Score:0

Alma 9 Unable to make the interface DOWN at boot

ru flag

OS: Alma-9.2

I am trying to disable an interface (ens224) at boot using the nmcli tool. I tried using the option nmcli connection modify ens224 connection.autoconnect no,nmcli connection down id ens224, nmcli device disconnect id ens224, ifconfig ens224 down. After trying all these commands and a reboot, ethtool still showing the Link detected: yes.

In CentOS 8 when I used network service instead of NetworkManager, I was able to do it by setting the below in the ifcfg file.

DEVICE=ens224
NAME=ens224
BOOTPROTO=static
ONBOOT=no
PEERDNS=no

Once I have the above configuration in my ifcfg file and if I reboot, ethtool shows Link detected: no. How can I achieve this using NetworkManager?

ws flag
"Link detected: yes" means its connected to a hub/switch/other host. Doesn't mean it will handle any data.
ru flag
@symcbean yes. But I want to make the interface completely down. I do not want it to receive any packets from the switch/other host on this particular interface.
ws flag
You will not "receive any packets". If you don't want it to say "Link detected: yes" you need to pull the cable out.
ru flag
@symcbean, I know I can pull out the cable and it will say "Link detected: no". I want to know if there is any option other than pulling out the cable.
ws flag
YOU WILL NOT RECEIVE ANY PACKETS.
ru flag
@symcbean . I ran a tcpdump on the particular interface and I can see that I am receiving ARP requests on that particular interface. So I am receving many packets. It doesn't matter if I process those packets, but I still receive it. Another scenario: You connect this computer (PC1) to another one (PC2) and configure a static MAC entry towards PC1 with a fake IP Address, and use netcat to send TCP packets to PC1 . You will see in the TCP dump that the interface is receiving TCP SYN packets. I want to know a way to make the interface completely down other than pulling the cable out.
ws flag
Because when you ran tcpdump you started listening on the interface.
ws flag
I’m voting to close this question because the system is behaving as expected
Score:0
in flag

I would try to ingore the interface:

nmcli device set ens224 managed no

If this work you can make it permanent: create a keyfile: /etc/NetworkManager/conf.d/99-unmanaged-devices.conf

[keyfile]
unmanaged-devices=interface-name:ens224

Source: https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/configuring-networkmanager-to-ignore-certain-devices_configuring-and-managing-networking

Score:0
ru flag

I am posting an answer which is worked for me. I think I will not be able to achieve this using NetworkManager as per redhat documentation:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_with_ip_commands

Note The ip link set ifname command sets a network interface in IFF_UP state and enables it from the kernel's scope. This is different from the ifup ifname command for initscripts or NetworkManager's activation state of a device. In fact, NetworkManager always sets an interface up even if it is currently disconnected. Disconnecting the device through the nmcli tool, does not remove the IFF_UP flag. In this way, NetworkManager gets notifications about the carrier state.

As per this, NetworkManager always set the IFF_UP flag even if you are disconnected, so the ethtool see it as link detected.

To resolve this issue in my scenario, I can add this particular interface to the unmanaged devices list of NetworkManager and by doing this, when I reboot the interface, it is correctly showing that the link is not detected by ethtool.

cat /etc/NetworkManager/conf.d/99-unmanaged-devices.conf
[keyfile]
unmanaged-devices=interface-name:ens224

Once the interface is added to the file, I can run systemctl reload NetworkManager and the interface will be removed from the Network Manager controlled interfaces lists.

To make the device controlled by NetworkManager again, remove the file /etc/NetworkManager/conf.d/99-unmanaged-devices.conf and reload the network manager.

Once it is removed from NetworkManager I will no longer be able to run the tcpdump or any other command to listen on that interface as it is not showing as UP.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.