Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

9.2. Using the NetworkManager Command Line Tool, nmcli

To create a bridge, named bridge-br0, issue a command as follows as root:
~]# nmcli con add type bridge ifname br0
Connection 'bridge-br0' (6ad5bba6-98a0-4f20-839d-c997ba7668ad) successfully added.
If no interface name is specified, the name will default to bridge, bridge-1, bridge-2, and so on.
To view the connections, issue the following command:
~]$ nmcli con show
NAME        UUID                                  TYPE            DEVICE
bridge-br0  79cf6a3e-0310-4a78-b759-bda1cc3eef8d  bridge          br0
enp1s0      4d5c449a-a6c5-451c-8206-3c9a4ec88bca  802-3-ethernet  enp1s0
Spanning tree protocol (STP) is enabled by default. The values used are from the IEEE 802.1D-1998 standard. To disable STP for this bridge, issue a command as follows as root:
~]# nmcli con modify bridge-br0 bridge.stp no
To re-enable 802.1D STP for this bridge, issue a command as follows as root:
~]# nmcli con modify bridge-br0 bridge.stp yes
The default bridge priority for 802.1D STP is 32768. The lower number is preferred in root bridge selection. For example, a bridge with priority of 28672 would be selected as the root bridge in preference to a bridge with priority value of 32768 (the default). To create a bridge with a non-default value, issue a command as follows:
~]$ nmcli con add type bridge ifname br5 stp yes priority 28672
Connection 'bridge-br5' (86b83ad3-b466-4795-aeb6-4a66eb1856c7) successfully added.
The allowed values are in the range 0 to 65535.
To change the bridge priority of an existing bridge to a non-default value, issue a command in the following format:
~]$ nmcli connection modify bridge-br5 bridge.priority 36864
The allowed values are in the range 0 to 65535.
To configure a bridge connection to forward group addresses in the range from 01:80:C2:00:00:00 to 01:80:C2:00:00:0F, change the group-forward-mask property. This property is a mask of 16 bits. Each bit corresponds to a group address in the above-mentioned range that must be forwarded. For example:
~]$ nmcli connection modify bridge-br5 bridge.group-forward-mask 8

Important

The group-forward-mask property cannot have any of the 0, 1, 2 bits set to 1 because those addresses are used for Spanning tree protocol (STP), Link Aggregation Control Protocol (LACP) and Ethernet MAC pause frames.
To view the bridge settings, issue the following command:
~]$ nmcli -f bridge con show bridge-br0
Further options for 802.1D STP are listed in the bridge section of the nmcli(1) man page.
To add, or assign an interface, for example enp1s0, to the bridge bridge-br0, issue a command as follows:
~]$ nmcli con add type ethernet ifname enp1s0 master bridge-br0
Connection 'bridge-slave-enp1s0' (70ffae80-7428-4d9c-8cbd-2e35de72476e) successfully added.
To assign an existing connection to a bridge, proceed as follows:
  1. Change its controller and port-type properties. For example to assign an existing VLAN connection named vlan100:
    ~]$ nmcli connection modify vlan100 master bridge-br0 slave-type bridge
  2. Reactivate the connection to apply the changes:
    ~]$ nmcli connection up vlan100
To change a value using interactive mode, issue the following command:
~]$ nmcli connection edit bridge-br0
You will be placed at the nmcli prompt.
nmcli> set bridge.priority 4096
nmcli> save
Connection 'bridge-br0' (79cf6a3e-0310-4a78-b759-bda1cc3eef8d) successfully saved.
nmcli> quit