ip命令的使⽤
显⽰所有⽹络接⼝信息
输⼊ip addr或者ip a命令可以显⽰所有的⽹络接⼝信息
[root@ecs-centos-7 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
多少人曾爱慕你年轻时的容颜歌词valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 74409sec preferred_lft 74409sec
inet6 fe80::f816:3eff:fee0:4fb8/64 scope link
valid_lft forever preferred_lft forever
[root@ecs-centos-7 ~]#
上⾯的输出中,可以看出系统⽬前的⽹络接⼝分别是lo和eth0, 前者是⽹络环回接⼝,后者是常规的⽹络接⼝输出接⼝信息的字段详解
<BROADCAST,MULTICAST,UP,LOWER_UP>: BROADCAST 表⽰⽀持⼴播, MULTICAST 表⽰⽀持多播
UP ⽹络接⼝处于开启状态
LOWER_UP 表⽰⽹络电缆已插⼊并且已连上⽹络
mtu 1500: 最⼤传输的单位1500字节
qdisc pfifo_fast: 数据包排队
state UP: 接⼝状态已开启
qlen 1000: 传输队列长度
link/ether fa:16:3e:e0:4f:b8 Mac地址
brd ff:ff:ff:ff:ff:ff ⼴播地址
inet 192.168.0.9/24 : IPV4
scope global: 全局有效
dynamic eth0: 动态分配地址
valid_lft 74409sec: IPV4有效期
preferred_lft 74409sec: IPV4⾸选⽣存期
inet6 fe80::f816:3eff:fee0:4fb8/64  IPV6
艾维奇死因曝光scope link: 仅在此接⼝上⽣效
除了输出所有的⽹络接⼝信息外,还可以按照以下⽅式个性化输出⽹络接⼝信息
按照是否⽀持 IPV4 或 IPV6输出
命令ip -4 a会输出只⽀持IPV4的接⼝信息
同样,命令ip -6 a会输出只⽀持IPV6的接⼝信息
按照接⼝名字输出
命令ip a show eth0会输出eth0接⼝的信息
[root@ecs-centos-7 ~]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 73494sec preferred_lft 73494sec
inet6 fe80::f816:3eff:fee0:4fb8/64 scope link
valid_lft forever preferred_lft forever
按照⽹络接⼝开启和关闭状态输出
命令ip link ls up会输出所有处于开启状态的⽹络接⼝信息
那么,ip link ls down就会输出所有处于关闭状态的⽹络接⼝信息
为⽹络接⼝添加、移除 IP地址
添加IP
为指定⽹络接⼝分配IP地址的命令格式: ip a add ip地址 dev 接⼝名字
⽐如:现在要为eth0⽹络接⼝分配⼀个⽹络掩码为 20 的IP 192.168.1.10, 具体的输⼊请看下⾯的实例
[root@ecs-centos-7 ~]# ip a add 192.168.1.10/20  dev eth0
[root@ecs-centos-7 ~]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 71787sec preferred_lft 71787sec
inet 192.168.1.10/20 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fee0:4fb8/64 scope link
valid_lft forever preferred_lft forever
从上⾯例⼦的输出结果可以看出,⽹络接⼝eth0上多了⼀个192.168.1.10的 IP
命令ip a add 192.168.1.10/20 dev eth0执⾏成功的话,是没有任何输出,如果⽹络接⼝eth0不存在的话,会输出Cannot find device "eth0"的错误信息
其实,还可以通过执⾏ping 192.168.1.10命令来测试⽹络接⼝上IP是否分配成功,如果能 ping 通IP的话,表⽰分配成功,否则表⽰失败
说明:192.168.1.10/20 中 20 是 CIDR 表⽰法的⽹络掩码,想详细了解的可以⾃⾏查阅⽹络掩码的资料
移除IP
⽹络接⼝上添加了IP之后,可使⽤ip a del ip地址 dev 接⼝名字命令从指定的接⼝移除指定的IP,移除的时候IP后⾯需要携带⽹络掩码
[root@ecs-centos-7 ~]# ip a del 192.168.1.10/20 dev eth0
[root@ecs-centos-7 ~]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 71414sec preferred_lft 71414sec
inet6 fe80::f816:3eff:fee0:4fb8/64 scope link
valid_lft forever preferred_lft forever
修改⽹络接⼝状态
要关闭或者开启⽹络接⼝,可以使⽤ip link set dev 接⼝名字 up/down命令
例如:有lo和eth0两个⽹络接⼝, 具体接⼝信息如下
[root@ecs-centos-7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 59216sec preferred_lft 59216sec
inet6 fe80::f816:3eff:fee0:4fb8/64 scope link
valid_lft forever preferred_lft forever
通过ping -w 3 127.0.0.1命令测试,结果表明lo接⼝⽬前是开启状态,具体的测试输出如下所⽰
[root@ecs-centos-7 ~]# ping -w 3 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.026 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.022 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.023 ms
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.014/0.021/0.026/0.005 ms
现在关闭lo⽹络接⼝,并再次测试该接⼝的状态,具体命令如下:
[root@ecs-centos-7 ~]# ip link set dev lo down
[root@ecs-centos-7 ~]# ip link show lo
1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@ecs-centos-7 ~]# ping -w 3 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
执⾏ip link set dev lo down命令之后,关闭了⽹络接⼝lo,通过ip link show lo命令查看该接⼝的信息,结果表明接⼝是关闭状态,再次通过ping -w 3 127.0.0.1测试接⼝的状态,再⼀次确认了接⼝是关闭状态
修改⽹络接⼝传输队列长度
通过p l set txqueuelen 长度 dev 接⼝名字命令可以设置⽹络接⼝的传输队列长度
[root@ecs-centos-7 ~]# ip l show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1200
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
[root@ecs-centos-7 ~]# ip l set txqueuelen 1000 dev eth0
[root@ecs-centos-7 ~]# ip l show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
上⾯的例⼦中,字符串qlen 1200表⽰传输队列长度是1200
从例⼦中可以看出,修改传输队列长度之前,传输队列长度是1200
执⾏ip l set txqueuelen 1000 dev eth0命令把传输队列长队修改为1000, 然后再执⾏ip l show eth0命令查询eth0⽹络接⼝的信息,查询结果中default qlen 1000说明修改成功
修改⽹络接⼝的MTU(最⼤传输单元)
通过p l set mtu 长度 dev 接⼝名字命令可以设置⽹络接⼝的最⼤传输单元
[root@ecs-centos-7 ~]# ip l show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1600 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1200
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
[root@ecs-centos-7 ~]# ip l set set mtu 1500 dev eth0
牛年快乐
[root@ecs-centos-7 ~]# ip l show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1200
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
上⾯的例⼦中,字符串mtu 1600表⽰最⼤传输单元是1600
从例⼦中可以看出,修改传输队列长度之前,最⼤传输单元是1600
执⾏ip l set set mtu 1500 dev eth0命令把最⼤传输单元修改为1500, 然后再执⾏ip l show eth0命令查询eth0⽹络接⼝的信息,查询结果中mtu 1500说明修改成功
查看IP路由表
下⾯⼏条命令都可以查看 IP 路由表
ip r
ip route
ip r list
ip route list
查看路由表
[root@ecs-centos-7 ~]# ip r
default via 192.168.0.1 dev eth0 proto dhcp metric 100
169.254.169.254 via 192.168.0.254 dev eth0 proto dhcp metric 100
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.9 metric 100
查看指定IP以及⽹络掩码的路由表
[root@ecs-centos-7 ~]# ip r list 192.168.0.0/24
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.9 metric 100
查看ARP缓存
ARP是 Address Resolution Protocol 的缩写, 全称是地址解析协议,它是⽤于实现从IP地址到Mac地址的映射,也就是询问⽬标IP的Mac地
在本地存储了⼀份IP对应Mac地址的映射表,这张表叫做 ARP缓存表,可以使⽤ip n命令查看缓存表
[root@ecs-centos-7 ~]# ip n
192.168.0.1 dev eth0 lladdr fa:16:3e:64:38:a8 REACHABLE
192.168.0.254 dev eth0 lladdr fa:fa:fa:fa:fa:01 STALE
更改⽹卡Mac地址
⼤部分场景中是不需要修改Mac地址的,但有时你可能想隐藏真实的Mac地址(物理地址),这时可以修改Mac地址,修改Mac地址的命令如下ip link set dev 接⼝名 address 新的Mac地址
下⾯以修改lo⽹络接⼝的Mac地址为例来说明
周星驰向华强
[root@ecs-centos-7 ~]# ip l list lo
崔智友结婚
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@ecs-centos-7 ~]# ip l set lo address fa:16:3e:e0:4f:b4
[root@ecs-centos-7 ~]# ip l list lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback fa:16:3e:e0:4f:b4 brd 00:00:00:00:00:00
从上⾯的例⼦中可以看出,lo接⼝初始的Mac地址是00:00:00:00:00:00
执⾏ip l set lo address fa:16:3e:e0:4f:b4命令修改Mac地址,然后再执⾏ip l list lo查看lo接⼝的信息,输出的结果信息表明Mac地址修改成功
注意:如果当前⽹络接⼝上执⾏上⾯的命令,当前会话会中断,需要重启机器才能恢复,所以最好是在其他的⽹络接⼝上测试
查看⽹络统计信息
通过ip -s link命令可以查看⽹络接⼝上的⼀些统计数据,⽐如接⼝上传输的字节数、报⽂数,错误或者丢弃的报⽂数等等
[root@ecs-centos-7 ~]# ip -s link
怎么升级鸿蒙
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes  packets  errors  dropped overrun mcast
272        2        0      0      0      0
TX: bytes  packets  errors  dropped carrier collsns
272        2        0      0      0      0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DE
FAULT group default qlen 1000
link/ether fa:16:3e:e0:4f:b8 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
47949      531      0      0      0      0
TX: bytes  packets  errors  dropped carrier collsns
50816      492      0      0      0      0
[root@ecs-centos-7 ~]#
想查看更详细的信息可以使⽤ip -s -s link命令, 这个在排除⽹络故障时经常⽤到