Linux常用命令-ip

发表于 分类于

命令

ip

描述

show / manipulate routing, devices, policy routing and tunnels
显示或配置网络

用法

1
2
3
4
5
6
7
8
9
10
11
12
13
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
            tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
            netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
            vrf }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
             -h[uman-readable] | -iec |
             -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
             -4 | -6 | -I | -D | -B | -0 |
             -l[oops] { maximum-addr-flush-attempts } | -br[ief] |
             -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
             -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}

选项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Options:
  -h, -human, -human-readable  显示为可读形式
  -b, -batch <FILENAME>  以批处理方式运行,即从文件或标准输入中读取命令,出现错误时将终止命令
  -force  在批处理模式下,不要在出现错误时终止ip命令,返回非0状态码
  -s, -stats, -statistics  显示更多信息,可重复使用,如-s -s将显示更多信息,注意不能合并为-ss
  -d, -details  显示详情
  -l, -loops <COUNT>
         Specify maximum number of loops the 'ip address flush' logic will attempt before giving up.
         The default is 10. Zero (0) means loop until all addresses are removed.
  -f, -family <FAMILY>  指定协议,可选参数inet(默认), inet6, bridge, ipx, dnet, mpls or link.
  -4  等同于-family inet.
  -6  shortcut for -family inet6.
  -B  shortcut for -family bridge.
  -D  shortcut for -family decnet.
  -I  shortcut for -family ipx.
  -M  shortcut for -family mpls.
  -0  shortcut for -family link.
  -o, -oneline  在单行上输出每条记录,并用“\”字符替换换行符
  -r, -resolve  显示为DNS解析的名称而非主机地址
  -n, -netns <NETNS>
         switches ip to the specified network namespace NETNS.
         Actually it just simplifies executing of:
         ip netns exec NETNS ip [ OPTIONS ] OBJECT { COMMAND | help }
         to
         ip -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }
  -a, -all  executes specified command over all objects, it depends if command supports this option.
  -c, -color  突出显示关键字,如接口名称,IP地址,MAC地址,接口状态等
  -t, -timestamp  display current time when using monitor option.
  -ts, -tshort  Like -timestamp, but use shorter format.
  -rc, -rcvbuf<SIZE>  Set the netlink socket receive buffer size, defaults to 1MB.
  -iec   print human readable rates in IEC units (e.g. 1Ki = 1024).

OBJECT: 子命令
  address - 管理IP地址
  addrlabel - 管理IPv6地址标签
  l2tp   - tunnel ethernet over IP (L2TPv3).
  link   - 管理网络设备
  maddress - 管理组播地址
  monitor - watch for netlink messages.
  mroute - multicast routing cache entry.
  mrule  - rule in multicast routing policy database.
  neighbour - 管理ARP记录
  netns  - manage network namespaces.
  ntable - manage the neighbor cache's operation.
  route  - routing table entry.
  rule   - rule in routing policy database.
  tcp_metrics/tcpmetrics - manage TCP Metrics
  token  - manage tokenized interface identifiers.
  tunnel - tunnel over IP.
  tuntap - manage TUN/TAP devices.
  xfrm   - manage IPSec policies.

  The names of all objects may be written in full or abbreviated form,
  for example address can be abbreviated as addr or just a.

注意

ip命令仅用于查看网络信息和临时更改网络配置
所有操作执行后立即生效,切勿更改当前正在连接的网卡配置,可能导致网络中断无法连接
所有操作重启后失效,如需保存网络更改推荐使用nmcli命令或更改网络配置文件

示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
$ ip -V
ip utility, iproute2-ss170501

# 查看子命令man帮助,子命令如下
$ man ip-address
ip-address      ip-l2tp         ip-monitor      ip-netns        ip-tcp_metrics  ip-xfrm
ip-addrlabel    ip-link         ip-mroute       ip-ntable       ip-token
ip-fou          ip-macsec       ip-neighbour    ip-route        ip-tunnel
ip-gue          ip-maddress     ip-netconf      ip-rule         ip-vrf

# 显示IP地址,命令可以简写为ip a
$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:3a:5b:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.31.11/24 brd 192.168.31.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:50:e4:9b:0a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
# 显示MAC地址
$ ip neigh
192.168.31.15 dev eth0 lladdr 94:87:e0:31:32:f2 STALE
192.168.31.6 dev eth0 lladdr e8:6a:64:d8:70:8d REACHABLE
192.168.31.1 dev eth0 lladdr 40:31:3c:27:3e:51 REACHABLE
# 显示路由表
$ ip route
default via 192.168.31.1 dev eth0 proto static metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.11 metric 100
# -6 显示IPv6路由表
$ ip -6 route
$ route -6
# 还可以通过route命令显示路由表
$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         XiaoQiang       0.0.0.0         UG    100    0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.31.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0
# -s 查看详情,-h 显示可读形式,show eth0指定eth0网卡
$ ip -s -s -h addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:3a:5b:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.31.11/24 brd 192.168.31.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    RX: bytes  packets  errors  dropped overrun mcast
    1.27M      20.0k    0       0       0       0
    RX errors: length   crc     frame   fifo    missed
               0        0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    270k       2.74k    0       0       0       0
    TX errors: aborted  fifo   window heartbeat transns
               0        0       0       0       2
# -4 只显示IPv4地址
$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.31.11/24 brd 192.168.31.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
# -o 在单行上输出每条记录,并用“\”字符代替换行符
$ ip -o a
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: eth0    inet 192.168.31.11/24 brd 192.168.31.255 scope global noprefixroute eth0\       valid_lft forever preferred_lft forever
3: docker0    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0\       valid_lft forever preferred_lft forever

