网络管理NM配置全套
目录
NetworkManager守护进程作为特权服务运行(因为它必须访问和控制硬件),通过系统总线上提供了D-Bus接口, 允许对网络进行细粒度控制。NetworkManager不存储连接或设置, 只是这些连接的机制
被选中并激活。存储预定义的网络连接,两个独立的服务,“系统”“设置服务”和“用户设置服务”存储连接信息并通过D-Bus将其提供给NetworkManager。每个设置服务可以确定持久存储连接信息的方式和位置;
下载及安装
安装
# Redhat 系列下
yum install NetworkManager
# Ubuntu 下
apt install network-manager
配置指南
# 可支持的模式
keyfile # 是支持NetworkManager所有连接类型和功能的通用插件。它以。ini格式在/etc/ networkmanager /system-connections中写入文件
ifcfg-rh # 它可以在Fedora和Red Hat Enterprise Linux发行版上【NetworkManager 最新版本已弃用次模式, 例如: RedHat9.0 + OS】使用,从标准的/etc/sysconfig/network-scripts/ifcfg-*文件中读写配置。目前支持读取以太网、Wi-Fi、ib、VLAN、Bond、Bridge和Team连接。启用ifcfg-rh会隐式启用ibft插件(如果有的话)。这可以通过添加no-ibft来禁用
ifupdown # 这个插件用于Debian和Ubuntu发行版,从/etc/network/interfaces读取以太网和Wi-Fi连接。这个插件是只读的;当您使用此插件时,从NetworkManager中添加的任何连接(任何类型)将使用keyfile插件来保存。
# 对 connection 快速 UP/Down, 该包还提供了两个命令:ifup / ifdown
ifup bond1
ifdown ens26f0
NetworkManager 命令详细配置指南
# 打印当前配置
NetworkManager --print-config
Nmcli 命令详细配置指南
[root@localhost network-scripts]# nmcli --help
Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }
OPTIONS
-o[verview] overview mode (hide default values)
-t[erse] terse output
-p[retty] pretty output
-m[ode] tabular|multiline output mode
-c[olors] auto|yes|no whether to use colors in output
-f[ields] <field1,field2,...>|all|common specify fields to output
-g[et-values] <field1,field2,...>|all|common shortcut for -m tabular -t -f
-e[scape] yes|no escape columns separators in values
-a[sk] ask for missing parameters
-s[how-secrets] allow displaying passwords
-w[ait] <seconds> set timeout waiting for finishing operations
-v[ersion] show program version
-h[elp] print this help
OBJECT 简写【全写】
g[eneral] NetworkManager's general status and operations
n[etworking] overall networking control
r[adio] NetworkManager radio switches
c[onnection] NetworkManager's connections
d[evice] devices managed by NetworkManager
a[gent] NetworkManager secret agent or polkit agent
m[onitor] monitor NetworkManager changes
device 和 connection 的区别?
device叫网络接口,是物理设备
connection是连接,是逻辑设置
同一个device可以有多个connection,但同一时间只能启用其中一个connection,
这样对一个网络接口,可以设置多个网络连接,比如静态IP和动态IP,
再根据需要启动相应的connection
dvice 对象
[root@localhost ~]# nmcli d --help
Usage: nmcli device { COMMAND | help }
COMMAND := { status | show | set | connect | reapply | modify | disconnect | delete | monitor | wifi | lldp }
status
show [<ifname>]
set [ifname] <ifname> [autoconnect yes|no] [managed yes|no]
connect <ifname>
reapply <ifname>
modify <ifname> ([+|-]<setting>.<property> <value>)+
disconnect <ifname> ...
delete <ifname> ...
monitor <ifname> ...
wifi [list [ifname <ifname>] [bssid <BSSID>]]
wifi connect <(B)SSID> [password <password>] [wep-key-type key|phrase] [ifname <ifname>]
wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] [password <password>]
wifi rescan [ifname <ifname>] [[ssid <SSID to scan>] ...]
lldp [list [ifname <ifname>]]
查看所有设备的状态
[root@localhost network-scripts]# nmcli d
DEVICE TYPE STATE CONNECTION
enp125s0f1 ethernet connected enp125s0f1
enp125s0f2 ethernet connected enp125s0f2
enp129s0f0 ethernet connected enp129s0f0
enp129s0f1 ethernet disconnected --
enp125s0f0 ethernet unavailable --
enp125s0f3 ethernet unavailable --
enp131s0f0 ethernet unavailable --
enp131s0f1 ethernet unavailable --
enp189s0f0 ethernet unavailable --
enp189s0f1 ethernet unavailable --
enp189s0f2 ethernet unavailable --
enp189s0f3 ethernet unavailable --
enp1s0f0 ethernet unavailable --
enp1s0f1 ethernet unavailable --
lo loopback unmanaged --
查看所有设备的详细信息
[root@localhost ~]# nmcli d show
GENERAL.DEVICE: enp125s0f1
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 60:D7:55:3B:84:5B
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: enp125s0f1
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.16.12.107/17
IP4.ADDRESS[2]: 172.16.11.201/17
IP4.GATEWAY: 172.16.1.10
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 172.16.1.10, mt = 0
IP4.ROUTE[2]: dst = 172.16.0.0/17, nh = 0.0.0.0, mt = 100
IP6.ADDRESS[1]: 2004::7891:cc43:b1ad:7a5f/64
IP6.ADDRESS[2]: 2003::1c:7017/128
IP6.ADDRESS[3]: fe80::d47d:3889:46db:111a/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = 2014::/24, nh = ::, mt = 100
IP6.ROUTE[3]: dst = 2004::/64, nh = ::, mt = 100
IP6.ROUTE[4]: dst = 2003::/96, nh = ::, mt = 100
IP6.ROUTE[5]: dst = 2003::1c:7017/128, nh = ::, mt = 100
IP6.ROUTE[6]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.DNS[1]: 2003::1
对设备的激活和断开
[root@localhost network-scripts]# nmcli d disconnect enp125s0f2
[root@localhost network-scripts]# nmcli d connect enp125s0f2
# 等价
[root@localhost ~]# nmcli d reapply enp125s0f2
# 立即生效
connection 对象
查看命令帮助
nmcli c 命令帮助官方指导文档
[root@53_mach ~]# nmcli c
add clone delete down edit export help import load modify monitor reload show up
[root@53_mach ~]# nmcli c --help
Usage: nmcli connection { COMMAND | help }
COMMAND := { show | up | down | add | modify | clone | edit | delete | monitor | reload | load | import | export }
show [--active] [--order <order spec>]
show [--active] [id | uuid | path | apath] <ID> ...
up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]
down [id | uuid | path | apath] <ID> ...
add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- ([+|-]<setting>.<property> <value>)+]
modify [--temporary] [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+
clone [--temporary] [id | uuid | path ] <ID> <new name>
edit [id | uuid | path] <ID>
edit [type <new_con_type>] [con-name <new_con_name>]
delete [id | uuid | path] <ID>
monitor [id | uuid | path] <ID> ...
reload
load <filename> [ <filename>... ]
import [--temporary] type <type> file <file to import>
export [id | uuid | path] <ID> [<output file>]
[root@53_mach ~]# nmcli c add type
6lowpan adsl bridge ethernet ip-tunnel ovs-bridge ovs-port tun vrf wimax
802-11-olpc-mesh bluetooth bridge-slave generic macsec ovs-dpdk pppoe veth vxlan wireguard
802-11-wireless bond cdma gsm macvlan ovs-interface team vlan wifi wpan
802-3-ethernet bond-slave dummy infiniband olpc-mesh ovs-patch team-slave vpn wifi-p2p
[root@53_mach ~]# nmcli c add help
Usage: nmcli connection add { ARGUMENTS | help }
ARGUMENTS := COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- ([+|-]<setting>.<property> <value>)+]
COMMON_OPTIONS:
type <type>
ifname <interface name> | "*"
[con-name <connection name>]
[autoconnect yes|no]
[save yes|no]
[master <master (ifname, or connection UUID or name)>]
[slave-type <master connection type>]
TYPE_SPECIFIC_OPTIONS:
ethernet: [mac <MAC address>]
[cloned-mac <cloned MAC address>]
[mtu <MTU>]
wifi: ssid <SSID>
[mac <MAC address>]
[cloned-mac <cloned MAC address>]
[mtu <MTU>]
[mode infrastructure|ap|adhoc]
wimax: [mac <MAC address>]
[nsp <NSP>]
pppoe: username <PPPoE username>
[password <PPPoE password>]
[service <PPPoE service name>]
[mtu <MTU>]
[mac <MAC address>]
gsm: apn <APN>
[user <username>]
[password <password>]
cdma: [user <username>]
[password <password>]
infiniband: [mac <MAC address>]
[mtu <MTU>]
[transport-mode datagram | connected]
[parent <ifname>]
[p-key <IPoIB P_Key>]
bluetooth: [addr <bluetooth address>]
[bt-type panu|nap|dun-gsm|dun-cdma]
vlan: dev <parent device (connection UUID, ifname, or MAC)>
id <VLAN ID>
[flags <VLAN flags>]
[ingress <ingress priority mapping>]
[egress <egress priority mapping>]
[mtu <MTU>]
bond: [mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |
802.3ad (4) | balance-tlb (5) | balance-alb (6)]
[primary <ifname>]
[miimon <num>]
[downdelay <num>]
[updelay <num>]
[arp-interval <num>]
[arp-ip-target <num>]
[lacp-rate slow (0) | fast (1)]
bond-slave: master <master (ifname, or connection UUID or name)>
team: [config <file>|<raw JSON data>]
team-slave: master <master (ifname, or connection UUID or name)>
[config <file>|<raw JSON data>]
bridge: [stp yes|no]
[priority <num>]
[forward-delay <2-30>]
[hello-time <1-10>]
[max-age <6-40>]
[ageing-time <0-1000000>]
[multicast-snooping yes|no]
[mac <MAC address>]
bridge-slave: master <master (ifname, or connection UUID or name)>
[priority <0-63>]
[path-cost <1-65535>]
[hairpin yes|no]
vpn: vpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|ssh|l2tp|iodine|...
