Network

Create NIC Channel Bonding in RedHat/CentOS/Fedora

Create NIC Channel Bonding in RedHat/CentOS/Fedora &-8211; this Article or News was published on this date:2019-05-28 20:00:49 kindly share it with friends if you find it helpful

Channel Bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy. This is a great way of achieving redundancy to a server. If one physical NIC is down or unplugged, it will automatically move resource to other NIC card. Channel bonding will work with the help of bonding driver in kernel. This post guides you through how to create NIC / Channel Bonding in RedHat, CentOS and Fedora Linux.

Create Channel Bonding in LinuxCreate Channel Bonding in Linux

Create Channel Bonding in Linux

How to Create NIC Channel Bonding in RedHat, CentOS and Fedora

Step 1: Creating Bonding Channel

As a root, create a new file name bonding.conf in the /etc/modprobe.d/ directory. Name can be anything you like as long as it ends with a .conf extension. Insert the following line in this new file.

alias bond0 bonding

For each configured channel bonding interface, there must be a corresponding entry in your new /etc/modprobe.d/bonding.conf file.

Step 2: Creating Channle Bonding Interface

To create a channel bonding interface, create a file in the /etc/sysconfig/network-scripts/ directory called ifcfg-bond0. The following is a sample channel bonding configuration file. (Note : IP Address may differ in your environment.)

- vi /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IPADDR=192.168.1.8
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no

Step 3: Configuring Channel Bonding Interface

After the channel bonding interface is created, the network interfaces to be bound together must be configured by adding the MASTER and SLAVE directives to their configuration files. The configuration files for each of the channel-bonded interfaces can be nearly identical. For example, if two Ethernet interfaces are being channel bonded, both eth0 and eth1 may look like the following example. Edit physical interface card details as under.

For eth0

- vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

For eth1

- vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

The above directives are self explanatory for many system admin, however, let me explain to newbie.

  1. DEVICE: Indicates what is the device name
  2. USERCTL: Indicates that can user control this device(here its no)
  3. ONBOOT:  Indicates that at the boot time do this device should be up?
  4. MASTER: Is this device has master? Then what it is(here its bond0)
  5. SLAVE: Is this device acting as slave?
  6. BOOTPROTO: What about getting IP Address from DHCP? It’s set to none which indicate it’s a static IP)

Step 4: Restarting Network Service

Restart the network service and see the output of ifconfig.

- service network restart
[[email protected] network-scripts]- ifconfig

bond0     Link encap:Ethernet  HWaddr 00:0C:21:60:30:C4
          inet addr:192.168.1.8  Bcast:172.16.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe69:31c4/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
          RX packets:19676 errors:0 dropped:0 overruns:0 frame:0
          TX packets:342 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1623240 (1.5 MiB)  TX bytes:42250 (41.2 KiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:21:60:30:C4
          UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
          RX packets:10057 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:832257 (812.7 KiB)  TX bytes:22751 (22.2 KiB)
          Interrupt:19 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:0C:21:60:30:C4
          UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
          RX packets:9620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:791043 (772.5 KiB)  TX bytes:20207 (19.7 KiB)
          Interrupt:19 Base address:0x2080

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:104 (104.0 b)  TX bytes:104 (104.0 b)

How to Configure Network Static IP Address and Manage Services on RHEL/CentOS 7.0

How to Configure Network Static IP Address and Manage Services on RHEL/CentOS 7.0 &-8211; this Article or News was published on this date:2019-05-28 19:05:41 kindly share it with friends if you find it helpful

This scope of this tutorial is to explain how we can edit and make changes to Network Configurations on RHEL/CentOS 7.0 from command line only, and, more specific how we can set up a Static IP addresses on network interfaces using system network scripts, which is a must be configured to serve Internet-facing network services, and how to configure or change RHEL/CentOS 7.0 system hostname.

