19 December 2014nm-settings-ifcfg-rh5NetworkManagerConfiguration1.0.0nm-settings-ifcfg-rhDescription of ifcfg-rh settings plugin NetworkManager is based on the concept of connection profiles that contain network configuration (see nm-settings5 for details). The profiles can be stored in various formats. NetworkManager uses plugins for reading and writing the data. The plugins can be configured in NetworkManager.conf5. The ifcfg-rh plugin is used on the Fedora and Red Hat Enterprise Linux distributions to read/write configuration from/to the standard /etc/sysconfig/network-scripts/ifcfg-* files. Each NetworkManager connection maps to one ifcfg-* file, with possible usage of keys-* for passwords, route-* for static IPv4 routes and route6-* for static IPv6 routes. The plugin currently supports reading and writing Ethernet, Wi-Fi, InfiniBand, VLAN, Bond, Bridge, and Team connections. Unsupported connection types (such as WWAN, PPPoE, VPN, or ADSL are handled by keyfile plugin (nm-settings-keyfile5). The main reason for using ifcfg-rh plugin is the compatibility with legacy configurations for ifup and ifdown (initscripts). The ifcfg-rh config format is a simple text file containing VARIABLE="value" lines. The format is described in sysconfig.txt of initscripts package. Note that the configuration files may be sourced by initscripts, so they must be valid shell scripts. That means, for instance, that # character can be used for comments, strings with spaces must be quoted, special characters must be escaped, etc. Users can create or modify the ifcfg-rh connection files manually, even if that is not the recommended way of managing the profiles. However, if they choose to do that, they must inform NetworkManager about their changes (see monitor-connection-file in nm-settings5, and nmcli con (re)load). Simple DHCP ethernet configuration: NAME=ethernet UUID=1c4ddf70-01bf-46d6-b04f-47e842bd98da TYPE=Ethernet BOOTPROTO=dhcp DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no ONBOOT=yes Simple ethernet configuration with static IP: TYPE=Ethernet BOOTPROTO=none IPADDR=10.1.0.25 PREFIX=24 GATEWAY=10.1.0.1 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_FAILURE_FATAL=no NAME=ethernet-em2 UUID=51bb3904-c0fc-4dfe-83b2-0a71e7928c13 DEVICE=em2 ONBOOT=yes WPA2 Enterprise WLAN (TTLS with inner MSCHAPV2 authentication): ESSID="CompanyWLAN" MODE=Managed KEY_MGMT=WPA-EAP TYPE=Wireless IEEE_8021X_EAP_METHODS=TTLS IEEE_8021X_IDENTITY=joe IEEE_8021X_PASSWORD_FLAGS=ask IEEE_8021X_INNER_AUTH_METHODS=MSCHAPV2 IEEE_8021X_CA_CERT=/home/joe/.cert/company.crt BOOTPROTO=dhcp DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=no NAME=MyCompany UUID=f79848ff-11a6-4810-9e1a-99039dea84c4 ONBOOT=yes Bridge and bridge port configuration: ifcfg-bridge: ifcfg-bridge-port: NAME=bridge NAME=bridge007-port-eth0 UUID=4be99ce0-c5b2-4764-8b77-ec226e440125 UUID=3ad56c4a-47e1-419b-b0d4-8ad86eb967a3 DEVICE=bridge007 DEVICE=eth0 STP=yes ONBOOT=yes TYPE=Bridge TYPE=Ethernet BRIDGING_OPTS=priority=32768 BRIDGE=bridge007 ONBOOT=yes BOOTPROTO=dhcp Bonding configuration: ifcfg-BOND: ifcfg-BOND-slave: NAME=BOND NAME=BOND-slave UUID=b41888aa-924c-450c-b0f8-85a4f0a51b4a