0

OS: Alma-9.2

I am trying to disable an interface (ens224) at boot using the nmcli tool. I tried using the option nmcli connection modify ens224 connection.autoconnect no,nmcli connection down id ens224, nmcli device disconnect id ens224, ifconfig ens224 down. After trying all these commands and a reboot, ethtool still showing the Link detected: yes.

In CentOS 8 when I used network service instead of NetworkManager, I was able to do it by setting the below in the ifcfg file.

DEVICE=ens224
NAME=ens224
BOOTPROTO=static
ONBOOT=no
PEERDNS=no

Once I have the above configuration in my ifcfg file and if I reboot, ethtool shows Link detected: no. How can I achieve this using NetworkManager?

Vishnu
  • 711
  • 2
  • 8
  • 15
  • "Link detected: yes" means its connected to a hub/switch/other host. Doesn't mean it will handle any data. – symcbean Aug 09 '23 at 15:01
  • @symcbean yes. But I want to make the interface completely down. I do not want it to receive any packets from the switch/other host on this particular interface. – Vishnu Aug 11 '23 at 21:43
  • You will not "receive any packets". If you don't want it to say "Link detected: yes" you need to pull the cable out. – symcbean Aug 12 '23 at 14:49
  • @symcbean, I know I can pull out the cable and it will say "Link detected: no". I want to know if there is any option other than pulling out the cable. – Vishnu Aug 14 '23 at 06:06
  • YOU WILL NOT RECEIVE ANY PACKETS. – symcbean Aug 14 '23 at 15:46
  • @symcbean . I ran a tcpdump on the particular interface and I can see that I am receiving ARP requests on that particular interface. So I am receving many packets. It doesn't matter if I process those packets, but I still receive it. Another scenario: You connect this computer (PC1) to another one (PC2) and configure a static MAC entry towards PC1 with a fake IP Address, and use netcat to send TCP packets to PC1 . You will see in the TCP dump that the interface is receiving TCP SYN packets. I want to know a way to make the interface completely down other than pulling the cable out. – Vishnu Aug 15 '23 at 05:58
  • Because when you ran tcpdump you started listening on the interface. – symcbean Aug 15 '23 at 08:29
  • I’m voting to close this question because the system is behaving as expected – symcbean Aug 15 '23 at 08:29

2 Answers2

0

I am posting an answer which is worked for me. I think I will not be able to achieve this using NetworkManager as per redhat documentation:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_with_ip_commands

Note The ip link set ifname command sets a network interface in IFF_UP state and enables it from the kernel's scope. This is different from the ifup ifname command for initscripts or NetworkManager's activation state of a device. In fact, NetworkManager always sets an interface up even if it is currently disconnected. Disconnecting the device through the nmcli tool, does not remove the IFF_UP flag. In this way, NetworkManager gets notifications about the carrier state.

As per this, NetworkManager always set the IFF_UP flag even if you are disconnected, so the ethtool see it as link detected.

To resolve this issue in my scenario, I can add this particular interface to the unmanaged devices list of NetworkManager and by doing this, when I reboot the interface, it is correctly showing that the link is not detected by ethtool.

cat /etc/NetworkManager/conf.d/99-unmanaged-devices.conf
[keyfile]
unmanaged-devices=interface-name:ens224

Once the interface is added to the file, I can run systemctl reload NetworkManager and the interface will be removed from the Network Manager controlled interfaces lists.

To make the device controlled by NetworkManager again, remove the file /etc/NetworkManager/conf.d/99-unmanaged-devices.conf and reload the network manager.

Once it is removed from NetworkManager I will no longer be able to run the tcpdump or any other command to listen on that interface as it is not showing as UP.

Vishnu
  • 711
  • 2
  • 8
  • 15
0

I would try to ingore the interface:

nmcli device set ens224 managed no

If this work you can make it permanent: create a keyfile: /etc/NetworkManager/conf.d/99-unmanaged-devices.conf

[keyfile]
unmanaged-devices=interface-name:ens224

Source: https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/configuring-networkmanager-to-ignore-certain-devices_configuring-and-managing-networking

ulrich17
  • 11
  • 2