Basic Networking Configuration (205.1)
Basic Networking Configuration (205.1)¶
Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network.
Key Knowledge Areas¶
Utilities to configure and manipulate ethernet network interfaces
Configuring wireless networks
Terms and Utilities¶
Configuring the network interface¶
Most network devices are supported by modern kernels. But you will need
to configure your devices to fit into your network. They will need an IP
address (IPv4, IPv6 or both), possibly a number of gateways/routers has
to be made known to allow access to other networks and the default route
needs to be set. Configuring Network Interface These tasks are usually
performed from the routing table network-initialization script each time
you boot the system. The basic tools for this process are
(where "if" stands
ifconfig for interface) and
ifconfig command is still widely used. It configures an
interface and makes it accessible to the kernel networking layer. An IP
address, submask, broadcast address and various other parameters can be
set. The tool can also be used to activate and de-activate the
interface, also known as "bringing up" and "bringing down" the
interface. An active interface will send and receive IP datagrams
through the interface. The simplest way to IP invoke it is:
This command assigns
interface and activates it. All
other parameters are set to default values. For instance, the default
network mask is derived from the network class of the IP address, such
as 255.255.0.0 for a class B address.
route allows you to add or remove routes from the kernel routing
table. It can be invoked as:
del arguments determine whether to add or delete the
-host arguments tell the route
command whether the target is a network or a host (a host is assumed if
you don't specify). The
if argument specifies the interface and is
optional, and allows you to specify to which network interface the route
should be directed -- the Linux kernel makes a sensible guess if you
don't supply this information.
The Loopback Interface¶
TCP/IP implementations include a virtual network interface that can be used to emulate network traffic between two processes on the same host. The loopback interface is not connected to any real network, it is implemented entirely within the operating system's networking software. Traffic sent to the loopback IP address (often the address 127.0.0.1 is used) is simply passed back up the network software stack as if it had been received from another device. The IPv6 address used is ::1, and commonly the name "localhost" is used as hostname. It is the first interface to be activated during boot: loopback interface
Occasionally, you will see the dummy hostname localhost being used
instead of the IP address. This requires proper configuration of the
/etc/hosts file: 127.0.0.1
To view the configuration of an interface simply invoke
the interface name as lo sole argument:
1 2 3 4 5
This example shows that the loopback interface has been assigned a netmask of 255.0.0.0 by default. 127.0.0.1 is a class A address.
These steps suffice to use networking applications on a stand-alone
host. After adding these lines to your network initialization script
and ensuring its execution at boot time by rebooting your machine
you can test the loopback interface. For instance,
should establish a telnet telnet connection to your host, giving you a
The loopback interface is often used as a test bed during development, but there are other applications. For example, all applications based on RPC use the loopback RPC interface to register themselves with the portmapper daemon at startup. These applications include NIS and NFS. NIS NFS Hence the loopback interface should always be configured, whether your machine is attached to a network or not.
Configuring an Ethernet interface is pretty much the same as the ethernet interface loopback interface - it just requires a few more parameters when you use subnetting.
Suppose we have subnetted the IP network, which was originally a class B
network, into class C subnetworks. To make the interface netmask
recognize this, the
ifconfig invocation would look like this:
This command assigns the eth0 interface an IP address of 172.16.1.2. If
we had omitted the netmask,
ifconfig would deduce the netmask from the
IP network class, which would result in an incorrect netmask of
255.255.0.0. Now a quick check shows:
1 2 3 4 5
You can see that
ifconfig automatically sets the broadcast broadcast
address address (the Bcast field) to the usual value, which is the
host's network number with all the host bits set. Also, the maximum
transmission unit (the maximum size of IP datagrams the MTU kernel will
generate for this interface) has been set to the maximum size of
Ethernet packets: 1,500 bytes. The defaults are usually what you will
use, but all these values can be overridden if required.
Routing Through a Gateway¶
You do not need routing if your host is on a single Ethernet. Quite frequently however, networks are connected to one another by gateways. These gateways may simply link two or more Ethernets, but may also provide a link to the outside world, such as the Internet. In order to use a gateway, you have to provide additional routing information to the networking layer.
Imagine two ethernets linked through such a gateway, the host romeo.
Assuming that romeo has already been configured, we just have to add an
entry to the routing table telling the kernel all hosts on the other
network can be reached through romeo. The appropriate invocation of
route is shown below; the
gw keyword tells it that the next argument
denotes a gateway:
# route add -net 172.16.0.0 netmask 255.255.255.0 gw romeo
Of course, any host on the other network you wish to communicate with must have a routing entry for our network. Otherwise you would only be able to send data to the other network, but the hosts on the other network would be unable to reply.
This example only describes a gateway that switches packets between two isolated ethernets. Now assume that romeo also has a connection to the Internet (say, through an additional PPP link). In this case, we want datagrams to any destination network to be handed to romeo. This can be accomplished by making it the default gateway: default gateway
# route add default gw romeo
Something that is frequently misunderstood is that only ONE default gateway can be configured. You may have many gateways, but only one can be the default.
