table of contents
other versions
- jessie 0.9.10.0-7
- stretch 1.6.2-3+deb9u2
- testing 1.14.4-4
- stretch-backports 1.14.4-2~bpo9+1
- unstable 1.14.6-2
NMCLI(1) | General Commands Manual | NMCLI(1) |
NAME¶
nmcli - command‐line tool for controlling NetworkManagerSYNOPSIS¶
nmcli [ OPTIONS ] OBJECT { COMMAND | help } OBJECT := { general | networking | radio | connection | device } OPTIONS := {DESCRIPTION¶
nmcli is a command‐line tool for controlling NetworkManager and reporting network status. It can be utilized as a replacement for nm‐applet or other graphical clients. nmcli is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status. Typical uses include:- —
- Scripts: utilize NetworkManager via nmcli instead of managing network connections manually. nmcli supports a terse output format which is better suited for script processing. Note that NetworkManager can also execute scripts, called "dispatcher scripts", in response to network events. See NetworkManager for details about these dispatcher scripts.
- —
- Servers, headless machines, and terminals: nmcli can be used to control NetworkManager without a GUI, including creating, editing, starting and stopping network connections and viewing network status.
OPTIONS¶
- -t, --terse
- Output is terse. This mode is designed and suitable for computer (script) processing.
- -p, --pretty
- Output is pretty. This causes nmcli to produce easily readable outputs for humans, i.e. values are aligned, headers are printed, etc.
- -m, --mode tabular | multiline
- Switch between tabular and multiline output. If omitted,
default is tabular for most commands. For the commands producing
more structured information, that cannot be displayed on a single line,
default is multiline. Currently, they are:
'nmcli connection show <ID>' 'nmcli device show'
tabular – Output is a table where each line describes a single entry. Columns define particular properties of the entry.
- -f, --fields <field1,field2,...> | all | common
- This option is used to specify what fields (column names) should be
printed. Valid field names differ for specific commands. List available
fields by providing an invalid value to the --fields option.
- -e, --escape yes | no
- Whether to escape ':' and '\' characters in terse tabular mode. The escape character is '\'. If omitted, default is yes.
- -n, --nocheck
- This option can be used to force nmcli to skip checking nmcli and NetworkManager version compatibility. Use it with care, because using incompatible versions may produce incorrect results.
- -a, --ask
- When using this option nmcli will stop and ask for any missing required arguments, so do not use this option for non-interactive purposes like scripts.
- -w, --wait <seconds>
- This option sets a timeout period for which nmcli will wait for NetworkManager to finsh operations. It is especially useful for commands that may take a longer time to complete, e.g. connection activation. Specifying a value of 0 instructs nmcli not to wait but to exit immediately with a status of success. The default value depends on the executed command.
- -v, --version
- Show nmcli version.
- -h, --help
- Print help information.
OBJECT¶
- general - general NetworkManager status and operations
-
COMMAND := { status | hostname | permissions | logging }¶
- status
-
- hostname [<hostname>]
-
- permissions
-
- logging [level <log level>] [domains <log domains>]
-
- networking - get or set general networking state of NetworkManager
-
COMMAND := { [ on | off | connectivity ] }¶
- [ on | off ]
-
- connectivity [check]
-
- none
- – the host is not connected to any network
- portal
- – the host is behind a captive portal and cannot reach the full Internet
- limited
- – the host is connected to a network, but it has no access to the Internet
- full
- – the host is connected to a network and has full access to the Internet
- unknown
- – the connectivity status cannot be found out
- radio - get or set radio switch states
-
COMMAND := { all | wifi | wwan | wimax }¶
- wifi [ on | off ]
-
- wwan [ on | off ]
-
- wimax [ on | off ]
-
- all [ on | off ]
-
- connection - start, stop, and manage network connections
- NetworkManager stores all network configuration as connections, which are collections of data (Layer2 details, IP addressing, etc.) that describe how to create or connect to a network. A connection is active when a device uses that connection's configuration to create or connect to a network. There may be multiple connections that apply to a device, but only one of them can be active on that device at any given time. The additional connections can be used to allow quick switching between different networks and configurations. Consider a machine which is usually connected to a DHCP-enabled network, but sometimes connected to a testing network which uses static IP addressing. Instead of manually reconfiguring eth0 each time the network is changed, the settings can be saved as two connections which both apply to eth0, one for DHCP (called "default") and one with the static addressing details (called "testing"). When connected to the DHCP-enabled network the user would run "nmcli con up default" , and when connected to the static network the user would run "nmcli con up testing".
COMMAND := { show | up | down | add | edit | modify | delete | reload | load }¶
- show [--active]
-
- show [--active] [ id | uuid | path | apath ] <ID> ...
