RED HAT ENTERPRISE LINUX

Configuring Network Settings

Network Interfaces and NetworkManager Configuration

CIS126RH | RHEL System Administration 1
Mesa Community College

Learning Objectives

Configure connections with nmcli

Create, modify, and manage network connections using the command line

Set static IP addressing

Configure IPv4 and IPv6 addresses, gateways, and DNS servers

Manage hostnames

Configure system hostname and understand hostname types

Understand configuration files

Know where network settings are stored and how to edit them

NetworkManager Architecture

NetworkManager is a daemon that manages network connections dynamically. It uses connection profiles that define network settings and can be activated on network devices.

nmcli / nmtui

→

NetworkManager

→

Connection Profiles

→

Network Devices

nmcli

Command-line interface for scripting and server administration

nmtui

Text-based UI for interactive configuration

nm-connection-editor

Graphical interface (desktop systems)

Configuration Files

Stored in /etc/NetworkManager/

Connections vs Devices

Connection (Profile)

Configuration template (IP, DNS, gateway)
Can exist without being active
Multiple profiles per device possible
Stored as a file in /etc/NetworkManager/
Has a NAME and UUID

Device (Interface)

Physical or virtual network interface
ens33, eth0, wlan0, etc.
Can have 0 or 1 active connection
State: connected, disconnected, unmanaged
Detected by kernel/udev

# List connections (profiles)
[student@server ~]$ nmcli connection show
NAME    UUID                                  TYPE      DEVICE
ens33   a1b2c3d4-e5f6-7890-abcd-ef1234567890  ethernet  ens33
Home    b2c3d4e5-f6a7-8901-bcde-f23456789012  wifi      --

# List devices (interfaces)
[student@server ~]$ nmcli device status
DEVICE  TYPE      STATE         CONNECTION
ens33   ethernet  connected     ens33
lo      loopback  unmanaged     --

nmcli Command Structure

nmcli [OPTIONS] OBJECT { COMMAND | help }

# Primary objects:
nmcli general       # NetworkManager status and logging
nmcli networking    # Overall networking on/off
nmcli connection    # Manage connections (short: con)
nmcli device        # Manage devices (short: dev)

Object	Key Commands	Purpose
`connection`	show, add, modify, up, down, delete, reload	Manage profiles
`device`	status, show, connect, disconnect, reapply	Manage interfaces
`general`	status, hostname, logging	NM status + logs
`networking`	on, off, connectivity	Master on/off switch

Abbreviation: nmcli accepts shortened object and command names. nmcli con mod ens33 and nmcli connection modify ens33 are identical.

Viewing Connection Details

# Show all settings for a connection
[student@server ~]$ nmcli connection show ens33
connection.id:                          ens33
connection.uuid:                        a1b2c3d4-e5f6-7890-abcd-ef1234567890
connection.type:                        802-3-ethernet
connection.interface-name:              ens33
connection.autoconnect:                 yes
ipv4.method:                            auto
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.dns:                               --

Querying Specific Fields

# Get a single field value (good for scripting)
[student@server ~]$ nmcli -g ipv4.addresses connection show ens33
192.168.1.100/24

# Show all IPv4 settings for a connection
[student@server ~]$ nmcli -f ipv4 connection show ens33

# Compare configured profile vs. active runtime values
[student@server ~]$ nmcli connection show ens33 | grep ipv4

# Show runtime device settings (what is actually in use)
[student@server ~]$ nmcli device show ens33 | grep IP4

connection show vs device show: connection show reads the profile file. device show reads the live, active settings. After modifying a profile without reactivating, these may differ.

