Chapter 2. Configure IP Networking

2.1. Static and Dynamic Interface Settings
2.1.1. When to Use Static Network Interface Settings
2.1.2. When to Use Dynamic Interface Settings
2.1.3. Selecting Network Configuration Methods
2.1.4. Using the Text User Interface, nmtui
2.1.5. Using the NetworkManager Command Line Tool, nmcli
2.1.6. Understanding the nmcli Options
2.1.7. Connecting to a Network Using nmcli
2.1.8. Configuring Static Routes Using nmcli
2.2. Editing Network Configuration Files
2.2.1. Configuring a Network Interface Using ifcfg Files
2.2.2. Configuring the Network Settings from the Kernel Command-line
2.2.3. Configuring a Network Interface Using ip Commands
2.2.4. Static Routes and the Default Gateway
2.2.5. Configuring Static Routes in ifcfg files
2.2.6. Configuring a VPN
2.3. Using NetworkManager with the GNOME Graphical User Interface
2.3.1. Connecting to a Network Using a GUI
2.3.2. Configuring New and Editing Existing Connections
2.3.3. Connecting to a Network Automatically
2.3.4. Common Configuration Options in nm-connection-editor
2.3.5. System-wide and Private Connection Profiles
2.3.6. Configuring a Wired (Ethernet) Connection
2.3.7. Configuring a Wi-Fi Connection
2.4. Establishing a VPN Connection
2.5. Establishing a Mobile Broadband Connection
2.6. Establishing a DSL Connection
2.7. Configuring Connection Settings
2.7.1. Configuring 802.3 Link Settings
2.7.2. Configuring 802.1X Security
2.7.3. Configuring Wi-Fi Security
2.7.4. Using MACsec with wpa_supplicant and NetworkManager
2.7.5. Configuring PPP (Point-to-Point) Settings
2.7.6. Configuring IPv4 Settings
2.7.7. Configuring IPv6 Settings
2.7.8. Configuring Routes
2.8. Additional Resources

2.1. Static and Dynamic Interface Settings

When to use static addressing and when to use dynamic addressing? These decisions are subjective, they depend on your accessed needs, your specific requirements. Having a policy, documenting it, and applying it consistently are usually more important than the specific decisions you make. In a traditional company LAN, this is an easier decision to make as you typically have fewer servers than other hosts. Provisioning and installation tools make providing static configurations to new hosts easy and using such tools will change your work flow and requirements. The following two sections are intended to provide just basic guidance to those who have not already been through this decision-making process. Experienced system administrators will likely have their own set of rules and requirements that may differ from what is discussed here. For more information on automated configuration and management, see the OpenLMI section in the Red Hat Enterprise Linux 7 System Administrators Guide. The Red Hat Enterprise Linux 7 Installation Guide documents the use of kickstart which can also be used for automating the assignment of network settings.

2.1.1. When to Use Static Network Interface Settings

Use static IP addressing on those servers and devices whose network availability you want to ensure when automatic assignment methods, such as DHCP, fail. DHCP, DNS, and authentication servers are typical examples. Interfaces for out-of-band management devices are also worth configuring with static settings as these devices are supposed to work, as far as is possible, independently of other network infrastructure.
For hosts which are not considered vital, but for which static IP addressing is still considered desirable, use an automated provisioning method when possible. For example, DHCP servers can be configured to provide the same IP address to the same host every time. This method could be used for communal printers for example.
All the configuration tools listed in Section 2.1.3, “Selecting Network Configuration Methods” allow assigning static IP addresses manually. The nmcli tool is also suitable for use with scripted assignment of network configuration.

2.1.2. When to Use Dynamic Interface Settings

Enable and use dynamic assignment of IP addresses and other network information whenever there is no compelling reason not to. The time saved in planning and documenting manual settings can be better spent elsewhere. The dynamic host control protocol (DHCP) is a traditional method of dynamically assigning network configurations to hosts. See Section 10.1, “Why Use DHCP?” for more information on this subject.
By default, NetworkManager calls the DHCP client, dhclient, when a profile has been set to obtain addresses automatically, by setting BOOTPROTO to dhcp in an interface configuration file. If DHCP is required, an instance of dhclient is started for every Internet protocol, IPv4 and IPv6, on an interface. If NetworkManager is not running, or not managing an interface, then the legacy network service will call instances of dhclient as required.