UUID=9bb048e4-286a-4cc3-b104-007dbd20decb DEVICE=bond100 DEVICE=eth0 BONDING_OPTS="mode=balance-rr miimon=100" ONBOOT=yes TYPE=Bond TYPE=Ethernet BONDING_MASTER=yes MASTER=bond100 ONBOOT=yes SLAVE=yes BOOTPROTO=dhcp Team and team port configuration: ifcfg-my_team0: DEVICE=team0 TEAM_CONFIG="{ \"device\": \"team0\", \"runner\": {\"name\": \"roundrobin\"}, \"ports\": {\"eth1\": {}, \"eth2\": {}} }" DEVICETYPE=Team BOOTPROTO=dhcp NAME=team0-profile UUID=1d3460a0-7b37-457f-a300-fe8d92da4807 ONBOOT=yes ifcfg-my_team0_slave1: NAME=team0-slave1 UUID=d5aed298-c567-4cc1-b808-6d38ecef9e64 DEVICE=eth1 ONBOOT=yes TEAM_MASTER=team0 DEVICETYPE=TeamPort ifcfg-my_team0_slave2: NAME=team0-slave2 UUID=94e75f4e-e5ad-401c-8962-31e0ae5d2215 DEVICE=eth2 ONBOOT=yes TEAM_MASTER=team0 DEVICETYPE=TeamPort The UUID values in the config files must be unique. You can use uuidgen command line tool to generate such values. Alternatively, you can leave out UUID entirely. In that case NetworkManager will generate a UUID based on the file name. The main differences of NetworkManager ifcfg-rh plugin and traditional initscripts are: NM_CONTROLLED=yes|no NM_CONTROLLED is NetworkManager-specific variable used by NetworkManager for determining whether the device of the ifcfg file should be managed. NM_CONTROLLED=yes is supposed if the variable is not present in the file. Note that if you have more ifcfg files for a single device, NM_CONTROLLED=no in one of the files will cause the device not to be managed. The profile may not even be the active one. New variables NetworkManager has introduced some new variable, not present in initscripts, to be able to store data for its new features. The variables are marked as extensions in the tables bellows. Semantic change of variables NetworkManager had to slightly change the semantic for a few variables. PEERDNS - initscripts interpret PEERDNS=no to mean "never touch resolv.conf". NetworkManager interprets it to say "never add automatic (DHCP, PPP, VPN, etc.) nameservers to resolv.conf".ONBOOT - initscripts use ONBOOT=yes to mark the devices that are to be activated during boot. NetworkManager extents this to also mean that this profile can be used for auto-connecting at any time. See the next section for detailed mapping of NetworkManager properties and ifcfg-rh variables. Variable names, format and usage differences in NetworkManager and initscripts are documented in the tables bellow. ifcfg-rh plugin variables marked with (+) are NetworkManager specific extensions not understood by traditional initscripts. PropertyIfcfg-rh VariableDefaultDescriptioneapIEEE_8021X_EAP_METHODS(+)EAP method for 802.1X authentication. Example: IEEE_8021X_EAP_METHODS=PEAP Allowed values: "LEAP", "PWD", "TLS", "PEAP", "TTLS", "FAST"identityIEEE_8021X_IDENTITY(+)Identity for EAP authentication methods. Example: IEEE_8021X_IDENTITY=itsmeanonymous-identityIEEE_8021X_ANON_IDENTITY(+)Anonymous identity for EAP authentication methods.pac-fileIEEE_8021X_PAC_FILE(+)File with PAC (Protected Access Credential) for EAP-FAST. Example: IEEE_8021X_PAC_FILE=/home/joe/my-fast.pacca-certIEEE_8021X_CA_CERT(+)CA certificate for EAP. Example: IEEE_8021X_CA_CERT=/home/joe/cacert.crtca-path(none)The property is not handled by ifcfg-rh plugin.subject-matchIEEE_8021X_SUBJECT_MATCH(+)Substring to match subject of server certificate against. Example: IEEE_8021X_SUBJECT_MATCH="Red Hat"altubject-matchesIEEE_8021X_AlTSUBJECT_MATCHES(+)List of strings to be matched against the altSubjectName. Example: IEEE_8021X_ALTSUBJECT_MATCHES="s1.domain.cc"client-certIEEE_8021X_CLIENT_CERT(+)Client certificate for EAP. Example: IEEE_8021X_CLIENT_CERT=/home/joe/mycert.crtphase1-peapverIEEE_8021X_PEAP_VERSION(+)Use to force a specific PEAP version. Allowed values: 0, 1phase1-peaplabelIEEE_8021X_PEAP_FORCE_NEW_LABEL(+)noUse to force the new PEAP label during key derivation. Allowed values: yes, nophase1-fast-provisioningIEEE_8021X_FAST_PROVISIONING(+)Enable in-line provisioning of EAP-FAST credentials. Example: IEEE_8021X_FAST_PROVISIONING="allow-auth allow-unauth" Allowed values: space-separated list of these values [allow-auth, allow-unauth]phase2-authIEEE_8021X_INNER_AUTH_METHODS(+)Inner non-EAP authentication methods. IEEE_8021X_INNER_AUTH_METHODS can contain values both for 'phase2-auth' and 'phase2-autheap' properties. Example: IEEE_8021X_INNER_AUTH_METHODS=PAP Allowed values: "PAP", "CHAP", "MSCHAP", "MSCHAPV2", "GTC", "OTP", "MD5" and "TLS"phase2-autheapIEEE_8021X_INNER_AUTH_METHODS(+)Inner EAP-based authentication methods. Note that IEEE_8021X_INNER_AUTH_METHODS is also used for 'phase2-auth' values. Example: IEEE_8021X_INNER_AUTH_METHODS="MSCHAPV2 EAP-TLS" Allowed values: "EAP-MD5", "EAP-MSCHAPV2", "EAP-GTC", "EAP-OTP" and "EAP-TLS"phase2-subject-matchIEEE_8021X_PHASE2_SUBJECT_MATCH(+)Substring to match subject of server certificate against. Example: IEEE_8021X_PHASE2_SUBJECT_MATCH="Red Hat"phase2-altsubject-matchesIEEE_8021X_PHASE2_ALTSUBJECT_MATCHES(+)phase2-client-certIEEE_8021X_INNER_CLIENT_CERT(+)Client certificate for inner EAP method. Example: IEEE_8021X_INNER_CLIENT_CERT=/home/joe/mycert.crtpasswordIEEE_8021X_PASSWORD(+)UTF-8 encoded password used for EAP. It can also go to "key-" lookaside file, or it can be owned by a secret agent.password-flagsIEEE_8021X_PASSWORD_FLAGS(+)Password flags for IEEE_8021X_PASSWORD password. (see for _FLAGS values)password-raw(none)The property is not handled by ifcfg-rh plugin.password-raw-flags(none)The property is not handled by ifcfg-rh plugin.private-keyIEEE_8021X_PRIVATE_KEY(+)Private key for EAP-TLS. Example: IEEE_8021X_PRIVATE_KEY=/home/joe/mykey.p12private-key-passwordIEEE_8021X_PRIVATE_KEY_PASSWORD(+)Password for IEEE_8021X_PRIVATE_KEY. It can also go to "key-" lookaside file, or it can be owned by a secret agent.private-key-password-flagsIEEE_8021X_PRIVATE_KEY_PASSWORD_FLAGS(+)Password flags for IEEE_8021X_PRIVATE_KEY_PASSWORD password. (see for _FLAGS values)phase2-private-keyIEEE_8021X_INNER_PRIVATE_KEY(+)Private key for inner authentication method for EAP-TLS.phase2-private-key-passwordIEEE_8021X_INNER_PRIVATE_KEY_PASSWORD(+)Password for IEEE_8021X_INNER_PRIVATE_KEY. It can also go to "key-" lookaside file, or it can be owned by a secret agent.phase2-private-key-password-flagsIEEE_8021X_INNER_PRIVATE_KEY_PASSWORD_FLAGS(+)Password