Configure Network Interface in CentOS 7Configure Network Interface in CentOS 7

Configure Static IP in Linux

Also will show you, how we can manage or disable unwanted system services, such as Network Manager, which is no longer needed in-case you use a manual static IP configured on network scripts, Avahi-Daemon which is, also, not needed on a server and represents a seriously security gap, unless you installed the server on your Laptop and you want to instantly browse your network for other services, and on the final will present you Network Manager Text User Interface – nmtui, a system utility that can ease the job of editing your system network settings with advanced Interface configurations like creating Bond, Bridge, Team and VLAN Interfaces.

Requirements

  1. RHEL 7.0 Minimal System Installation
  2. Active RHEL 7.0 Subscriptions and Functional Repositories
  3. CentOS 7.0 Minimal System Installation

Also be aware that most of configurations offered by editing system files should not be performed from a remote location using SSH service until you establish an continue and reliable network connection using a fixed IP address.

Step 1: Disable Unwanted System Services

1. Before actually starting to do anything we need to make sure that our system has some necessary editing and networking tools like netstat, ifconfig, wget and curl installed, some of them will not be used on this step but
it’s better to have them installed for future configurations.

- yum install nano wget curl net-tools lsof
Configure Network Interface in CentOS 7Install wget in Linux

Install wget in Linux

Configure Network Interface in CentOS 7Install net-tools in Linux

Install net-tools in Linux

Configure Network Interface in CentOS 7Install lsof in Linux

Install lsof in Linux

2. After the tools have installed run ifconfig to get your Network Interfaces settings and status, and, then run netstat or lsof command to check what services are running by default on our server.

- ifconfig
- netstat -tulpn
- lsof -i
Configure Network Interface in CentOS 7netstat-tulpn Command

netstat-tulpn Command

3. The netstat command output is pretty self-explanatory and shows a list of sockets associated with their running program name.

If, for example, our system will not be used as a mail service you can stop Postfix master daemon which runs on localhost and, also stop and disable other unwanted services using the following commands – the only service I advise not to stop or disable for now is SSH, if you need remote control over server.

- systemctl stop postfix
- systemctl stop avahi-daemon
- systemctl disable postfix
- systemctl disable avahi-daemon
Configure Network Interface in CentOS 7Stop Avahi Daemon

Stop Avahi Daemon

Configure Network Interface in CentOS 7Stop Postfix Service

Stop Postfix Service

4. You can, also, use old init commands to stop or disable services but since Red Hat now implements systemd process and service management, you should better get used to systemctl command and use it often.

If you used Arch Linux then it should be a piece of cake to switch to systemd – although all init commands now are linked and pass-through systemd filter.

- service postfix stop
- chkconfig postfix off

5. If you want to get a list of all started services run service command and for an exhaustive report use systemctl.

- service --status-all
- systemctl list-unit-files
Configure Network Interface in CentOS 7List All Services in Linux

List All Services in Linux

Configure Network Interface in CentOS 7List All Services Report

List All Services Report

6. To manage services run systemctlcommand using the most important switches: start, stop, restart, reload, disable, enable, show, list-dependencies, is-enabled etc. followed by your service name.

Also, another important feature that systemctl command can also run on remote server through SSH service on a
specified host using –H option and perform the same actions as locally. For example, see the command and screenshot below.

- systemctl -H remote_host start remote_service
Configure Network Interface in CentOS 7Run systemctl on Remote Server

Run systemctl on Remote Server

Step 2: Configuring Static IP and Set Hostname

7. Before starting editing Network Interface Card system files make sure that from now on and until you set static IP, you have physical or any other type of access to your server, because this step requires bringing down your network interface and connections.

Although it can be done smoothly without disrupting your connectivity and activate connection after reboot. There is no way you can test it before reboot, if you only have a single NIC attached. Still I will present you the entire method and indicate the steps needed to be avoided in case you want to maintain your connectivity and test it afterwards.

For beginning start by stopping and disabling NetworkManager service.

** Don’t run this command if you still want to maintain connection **
- systemctl stop NetworkManager.service
- systemctl disable NetworkManager.service

8. Now move to /etc/sysconfig/network-scripts/ path, open and choose your Network Interface you want to assign static IP for editing – to get all NICs names use ifconfig -a or ip -a commands.

