Switching the type of a network connected to a network interface
If a server's network interface supports connection to both private and public networks, you can switch between these network types for that interface.
Alert
When switching the type of a network attached to a network interface, the physical interface remains connected to the same Leaf-level switch it was previously connected to. This means that if you replace a public network with a private one on the interface, access to the private network via this interface will be routed through the same switch that handles the public network interfaces of other servers in the same data center rack.
Consequently, if this switch fails or a network attack targets any server in the rack, private network traffic passing through this modified interface may be disrupted or restricted.
This limitation does not apply to servers with MC-LAG network redundancy.
To switch the type of a network connected to a network interface:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
-
View the description of the server update command:
yc baremetal server update --help -
Get a list of BareMetal servers in the default folder:
yc baremetal server listResult:
+----------------------+---------------+---------+-------+---------------------+ | ID | NAME | STATUS | DISKS | CREATED AT | +----------------------+---------------+---------+-------+---------------------+ | ly5zeaqeklpg******** | sample-server | RUNNING | | 2026-05-15 11:46:38 | +----------------------+---------------+---------+-------+---------------------+ -
Identify the server interface that supports both private and public network connections. The procedure depends on the server configuration type (ready-made or custom):
Ready-made configurationCustom configuration-
Get detailed information about your server by specifying its name or ID:
yc baremetal server get sample-serverResult:
id: ly5zeaqeklpg******** ... network_interfaces: - private_subnet: private_subnet_id: ly5lpb2vydo7******** private_interface: native_subnet_id: ly5lpb2vydo7******** mac_limit: "5" id: ly5zjjc2vfpi******** mac_address: b4:2e:99:58:2b:a6 configuration_network_interface_id: ly5oc5p4u6vg******** - private_subnet: private_subnet_id: ly5lpb2vydo7******** private_interface: native_subnet_id: ly5lpb2vydo7******** mac_limit: "5" id: ly5mzklkjpa5******** mac_address: b4:2e:99:58:2b:a8 configuration_network_interface_id: ly5dmh2u3qwe******** configuration_id: ly5tdlrmwezt******** created_at: "2026-05-15T11:46:38.842525Z"As the output shows, your server has two network interfaces, both currently connected to a private network (private subnet
ly5lpb2vydo7********):- Interface
ly5zjjc2vfpi********, associated with network interface configurationly5oc5p4u6vg********. - Interface
ly5mzklkjpa5********, associated with network interface configurationly5dmh2u3qwe********.
Server configuration ID (
configuration_id):ly5tdlrmwezt********. Save this value, as you will need it in the next step. - Interface
-
Get details on your server's configuration to determine which of the two interfaces supports both
PRIVATEandPUBLICnetwork types. To do this, run the following command while specifying the server configuration ID you saved earlier:yc baremetal configuration get ly5tdlrmwezt********Result:
id: ly5tdlrmwezt******** name: LA-i107-S-1/10G memory_gib: "16" cpu: name: Xeon D-1521 vendor: Intel cores: "8" physical_cores: "4" frequency_mhz: "2400" disk_drives: - type: SSD disk_count: "2" disk_size_gib: "838" network_capacity_gbps: "10" cpu_num: "1" network_interfaces: - id: ly5oc5p4u6vg******** name: iface0 configuration_id: ly5tdlrmwezt******** link_speed_gbps: '1' available_modes: - PRIVATE - id: ly5dmh2u3qwe******** name: iface1 configuration_id: ly5tdlrmwezt******** link_speed_gbps: '1' available_modes: - PUBLIC - PRIVATEThe output shows that, given the server configuration, the interface with configuration ID
ly5dmh2u3qwe********supports bothPRIVATEandPUBLICnetworks.From the earlier
yc baremetal server getoutput, this network interface configuration ID (ly5dmh2u3qwe********) corresponds to the server's network interfacely5mzklkjpa5********. Thus, this is the only interface here that supports network type switching.
