NMCLI

NAME

nmcli − command-line tool for controlling NetworkManager

SYNOPSIS

nmcli [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT := { general | networking | radio | connection | device | agent }

OPTIONS := {
−t[erse]
−p[retty]
−m[mode] tabular | multiline
−f[ields] <field1,field2,...> | all | common
−e[scape] yes | no
−n[ocheck]
−a[sk]
−w[ait] <seconds>
−v[ersion]
−h[elp]
}

DESCRIPTION

nmcli is a command-line tool for controlling NetworkManager and reporting network status. It can be utilized as a replacement for nm-applet or other graphical clients. nmcli is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status.

Typical uses include:

OPTIONS
−t, −−terse

Output is terse. This mode is designed and suitable for computer (script) processing.

−p, −−pretty

Output is pretty. This causes nmcli to produce easily readable outputs for humans, i.e. values are aligned, headers are printed, etc.

−m, −−mode tabular | multiline

Switch between tabular and multiline output. If omitted, default is tabular for most commands. For the commands producing more structured information, that cannot be displayed on a single line, default is multiline. Currently, they are:
’nmcli connection show <ID>’
’nmcli device show’
tabular – Output is a table where each line describes a single entry. Columns define particular properties of the entry.
multiline – Each entry comprises multiple lines, each property on its own line. The values are prefixed with the property name.

−f, −−fields <field1,field2,...> | all | common

This option is used to specify what fields (column names) should be printed. Valid field names differ for specific commands. List available fields by providing an invalid value to the −−fields option.
all is used to print all valid field values of the command. common is used to print common field values of the command. If omitted, default is common. The option is mandatory when −−terse is used. In this case, generic values all and common cannot be used. (This is to maintain compatibility when new fields are added in the future).

−e, −−escape yes | no

Whether to escape ’:’ and ’\’ characters in terse tabular mode. The escape character is ’\’. If omitted, default is yes.

−n, −−nocheck

This option can be used to force nmcli to skip checking nmcli and NetworkManager version compatibility. Use it with care, because using incompatible versions may produce incorrect results.

−a, −−ask

When using this option nmcli will stop and ask for any missing required arguments, so do not use this option for non-interactive purposes like scripts. This option controls, for example, whether you will be prompted for a password if it is required for connecting to a network.

−w, −−wait <seconds>

This option sets a timeout period for which nmcli will wait for NetworkManager to finish operations. It is especially useful for commands that may take a longer time to complete, e.g. connection activation. Specifying a value of 0 instructs nmcli not to wait but to exit immediately with a status of success. The default value depends on the executed command.

−v, −−version

Show nmcli version.

−h, −−help

Print help information.

OBJECT
general − general NetworkManager status and operations

Use this object to show NetworkManager status and permissions. You can also get and change system hostname, as well as NetworkManager logging level and domains.

COMMAND := { status | hostname | permissions | logging }

hostname [<hostname>]

Get and change system hostname. With no arguments, this prints currently configured hostname. When you pass a hostname, it will be handed over to NetworkManager to be set as a new system hostname.
Note that the term system hostname may also be referred to as persistent or static by other programs or tools. The hostname is stored in /etc/hostname file in most distributions. For example, systemd-hostnamed service uses the term static hostname and it only reads the /etc/hostname file when it starts.

permissions

Show the permissions a caller has for various authenticated operations that NetworkManager provides, like enable and disable networking, changing Wi-Fi, WWAN, and WiMAX state, modifying connections, etc.

logging [level <log level>] [domains <log domains>]

Get and change NetworkManager logging level and domains. Without any argument current logging level and domains are shown. In order to change logging state, provide level and, or, domain parameters. See NetworkManager.conf for available level and domain values.

networking − get or set general networking state of NetworkManager

Use this object to show NetworkManager networking status, or to enable and disable networking. Disabling networking removes the configuration from all devices and changes them to the ’unmanaged’ state.

COMMAND := { [ on | off | connectivity ] }
[ on | off ]

Get networking-enabled status or enable and disable networking by NetworkManager. All interfaces managed by NetworkManager are deactivated when networking has been disabled.

connectivity [check]

Get network connectivity state. The optional check argument tells NetworkManager to re-check the connectivity, else the most recent known connectivity state is displayed without re-checking.
Possible states are:

radio − get or set radio switch states

Use this object to show radio switches status, or enable and disable the switches.