2.1.3. Selecting Network Configuration Methods

2.1.4. Using the Text User Interface, nmtui

The text user interface tool nmtui can be used to configure an interface in a terminal window. Issue the following command to start the tool:
~]$ nmtui
The text user interface appears. Any invalid command prints a usage message.

Figure 2.1. The NetworkManager Text User Interface starting menu

To navigate, use the arrow keys or press Tab to step forwards and press Shift+Tab to step back through the options. Press Enter to select an option. The Space bar toggles the status of a check box.
To apply changes after a modified connection which is already active requires a reactivation of the connection. In this case, follow the procedure below:
  1. Select the Activate a connection menu entry.
    Activate a Connection

    Figure 2.2. Activate a Connection

  2. Select the modified connection. On the right, click the Deactivate button.
    Deactivate the Modified Connection

    Figure 2.3. Deactivate the Modified Connection

  3. Choose the connection again and click the Activate button.
    Reactivate the Modified Connection

    Figure 2.4. Reactivate the Modified Connection

2.1.5. Using the NetworkManager Command Line Tool, nmcli

The nmcli (NetworkManager Command Line Interface) command-line utility is used for controlling NetworkManager and reporting network status. It can be utilized as a replacement for nm-applet or other graphical clients. nmcli is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status.
The nmcli utility can be used by both users and scripts for controlling NetworkManager:
  • For servers, headless machines, and terminals, nmcli can be used to control NetworkManager directly, without GUI, including creating, editing, starting and stopping network connections and viewing network status.
  • For scripts, nmcli supports a terse output format which is better suited for script processing. It is a way to integrate network configuration instead of managing network connections manually.
The basic format of a nmcli command is as follows:
nmcli OPTIONS OBJECT { COMMAND | help }
where OBJECT can be one of the following options: general, networking, radio, connection, device, agent, and monitor. You can use any prefix of these options in your commands. For example: nmcli con help.
Some of useful OPTIONS to get started are:
-t, terse
This mode is designed and suitable for computer (script) processing.
-p, pretty
This causes nmcli to produce human-readable output. For example, values are aligned and headers are printed.
-h, help
Prints help information.
The nmcli tool has some built-in context-sensitive help:
nmcli help
This command lists the available options and object names to be used in subsequent commands.
nmcli object help
This command displays the list of available actions related to a specified object. For example,
nmcli c help

Brief Selection of nmcli Examples

The nmcli-examples(5) man page has many useful examples. Some of them show:
the overall status of NetworkManager:
nmcli general status
the current NetworkManager logging status:
nmcli general logging
all connections:
nmcli connection show
only currently active connections, add the --active or (-a) option as follows:
nmcli connection show --active
devices recognized by NetworkManager and their state:
nmcli device status

Starting and Stopping an Interface Using nmcli

The nmcli tool can be used to start and stop any network interface, including masters. For example:
nmcli con up id bond0
nmcli con up id port0
nmcli dev disconnect bond0
nmcli dev disconnect ens3

Note

The nmcli connection down command, deactivates a connection from a device without preventing the device from further auto-activation. The nmcli device disconnect command, disconnects a device and prevent the device from automatically activating further connections without manual intervention.

The nmcli Interactive Connection Editor

The nmcli tool has an interactive connection editor. To use it, enter the following command:
~]$ nmcli con edit
You will be prompted to enter a valid connection type from the list displayed. After entering a connection type you will be placed at the nmcli prompt. If you are familiar with the connection types you can add a valid connection type option to the nmcli con edit command and be taken straight to the nmcli prompt. The format is as follows for editing an existing connection profile:
nmcli con edit [id | uuid | path] ID
For editing a new connection profile, the following format applies:
nmcli con edit [type new-connection-type] [con-name new-connection-name]
Type help at the nmcli prompt to see a list of valid commands. Use the describe command to get a description of settings and their properties. The format is as follows:
describe setting.property
For example:
nmcli> describe team.config