Creating Connections: DHCP

# Create a new DHCP connection profile
[root@server ~]# nmcli connection add     con-name "Office-DHCP"     type ethernet     ifname ens33

# The profile appears in the list (not yet active)
[student@server ~]$ nmcli connection show
NAME         UUID                                  TYPE      DEVICE
Office-DHCP  c3d4e5f6-a7b8-9012-cdef-345678901234  ethernet  --
ens33        a1b2c3d4-e5f6-7890-abcd-ef1234567890  ethernet  ens33

# Activate the new connection
[root@server ~]# nmcli connection up Office-DHCP
Connection successfully activated

# Verify active connection
[student@server ~]$ nmcli device status
DEVICE  TYPE      STATE      CONNECTION
ens33   ethernet  connected  Office-DHCP

Creating Static IP Connections

# Create connection with static IPv4
[root@server ~]# nmcli connection add     con-name "Server-Static"     type ethernet     ifname ens33     ipv4.method manual     ipv4.addresses 192.168.1.50/24     ipv4.gateway 192.168.1.1     ipv4.dns "8.8.8.8,8.8.4.4"

# Activate the static connection
[root@server ~]# nmcli connection up Server-Static

ipv4.method manual is required for static addressing — it tells NetworkManager not to use DHCP. Always specify addresses, gateway, and DNS together for a complete static configuration.

Exam tip: After creating or modifying any connection, always run nmcli connection up <name> to activate it. Unactivated profiles do not take effect.

Modifying Connections

# Change an existing connection from DHCP to static
[root@server ~]# nmcli connection modify ens33     ipv4.method manual     ipv4.addresses 192.168.1.100/24     ipv4.gateway 192.168.1.1     ipv4.dns "8.8.8.8"

# Add an additional DNS server (+ prefix appends)
[root@server ~]# nmcli connection modify ens33 +ipv4.dns "8.8.4.4"

# Remove a DNS server (- prefix removes)
[root@server ~]# nmcli connection modify ens33 -ipv4.dns "8.8.4.4"

# Add a second IP address
[root@server ~]# nmcli connection modify ens33 +ipv4.addresses 192.168.1.101/24

Applying Connection Changes

# Disable autoconnect (prevent auto-start at boot)
[root@server ~]# nmcli connection modify ens33 connection.autoconnect no

# Changes saved but not active until explicitly applied
[root@server ~]# nmcli connection up ens33     # Reactivate connection
[root@server ~]# nmcli connection reload        # Reload all profiles from disk

# Reapply without full reconnect (keeps existing sessions)
[root@server ~]# nmcli device reapply ens33

connection up

Full reconnect — drops and re-establishes. Some settings require this.

device reapply

Applies changes without dropping the connection — less disruptive for some changes.

IPv6 Configuration

# Create a static IPv6 connection
[root@server ~]# nmcli connection add     con-name "IPv6-Static"     type ethernet     ifname ens33     ipv6.method manual     ipv6.addresses "2001:db8::10/64"     ipv6.gateway "2001:db8::1"

# Add IPv6 to an existing connection (dual-stack)
[root@server ~]# nmcli connection modify ens33     ipv6.method manual     ipv6.addresses "2001:db8::100/64"     ipv6.gateway "2001:db8::1"

# Disable IPv6 on a connection
[root@server ~]# nmcli connection modify ens33 ipv6.method disabled

# Enable IPv6 SLAAC (stateless auto-configuration)
[root@server ~]# nmcli connection modify ens33 ipv6.method auto

# IPv6 link-local only (no global address assigned)
[root@server ~]# nmcli connection modify ens33 ipv6.method link-local

DNS Configuration

# Set DNS servers for a connection
[root@server ~]# nmcli connection modify ens33 ipv4.dns "8.8.8.8 8.8.4.4"

# Set DNS search domains
[root@server ~]# nmcli connection modify ens33 ipv4.dns-search "example.com lab.local"

# Prevent DHCP from overwriting DNS settings
[root@server ~]# nmcli connection modify ens33 ipv4.ignore-auto-dns yes

# View the generated resolver configuration
[student@server ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search example.com lab.local
nameserver 8.8.8.8
nameserver 8.8.4.4

# Check which connection provides DNS for a device
[student@server ~]$ nmcli device show ens33 | grep DNS

Do not edit /etc/resolv.conf directly. NetworkManager regenerates it from connection profiles — manual edits will be overwritten. Configure DNS through nmcli connection modify.

