RHEL7: Configure IPv4 addresses and perform basic IPv4 troubleshooting.

Share this link

Note: This is an RHCSA 7 exam objective.


Although it is still possible to define the network configuration through the files in the /etc/sysconfig/network-scripts directory, it’s not the preferred way any more (don’t forget to execute # nmcli con reload if you manually modify the files!).

With RHEL 7, all the network configuration is now mainly done through NetworkManager (the NetworkManager changelog is available here).

You can use:

  • the nmtui command and a Text User Interface,
  • the nmcli command at the Command Line Interface,
  • or the graphical interface.

For the rest of this tutorial, it is the nmcli option that has been chosen because it’s the quickest method and arguably the least prone to errors.

Changes made through the nmcli command are permanent.

Caution: To practice this tutorial in the best conditions, connect to the machine through its console (you could otherwise loose your connection!).

Network Configuration

To display the network configuration, type:

# nmcli con show
NAME           UUID                                  TYPE            DEVICE
ethernet-eth0  8d83684f-cd22-42cc-9fff-7704945a5c36  802-3-ethernet  eth0

Note: con is a shortcut for connection (you can even type only c).

Alternatively, you can type:

# nmcli dev status
eth0    ethernet  connected  ethernet-eth0
lo      loopback  unmanaged  --

To remove a connection (here ethernet-eth0), type:

# nmcli con del ethernet-eth0

Note1: If a space appears in the interface name (like System eth0), put everything between quotes: nmcli con del “System eth0”.
Note2: del is a shortcut for delete.


# nmcli con del 8d83684f-cd22-42cc-9fff-7704945a5c36

Connection Management

To create a connection with the name ethernet-eth0, the IPv4 address and the default gateway, type:

# nmcli con add con-name net-eth0 ifname eth0 type ethernet ip4 gw4
Connection 'net-eth0' (441085a4-4155-417b-ad8f-78a888d89988) successfully added.

Note1: If you don’t specify con-name net-eth0, the connection is called ethernet-eth0.
Note2: If you don’t specify the ip4 gw4 part, you end up with a connection automatically configured through DHCP.
Note3: nmcli con up net-eth0 is not necessary when initially configuring a connection.
Note4: ip4 and gw4 are used for respectively the ip address and the default gateway. Below, you will see that the syntax when modifying a connection is different: it’s then using ipv4.addresses and a space between the ip address and the default gateway.

To check the configuration, type:

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::0000:00:0000:0000/64 scope link
       valid_lft forever preferred_lft forever
# ip r
default via dev eth0  proto static  metric 1024 dev eth0  proto kernel  scope link  src

Note1: ip a is a shortcut for ip address show, ip r a shortcut for ip route show.
Note2: Don’t use the ifconfig command any more. This command is deprecated and no longer displays the correct network configuration (secondary ip addresses, etc).

To get all the information about a connection (here net-eth0), type:

# nmcli con show net-eth0
connection.id:                          net-eth0
connection.uuid:                        441085a4-4155-417b-ad8f-78a888d89988
connection.interface-name:              eth0
connection.type:                        802-3-ethernet
connection.autoconnect:                 yes
connection.timestamp:                   1427832564
connection.read-only:                   no
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.gateway-ping-timeout:        0
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          yes
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-nettype:            --
ipv4.method:                            manual
ipv4.addresses:                         { ip =, gw = }
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv6.method:                            auto
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-hostname:                     --
GENERAL.NAME:                           net-eth0
GENERAL.UUID:                           441085a4-4155-417b-ad8f-78a888d89988
GENERAL.DEVICES:                        eth0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        yes
GENERAL.DEFAULT6:                       no
GENERAL.VPN:                            no
GENERAL.ZONE:                           --
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/0
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/0
GENERAL.SPEC-OBJECT:                    --
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         ip =, gw =
IP6.ADDRESS[1]:                         ip = fe80::0000:00:0000:0000/64, gw = ::

Alternatively, you can type:

