NetworkManager Configuration: Advanced Networking in CentOS/RHEL
NetworkManager provides dynamic network configuration and management for CentOS/RHEL systems. This guide covers nmcli usage, connection profiles, and advanced networking configurations.
NetworkManager Fundamentals
Basic NetworkManager Commands
Essential nmcli operations:
# Check NetworkManager status
systemctl status NetworkManager
# List all connections
nmcli connection show
# Show device status
nmcli device status
# Display general status
nmcli general status
# Show radio switches
nmcli radio all
Connection Management
Manage network connections:
# Show active connections
nmcli connection show --active
# Display connection details
nmcli connection show "System eth0"
# Bring connection up
nmcli connection up "System eth0"
# Bring connection down
nmcli connection down "System eth0"
# Delete connection
nmcli connection delete "System eth0"
Ethernet Configuration
Static IP Configuration
Configure static IP addresses:
# Create new connection with static IP
nmcli connection add \
type ethernet \
con-name "static-eth0" \
ifname eth0 \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8,8.8.4.4" \
ipv4.method manual
# Modify existing connection
nmcli connection modify "System eth0" \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8,8.8.4.4" \
ipv4.method manual
# Add secondary IP
nmcli connection modify "static-eth0" \
+ipv4.addresses 192.168.1.101/24
# Configure IPv6
nmcli connection modify "static-eth0" \
ipv6.addresses 2001:db8::100/64 \
ipv6.gateway 2001:db8::1 \
ipv6.method manual
DHCP Configuration
Configure DHCP settings:
# Create DHCP connection
nmcli connection add \
type ethernet \
con-name "dhcp-eth0" \
ifname eth0 \
ipv4.method auto
# Configure DHCP with custom DNS
nmcli connection modify "dhcp-eth0" \
ipv4.ignore-auto-dns yes \
ipv4.dns "1.1.1.1,1.0.0.1"
# Set DHCP hostname
nmcli connection modify "dhcp-eth0" \
ipv4.dhcp-hostname "myserver" \
ipv4.dhcp-send-hostname yes
Network Bonding
Create Bond Interface
Configure network bonding for redundancy:
# Create bond master
nmcli connection add \
type bond \
con-name bond0 \
ifname bond0 \
bond.options "mode=active-backup,miimon=100"
# Add slave interfaces
nmcli connection add \
type ethernet \
con-name bond0-slave1 \
ifname eth0 \
master bond0
nmcli connection add \
type ethernet \
con-name bond0-slave2 \
ifname eth1 \
master bond0
# Configure bond IP
nmcli connection modify bond0 \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns 8.8.8.8 \
ipv4.method manual
Advanced Bond Options
Configure different bonding modes:
# Mode 0 - Round Robin
nmcli connection modify bond0 \
bond.options "mode=balance-rr,miimon=100"
# Mode 1 - Active Backup
nmcli connection modify bond0 \
bond.options "mode=active-backup,miimon=100,primary=eth0"
# Mode 2 - Balance XOR
nmcli connection modify bond0 \
bond.options "mode=balance-xor,miimon=100,xmit_hash_policy=layer3+4"
# Mode 4 - 802.3ad (LACP)
nmcli connection modify bond0 \
bond.options "mode=802.3ad,miimon=100,lacp_rate=fast"
# Mode 6 - Balance ALB
nmcli connection modify bond0 \
bond.options "mode=balance-alb,miimon=100"
VLAN Configuration
Create VLAN Interfaces
Configure VLAN tagging:
# Create VLAN interface
nmcli connection add \
type vlan \
con-name vlan100 \
dev eth0 \
id 100 \
ipv4.addresses 192.168.100.1/24 \
ipv4.method manual
# Create VLAN on bond
nmcli connection add \
type vlan \
con-name bond0.200 \
dev bond0 \
id 200 \
ipv4.addresses 192.168.200.1/24 \
ipv4.method manual
# Configure VLAN priority
nmcli connection modify vlan100 \
vlan.flags 1 \
vlan.ingress-priority-map "0:3,1:4" \
vlan.egress-priority-map "3:0,4:1"
Bridge Configuration
Create Network Bridge
Configure bridge for VMs:
# Create bridge
nmcli connection add \
type bridge \
con-name br0 \
ifname br0 \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns 8.8.8.8 \
ipv4.method manual
# Add interface to bridge
nmcli connection add \
type ethernet \
con-name br0-slave \
ifname eth0 \
master br0
# Configure bridge options
nmcli connection modify br0 \
bridge.stp yes \
bridge.priority 32768 \
bridge.forward-delay 15 \
bridge.hello-time 2 \
bridge.max-age 20
Network Teams (Alternative to Bonding)
Configure Network Team
Modern alternative to bonding:
# Create team interface
nmcli connection add \
type team \
con-name team0 \
ifname team0 \
config '{"runner": {"name": "activebackup"}}'
# Add team slaves
nmcli connection add \
type ethernet \
con-name team0-port1 \
ifname eth0 \
master team0
nmcli connection add \
type ethernet \
con-name team0-port2 \
ifname eth1 \
master team0
# Configure team runner options
cat > /tmp/team-config.json <<EOF
{
"runner": {
"name": "loadbalance",
"tx_hash": ["eth", "vlan", "ipv4", "ipv6", "tcp", "udp"]
},
"link_watch": {
"name": "ethtool"
}
}
EOF
nmcli connection modify team0 \
