Networking by CLI

(re) Naming network interface

You must load the appropriate driver to see the network interface. The existing network adapter will not have an interface without a driver. There are many virtual interfaces without hardware behind.

List existing interfaces.

# cat /proc/net/dev
# ip link
# ifconfig -a
# nmcli device status
# wicked show all
# ip -d link show ETHNAME

On-line rename interface

Bring indterface down, otherwice renaming will fail because of busy device. Then:

# ip link set eth0 down
# ip link set eth0 name dmz

Permanent rename

Modern trend to name interfaces is based on their hardware position. The history starts from using biosdevname package, then goes deep into systemd/udev. Some distros remain ethX scheme on VM if detected.

You can nail more self-describing interface name to specific NIC using /etc/udev/rules.d/70-persistent-net.rules file with similar content (Replace XX-es with factory MAC address of target NIC):


Plain ethernet

Turning interface ON without assigning IP address.

It is usefull for sniffing without IP address knowledge, for checking connected switch port, for checking negotiated speed.

# ip link set eth0 up

Same, but using ifconfig:

# ifconfig eth0 0 up

Checking link status, capabilities and negotiated speed:

# ethtool eth0
Link detected: yes

It is possible now to understad connected network, analyzing ARP and broadcasst requests:

# tcpdump -n -v -i eth0

Setting other MAC address

Usually, you do not need this.

Bring interface link up as described before, then change MAC address:

# ip link set eth0 00:cc:00:ff:ff:ee
 - OR -
# ifconfig eth0 hw ether 00:cc:00:ff:ff:ee

Setting ipv4 IP address

# ip addr add dev eth0
 - OR -
# ifconfig eth0 netmask up
 - nmcli -
# nmcli connection add con-name fixed type ethernet ifname eth0 ipv4.method manual ipv4.addresses ipv4.gateway ipv6.method ignore

Now you can check connection, pinging IP address in same subnet, a gateway is best choise to ping.

Wifi connection

This chapter left blank due to lack of tests, however some usefull commands:

# iw
# iwconfig
# nmcli device wifi

Bonding or link aggregation

If you plan mix VLAN and bonding technology, make bonding first, then split it into VLAN interfaces. Making bonding from VLAN interfaces will not work. Bonding makes deal with physical interfaces.

Load bonding driver, add bonding interface and check it empty

# modprobe bonding
# ip link add bond0 type bond mode active-backup # other options...
# cat /proc/net/bonding/bond0

Add interfaces to bonding interface

# ip link set dev bond0 up
# ifenslave bond0 eth0
 - OR -
# ip link set eth0 master bond0

Using nmcli (mode=802.3ad is LACP):

# nmcli connection add con-name test type bond ifname test bond.options mode=802.3ad \
  ipv4.method manual ipv4.addresses ipv4.gateway ipv4.dns \
  ipv6.method ignore
# nmcli connection add con-name slave1 ifname eno3 type ethernet master test
# nmcli connection add con-name slave2 ifname eno4 type ethernet master test
# nmcli connection up slave1
# nmcli connection up slave2

Switching bonding active interface

Usefull for network debugging:

# ifenslave -c bond0 eth1 # Make eth1 _current_ of bond0 bonding interface

Setting IP address of bonding interface

You should no set IP address for slave interfaces, IP address belongs to bond. Set is as usual:

# ifconfig bond0 netmask up


Bridge is like software hub where you plug into all desired physical and virtual interfaces. Wifi interfaces are known makes problem when bridging, but may work well.

Create bridge interface

# ip link add br0 type bridge
 - OR -
# brctl addbr br0

Same with nmcli:

# nmcli connection add con-name BR80 type bridge ifname BR80 ipv4.method manual ipv4.addresses ipv6.method ignore
# nmcli connection modify BR80 bridge.stp no
# nmcli connection modify BR80 bridge.forward-delay 0

Adding interface to bridge

# brctl addif br0 eth0
 - OR -
# ip link set eth0 master br0

Same with nmcli:

# nmcli connection modify V80 type bridge-slave master BR80

Make bridge passing VLAN tags

This feature also known as "vlan aware bridge". It is supported starting from kernel version 3.8 .

