diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 05c38f359..fdb840965 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -61,6 +61,7 @@
     - bzip2
     - i2c-tools
     - bridge-utils
+    - netmask
     - usbutils
     - hostapd
     - wget
diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index 76c0a14ad..4524918df 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -4,6 +4,7 @@ wireless_lan_present: False
 strict_networking: False
 iiab_demo_mode: False
 gui_static_wan: False
+wan_cidr:
 
 # Set defaults for discovery process as strings
 wifi1: "not found-1"
diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml
index 72f91683d..0c095a4bb 100644
--- a/roles/network/tasks/NM-debian.yml
+++ b/roles/network/tasks/NM-debian.yml
@@ -17,6 +17,7 @@
     dest: /etc/NetworkManager/system-connections/
     src: network/bridge-br0
     mode: 0600
+  when: iiab_network_mode != "Appliance"
 
 - name: Remove br0 in Appliance Mode for NetworkManager
   file:
@@ -24,6 +25,39 @@
     state: absent
   when: iiab_network_mode == "Appliance"
 
+- name: Removing static for NetworkManager
+  file:
+    dest: /etc/NetworkManager/system-connections/iiab-static
+    state: absent
+  when: wan_ip == "dhcp"
+
+- name: Static IP computing CIDR
+  shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}'
+  register: CIDR
+  when: wan_ip != "dhcp"
+
+- name: Static IP setting CIDR
+  set_fact:
+    wan_cidr: "{{ CIDR.stdout }}"
+  when: wan_ip != "dhcp"
+
+- name: Create uuid for NM's keyfile store static
+  shell: uuidgen
+  register: uuid_response2
+  when: wan_ip != "dhcp"
+
+- name: Put the uuid in place
+  set_fact:
+    gen_uuid2: "{{ uuid_response2.stdout_lines[0] }}"
+  when: wan_ip != "dhcp"
+
+- name: Copy static template for NetworkManager
+  template:
+    dest: /etc/NetworkManager/system-connections/iiab-static
+    src: network/NM-static.j2
+    mode: 0600
+  when: wan_ip != "dhcp"
+
 - name: Stop wpa_supplicant service
   service:
     name: wpa_supplicant
diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml
index e2103047d..c5ffbadc9 100644
--- a/roles/network/tasks/debian.yml
+++ b/roles/network/tasks/debian.yml
@@ -44,6 +44,18 @@
             src=network/rpi.j2
   when: is_rpi and iiab_lan_iface == "br0"
 
+- name: Workaround auto issue on Debian-9
+  template: dest=/etc/network/interfaces.d/patch_auto
+            src=network/debian-auto
+  when: iiab_wan_iface != "none" and is_debian_9
+
+- name: Clearing out /etc/network/interfaces for static addresses (is_debian_9)
+  lineinfile:
+      state: absent
+      path: /etc/network/interfaces
+      regexp: "{{ iiab_wan_iface }}"
+  when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9
+
 - name: bind may be affected
   service: name={{ dns_service }} state=stopped
   when: named_install and dnsmasq_enabled
diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml
index 68af9fc45..ae5c17f34 100644
--- a/roles/network/tasks/sysd-netd-debian.yml
+++ b/roles/network/tasks/sysd-netd-debian.yml
@@ -28,6 +28,39 @@
     state: stopped
   when: is_ubuntu_18
 