COMMAND := { all | wifi | wwan | wimax }
wifi [ on | off ]

Show or set status of Wi-Fi in NetworkManager. If no arguments are supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables Wi-Fi.

wwan [ on | off ]

Show or set status of WWAN (mobile broadband) in NetworkManager. If no arguments are supplied, mobile broadband status is printed; on enables mobile broadband, off disables it.

wimax [ on | off ]

Show or set status of WiMAX in NetworkManager. If no arguments are supplied, WiMAX status is printed; on enables WiMAX; off disables WiMAX. Note: WiMAX support is a compile-time decision, so it may be unavailable on some installations.

all [ on | off ]

Show or set all previously mentioned radio switches at the same time.

connection − start, stop, and manage network connections

NetworkManager stores all network configuration as connections, which are collections of data (Layer2 details, IP addressing, etc.) that describe how to create or connect to a network. A connection is active when a device uses that connection’s configuration to create or connect to a network. There may be multiple connections that apply to a device, but only one of them can be active on that device at any given time. The additional connections can be used to allow quick switching between different networks and configurations.

Consider a machine which is usually connected to a DHCP-enabled network, but sometimes connected to a testing network which uses static IP addressing. Instead of manually reconfiguring eth0 each time the network is changed, the settings can be saved as two connections which both apply to eth0, one for DHCP (called "default") and one with the static addressing details (called "testing"). When connected to the DHCP-enabled network the user would run "nmcli con up default" , and when connected to the static network the user would run "nmcli con up testing".

COMMAND := { show | up | down | add | edit | modify | delete |
reload | load }
show [--active]

List in-memory and on-disk connection profiles, some of which may also be active if a device is using that connection profile. Without a parameter, all profiles are listed. When --active option is specified, only the active profiles are shown.

show [--active] [--show-secrets] [ id | uuid | path | apath ]
<ID> ...

Show details for specified connections. By default, both static configuration and active connection data are displayed. When --active option is specified, only the active profiles are taken into account. When --show-secrets option is specified, secrets associated with the profile will be revealed too. id, uuid, path and apath keywords can be used if <ID> is ambiguous.

Optional <ID>-specifying keywords are:

It is possible to filter the output using the global --fields option. Use the following values:

You can also specify particular fields. For static configuration, use setting and property names as described in nm-settings(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6, VPN.

When no command is given to the connection object, the default action is ’nmcli connection show’.

up [ id | uuid | path ] <ID> [ifname <ifname>] [ap <BSSID>] [nsp
<name>] [passwd <file with passwords>]
up ifname <ifname> [ap <BSSID>] [nsp <name>] [passwd <file with passwords>]

Activate a connection. The connection is identified by its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword id, uuid or path can be used. When requiring a particular device to activate the connection on, the ifname option with interface name should be given. If the <ID> is not given an ifname is required, and NetworkManager will activate the best available connection for the given ifname. In case of a VPN connection, the ifname option specifies the device of the base connection. The ap option specify what particular AP should be used in case of a Wi-Fi connection.
If ’--wait’ option is not specified, the default timeout will be 90 seconds.
See connection show above for the description of the <ID>-specifying keywords.

Available options are:

setting_name.property_name:the password
For example, for WPA Wi-Fi with PSK, the line would be
802-11-wireless-security.psk:secret12345
For 802.1X password, the line would be
802-1x.password:my 1X password
nmcli also accepts "wifi-sec" and "wifi" strings instead of "802-11-wireless-security". When NetworkManager requires a password and it is not given, nmcli will ask for it when run with --ask. If --ask was not passed, NetworkManager can ask another secret agent that may be running (typically a GUI secret agent, such as nm-applet or gnome-shell).

down [ id | uuid | path | apath ] <ID> ...

Deactivate a connection from a device without preventing the device from further auto-activation. Multiple connections can be passed to the command.

Be aware that this command deactivates the specified active connection, but the device on which the connection was active, is still ready to connect and will perform auto-activation by looking for a suitable connection that has the ’autoconnect’ flag set. This includes the just deactivated connection. So if the connection is set to auto-connect, it will be automatically started on the disconnected device again.
In most cases you may want to use device disconnect command instead.

The connection is identified by its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword id, uuid, path or apath can be used.
See connection show above for the description of the <ID>-specifying keywords.
If ’--wait’ option is not specified, the default timeout will be 10 seconds.

add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS

Add a connection for NetworkManager. Arguments differ according to connection types, see below.
COMMON_OPTIONS:

TYPE_SPECIFIC_OPTIONS:
ethernet:

infiniband:

bluetooth:

dev <parent device (connection UUID, ifname, or MAC)>

– parent device this VLAN is on

[mode balance-rr (0) | active-backup (1) | balance-xor
(2) | broadcast (3) |
802.3ad (4) | balance-tlb (5) | balance-alb
(6)]

– bonding mode (default: balance-rr)

bond-slave:
master <master (ifname, or connection UUID or name)>

– master bond interface name, or connection UUID or ID of bond master connection profile. The value can be prefixed with ifname/, uuid/ or id/ to disambiguate it.

team-slave:
master <master (ifname, or connection UUID or name)>

– master team interface name, or connection UUID or ID of team master connection profile. The value can be prefixed with ifname/, uuid/ or id/ to disambiguate it.

bridge:

bridge-slave:
master <master (ifname, or connection UUID or name)>

– master bridge interface name, or connection UUID or ID of bridge master connection profile. The value can be prefixed with ifname/, uuid/ or id/ to disambiguate it.

vpn-type
vpnc|openvpn|pptp|openconnect|openswan|libreswan|ssh|l2tp|iodine|...