-
Get detailed information about your server by specifying its name or ID:
yc baremetal server get sample-serverResult:
id: ly5zeaqeklpg******** ... network_interfaces: - private_subnet: private_subnet_id: ly5lpb2vydo7******** private_interface: native_subnet_id: ly5lpb2vydo7******** mac_limit: "5" id: ly5zjjc2vfpi******** mac_address: b4:2e:99:58:2b:a6 configuration_network_interface_id: ly5oc5p4u6vg******** - private_subnet: private_subnet_id: ly5lpb2vydo7******** private_interface: native_subnet_id: ly5lpb2vydo7******** mac_limit: "5" id: ly5mzklkjpa5******** mac_address: b4:2e:99:58:2b:a8 configuration_network_interface_id: ly5dmh2u3qwe******** configuration: custom_configuration: cpu: cores: "8" frequency_mhz: "2600" name: Xeon E5-2650V2 physical_cores: "8" vendor: Intel cpu_num: "2" disk_drives: - disk_count: "2" disk_size_gib: "3725" type: HDD id: ly5x6w3htlgx******** memory_gib: "128" mounting_availability: UNAVAILABLE name: custom-ly5x6w3htlgx******** network_capacity_gbps: "1" network_interfaces: - id: ly5oc5p4u6vg******** name: iface0 configuration_id: ly5x6w3htlgx******** link_speed_gbps: '1' available_modes: - PRIVATE - id: ly5dmh2u3qwe******** name: iface1 configuration_id: ly5x6w3htlgx******** link_speed_gbps: '1' available_modes: - PRIVATE - PUBLIC created_at: "2026-05-18T07:42:32.835148Z"As you can see in the output:
-
Your server has two network interfaces (see them under
network_interfaces), both currently connected to a private network (private subnetly5lpb2vydo7********):- Interface
ly5zjjc2vfpi********, associated with network interface configurationly5oc5p4u6vg********. - Interface
ly5mzklkjpa5********, associated with network interface configurationly5dmh2u3qwe********.
- Interface
-
The network interface configuration (under
configuration.custom_configuration.network_interfaces) that supports connecting to different network types (PRIVATEandPUBLIC) has this ID (theidfield value):ly5dmh2u3qwe********. -
Under
network_interfaces, network interface configurationly5dmh2u3qwe********is associated (via theconfiguration_network_interface_idfield) with the server's network interfacely5mzklkjpa5********. Thus, this is the only interface here that supports network type switching.
-
-
-
Get a list of subnets available for connecting to the server's network interface in the default folder:
Warning
The server and the private subnets connected to it must belong to the same server pool.
Connecting a public networkConnecting a private networkTo connect a network interface to a public network, get a list of available public subnets by running this command:
yc baremetal public-subnet listResult:
+----------------------+------+---------------+-------------------+ | ID | NAME | ZONE-ID | HARDWARE-POOL-IDS | +----------------------+------+---------------+-------------------+ | ly57sgipg23b******** | | ru-central1-m | ru-central1-m4 | +----------------------+------+---------------+-------------------+To connect a network interface to a private network, get a list of available private subnets by running this command:
yc baremetal private-subnet listResult:
+----------------------+----------------------+--------+--------------------------------+ | ID | NAME | STATUS | VRF-OPTIONS | +----------------------+----------------------+--------+--------------------------------+ | ly5lpb2vydo7******** | m4-subnet | READY | vrf_id: ly5xox6z2fyn********, | | | | | cidr: 192.168.20.0/24, | | | | | gateway_ip: 192.168.20.1 | | ly5v3mfr4bm5******** | m3-subnet | READY | vrf_id: ly5xox6z2fyn********, | | | | | cidr: 192.168.21.0/24, | | | | | gateway_ip: 192.168.21.1, | | | | | start_ip: 192.168.21.1, | | | | | end_ip: 192.168.21.254 | +----------------------+----------------------+--------+--------------------------------+ -
Update the type of the network connected to the server's interface by specifying the server ID, the IDs of both network interfaces, and the IDs of the subnets to connect to each interface:
Note
To change the type of the network connected to a BareMetal server’s network interface, you need the baremetal.editor role or higher.