# nmcli dev show eth0
GENERAL.DEVICE:                         eth0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     net-eth0
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/0
IP6.ADDRESS[1]:                         fe80::0000:00:0000:0000/64

To stop a network connection from working (here net-eth0), type:

# nmcli con down net-eth0
# nmcli con show
NAME      UUID                                  TYPE            DEVICE 
net-eth0  441085a4-4155-417b-ad8f-78a888d89988  802-3-ethernet  --     

Note1: The shows that the connection isn’t active any more (add the –active option to only display active connections).
Note2: You can specify the UUID (here 441085a4-4155-417b-ad8f-78a888d89988) instead of the network connection name.
Note3: After reboot, the connection still restarts automatically, the property connection.autoconnect being set to yes, equivalent to ONBOOT=yes.

To start a network connection (here net-eth0), type:

# nmcli con up net-eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)

Note: As before, you can specify the UUID (here 441085a4-4155-417b-ad8f-78a888d89988) instead of the network connection name.

To prevent the connection (here net-eth0) to restart after reboot, type:

# nmcli con mod net-eth0 connection.autoconnect no

Note: mod is a shortcut for modify.

To change the ip address and default gateway of the net-eth0 connection to respectively and, type:
In RHEL 7.0:

# nmcli con mod net-eth0 ipv4.addresses ""
# nmcli con mod net-eth0 ipv4.method manual
# nmcli con up net-eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

From RHEL 7.1 on:

# nmcli con mod net-eth0 ipv4.addresses
# nmcli con mod net-eth0 ipv4.gateway
# nmcli con mod net-eth0 ipv4.method manual
# nmcli con up net-eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

Caution: The command nmcli con mod net-eth0 ipv4.addresses “” with a space between the ip address and the default gateway, all between quotes, was working in RHEL 7.0/CentOS 7.0 but doesn’t in RHEL 7.1/CentOS 7.1 and later due to NetworkManager changes (v0.9.9.1 -> v1.0.0).
Note1: You can use the syntax +ipv4.addresses or -ipv4.addresses to respectively add other ip addresses or remove some previously set (the initial one included).
Note2: The syntax is different from the one you used to initially set up the connection with ip4 and gw4.
Note3: According to the nmcli RedHat documentation, the ipv4.method property can have different values: auto means an appropriate automatic method (DHCP, PPP, etc) will be used for the interface, link-local refers to a link-local address in the 169.254/16 range that will be assigned to the interface, manual means static IP addressing is used and at least one IP address must be given in the addresses property, shared indicates that the connection will provide network access to other computers and the interface will be assigned an address in the 10.42.x.1/24 range with a DHCP and forwarding DNS server being started and the interface is NAT-ed to the current default network connection, disabled means IPv4 will not be used on this connection.

With the RHEL 7.3 release, NetworkManager now performs a check to detect duplicate IPv4 addresses when activating a new connection. If the address in LAN is already assigned, the connection activation fails. This feature is disabled by default, but you can enable it by the ipv4.dad-timeout property or the ARPING_WAIT variable in the ifcfg files.

To assign the net-eth0 connection to the work zone, type:

# firewall-cmd --permanent --zone=work --change-interface=eth0
# nmcli con mod net-eth0 connection.zone work 
# nmcli con up net-eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

Note1: Instead of using the nmcli con mod command, you can also edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file (here for the eth0 network interface), add a ZONE=work statement and restart the network interface with nmcli con up net-eth0.
Note2: For more details about the firewall-cmd command and the concept of zone, see the Firewalld Getting Started page.

Hostname Configuration

In RHEL 7, there are three kinds of hostnames: static, pretty, and transient.
“The static host name is the traditional hostname, which can be chosen by the user, and is stored in the /etc/hostname file. The transient hostname is a dynamic host name maintained by the kernel. It is initialized to the static host name by default, whose value defaults to localhost. It can be changed by DHCP or mDNS at runtime. The pretty hostname is a free-form UTF8 host name for presentation to the user.” Source: RHEL 7 Networking Guide.