flags for IEEE_8021X_INNER_PRIVATE_KEY_PASSWORD password. (see for _FLAGS values)pin(none)The property is not handled by ifcfg-rh plugin.pin-flags(none)The property is not handled by ifcfg-rh plugin.system-ca-certs(none)The property is not handled by ifcfg-rh plugin.PropertyIfcfg-rh VariableDefaultDescriptionoptionsBONDING_OPTSBonding options. Example: BONDING_OPTS="miimon=100 mode=broadcast"PropertyIfcfg-rh VariableDefaultDescriptionpriorityBRIDGING_OPTS: priority=32STP priority. Allowed values: 0 - 63path-costBRIDGING_OPTS: path_cost=100STP cost. Allowed values: 1 - 65535hairpin-modeBRIDGING_OPTS: hairpin_mode=yesHairpin mode of the bridge port.PropertyIfcfg-rh VariableDefaultDescriptionmac-addressMACADDR(+)MAC address of the bridge. Note that this requires a recent kernel support, originally introduced in 3.15 upstream kernel) MACADDR for bridges is an NM extension.stpSTPnoSpan tree protocol participation.priorityBRIDGING_OPTS: priority=32768STP priority. Allowed values: 0 - 32768forward-delayDELAY15STP forwarding delay. Allowed values: 2 - 30hello-timeBRIDGING_OPTS: hello_time=2STP hello time. Allowed values: 1 - 10max-ageBRIDGING_OPTS: max_age=20STP maximum message age. Allowed values: 6 - 40ageing-timeBRIDGING_OPTS: ageing_time=300Ethernet MAC ageing time. Allowed values: 0 - 1000000PropertyIfcfg-rh VariableDefaultDescriptionidNAME(+)User friendly name for the connection profile.uuidUUID(+)UUID for the connection profile. When missing, NetworkManager creates the UUID itself (by hashing the file).interface-nameDEVICEInterface name of the device this profile is bound to. The variable can be left out when the profile should apply for more devices. Note that DEVICE can be required for some connection types.typeTYPE (DEVICETYPE, DEVICE)Base type of the connection. DEVICETYPE is used for teaming connections. Example: TYPE=Ethernet; TYPE=Bond; TYPE=Bridge; DEVICETYPE=TeamPort Allowed values: Ethernet, Wireless, InfiniBand, Bridge, Bond, Vlan, Team, TeamPortpermissionsUSERS(+)USERS restrict the access for this conenction to certain users only. Example: USERS="joe bob"autoconnectONBOOTyesWhether the connection should be autoconnected (not only while booting).autoconnect-priorityAUTOCONNECT_PRIORITY(+)0Connection priority for automatic activation. Connections with higher numbers are preferred when selecting profiles for automatic activation. Example: AUTOCONNECT_PRIORITY=20 Allowed values: -999 to 999zoneZONE(+)Trust level of this connection. The string is usually used for a firewall. Example: ZONE=WorkmasterMASTER, TEAM_MASTER, BRIDGEReference to master connection. The variable used depends on the connection type.slave-typeMASTER, TEAM_MASTER, DEVICETYPE, BRIDGESlave type doesn't map directly to a variable, but it is recognized using different variables. MASTER for bonding, TEAM_MASTER and DEVICETYPE for teaming, BRIDGE for bridging.secondariesSECONDARY_UUIDS(+)UUID of VPN connections that should be activated together with this connection.gateway-ping-timeoutGATEWAY_PING_TIMEOUT(+)0If greater than zero, the IP connectivity will be checked by pinging the gateway and waiting for the specified timeout (in seconds). Example: GATEWAY_PING_TIMEOUT=5PropertyIfcfg-rh VariableDefaultDescriptionapp-fcoe-flagsDCB_APP_FCOE_ENABLE, DCB_APP_FCOE_ADVERTISE, DCB_APP_FCOE_WILLINGnoFCOE flags. Example: DCB_APP_FCOE_ENABLE=yes DCB_APP_FCOE_ADVERTISE=yesapp-fcoe-priorityDCB_APP_FCOE_PRIORITYPriority of FCoE frames. Allowed values: 0 - 7app-fcoe-modeDCB_APP_FCOE_MODEfabricFCoE controller mode. Allowed values: fabric, vn2vnapp-iscsi-flagsDCB_APP_ISCSI_ENABLE, DCB_APP_ISCSI_ADVERTISE, DCB_APP_ISCSI_WILLINGnoiSCSI flags.app-iscsi-priorityDCB_APP_ISCSI_PRIORITYPriority of iSCSI frames. Allowed values: 0 - 7app-fip-flagsDCB_APP_FIP_ENABLE, DCB_APP_FIP_ADVERTISE, DCB_APP_FIP_WILLINGnoFIP flags.app-fip-priorityDCB_APP_FIP_PRIORITYPriority of FIP frames. Allowed values: 0 - 7priority-flow-control-flagsDCB_PFC_ENABLE, DCB_PFC_ADVERTISE, DCB_PFC_WILLINGnoPriority flow control flags.priority-flow-controlDCB_PFC_UPPriority flow control values. String of 8 "0" and "1", where "0". means "do not transmit priority pause", "1" means "transmit pause". Example: DCB_PFC_UP=01101110priority-group-flagsDCB_PG_ENABLE, DCB_PG_ADVERTISE, DCB_PG_WILLINGnoPriority groups flags.priority-group-idDCB_PG_IDPriority groups values. String of eight priorities (0 - 7) or "f" (unrestricted). Example: DCB_PG_ID=1205f173priority-group-bandwidthDCB_PG_PCTPriority groups values. Eight bandwidths (in percent), separated with commas. Example: DCB_PG_PCT=10,5,10,15,10,10,10,30priority-bandwidthDCB_PG_UPPCTPriority values. Eight bandwidths (in percent), separated with commas. The sum of the numbers must be 100. Example: DCB_PG_UPPCT=7,13,10,10,15,15,10,20priority-strict-bandwidthDCB_PG_STRICTPriority values. String of eight "0" or "1", where "0" means "may not utilize all bandwidth", "1" means "may utilize all bandwidth". Example: DCB_PG_STRICT=01101110priority-traffic-classDCB_PG_UP2TCPriority values. String of eight trafic class values (0 - 7). Example: DCB_PG_UP2TC=01623701 All DCB related configuration is a NetworkManager extention. DCB=yes must be used explicitly to enable DCB so that the rest of the DCB_* variables can apply. PropertyIfcfg-rh VariableDefaultDescriptionmac-addressHWADDRIBoIP 20-byte hardware address of the device (in traditional hex-digits-and-colons notation). Example: HWADDR=01:02:03:04:05:06:07:08:09:0A:01:02:03:04:05:06:07:08:09:11mtuMTUMTU of the interface.transport-modeCONNECTED_MODECONNECTED_MODE=noCONNECTED_MODE=yes for "connected" mode, CONNECTED_MODE=no for "datagram" modep-keyPKEY_ID (and PKEY=yes)PKEY=noInfiniBand P_Key. The value can be a hex number prefixed with "0x" or a decimal number. When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified. Example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002parentPHYSDEV (PKEY=yes)PKEY=noInfiniBand parent device. Example: PHYSDEV=ib0PropertyIfcfg-rh VariableDefaultDescriptionmethodBOOTPROTOnoneMethod used for IPv4 protocol configuration. Allowed values: none, dhcp (bootp), static, ibft, autoip, shareddnsDNS1, DNS2, ...List of DNS servers. Even if NetworkManager supports many DNS servers, initscripts and resolver only care about the first three, usually. Example: DNS1=1.2.3.4 