[user <username>]
olpc-mesh: ssid <SSID>
[channel <1-13>]
[dhcp-anycast <MAC address>]
adsl: username <username>
protocol pppoa|pppoe|ipoatm
[password <password>]
[encapsulation vcmux|llc]
tun: mode tun|tap
[owner <UID>]
[group <GID>]
[pi yes|no]
[vnet-hdr yes|no]
[multi-queue yes|no]
ip-tunnel: mode ipip|gre|sit|isatap|vti|ip6ip6|ipip6|ip6gre|vti6
remote <remote endpoint IP>
[local <local endpoint IP>]
[dev <parent device (ifname or connection UUID)>]
macsec: dev <parent device (connection UUID, ifname, or MAC)>
mode <psk|eap>
[cak <key> ckn <key>]
[encrypt yes|no]
[port 1-65534]
macvlan: dev <parent device (connection UUID, ifname, or MAC)>
mode vepa|bridge|private|passthru|source
[tap yes|no]
vxlan: id <VXLAN ID>
[remote <IP of multicast group or remote address>]
[local <source IP>]
[dev <parent device (ifname or connection UUID)>]
[source-port-min <0-65535>]
[source-port-max <0-65535>]
[destination-port <0-65535>]
wpan: [short-addr <0x0000-0xffff>]
[pan-id <0x0000-0xffff>]
[page <default|0-31>]
[channel <default|0-26>]
[mac <MAC address>]
6lowpan: dev <parent device (connection UUID, ifname, or MAC)>
dummy:
SLAVE_OPTIONS:
bridge: [priority <0-63>]
[path-cost <1-65535>]
[hairpin yes|no]
team: [config <file>|<raw JSON data>]
IP_OPTIONS:
[ip4 <IPv4 address>] [gw4 <IPv4 gateway>]
[ip6 <IPv6 address>] [gw6 <IPv6 gateway>]
[root@53_mach ~]# nmcli c modify help
Usage: nmcli connection modify { ARGUMENTS | help }
ARGUMENTS := [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+
Modify one or more properties of the connection profile.
The profile is identified by its name, UUID or D-Bus path. For multi-valued
properties you can use optional '+' or '-' prefix to the property name.
The '+' sign allows appending items instead of overwriting the whole value.
The '-' sign allows removing selected items instead of the whole value.
ARGUMENTS := remove <setting>
Remove a setting from the connection profile.
