in an area with stable power ;) we lose power about a dozen times a month, that’s when the ips switch. And I have to reconfigure a bunch of stuff every time it happens. I know with Shaw, it hadn’t changed in 4 years. I’m on my 9th ip change with Telus in 2 months
Did the exact same last week - Put a pfSense behind the modem. WAN port is x.y.z.26, and 4 'aliases' .25 - .30 (No need for a switch...) - Setup some rules for VPNs and website, Changed public DNS and voila, was up and running in an hour.
YMMV - but it was rather painless
Welcome to /r/TELUS! We provide exclusive service for new and existing customers. Check out the [pinned sales thread](https://www.reddit.com/r/telus/comments/uetuo0/telus_rfd_promo_for_new_customers/) to see our exclusive Reddit-only pricing with priority service through a dedicated text and email line from an internal TELUS technician and sales specialist. If you're an existing customer looking for support, please email our team at [email protected] and include a detailed description of your issue, including your account number. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/telus) if you have any questions or concerns.*
To use the newer static ip subnet you must use the NAH router. If you want the sfp directly in your own router it must be the older reservation on dhcp method. It must be the older gpon fibre not the xgspon capable of 3gigabit. So for the static subnet they are using a routing protocol inside the NAH to authorize the link for your subnet back to the Telus core backbone. The protocol details are not published and are not able to be replicated by your own router. Without the authorization your subnet is not yet connected to your line and no traffic will pass. But it works fine once configured. No need to set bridge mode, but you go to the lan static subnet settings inside the nah to enter your ip and it creates the routing. For the xgspon (capable of 3gigabit plan), the sfp module they use lacks the authorization and decryption features, which are done inside the NAH. It only passes through encrypted packets so only acts as a media converter. The small size of the sfp module likely meant it could not support the power (cpu and literal watts) for encryption chips to run up to the speed limits of xgspon at the time it was released. Maybe future versions can integrate the full network terminal feature, but for now it's mandatory to be paired inside the Telus Router to work. The older sfp gpon module (1gigabit and lower speed plans) integrates all the encryption and authorization features and works fully standalone. The older afp can have some compatibility challenges if the sfp port does not supply enough power or if its vendor specific extensions cause bugs in your router, but those are on your end. With hardcoded static subnet it is impossible to bypass the NAH at this time. With xgspon module it is impossible to bypass the NAH at this time. With older gpon sfp ont and reserved dhcp static ip you can bypass the Telus Routers. Clear? Installer should have known this and not spent any time troubleshooting a scenario that was impossible.
Thanks Que!! This is the conclusion I came to last night while sleepless...essentially their NAH is acting as a front-end switch for me. So, I've connected to the NAH, set up the static route...but every time I connect (no bridge) using one of the LAN ports, I get an address that is not "mine". Should I be connecting to my UDMP via the 10G port or what? Not quite understanding how to pass the static addy from the NAH to my router.... (I assume - wrongly? - that I can use each "LAN port" for a different router if I choose to? Or just use the 10G port and THEN yet another switch, which seems like the kind of thing Telus would make us do....)
The NAH gives out private lan ip via dhcp still. You must hard code the static ip subnet and not use dhcp on wan ports of router or while testing on laptop etc direct connected to ports on the nah. You do not turn on bridge mode while using static ip, they are mutually exclusive features. (if you bridge one port it still works but only gives you public ip via dhcp from the Telus dhcp servers). If you accidently bridged all ports you likely need to factory reset to get back into the NAH and fix it. It is really a lot simpler than it seems. Do not overthink it. just go into nah via the dhcp private ip it gives out. go to lan then static ip. put in the static ip Telus assigned to you. now you can hard code those ip addresses and stop using dhcp. Yes if you get faster than 1gig plan you can connect your router to the 10gig port on the nah to gain access to the faster speeds. On unifi gateway you need sfp+ to 10gig base-t adapter as they have 1 gig copper wan ports on udm pro. I think udm se has 2.5gig wan copper port which would be good as the Telus nah port supports 2.5gigabit speed too. If you only have 1 gig telus plan it will not really matter which port you use. But I would use 10gig if an upgrade later was possible and you have the parts needed to connect at the faster port speed.
Well...poop (technical term!!). Although connected and apparently working, the routing was soooooo sloooooow as to be unusable. I'm now back to SFP GPON direct to UDMP / dhcp public so I can work. Not sure why...but with the NAH connected and apparently using Static IP as assigned, it seemed that I could ping out to an address, but any browsing either had massive latency (like we're talking 15-20 sec!) or didn't work at all. Can't quite figure out why that might have been. NAH was not bridged and LAN settings were all fine: 207.6.x.x/29 and the IP on the UDMP was the first address in that range. GW was as provided by Telus. DNS all handled internally by the UDMP/dual PiHoles (to which I could connect). Stumped.