DNS2=10.0.0.254 DNS3=8.8.8.8dns-searchDOMAINList of DNS search domains.addressesIPADDR, PREFIX, IPADDR1, PREFIX1, ...List of static IP addresses. Example: IPADDR=10.5.5.23 PREFIX=24 IPADDR1=1.1.1.2 PREFIX1=16gatewayGATEWAYGateway IP address. Example: GATEWAY=10.5.5.1routesADDRESS1, NETMASK1, GATEWAY1, METRIC1, ...List of static routes. They are not stored in ifcfg-* file, but in route-* file instead.ignore-auto-routesPEERROUTES(+)yesPEERROUTES has the opposite meaning as 'ignore-auto-routes' property.ignore-auto-dnsPEERDNSyesPEERDNS has the opposite meaning as 'ignore-auto-dns' property.dhcp-send-hostnameDHCP_SEND_HOSTNAME(+)yesWhether DHCP_HOSTNAME should be sent to the DHCP server.dhcp-hostnameDHCP_HOSTNAMEHostname to send to the DHCP server.never-defaultDEFROUTE (GATEWAYDEV in /etc/sysconfig/network)yesDEFROUTE=no tells NetworkManager that this connection should not be assigned the default route. DEFROUTE has the opposite meaning as 'never-default' property.may-failIPV4_FAILURE_FATAL(+)noIPV4_FAILURE_FATAL has the opposite meaning as 'may-fail' property.dhcp-client-idDHCP_CLIENT_ID(+)A string sent to the DHCP server to identify the local machine. Example: DHCP_CLIENT_ID=ax-srv-1PropertyIfcfg-rh VariableDefaultDescriptionmethodIPV6INIT, IPV6FORWARDING, IPV6_AUTOCONF, DHCPV6CIPV6INIT=yes; IPV6FORWARDING=no; IPV6_AUTOCONF=!IPV6FORWARDING, DHCPV6=noMethod used for IPv6 protocol configuration. ignore ~ IPV6INIT=no; auto ~ IPV6_AUTOCONF=yes; dhcp ~ IPV6_AUTOCONF=no and DHCPV6C=yesdnsDNS1, DNS2, ...List of DNS servers. NetworkManager uses the variables both for IPv4 and IPv6.dns-searchDOMAINList of DNS search domains.addressesIPV6ADDR, IPV6ADDR_SECONDARIESList of static IP addresses. Example: IPV6ADDR=ab12:9876::1 IPV6ADDR_SECONDARIES="ab12:9876::2 ab12:9876::3"gatewayIPV6_DEFAULTGWGateway IP address. Example: IPV6_DEFAULTGW=abbe::1routes(none)List of static routes. They are not stored in ifcfg-* file, but in route6-* file instead in the form of command line for 'ip route add'.ignore-auto-routesIPV6_PEERROUTES(+)yesIPV6_PEERROUTES has the opposite meaning as 'ignore-auto-routes' property.ignore-auto-dnsIPV6_PEERDNS(+)yesIPV6_PEERDNS has the opposite meaning as 'ignore-auto-dns' property.dhcp-hostnameDHCP_HOSTNAMEHostname to send the DHCP server.never-defaultIPV6_DEFROUTE(+), (and IPV6_DEFAULTGW, IPV6_DEFAULTDEV in /etc/sysconfig/network)IPV6_DEFROUTE=yes (when no variable specified)IPV6_DEFROUTE=no tells NetworkManager that this connection should not be assigned the default IPv6 route. IPV6_DEFROUTE has the opposite meaning as 'never-default' property.may-failIPV6_FAILURE_FATAL(+)noIPV6_FAILURE_FATAL has the opposite meaning as 'may-fail' property.ip6-privacyIPV6_PRIVACY, IPV6_PRIVACY_PREFER_PUBLIC_IP(+)noConfigure IPv6 Privacy Extensions for SLAAC (RFC4941). Example: IPV6_PRIVACY=rfc3041 IPV6_PRIVACY_PREFER_PUBLIC_IP=yes Allowed values: IPV6_PRIVACY: no, yes (rfc3041 or rfc4941); IPV6_PRIVACY_PREFER_PUBLIC_IP: yes, noPropertyIfcfg-rh VariableDefaultDescriptionconfigTEAM_PORT_CONFIGTeam port configuration in JSON. See man teamd.conf for details.PropertyIfcfg-rh VariableDefaultDescriptionconfigTEAM_CONFIGTeam configuration