- nano /etc/sysconfig/network-scripts/ifcfg-eno16777736

9. Use the next template to edit file and make sure that ONBOOT statement is set on YES , BOOTPROTO is set to static or none and don’t change HWADDR and UUID values provided by default.

HWADDR=00:0C:29:5B:08:A2
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
USERCTL=no
NM_CONTROLLED=no
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=8c6eefa2-0d7b-4559-9870-2953290dc988
ONBOOT=yes
                IPADDR=192.168.1.70
                NETMASK=255.255.255.0
                GATEWAY=192.168.1.1
                DNS1=192.168.1.1
                DNS2=8.8.8.8
                DOMAIN=rheltest.lan
Configure Network Interface in CentOS 7Configure IP Address in CentOS 7

Configure IP Address in Linux

10. After finishing editing the file, close it and move to resolv.conf file if you want DNS servers enabled system wide.

- nano /etc/resolv.conf

Here just add your DNS servers using nameserver statement.

nameserver 192.168.1.
nameserver 8.8.8.8

11. Now Network Interface is configured with a static IP, the only thing remaining is to restart your network or reboot your system and use ifconfig or ip command to view IP address and test configuration using ping command.

- systemctl restart network

NOTE: After restart use the newly static IP address configured to perform remote login with SSH.

- service network status
- ifconfig
- ip addr show
Configure Network Interface in CentOS 7Start Newtork in Linux

Start Newtork in Linux

12. To adjust system hostname system-wide, open hostname and hosts file located on /etc path and edit both the following way.

Hostname File
- nano /etc/hostname

Here you can add just the name of the system but it’s a good idea to append the .dot domain to.

server.rheltest.lan
Hosts File
- nano /etc/hosts

Here add the same hostname as above on 127.0.0.1 line before localhost.localdomain statements.

127.0.0.1              server.rheltest.lan  localhost.localdomain …
Configure Network Interface in CentOS 7Set Hostname in CentOS 7

Set Hostname in Linux

To test if your hostname is correctly set use hostname command.

- hostname -s  - For short name
- hostname -f  - For FQDN mame

Step 3: Use Network Manager Text User Interface

13. NetworkManager Text User Interface (TUI) tool, nmtui, is a RHEL intuitive tool which provides a text interface to configure networking by controlling Network Manager, which helps editing advanced network settings such as assign static IP addresses to Network Interfaces, activate or disable a connection, edit WI-FI connections, set your system hostname or create advanced Network interfaces like InfiniBand, bond, bridge, team or VLAN.

NetworkManager-tui is installed by default in RHEL/CentOS 7.0, but if for some reasons its missing issue the following command to install it.

- yum install NetworkManager-tui

14. To start Network Manager Text User Interface run nmtui command and use TAB or arrow keys to navigate through and press Enter to select an option. If you want to directly edit or connect a specific interface run the following options.

- nmtui edit eno16777736
- nmtui connect eno16777736
Configure Network Interface in CentOS 7NetworkManager Text User Interface

NetworkManager Text User Interface

Configure Network Interface in CentOS 7Select Network Connection

Select Network Connection

If you want to set static IP you can, also, use Network Manager Text User Interface as a facile alternative to actually edit network interfaces files, with a limited number of options that method has to offer, but make sure Network Manager service is enabled and started on your system.

What’s wrong with IPv4 and Why we are moving to IPv6

What&-8217;s wrong with IPv4 and Why we are moving to IPv6 &-8211; this Article or News was published on this date:2019-05-28 19:01:58 kindly share it with friends if you find it helpful

For the past 10 years or so, this has been the year that IPv6 will become wide spread. It hasn’t happened yet. Consequently, there is little widespread knowledge of what IPv6 is, how to use it, or why it is inevitable.

IPv4 and IPv6 ComparisonIPv4 and IPv6 Comparison

IPv4 and IPv6 Comparison

What’s wrong with IPv4?