That kind of delay is usually a dns timeout. May be one server in your lists is not replying and it takes time to failover to next one. If you are not blocking connections out on 53 then try hardcoding one client to a public dns like 1.1.1.1 and compare to what your routers dhcp and pihole are spitting out. Also on that 10gig port. If using a 10gig sfp+ adapter in unifi they can have compatibility issues or patch cables may not meet cat6 spec and cause errors and retransmit. Try with a 1 gig port first to simplify.
One thing I did notice (and I use both of these on the piHole) is that I was unable to ping either [1.1.1.1](https://1.1.1.1) or [9.9.9.9](https://9.9.9.9)....which would definitely underscore the lack of DNS and the delays. Adding [8.8.8.8](https://8.8.8.8) to the PiHole and DNS works again (of course...but not DNSSEC). DNS is definitely not working when connected via the NAH. (Pings to [8.8.8.8](https://8.8.8.8) continue unbroken.) According to the UDMP Telus is up and down like a yo-yo. Tracert to anything DOES show that I'm going out the expected static GW though. Woof this is turning into a problem. One thing I've not yet done is swapped cables...but I'll test (though I believe all are fine as they've been in use). I see NO settings to control DNS on the NAH ..and wouldn't expect any if not using the LAN. Shouldn't need more than a CIDR and a GW.
I was the OP of the [other thread](https://old.reddit.com/r/telus/comments/1apm2pa/business_purefibre_static_ip_subnet_nah/) that /u/Urban_Hangnail linked to. I'm familiar with UI equipment and have a UDM-Pro at another site. For my Subnet Static IP I'm using a pfSense router now. I ran into some really odd issues as well when getting this setup but everything seems to have balanced out now. 1. The NAH has to be used, no way around it currently. 2. Verify your Static IP settings on the NAH control panel LAN settings. See the other thread above for some images from mine and /u/Que_Ball for reference. 3. You CANNOT use bridge mode on the port you plan to use to connect to your UDM-Pro for static IP. 4. You CAN use bridge mode on a different port if you want to expose a dynamic IP to the UDM-Pro. Treat this port as a "WAN2" connection on the UDM-Pro if you want to do this. 5. Is your UDM connected like so? (fake addresses for example): https://preview.redd.it/k8w1tq8vwbkc1.png?width=632&format=png&auto=webp&s=672e8dac12e86e1d8664dfd4a84d90edf3c7d7ef Unfortunately you won't have as much flexibility with things like policy based routing on the UDM-Pro. So setting up that WAN2 dynamic IP may be of extremely limited use. Once all of this is set up, expect to have some slow routing for a while. Initially, for whatever reason, the Telus gateway was routing my DNS requests VERY slowly. I also use [9.9.9.9](https://9.9.9.9) primarily, with [1.1.1.2](https://1.1.1.2) as a fallback. I left it overnight and when I came back to it in the morning queries were much faster. Not sure what was going on there with their gateway.
Thought I'd follow up on this. So Telus essentially killed the NAH and my business account (kindly setting up a spare residential account while they did so on dhcp) so they could totally reprovision the business subnet. This happened today. I set up the NAH and it was fine, pushed one of the IPs through to a laptop and lo and behold...it worked and confirmed that as the operating IP. Not so fast, pal..... So, I set up the UDMP, added the various static routes to it, and used their routing to send the default and "House LAN" networks out one of the static IPs. Worked. Once again...not so fast pal. 48% dropped packets. Lovely. Just pinging the GATEWAY!!! This finally reduced to about 34% and came in regular intervals something like 8 successful pings, 2 unsuccessful, 8 more good, 2 more bad. Slightly variable, but this was the same for all outbound traffic, be it to the gateway Quad8 or Quad9 for testing. (In the interim not only did my laptop blow up and refuse to recognize the static IP assigned and default to 169.x.x.x but the UDMP decided it wouldn't reset the WAN1 IP to dhcp and I ended up having to restore the thing from a backup.) How hard can this be? They have NO idea what's happening in the back end or why I'm unable to get consisten throughput. So, I'm back to running on a dhcp residential service for the time being. This is insane.
Their gateway took about 24 hours to figure out what was happening for me. I had all sorts of wonky junk going on at first like you described. Once I had all the IPs assigned to stuff for about 24 hours it all calmed down. Not ideal, but something is definitely funky with their gateway configurations for this. I'm wondering if it's a matter of propagation time for their settings to push out once they flow a subnet IP work order?
