1NMCLI-EXAMPLES(7) Examples NMCLI-EXAMPLES(7)
2
6 nmcli-examples - usage examples of nmcli
7
9 nmcli [OPTIONS...]
10
12 nmcli is a command-line client for NetworkManager. It allows
13 controlling NetworkManager and reporting its status. For more
14 information please refer to nmcli(1) manual page.
15 The purpose of this manual page is to provide you with various examples
17 and usage scenarios of nmcli.
18
20 Example 1. Listing available Wi-Fi APs
21 $ nmcli device wifi list
23 * SSID MODE CHAN RATE SIGNAL BARS SECURITY
24 netdatacomm_local Infra 6 54 Mbit/s 37 ▂▄__ WEP
25 * F1 Infra 11 54 Mbit/s 98 ▂▄▆█ WPA1
26 LoremCorp Infra 1 54 Mbit/s 62 ▂▄▆_ WPA2 802.1X
27 Internet Infra 6 54 Mbit/s 29 ▂___ WPA1
28 HPB110a.F2672A Ad-Hoc 6 54 Mbit/s 22 ▂___ --
29 Jozinet Infra 1 54 Mbit/s 19 ▂___ WEP
30 VOIP Infra 1 54 Mbit/s 20 ▂___ WEP
31 MARTINA Infra 4 54 Mbit/s 32 ▂▄__ WPA2
32 N24PU1 Infra 7 11 Mbit/s 22 ▂___ --
33 alfa Infra 1 54 Mbit/s 67 ▂▄▆_ WPA2
34 bertnet Infra 5 54 Mbit/s 20 ▂___ WPA1 WPA2
35 This command shows how to list available Wi-Fi networks (APs). You can
37 also use --fields option for displaying different columns. nmcli -f
38 all dev wifi list will show all of them.
39 Example 2. Showing general information and properties for a Wi-Fi
41 interface
42 $ nmcli -p -f general,wifi-properties device show wlan0
44 ===========================================================================
45 Device details (wlan0)
46 ===========================================================================
47 GENERAL.DEVICE: wlan0
48 GENERAL.TYPE: wifi
49 GENERAL.VENDOR: Intel Corporation
50 GENERAL.PRODUCT: PRO/Wireless 5100 AGN [Shiloh] Network Connection
51 GENERAL.DRIVER: iwlwifi
52 GENERAL.DRIVER-VERSION: 3.8.13-100.fc17.x86_64
53 GENERAL.FIRMWARE-VERSION: 8.83.5.1 build 33692
54 GENERAL.HWADDR: 00:1E:65:37:A1:D3
55 GENERAL.MTU: 1500
56 GENERAL.STATE: 100 (connected)
57 GENERAL.REASON: 0 (No reason given)
58 GENERAL.UDI: /sys/devices/pci0000:00/0000:00:1c.1/net/wlan0
59 GENERAL.IP-IFACE: wlan0
60 GENERAL.IS-SOFTWARE: no
61 GENERAL.NM-MANAGED: yes
62 GENERAL.AUTOCONNECT: yes
63 GENERAL.FIRMWARE-MISSING: no
64 GENERAL.CONNECTION: My Alfa WiFi
65 GENERAL.CON-UUID: 85194f4c-d496-4eec-bae0-d880b4cbcf26
66 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/
67 10
68 ---------------------------------------------------------------------------
69 WIFI-PROPERTIES.WEP: yes
70 WIFI-PROPERTIES.WPA: yes
71 WIFI-PROPERTIES.WPA2: yes
72 WIFI-PROPERTIES.TKIP: yes
73 WIFI-PROPERTIES.CCMP: yes
74 WIFI-PROPERTIES.AP: no
75 WIFI-PROPERTIES.ADHOC: yes
76 ---------------------------------------------------------------------------
77 This command shows information about a Wi-Fi device.
79 Example 3. Listing NetworkManager polkit permissions
81 $ nmcli general permissions
83 PERMISSION VALUE
84 org.freedesktop.NetworkManager.enable-disable-network yes
85 org.freedesktop.NetworkManager.enable-disable-wifi yes
86 org.freedesktop.NetworkManager.enable-disable-wwan yes
87 org.freedesktop.NetworkManager.enable-disable-wimax yes
88 org.freedesktop.NetworkManager.sleep-wake no
89 org.freedesktop.NetworkManager.network-control yes
90 org.freedesktop.NetworkManager.wifi.share.protected yes
91 org.freedesktop.NetworkManager.wifi.share.open yes
92 org.freedesktop.NetworkManager.settings.modify.system yes
93 org.freedesktop.NetworkManager.settings.modify.own yes
94 org.freedesktop.NetworkManager.settings.modify.hostname auth
95 org.freedesktop.NetworkManager.settings.modify.global-dns auth
96 org.freedesktop.NetworkManager.reload auth
97 This command shows configured polkit permissions for various
99 NetworkManager operations. These permissions or actions (using polkit
100 language) are configured by a system administrator and are not meant to
101 be changed by users. The usual place for the polkit configuration is
102 /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy.