-
Optional <ID>-specifying keywords are:
- id
- – the <ID> denotes a connection name
- uuid
- – the <ID> denotes a connection UUID
- path
- – the <ID> denotes a D-Bus static connection path in the format of /org/freedesktop/NetworkManager/Settings/<num> or just <num>
- apath
- – the <ID> denotes a D-Bus active connection path in the format of /org/freedesktop/NetworkManager/ActiveConnection/<num> or just <num>
- profile
- – only shows static profile configuration
- active
- – only shows active connection data (when the profile is active)
- up [ id | uuid | path ] <ID> [ifname <ifname>] [ap <BSSID>] [nsp <name>]
up ifname <ifname> [ap <BSSID>] [nsp
<name>]
Activate a connection. The connection is identified by its name, UUID or D-Bus
path. If <ID> is ambiguous, a keyword id, uuid or
path can be used. When requiring a particular device to activate the
connection on, the ifname option with interface name should be given.
If the <ID> is not given an ifname is required, and
NetworkManager will activate the best available connection for the given
ifname. In case of a VPN connection, the ifname option specifies
the device of the base connection. The ap option specify what
particular AP should be used in case of a Wi‐Fi connection.
If '--wait' option is not specified, the default timeout will be 90 seconds.
See connection show above for the description of the
<ID>-specifying keywords.
Available options are:
- ifname
- – interface that will be used for activation
- ap
- – BSSID of the AP which the command should connect to (for Wi‐Fi connections)
- nsp
- – NSP (Network Service Provider) which the command should connect to (for WiMAX connections)
- down [ id | uuid | path | apath ] <ID>
-
- add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS
-
- COMMON_OPTIONS:
- type <type>
- – connection type; see below TYPE_SPECIFIC_OPTIONS for allowed values; (mandatory)
- ifname <ifname> | "*"
- – interface to bind the connection to. The connection will only be applicable to this interface name. A special value of " *" can be used for interface-independent connections. The ifname argument is mandatory for all connection types except bond, team, bridge and vlan. Note: use quotes around * to suppress shell expansion.
- [con-name <connection name>]
- – connection name (when not provided a default name is generated: <type>[-<ifname>][-<num>])
- [autoconnect yes|no]
- – whether the connection profile can be automatically activated (default: yes)
- [save yes|no]
- – whether the connection should be persistent, i.e. NetworkManager should store it on disk (default: yes)
- TYPE_SPECIFIC_OPTIONS:
- ethernet:
- [mac <MAC address>]
- – MAC address of the device this connection is locked to
- [cloned-mac <cloned MAC address>]
- – cloned MAC
- [mtu <MTU>]
- – MTU
- wifi:
- ssid <SSID>
- – SSID
- [mac <MAC address>]
- – MAC address of the device this connection is locked to
- [cloned-mac <cloned MAC address>]
- – cloned MAC
- [mtu <MTU>]
- – MTU
- wimax:
- [mac <MAC address>]
- – MAC address of the device this connection is locked to
- [nsp <NSP>]
- – Network Service Provider name
- pppoe:
- username <PPPoE username>
- – PPPoE username
- [password <PPPoE password>]
- – Password for the PPPoE username
- [service <PPPoE service name>]
- – PPPoE service name (if required by concentrator)
- [mtu <MTU>]
- – MTU
- [mac <MAC address>]
- – MAC address of the device this connection is locked to
- gsm:
- apn <APN>
- – APN - GSM Access Point Name
- [user <username>]
- – user name
- [password <password>]
- – password
- cdma:
- [user <username>]
- – user name
- [password <password>]
- – password
- infiniband:
- [mac <MAC address>]
- – MAC address of the device this connection is locked to (InfiniBand MAC is 20 bytes)
- [mtu <MTU>]
- – MTU
- [transport-mode datagram | connected]
- – InfiniBand transport mode
- [parent <interface name>]
- – the interface name of the parent device (if any)
- [p-key <IPoIB P_Key>]
- – the InfiniBand P_Key (16-bit unsigned integer)
- bluetooth:
- [addr <bluetooth address>]
- – Bluetooth device address (MAC)
- [bt-type panu|dun-gsm|dun-cdma]
- – Bluetooth connection type
- vlan:
- dev <parent device (connection UUID, ifname, or MAC)>
- – parent device this VLAN is on
- id <VLAN ID>
- – VLAN ID in range <0-4095>
- [flags <VLAN flags>]
- – flags
- [ingress <ingress priority mapping>]
- – VLAN ingress priority mapping
- [egress <egress priority mapping>]
- – VLAN egress priority mapping
- [mtu <MTU>]
- – MTU
- bond:
- [mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |
- 802.3ad (4) | balance-tlb (5) | balance-alb (6)]
- – bonding mode (default: balance-rr)
- [primary <ifname>]
- – primary interface name (for "active-backup" mode)
- [miimon <num>]
- – miimon (default: 100)
- [downdelay <num>]
- – downdelay (default: 0)
- [updelay <num>]
- – updelay (default: 0)
- [arp-interval <num>]
- – ARP interval (default: 0)
- [arp-ip-target <num>]
- – ARP IP target
- bond-slave:
- master <master (ifname, or connection UUID or name)>
- – master bond interface name, or connection UUID or ID of bond master connection profile. The value can be prefixed with ifname/, uuid/ or id/ to disambiguate it.