To get the server hostnames, type:

# hostnamectl
   Static hostname: centos7.example.com
         Icon name: computer
           Chassis: n/a
        Machine ID: 8f56e45764474b668b0db97b4127a01b
           Boot ID: 2ae7e6c78331414b82aa89a0ffcfa9fa
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-123.el7.x86_64
      Architecture: x86_64

Alternatively, you can use the hostname command to only get the host name (this reads the /etc/hostname file):

# hostname

Note: You can even get the same result with the command nmcli gen host.

To permanently assign the rhel7 hostname  to the server, type:

# hostnamectl set-hostname rhel7

Note1: With this syntax all three hostnames (static, pretty, and transient) take the rhel7 value at the same time. However, it is possible to set the three hostnames separately by using the –pretty, –static, and –transient options.
Note2: The nmcli gen host rhel7 command will give you the same result.

Caution: With the RHEL 7.3 release, NetworkManager now uses the systemd-hostnamed service to read and write the static host name, which is stored in the /etc/hostname file. Due to this change, manual modifications done to the /etc/hostname file are no longer picked up automatically by NetworkManager. Users should change the system host name through the hostnamectl utility. Also, the use of the HOSTNAME variable in the /etc/sysconfig/network file is now deprecated.

Hostname Resolution

Hostname resolution relies on the /etc/nsswitch.conf file where you can find the following line by default:

hosts:      files dns

This means that hostname resolution is at first done through files (static resolution) then dns (dynamic resolution).

The static hostname resolution comes through the /etc/hosts file: centos7.example.com centos7

Note: Always write the IP address, the Full Qualified Domain Name and optionally some aliases in this order, otherwise some services like Kerberos will not work!

The dynamic hostname resolution is based on the /etc/resolv.conf file:

# Generated by NetworkManager
search example.com

Note: You can have up to 3 nameservers configured. As nameservers are called in the mentioned order (the second is called if the first doesn’t reply and so on), always put the main nameserver first in the list.

To add a DNS server (here to the configuration of the connection (here net-eth0), type:

# nmcli con mod net-eth0 +ipv4.dns
# nmcli con up net-eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
# more /etc/resolv.conf
# Generated by NetworkManager
search example.com

Note1: Use +ipv4.dns to add a new DNS server, -ipv4.dns to remove a DNS server and ipv4.dns to replace the current DNS server.
Note2: The change only occurs after the connection is restarted.
Note3: Use the ipv4.dns-search option to change the domain name if necessary. Be careful to set the correct full qualified domain name before with the hostnamectl set-hostname command.

To add a domain name in the search list (here example2.com), type:

# nmcli con mod net-eth0 +ipv4.dns-search example2.com
# nmcli con up net-eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
# more /etc/resolv.conf
# Generated by NetworkManager
search example2.com example.com

You can’t remove a DNS server provided through DHCP with the previous command (with the -ipv4.dns option for example), you will get this error message: “Error: failed to remove a value from ipv4.dns: the property doesn’t contain DNS server ‘’.”.
If you want to set your own DNS configuration in this context, type:

# nmcli con mod net-eth0 ipv4.ignore-auto-dns yes

Note: You get the same result by specifying PEERDNS=no in the network configuration files.

With RHEL 7.3 comes the ipv4.dhcp-timeout property or the IPV4_DHCP_TIMEOUT option in the ifcfg files. As a result, NetworkManager now waits for a response from the DHCP server only for a given time.

Additional Resources

You can watch Ralph Nyberg‘s video about Setting up the network configuration (15min/2015).
You can also have a look at a presentation given by Bert Van Vreckem about Troubleshooting Network Services on EL7 (38min/2018) (doc),

Beyond the exam objectives, you could be interested in Tuning 10GB network interface.
IBM wrote a document about Disabling IPv6 in RHEL 7.