Connecting a public networkConnecting a private networkIn the example, the network interface that supports switching between network types is connected to a public network, while the settings for the other interface remain unchanged:
yc baremetal server update \ --id=ly5zeaqeklpg******** \ --network-interfaces='id=ly5zjjc2vfpi********,private-subnet-id=ly5lpb2vydo7********' \ --network-interfaces='id=ly5mzklkjpa5********,public-subnet-id=ly57sgipg23b********' \ --asyncIn the example, the network interface that supports switching between network types is connected to a private network, while the settings for the other interface remain unchanged:
yc baremetal server update \ --id=ly5zeaqeklpg******** \ --network-interfaces='id=ly5zjjc2vfpi********,private-subnet-id=ly5lpb2vydo7********' \ --network-interfaces='id=ly5mzklkjpa5********,private-subnet-id=ly5lpb2vydo7********' \ --asyncResult:
id: ly5mroq72gok******** description: Server update created_at: "2026-05-18T05:44:28.751844Z" created_by: ajeol2afu1js******** modified_at: "2026-05-18T05:44:28.751844Z" metadata: '@type': type.googleapis.com/yandex.cloud.baremetal.v1alpha.UpdateServerMetadata server_id: ly5zeaqeklpg******** -
Wait for the operation to complete (usually about five minutes), then refetch server details to confirm the interface network update:
yc baremetal server get sample-serverResult:
id: ly5zeaqeklpg******** ... network_interfaces: - private_subnet: private_subnet_id: ly5lpb2vydo7******** private_interface: native_subnet_id: ly5lpb2vydo7******** mac_limit: "5" id: ly5zjjc2vfpi******** mac_address: b4:2e:99:58:2b:a6 configuration_network_interface_id: ly5oc5p4u6vg******** - public_subnet: public_subnet_id: ly57sgipg23b******** public_interface: ip_address: 185.184.***.*** native_subnet_id: ly57sgipg23b******** mac_limit: "5" id: ly5mzklkjpa5******** mac_address: b4:2e:99:58:2b:a8 ip_address: 185.184.***.*** configuration_network_interface_id: ly5dmh2u3qwe******** ...
To use these examples, install cURL and get an IAM token for authenticating with the Yandex Cloud API.
Tip
For convenience, consider storing the IAM token in an environment variable before sending requests.
The procedure for switching the network type depends on the server configuration type (ready-made or custom):
-
Get information about your server by including its ID in the request:
curl \ --request GET \ --header "Authorization: Bearer <IAM_token>" \ "https://baremetal.api.cloud.yandex.net/baremetal/v1alpha/servers/<server_ID>"Result:
{ ... "networkInterfaces": [ { "privateSubnet": { "privateSubnetId": "ly5lpb2vydo7********" }, "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********", "macLimit": "5" }, "id": "ly5zjjc2vfpi********", "macAddress": "b4:2e:99:58:2b:a6", "configurationNetworkInterfaceId": "ly5oc5p4u6vg********" }, { "privateSubnet": { "privateSubnetId": "ly5lpb2vydo7********" }, "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********", "macLimit": "5" }, "id": "ly5mzklkjpa5********", "macAddress": "b4:2e:99:58:2b:a8", "configurationNetworkInterfaceId": "ly5dmh2u3qwe********" } ], "id": "ly5zeaqeklpg********", "cloudId": "b1gia87mbaom********", "folderId": "b1gt6g8ht345********", "name": "sample-server", "zoneId": "ru-central1-m", "hardwarePoolId": "ru-central1-m4", "status": "RUNNING", "configurationId": "ly5tdlrmwezt********", "createdAt": "2026-05-15T11:46:38.842525Z" }As the example shows, your server has two network interfaces, both currently connected to a private network (private subnet
ly5lpb2vydo7********):- Interface
ly5zjjc2vfpi********, associated with network interface configurationly5oc5p4u6vg********. - Interface
ly5mzklkjpa5********, associated with network interface configurationly5dmh2u3qwe********.
