This article describes how to create a virtual bridge in centos8 using the nmcli tool and add a physical NIC to the virtual bridge to make it a Layer 2 switch.

This operation is not only applicable to physical NIC devices, but also to virtual NIC devices of various virtual machines.

nmcli

The goal is to combine all three NICs in the red box into a Layer 2 switch. First we need to create a bridge device, which is the functional equivalent of the switch we normally use.

1
nmcli connection add type bridge con-name switch ifname switch autoconnect yes

nmcli

Next, we add the required NICs to the bridge named switch that we just created.

1
2
3
nmcli connection add type bridge-slave ifname enp0s20u3 master switch
nmcli connection add type bridge-slave ifname enp0s20u4 master switch
nmcli connection add type bridge-slave ifname enp6s0 master switch

nmcli

After we finish adding the bridge and NICs, we need to modify the configuration of the bridge and NICs by editing the corresponding configuration files to modify the boot options and IP addresses: /etc/sysconfig/network-scripts/ifcfg-*, and unboot all NICs added to the switch bridge to avoid conflicts with the bridge configuration.

1
ONBOOT=no

Also set a static IP address for the bridge, the method of configuration and some related configurations are as follows.

1
2
3
4
5
6
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
GATEWAY=192.168.1.253
DNS1=8.8.8.8

Once configured, the entire switch device is equivalent to a Layer 2 switch with three RJ45 interfaces and a management IP. We connect the router to the NIC of the switch and our computer to the other interface, which will theoretically be able to obtain the IP address issued by the router via DHCP.

The computer NIC is connected directly to the NIC that has been added to the bridge on the Linux host using a network cable, and the status can be checked to get the IPv4 and IPv6 addresses directly and properly networked, which proves that the whole virtual bridge device is working properly.

NIC

The same operation can be done with KVM virtual machines. Generally, if we add a bridged NIC to the host NIC directly, it is possible for the virtual machine and the host to be on the same network segment. But this time there is no way for the host to communicate directly with the virtual machine.

You can then create a virtual bridge, add the host NIC to the bridge, and then choose to bridge to the virtual bridge when the virtual machine’s NIC is created.