# 以下命令设置仅临时生效
# 配置IP地址
ip address  #查看接口信息,包括二层信息,状态UP/DOWN,MAC地址,IP地址
ip addr show eth0  #查看指定接口信息
ip -4 -o add  #显示ipv4地址不分行,格式为一条信息显示一行
ip addr show up  #查看已启用的网卡
ip addr add 1.1.1.1/24 dev eth0  #一个网卡添加多个IP地址
ip addr add 2.2.2.2/24 dev eth0 label eth0:home  #添加多个IP地址并命名
ip addr add 3.3.3.3/24 dev eth0 label eth0:office
ip addr  #查看配置的多个IP地址
ip addr del 1.1.1.1/24 dev eth0  #删除一个IP地址
ip addr flush dev eth0  #删除网卡下的所有IP地址,包括主IP地址,如果是通过该接口ssh登录的话,会中断网络,慎用!
ip addr add 172.16.100.100/16 dev eth0 label eth0:0
ip addr del 172.16.100.100/16 dev eth0 label eth0:0
ip addr flush dev eth0 label eth0:0  #删除网卡下的所有label配置

ip link set eth0 { up | down }  #启用或禁用网卡
ip link set eth0 arp { up | down }
ip link set eth0 promisc { on | off }
ip link set eth0 dynamic { on | off }
ip link set eth0 multicast { on | off }
ip link set eth0 name NAME #更改网卡名称
ip link set eth0 address LLADDR
ip link set eth0 mtu MTU  #设置MTU值
ip link set eth0 alias NAME  #设置别名

# 配置路由,使用route命令
route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0  #指定静态路由,下一跳出接口
route add -net 192.168.0.0/24 dev eth0  #同上简写
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.10.1 dev eth0  #指定静态路由,下一跳网关,接口可以省略
route add -net 192.168.0.0/24 gw 192.168.10.1  #同上简写
route add -host 192.168.1.3 gw 192.168.10.1  #主机路由
route add -net 0.0.0.0/0 gw 192.168.10.1  #默认路由
route add default gw 192.168.10.1  #默认路由简写
route #查看路由表
# 使用route命令显示路由表,Flags标志位说明如下:
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
! (reject route)
route del -net 192.168.0.0 netmask 255.255.255.0
route del -net 192.168.0.0/24  #同上简写,删除静态路由
route del -host 192.168.1.3
route del 192.168.1.3  #同上简写,删除主机路由
route del -net 0.0.0.0/0 gw 192.168.10.1
route del default gw 192.168.10.1  #同上简写,删除默认路由

# 配置路由,使用ip route命令,推荐
ip route add  #添加路由
ip route change  #变更路由
ip route replace  #替换路由
ip route delete  #删除路由
ip route show  #查看路由
ip route flush  #刷新指定路由
ip route get  #显示指定路由
ip route save > route.db  #保存到文件
ip route restore < route.db  #恢复路由表
ip route add 2.2.2.0/24 via 192.168.10.1  #添加静态路由指定下一跳
ip route add 30.1.1.0/24 dev eth0  #添加静态路由指定出接口
ip route add 20.1.1.1 dev eth0  #添加主机路由
ip route add default dev eth0  #添加默认路由
ip route add default via 192.168.1.1 dev eth0
ip route change 2.2.2.0/24 dev eth0  #更改指定的路由条目,可以更改出接口或下一跳,metric等信息
ip route show table main
ip route   #同上简写
ip route show via 192.168.10.1   #查看下一跳为192.168.10.2的路由条目
ip route show dev eth0  #查看出接口为eth0的路由条目
ip route show to 2.2.2.0/24  #查看去往2.2.2.0/24的路由条目信息
ip route show src 192.168.11.12
ip route flush 2.2.2.0  #刷新指定的路由条目
ip route get 2.2.0.0  #显示路由表中的一条指定条目信息
ip route add 10.1.2.0/24 via 192.168.10.1 metric 50 table 3  #添加一条metric值为50的静态路由到路由表3中
ip route show table 3  #查看路由表3中的路由条目
ip route del 10.1.2.0/24 table 3  #删除表3中路由
ip route del 2.2.2.0/24  #删除静态路由
ip route del 20.1.1.1  #删除主机路由
ip route del default  #删除默认路由

# 配置永久生效的路由
# 开启路由转发功能
$ echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
$ sysctl -p
# 配置网卡路由条目,在/etc/sysconfig/network-script/下添加路由接口配置文件route-INTERFACE(每个接口一个文件,只能添加针对该接口的路由)
$ vim /etc/sysconfig/network-scripts/route-eth0
# 格式1--推荐,最新格式规范,同ifcfg网卡文件的配置,每n行表示一条路由,n为数字,默认从0开始
ADDRESS0=192.168.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.10.1
ADDRESS1=172.16.0.0
NETMASK1=255.255.0.0
GATEWAY1=172.16.0.1
METRIC1=80
# 格式2,即ip route add的语法格式,注意两种格式不能混用
10.10.10.0/24 dev eth0
172.10.0.0/25 via 172.10.0.1
# 重启网络
$ systemctl restart network

$ more /etc/sysconfig/network-scripts/route-eth0
1.1.1.0/24 via 192.168.31.2 dev eth0
2.2.2.0/24 dev eth0 metric 90
$ systemctl restart network
$ ip route
default via 192.168.31.1 dev eth0 proto static metric 100
1.1.1.0/24 via 192.168.31.2 dev eth0 proto static metric 100
2.2.2.0/24 dev eth0 proto static scope link metric 90
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.11 metric 100