We’ve been using IPv4 ever since RFC 791 was published in 1981. At the time, computers were big, expensive, and rare. IPv4 had provision for 4 billion IP addresses, which seemed like an enormous number compared to the number of computers. Unfortunately, IP addresses are not use consequently. There are gaps in the addressing. For example, a company might have an address space of 254 (2^8-2) addresses, and only use 25 of them. The remaining 229 are reserved for future expansion. Those addresses cannot be used by anybody else, because of the way networks route traffic. Consequently, what seemed like a large number in 1981 is actually a small number in 2014.

The Internet Engineering Task Force (IETF) recognized this problem in the early 1990s and came up with two solutions: Classless Internet Domain Router (CIDR) and private IP addresses. Prior to the invention of CIDR, you could get one of three network sizes: 24 bits (16,777,214 addresses), 20 bits (1,048,574 addresses) and 16 bits (65,534 addresses). Once CIDR was invented, it was possible to split networks into subnetworks.

So, for example, if you needed 5 IP addresses, your ISP would give you a network with a size of 3 bits which would give you 6 IP addresses. So that would allow your ISP to use addresses more efficiently. Private IP addresses allow you to create a network where each machine on the network can easily connect to another machine on the internet, but where it is very difficult for a machine on the internet to connect back to your machine. Your network is private, hidden. Your network could be very large, 16,777,214 addresses, and you could subnet your private network into smaller networks, so that you could manage your own addresses easily.

You are probably using a private address right now. Check your own IP address: if it is in the range of 10.0.0.0 – 10.255.255.255 or 172.16.0.0172.31.255.255 or 192.168.0.0192.168.255.255, then you are using a private IP address. These two solutions helped forestall disaster, but they were stopgap measures and now the time of reckoning is upon us.

Another problem with IPv4 is that the IPv4 header was variable length. That was acceptable when routing was done by software. But now routers are built with hardware, and processing the variable length headers in hardware is hard. The large routers that allow packets to go all over the world are having problems coping with the load. Clearly, a new scheme was needed with fixed length headers.

Still another problem with IPv4 is that, when the addresses were allocated, the internet was an American invention. IP addresses for the rest of the world are fragmented. A scheme was needed to allow addresses to be aggregated somewhat by geography so that the routing tables could be made smaller.

Yet another problem with IPv4, and this may sound surprising, is that it is hard to configure, and hard to change. This might not be apparent to you, because your router takes care of all of these details for you. But the problems for your ISP drives them nuts.
All of these problems went into the consideration of the next version of the Internet.

About IPv6 and its Features

The IETF unveiled the next generation of IP in December 1995. The new version was called IPv6 because the number 5 had been allocated to something else by mistake. Some of the features of IPv6 included.

  1. 128 bit addresses (3.402823669×10³⁸ addresses)
  2. A scheme for logically aggregating addresses
  3. Fixed length headers
  4. A protocol for automatically configuring and reconfiguring your network.

Let’s look at these features one by one:

Addresses

The first thing everybody notices about IPv6 is that the number of addresses is enormous. Why so many? The answer is that the designers were concerned about the inefficient organization of addresses, so there are so many available addresses that we could allocate inefficiently in order to achieve other goals. So, if you want to build your own IPv6 network, chances are that your ISP will give you a network of 64 bits (1.844674407×10¹⁹ addresses) and let you subnet that space to your heart’s content.

Aggregation

With so many addresses to use, the address space can be allocated sparsely in order to route packets efficiently. So, your ISP gets a network space of 80 bits. Of those 80 bits, 16 of them are for the ISPs subnetworks, and 64 bits are for the customer’s networks. So, the ISP can have 65,534 networks.

However, that address allocation isn’t cast in stone, and if the ISP wants more smaller networks, it can do that (although probably the ISP would probably simply ask for another space of 80 bits). The upper 48 bits is further divided, so that ISPs that are “close” to one another have similar network addresses ranges, to allow the networks to be aggregated in the routing tables.