team.config "$(cat /tmp/team-config.json)"
Wireless Configuration
WiFi Connection Setup
Configure wireless connections:
# Scan for networks
nmcli device wifi list
# Connect to WiFi
nmcli device wifi connect "SSID" password "password"
# Create WiFi profile
nmcli connection add \
type wifi \
con-name "Office-WiFi" \
ifname wlp3s0 \
ssid "OfficeNetwork" \
wifi-sec.key-mgmt wpa-psk \
wifi-sec.psk "secretpassword"
# Configure enterprise WiFi (802.1X)
nmcli connection add \
type wifi \
con-name "Corporate-WiFi" \
ifname wlp3s0 \
ssid "CorpNetwork" \
wifi-sec.key-mgmt wpa-eap \
802-1x.eap peap \
802-1x.phase2-auth mschapv2 \
802-1x.identity "username" \
802-1x.password "password"
VPN Configuration
OpenVPN Setup
Configure OpenVPN connections:
# Import OpenVPN configuration
nmcli connection import \
type openvpn \
file client.ovpn
# Create OpenVPN connection manually
nmcli connection add \
type vpn \
con-name "Office-VPN" \
vpn-type openvpn \
vpn.data "remote=vpn.example.com,
port=1194,
ca=/etc/openvpn/ca.crt,
cert=/etc/openvpn/client.crt,
key=/etc/openvpn/client.key,
cipher=AES-256-CBC,
comp-lzo=yes"
IPSec/L2TP Configuration
# Configure IPSec VPN
nmcli connection add \
type vpn \
con-name "IPSec-VPN" \
vpn-type l2tp \
vpn.data "gateway=vpn.example.com,
ipsec-enabled=yes,
ipsec-psk=sharedsecret,
user=vpnuser,
password-flags=2"
Network Profiles and Dispatcher Scripts
Connection Profiles
Manage multiple network profiles:
# Create location-based profiles
# Office profile
nmcli connection add \
type ethernet \
con-name "Office" \
ifname eth0 \
ipv4.addresses 10.0.0.100/24 \
ipv4.gateway 10.0.0.1 \
ipv4.dns "10.0.0.10,10.0.0.11" \
ipv4.method manual
# Home profile
nmcli connection add \
type ethernet \
con-name "Home" \
ifname eth0 \
ipv4.method auto
Dispatcher Scripts
Automate network tasks:
# Create dispatcher script
cat > /etc/NetworkManager/dispatcher.d/30-custom <<'EOF'
#!/bin/bash
# NetworkManager dispatcher script
interface=$1
action=$2
case "$action" in
up)
# Actions when interface comes up
if [[ "$interface" == "eth0" ]]; then
# Update routing
ip route add 10.10.0.0/16 via 192.168.1.254
# Start services
systemctl start custom-service
fi
;;
down)
# Actions when interface goes down
if [[ "$interface" == "eth0" ]]; then
systemctl stop custom-service
fi
;;
esac
EOF
chmod +x /etc/NetworkManager/dispatcher.d/30-custom
Performance Tuning
Network Optimization
Optimize network performance:
# Configure connection MTU
nmcli connection modify "System eth0" \
ethernet.mtu 9000
# Set ring buffer sizes
nmcli connection modify "System eth0" \
ethtool.ring-rx 4096 \
ethtool.ring-tx 4096
# Configure offload features
nmcli connection modify "System eth0" \
ethtool.feature-tso on \
ethtool.feature-gso on \
ethtool.feature-gro on
Traffic Control
Implement QoS with tc:
# Create tc qdisc configuration
cat > /etc/NetworkManager/dispatcher.d/40-qos <<'EOF'
#!/bin/bash
interface=$1
action=$2
if [[ "$action" == "up" ]] && [[ "$interface" == "eth0" ]]; then
# Clear existing qdiscs
tc qdisc del dev eth0 root 2>/dev/null
# Add HTB qdisc
tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 500mbit
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 300mbit
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 200mbit
fi
EOF
chmod +x /etc/NetworkManager/dispatcher.d/40-qos
Troubleshooting
Diagnostic Commands
Network troubleshooting tools:
# Monitor NetworkManager logs
journalctl -u NetworkManager -f
# Enable debug logging
nmcli general logging level DEBUG domains ALL
# Connection diagnostics
nmcli connection show "System eth0" | grep -E "error|warning"
# Monitor connection changes
nmcli monitor
# Test connectivity
nmcli networking connectivity check
Common Issues Resolution
# Reset NetworkManager
systemctl restart NetworkManager
# Reload connection profiles
nmcli connection reload
# Clear DNS cache
systemctl restart systemd-resolved
# Fix permission issues
restorecon -Rv /etc/NetworkManager/
Security Configuration
802.1X Authentication
Configure port-based authentication:
# Configure 802.1X for wired connection
nmcli connection add \
type ethernet \
con-name "Secure-LAN" \
ifname eth0 \
802-1x.eap md5 \
802-1x.identity "user@domain.com" \
802-1x.password "password" \
connection.permissions user:john
Firewall Zone Assignment
# Assign connection to firewall zone
nmcli connection modify "System eth0" \
connection.zone internal
# Configure zone for new connections
nmcli connection add \
type ethernet \
con-name "DMZ-eth1" \
ifname eth1 \
connection.zone dmz \
ipv4.method auto
Conclusion
NetworkManager provides powerful and flexible network configuration for CentOS/RHEL systems. Master nmcli commands and configuration options to efficiently manage complex network setups, from basic connectivity to advanced features like bonding, VLANs, and VPNs.