You must load the appropriate driver to see the network interface. The existing network adapter will not have an interface without a driver. There are many virtual interfaces without hardware behind.
List existing interfaces.
# cat /proc/net/dev # ip link # ifconfig -a # nmcli device status # wicked show all # ip -d link show ETHNAME
Bring indterface down, otherwice renaming will fail because of busy device. Then:
# ip link set eth0 down # ip link set eth0 name dmz
Modern trend to name interfaces is based on their hardware position. The history starts from using biosdevname package, then goes deep into systemd/udev. Some distros remain ethX scheme on VM if detected.
You can nail more self-describing interface name to specific NIC using /etc/udev/rules.d/70-persistent-net.rules file with similar content (Replace XX-es with factory MAC address of target NIC):
SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="XX:XX:XX:XX:XX:XX",ATTR{type}=="1",KERNEL=="eth*",NAME="dmz"
It is usefull for sniffing without IP address knowledge, for checking connected switch port, for checking negotiated speed.
# ip link set eth0 up
Same, but using ifconfig:
# ifconfig eth0 0 up
Checking link status, capabilities and negotiated speed:
# ethtool eth0 .. Link detected: yes
It is possible now to understad connected network, analyzing ARP and broadcasst requests:
# tcpdump -n -v -i eth0
Usually, you do not need this.
Bring interface link up as described before, then change MAC address:
# ip link set eth0 00:cc:00:ff:ff:ee - OR - # ifconfig eth0 hw ether 00:cc:00:ff:ff:ee
# ip addr add 192.168.1.2/24 dev eth0 - OR - # ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up - nmcli - # nmcli connection add con-name fixed type ethernet ifname eth0 ipv4.method manual ipv4.addresses 192.168.1.10/24 ipv4.gateway 192.168.1.1 ipv6.method ignore
Now you can check connection, pinging IP address in same subnet, a gateway is best choise to ping.
This chapter left blank due to lack of tests, however some usefull commands:
# iw # iwconfig # nmcli device wifi
If you plan mix VLAN and bonding technology, make bonding first, then split it into VLAN interfaces. Making bonding from VLAN interfaces will not work. Bonding makes deal with physical interfaces.
# modprobe bonding # ip link add bond0 type bond mode active-backup # other options... # cat /proc/net/bonding/bond0
# ip link set dev bond0 up # ifenslave bond0 eth0 - OR - # ip link set eth0 master bond0
Using nmcli (mode=802.3ad is LACP):
# nmcli connection add con-name test type bond ifname test bond.options mode=802.3ad \ ipv4.method manual ipv4.addresses 10.10.10.10/24 ipv4.gateway 10.10.10.1 ipv4.dns 10.10.10.2 \ ipv6.method ignore # nmcli connection add con-name slave1 ifname eno3 type ethernet master test # nmcli connection add con-name slave2 ifname eno4 type ethernet master test # nmcli connection up slave1 # nmcli connection up slave2
Usefull for network debugging:
# ifenslave -c bond0 eth1 # Make eth1 _current_ of bond0 bonding interface
You should no set IP address for slave interfaces, IP address belongs to bond. Set is as usual:
# ifconfig bond0 192.168.1.2 netmask 255.255.255.0 up
Bridge is like software hub where you plug into all desired physical and virtual interfaces. Wifi interfaces are known makes problem when bridging, but may work well.
# ip link add br0 type bridge - OR - # brctl addbr br0
Same with nmcli:
# nmcli connection add con-name BR80 type bridge ifname BR80 ipv4.method manual ipv4.addresses 192.168.80.254/24 ipv6.method ignore # nmcli connection modify BR80 bridge.stp no # nmcli connection modify BR80 bridge.forward-delay 0
# brctl addif br0 eth0 - OR - # ip link set eth0 master br0
Same with nmcli:
# nmcli connection modify V80 type bridge-slave master BR80
This feature also known as "vlan aware bridge". It is supported starting from kernel version 3.8 .