- team:
- [config <file>|<raw JSON data>]
- – JSON configuration for team
- team-slave:
- master <master (ifname, or connection UUID or name)>
- – master team interface name, or connection UUID or ID of team master connection profile. The value can be prefixed with ifname/, uuid/ or id/ to disambiguate it.
- [config <file>|<raw JSON data>]
- – JSON configuration for team
- bridge:
- [stp yes|no]
- – controls whether Spanning Tree Protocol (STP) is enabled for this bridge (default: yes)
- [priority <num>]
- – sets STP priority (default: 128)
- [forward-delay <2-30>]
- – STP forwarding delay, in seconds (default: 15)
- [hello-time <1-10>]
- – STP hello time, in seconds (default: 2)
- [max-age <6-42>]
- – STP maximum message age, in seconds (default: 20)
- [ageing-time <0-1000000>]
- – the Ethernet MAC address aging time, in seconds (default: 300)
- [mac <MAC address>]
- – MAC address of the bridge (note: this requires a recent kernel feature, originally introduced in 3.15 upstream kernel)
- bridge-slave:
- master <master (ifname, or connection UUID or name)>
- – master bridge interface name, or connection UUID or ID of bridge master connection profile. The value can be prefixed with ifname/, uuid/ or id/ to disambiguate it.
- [priority <0-63>]
- – STP priority of this slave (default: 32)
- [path-cost <1-65535>]
- – STP port cost for destinations via this slave (default: 100)
- [hairpin yes|no]
- – 'hairpin mode' for the slave, which allows frames to be sent back out through the slave the frame was received on (default: yes)
- vpn:
- vpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|ssh|l2tp|iodine|...
- – VPN type
- [user <username>]
- – VPN username
- olpc-mesh:
- ssid <SSID>
- – SSID
- [channel <1-13>]
- – channel to use for the network
- [dhcp-anycast <MAC address>]
- – anycast DHCP MAC address used when requesting an IP address via DHCP
- IP_OPTIONS:
- [ip4 <IPv4 address>] [gw4 <IPv4 gateway>]
- – IPv4 addresses
- [ip6 <IPv6 address>] [gw6 <IPv6 gateway>]
- – IPv6 addresses
- edit [id | uuid | path ] <ID> - edit an existing connection
edit [type <new connection type>] [con-name
<new connection name>] - add a new connection
Edit an existing connection or add a new one, using an
interactive editor.
The existing connection is identified by its name, UUID or D-Bus path. If
<ID> is ambiguous, a keyword id, uuid, or path can
be used. See connection show above for the description of the
<ID>-specifying keywords. Not providing an <ID> means that a new
connection will be added.
The interactive editor will guide you through the connection editing and allow
you to change connection parameters according to your needs by means of a
simple menu-driven interface. The editor indicates what settings and
properties can be modified and provides in-line help.
Available options:
- type
- – type of the new connection; valid types are the same as for connection add command
- con-name
- – name for the new connection. It can be changed later in the editor.
See also nm-settings(5) for all NetworkManager settings and property
names, and their descriptions; and nmcli-examples(5) for sample editor
sessions.
- modify [--temporary] [ id | uuid | path ] <ID> [+|-]<setting>.<property> <value>
- [+|-]<setting>.<property> <value> ...
- delete [ id | uuid | path ] <ID> ...
-
- reload
-
- load <filename> [<filename>...]
-
- device - show and manage network interfaces
-
COMMAND := { status | show | connect | disconnect | wifi | wimax }¶
- status
-
- show [<ifname>]
-
- connect <ifname>
-
- disconnect <ifname>
-
- wifi [list [ifname <ifname>] [bssid <BSSID>]]
-
- wifi connect <(B)SSID> [password <password>] [wep-key-type key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>] [private yes|no]
-
Available options are:
- password
- – password for secured networks (WEP or WPA)
- wep-key-type
- – type of WEP secret, either key for ASCII/HEX key or phrase for passphrase
- ifname
- – interface that will be used for activation
- bssid
- – if specified, the created connection will be restricted just for the BSSID
- name
- – if specified, the connection will use the name (else NM creates a name itself)
- private
- – if set to yes, the connection will only be visible to the user who created it. Otherwise the connection is system‐wide, which is the default.