Creating and Modifying a Connection Profile

A connection profile contains the connection property information needed to connect to a data source. To create a new profile for NetworkManager, use the following command:
nmcli c add {ARGUMENTS}
The nmcli c add accepts two different types of parameters:
Property names
the names which NetworkManager uses to describe the connection internally. The most important are:
  • connection.type
    nmcli c add connection.type bond
  • connection.interface-name
    nmcli c add connection.interface-name eth0
  • connection.id
    nmcli c add connection.id "My Connection"
    See the nm-settings(5) man page for more information on properties and their settings.
Aliases names
the human-readable names which are translated to properties internally. The most common are:
  • type (the connection.type property)
    nmcli c add type bond
  • ifname (the connection.interface-name property)
    nmcli c add ifname eth0
  • con-name (the connection.id property)
    nmcli c add con-name "My Connection"
In previous versions of nmcli, to create a connection required using the aliases. For example, ifname eth0 and con-name My Connection. A command in the following format could be used:
nmcli c add type ethernet ifname eth0 con-name "My Connection"
In more recent versions, both the property names and the aliases can be used interchangeably. The following examples are all valid and equivalent:
nmcli c add type ethernet ifname eth0 con-name "My Connection" ethernet.mtu 1600
nmcli c add connection.type ethernet ifname eth0 con-name "My Connection" ethernet.mtu 1600 
nmcli c add connection.type ethernet connection.interface-name eth0 connection.id  "My Connection" ethernet.mtu 1600
The arguments differ according to the connection types. Only the type argument is mandatory for all connection types and ifname is mandatory for all types except bond, team, bridge and vlan.
type type_name
connection type. For example:
nmcli c add type bond
ifname interface_name
interface to bind the connection to. For example:
nmcli c add ifname interface_name type ethernet
To modify one or more properties of a connection profile, use the following command:
nmcli c modify
For example, to change the connection.id from My Connection to My favorite connection and the connection.interface-name to eth1, issue the command as follows:
nmcli c modify "My Connection" connection.id "My favorite connection" connection.interface-name eth1

Note

It is preferable to use the property names. The aliases are used only for compatibility reasons.
In addition, to set the ethernet MTU to 1600, modify the size as follows:
nmcli c modify "My favorite connection" ethernet.mtu 1600 
To apply changes after a modified connection using nmcli, activate again the connection by entering this command:
nmcli con up con-name
For example:
nmcli con up My-favorite-connection 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)

2.1.6. Understanding the nmcli Options

Following are some of the important nmcli property options. See the comprehensive list in the nmcli(1) man page :
connection.type
A connection type. Allowed values are: adsl, bond, bond-slave, bridge, bridge-slave, bluetooth, cdma, ethernet, gsm, infiniband, olpc-mesh, team, team-slave, vlan, wifi, wimax. Each connection type has type-specific command options. You can see the TYPE_SPECIFIC_OPTIONS list in the nmcli(1) man page. For example:
  • A gsm connection requires the access point name specified in an apn.
    nmcli c add connection.type gsm apn access_point_name
  • A wifi device requires the service set identifier specified in a ssid.
    nmcli c add connection.type wifi ssid My identifier
connection.interface-name
A device name relevant for the connection.
nmcli con add connection.interface-name eth0 type ethernet
connection.id
A name uses the connection profile. If you do not specify a connection name, one will be generated as follows:
connection.type -connection.interface-name
The connection.id is the name of a connection profile and should not be confused with the interface name which denotes a device (wlan0, ens3, em1). However, users can name the connections after interfaces, but they are not the same thing. There can be multiple connection profiles available for a device. This is particularly useful for mobile devices or when switching a network cable back and forth between different devices. Rather than edit the configuration, create different profiles and apply them to the interface as needed. The id option also refers to the connection profile name.
The most important options for nmcli commands such as show, up, down are:
id
An identification string assigned by the user to a connection profile. Id can be used in nmcli connection commands to identify a connection. The NAME field in the command output always denotes the connection id. It refers to the same connection profile name that the con-name does.
uuid
A unique identification string assigned by the system to a connection profile. The uuid can be used in nmcli connection commands to identify a connection.