Manual, on-line enabling pass VLAN tags:
# echo 1 > /sys/devices/virtual/net/BRIDGE_NAME/bridge/vlan_filtering
Example for Debian like configuration:
iface vmbr0 inet manual
bridge_ports bond0
bridge_stp off
bridge_fd 0
bridge_vlan_aware yes
Example for RedHat like configuration:
# cat ifcfg-trunk STP=no BRIDGING_OPTS="vlan_filtering=1" TYPE=Bridge NAME=trunk DEVICE=trunk ONBOOT=yes BOOTPROTO=none ONBOOT=yes
It does not nessecary to set up IP address on bridge interface if host does not suppose to participate in traffic. But if host should have an IP from this subnet, please assign IP address to bridge itself instead of participating interface.
Before using VLANs in Linux, be sure that connected physical (or virtual) port actually transfer VLANs. This should be explicitive configured either in switch, or hypervisor configuration.
Suggesting that eth0 connected to trunk including VLAN with id 5:
# ip link add link eth0 name V5 type vlan id 5 # ip addr add 192.168.1.2/24 dev V5 # ip -d link show V5 # <- Shows vlan details ..
Same, using nmcli, all configuration together:
# nmcli connection add con-name V5 type vlan id 5 ifname V5 dev eth0 ipv4.method manual ipv4.addresses 192.168.1.2/24 ipv6.method ignore
Make sure that parent interface is on (has link on it):
# ip link set eth1 up
You can assign IP to it, but this does not required.
Create a SVLAN (service VLAN) interface:
# ip link add link eth1 eth1.10 type vlan id 10 proto 802.1ad # ip link set eth1.10 up
You can assign IP to it, but this does not required:
# ip addr add 10.0.10.1/24 dev eth1.10
An inner interface will use the interface created above as parent and will created as protocol 802.1q (default and can be ommited):
# ip link add link eth1.10 eth1.10.20 type vlan id 20 # ip link set eth1.10.20 up # ip addr add 10.0.20.1/24 dev eth1.10.20
The final status should be similar:
# ip -d link
..
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:1d:9f:62 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode none
12: eth1.10@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
link/ether 52:54:00:1d:9f:62 brd ff:ff:ff:ff:ff:ff promiscuity 0
vlan protocol 802.1ad id 10 <REORDER_HDR> addrgenmode eui64
13: eth1.10.20@eth1.10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
link/ether 52:54:00:1d:9f:62 brd ff:ff:ff:ff:ff:ff promiscuity 0
vlan protocol 802.1Q id 20 <REORDER_HDR> addrgenmode eui64
# ip link del INTERFACENAME
Once you have ping to your default gateway IP, belongs to same subnet you are, you can add it:
# ip route add default via GATEWAY-IP - OR - # route add default gw GATEWAY-IP # route # ip route # netstat -rn
Add static route using nmcli
# nmcli connection modify enp6s18 +ipv4.routes "10.255.255.0/24 192.168.80.251" # nmcli connection up enp6s18
To remove route, use same command with -ipv4.routes. Modification done at configuration files, then you have to "up" interface to apply changes.
Network guy said that JUMBO frames enabled in all path. Then set correct MTU on Linux:
# ifconfig eth0 mtu 9000 - OR - # ip link set mtu 9000 dev eth0
Now test with ping. -s defines packet load size (IP headers will add +28 bit), -Mdo set flag "do not fragment" that cause drops packet that not fits in MTU:
# ping -Mdo -s 1472 192.168.200.1 PING 192.168.200.1 (192.168.200.1) 1472(1500) bytes of data. 1480 bytes from 192.168.200.1: icmp_seq=1 ttl=63 time=5.10 ms
Bolded 1500 in output shows final packet size going out.
# ping -Mdo -s 8972 192.168.200.1 PING 192.168.200.1 (192.168.200.1) 8972(9000) bytes of data. From 192.168.122.1 icmp_seq=1 Frag needed and DF set (mtu = 1500) ping: local error: Message too long, mtu=1500
Sometimes you need to configure the interface manually, and NetworkManager interferes with your actions. To stop his attempts to configure the interface, run the command:
nmcli dev set enp0s25 managed noOnce finished, return it back to "yes".