Managing Connection State

# Activate a connection
[root@server ~]# nmcli connection up ens33

# Activate on a specific device
[root@server ~]# nmcli connection up ens33 ifname ens33

# Deactivate a connection
[root@server ~]# nmcli connection down ens33

# Disconnect a device (deactivates its current connection)
[root@server ~]# nmcli device disconnect ens33

# Reconnect a device (activates its default connection)
[root@server ~]# nmcli device connect ens33

Reload and Delete Connections

# Reload connection profiles from disk (after manual file edits)
[root@server ~]# nmcli connection reload

# Reapply settings to device without full reconnect
[root@server ~]# nmcli device reapply ens33

# Delete a connection profile (permanent)
[root@server ~]# nmcli connection delete "Old-Connection"

When to use reload

After manually editing a keyfile
After copying a profile from another system
When profiles don't appear in nmcli con show

connection delete

Removes the profile and its file
Device falls back to another profile
Or becomes disconnected if no other profile

Using nmtui

nmtui (NetworkManager Text User Interface) provides a menu-driven interface for network configuration — useful when you don't remember exact nmcli syntax.

# Launch nmtui
[root@server ~]# nmtui

Edit a connection

Create, modify, or delete connection profiles

Activate a connection

Turn connections on or off interactively

Set system hostname

Change the system hostname from a menu

Navigation

Tab, arrows, Enter, Esc to navigate menus

When to use nmtui: Quick interactive changes, or when you don't remember nmcli syntax. For scripting and automation, use nmcli.

Hostname Configuration

# View current hostname
[student@server ~]$ hostname
server.example.com

# View all hostname types and system info
[student@server ~]$ hostnamectl
 Static hostname: server.example.com
       Icon name: computer-vm
         Chassis: vm
      Machine ID: a1b2c3d4...
         Boot ID: e5f6a7b8...
  Virtualization: vmware
Operating System: Red Hat Enterprise Linux 9.0
     CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos
          Kernel: Linux 5.14.0-70.el9.x86_64
    Architecture: x86-64

Setting the Hostname

# Set hostname persistently (writes to /etc/hostname)
[root@server ~]# hostnamectl set-hostname server.example.com

# Set pretty hostname (human-friendly display name)
[root@server ~]# hostnamectl set-hostname "Web Server 01" --pretty

# Update /etc/hosts for local resolution
[root@server ~]# echo "192.168.1.100 server.example.com server" >> /etc/hosts

# Verify the change
[student@server ~]$ hostnamectl
[student@server ~]$ hostname -f    # Show FQDN

Best practice: Always use a Fully Qualified Domain Name (FQDN) like server.example.com. After setting the hostname, update /etc/hosts so the FQDN resolves locally without DNS.

Configuration Files

# View a connection profile file (RHEL 9 keyfile format)
[root@server ~]# cat /etc/NetworkManager/system-connections/ens33.nmconnection
[connection]
id=ens33
type=ethernet
interface-name=ens33

[ipv4]
method=manual
address1=192.168.1.100/24,192.168.1.1
dns=8.8.8.8;

File / Directory	Purpose
`/etc/NetworkManager/system-connections/`	Connection profile files (.nmconnection)
`/etc/NetworkManager/NetworkManager.conf`	Main NM daemon configuration
`/etc/hostname`	System static hostname
`/etc/hosts`	Static name-to-IP mappings
`/etc/resolv.conf`	DNS resolver (NM-managed, do not edit)

Keyfile Format

[connection] id=Server-Static uuid=a1b2c3d4-e5f6-7890-abcd-ef1234567890 type=ethernet interface-name=ens33 autoconnect=true [ethernet] mac-address=00:0C:29:4E:66:A1 [ipv4] method=manual address1=192.168.1.100/24,192.168.1.1 dns=8.8.8.8;8.8.4.4; dns-search=example.com; [ipv6] method=auto

[connection] — Profile name, type, interface

[ethernet] — Ethernet-specific (MAC, MTU)

[ipv4] — IPv4 method, addresses, DNS

[ipv6] — IPv6 configuration

address1 format: IP/prefix,gateway — e.g., 192.168.1.100/24,192.168.1.1. DNS servers end with semicolons. After editing, run nmcli connection reload.