2.1.7. Connecting to a Network Using nmcli

To list the currently available network connections, issue a command as follows:
~]$ nmcli con show
NAME              UUID                                  TYPE            DEVICE
Auto Ethernet     9b7f2511-5432-40ae-b091-af2457dfd988  802-3-ethernet  --
ens3              fb157a65-ad32-47ed-858c-102a48e064a2  802-3-ethernet  ens3
MyWiFi            91451385-4eb8-4080-8b82-720aab8328dd  802-11-wireless wlan0
Note that the NAME field in the output always denotes the connection ID (name). It is not the interface name even though it might look the same. In the second connection shown above, ens3 in the NAME field is the connection ID given by the user to the profile applied to the interface ens3. In the last connection shown, the user has assigned the connection ID MyWiFi to the interface wlan0.
Adding an Ethernet connection means creating a configuration profile which is then assigned to a device. Before creating a new profile, review the available devices as follows:
~]$ nmcli device status
DEVICE  TYPE      STATE         CONNECTION
ens3    ethernet  disconnected  --
ens9    ethernet  disconnected  --
lo      loopback  unmanaged     --
To set the device unmanaged by the NetworkManager:
nmcli device set ifname managed no 
For example, to set eth2 unmanaged:
nmcli device status
DEVICE      TYPE      STATE      CONNECTION
bond0       bond      connected  bond0
virbr0      bridge    connected  virbr0
eth1        ethernet  connected  bond-slave-eth1
eth2        ethernet  connected  bond-slave-eth2
eth0        ethernet  unmanaged  --
nmcli device set eth2 managed no 
nmcli device status
DEVICE      TYPE      STATE      CONNECTION
bond0       bond      connected  bond0
virbr0      bridge    connected  virbr0
eth1        ethernet  connected  bond-slave-eth1
eth2        ethernet  unmanaged  --
eth0        ethernet  unmanaged  --

Note

When you set the device unmanaged, NetworkManager does not control it. However, the device is still connected.

Adding a Dynamic Ethernet Connection

To add an Ethernet configuration profile with dynamic IP configuration, allowing DHCP to assign the network configuration, a command in the following format can be used:
nmcli connection add type ethernet con-name connection-name ifname interface-name
For example, to create a dynamic connection profile named my-office, issue a command as follows:
~]$ nmcli con add type ethernet con-name my-office ifname ens3
Connection 'my-office' (fb157a65-ad32-47ed-858c-102a48e064a2) successfully added.
NetworkManager will set its internal parameter connection.autoconnect to yes. NetworkManager will also write out settings to /etc/sysconfig/network-scripts/ifcfg-my-office where the ONBOOT directive will be set to yes.
Note that manual changes to the ifcfg file will not be noticed by NetworkManager until the interface is next brought up. See Section 1.9, “Network Configuration Using sysconfig Files” for more information on using configuration files.
To open the Ethernet connection, issue a command as follows:
~]$ nmcli con up my-office
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
Review the status of the devices and connections:
~]$ nmcli device status
DEVICE  TYPE      STATE         CONNECTION
ens3    ethernet  connected     my-office
ens9    ethernet  disconnected  --
lo      loopback  unmanaged     --
To change the host name sent by a host to a DHCP server, modify the dhcp-hostname property as follows:
~]$ nmcli con modify my-office my-office ipv4.dhcp-hostname host-name ipv6.dhcp-hostname host-name
To change the IPv4 client ID sent by a host to a DHCP server, modify the dhcp-client-id property as follows:
~]$ nmcli con modify my-office my-office ipv4.dhcp-client-id client-ID-string
There is no dhcp-client-id property for IPv6, dhclient creates an identifier for IPv6. See the dhclient(8) man page for details.
To ignore the DNS servers sent to a host by a DHCP server, modify the ignore-auto-dns property as follows:
~]$ nmcli con modify my-office my-office ipv4.ignore-auto-dns yes ipv6.ignore-auto-dns yes
See the nm-settings(5) man page for more information on properties and their settings.

