Chapter 17. Configuring network devices to accept traffic from all MAC addresses

Network devices usually intercept and read packets that their controller is programmed to receive. You can configure the network devices to accept traffic from all MAC addresses in a virtual switch or at the port group level.

You can use this network mode to:

  • diagnose network connectivity issues,
  • monitor network activity for security reasons,
  • intercept private data-in-transit or intrusion in the network.

This section describes how to configure a network device to accept traffic from all the MAC addresses using iproute2, nmcli, or nmstatectl utilities. You can enable this mode for any kind of network device except InfiniBand.

17.1. Temporarily configuring a network network device to accept all traffic using iproute2

This procedure describes how to configure a network device to accept all traffic regardless of the MAC addresses. Any change made using the iproute2 utility is temporary and lost after the machine reboots.

Procedure

  1. Optional: Display the network interfaces to identify the one for which you want to receive all traffic:

    # ip a
    1: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
        link/ether 98:fa:9b:a4:34:09 brd ff:ff:ff:ff:ff:ff
    2: bond0: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
        link/ether 6a:fd:16:b0:83:5c brd ff:ff:ff:ff:ff:ff
    3: wlp61s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    ...
  2. Modify the device to enable or disable this property.

    • To enable the accept-all-mac-address mode for enp1s0:

      # ip link set enp1s0 promisc on
    • To disable the accept-all-mac-address mode for enp1s0:

      # ip link set enp1s0 promisc off

Verification steps

  • To verify that the accept-all-mac-address mode is enabled:

    # ip link show enp1s0
    1: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
        link/ether 98:fa:9b:a4:34:09 brd ff:ff:ff:ff:ff:ff

The PROMISC flag in the device description indicates that the mode is enabled.

17.2. Permanently configuring a network device to accept all traffic using nmcli

This procedure describes how to configure a network device to accept traffic regardless of MAC addresses using the nmcli commands.

Procedure

  1. Optional: Display the network interfaces to identify the one for which you want to receive all traffic:

    # ip a
    1: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
        link/ether 98:fa:9b:a4:34:09 brd ff:ff:ff:ff:ff:ff
    2: bond0: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
        link/ether 6a:fd:16:b0:83:5c brd ff:ff:ff:ff:ff:ff
    3: wlp61s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    ...

    You can create a new connection, if you do not have any.

  2. Modify the network device to enable or disable this property.

    • To enable the 802-3-ethernet.accept-all-mac-address mode for enp1s0:

      # nmcli connection modify enp1s0 802-3-ethernet.accept-all-mac-addresses yes
    • To disable the accept-all-mac-address mode for enp1s0:

      # nmcli connection modify enp1s0 802-3-ethernet.accept-all-mac-addresses no
  3. To apply the changes, reactivate the connection:

    # nmcli connection up enp1s0

Verification steps

  • To verify that the 802-3-ethernet.accept-all-mac-addresses mode is enabled:

    # nmcli connection show enp1s0
    ...
    802-3-ethernet.accept-all-mac-addresses:1     (true)

The 802-3-ethernet.accept-all-mac-addresses: true indicates that the mode is enabled.

17.3. Permanently configuring a network network device to accept all traffic using nmstatectl

This procedure describes how to configure a network device to accept all traffic regardless of MAC addresses using the nmstatectl utility.

Prerequisites

  • The nmstate package is installed.
  • The .yml file that you used to configure the device is available.

Procedure

  1. Edit the existing enp1s0.yml file for the enp1s0 connection and add the following content to it.

    ---
    interfaces:
      - name: enp1s0
        type: ethernet
        state: up
        accept -all-mac-address: true
  2. Apply the network settings.

    # nmstatectl apply ~/enp1s0.yml

Verification steps

  • To verify that the 802-3-ethernet.accept-all-mac-addresses mode is enabled:

    # nmstatectl show enp1s0
    interfaces:
      - name: enp1s0
        type: ethernet
        state: up
        accept-all-mac-addresses:     true
    ...

The 802-3-ethernet.accept-all-mac-addresses: true indicates that the mode is enabled.

Additional resources

  • For further details about nmstatectl, see the nmstatectl(8) man page.
  • For more configuration examples, see the /usr/share/doc/nmstate/examples/ directory.