in JSON. See man teamd.conf for details.PropertyIfcfg-rh VariableDefaultDescriptionparentDEVICE or PHYSDEVParent interface of the VLAN.idVLAN_ID or DEVICEVLAN identifier.flagsVLAN_FLAGS, REORDER_HDRParent interface of the VLAN. Allowed values: "GVRP", "LOOSE_BINDING" for VLAN_FLAGS; 0 or 1 for REORDER_HDRingress-property-mapVLAN_INGRESS_PRIORITY_MAPIngress priority mapping. Example: VLAN_INGRESS_PRIORITY_MAP=4:2,3:5egress-property-mapVLAN_EGRESS_PRIORITY_MAPEgress priority mapping. Example: VLAN_EGRESS_PRIORITY_MAP=5:4,4:1,3:7interface-namePHYSDEV and VLAN_ID, or DEVICEVLAN interface name. If all variables are set, parent device from PHYSDEV takes precedence over DEVICE, but VLAN id from DEVICE takes precedence over VLAN_ID. Example: PHYSDEV=eth0, VLAN_ID=12; or DEVICE=eth0.12PropertyIfcfg-rh VariableDefaultDescriptionport(none)The property is not saved by the plugin.speed(none)The property is not saved by the plugin.duplex(none)The property is not saved by the plugin.auto-negotiate(none)The property is not saved by the plugin.mac-addressHWADDRHardware address of the device in traditional hex-digits-and-colons notation (e.g. 00:22:68:14:5A:05).cloned-mac-addressMACADDRCloned (spoofed) MAC address in traditional hex-digits-and-colons notation (e.g. 00:22:68:14:5A:99).mac-address-blacklistHWADDR_BLACKLIST(+)It denies usage of the connection for any device whose address is listed. Example: HWADDR_BLACKLIST="00:22:68:11:69:08 00:11:22:11:44:55"mtuMTUMTU of the interface.s390-subchannelsSUBCHANNELSSubchannels for IBM S390 hosts. Example: SUBCHANNELS=0.0.b00a,0.0.b00b,0.0.b00cs390-nettypeNETTYPENetwork type of the S390 host. Example: NETTYPE=qeth Allowed values: "qeth", "lcs" or "ctc"s390-optionsOPTIONS and PORTNAME, CTCPROTO,S390 device options. All options go to OPTIONS, except for "portname" and "ctcprot" that have their own variables.PropertyIfcfg-rh VariableDefaultDescriptionkey-mgmtKEY_MGMT(+)Key management menthod. Allowed values: IEEE8021X, WPA-PSK, WPA-EAPwep-tx-keyidxDEFAULTKEY1Index of active WEP key. Allowed values: 1, 2, 3, 4auth-algSECURITYMODE(+)Authentication algorithm for WEP. Allowed values: restricted, open, leapprotoWPA_ALLOW_WPA(+), WPA_ALLOW_WPA2(+)noAllowed WPA protocols, WPA and WPA2 (RSN). Allowed values: yes, nopairwiseCIPHER_PAIRWISE(+)Restrict pairwise encryption algorithms, specified as a space separated list. Allowed values: CCMP, TKIPgroupCIPHER_GROUP(+)Restrict group/broadcast encryption algorithms, specified as a space separated list. Allowed values: CCMP, TKIP, WEP40, WEP104leap-usernameIEEE_8021X_IDENTITY(+)Login name for LEAP.wep-key0KEY1, KEY_PASSPHRASE1(+)The first WEP key (used in most networks). See also DEFAULTKEY for key index.wep-key1KEY2, KEY_PASSPHRASE2(+)WEP key with index 1. See also DEFAULTKEY for key index.wep-key2KEY3, KEY_PASSPHRASE3(+)WEP key with index 2. See also DEFAULTKEY for key index.wep-key3KEY4, KEY_PASSPHRASE4(+)WEP key with index 3. See also DEFAULTKEY for key index.wep-key-flagsWEP_KEY_FLAGS(+)Password flags for KEY<i>, KEY_PASSPHRASE<i> password. (see for _FLAGS values)pskWPA_PSKPre-Shared-Key for WPA networks.psk-flagsWPA_PSK_FLAGS(+)Password flags for