Posted inNetworking

Stop Using ifconfig: A Guide to Professional Networking with nmcli

Networking tutorial - IT technology blog
Networking tutorial - IT technology blog

The Shift from Legacy Scripts to NetworkManager

If you’re still typing ifconfig to check an IP address, you’re using a tool that was officially deprecated over a decade ago. For years, sysadmins managed Linux networking by manually hacking /etc/network/interfaces or /etc/sysconfig/network-scripts/ifcfg-eth0. It was a fragile process. One typo in a text file could lock you out of a remote server, forcing a physical trip to the data center.

Modern distros like RHEL 9, Ubuntu 22.04, and Debian 12 now rely on NetworkManager as the central source of truth. Many engineers avoid its command-line tool, nmcli, because the syntax feels intimidating. However, using legacy tools in a NetworkManager world is dangerous. You might change an IP with ifconfig, only to have the daemon overwrite your settings 30 seconds later during a DHCP renewal or a service restart.

Choosing Your Tool: Why nmcli Wins in Production

In a professional environment, you generally have three ways to configure a network. Here is how they actually perform in the field:

1. Manual Configuration Files

This involves editing Netplan YAML files in Ubuntu or key-files in /etc/NetworkManager/system-connections/. It works well for Infrastructure as Code (IaC) like Ansible. However, it is slow for live troubleshooting. One missing space in a YAML file can kill your connectivity, leaving you to scramble for a serial console at 2 AM.

2. Legacy Utilities (ifconfig/route)

These are great for a five-second glance at your MAC address, but they are “stateless.” They only change the current RAM state. If the server reboots, your changes vanish. On modern systems, NetworkManager often treats these manual changes as “unmanaged” interference and will actively revert them to maintain the defined policy.

3. nmcli (The Professional Standard)

This is the gold standard for modern sysadmins. It talks directly to the NetworkManager API. When you run an nmcli command, it updates the persistent configuration and the active state at the same time. I’ve used this to manage 10Gbps SFP+ interfaces and complex VLAN tagging with zero downtime. It is fast, reliable, and survives reboots by default.

The Trade-offs

  • The Good:
    • Uniformity: The commands you use on a Fedora workstation work exactly the same on a Debian web server.
    • Persistence: You don’t have to worry about post-up scripts; changes stay saved.
    • Automation: It returns predictable exit codes, making it perfect for Bash automation.
    • Safety: Tab-completion helps you avoid syntax errors before you hit Enter.
  • The Bad:
    • Lengthy Commands: Typing nmcli connection modify is more tedious than the old ways.
    • Concepts: You must learn the difference between a device (the physical NIC) and a connection (the software profile).

Getting Started: Production Preparation

Before touching a production server, ensure NetworkManager is actually handling the interface. If you see “unmanaged” in your status report, nmcli won’t be able to help you. Start by enabling the service:

systemctl enable --now NetworkManager

Practical nmcli Recipes

To master nmcli, remember this rule: You apply Connections (profiles) to Devices (hardware).

1. Auditing Your Hardware

Always start by identifying your interfaces. A server might have four Ethernet ports, but only one is plugged into the switch.

# Check the status of physical and virtual hardware
nmcli device status

# List all saved configuration profiles
nmcli connection show

Active connections appear in green. If a device is listed as “disconnected,” it’s sitting idle and waiting for a profile.

2. Setting a Static IP (The Right Way)

Imagine you need to set a static IP on eth0 for a new database server. Instead of hunting for a config file, use this one-liner. We’ll name the profile “Static-Internal” for clarity.

# Create the profile with IP, Gateway, and Manual method
nmcli con add type ethernet con-name Static-Internal ifname eth0 ipv4.addresses 10.0.0.50/24 ipv4.gateway 10.0.0.1 ipv4.method manual

# Add your DNS resolvers (Cloudflare and Google in this example)
nmcli con mod Static-Internal ipv4.dns "1.1.1.1,8.8.8.8"

3. Converting DHCP to Static

If a server is already running on DHCP and you need to lock it down to a static address (e.g., 192.168.1.101), modify the existing “Wired connection 1” profile.

# Update the existing profile
nmcli con mod "Wired connection 1" ipv4.addresses 192.168.1.101/24
nmcli con mod "Wired connection 1" ipv4.gateway 192.168.1.1
nmcli con mod "Wired connection 1" ipv4.method manual

# Push the changes live
nmcli con up "Wired connection 1"

Note: Changes are written to /etc/NetworkManager/system-connections/ immediately. However, they don’t take effect until you “up” the connection.

4. Handling Multiple IPs (IP Aliasing)

In high-availability setups, you often need one NIC to host multiple IPs. nmcli makes this much cleaner than the old eth0:0 virtual interface hack.

# Use the '+' prefix to append an address instead of replacing it
nmcli con mod Static-Internal +ipv4.addresses 10.0.0.51/24
nmcli con up Static-Internal

The “Safety Net” Trick for Remote SSH

Changing network settings over SSH is like performing surgery on yourself. If you make a mistake, you lose your connection and the server becomes a brick. To prevent this, use a “rollback” command string.

Run this when applying risky changes:

nmcli con up NewConfig; sleep 60; nmcli con up OldConfig

If the new configuration works, hit Ctrl+C to cancel the sleep command. If you get kicked out, just wait 60 seconds. The server will automatically revert to the old, working configuration, and you can log back in to fix your mistake.

Mastering nmcli is about moving away from the “edit and pray” workflow. By using the native tools designed for the daemon, you ensure your network is stable, documented, and ready for production uptime.

Share:
Tags: