How to configure a second NIC on OCI

  • Published on Oct 21, 2025
  • 3 minute(s) read
Prev Next

WHAT TO EXPECT

In this article, users will learn how to configure a second NIC in OCI so it can be used with xNIC or cloudSwXtch

OCI Firewall rules and netplan

The default configuration for a VM created in OCI using the web console comes with only one NIC and with the firewall rules blocking xNIC traffic.

Set Firewall rules in iptables for OCI

Confirm that your iptables for your distro are allowing xNIC and cloudSwXtch control and data traffic to flow. The following is a sample iptables config that allows all traffic within a subnet CIDR range to flow.

  1. Using sudo, add the following rules specifying your control and data CIDR ranges to the /etc/iptables/rules.v4 file, just before the -A INPUT -j —reject with icmp-host-prohibited rule.  

-A INPUT -p all -s <your Control Subnet IP Address>/<mask> -j ACCEPT
-A INPUT -p all -s <your Data Subnet IP Address>/<mask> -j ACCEPT

  1. Replace the CIDRs with your own CIDRs, corresponding to the ctrl and data subnets. These numbers can be the same if using a single-subnet configuration for both your VNICs.

  2. Save the file and reboot the instance.

Important: XNIC v1 (swxtch-tun0) requires a third, similar rule for its subnet; example:

-A INPUT -p all -s 172.30.0.0/23 -j ACCEPT

When adding a second NIC, OCI will not automatically configure an IP for the adaptor.

Set DCHP in netplan for OCI 2nd NIC on Linux

In order to configure the IP for the second adapter, users can execute the following instructions:

For Ubuntu

Create the following file in the /etc/netplan folder and name it 02-datanic-static-config.yaml. Please note: Users will need to add the Private IP Address and the correct MAC address of the secondary VNIC into the file below. The information will be available executing ip a command.

network:
                version: 2
                ethernets:
                    ens4:
                        match:
                            macaddress: --<ADD macaddress of primary of 2nd VNIC> --
                        dhcp4: false
                        addresses:
                            - <ADD Primary IP ADDRESS OF 2ND VNIC>/<XX>

Where the <XX> is the net mask (or network mask) of ctrl-plane CIDR (in single-subnet configuration). Example:

network:
                version: 2
                ethernets:
                    ens4:
                        match:
                            macaddress: 02:00:17:31:7E:E8
                        dhcp4: false
                        addresses: 
						- 10.0.138.84/24

Run the following command to apply the changes:

sudo netplan apply

For RHEL-based distros

       â€¢ Create the following file in the /etc/sysconfig/network-scripts folder: ifcfg-ens4:

            DEVICE=ens4
            BOOTPROTO=none
            ONBOOT=yes
            PREFIX=24
            IPADDR=10.0.192.196
            MTU=9000

       â€¢ Note: the file owner has to be root:root.

       â€¢ Apply the changes

  • CentOS7 & RHEL 7:

 sudo systemctl restart network

  • CentOS 8 & RHEL 8: 

sudo systemctl restart NetworkManager

For Windows:

  • Navigate to Control Panel—>Network and Internet—>Network and Sharing Center

  • Select the 2nd NIC to open properties.

  • Select Internet Protocol Version 4 (TCP/IPv4)

  • Enter the IP Address, Subnet Mask, and Default gateway data.