How to Configure Bridge Networking on RHEL 8

December 25, 2025
Linux
Comment off

A Linux network bridge acts like a virtual switch, forwarding frames between connected interfaces at Layer 2. Bridges are essential when running virtual machines with QEMU/KVM or containers (Podman/Docker) that need full network access on the same subnet as the host. On RHEL 8, NetworkManager is the authoritative networking service, and nmcli is the recommended command-line tool for creating and managing bridges without editing configuration files by hand. This tutorial walks through creating a bridge, attaching a physical interface as a slave, configuring a static IP, and verifying the setup.

Prerequisites

RHEL 8 server with NetworkManager running: systemctl status NetworkManager
A physical or virtual Ethernet interface to enslave (e.g., ens3); note that enslaving an interface drops its existing IP
A static IP address, gateway, and DNS server values for the bridge
Console or out-of-band access is recommended — enslaving the active interface will briefly interrupt SSH connectivity
bridge-utils installed for verification: dnf install -y bridge-utils

Step 1 — Identify the Physical Interface

List current NetworkManager connections to confirm the name and state of the interface you plan to enslave. Note its current IP configuration so you can apply the same values to the bridge.

nmcli device status
nmcli connection show
ip addr show ens3

Take note of the current IPv4 address, prefix length, gateway, and DNS servers — you will assign these to the bridge interface in a later step.

Step 2 — Create the Bridge Interface

Create a new connection of type bridge named br0. Disabling STP (Spanning Tree Protocol) is appropriate for simple setups with a single uplink; enable it if you have a more complex topology with loops.

nmcli con add type bridge ifname br0 con-name br0 bridge.stp no

# Confirm the connection was created
nmcli connection show br0

By default the bridge will attempt DHCP. You will set a static address in Step 4. Leave it unconfigured for now.

Step 3 — Attach the Physical Interface as a Bridge Slave

Add the physical interface as a slave (also called a port) to the bridge. This creates a new connection profile that ties ens3 to br0. Replace ens3 with your actual interface name.

nmcli con add type bridge-slave ifname ens3 master br0 con-name br0-slave-ens3

# Confirm the slave connection
nmcli connection show br0-slave-ens3

The slave connection has no IP configuration of its own — all addressing is handled on the bridge interface.

Step 4 — Assign a Static IP to the Bridge

Configure the bridge with a static IPv4 address, gateway, and DNS. Adjust the values to match your network. The address uses CIDR notation (e.g., 192.168.1.50/24).

nmcli con mod br0 
  ipv4.method manual 
  ipv4.addresses 192.168.1.50/24 
  ipv4.gateway 192.168.1.1 
  ipv4.dns "8.8.8.8 8.8.4.4" 
  connection.autoconnect yes

# Disable the old ens3 connection to avoid IP conflicts
nmcli con down ens3
nmcli con mod ens3 connection.autoconnect no

Step 5 — Bring Up the Bridge

Activate the bridge and its slave. NetworkManager will bring up the slave automatically when the bridge connection is started, but explicit activation ensures both are running.

nmcli con up br0
nmcli con up br0-slave-ens3

# Verify IP assignment on the bridge
ip addr show br0

If your SSH session dropped during activation, reconnect using the bridge IP (192.168.1.50 in this example). The bridge is now carrying all traffic that was previously on ens3.

Step 6 — Verify and Validate the Bridge

Confirm the bridge is forwarding traffic correctly and that the physical interface appears as a bridge port. Test connectivity and review the bridge’s MAC and forwarding table.

# Show bridge interfaces and attached ports
brctl show

# Show the bridge's STP and forwarding state
brctl showstp br0

# Verify the forwarding database (learned MACs)
brctl showmacs br0

# Confirm routing and DNS
ip route
ping -c 3 192.168.1.1
ping -c 3 google.com

To connect a KVM virtual machine to the bridge, specify br0 as the network source in the VM’s interface definition. For Podman, use --network bridge:br0 when creating a container, or define a Podman network with driver=bridge pointing to br0.

Conclusion

You have created a fully functional network bridge on RHEL 8 using NetworkManager and nmcli, enslaved a physical Ethernet interface, assigned a static IP, and verified bridge operation with brctl and standard IP tools. Because NetworkManager manages the bridge natively, it persists across reboots and behaves correctly during interface hot-plug events. This configuration is the standard foundation for KVM virtual machines and Podman macvlan networks that need direct Layer 2 access to your physical network segment. For production deployments, consider adding a second physical interface as a bond slave under the bridge to provide link redundancy.

Next steps: How to Configure Network Bonding and Teaming on RHEL 8, How to Set Up KVM Virtualization with a Bridged Network on RHEL 8, and How to Configure VLANs with NetworkManager on RHEL 8.