25 openEuler管理网络-使用nmcli命令配置ip
说明: 使用nmcli命令配置的网络配置可以立即生效且系统重启后配置也不会丢失。
25.1 nmcli介绍
nmcli是NetworkManager的一个命令行工具,它提供了使用命令行配置由NetworkManager管理网络连接的方法。nmcli命令的基本格式为:
nmcli [OPTIONS] OBJECT { COMMAND | help }
其中,OBJECT选项可以是general、networking、radio、connection或device等。在日常使用中,最常使用的是-t, --terse(用于脚本)、-p, --pretty选项(用于用户)及-h, --help选项,用户可以使用“ nmcli help”获取更多参数及使用信息。
# nmcli help
常用命令使用举例如下:
-
显示NetworkManager状态:
# nmcli general status例如示例命令如下:
[root@superman-21 ~]# nmcli general status STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN 已连接 完全 已启用 已启用 已启用 已启用 [root@superman-21 ~]# -
显示所有连接:
# nmcli connection show例如示例命令如下:
[root@superman-21 ~]# nmcli connection show NAME UUID TYPE DEVICE ens33 4bc92b9f-a640-4e34-9c2d-06250344adfe ethernet ens33 virbr0 2b23e76a-1338-4082-8444-1f2787503ad1 bridge virbr0 [root@superman-21 ~]# -
只显示当前活动连接,如下所示添加 -a, --active:
# nmcli connection show -a # nmcli connection show --active例如示例命令如下:
[root@superman-21 ~]# nmcli connection show -a NAME UUID TYPE DEVICE ens33 4bc92b9f-a640-4e34-9c2d-06250344adfe ethernet ens33 virbr0 2b23e76a-1338-4082-8444-1f2787503ad1 bridge virbr0 [root@superman-21 ~]# [root@superman-21 ~]# nmcli connection show --active NAME UUID TYPE DEVICE ens33 4bc92b9f-a640-4e34-9c2d-06250344adfe ethernet ens33 virbr0 2b23e76a-1338-4082-8444-1f2787503ad1 bridge virbr0 [root@superman-21 ~]# -
显示由NetworkManager识别到设备及其状态:
# nmcli device status例如示例命令如下:
[root@superman-21 ~]# nmcli device status DEVICE TYPE STATE CONNECTION ens33 ethernet 已连接 ens33 virbr0 bridge 连接(外部) virbr0 lo loopback 未托管 -- virbr0-nic tun 未托管 -- [root@superman-21 ~]# -
使用nmcli工具启动和停止网络接口,在root权限下执行如下命令:
# nmcli connection up id ens33 # nmcli device disconnect ens33例如示例命令如下:
[root@superman-21 ~]# nmcli connection up id ens33 Commection successfully activated (D-Bus active path: /org/freedesktopNetwprkfanager/ictiveComection/4) [root@superman-21 ~]# [root@superman-21 ~]# nmcli device disconnect ens33 device 'ens33' successfully disconnected. [root@superman-21 ~]#
25.2 设备管理
25.2.1 连接到设备
使用如下命令,NetworkManager将连接到对应网络设备,尝试找到合适的连接配置,并激活配置。
# nmcli device connect "$IFNAME"
如果不存在相应的配置连接,NetworkManager将创建并激活具有默认设置的新配置文件。
25.2.2 断开设备连接
使用如下命令,NetworkManager将断开设备连接,并防止设备自动激活。
# nmcli device disconnect "$IFNAME"
25.3 设置网络连接
列出目前可用的网络连接:
[root@superman-21 ~]# nmcli con show
NAME UUID TYPE DEVICE
ens33 4bc92b9f-a640-4e34-9c2d-06250344adfe ethernet ens33
virbr0 2b23e76a-1338-4082-8444-1f2787503ad1 bridge virbr0
[root@superman-21 ~]#
添加一个网络连接会生成相应的配置文件,并与相应的设备关联。检查可用的设备,方法如下:
[root@superman-21 ~]# nmcli dev status
DEVICE TYPE STATE CONNECTION
ens33 ethernet 已连接 ens33
virbr0 bridge 连接(外部) virbr0
lo loopback 未托管 --
virbr0-nic tun 未托管 --
[root@superman-21 ~]#
25.3.1 配置动态IP连接
25.3.1.1 配置IP
要使用 DHCP 分配网络时,可以使用动态IP配置添加网络配置文件,命令格式如下:
# nmcli connection add type ethernet con-name connection-name ifname interface-name
例如创建名为net-test的动态连接配置文件,在root权限下使用以下命令:
[root@superman-21 ~]# nmcli connection add type ethernet con-name ens33 ifname ens33
连接 "ens33" (05729c25-f385-4572-bf29-322cc1cfce36) 已成功添加。
[root@superman-21 ~]#
NetworkManager 会将参数 connection.autoconnect 设定为 yes,并将设置保存到 “/etc/sysconfig/network-scripts/ifcfg-net-test”文件中,在该文件中会将BOOTPROTO设置为dhcp、ONBOOT 设置为 yes。
25.3.1.2 激活连接并检查状态
在root权限下使用以下命令激活网络连接:
[root@superman-21 ~]# nmcli con up ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)
[root@superman-21 ~]#
检查这些设备及连接的状态,使用以下命令:
[root@superman-21 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
ens33 ethernet 已连接 ens33
virbr0 bridge 连接(外部) virbr0
lo loopback 未托管 --
virbr0-nic tun 未托管 --
[root@superman-21 ~]#
25.3.2 配置静态IP连接
25.3.2.1 配置IP
添加静态 IPv4 配置的网络连接,可使用以下命令:
# nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address
例如创建名为 net-static的静态连接配置文件,在root权限下使用以下命令:
[root@superman-21 ~]# nmcli con add type ethernet con-name ens33 ifname ens33 ip4 192.168.0.21/24 gw4 192.168.0.1
连接 "ens33" (05b7a99b-2d5f-4bf5-9a78-3a459e338d85) 已成功添加。
[root@superman-21 ~]#
还可为该设备同时指定 IPv6 地址和网关,示例如下:
[root@superman-21 ~]# nmcli con add type ethernet con-name ens33 ifname ens33 ip4 192.168.0.21/24 gw4 192.168.0.1 ip6 2001:470:18:ac4::2/64 gw6 2001:470:19:ac4::/64
连接 "ens33" (c4516c31-9f66-4611-99c6-60197324693d) 已成功添加。
[root@superman-21 ~]#
NetworkManager 会将其内部参数 ipv4.method 设定为 manual,将 connection.autoconnect 设定为yes,并将设置写入 /etc/sysconfig/network-scripts/ifcfg-my-office 文件,其中会将对应 BOOTPROTO 设定为 none,将 ONBOOT 设定为 yes。
设定两个 IPv4 DNS 服务器地址,在root权限下使用以下命令:
[root@superman-21 ~]# nmcli con mod ens33 ipv4.dns "202.102.224.68 114.114.114.114"
[root@superman-21 ~]#
设置两个 IPv6 DNS 服务器地址,在root权限下使用以下命令:
[root@superman-21 ~]# nmcli con mod ens33 ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
[root@superman-21 ~]#
25.3.2.2 激活连接并检查状态
激活新的网络连接,在root权限下使用以下命令:
[root@superman-21 ~]# nmcli con up ens33 ifname ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@superman-21 ~]#
检查这些设备及连接的状态,使用以下命令:
[root@superman-21 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
ens33 ethernet 已连接 ens33
virbr0 bridge 连接(外部) virbr0
lo loopback 未托管 --
virbr0-nic tun 未托管 --
[root@superman-21 ~]#
查看配置的连接详情,使用以下命令(使用 -p, --pretty 选项在输出结果中添加标题和分段):
[root@superman-21 ~]# nmcli -p con show ens33
===============================================================================
连接配置集详情 (ens33)
===============================================================================
connection.id: ens33
connection.uuid: 4bc92b9f-a640-4e34-9c2d-06250344adfe
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: ens33
connection.autoconnect: 是
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0(default)
connection.auth-retries: -1
connection.timestamp: 1671872503
connection.read-only: 否
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1(default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: 未知
connection.lldp: default
connection.mdns: -1(default)
connection.llmnr: -1(default)
connection.wait-device-timeout: -1
-------------------------------------------------------------------------------
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: 否
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: 自动
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1(default)
-------------------------------------------------------------------------------
ipv4.method: manual
ipv4.dns: 202.102.224.68,114.114.114.114
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: 192.168.0.21/24
ipv4.gateway: 192.168.0.1
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: 否
ipv4.ignore-auto-dns: 否
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: 是
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0(none)
ipv4.never-default: 否
ipv4.may-fail: 是
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.dhcp-reject-servers: --
-------------------------------------------------------------------------------
ipv6.method: auto
ipv6.dns: 2001:4860:4860::8888,2001:4860:4860::8844
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: 否
ipv6.ignore-auto-dns: 否
ipv6.never-default: 否
ipv6.may-fail: 是
ipv6.required-timeout: -1 (default)
ipv6.ip6-privacy: -1(unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.ra-timeout: 0 (default)
ipv6.dhcp-duid: --
ipv6.dhcp-iaid: --
ipv6.dhcp-timeout: 0 (default)
ipv6.dhcp-send-hostname: 是
ipv6.dhcp-hostname: --
ipv6.dhcp-hostname-flags: 0x0(none)
ipv6.token: --
-------------------------------------------------------------------------------
proxy.method: none