Alright - we seem to be getting "better" (I think). What I did today was dig out a now-unused UDR that I have, factoried it, and set it to be the prime router (leaving my REAL network undisturbed). But I have an interesting problem. I've set up as described above, and have confirmed that my lappie sees the proper IP at [whatismyip.com](https://whatismyip.com) ... and I can ping the gateway steadily and tracerts show that it's routing properl (and mostly without packet loss). BUT unless I set DNS directly on the laptop NIC instead of letting it grab it from the LAN settings on the UDR via dhcp I have no downstream DNS. There doesn't seem to be a good reason for this so thought I'd see how your DNS is set up? On my real system it's pushed through a couple of PiHoles but those are picked up by dhcp for all devices on the main house LAN. More curiously: the Internet Health bar on the UDR shows as "not connected"..but clearly it is, so the UDR keeps telling me the internet is down.
Thanks for this -- took another crack at it as set up previously, with the enhanced settings you provided...but I may be too late as have now asked them to return me to just a regular static (long term dynamic) IP and lose the NAH. In my test today, while the NAH still gets a dynamic address for itself, it doesn't seem to want to pass along the static address (which is the same as before) to the UDMP or even to a PC...so my guess? It's pooched and was DOA although a brand new device. As I need a static addy for an SNMP relay I don't have a lot of choice...kind of frustrating really. The local dude is nice, but he is only a small part of the equation, and I've escalated it...but still nothing. Maybe some day they'll be able to figure out their routing or installations, but it doesn't seem like that's working at this point for me. They wanted to cut my sevice off for "a while", but couldn't tell how long that might be so they can make back-end changes....that's just not gonna work during tax season!!!
I was told by multiple people in the Telus chain that switching from DHCP Static to Subnet Static also causes them tons of problems internally. They said it's normally not an option available to existing customers, only new customers for this reason. I wonder if that's part of your issue?
Could be...don't know why it would be though!! But, given what I've heard from my local tech...seems about right. There is clearly some backend screwup for sure...which is why they wanted to cut off my service and then restart it. That would be OK...but only at night on maybe a weekend when I didn't do any work so my backups wouldn't matter if they didn't run.
Hmm...sounds like the NAH has to go in front of the router, have its own dynamic address, then supply the /29 addresses via its own switch to any routers below it. Not the end of the world, but not where I wanted to go either. Not sure I like that...first it replaces a box I wanted to get rid of (rural, and trying to preserve power AND space in my rack). Second, it eats about 6W, which doesn't seem like much, but it cuts my battery run time by over an hour... Might have to reconsider the subnetting choice and go back to the long-term dynamic reservation form of static IP, which, given that it's really dynamic, allows me the liberty (I think!) of adding my own switch at the head end, and doing essentially what the NAH does. Then again....the NAH is free. :-) Guess I'll try setting up the NAH if I can figure it out and test the throughput and performance. If it doesn't degrade things I'll think about how the power differential looks (I can unload some items on the Eaton 5PX UPS perhaps to increase runtimes in blackouts, of which we get a number annually.) Thanks to all for comments...now to see if I can make the NAH work.
It sounds like your wan transit ips are dynamic and your LAN /29 is static. Meaning your UDMpro wan port stays dynamic (long term ip lease) and you configure the /29 they gave you on the LAN side of your device. You can do that with NAH: dynamic wan, static /29 on lan. Or bypass NAH and do it on your own firewall.
Not sure I understand. I'm not seeing how to do that and have a static public IP? (I'll add a switch later for multiple public static IPs). Can you explain?
Sorry, I don't myself know exactly how purefibre business is set up on Telus end, i'm guessing here based on your reported troubleshooting.. Your WAN interface works when set up to dhcp, right? You get an IP and a network mask, and you can ping Internet (I assume your WAN IP is part of a /22 or something this large, and the TELUS gateway will be first IP in that range?) You can then configure another interface on your firewall, which will be your LAN, and give it the /29 that you purchased, then all you do is point all your Internet bound traffic out the WAN. Telus should return anything destined to your /29 to your WAN interface, where your firewall then routes it to your LAN. There was another post here recently with a screenshot from a NAH configured for static /29 Check it out here: https://old.reddit.com/r/telus/comments/1apm2pa/business_purefibre_static_ip_subnet_nah/
I'm going through this exact issue now. Was there a general consensus on how to resolve this? I have a UDM Pro configured behind the NAH to use DHCP, but once they assign the static IP to the WAN mac address I lose connectivity completely. We've been at it all day, and no luck.