– VPN type

olpc-mesh:

IP_OPTIONS:

edit [id | uuid | path ] <ID> - edit an existing connection
edit [type <new connection type>] [con-name <new connection name>] - add a new connection

Edit an existing connection or add a new one, using an interactive editor.
The existing connection is identified by its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword id, uuid, or path can be used. See connection show above for the description of the <ID>-specifying keywords. Not providing an <ID> means that a new connection will be added.

The interactive editor will guide you through the connection editing and allow you to change connection parameters according to your needs by means of a simple menu-driven interface. The editor indicates what settings and properties can be modified and provides in-line help.

Available options:

See also nm-settings(5) for all NetworkManager settings and property names, and their descriptions; and nmcli-examples(5) for sample editor sessions.

modify [--temporary] [ id | uuid | path ] <ID>
[+|-]<setting>.<property> <value>

[+|-]<setting>.<property> <value> ...
Modify one or more properties in the connection profile.
The connection is identified by its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword id, uuid or path can be used. See nm-settings(5) for setting and property names, their descriptions and default values. This command supports abbreviations for setting name and property name provided they are unique. Empty value ("") removes the property value (sets the property to the default value). The provided value overwrites the existing property value.
If you want to append an item to the existing value, use + prefix for the property name. If you want to remove just one item from container-type property, use - prefix for the property name and specify a value or an zero-based index of the item to remove (or option name for properties with named options) as value. Of course, +|- only have a real effect for multi-value (container) properties like ipv4.dns, ipv4.addresses, bond.options, etc.
The changes to the connection profile will be saved persistently by NetworkManager, unless --temporary option is provided, in which case the changes won’t persist over NetworkManager restart.

delete [ id | uuid | path ] <ID> ...

Delete a configured connection. The connection to be deleted is identified by its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword id, uuid or path can be used.
See connection show above for the description of the <ID>-specifying keywords.
If ’--wait’ option is not specified, the default timeout will be 10 seconds.

load <filename> [<filename>...]

Load/reload one or more connection files from disk. Use this after manually editing a connection file to ensure that NetworkManager is aware of its latest state.

device - show and manage network interfaces

COMMAND := { status | show | connect | disconnect | delete | wifi |
wimax }

This is the default action if no command is specified to device object.

show [<ifname>]

Show detailed information about devices. Without an argument, all devices are examined. To get information for a specific device, the interface name has to be provided.

connect <ifname>

Connect the device. NetworkManager will try to find a suitable connection that will be activated. It will also consider connections that are not set to auto connect.
If ’--wait’ option is not specified, the default timeout will be 90 seconds.

disconnect <ifname> ...

Disconnect a device and prevent the device from automatically activating further connections without user/manual intervention. Note that disconnecting software devices may mean that the devices will disappear.
If ’--wait’ option is not specified, the default timeout will be 10 seconds.

delete <ifname> ...

Delete a device. The command removes the interface from the system. Note that this only works for software devices like bonds, bridges, teams, etc. Hardware devices (like Ethernet) cannot be deleted by the command.
If ’--wait’ option is not specified, the default timeout will be 10 seconds.

wifi [list [ifname <ifname>] [bssid <BSSID>]]

List available Wi-Fi access points. The ifname and bssid options can be used to list APs for a particular interface or with a specific BSSID, respectively.

wifi connect <(B)SSID> [password <password>] [wep−key−type
key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>]

[private yes|no] [hidden yes|no]
Connect to a Wi-Fi network specified by SSID or BSSID. The command creates a new connection and then activates it on a device. This is a command-line counterpart of clicking an SSID in a GUI client. The command always creates a new connection and thus it is mainly useful for connecting to new Wi-Fi networks. If a connection for the network already exists, it is better to bring up (activate) the existing connection as follows: nmcli con up id <name>. Note that only open, WEP and WPA-PSK networks are supported at the moment. It is also supposed that IP configuration is obtained via DHCP.
If ’--wait’ option is not specified, the default timeout will be 90 seconds.

Available options are:

wifi rescan [ifname <ifname>] [[ssid <SSID>] ...]