proxy.browser-only: 否
proxy.pac-url: --
proxy.pac-script: --
-------------------------------------------------------------------------------
===============================================================================
激活连接详情 (4bc92b9f-a640-4e34-9c2d-06250344adfe)
===============================================================================
GENERAL.NAME: ens33
GENERAL.UUID: 4bc92b9f-a640-4e34-9c2d-06250344adfe
GENERAL.DEVICES: ens33
GENERAL.IP-IFACE: ens33
GENERAL.STATE: 已激活
GENERAL.DEFAULT: 是
GENERAL.DEFAULT6: 否
GENERAL.SPEC-OBJECT: --
GENERAL.VPN: 否
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/5
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/1
GENERAL.ZONE: --
GENERAL.MASTER-PATH: --
-------------------------------------------------------------------------------
IP4.ADDRESS[1]: 192.168.0.21/24
IP4.GATEWAY: 192.168.0.1
IP4.ROUTE[1]: dst = 192.168.0.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.0.1, mt = 100
IP4.DNS[1]: 202.102.224.68
IP4.DNS[2]: 114.114.114.114
-------------------------------------------------------------------------------
IP6.ADDRESS[1]: fe80::9393:f6ae:ced9:7759/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.DNS[1]: 2001:4860:4860::8888
IP6.DNS[2]: 2001:4860:4860::8844
-------------------------------------------------------------------------------
===============================================================================
连接配置集详情 (ens33)
===============================================================================
connection.id: ens33
connection.uuid: 8bb45a92-91b7-475b-a265-e5ce906af465
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: ens33
connection.autoconnect: 是
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0(default)
connection.auth-retries: -1
connection.timestamp: 0
connection.read-only: 否
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1(default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: 未知
connection.lldp: default
connection.mdns: -1(default)
connection.llmnr: -1(default)
connection.wait-device-timeout: -1
-------------------------------------------------------------------------------
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: 否
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: 自动
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1(default)
-------------------------------------------------------------------------------
ipv4.method: auto
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: 否
ipv4.ignore-auto-dns: 否
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: 是
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0(none)
ipv4.never-default: 否
ipv4.may-fail: 是
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.dhcp-reject-servers: --
-------------------------------------------------------------------------------
ipv6.method: auto
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: 否
ipv6.ignore-auto-dns: 否
ipv6.never-default: 否
ipv6.may-fail: 是
ipv6.required-timeout: -1 (default)
ipv6.ip6-privacy: -1(unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.ra-timeout: 0 (default)
ipv6.dhcp-duid: --
ipv6.dhcp-iaid: --
ipv6.dhcp-timeout: 0 (default)
ipv6.dhcp-send-hostname: 是
ipv6.dhcp-hostname: --
ipv6.dhcp-hostname-flags: 0x0(none)
ipv6.token: --
-------------------------------------------------------------------------------
proxy.method: none
proxy.browser-only: 否
proxy.pac-url: --
proxy.pac-script: --
-------------------------------------------------------------------------------
===============================================================================
连接配置集详情 (ens33)
===============================================================================
connection.id: ens33
