Configuring Network Interfaces
Why This Matters
You have just been handed SSH credentials to a brand-new bare-metal server in your company's data center. The machine boots, but it has no IP address. Nobody can reach it, and it cannot reach the internet. Your job is to bring it onto the network -- assign an IP, set a default gateway, configure DNS, and make sure everything survives a reboot.
This is the bread and butter of Linux system administration. Every single server, VM, container host, or IoT device you will ever touch needs its network configured. Whether you are setting up a DHCP-based laptop or a multi-homed production server with VLANs and bonded interfaces, the tools in this chapter are what you will reach for.
Try This Right Now
Open a terminal on any Linux machine and run:
# Show all network interfaces and their addresses
ip addr show
# Show only interfaces that are UP
ip link show up
# Show the routing table
ip route show
You should see at least two interfaces: lo (the loopback) and something like eth0,
ens33, enp0s3, or wlp2s0 (your real network interface). Take note of your
interface name -- you will need it throughout this chapter.
The ip Command: Your Primary Tool
The ip command from the iproute2 package is the modern, standard way to configure
networking on Linux. It replaced the older ifconfig, route, and arp commands. If
you only learn one networking tool, make it ip.
The ip command is organized into objects:
ip <object> <command>
Objects:
addr - IP addresses
link - Network interfaces (layer 2)
route - Routing table
neigh - ARP / neighbor cache
netns - Network namespaces
Viewing Interface Information
# Full details of all interfaces
ip addr show
# Short form
ip a
# Just one interface
ip addr show dev eth0
# Only show IPv4 addresses
ip -4 addr show
# Only show IPv6 addresses
ip -6 addr show
# Machine-readable JSON output
ip -j addr show | python3 -m json.tool
Here is what typical ip addr show output looks like:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:a1:b2:c3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fea1:b2c3/64 scope link
valid_lft forever preferred_lft forever
Let's decode each piece:
+------------------------------------------------------------------+
| Field | Meaning |
|------------------------------|-----------------------------------|
| eth0 | Interface name |
| <BROADCAST,MULTICAST,UP, | Interface flags |
| LOWER_UP> | UP=admin up, LOWER_UP=cable in |
| mtu 1500 | Maximum Transmission Unit |
| state UP | Operational state |
| link/ether 52:54:00:a1:b2:c3| MAC address |
| inet 192.168.1.100/24 | IPv4 address with prefix length |
| brd 192.168.1.255 | Broadcast address |
| scope global | Address is globally reachable |
| inet6 fe80::... | IPv6 link-local address |
+------------------------------------------------------------------+
Managing Interfaces with ip link
# Bring an interface down
sudo ip link set eth0 down
# Bring it back up
sudo ip link set eth0 up
# Change the MTU
sudo ip link set eth0 mtu 9000
# Change the MAC address (interface must be down)
sudo ip link set eth0 down
sudo ip link set eth0 address 02:00:00:00:00:01
sudo ip link set eth0 up
# Show interface statistics
ip -s link show eth0
Safety Warning: Running
ip link set eth0 downon a remote server over SSH through that same interface will immediately disconnect you. Always ensure you have out-of-band access (console, IPMI, or a second interface) before taking an interface down remotely.
Managing IP Addresses with ip addr
# Add an IP address to an interface
sudo ip addr add 192.168.1.100/24 dev eth0
# Add a second IP address (yes, one interface can have multiple)
sudo ip addr add 192.168.1.101/24 dev eth0
# Remove an IP address
sudo ip addr del 192.168.1.101/24 dev eth0
# Flush ALL addresses from an interface
sudo ip addr flush dev eth0
Safety Warning:
ip addr flushwill remove ALL IP addresses from the interface. On a remote machine, this is just as dangerous as taking the interface down.
Managing Routes with ip route
# View the routing table
ip route show
# Add a default gateway
sudo ip route add default via 192.168.1.1
# Add a specific route
sudo ip route add 10.0.0.0/8 via 192.168.1.254
# Delete a route
sudo ip route del 10.0.0.0/8
# Replace a route (add or update)
sudo ip route replace default via 192.168.1.1
Think About It: You have added an IP address and a default gateway with
ipcommands. You reboot the server. Are those settings still there? Why or why not?