Testing and Verification

# Verify interface address and state
[student@server ~]$ ip addr show ens33
[student@server ~]$ nmcli device show ens33

# Verify routing table
[student@server ~]$ ip route
[student@server ~]$ ip route get 8.8.8.8

# Verify DNS configuration
[student@server ~]$ cat /etc/resolv.conf
[student@server ~]$ dig google.com

# Test connectivity layer by layer
[student@server ~]$ ping -c 3 192.168.1.1      # Gateway
[student@server ~]$ ping -c 3 8.8.8.8          # Internet IP
[student@server ~]$ ping -c 3 google.com       # DNS resolution

# Check NetworkManager logs
[student@server ~]$ journalctl -u NetworkManager --since "5 minutes ago"

Common Tasks

# Task: Change server from DHCP to static IP
[root@server ~]# nmcli con mod ens33 ipv4.method manual     ipv4.addresses 192.168.1.100/24     ipv4.gateway 192.168.1.1     ipv4.dns "8.8.8.8 8.8.4.4"
[root@server ~]# nmcli con up ens33

# Task: Add a second IP address
[root@server ~]# nmcli con mod ens33 +ipv4.addresses 192.168.1.101/24
[root@server ~]# nmcli con up ens33

# Task: Disable IPv6
[root@server ~]# nmcli con mod ens33 ipv6.method disabled
[root@server ~]# nmcli con up ens33

# Task: Use custom DNS, ignore DHCP-provided DNS
[root@server ~]# nmcli con mod ens33 ipv4.dns "10.0.0.53" ipv4.ignore-auto-dns yes
[root@server ~]# nmcli con up ens33

Troubleshooting Network Configuration

# Problem: Connection won't activate
[root@server ~]# journalctl -u NetworkManager -n 50
[root@server ~]# nmcli connection show "con-name"   # Check for config errors

# Problem: IP address not assigned
[student@server ~]$ nmcli device status              # Is device connected?
[student@server ~]$ ip link show ens33               # Is link UP?

# Problem: Can't reach gateway (check address and route)
[student@server ~]$ ip route                         # Default route present?
[student@server ~]$ ip addr                          # Correct address/prefix?

# Problem: Reach IP but not hostnames (DNS)
[student@server ~]$ cat /etc/resolv.conf             # Nameserver configured?
[student@server ~]$ dig @8.8.8.8 google.com         # Bypass local DNS

# Problem: Changes not taking effect
[root@server ~]# nmcli connection reload
[root@server ~]# nmcli connection up ens33

Best Practices

✓ Do

Use static IPs for servers
Have console access before remote changes
Use meaningful connection names
Configure both IPv4 and IPv6
Set proper FQDN hostnames
Run nmcli con up after every modify
Verify with ip addr and ping

✗ Don't

Edit /etc/resolv.conf directly
Make changes remotely without backup access
Forget to activate after modifying profiles
Use duplicate IP addresses
Leave default connection names (ens33)
Ignore IPv6 configuration
Skip verification after changes

RHCSA Exam Tip: Verify networking after every configuration change. Lost network connectivity can prevent completing other exam tasks.

Key Takeaways

nmcli: Primary tool — connection add/modify/up/down/delete. Changes persist. Always activate with con up after modifying.

Static IP: Set ipv4.method manual, specify ipv4.addresses (CIDR), ipv4.gateway, and ipv4.dns. Reactivate to apply.

Hostname: Use hostnamectl set-hostname <FQDN>. Update /etc/hosts for local resolution.

Files: Profiles in /etc/NetworkManager/system-connections/. Run nmcli con reload after manual edits.

Graded Lab

Create a new DHCP connection, activate it, and verify with nmcli device status
Modify the connection to use a static IP, gateway, and DNS
Add a second IP address to the connection with the + prefix syntax
Configure the system hostname to a FQDN and update /etc/hosts
View the keyfile in /etc/NetworkManager/system-connections/
Verify full connectivity: gateway → 8.8.8.8 → hostname resolution

Next: Configuring and Securing SSH