Can't set static IP in RHEL 7 Desktop

Latest response

I am using RHEL Desktop. I want to configure RHEL 7 with VLAN tagged connections (I have 8 Ethernet Ports).

After configuration the ports come UP (in fact ALL ports display UP) but without an IP address. My configurations are:

VLAN=yes
DEVICE=eno1.200
BOOTPROTO=static
ONBOOT=yes
IPADDRESS=10.67.152.177
NETMASK=255.255.255.192

VLAN=yes
DEVICE=eno2.101
BOOTPROTO=static
ONBOOT=yes
IPADDRESS=192.168.20.177
NETMASK=255.255.255.0

When I run the ifconfig command I see the following:

enO1.200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a2d3:c1ff:fefa:6bfc prefixlen 64 scopeid 0x20
ether a0:d3:c1:fa:6b:fc txqueuelen 1000 (Ethernet)
RX packets 5 bytes 340 (340.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 870 (870.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 32

NOTE: There is NO up address assigned.

Nothing changes when I execute service network restart.

When I try the ifup-eth eno1.200 I get the following error:

[root@localhost network-scripts]# ./ifup-eth ifcfg-eno1.200
Could not load file '/etc/sysconfig/network-scripts/ifcfg-eno1.200'
RTNETLINK answers: File exists
Could not load file '/etc/sysconfig/network-scripts/ifcfg-eno1.200'
Could not load file '/etc/sysconfig/network-scripts/ifcfg-eno1.200'
[root@localhost network-scripts]#

So, what am I doing wrong?

Oh yes, one more thing. The port is plugged in and there is link.

Responses

Hey Dale - One item grabbed my attention...

When I run the ifconfig command I see the following:

enO1.200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a2d3:c1ff:fefa:6bfc prefixlen 64 scopeid 0x20

That does not look like a en0 zero.. but instead enO letter O

Can you run:

cd /etc/sysconfig/network-scripts
grep ^DEVICE ifcfg-*

ifcfg-eno1.200:DEVICE=eno1.200
ifcfg-eno2.101:DEVICE=eno2.101
ifcfg-lo:DEVICE=lo
[root@localhost network-scripts]#

I looked up that interface and it actually is eno (with the letter o - or O in this case).

I don't have much experience with RHEL 7 at this point and I know people have struggled a bit with Network Manager (and the consensus is that NM is definitely better and should be considered again).

CLI

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Configure_802_1Q_VLAN_Tagging_Using_the_Command_Line.html#sec-Setting_Up_802.1Q_VLAN_Tagging_Using_ifcfg_Files

Network Manager

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Configure_802_1Q_VLAN_Tagging_Using_the_Command_Line_Tool_nmcli.html

EDIT: I just thought of something - did you create the ifcfg-en01.200 file from scratch? If so, I wonder if SElinux is blocking access?

# ls -lZ ifcfg-*
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  ifcfg-em1
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  ifcfg-lo
# restorecon -Fvv ifcfg-*

I created the ifcfg-eno1.200 manually. I should disable SE. This unit is in a lab with no outside internet.

SE is your friend - Even when you think it's not ;-) I recommend that you change it to permissive (rather than disable) if you need to go that route.

It is still quite helpful, especially on the desktop due to all of the framework for SELinux alerts and the GUI apps, to have it monitoring but not taking action. The SELinux Alert Browser is pretty cool and provides examples of what policies have been initiated and then how you can build a new policy to allow that action, etc...

Hello

I have configured quite a few ifcfg files manually on RHEL7 and not encountered an SELinux problem. Testing now, adding ens9 and two VLANs as "su -":
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens3
-rw-r--r--. root root unconfined_u:object_r:net_conf_t:s0 ifcfg-ens3.200
-rw-r--r--. root root unconfined_u:object_r:net_conf_t:s0 ifcfg-ens9
-rw-r--r--. root root unconfined_u:object_r:net_conf_t:s0 ifcfg-ens9.101

After running:
network-scripts]# restorecon -Fvv ifcfg-*
I see:
network-scripts]# ls -lZ ifcfg-*
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens3
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens3.200
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens9
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens9.101

Time to brush off my SElinux guide from Summit ;-)

I guess it makes sense that there is a wildcard for the "network-scripts" directory. Hard to know how folks are creating the files though.