Examples:
nmcli con mod home-wifi wifi.ssid rakosnicek
nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.2/24, 10.10.1.5/8"
nmcli con mod em1-1 +ipv4.dns 8.8.4.4
nmcli con mod em1-1 -ipv4.dns 1
nmcli con mod em1-1 -ipv6.addr "abbe::cafe/56"
nmcli con mod bond0 +bond.options mii=500
nmcli con mod bond0 -bond.options downdelay
nmcli con mod em1-1 remove sriov
进入nmcli交互式配置界面
nmcli c 交互式配置界面
[root@53_mach ~]# nmcli c edit ens26f2
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'ens26f2'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, hostname, tc, proxy
nmcli>
activate back describe goto help nmcli print quit remove save set verify
nmcli> set
802-1x 802-3-ethernet (ethernet) connection dcb ethtool sriov
nmcli>
nmcli>
nmcli>
nmcli> print
802-3-ethernet all connection ipv4 ipv6 proxy sriov
nmcli> print all
===============================================================================
Connection profile details (ens26f2)
===============================================================================
connection.id: ens26f2
connection.uuid: b32430e3-a1f6-4129-b2a3-04382c5f5c67
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: ens26f2
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1720261568
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.wait-device-timeout: -1
-------------------------------------------------------------------------------
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
-------------------------------------------------------------------------------
ipv4.method: manual
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: 251.9.195.7/24
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0 (none)
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.dhcp-reject-servers: --
-------------------------------------------------------------------------------
ipv6.method: auto
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.required-timeout: -1 (default)
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.ra-timeout: 0 (default)
ipv6.dhcp-duid: --
ipv6.dhcp-iaid: --
ipv6.dhcp-timeout: 0 (default)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.dhcp-hostname-flags: 0x0 (none)
ipv6.token: --
-------------------------------------------------------------------------------
proxy.method: none
proxy.browser-only: no
proxy.pac-url: --
proxy.pac-script: --
-------------------------------------------------------------------------------
sriov.total-vfs: 3
sriov.vfs: --
sriov.autoprobe-drivers: 1 (true)
-------------------------------------------------------------------------------
nmcli> q
重新加载网络连接的配置
[root@localhost network-scripts]# nmcli c reload # 重载所有ifcfg或route到connection
# 不会立即生效
# 重载指定ifcfg或route到connection(不会立即生效)
nmcli c load /etc/sysconfig/network-scripts/ifcfg-ethX
nmcli c load /etc/sysconfig/network-scripts/route-eth
查看一个连接的详细信息【默认所有字段】
[root@localhost ~]# nmcli c show enp129s0f0
[root@localhost ~]# nmcli connection show --active # 显示所有激活的连接
# 只显示 该 连接的 以 ipv4 开头的字段信息
[root@localhost ~]# nmcli -f ipv4 c show enp125s0f2
# 或者
[root@localhost ~]# nmcli -f IP4 c show eth125f2-3
IP4.ADDRESS[1]: 124.124.124.124/24
IP4.ADDRESS[2]: 172.16.13.150/17
IP4.GATEWAY: 172.16.1.10
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 172.16.1.10, mt = 114
IP4.ROUTE[2]: dst = 124.124.124.0/24, nh = 0.0.0.0, mt = 114
IP4.ROUTE[3]: dst = 172.16.0.0/17, nh = 0.0.0.0, mt = 114
IP4.DNS[1]: 172.16.1.10
IP4.DOMAIN[1]: sit.com
# 记忆方法: -f 【field】 代表字段 , 过滤 其他字段 信息同理.
对连接的启用和关闭
[root@localhost ~]# nmcli c up enp125s0f2 # 相当于ifup
[root@localhost ~]# nmcli c down enp125s0f2 # 相当于ifdown
# 立即生效
修改连接的名字
[root@localhost ~]# nmcli con mod ens33 connection.id ens33con