connection.uuid: c4516c31-9f66-4611-99c6-60197324693d
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: ens33
connection.autoconnect: 是
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0(default)
connection.auth-retries: -1
connection.timestamp: 0
connection.read-only: 否
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1(default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: 未知
connection.lldp: default
connection.mdns: -1(default)
connection.llmnr: -1(default)
connection.wait-device-timeout: -1
-------------------------------------------------------------------------------
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: 否
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: 自动
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1(default)
-------------------------------------------------------------------------------
ipv4.method: manual
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: 192.168.0.21/24
ipv4.gateway: 192.168.0.1
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: 否
ipv4.ignore-auto-dns: 否
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: 是
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0(none)
ipv4.never-default: 否
ipv4.may-fail: 是
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.dhcp-reject-servers: --
-------------------------------------------------------------------------------
ipv6.method: manual
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: 2001:470:18:ac4::2/64
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: 否
ipv6.ignore-auto-dns: 否
ipv6.never-default: 否
ipv6.may-fail: 是
ipv6.required-timeout: -1 (default)
ipv6.ip6-privacy: -1(unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.ra-timeout: 0 (default)
ipv6.dhcp-duid: --
ipv6.dhcp-iaid: --
ipv6.dhcp-timeout: 0 (default)
ipv6.dhcp-send-hostname: 是
ipv6.dhcp-hostname: --
ipv6.dhcp-hostname-flags: 0x0(none)
ipv6.token: --
-------------------------------------------------------------------------------
proxy.method: none
proxy.browser-only: 否
proxy.pac-url: --
proxy.pac-script: --
-------------------------------------------------------------------------------
[root@superman-21 ~]#
25.3.3 添加 Wi-Fi 连接
有两种方式添加Wi-Fi 连接。
方法1,通过网络接口连接wifi
连接到由SSID或BSSID指定的wifi网络。命令如下,该命令找到匹配的连接或创建一个连接,然后在设备上激活它。
# nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME"
# nmcli --ask device wifi connect "$SSID"
方法2,通过配置文件连接Wi-Fi
- 使用以下命令查看可用 Wi-Fi 访问点:
# nmcli dev wifi list
- 使用以下命令生成使用的静态 IP 配置,但允许自动 DNS 地址分配的 Wi-Fi 连接:
# nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1
- 请使用以下命令设定 WPA2 密码,例如 “answer”:
# nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk
# nmcli con modify Wifi wifi-sec.psk answer
- 使用以下命令更改 Wi-Fi 状态:
# nmcli radio wifi [ on | off ]
25.3.4 更改属性
请使用以下命令检查具体属性,比如 mtu:
# nmcli connection show id 'Wifi' | grep mtu
802-11-wireless.mtu: auto
使用如下命令更改设置的属性:
# nmcli connection modify id 'Wifi' 802-11-wireless.mtu 1350
使用如下命令确认更改:
# nmcli connection show id 'Wifi' | grep mtu
802-11-wireless.mtu: 1350
25.4 配置静态路由
-
使用nmcli命令为网络连接配置静态路由,使用命令如下:
[root@superman-21 ~]# nmcli connection modify ens33 +ipv4.routes "192.168.122.0/24 10.10.0.1" [root@superman-21 ~]# -
使用编辑器配置静态路由,使用如下命令:
[root@superman-21 ~]# nmcli con edit type ethernet con-name ens33 ===| nmcli 交互式连接编辑器 |=== 正在添加新的 "802-3-ethernet" 连接 输入 "help" 或 "?" 查看可用的命令。 输入 "print" 来显示所有的连接属性。 输入 "describe [<设置>.<属性>]" 来获得详细的属性描述。 您可编辑下列设置:connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, hostname, tc, proxy nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1 nmcli> save persistent 使用 "autoconnect=yes" 保存该连接。这样会立即激活该连接。 您仍要保存吗? (yes/no) [yes] yes 连接 "ens33" (24868b8f-fe3e-491f-a776-4a3cd85422f6) 已成功保存。 nmcli> quit [root@superman-21 ~]#