103 pkaction command can display description for polkit actions.
104 pkaction --action-id org.freedesktop.NetworkManager.network-control --verbose
106 More information about polkit can be found at
109 http://www.freedesktop.org/wiki/Software/polkit.
110 Example 4. Listing NetworkManager log level and domains
112 $ nmcli general logging
114 LEVEL DOMAINS
115 INFO PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,WIFI_SCAN,IP4,IP6,A
116 UTOIP4,DNS,VPN,SHARING,SUPPLICANT,AGENTS,SETTINGS,SUSPEND,CORE,DEVICE,OLPC,
117 WIMAX,INFINIBAND,FIREWALL,ADSL,BOND,VLAN,BRIDGE,DBUS_PROPS,TEAM,CONCHECK,DC
118 B,DISPATCH
119 This command shows current NetworkManager logging status.
121 Example 5. Changing NetworkManager logging
123 $ nmcli g log level DEBUG domains CORE,ETHER,IP
125 $ nmcli g log level INFO domains DEFAULT
126 The first command makes NetworkManager log in DEBUG level, and only for
128 CORE, ETHER and IP domains. The second command restores the default
129 logging state. Please refer to the NetworkManager.conf(5) manual page
130 for available logging levels and domains.
131 Example 6. Adding a bonding master and two slave connection profiles
133 $ nmcli con add type bond ifname mybond0 mode active-backup
135 $ nmcli con add type ethernet ifname eth1 master mybond0
136 $ nmcli con add type ethernet ifname eth2 master mybond0
137 This example demonstrates adding a bond master connection and two
139 slaves. The first command adds a master bond connection, naming the
140 bonding interface mybond0 and using active-backup mode. The next two
141 commands add slaves connections, both enslaved to mybond0. The first
142 slave will be bound to eth1 interface, the second to eth2.
143 Example 7. Adding a team master and two slave connection profiles
145 $ nmcli con add type team con-name Team1 ifname Team1 config team1-master-json.conf
147 $ nmcli con add type ethernet con-name Team1-slave1 ifname em1 master Team1
148 $ nmcli con add type ethernet con-name Team1-slave2 ifname em2 master Team1
149 This example demonstrates adding a team master connection profile and
151 two slaves. It is very similar to the bonding example. The first
152 command adds a master team profile, naming the team interface and the
153 profile Team1. The team configuration for the master is read from
154 team1-master-json.conf file. Later, you can change the configuration
155 with modify command (nmcli con modify Team1 team.config
156 team1-master-another-json.conf). The last two commands add slaves
157 profiles, both enslaved to Team1. The first slave will be bound to em1
158 interface, the second to em2. The slaves don't specify config and thus
159 teamd will use its default configuration. You will activate the whole
160 setup by activating both slaves:
161 $ nmcli con up Team1-slave1
163 $ nmcli con up Team1-slave2
164 By default, the created profiles are marked for auto-activation. But if
166 another connection has been activated on the device, the new profile
167 won't activate automatically and you need to activate it manually.
168 Example 8. Adding a bridge and two slave profiles
170 $ nmcli con add type bridge con-name TowerBridge ifname TowerBridge
172 $ nmcli con add type ethernet con-name br-slave-1 ifname ens3 master TowerBridge
173 $ nmcli con add type ethernet con-name br-slave-2 ifname ens4 master TowerBridge
174 $ nmcli con modify TowerBridge bridge.stp no
175 This example demonstrates adding a bridge master connection and two
177 slaves. The first command adds a master bridge connection, naming the
178 bridge interface and the profile as TowerBridge. The next two commands
179 add slaves profiles, both will be enslaved to TowerBridge. The first
180 slave will be tied to ens3 interface, the second to ens4. The last
181 command will disable 802.1D STP for the TowerBridge profile.