- wifi rescan [[ifname] <ifname>]
-
- wimax [list [ifname <ifname>] [nsp <name>]]
-
ENVIRONMENT VARIABLES¶
nmcli's behavior is affected by the following environment variables.- LC_ALL
- If set to a non‐empty string value, it overrides the values of all the other internationalization variables.
- LC_MESSAGES
- Determines the locale to be used for internationalized messages.
- LANG
- Provides a default value for the internationalization variables that are unset or null.
EXIT STATUS¶
nmcli exits with status 0 if it succeeds, a value greater than 0 is returned if an error occurs.- 0
- Success – indicates the operation succeeded
- 1
- Unknown or unspecified error
- 2
- Invalid user input, wrong nmcli invocation
- 3
- Timeout expired (see --wait option)
- 4
- Connection activation failed
- 5
- Connection deactivation failed
- 6
- Disconnecting device failed
- 7
- Connection deletion failed
- 8
- NetworkManager is not running
- 9
- nmcli and NetworkManager versions mismatch
- 10
- Connection, device, or access point does not exist.
EXAMPLES¶
This section presents various examples of nmcli usage. If you want even more, please refer to nmcli-examples(5) manual page.- nmcli -t -f RUNNING general
- tells you whether NetworkManager is running or not.
- nmcli -t -f STATE general
- shows the overall status of NetworkManager.
- nmcli radio wifi off
- switches Wi‐Fi off.
- nmcli connection show
- lists all connections NetworkManager has.
- nmcli -p -m multiline -f all con show
- shows all configured connections in multi-line mode.
- nmcli connection show --active
- lists all currently active connections.
- nmcli -f name,autoconnect c s
- shows all connection profile names and their auto-connect property.
- nmcli -p connection show "My default em1"
- shows details for "My default em1" connection profile.
- nmcli -f active connection show "My default em1"
- shows details for "My default em1" active connection, like IP, DHCP information, etc.
- nmcli -f profile con s "My wired connection"
- shows static configuration details of the connection profile with "My wired connection" name.
- nmcli -p con up "My wired connection" ifname eth0
- activates the connection profile with name "My wired connection" on interface eth0. The -p option makes nmcli show progress of the activation.
- nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
- connects the Wi‐Fi connection with UUID 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID 00:3A:98:7C:42:D3.
- nmcli device status
- shows the status for all devices.
- nmcli dev disconnect em2
- disconnects a connection on interface em2 and marks the device as unavailable for auto‐connecting. As a result, no connection will automatically be activated on the device until the device's 'autoconnect' is set to TRUE or the user manually activates a connection.
- nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
- shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES sections will be shown.
- nmcli dev wifi
- lists available Wi‐Fi access points known to NetworkManager.
- nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
- creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the existing connection profile can be used and no additional is created.
- nmcli connection add type ethernet autoconnect no ifname eth0
- non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP), and disables the connection's "autoconnect" flag.
- nmcli c a ifname Maxipes‐fik type vlan dev eth0 id 55
- non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface will be named Maxipes‐fik.
- nmcli connection edit ethernet-em1-2
- edits existing "ethernet‐em1‐2" connection in the interactive editor.
- nmcli connection edit type ethernet con-name "yet another Ethernet connection"
- adds a new Ethernet connection in the interactive editor.
- nmcli con mod ethernet-2 connection.autoconnect no
- modifies 'autoconnect' property in the 'connection' setting of 'ethernet‐2' connection.
- nmcli con mod "Home Wi-Fi" wifi.mtu 1350
- modifies 'mtu' property in the 'wifi' setting of 'Home Wi‐Fi' connection.
- nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11"
- sets manual addressing and the addresses in em1-1 profile.
- nmcli con modify ABC +ipv4.dns 8.8.8.8
- appends a Google public DNS server to DNS servers in ABC profile.
- nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
- removes the specified IP address from (static) profile ABC.
NOTES¶
nmcli accepts abbreviations, as long as they are a unique prefix in the set of possible options. As new options get added, these abbreviations are not guaranteed to stay unique. For scripting and long term compatiblity it is therefore strongly advised to spell out the full option names.BUGS¶
There are probably some bugs. If you find a bug, please report it to https://bugzilla.gnome.org/ — product NetworkManager.SEE ALSO¶
nmcli-examples(5), nm-online(1), NetworkManager(8), NetworkManager.conf(5), nm-settings(5), nm-applet(1), nm-connection-editor(1).28 February 2014 |