Server configuration ID (
configurationId):ly5tdlrmwezt********. Save this value, as you will need it in the next request. - Interface
-
Get details on your server's configuration to determine which of the two interfaces supports both
PRIVATEandPUBLICnetwork types. To do this, execute the following request while specifying the server configuration ID you saved earlier:curl \ --request GET \ --header "Authorization: Bearer <IAM_token>" \ "https://baremetal.api.cloud.yandex.net/baremetal/v1alpha/configurations/ly5tdlrmwezt********"Result:
{ "cpu": { "name": "Xeon D-1521", "vendor": "Intel", "cores": "8", "physicalCores": "4", "frequencyMhz": "2400" }, "diskDrives": [ { "type": "SSD", "diskCount": "2", "diskSizeGib": "838" } ], "id": "ly5tdlrmwezt********", "name": "LA-i107-S-1/10G", "memoryGib": "16", "networkCapacityGbps": "10", "cpuNum": "1", "networkInterfaces": [ { "id": "ly5oc5p4u6vg********", "name": "iface0", "configurationId": "ly5tdlrmwezt********", "linkSpeedGbps": "1", "availableModes": [ "PRIVATE" ] }, { "id": "ly5dmh2u3qwe********", "name": "iface1", "configurationId": "ly5tdlrmwezt********", "linkSpeedGbps": "1", "availableModes": [ "PRIVATE", "PUBLIC" ] } ], "mountingAvailability": "UNAVAILABLE" }The output shows that, given the server configuration, the interface with configuration ID
ly5dmh2u3qwe********supports bothPRIVATEandPUBLICnetworks.From the output of your earlier server information request, this network interface configuration ID (
ly5dmh2u3qwe********) corresponds to the server's network interfacely5mzklkjpa5********. Thus, this is the only interface here that supports network type switching.
-
Get information about your server by including its ID in the request:
curl \ --request GET \ --header "Authorization: Bearer <IAM_token>" \ "https://baremetal.api.cloud.yandex.net/baremetal/v1alpha/servers/<server_ID>"Result:
{ ... "networkInterfaces": [ { "privateSubnet": { "privateSubnetId": "ly5lpb2vydo7********" }, "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********", "macLimit": "5" }, "id": "ly5zjjc2vfpi********", "macAddress": "b4:2e:99:58:2b:a6", "configurationNetworkInterfaceId": "ly5oc5p4u6vg********" }, { "privateSubnet": { "privateSubnetId": "ly5lpb2vydo7********" }, "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********", "macLimit": "5" }, "id": "ly5mzklkjpa5********", "macAddress": "b4:2e:99:58:2b:a8", "configurationNetworkInterfaceId": "ly5dmh2u3qwe********" } ], "customConfiguration": { "id": "ly5vpv5ktwut********", "name": "custom-ly5vpv5ktwut********", "memoryGib": "128", "cpu": { "name": "Xeon E5-2650V2", "vendor": "Intel", "cores": "8", "physicalCores": "8", "frequencyMhz": "2600" }, "diskDrives": [ { "type": "HDD", "diskCount": "2", "diskSizeGib": "3725" } ], "cpuNum": "2", "networkInterfaces": [ { "id": "ly5oc5p4u6vg********", "name": "iface0", "configurationId": "ly5vpv5ktwut********", "linkSpeedGbps": "1", "availableModes": [ "PRIVATE" ] }, { "id": "ly5dmh2u3qwe********", "name": "iface1", "configurationId": "ly5vpv5ktwut********", "linkSpeedGbps": "1", "availableModes": [ "PRIVATE", "PUBLIC" ] } ], "mountingAvailability": "UNAVAILABLE" }, "id": "ly5zeaqeklpg********", "cloudId": "b1gia87mbaom********", "folderId": "b1gt6g8ht345********", "name": "sample-server", "zoneId": "ru-central1-m", "hardwarePoolId": "ru-central1-m4", "status": "RUNNING", "createdAt": "2026-05-15T11:46:38.842525Z" }As you can see in the output:
-
Your server has two network interfaces (see them under
networkInterfaces), both currently connected to a private network (private subnetly5lpb2vydo7********):- Interface
ly5zjjc2vfpi********, associated with network interface configurationly5oc5p4u6vg********. - Interface
ly5mzklkjpa5********, associated with network interface configurationly5dmh2u3qwe********.