+- name: Static IP computing CIDR
+  shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}'
+  register: CIDR
+  when: wan_ip != "dhcp"
+
+- name: Static IP setting CIDR
+  set_fact:
+    wan_cidr: "{{ CIDR.stdout }}"
+  when: wan_ip != "dhcp"
+
+# ICO will always set gui_static_wan_ip away from the default of 'unset' while
+# gui_static_wan turns dhcp on/off through wan_ip in computed_network and
+# overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars
+# is a oneway street to static.
+- name: Supply static template
+  template:
+    dest:  /etc/netplan/50-cloud-init.yaml
+    src: network/cloud-init.j2
+    backup: no
+  when: (wan_ip != "dhcp" or gui_static_wan_ip == "undefined") and is_ubuntu_18
+
+- name: Remove static WAN template
+  file:
+    state: absent
+    dest: /etc/systemd/network/IIAB-Static.network
+  when: wan_ip == "dhcp" and not is_ubuntu_18
+
+- name: Supply static WAN template
+  template:
+    dest: /etc/systemd/network/IIAB-Static.network
+    src: network/systemd-static-net.j2
+  when: wan_ip != "dhcp" and not is_ubuntu_18
+
 - name: Reload systemd
   systemd:
     daemon_reload: yes
diff --git a/roles/network/templates/network/NM-static.j2 b/roles/network/templates/network/NM-static.j2
new file mode 100644
index 000000000..3669ed66c
--- /dev/null
+++ b/roles/network/templates/network/NM-static.j2
@@ -0,0 +1,20 @@
+[connection]
+id=iiab-wan-static
+uuid={{ gen_uuid2 }}
+type=802-3-ethernet
+interface-name={{ iiab_wan_iface }}
+permissions=
+
+[ipv4]
+method=manual
+dns={{ wan_nameserver }};
+dns-search={{ iiab_domain }};
+addresses1={{ wan_ip }};{{ wan_cidr }};{{ wan_gateway }};
+may-fail=true
+
+[802-3-ethernet]
+duplex=full
+
+[ipv6]
+method=link-local
+may-fail=true
diff --git a/roles/network/templates/network/cloud-init.j2 b/roles/network/templates/network/cloud-init.j2
new file mode 100644
index 000000000..32fc6f7d0
--- /dev/null
+++ b/roles/network/templates/network/cloud-init.j2
@@ -0,0 +1,23 @@
+{% if wan_ip != "dhcp" %}
+network:
+    ethernets:
+        {{ iiab_wan_iface }}:
+            addresses:
+            - {{ wan_ip }}/{{ wan_cidr }}
+            gateway4: {{ wan_gateway }}
+            nameservers:
+               addresses:
+               - {{ wan_nameserver }}
+               search:
+               - {{ iiab_domain }}
+            optional: true
+    version: 2
+{% else %}
+network:
+    ethernets:
+        {{ iiab_wan_iface }}:
+            addresses: []
+            dhcp4: true
+            optional: true
+    version: 2
+{% endif %}
diff --git a/roles/network/templates/network/debian-auto.j2 b/roles/network/templates/network/debian-auto.j2
new file mode 100644
index 000000000..3aaa4fde6
--- /dev/null
+++ b/roles/network/templates/network/debian-auto.j2
@@ -0,0 +1 @@
+auto {{ iiab_wan_iface }}
diff --git a/roles/network/templates/network/systemd-static-net.j2 b/roles/network/templates/network/systemd-static-net.j2
new file mode 100644
index 000000000..64274f5e5
--- /dev/null
+++ b/roles/network/templates/network/systemd-static-net.j2
@@ -0,0 +1,12 @@
+# /etc/systemd/network/IIAB-static.network
+[Match]
+Name={{ iiab_wan_iface }}
+
+[Network]
+Address={{ wan_ip }}/{{ wan_cidr }}
+Gateway={{ wan_gateway }}
+LinkLocalAddressing=yes
+DNS={{ wan_namserver }}
+Domains={{ iiab_domain }}
+
+
diff --git a/roles/network/templates/network/systemd.j2 b/roles/network/templates/network/systemd.j2
index 9f9e143d6..f5552e86d 100644
--- a/roles/network/templates/network/systemd.j2
+++ b/roles/network/templates/network/systemd.j2
@@ -27,14 +27,14 @@ iface br0 inet static
 {% if dhcpcd_result == "enabled" or wan_in_interfaces %}
 # client or user defined
 {% endif %}
-{% if dhcpcd_result != "enabled" and not wan_in_interfaces %}
+{% if dhcpcd_result != "enabled" and not wan_in_interfaces %} and wan_ip == "dhcp"
 #cover butt
 auto {{ iiab_wan_iface }}
 iface {{ iiab_wan_iface }} inet dhcp
 {% endif %}
 # end dhcp clients
 # static wan
-{% if wan_ip != "dhcp" and dhcpcd_result != "enabled" and wan_in_interfaces == "false" %}
+{% if wan_ip != "dhcp" and dhcpcd_result != "enabled" %}
 auto {{ iiab_wan_iface }}
 iface {{ iiab_wan_iface }} inet static
     address {{ wan_ip }}