Fixed length Headers

An IPv4 header has a variable length. An IPv6 header always has a fixed length of 40 bytes. In IPv4, extra options caused the header to increase in size. In IPv6, if additional information is needed, that additional information is stored in extension headers, which follow the IPv6 header and are generally not processed by the routers, but rather by the software at the destination.

One of the fields in the IPv6 header is the flow. A flow is a 20 bit number which is created pseudo-randomly, and it makes it easier for the routers to route packets. If a packet has a flow, then the router can use that flow number as an index into a table, which is fast, rather than a table lookup, which is slow. This feature makes IPv6 very easy to route.

Automatic Configuration

In IPv6, when a machine first starts up, it checks the local network to see if any other machine is using its address. If the address is unused, then the machine next looks for an IPv6 router on the local network. If it finds the router, then it asks the router for an IPv6 address to use. Now, the machine is set and ready to communicate on the internet – it has an IP address for itself and it has a default router.

If the router should go down, then the machines on the network will detect the problem and repeat the process of looking for an IPv6 router, to find the backup router. That’s actually hard to do in IPv4. Similarly, if the router wants to change the addressing scheme on its network, it can. The machines will query the router from time to time and change their addresses automatically. The router will support both the old and new addresses until all of the machines have switched over to the new configuration.

IPv6 automatic configuration is not a complete solution. There are some other things that a machine needs in order to use the internet effectively: the name servers, a time server, perhaps a file server. So there is dhcp6 which does the same thing as dhcp, only because the machine boots in a routable state, one dhcp daemon can service a large number of networks.

There’s one big problem

So if IPv6 is so much better than IPv4, why hasn’t adoption been more widespread (as of May 2014, Google estimates that its IPv6 traffic is about 4% of its total traffic)? The basic problem is which comes first, the chicken or the egg? Somebody running a server wants the server to be as widely available as possible, which means it must have an IPv4 address.

It could also have an IPv6 address, but few people would use it and you do have to change your software a little to accommodate IPv6. Furthermore, a lot of home networking routers do not support IPv6. A lot of ISPs do not support IPv6. I asked my ISP about it, and I was told that they will provide it when customers ask for it. So I asked how many customers had asked for it. One, including me.

By way of contrast, all of the major operating systems, Windows, OS X, and Linux support IPv6 “out of the box” and have for years. The operating systems even have software that will allow IPv6 packets to “tunnel” within IPv4 to a point where the IPv6 packets can be removed from the surrounding IPv4 packet and sent on their way.

Conclusion

IPv4 has served us well for a long time. IPv4 has some limitations which are going to present insurmountable problems in the near future. IPv6 will solve those problems by changing the strategy for allocating addresses, making improvements to ease the routing of packets, and making it easier to configure a machine when it first joins the network.

However, acceptance and usage of IPv6 has been slow, because change is hard and expensive. The good news is that all operating systems support IPv6, so when you are ready to make the change, your computer will need little effort to convert to the new scheme.

How to Configure and Manage Network Connections Using ‘nmcli’ Tool

How to Configure and Manage Network Connections Using &-8216;nmcli&-8217; Tool &-8211; this Article or News was published on this date:2019-05-28 17:39:26 kindly share it with friends if you find it helpful

As a Linux administrator you’ve got various tools to use in order to configure your network connections, such as: nmtui, your NetworkManager with GNOME graphical user interface and of course nmcli (network manager command line tool).

Configure Network Ethernet Connection Using nmcli ToolConfigure Network Ethernet Connection Using nmcli Tool

Configure Network Ethernet Connection Using nmcli Tool

I have seen many administrators using nmtui for simplicity. However using nmcli saves your time, gives you confidence, can use it in scripts and it’s the first tool to use in order to troubleshoot your Linux server networking and bring back rapidly its functionality.

Seeing many comments asking help about nmcli, I decided to write this article. Of course you should always read carefully man pages (its the No1 help for you). My aim is to save your time and show you some hints.