The network name
default is a shorthand for 0.0.0.0, which denotes the
default route. The default route 0.0.0.0 default route matches every
destination and will be used if a more specific route is not available.
In recent years many people have advocated the use of the newer
/sbin/ip. It too can be used to show or manipulate routing and
network devices, and also can be used to configure or show policy
routing and tunnels. However, the old tools
be used too if that is more convenient. A use case for the
ip would be
to show the IP addresses used on the network interfaces in a more
concise way compared to
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
in contrast to
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
An example of using
ip as an alternative to
configuring a network interface (p8p1):
can be replaced by:
ip can also be used as alternative for the
1 2 3 4 5 6
The output of the
route command in this case would be:
1 2 3 4
As another example, to add a static route to network 192.168.1.0 over eth0, use:
For more information please read the manual pages of
ARP, Address Resolution Protocol¶
In the ISO network model there are seven layers. The Internet Protocol is a layer 3 protocol and the NIC is a layer 2 device. In a local network (layer 2) devices know each other by the MAC (Media Access Control) address. In the IP network (layer 3) devices know each other by their IP address.
To allow transfer from data to and from layer 3 IP communication requires a protocol to map between layer 2 and layer 3. This protocol is known as ARP - the Address Resolution Protocol. ARP creates a mapping between an IP address and the MAC address where the IP address is configured.
When IP enabled devices want to communicate, the kernel of the originating device hands the IP packet to the network interface driver software and requests to deliver the IP packet to the recipient. The only way to communicate on a local Ethernet is by means of a MAC address, IP addresses are of no use there. To find out the MAC address of the recipient with the proper IP address, the network driver for the interface on the origination side will send an ARP request. An ARP request is a broadcast: it is sent to any computer on the local network. The computer that has the requested IP address will now answer back with its MAC address. The sender then has al the information needed to transmit the packet. Also, the MAC and IP addres are stored in a local cache for future reference.
arp can be used to show the ARP cache. Example:
1 2 3
The cache can be manipulated manually, for example if a host is brought
down you might want to remove it's arp entry. Normally you do not need
to bother as the cache is not overly persistent. See the man pages for
more information on the
Note Additionally, there exists the reverse ARP protocol (RARP). This protocol is used to allow an Ethernet (layer 2) device which IP address(es) it has configured. ARP: broadcast IP and receive MAC. RARP: broadcast MAC and receive IP.
iw is used to configure wireless devices. It only supports
the nl80211 (netlink) standard. So if
iw doesnt see your device, this
might be the reason. You should use
iwconfig (from the
wireless_tools package) and
iwlist to configure the wireless
device. These are using the WEXT standard. wireless_tools is
deprecated, but still widely supported.
Some common options:
- This is an object and the name op the wireless device should follow
after this option. with the command
iw devyou can see the name of your device.
- This is a command and gets the link status of your wireless device.
- This is a command and scans the network for available access points.
- This is a command which lets you connect to an access point (essid), you can specify a channel behind it and/or your password.
- This is a command that lets you set a different interface/mode. For
ibssif you want to set the operation mode to Ad-Hoc. Or set the power save state of the interface.
1 2 3 4 5 6 7 8 9
iwconfig is similar to
ifconfig, but is dedicated to the
wireless interfaces. It is used to set the parameters of the network
interface which are specific to the wireless operation (for example :
iwconfig may also be used to display those parameters,
and the wireless statistics.
All parameters and statistics are device dependent. Each driver will provide only some of them depending on hardware support, and the range of values may change. Please refer to the man page of each device for details.
Some common options:
- Set the ESSID (or Network Name - in some products it may also be called Domain ID). With some cards, you may disable the ESSID checking (ESSID promiscuous) with off or any (and on to reenable it). If the ESSID of your network is one of the special keywords (off, on or any), you should use -- to escape it.
- Set the operating mode of the device, which depends on the network topology. The mode can be Ad-Hoc (the network is composed of one cell only and is without an Access Point), Managed (the node connects to a network composed of multiple Access Points, with roaming), Master (the node is the synchronisation master or acts as an Access Point), Repeater (the node forwards packets between other wireless nodes), Secondary (the node acts as a backup master/repeater), Monitor (the node is not associated with any cell and passively monitors all packets on the frequency) or Auto.
1 2 3 4
iwlist is used to scan for available wireless networks and
display additional information about them. The syntax is as follows:
iwlist can display ESSID's, frequency/channel information, bit-rates,
encryption type, power management information of other wireless nodes in
range. Which information is displayed is hardware dependent.
Some useful options are:
Returns a list of ad-hoc networks and access points. Depending on the type of card, more information is shown, i.e. ESSID, signal strength, frequency. Scanning can only be done by root. When a non-root users issues the scan command, results from the last scan are returned, if available. This can also be achieved by adding the option last. Furthermore, the option essid can be used to scan for a specific ESSID. Depending on the driver, more options may be available.
List the encryption key sizes supported and list all the encryption keys set in the device.