Manual, on-line enabling pass VLAN tags:

# echo 1 > /sys/devices/virtual/net/BRIDGE_NAME/bridge/vlan_filtering

Example for Debian like configuration:

iface vmbr0 inet manual
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0
	bridge_vlan_aware yes

Example for RedHat like configuration:

# cat ifcfg-trunk

Setting IP address

It does not nessecary to set up IP address on bridge interface if host does not suppose to participate in traffic. But if host should have an IP from this subnet, please assign IP address to bridge itself instead of participating interface.

VLAN interface

Before using VLANs in Linux, be sure that connected physical (or virtual) port actually transfer VLANs. This should be explicitive configured either in switch, or hypervisor configuration.

Creating VLAN interface

Suggesting that eth0 connected to trunk including VLAN with id 5:

# ip link add link eth0 name V5 type vlan id 5
# ip addr add dev V5
# ip -d link show V5	# <- Shows vlan details

Same, using nmcli, all configuration together:

# nmcli connection add con-name V5 type vlan id 5 ifname V5 dev eth0 ipv4.method manual ipv4.addresses ipv6.method ignore

Double tagging, 802.1ad or QinQ

Make sure that parent interface is on (has link on it):

# ip link set eth1 up

You can assign IP to it, but this does not required.

Create a SVLAN (service VLAN) interface:

# ip link add link eth1 eth1.10 type vlan id 10 proto 802.1ad
# ip link set eth1.10 up

You can assign IP to it, but this does not required:

# ip addr add dev eth1.10

An inner interface will use the interface created above as parent and will created as protocol 802.1q (default and can be ommited):

# ip link add link eth1.10 eth1.10.20 type vlan id 20
# ip link set eth1.10.20 up
# ip addr add dev eth1.10.20

The final status should be similar:

# ip -d link
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:1d:9f:62 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode none 
12: eth1.10@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:1d:9f:62 brd ff:ff:ff:ff:ff:ff promiscuity 0 
    vlan protocol 802.1ad id 10 <REORDER_HDR> addrgenmode eui64 
13: eth1.10.20@eth1.10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:1d:9f:62 brd ff:ff:ff:ff:ff:ff promiscuity 0 
    vlan protocol 802.1Q id 20 <REORDER_HDR> addrgenmode eui64

Delete interface

# ip link del INTERFACENAME


Once you have ping to your default gateway IP, belongs to same subnet you are, you can add it:

# ip route add default via GATEWAY-IP
 - OR -
# route add default gw GATEWAY-IP

# route
# ip route
# netstat -rn

Add static route using nmcli

# nmcli connection modify enp6s18 +ipv4.routes ""
# nmcli connection up enp6s18

To remove route, use same command with -ipv4.routes. Modification done at configuration files, then you have to "up" interface to apply changes.

Detecting MTU

Network guy said that JUMBO frames enabled in all path. Then set correct MTU on Linux:

# ifconfig eth0 mtu 9000
 - OR -
# ip link set mtu 9000 dev eth0

Now test with ping. -s defines packet load size (IP headers will add +28 bit), -Mdo set flag "do not fragment" that cause drops packet that not fits in MTU:

# ping -Mdo -s 1472
PING ( 1472(1500) bytes of data.
1480 bytes from icmp_seq=1 ttl=63 time=5.10 ms

Bolded 1500 in output shows final packet size going out.

# ping -Mdo -s 8972
PING ( 8972(9000) bytes of data.
From icmp_seq=1 Frag needed and DF set (mtu = 1500)
ping: local error: Message too long, mtu=1500

Temporary disable NetworkManager for specific interface

Sometimes you need to configure the interface manually, and NetworkManager interferes with your actions. To stop his attempts to configure the interface, run the command:

nmcli dev set enp0s25 managed no
Once finished, return it back to "yes".
Updated on Wed Apr 12 12:30:54 IDT 2017 More documentations here