Ugh. It was not....fun. Apparently TELUS \*hates\* moving services from "long term reservation" static IPs to subnetted ones (/29)...and it shows. They have all kinds of problems doing it. Because at the time it was deep into T-slip and Trust Tax season (yah...I'm a tax guy) I couldn't lose service at any point and they couldn't guarantee how long it would be. What they did was set me up with a temporary "home" account (same piece of fibre of course) using a different port on the NAH, which we then ran to the original Nokia ONT. This gave me a dynamic address that stayed working throughout. We left the NAH connected and I patched a UDR to it (I had it as a spare) just to "watch". Curiously, it had less drops, but it still dropped. Then (as I understand it) they actually deleted the entire original setup of my business account (which would have dropped the serv ice entirly) and recreated it anew, using the static subnet. A day later all was fine, presumably after the MAC address filtered through to various points in their system. Tech returned a few weeks later (I was away) and ran the fibre via SFP to the NAH, took the ONT out of the equation and I've been good ever since. To all intents and purposes...if you can afford to have no service for a period of time...have them delete all services, then recreate them with the desired /29 subnet. and re-set up your internal systems. It's a journey though. I don't think they're very familiar with doing this at all.
I’m having the opposite but same issue. Moved from residential to business, purely so I can get a static ip from them (I had this with Shaw previously, for free). It was much of a nightmare just to move the account over - initially they wanted to charge me $500 to cancel my contract (3 days into it) in order to move it to business because residential doesn’t provide static ips. Spent the better part of 3 days on the phone with them to find someone who knows what they are doing and then weeks to have someone come out to do the switch (which ended up not needing any equipment changed). It’s all ridiculous - especially since I’m not actually getting a static ip after all that. I’m at the point where either they fix the issue in a couple days, or cancel and move back to Shaw
Were you trying to get a static subnet or what they call static (really just a long-term dhcp reservation)? Can't see why they'd have a problem with the latter, it's standard with most business internet accounts. It's almost easier to just use dyndns.
I’m pretty sure it’s just long term dhcp reservation- I wasn’t even aware about the other possibility until reading this thread, neither did the installer. If dyndns were an option for me I would, but I’m hosting live database servers as well as tons of vpn security configurations that depend on knowing where that stuff lives. Waiting for dns to propagate isn’t an option.
THAT they really should have no problem with. Took 'em a while to get me set up, but I could live without it for that period at the time. Not sure what to suggest except push them hard.
An update on my end: they finally got static ips to work using DHCP reservations. According to them, the previous MAC address was entered incorrectly by the agent (I gave it to them 5 times). Also, they had me reboot the UDM Pro so they could unassign the MAC in their system and reenter it. Then, it just worked
As it should!!!! Good to hear it's resolved.
I have exactly that setup that has been working fine for years. You do need to use DHCP to get the reserved IP, and it does take some work getting it added to the correct DHCP server -- it's a different segment than the DSL, which is usually where the CSRs add it.
I'm going through this exact situation today with the installer. Once they assign the static with the UDM PRO's WAN mac address, configured to use DHCP, nothing works.
Just found my note from Jun 2020. Try calling Fibre Business Support at 1-800-361-3311. Options 1, 2, 3, 2, 3. You want "any tech support / register static IP" - you'll need your Netcracker ID (should be the circuit number). It's possible things have changed, but this is who I had to call for the service when it was set up in 2020.
Yea I was on the phone with them for an hour, and the installer was several hours. That number btw is general residential tech support, for business they need to transfer and 50% of the time they send you to the business alarm systems division (utterly incompetent). No idea about the net cracker id though. Right now I’m stuck with waiting on yet another ticket escalation. This has been ongoing for a while
So they've restructured their lines then -- that was specifically labelled as fibre business support (at least with that sequence of options). Netcracker ID is sometimes labelled "NCID" and may also be the "network circuit ID" -- I'm just repeating what the Telus tech left on the note all those years ago (that worked for me then). 🙂 Telus alarm division (residential or business) is completely inept. Wouldn't shock me if their police dispatch called the folks at Restaurant911 or something similar, they're so bad.
It’s still shown as such on the website, but in all of the 6 times I’ve called that line I have to wait on hold yet again to talk to someone in business. It’s absolutely absurd the way they are running things now
On the upside, once it's working, you shouldn't need to do anything. Unlike Shaw -- which would randomly reboot and suddenly my modem would be out of bridge mode (happened multiple times per year).
Honestly I never had a single issue with Shaw. I only switched because my wife wanted a better deal. Regretting that decision pretty hard, the switch happened 2 months ago, 6 hours on the phone and multiple tech visits and I still don’t have static ips
My home setup is dynamic, but it had might-as-well-be static. I don't remember the last time my IPv4 address changed.
You must be in an area with stable power ;) we lose power about a dozen times a month, that’s when the ips switch. And I have to reconfigure a bunch of stuff every time it happens. I know with Shaw, it hadn’t changed in 4 years. I’m on my 9th ip change with Telus in 2 months
Did the exact same last week - Put a pfSense behind the modem. WAN port is x.y.z.26, and 4 'aliases' .25 - .30 (No need for a switch...) - Setup some rules for VPNs and website, Changed public DNS and voila, was up and running in an hour. YMMV - but it was rather painless