182 Example 9. Adding an ethernet connection profile with manual IP
184 configuration
185 $ nmcli con add con-name my-con-em1 ifname em1 type ethernet \
187 ip4 192.168.100.100/24 gw4 192.168.100.1 ip4 1.2.3.4 ip6 abbe::cafe
188 $ nmcli con mod my-con-em1 ipv4.dns "8.8.8.8 8.8.4.4"
189 $ nmcli con mod my-con-em1 +ipv4.dns 1.2.3.4
190 $ nmcli con mod my-con-em1 ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
191 $ nmcli -p con show my-con-em1
192 The first command adds an Ethernet connection profile named my-con-em1
194 that is bound to interface name em1. The profile is configured with
195 static IP addresses. Three addresses are added, two IPv4 addresses and
196 one IPv6. The first IP 192.168.100.100 has a prefix of 24 (netmask
197 equivalent of 255.255.255.0). Gateway entry will become the default
198 route if this profile is activated on em1 interface (and there is no
199 connection with higher priority). The next two addresses do not specify
200 a prefix, so a default prefix will be used, i.e. 32 for IPv4 and 128
201 for IPv6. The second, third and fourth commands modify DNS parameters
202 of the new connection profile. The last con show command displays the
203 profile so that all parameters can be reviewed.
204 Example 10. Convenient field values retrieval for scripting
206 $ nmcli -g ip4.address connection show my-con-eth0
208 192.168.1.12/24
209 $ nmcli -g ip4.address,ip4.dns connection show my-con-eth0
211 192.168.1.12/24
212 192.168.1.1
213 $ nmcli -g ip4 connection show my-con-eth0
215 IP4:192.168.1.12/24:192.168.1.1::192.168.1.1::
216 This example shows retrieval of ip4 connection field values via the
218 --get-values option. Multiple comma separated fields can be provided:
219 they will be printed one per line. If a whole section is provided
220 instead of a single field, the name of the section will be printed
221 followed by all the related field values on the same line. See also
222 --terse, --mode, --fields and --escape options in nmcli(1) manual page
223 for more customized output.
224 Example 11. Adding an Ethernet connection and configuring SR-IOV VFs
226 $ nmcli con add type ethernet con-name EthernetPF ifname em1
228 $ nmcli con modify EthernetPF sriov.total-vfs 3 sriov.autoprobe-drivers false
229 $ nmcli con modify EthernetPF sriov.vfs '0 mac=00:11:22:33:44:55 vlans=10, 1 trust=true spoof-check=false'
230 $ nmcli con modify EthernetPF +sriov.vfs '2 max-tx-rate=20'
231 This example demonstrates adding an Ethernet connection for physical
233 function (PF) ens4 and configuring 3 SR-IOV virtual functions (VFs) on
234 it. The first VF is configured with MAC address 00:11:22:33:44:55 and
235 VLAN 10, the second one has the trust and spoof-check features
236 respectively enabled and disabled. VF number 2 has a maximux
237 transmission rate of 20Mbps. The kernel is instructed to not
238 automatically instantiate a network interface for the VFs.
239 Example 12. Escaping colon characters in tabular mode
241 $ nmcli -t -f general -e yes -m tab dev show eth0
243 GENERAL:eth0:ethernet:Intel Corporation:82567LM Gigabit Network Connection:
244 e1000e:2.1.4-k:1.8-3:00\:22\:68\:15\:29\:21:1500:100 (connected):0 (No reas
245 on given):/sys/devices/pci0000\:00/0000\:00\:19.0/net/eth0:eth0:yes:yes:no:
246 ethernet-13:89cbcbc6-dc85-456c-9c8b-bd828fee3917:/org/freedesktop/NetworkMa
247 nager/ActiveConnection/9
248 This example shows escaping colon characters in tabular mode. It may be
250 useful for script processing, because ':' is used as a field separator.
251 Example 13. nmcli usage in a NetworkManager dispatcher script to make
253 Ethernet and Wi-Fi mutually exclusive
254 #!/bin/bash
256 export LC_ALL=C
257 enable_disable_wifi ()
259 {
260 result=$(nmcli dev | grep "ethernet" | grep -w "connected")
261 if [ -n "$result" ]; then
262 nmcli radio wifi off
263 else
264 nmcli radio wifi on
265 fi
266 }
267 if [ "$2" = "up" ]; then
269 enable_disable_wifi
270 fi
271 if [ "$2" = "down" ]; then
273 enable_disable_wifi
274 fi
275 This dispatcher script makes Wi-Fi mutually exclusive with wired
278 networking. When a wired interface is connected, Wi-Fi will be set to
279 airplane mode (rfkilled). When the wired interface is disconnected,
280 Wi-Fi will be turned back on. Name this script e.g.
281 70-wifi-wired-exclusive.sh and put it into
282 /etc/NetworkManager/dispatcher.d/ directory. See NetworkManager(8)
283 manual page for more information about NetworkManager dispatcher
284 scripts.