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.75 out of 5)

Leave a Reply

Please Login to comment
18 Comment threads
48 Thread replies
Most reacted comment
Hottest comment thread
23 Comment authors
amedixercole1977xarvickeymkr_c Recent comment authors
newest oldest
Notify of


I am wondering in the exam, can we use nmtui instead of these complex commands?


Have you (or anyone) ran into having to use IPv4.address, instead of ipv4? I’ve checked various sources and haven’t seen anywhere use capital letters in any examples.


hi CertDepot, please can I edit directly the file config of network /etc/network/interfaces using vim


Very clear and systematic explanation 🙂 Liked it very much.
Request you add about network testing, once network is setup.
To confirm that the configuration done is correct or not.


I don’t completely understand why you don’t recommend to use nmcli console interactively.
In my opinion, the main advantage of this tool is to not remember distinct commands.
Go to console via: “nmcli connection edit” and you can execute command print, set, remove etc.
almost like on the network devices 🙂


Hi Can you please help, what is the difference between systemctl restart network and systemctl restart NetworkManager . See the below behavior, if I have two connections, there is a flapping after apply the above two commands, is this a bug? [root@server ~]# nmcli con show NAME UUID TYPE DEVICE server 5383d2b8-d591-40cf-bfe2-92af2b400394 802-3-ethernet eno16777728 eth 346044d0-a4ff-4290-b64a-39d8d0e304f7 802-3-ethernet — [root@server ~]# systemctl restart network [root@server ~]# nmcli con show NAME UUID TYPE DEVICE server 5383d2b8-d591-40cf-bfe2-92af2b400394 802-3-ethernet — eth 346044d0-a4ff-4290-b64a-39d8d0e304f7 802-3-ethernet eno16777728 [root@server ~]# systemctl restart NetworkManager [root@server ~]# nmcli con show NAME UUID TYPE DEVICE server 5383d2b8-d591-40cf-bfe2-92af2b400394 802-3-ethernet eno16777728 eth 346044d0-a4ff-4290-b64a-39d8d0e304f7… Read more »


As @twostep mention, use “nmcli con edit CONNECTIONAME” to edit the connection is way better than knowing all the commands. You can use “print all” to get all the settings.prop value. With that in mind, you can easily use “set setting.property value” to change the configs.

For example, the connection name is “net-eth1” and you want to turn it to DHCP (auto) instead of static:

# nmcli con edit net-eth1
> print all
> remove ipv4.gateway
> remove ipv4.address
> set ipv4.method auto
> set ipv4.dns
> verify all
> save persistent
> quit


A quick question: at this stage of the exam, do I have access to the GUI? If so, then nmtui would be preferable. Waiting for you reply.


Hello fellow RHCSA candidates. nmcli is hard for everyone, but it doesn’t have to be, even on the exam. I have always been a huge fan of the EXAMPLES section that some man pages offer because I find real-world examples more instructive than reading long lists of command options. The good news for RH exam takers at ALL levels, nmcli has the best EXAMPLES section I’ve ever seen. In fact, there is even a man page called nmcli-examples, though it is overkill for the RHCSA. Just type “man nmcli” and then use “/EXAMPLES” (no quotes) to search for them. If… Read more »


I had some issues during the EX200 exam where it appeared that I had to manually specify my route? Its possible that I had done something to clear the routes but just wondering if it is normally required that you set the route manually?


Good day, in the RHCSA exam do I need to install redhat? Do I need to setup lvm partition etc?? Which vm should I prefer??


Hi CD,

All commands above, is that all we can do in rhcsa exam?? I was just wondering, for what purpose of the command: “vi /etc/sysconfig/network-scrips/ifcfg-enp0s3”??
Which of these the two tools that should I prefer? Please advice.


You can use any command that you like during the exam, be it nmcli, nmtui, iproute2 toolkit or even net-tools (considered deprecated) as long as you can do the job using them. You can also edit configuration files directly (for example vim ifcfg-enp0s3).