The answer is no. Everything done with the ip command is temporary. It lives
in the kernel's memory and vanishes on reboot. To make changes permanent, you need a
configuration file or a network management daemon. That is what the rest of this chapter
covers.
The Legacy: ifconfig
You will still see ifconfig in older scripts, blog posts, and Stack Overflow answers.
It comes from the net-tools package and is considered deprecated.
# View interfaces (legacy)
ifconfig
# Assign an IP (legacy)
sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0 up
Why you should use ip instead:
ifconfigcannot show all addresses on an interface (only the primary)ifconfigcannot handle advanced features like policy routing or network namespacesifconfigis not installed by default on many modern distributions- The iproute2 suite (
ip) is actively maintained; net-tools is not
Distro Note: On minimal installs of RHEL/CentOS, Fedora, Debian, and Ubuntu Server,
ifconfigmay not even be present. Theipcommand is always available.
NetworkManager: The Desktop and Server Standard
NetworkManager is the most widely used network management daemon on Linux today. It is the default on Fedora, RHEL, CentOS, Ubuntu Desktop, and many others. It handles wired, wireless, VPN, and mobile broadband connections.
+-------------------------------------------------------+
| NetworkManager |
| |
| nmcli nmtui GNOME Settings nm-connection-editor|
| | | | | |
| +--------+----------+------------------+ |
| | |
| NetworkManager daemon |
| | |
| Kernel networking stack |
+-------------------------------------------------------+
nmcli: The Command-Line Interface
nmcli is the most powerful way to interact with NetworkManager from the terminal.
# Show overall status
nmcli general status
# List all connections
nmcli connection show
# Show active connections
nmcli connection show --active
# Show details of a specific connection
nmcli connection show "Wired connection 1"
# List all devices
nmcli device status
Creating a Static IP Connection
# Create a new connection with a static IP
sudo nmcli connection add \
con-name "static-eth0" \
type ethernet \
ifname eth0 \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8 8.8.4.4" \
ipv4.method manual
# Activate it
sudo nmcli connection up "static-eth0"
Switching to DHCP
# Create a DHCP connection
sudo nmcli connection add \
con-name "dhcp-eth0" \
type ethernet \
ifname eth0 \
ipv4.method auto
# Activate it
sudo nmcli connection up "dhcp-eth0"
Modifying an Existing Connection
# Change the DNS servers
sudo nmcli connection modify "static-eth0" ipv4.dns "1.1.1.1 9.9.9.9"
# Add a secondary IP address
sudo nmcli connection modify "static-eth0" +ipv4.addresses 192.168.1.101/24
# Apply changes without taking the connection down
sudo nmcli connection up "static-eth0"
Quick Cheat Sheet
# Bring a connection down
sudo nmcli connection down "static-eth0"
# Delete a connection
sudo nmcli connection delete "static-eth0"
# Set a connection to auto-connect on boot
sudo nmcli connection modify "static-eth0" connection.autoconnect yes
# Show the wifi networks (on a laptop)
nmcli device wifi list
# Connect to wifi
sudo nmcli device wifi connect "MyNetwork" password "secret123"
nmtui: The Text User Interface
If you prefer a visual, menu-driven approach in the terminal:
sudo nmtui
This launches a curses-based interface where you can:
- Edit a connection
- Activate a connection
- Set the system hostname
It is perfect for quick configuration when you do not want to remember nmcli syntax.
systemd-networkd: Lightweight Network Configuration
On servers, containers, and embedded systems, systemd-networkd is a lighter
alternative to NetworkManager. It is part of systemd and uses simple .network
configuration files.
Enabling systemd-networkd
# If NetworkManager is running, disable it first to avoid conflicts
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager
# Enable systemd-networkd and systemd-resolved
sudo systemctl enable --now systemd-networkd
sudo systemctl enable --now systemd-resolved
Configuration Files
Configuration lives in /etc/systemd/network/. Files are processed in alphabetical
order and use the .network extension.
Static IP Configuration
Create /etc/systemd/network/20-wired.network:
[Match]
Name=eth0
[Network]
Address=192.168.1.100/24
Gateway=192.168.1.1
DNS=8.8.8.8
DNS=8.8.4.4
DHCP Configuration
Create /etc/systemd/network/20-wired.network:
[Match]
Name=eth0
[Network]
DHCP=yes
After creating or modifying files:
# Reload and apply
sudo networkctl reload
# Check status
networkctl status eth0
networkctl list
Distro Note: Ubuntu Server (since 17.10) uses Netplan, which is a YAML-based abstraction layer that can generate configuration for either NetworkManager or systemd-networkd. We cover Netplan shortly.
Debian-style: /etc/network/interfaces
On Debian and older Ubuntu systems (before Netplan), the classic configuration file is
/etc/network/interfaces. It is managed by the ifupdown package.
Static IP
# /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8 8.8.4.4
DHCP
auto eth0
iface eth0 inet dhcp
Applying Changes
# Bring an interface down and back up
sudo ifdown eth0 && sudo ifup eth0
# Or restart the networking service
sudo systemctl restart networking
RHEL-style: Network Scripts (Legacy)
On older RHEL, CentOS (7 and earlier), and Fedora systems, network configuration lived
in per-interface scripts under /etc/sysconfig/network-scripts/.
Static IP
# /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.100
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4
DHCP
# /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
Applying Changes
sudo systemctl restart network
# or for a single interface:
sudo ifdown eth0 && sudo ifup eth0
Distro Note: RHEL 9 and later have removed legacy network scripts entirely. NetworkManager with
nmcliis the only supported method. Theifcfgfiles may still work (NetworkManager reads them), but the new keyfile format in/etc/NetworkManager/system-connections/is preferred.
Netplan (Ubuntu)
Ubuntu Server uses Netplan as an abstraction layer. You write YAML files, and Netplan generates the backend configuration.
Configuration lives in /etc/netplan/. The file is usually named something like
01-netcfg.yaml or 50-cloud-init.yaml.
Static IP
# /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd # or NetworkManager
ethernets:
eth0:
addresses:
- 192.168.1.100/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
DHCP
network:
version: 2
ethernets:
eth0:
dhcp4: true
Applying Changes
# Test the configuration (auto-reverts after 120 seconds if you don't confirm)
sudo netplan try
# Apply permanently
sudo netplan apply
# Generate backend config without applying
sudo netplan generate
The netplan try command is brilliant for remote servers -- if your configuration is
broken, it will automatically revert, saving you from being locked out.
Static vs DHCP: When to Use Which
+--------------------------------------------------------------+
| Static IP | DHCP |
|---------------------------------------|---------------------- |
| Servers | Desktops/laptops |
| Network infrastructure | Guest networks |
| DNS servers | Development VMs |
| Load balancers | IoT devices (some) |
| Database servers | Containers (often) |
| | |
| You control the exact address | Address assigned |
| Survives DHCP server outages | automatically |
| Required for services others connect | Less config to manage |
| to by IP | Easy to move between |
| | networks |
+--------------------------------------------------------------+
Think About It: Your company has a DHCP server that hands out addresses in the range 192.168.1.100-200. You manually assign 192.168.1.150 as a static IP to your new server. What could go wrong?
The DHCP server might hand out 192.168.1.150 to another machine, creating an IP conflict. The fix is to either use a static IP outside the DHCP range or create a DHCP reservation for your server's MAC address.
Hands-On: Configure a Network Interface from Scratch
Let's walk through configuring a static IP using nmcli, which works across most modern
distributions.
Step 1: Identify your interface
nmcli device status
Expected output:
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1
lo loopback unmanaged --
Step 2: Create a new connection profile
sudo nmcli connection add \
con-name "my-static" \
type ethernet \
ifname eth0 \
ipv4.addresses 10.0.0.50/24 \
ipv4.gateway 10.0.0.1 \
ipv4.dns "1.1.1.1" \
ipv4.method manual \
connection.autoconnect yes
Step 3: Activate the connection
sudo nmcli connection up "my-static"
Step 4: Verify
ip addr show eth0
ip route show
cat /etc/resolv.conf
ping -c 3 1.1.1.1
Step 5: Test DNS resolution
ping -c 3 google.com
If the ping to 1.1.1.1 works but google.com does not resolve, your DNS configuration
needs fixing.
VLANs: Virtual LANs
VLANs let you segment a single physical network into multiple logical networks. On Linux, you create a VLAN sub-interface tagged with a VLAN ID.