Example 2.1. Configuring a Dynamic Ethernet Connection Using the Interactive Editor

To configure a dynamic Ethernet connection using the interactive editor, issue commands as follows:
~]$ nmcli con edit type ethernet con-name ens3

===| nmcli interactive connection editor |===

Adding a new '802-3-ethernet' connection

Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
nmcli> describe ipv4.method

=== [method] ===
[NM property description]
IPv4 configuration method.  If 'auto' is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset.  If 'link-local' is specified, then a link-local address in the 169.254/16 range will be assigned to the interface.  If 'manual' is specified, static IP addressing is used and at least one IP address must be given in the 'addresses' property.  If 'shared' is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10.42.x.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT-ed to the current default network connection.  'disabled' means IPv4 will not be used on this connection.  This property must be set.

nmcli> set ipv4.method auto
nmcli> save
Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
Do you still want to save? [yes] yes
Connection 'ens3' (090b61f7-540f-4dd6-bf1f-a905831fc287) successfully saved.
nmcli> quit
~]$
The default action is to save the connection profile as persistent. If required, the profile can be held in memory only, until the next restart, by means of the save temporary command.

Adding a Static Ethernet Connection

To add an Ethernet connection with static IPv4 configuration, a command in the following format can be used:
nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address
IPv6 address and gateway information can be added using the ip6 and gw6 options.
For example, a command to create a static Ethernet connection with only IPv4 address and gateway is as follows:
~]$ nmcli con add type ethernet con-name test-lab ifname ens9 ip4 10.10.10.10/24 \
gw4 10.10.10.254
Optionally, at the same time specify IPv6 address and gateway for the device as follows:
~]$ nmcli con add type ethernet con-name test-lab ifname ens9 ip4 10.10.10.10/24 \
gw4 10.10.10.254 ip6 abbe::cafe gw6 2001:db8::1
Connection 'test-lab' (05abfd5e-324e-4461-844e-8501ba704773) successfully added.
NetworkManager will set its internal parameter ipv4.method to manual and connection.autoconnect to yes. NetworkManager will also write out settings to /etc/sysconfig/network-scripts/ifcfg-my-office where the corresponding BOOTPROTO will be set to none and ONBOOT will be set to yes.
Note that manual changes to the ifcfg file will not be noticed by NetworkManager until the interface is next brought up. See Section 1.9, “Network Configuration Using sysconfig Files” for more information on using configuration files.
To set two IPv4 DNS server addresses:
~]$ nmcli con mod test-lab ipv4.dns "8.8.8.8 8.8.4.4"
Note that this will replace any previously set DNS servers. To set two IPv6 DNS server addresses:
~]$ nmcli con mod test-lab ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
Note that this will replace any previously set DNS servers. Alternatively, to add additional DNS servers to any previously set, use the + prefix as follows:
~]$ nmcli con mod test-lab +ipv4.dns "8.8.8.8 8.8.4.4"
~]$ nmcli con mod test-lab +ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
To open the new Ethernet connection, issue a command as follows:
~]$ nmcli con up test-lab ifname ens9
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
Review the status of the devices and connections:
~]$ nmcli device status
DEVICE  TYPE      STATE      CONNECTION
ens3    ethernet  connected  my-office
ens9    ethernet  connected  test-lab
lo      loopback  unmanaged  --
To view detailed information about the newly configured connection, issue a command as follows:
~]$ nmcli -p con show test-lab
===============================================================================
                     Connection profile details (test-lab)
===============================================================================
connection.id:                          test-lab
connection.uuid:                        05abfd5e-324e-4461-844e-8501ba704773
connection.interface-name:              ens9
connection.type:                        802-3-ethernet
connection.autoconnect:                 yes
connection.timestamp:                   1410428968
connection.read-only:                   no
connection.permissions:
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.secondaries:
connection.gateway-ping-timeout:        0
[output truncated]
The use of the -p, --pretty option adds a title banner and section breaks to the output.

Example 2.2. Configuring a Static Ethernet Connection Using the Interactive Editor

To configure a static Ethernet connection using the interactive editor, issue commands as follows:
~]$ nmcli con edit type ethernet con-name ens3

===| nmcli interactive connection editor |===

Adding a new '802-3-ethernet' connection

Type 'help' or '?' for available commands.
Type 'describe [>setting<.>prop<]' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
nmcli> set ipv4.addresses 192.168.122.88/24
Do you also want to set 'ipv4.method' to 'manual'? [yes]: yes
nmcli>
nmcli> save temporary
Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
Do you still want to save? [yes] no
nmcli> save
Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
Do you still want to save? [yes] yes
Connection 'ens3' (704a5666-8cbd-4d89-b5f9-fa65a3dbc916) successfully saved.
nmcli> quit
~]$
The default action is to save the connection profile as persistent. If required, the profile can be held in memory only, until the next restart, by means of the save temporary command.