添加 一个 连接
添加 802-3-ethernet 链接
[root@localhost ~]# nmcli con add con-name eth125s1 type 802-3-ethernet autoconnect yes ifname enp125s0f1
# 说明
ifname是物理设备,网络接口
type的类型设置为ethernet:以太网
autoconnect:有网络时自动连接
# 注意: 当该设备 不存在 激活连接时, 则自动激活 当前所新创建连接, 否则 为 down。 设备唯一性原则。
# 添加连接的同时 设置 IP 地址,
[root@localhost ~]# nmcli connection add type 802-3-ethernet con-name ens ifname ens3 ip4 192.168.1.9/24 gw4 192.168.1.1
添加 ethernet 链接
[root@localhost ~]# nmcli con add con-name eth125s1 type ethernet autoconnect yes ifname enp125s0f1
# 说明
ifname是物理设备,网络接口
type的类型设置为ethernet:以太网
autoconnect:有网络时自动连接
# 注意: 当该设备 不存在 激活连接时, 则自动激活 当前所新创建连接, 否则 为 down。 设备唯一性原则。
# 添加连接的同时 设置 IP 地址,
[root@localhost ~]# nmcli connection add type ethernet con-name ens ifname ens3 ip4 192.168.1.9/24 gw4 192.168.1.1
添加 bond 和 bond-slave 链接
# 1. 创建名称为bond1的绑定
nmcli con add type bond con-name bond1 ifname bond1 mode active-backup # 模式以具体的模式为准
# 2. 将 enp131s0f0 增加到bond1
nmcli connection add type bond-slave ifname enp131s0f0 master bond1
# 3. 将 enp131s0f1 增加到bond1
nmcli connection add type bond-slave ifname enp131s0f1 master bond1
# 4. 启动从属接口 enp131s0f0
nmcli connection up bond-slave-enp131s0f0
# 5. 启动从属接口 enp131s0f1
nmcli connection up bond-slave-enp131s0f1
# 6. 启动绑定
nmcli connection up bond1
添加 Vlan 链接
# 添加 vlan 接口: 链接名自动为: vlan-ens26f3.55 ; 设备名自动为: ens26f3.55
nmcli c add type vlan ifname ens26f3.55 dev ens26f3 id 55 vlan.parent ens26f3
# 设置
nmcli c modify vlan-ens26f3.55 ipv4.addresses 44.44.44.154/24 ipv4.method manual autoconnect yes
# 再加载
nmcli d reapply ens26f3.55
添加 Macvlan 链接
# 添加 Macvlan 接口: 链接名自动为: mac02; 设备名自动为: mac02
nmcli c add type macvlan ifname mac02 con-name mac02 macvlan.mode private macvlan.parent ens26f3 macvlan.promiscuous yes
# 设置
nmcli c modify mac02 ipv4.addresses 44.44.44.154/24 ipv4.method manual autoconnect yes
# 再加载
nmcli c reload mac02
nmcli d reapply mac02
添加 Vxlan 链接
# 添加 Vxlan 接口: 链接名自动为: vxlan02 ; 设备名自动为: vxlan02
nmcli c add type vxlan ifname vxlan02 con-name vxlan02 vxlan.id 100 vxlan.parent ens26f3 vxlan.destination-port 4789 vxlan.remote 33.33.33.22
# 设置
nmcli c modify vxlan02 ipv4.addresses 44.44.66.154/24 ipv4.method manual autoconnect yes
# 再加载
nmcli c reload vxlan02
nmcli d reapply vxlan02
添加 Gre 隧道链接
# 添加 Gre 接口: 链接名自动为: gre02 ; 设备名自动为: gre02
nmcli c add type ip-tunnel ifname gre02 con-name gre02 ip-tunnel.mode gre ip-tunnel.local 15.15.15.33 ip-tunnel.remote 15.15.15.22 ip-tunnel.ttl 255 ip-tunnel.parent ens26f3
# 可简写为
nmcli c add type ip-tunnel ifname gre02 con-name gre02 mode gre local 15.15.15.33 remote 15.15.15.22 ip-tunnel.ttl 255 ip-tunnel.parent ens26f3 dev ens26f3
# 设置
nmcli c modify gre02 ipv4.addresses 10.10.10.1/24 ipv4.method manual autoconnect yes
# 再加载
nmcli c reload gre02
nmcli d reapply gre02
添加 Bridge 和 bridge-slave 链接
# 添加 Bridge 接口: 链接名自动为: vxlan02 ; 设备名自动为: vxlan02
nmcli c add type Bridge
# 设置
nmcli c modify vxlan02 ipv4.addresses 44.44.66.154/24 ipv4.method manual autoconnect yes
# 再加载
nmcli c reload vxlan02
nmcli d reapply vxlan02
添加 ovs-dpdk 链接
# 添加 ovs-dpdk 接口: 链接名自动为: vxlan02 ; 设备名自动为: vxlan02
nmcli c add type ovs-dpdk
# 设置
nmcli c modify vxlan02 ipv4.addresses 44.44.66.154/24 ipv4.method manual autoconnect yes
# 再加载
nmcli c reload vxlan02
nmcli d reapply vxlan02
添加 ovs-bridge 链接
# 添加 ovs-bridge 接口: 链接名自动为: vxlan02 ; 设备名自动为: vxlan02
nmcli c add type ovs-bridge
# 设置
nmcli c modify vxlan02 ipv4.addresses 44.44.66.154/24 ipv4.method manual autoconnect yes
# 再加载
nmcli c reload vxlan02
nmcli d reapply vxlan02
删除一个连接
[root@localhost ~]# nmcli connection delete enp125s0f1 # 类似于 ifdown 并删除 ifcfg
添加一个 IP 地址
[root@localhost ~]# nmcli connection modify eth125f2-3 +ipv4.addresses 126.126.126.126/24