Since there are many ways to skin a cat, my advice would be to use whatever tool you feel comfortable with during the exam. The way you do it doesn’t matter that much, the important thing is the outcome.


Ok, very clear to me. “/etc/sysconfig/network-scripts/enp0s3 ” is the easiest way for me.


Is it still necessary to do ipv4.method manual after changing ip address.

nmcli con mod “con-name” ipv4.method manual

I have been following Sander’s 2017 vids and Cert Guide and nowhere did he mention ipv4.method


I failed the EX200, one of the reasons was that the VM could not download some files (I used curl for downloading but the telnet was not working either). The DNS resolution was ok, but anything would end in “no route to host”. What I don’t understand, there is no Routing Objective in RHCSA. What’s my mistake?


Did you try ping, or nmap, or nslookup, or dig? “no route to host” could be any number of reason, firewall, etc.


nslookup : ok
ping : ko
curl : ko
stopping firewall and selinux on the guest : still ko


What I would’ve started with:

1. Resolve the DNS name of the webserver to see what IP address it points to.
2. Do “ip ro” to see the routing table of the server.
3. Identify whether the webserver is on the same network and is routable. If so, do “wget http://example.com/download/whatever/required” and see what happens.


Let’s suppose that you configure a static IP with nmtui (ip/24, gateway, dns, search domain). What happens if the webserver is not on the same network?


If the webserver is not on the same network, then a request will go via the default gateway. If the gateway has no knowledge of how to reach the webserver, you will get no route to host. Then you have to add a static route for the webserver.


So I had the same problem in the RHCE exam, that resulted in a failure as well.

Default route was provided by DHCP (I left it on DHCP), and shown via route -n
I added a manual route just to be sure.

Firewall was off (Both iptables and firewalld)
SELinux disabled (Just to be sure)
Nslookup worked
Everything else said no route to host
Traceroute returned !X on the routers

!X means “communication administratively prohibited” and !Z “communication with destination host administratively prohibited”

I’m at a loss as to why it failed too.


Usually a route table (also know as a NAT) is set up. This is a RHCE objective.


What is the solution in this case? eg your vm has dhcp ip gw…etc the server with the repo is at

I’ll be taking my rhcsa next week and this makes me very nervous because being unable to setup a repo pretty much fucks everything else. Please advice ty.


How to resolve

Error: Failed to modify connection ‘virbr0’: (32) ipv4.addresses: this property is not allowed for ‘method=disabled’


What were you trying to do?
The ‘br’ in virbr0 implies this is a virtual bridge.

The order of setting is important, off the top of my head you have to set the method before setting the ip address. you may have to do trial and error approach.



Regarding the IPv6 configuration on the RHCE exam, the IPv6 credentials (ip6 address, ip6 gateway, ip6 dns) will be provided by the examiner or will I convert the IPv4 address to a IPv6 address in order to configure it in the NIC?


All details will be provided.


Unfortunately due to a NDA, we can’t tell you what details are on exam. I will direct you to take a closer look at the RHCE objectives.


Ok, thanks. Also in the RHCE objectives the following one: “Configure host-based and user-based security for the service” is related to tcp wrappers?


Possibly, there are different methods to secure different services. The answer is in knowing the relevant service and knowing the method(s) to secure the service.


Not necessarily. To avoid repeating myself, here is the link you can follow:



Will nmtui be available in the exam? Can I safely use this tools instead of nmcli (I will study this, anyway!)



Instead of using nmcli is it possible in the exam to directly modify the ifcfg-ensX file in order to set up the networking ?
nmcli options are not easy to remember and you would have to try it many times to get it right, so it could be a wasting time !

Upcoming Events (Local Time)

  1. Feb

    1. 8:30 am - View Details
      CentOS: Dojo, Brussels, Belgium.

RHCSA7: Task of the day

Allowed time: 10 minutes.
Boot and change the root password before the end of the boot process.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a caching-only DNS server to forward DNS queries.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...