The syntax of nmcli is:

- nmcli [OPTIONS] OBJECT {COMMAND | help}

Where OBJECT is one of: general, networking, radio, connection, device, agent.

A good starting point would be to check our devices:

- nmcli dev status

DEVICE      TYPE      STATE         CONNECTION 
docker0     bridge    connected     docker0    
virbr0      bridge    connected     virbr0     
enp0s3      ethernet  connected     enp0s3     
virbr0-nic  ethernet  disconnected  --         
lo          loopback  unmanaged     --         

As we can see in the first column is a list of our network devices. We have one network cards with name enp0s3. In your machine you could see other names.

Naming depends on the type of the network card (if it is onboard, pci card , etc). In the last column we see our configuration files which is used by our devices in order to connect to the network.

It is simple to understand that our devices by themselves can do nothing. They need us to make a configuration file to tell them how to achieve network connectivity. We call these files also as “connection profiles”. We find them in /etc/sysconfig/network-scripts directory.

- cd /etc/sysconfig/network-scripts/
- ls
Sample Output
ifcfg-enp0s3  ifdown-isdn      ifup          ifup-plip      ifup-tunnel
ifcfg-lo      ifdown-post      ifup-aliases  ifup-plusb     ifup-wireless
ifdown        ifdown-ppp       ifup-bnep     ifup-post      init.ipv6-global
ifdown-bnep   ifdown-routes    ifup-eth      ifup-ppp       network-functions
ifdown-eth    ifdown-sit       ifup-ib       ifup-routes    network-functions-ipv6
ifdown-ib     ifdown-Team      ifup-ippp     ifup-sit
ifdown-ippp   ifdown-TeamPort  ifup-ipv6     ifup-Team
ifdown-ipv6   ifdown-tunnel    ifup-isdn     ifup-TeamPort

As you can see here the files with name starting with ifcfg- (interface configuration) are connection profiles. When we create a new connection or modify an existing one with nmcli or nmtui, the results are saved here as connection profiles.

Ι ‘ll show you two of them from my machine, one with a dhcp configuration and one with static ip.

- cat ifcfg-static1
- cat ifcfg-Myoffice1
Configure Network Ethernet Connection Using nmcli ToolCheck Network Configuration

Check Network Configuration

We realize that some properties have different values and some others don’t exist if it isn’t necessary. Let’s have a quick look to most important of them.

  1. TYPE, we have ethernet type here. We could have wifi, team, bond and others.
  2. DEVICE, the name of the network device which is associated with this profile.
  3. BOOTPROTO, if it has value “dhcp” then our connection profile takes dynamic IP from dhcp server, if it has value “none” then it takes no dynamic IP and probably whe assign a static IP.
  4. IPADDR, is the static IP we assign to our profile.
  5. PREFIX, the subnet mask. A value of 24 means 255.255.255.0. You can understand better the subnet mask if you write down its binary format. For example values of 16, 24, 26 means that the first 16, 24 or 26 bits respectively are 1 and the rest 0, defining exactly what the network address is and what is the range of ip which can be assigned.
  6. GATEWAY, the gateway IP.
  7. DNS1, DNS2, two dns servers we want to use.
  8. ONBOOT, if it has value “yes” it means, that on boot our computer will read this profile and try to assign it to its device.

Now, let’s move on and check our connections:

- nmcli con show
Configure Network Ethernet Connection Using nmcli ToolShow Active Network Connections

Show Active Network Connections

The last column of devices helps us understand which connection is “UP” and running and which is not. In the above image you can see the two connections which are active: Myoffice1 and enp0s8.

Hint: If you want to see only the active connections, type:

- nmcli con show -a

Hint: You can use the auto-complete hitting Tab when you use nmcli, but is better to use minimal format of the command. Thus, the following commands are equal:

- nmcli connection show
- nmcli con show
- nmcli c s

If I check the ip addresses of my devices:

- ip a
Configure Network Ethernet Connection Using nmcli ToolCheck Server IP Address

Check Server IP Address

I see that my device enp0s3 took the 192.168.1.6 IP from dhcp server, because the connection profile Myoffice1 which is up has a dhcp configuration. If I bring “up” my connection profile with name static1 then my device will take the static IP 192.168.1.40 as it is defined in the connection profile.

- nmcli con down Myoffice1 ; nmcli con up static1
- nmcli con show

Let’s see the IP address again:

- ip a
Configure Network Ethernet Connection Using nmcli ToolCheck Network Static IP Address

Check Network Static IP Address

We can make our first connection profile. The minimum properties we must define are type, ifname and con-name:

  1. type – for the type of connection.
  2. ifname – for the device name which is assigned our connection.
  3. con-name – for the connection name.

Let’s make a new ethernet connection with name Myhome1, assigned to device enp0s3:

- nmcli con add type ethernet con-name Myhome1 ifname enp0s3

Check its configuration:

- cat ifcfg-Myhome1
Configure Network Ethernet Connection Using nmcli ToolCreate New Network Connection

Create New Network Connection

As you can see it has BOOTPROTO=dhcp, because we didn’t give any static ip address.

Hint: We can modify any connection with the “nmcli con mod“ command. However if you modify a dhcp connection and change it to static don’t forget to change its “ipv4.method” from “auto” to “manual”. Otherwise you will end up with two IP addresses: one from dhcp server and the static one.

Let’s make a new Ethernet connection profile with name static2, which will be assigned to device enp0s3, with static IP 192.168.1.50, subnet mask 255.255.255.0=24 and gateway 192.168.1.1.

- nmcli con add type ethernet con-name static2 ifname enp0s3 ip4 192.168.1.50/24 gw4 192.168.1.1

Check its configuration:

- cat ifcfg-static2
Configure Network Ethernet Connection Using nmcli ToolCreate New Ethernet Connection

Create New Ethernet Connection

Let’s modify the last connection profile and add two dns servers.

- nmcli con mod static2 ipv4.dns “8.8.8.8 8.8.4.4”

Hint: There is something here you must pay attention: the properties for IP address and gateway have different names when you add and when you modify a connection. When you add connections you use “ip4” and “gw4”, while when you modify them you use “ipv4” and “gwv4”.

Now let’s bring up this connection profile:

- nmcli con down static1 ; nmcli con up static2

As you can see, the device enp0s3 has now IP address 192.168.1.50.

- ip a
Configure Network Ethernet Connection Using nmcli ToolVerify IP Address of New Network Connection

Verify IP Address of New Network Connection

Hint: There are a lot of properties you can modify. If you don’t remember them by heart you can help yourself by typing “nmcli con show” and after that the connection name:

- nmcli con show static2
Configure Network Ethernet Connection Using nmcli ToolVerify IP Address of New Network Connection

Verify IP Address of New Network Connection

You can modify all these properties written in lowercase.

For example: when you bring down a connection profile, the NetworkManager searches for another connection profile and brings it up automatically. (I leave it as exercise to check it). If you don’t want your connection profile to autoconnect:

- nmcli con mod static2 connection.autoconnect no

The last exercise is very usefull: you made a connection profile but you want it to be used by specific users. It’s good to classify your users!

We let only user stella to use this profile:

- nmcli con mod static2 connection.permissions stella

Hint: If you want to give permissions to more than one users, you must type user:user1,user2 without blank space between them:

- nmcli con mod static2 connection.permissions user:stella,john
Configure Network Ethernet Connection Using nmcli ToolAllow Network Connections to Users

Allow Network Connections to Users

If you login as another user you can’t bring “up” this connection profile:

- nmcli con show
- nmcli con up static2
- ls /etc/sysconfig/network-scripts
Configure Network Ethernet Connection Using nmcli ToolEnable Network Connection

Enable Network Connection

An error message says that connection ‘static2’ does not exist, even if we see that it exists. That’s because current user has no permissions to bring up this connection.

Conclusion: don’t hesitate to use nmcli. It’s easy and helpful.