# Using ip command (temporary)
sudo ip link add link eth0 name eth0.100 type vlan id 100
sudo ip addr add 10.100.0.1/24 dev eth0.100
sudo ip link set eth0.100 up
# Using nmcli (persistent)
sudo nmcli connection add \
con-name "vlan100" \
type vlan \
ifname eth0.100 \
dev eth0 \
id 100 \
ipv4.addresses 10.100.0.1/24 \
ipv4.method manual
To verify:
ip -d link show eth0.100
cat /proc/net/vlan/eth0.100
Network Bonding: Combining Interfaces
Bonding (also called NIC teaming) combines two or more physical interfaces into one logical interface for redundancy or increased throughput.
+-------------------+
| bond0 | <-- logical interface (192.168.1.100)
| / \ |
| eth0 eth1 | <-- physical interfaces
+-------------------+
Common bonding modes:
| Mode | Name | Description |
|---|---|---|
| 0 | balance-rr | Round-robin, requires switch support |
| 1 | active-backup | One active, others standby (most common) |
| 2 | balance-xor | XOR-based hash |
| 4 | 802.3ad | LACP, requires switch support |
| 6 | balance-alb | Adaptive load balancing |
Creating a Bond with nmcli
# Create the bond
sudo nmcli connection add \
con-name "bond0" \
type bond \
ifname bond0 \
bond.options "mode=active-backup,miimon=100" \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.method manual
# Add slave interfaces
sudo nmcli connection add \
con-name "bond0-slave1" \
type ethernet \
ifname eth0 \
master bond0
sudo nmcli connection add \
con-name "bond0-slave2" \
type ethernet \
ifname eth1 \
master bond0
# Activate
sudo nmcli connection up bond0
To check bond status:
cat /proc/net/bonding/bond0
Debug This
Scenario: A junior admin reports that a newly deployed server has no network connectivity. They show you this:
$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:54:00:a1:b2:c3 brd ff:ff:ff:ff:ff:ff
$ ip route show
(empty output)
What are the problems? How do you fix them?
Diagnosis:
- The interface is DOWN -- notice the flags show
<BROADCAST,MULTICAST>but noUPorLOWER_UP. Also,state DOWNandqdisc noop(no queuing discipline assigned). - There is no IP address assigned.
- There is no routing table -- no default gateway.
Fix:
# Step 1: Bring the interface up
sudo ip link set eth0 up
# Step 2: Assign an IP address
sudo ip addr add 192.168.1.100/24 dev eth0
# Step 3: Add a default gateway
sudo ip route add default via 192.168.1.1
# Step 4: Make it permanent (using nmcli)
sudo nmcli connection add con-name "eth0-static" type ethernet ifname eth0 \
ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8" ipv4.method manual
sudo nmcli connection up "eth0-static"
What Just Happened?
+-------------------------------------------------------------------+
| Chapter 33 Recap |
+-------------------------------------------------------------------+
| |
| * `ip` is the modern tool for viewing and configuring |
| interfaces, addresses, and routes. Changes are temporary. |
| |
| * NetworkManager (`nmcli`, `nmtui`) makes configuration |
| persistent and handles complex setups. Default on most distros.|
| |
| * systemd-networkd is a lighter daemon controlled via |
| .network files in /etc/systemd/network/. |
| |
| * Distro-specific methods: |
| - Debian: /etc/network/interfaces |
| - RHEL legacy: /etc/sysconfig/network-scripts/ |
| - Ubuntu modern: Netplan (/etc/netplan/*.yaml) |
| |
| * Static IPs are for servers and infrastructure. |
| DHCP is for clients and dynamic environments. |
| |
| * VLANs segment traffic on a single physical interface. |
| * Bonding combines multiple interfaces for redundancy. |
| |
+-------------------------------------------------------------------+
Try This
-
Basic configuration: Using
nmcli, create a connection profile with a static IP of your choice. Verify it works withping, then switch the same interface to DHCP. -
Multi-address: Add three IP addresses to a single interface. Verify all three respond to
pingfrom another machine on the same network. -
Explore your system: Run
nmcli connection showand examine every field in one of your connection profiles. Identify at least five settings you did not know about. -
Compare methods: Configure the same static IP using
ipcommands, then usingnmcli, then using a Netplan YAML file (on Ubuntu) or a manual config file for your distribution. Reboot after each method and verify which ones survive. -
Bonus challenge: Set up a VLAN sub-interface on your machine. You will need a switch or virtual network that supports VLAN tagging. Verify the VLAN interface gets its own IP address in a different subnet than the parent interface.