[root@localhost ~]# nmcli c up eth125f2-3
# 注意: 添加完 IP 信息 , 需重启 该连接, 变化信息才可生效.
[root@localhost ~]# nmcli d reaply eth125f2-3
删除一个 IP 地址
[root@localhost ~]# nmcli connection modify eth125f2-3 -ipv4.addresses 125.125.125.125/24
[root@localhost ~]# nmcli c up eth125f2-3
# 注意: 删除 完 IP 信息 , 需重启 该连接, 变化信息才可生效.
👉 修改 连接其他字段信息 与 修改 IP 信息同理
重置所有 IP 地址信息
# 不使用 + - 号,表示是修改
[root@localhost ~]# nmcli connection modify eth125f2-3 ipv4.addresses '125.125.125.125/24, 127.127.127.127/24'
[root@localhost ~]# nmcli c up eth125f2-3
# 注意: 重置 完 IP 信息 , 需重启 该连接, 变化信息才可生效.
# 创建connection,配置静态 IPV4 ip(等同于配置ifcfg,其中BOOTPROTO=none,并ifup启动)
nmcli c add type ethernet con-name ethX ifname ethX ipv4.addr 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.method manual
# 或者添加 IPV6 地址
nmcli c add type ethernet con-name ethX ifname ethX ipv6.addresses "2001:4f8:212:1c60:20c:29ff:fe2d:eaa0/64" ipv6.method manual autoconnect yes
# 或者同时添加
nmcli c add type ethernet con-name ethX ifname ethX ipv4.addr 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.method manual ipv6.addresses "2001:4f8:212:1c60:20c:29ff:fe2d:eaa0/64" ipv6.method manual autoconnect yes
# 创建connection,配置动态ip(等同于配置ifcfg,其中BOOTPROTO=dhcp,并ifup启动)
nmcli c add type ethernet con-name ethX ifname ethX ipv4.method auto
添加/删除 DNS 与 IP 同理
[root@localhost ~]# nmcli connection modify eth125f2-3 +ipv4.dns 114.114.114.114 # 添加 DNS
[root@localhost ~]# nmcli c up eth125f2-3
[root@localhost ~]# nmcli connection modify eth125f2-3 ipv4.dns '114.114.114.114,8.8.8.8,112.112.112.112'
[root@localhost ~]# nmcli c up eth125f2-3
[root@localhost ~]# nmcli connection modify eth125f2-3 -ipv4.dns 8.8.8.8 # 删除 DNS
[root@localhost ~]# nmcli c up eth125f2-3
修改网关
[root@localhost ~]# nmcli connection modify eth125f2-3 +ipv4.gateway 125.125.125.1
[root@localhost ~]# nmcli c up eth125f2-3
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/119)
[root@localhost ~]# nmcli -f IP4 connection show eth125f2-3
# 注意: 网关 只 可有一个, 添加不了多个
设置主机名
#查询当前主机名
nmcli general hostname
#修改主机名
nmcli general hostname new-hostname
#重启hostname(主机名)服务
systemctl restart systemd-hostnamed
创建和修改网桥
nmcli con add type bridge con-name br0
nmcli con add type bridge-slave autoconnect yes con-name eno3 ifname eno3 master br0
nmcli con up br0
nmcli con down eno3
nmcli con mod eno3 ipv4.method disabled
nmcli con up eno3
# 删除网桥
nmcli con delete br0
nmcli con mod eno3 ipv4.addresses 10.58.83.191/24 ipv4.gateway 10.58.83.1 ipv4.method manual
nmcli con up eno3
SRIOV 相关
# 创建 VF 口
nmcli c modify ens22f0 sriov.total-vfs 1
# 其次卸载加载驱动即可
nmcli c modify ens26f2 sriov.total-vfs 3 sriov.autoprobe-drivers true sriov.vfs 2
networking 对象
网络状态的打开和关闭
[root@localhost network-scripts]# nmcli networking off
[root@localhost network-scripts]# nmcli networking on
其他
# 关闭无线网络(NM默认启用无线网络)
nmcli r all off
# 查看NM纳管状态
nmcli n
# 开启NM纳管
nmcli n on
# 关闭NM纳管(谨慎执行)
nmcli n off
# 监听事件
nmcli m
# 查看NM本身状态
nmcli
# 检测NM是否在线可用
nm-online
# 接管设备
nmcli networking on
nmcli connection show
nmcli device status
nmcli device set ens33 managed yes
参考网址
Unix 命令一般都带有参数, 而参数的传递可以直接给,也可间接地转化,例如自动将标准输入作为参数。
lspci -vvv | grep -i ethernet