- Interface
-
The network interface configuration (under
customConfiguration.networkInterfaces) that supports connecting to different network types (PRIVATEandPUBLIC) has this ID (theidfield value):ly5dmh2u3qwe********. -
Under
networkInterfaces, network interface configurationly5dmh2u3qwe********is associated (via theconfigurationNetworkInterfaceIdfield) with the server's network interfacely5mzklkjpa5********. Thus, this is the only interface here that supports network type switching.
-
-
Update the type of the network connected to the server's interface by specifying the server ID, the IDs of both network interfaces, and the IDs of the subnets to connect to each interface:
Note
To change the type of the network connected to a BareMetal server’s network interface, you need the baremetal.editor role or higher.
Connecting a public networkConnecting a private networkIn the example, the network interface that supports switching between network types is connected to a public network, while the settings for the other interface remain unchanged.
Execute the following request specifying the server ID, the IDs of its network interfaces, and those of the desired subnets:
Warning
The server and the private subnets connected to it must belong to the same server pool.
curl \ --request PATCH \ --header "Authorization: Bearer <IAM_token>" \ "https://baremetal.api.cloud.yandex.net/baremetal/v1alpha/servers/<server_ID>" \ --data \ ''' { "updateMask": { "paths": [ "network_interfaces" ] }, "networkInterfaces": [ { "id": "ly5zjjc2vfpi********", "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********" } }, { "id": "ly5mzklkjpa5********", "publicInterface": { "nativeSubnet": { "subnetId": "ly57sgipg23b********" } } } ] } '''In the example, the network interface that supports switching between network types is connected to a private network, while the settings for the other interface remain unchanged.
Execute the following request specifying the server ID, the IDs of its network interfaces, and those of the desired subnets:
Warning
The server and the private subnets connected to it must belong to the same server pool.
curl \ --request PATCH \ --header "Authorization: Bearer <IAM_token>" \ "https://baremetal.api.cloud.yandex.net/baremetal/v1alpha/servers/<server_ID>" \ --data \ ''' { "updateMask": { "paths": [ "network_interfaces" ] }, "networkInterfaces": [ { "id": "ly5zjjc2vfpi********", "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********" } }, { "id": "ly5mzklkjpa55xikrktd", "privateInterface": { "nativeSubnetId": "ly5lpb2vydo7********" } } ] } '''Result:
{ "done": false, "metadata": { "@type": "type.googleapis.com/yandex.cloud.baremetal.v1alpha.UpdateServerMetadata", "serverId": "ly5zeaqeklpg********" }, "id": "ly56w27i7ehd********", "description": "Server update", "createdAt": "2026-05-18T18:28:52.058175Z", "createdBy": "ajeol2afu1js********", "modifiedAt": "2026-05-18T18:28:52.058175Z" } -
Wait for the operation to complete (usually about five minutes), then refetch server details to confirm the interface network update.
You can get the server ID using the management console or this Yandex Cloud CLI command: yc baremetal server list.
- Private subnet IDs are available in the management console or via this Yandex Cloud CLI command:
yc baremetal private-subnet list. - Public subnet IDs are available in the management console or via this Yandex Cloud CLI command:
yc baremetal public-subnet list.