Locking a Profile to a Specific Device

To lock a profile to a specific interface device, the commands used in the examples above include the interface name. For example:
nmcli connection add type ethernet con-name connection-name ifname interface-name
To make a profile usable for all compatible Ethernet interfaces, issue a command as follows:
nmcli connection add type ethernet con-name connection-name ifname "*"
Note that you have to use the ifname argument even if you do not want to set a specific interface. Use the wildcard character * to specify that the profile can be used with any compatible device.
To lock a profile to a specific MAC address, use a command in the following format:
nmcli connection add type ethernet con-name "connection-name" ifname "*" mac 00:00:5E:00:53:00

Adding a Wi-Fi Connection

To view the available Wi-Fi access points, issue a command as follows:
~]$ nmcli dev wifi list
  SSID            MODE  CHAN  RATE     SIGNAL  BARS  SECURITY
  FedoraTest     Infra  11    54 MB/s  98      ▂▄▆█  WPA1
  Red Hat Guest  Infra  6     54 MB/s  97      ▂▄▆█  WPA2
  Red Hat        Infra  6     54 MB/s  77      ▂▄▆_  WPA2 802.1X
* Red Hat        Infra  40    54 MB/s  66      ▂▄▆_  WPA2 802.1X
  VoIP           Infra  1     54 MB/s  32      ▂▄__  WEP
  MyCafe         Infra  11    54 MB/s  39      ▂▄__  WPA2
To create a Wi-Fi connection profile with static IP configuration, but allowing automatic DNS address assignment, issue a command as follows:
~]$ nmcli con add con-name MyCafe ifname wlan0 type wifi ssid MyCafe \
ip4 192.168.100.101/24 gw4 192.168.100.1
To set a WPA2 password, for example caffeine, issue commands as follows:
~]$ nmcli con modify MyCafe wifi-sec.key-mgmt wpa-psk
~]$ nmcli con modify MyCafe wifi-sec.psk caffeine
See the Red Hat Enterprise Linux 7 Security Guide for information on password security.
To change Wi-Fi state, issue a command in the following format:
~]$ nmcli radio wifi [on | off ]

Changing a Specific Property

To check a specific property, for example mtu, issue a command as follows:
~]$ nmcli connection show id 'MyCafe' | grep mtu
802-11-wireless.mtu:                     auto
To change the property of a setting, issue a command as follows:
~]$ nmcli connection modify id 'MyCafe' 802-11-wireless.mtu 1350
To verify the change, issue a command as follows:
~]$ nmcli connection show id 'MyCafe' | grep mtu
802-11-wireless.mtu:                     1350
Note that NetworkManager refers to parameters such as 802-3-ethernet and 802-11-wireless as the setting, and mtu as a property of the setting. See the nm-settings(5) man page for more information on properties and their settings.

2.1.8. Configuring Static Routes Using nmcli

To configure static routes using the nmcli tool, the command line or the interactive editor mode can be used.

Example 2.3. Configuring Static Routes Using nmcli

To configure a static route for an existing Ethernet connection using the command line, enter a command as follows:
~]# nmcli connection modify eth0 +ipv4.routes "192.168.122.0/24 10.10.10.1"
This will direct traffic for the 192.168.122.0/24 subnet to the gateway at 10.10.10.1

Example 2.4. Configuring Static Routes Using nmcli Editor

To configure a static route for an Ethernet connection using the interactive editor, issue commands as follows:
~]$ nmcli con edit type ethernet con-name ens3

===| nmcli interactive connection editor |===

Adding a new '802-3-ethernet' connection

Type 'help' or '?' for available commands.
Type 'describe [>setting<.>prop<]' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1
nmcli>
nmcli> save persistent
Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
Do you still want to save? [yes] yes
Connection 'ens3' (704a5666-8cbd-4d89-b5f9-fa65a3dbc916) successfully saved.
nmcli> quit
~]$