[root@seraph targeted]# semanage fcontext --list | egrep 'ifcfg|network'
/dev/network_latency                               character device   system_u:object_r:netcontrol_device_t:s0 
/dev/network_throughput                            character device   system_u:object_r:netcontrol_device_t:s0 
/etc/network/ifstate                               regular file       system_u:object_r:etc_runtime_t:s0 
/etc/sysconfig/network-scripts(/.*)?               all files          system_u:object_r:net_conf_t:s0 
/etc/sysconfig/network-scripts/.*resolv\.conf      regular file       system_u:object_r:net_conf_t:s0 
/etc/sysconfig/network-scripts/ifdown.*            all files          system_u:object_r:bin_t:s0 
/etc/sysconfig/network-scripts/ifup-ipsec          regular file       system_u:object_r:initrc_exec_t:s0 
/etc/sysconfig/network-scripts/ifup.*              all files          system_u:object_r:bin_t:s0 
/etc/sysconfig/network-scripts/init.*              all files          system_u:object_r:bin_t:s0 
/etc/sysconfig/network-scripts/net.*               all files          system_u:object_r:bin_t:s0 
/etc/sysconfig/networking(/.*)?                    all files          system_u:object_r:net_conf_t:s0 

I forgot to add link to SELinux Guide :
Unconfined Processes

Update.

I used the nmcli command. That was a good help! Here's what followed (eno1 does not have an IP address):

[root@localhost network-scripts]# nmcli con add type vlan ifname eno1.200 dev eth0 id 200
Connection 'vlan-eno1.200' (438cee98-a790-4d24-958a-0f7bbc26c89e) successfully added.

Then I ran ls -lrt (truncated output) to see how the interface was created. There was a difference in the nmcli name and the name I created (vlan inserted into the name).

ifcfg-vlan-eno1.200

Next I tried bringing the interface up with the following command:

[root@localhost network-scripts]# ./ifup-eth ifcfg-vlan-eno1.200

Determining IP information for eno1.200... failed.

... then I got the error.

I went forward from the link you gave me. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Configure_802_1Q_VLAN_Tagging_Using_the_Command_Line.html

AND I'm back to being confused so I am trying a few other steps.

Try change: IPADDRESS to IPADDR

Do: ~]# journalctl -xn | less
Any clue there?

re: IPADDR - Good catch - I had not even seen that.

Oh guys,

My face is red. I discovered, quite by accident, there is a GUI for configuring ethernet ports, VLANs, et cetera. I don't normally use GUIs for configurations. So, now I have the ports and VLANs up and it only took minutes.

I want to thank everyone for their generous support and advice. I learned a lot about RHEL 7 Desktop and this "new" application called a "GUI."

Dale - I think more folks are in the same boat than you might assume. I know many people simply avoid Network Manager, management utilities, etc... and I think that is slated to change with RHEL 7. Many of us are still learning the New Order ;-)

Just went to a Red Hat Class this week for this, that included the new nmcli and other NM tools.

Hi Dale,

Just for my understanding: do you see "dummy devices files"

/etc/syconfig/network-scripts/ifcfg-eno1

and

/etc/syconfig/network-scripts/ifcfg-eno2

Good question. Almost as though there should be an "anchor device" which the VLAN-tagged device is associated with. I'm curious as well.

Hey guys,

Yes, I did see the files for ifcfg-eno1 and ifcfg-en02.

Here is the output of the ifconfig command after creating with the GUI:

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.67.152.2 netmask 255.255.255.192 broadcast 10.67.152.63
eno1.200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.67.152.177 netmask 255.255.255.192 broadcast 10.67.152.191

eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.1 netmask 255.255.255.0 broadcast 192.168.20.255
en02.101: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.177 netmask 255.255.255.0 broadcast 192.168.20.255

A new nmcli command that will show you your interfaces governed by NM:

[root@seven7 ~]# nmcli c s
<output follows below in next block>
  • You can use the above example. The above example is an abbreviated example for what is below...
[root@seven7 ~]# nmcli con sho
NAME    UUID                                  TYPE            DEVICE 
enp0s5  42f72d00-5695-45d1-bbf5-cb74e56fb020  802-3-ethernet  --     
eth0    5fb26bd0-0bb0-4ffb-45f1-d6edd75f3e83  802-3-ethernet  eth0