Request that NetworkManager immediately re-scan for available access points. NetworkManager scans Wi-Fi networks periodically, but in some cases it can be useful to start scanning manually (e.g. after resuming the computer). By using ssid, it is possible to scan for a specific SSID, which is useful for APs with hidden SSIDs. You can provide multiple ssid parameters in order to scan more SSIDs.
This command does not show the APs, use ’nmcli device wifi list’ for that.

wimax [list [ifname <ifname>] [nsp <name>]]

List available WiMAX NSP. The ifname and nsp options can be used to list networks for a particular interface or with a specific NSP, respectively.

agent − run nmcli as a NetworkManager secret agent, or polkit agent

COMMAND := { secret | polkit | all }

ENVIRONMENT VARIABLES

nmcli’s behavior is affected by the following environment variables.

Internationalization notes:
Be aware that nmcli is localized and that is why the output depends on your environment. This is important to realize especially when you parse the output.
Call nmcli as LC_ALL=C nmcli to be sure the locale is set to "C" while executing in a script.

LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale category (in that order), which determines the language that nmcli uses for messages. The "C" locale is used if none of these variables are set, and this locale uses English messages.

EXIT STATUS

nmcli exits with status 0 if it succeeds, a value greater than 0 is returned if an error occurs.

EXAMPLES

This section presents various examples of nmcli usage. If you want even more, please refer to nmcli-examples(5) manual page.
nmcli −t −f RUNNING general

tells you whether NetworkManager is running or not.

nmcli −t −f STATE general

shows the overall status of NetworkManager.

nmcli radio wifi off

switches Wi-Fi off.

nmcli connection show

lists all connections NetworkManager has.

nmcli −p −m multiline −f all con show

shows all configured connections in multi-line mode.

nmcli connection show --active

lists all currently active connections.

nmcli −f name,autoconnect c s

shows all connection profile names and their auto-connect property.

nmcli −p connection show "My default em1"

shows details for "My default em1" connection profile.

nmcli connection show --show-secrets "My Home WiFi"

shows details for "My Home WiFi" connection profile with all passwords. Without --show-secrets option, secrets would not be displayed.

nmcli −f active connection show "My default em1"

shows details for "My default em1" active connection, like IP, DHCP information, etc.

nmcli -f profile con s "My wired connection"

shows static configuration details of the connection profile with "My wired connection" name.

nmcli −p con up "My wired connection" ifname eth0

activates the connection profile with name "My wired connection" on interface eth0. The −p option makes nmcli show progress of the activation.

nmcli con up 6b028a27−6dc9−4411−9886−e9ad1dd43761 ap 00:3A:98:7C:42:D3

connects the Wi-Fi connection with UUID 6b028a27−6dc9−4411−9886−e9ad1dd43761 to the AP with BSSID 00:3A:98:7C:42:D3.

nmcli device status

shows the status for all devices.

nmcli dev disconnect em2

disconnects a connection on interface em2 and marks the device as unavailable for auto-connecting. As a result, no connection will automatically be activated on the device until the device’s ’autoconnect’ is set to TRUE or the user manually activates a connection.

nmcli −f GENERAL,WIFI−PROPERTIES dev show wlan0

shows details for wlan0 interface; only GENERAL and WIFI−PROPERTIES sections will be shown.

nmcli dev wifi

lists available Wi-Fi access points known to NetworkManager.

nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"

creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for the first time. Next time, it is better to use ’nmcli con up id "My cafe"’ so that the existing connection profile can be used and no additional is created.

nmcli connection add type ethernet autoconnect no ifname eth0

non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP), and disables the connection’s "autoconnect" flag.

nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55

non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface will be named Maxipes-fik.

nmcli connection edit ethernet−em1−2

edits existing "ethernet-em1-2" connection in the interactive editor.

nmcli connection edit type ethernet con-name "yet another Ethernet
connection"

adds a new Ethernet connection in the interactive editor.

nmcli con mod ethernet−2 connection.autoconnect no

modifies ’autoconnect’ property in the ’connection’ setting of ’ethernet-2’ connection.

nmcli con mod "Home Wi−Fi" wifi.mtu 1350

modifies ’mtu’ property in the ’wifi’ setting of ’Home Wi-Fi’ connection.

nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
192.168.1.1, 10.10.1.5/8, 10.0.0.11"

sets manual addressing and the addresses in em1-1 profile.

nmcli con modify ABC +ipv4.dns 8.8.8.8

appends a Google public DNS server to DNS servers in ABC profile.

nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"

removes the specified IP address from (static) profile ABC.

NOTES

nmcli accepts abbreviations, as long as they are a unique prefix in the set of possible options. As new options get added, these abbreviations are not guaranteed to stay unique. For scripting and long term compatiblity it is therefore strongly advised to spell out the full option names.

BUGS

There are probably some bugs. If you find a bug, please report it to https://bugzilla.gnome.org/ — product NetworkManager.

SEE ALSO

nmcli−examples(5), nm−online(1), NetworkManager(8), NetworkManager.conf(5), nm−settings(5), nm−applet(1), nm−connection−editor(1).