WPA_PSK_FLAGS. (see for _FLAGS values) Example: WPA_PSK_FLAGS=userleap-passwordIEEE_8021X_PASSWORD(+)Password for LEAP. It can also go to "key-" lookaside file, or it can be owned by a secret agent.leap-password-flagsIEEE_8021X_PASSWORD_FLAGS(+)Password flags for IEEE_8021X_PASSWORD_FLAGS. (see for _FLAGS values)wep-key-typeKEY<i> or KEY_PASSPHRASE<i>(+)KEY is used for "key" type (10 or 26 hexadecimal characters, or 5 or 13 character string prefixed with "s:"). KEY_PASSPHRASE is used for WEP passphrases. Example: KEY1=s:ahoj, KEY1=0a1c45bc02, KEY_PASSPHRASE1=mysupersecretkeyPropertyIfcfg-rh VariableDefaultDescriptionssidESSIDSSID of Wi-Fi network. Example: ESSID="Quick Net"modeMODEWi-Fi network mode. Allowed values: Ad-Hoc, Managed (Auto) [case insensitive]bandBAND(+)BAND alone is honored, but CHANNEL overrides BAND since it implies a band. Example: BAND=bg Allowed values: a, bgchannelCHANNELChannel used for the Wi-Fi communication. Channels greater than 14 mean "a" band, otherwise the band is "bg". Example: CHANNEL=6bssidBSSID(+)Restricts association only to a single AP. Example: BSSID=00:1E:BD:64:83:21rate(none)This property is not handled by ifcfg-rh plugin.tx-power(none)This property is not handled by ifcfg-rh plugin.mac-addressHWADDRHardware address of the device in traditional hex-digits-and-colons notation (e.g. 00:22:68:14:5A:05).cloned-mac-addressMACADDRCloned (spoofed) MAC address in traditional hex-digits-and-colons notation (e.g. 00:22:68:14:5A:99).mac-address-blacklistHWADDR_BLACKLIST(+)It denies usage of the connection for any device whose address is listed.seen-bssids(none)This property is not handled by ifcfg-rh plugin.mtuMTUMTU of the wireless interface.hiddenSSID_HIDDEN(+)Whether the network hides the SSID.security(none)This property is deprecated and not handled by ifcfg-rh-plugin.The following settings are not supported by ifcfg-rh plugin:adsl, bluetooth, ppp, pppoe, serial, generic, gsm, cdma, 802-11-olpc-mesh, wimax, vpn Each secret property in a NetworkManager setting has an associated flags property that describes how to handle that secret. In the fcfg-rh plugin variables for secret flags have a _FLAGS suffix. The variables contain one or more of the folowing values (space separated). Missing (or empty) *_FLAGS variable means that the password is owned by NetworkManager. user - a user-session secret agent is responsible for providing and storing this secret; when it is required, agents will be asked to provide it.ask - the associated password is not saved but it will be requested from the user each time it is required.unused - in some situations it cannot be automatically determined that a secret is required or not. This flag hints that the secret is not required and should not be requested from the user.NetworkManager developers/etc/sysconfig/network-scripts/ifcfg-*/etc/sysconfig/network-scripts/keys-*/etc/sysconfig/network-scripts/route-*/etc/sysconfig/network-scripts/route6-*/usr/share/doc/initscripts/sysconfig.txthttps://developer.gnome.org/NetworkManager/unstable/ref-settings.htmlnm-settings(5), nm-settings-keyfile(5), NetworkManager(8), NetworkManager.conf(5), nmcli(1), nmcli-examples(5)