285 Example sessions of interactive connection editor
287 Example 14. Adding an ethernet connection profile in interactive editor
289 (a)
290 $ nmcli connection edit type ethernet
292 ===| nmcli interactive connection editor |===
294 Adding a new '802-3-ethernet' connection
296 Type 'help' or '?' for available commands.
298 Type 'describe [<setting>.<prop>]' for detailed property description.
299 You may edit the following settings: connection, 802-3-ethernet (ethernet),
301 802-1x, ipv4, ipv6, dcb
302 nmcli> print
303 ===========================================================================
304 Connection details
305 ===========================================================================
306 connection.id: ethernet-4
307 connection.uuid: de89cdeb-a3e1-4d53-8fa0-c22546c775f4
308 connection.interface-name: --
309 connection.type: 802-3-ethernet
310 connection.autoconnect: yes
311 connection.autoconnect-priority: 0
312 connection.timestamp: 0
313 connection.read-only: no
314 connection.permissions:
315 connection.zone: --
316 connection.master: --
317 connection.slave-type: --
318 connection.secondaries:
319 connection.gateway-ping-timeout: 0
320 ---------------------------------------------------------------------------
321 802-3-ethernet.port: --
322 802-3-ethernet.speed: 0
323 802-3-ethernet.duplex: --
324 802-3-ethernet.auto-negotiate: yes
325 802-3-ethernet.mac-address: --
326 802-3-ethernet.cloned-mac-address: --
327 802-3-ethernet.mac-address-blacklist:
328 802-3-ethernet.mtu: auto
329 802-3-ethernet.s390-subchannels:
330 802-3-ethernet.s390-nettype: --
331 802-3-ethernet.s390-options:
332 ---------------------------------------------------------------------------
333 ipv4.method: auto
334 ipv4.dns:
335 ipv4.dns-search:
336 ipv4.addresses:
337 ipv4.gateway: --
338 ipv4.routes:
339 ipv4.route-metric: -1
340 ipv4.ignore-auto-routes: no
341 ipv4.ignore-auto-dns: no
342 ipv4.dhcp-client-id: --
343 ipv4.dhcp-send-hostname: yes
344 ipv4.dhcp-hostname: --
345 ipv4.never-default: no
346 ipv4.may-fail: yes
347 ---------------------------------------------------------------------------
348 ipv6.method: auto
349 ipv6.dns:
350 ipv6.dns-search:
351 ipv6.addresses:
352 ipv6.gateway: --
353 ipv6.routes:
354 ipv6.route-metric: -1
355 ipv6.ignore-auto-routes: no
356 ipv6.ignore-auto-dns: no
357 ipv6.never-default: no
358 ipv6.may-fail: yes
359 ipv6.ip6-privacy: -1 (unknown)
360 ipv6.dhcp-hostname: --
361 ---------------------------------------------------------------------------
362 nmcli> goto ethernet
363 You may edit the following properties: port, speed, duplex, auto-negotiate,
364 mac-address, cloned-mac-address, mac-address-blacklist, mtu, s390-subchann
365 els, s390-nettype, s390-options
366 nmcli 802-3-ethernet> set mtu 1492
367 nmcli 802-3-ethernet> b
368 nmcli> goto ipv4.addresses
369 nmcli ipv4.addresses> desc
370 === [addresses] ===
372 [NM property description]
373 Array of IP addresses.
374 [nmcli specific description]
376 Enter a list of IPv4 addresses formatted as:
377 ip[/prefix], ip[/prefix],...
378 Missing prefix is regarded as prefix of 32.
379 Example: 192.168.1.5/24, 10.0.0.11/24
381 nmcli ipv4.addresses> set 192.168.1.100/24
383 Do you also want to set 'ipv4.method' to 'manual'? [yes]: yes
384 nmcli ipv4.addresses>
385 nmcli ipv4.addresses> print
386 addresses: 192.168.1.100/24
387 nmcli ipv4.addresses> back
388 nmcli ipv4> b
389 nmcli> set ipv4.gateway 192.168.1.1
390 nmcli> verify
391 Verify connection: OK
392 nmcli> print
393 ===========================================================================
394 Connection details
395 ===========================================================================
396 connection.id: ethernet-4
397 connection.uuid: de89cdeb-a3e1-4d53-8fa0-c22546c775f4
398 connection.interface-name: --
399 connection.type: 802-3-ethernet
400 connection.autoconnect: yes
401 connection.autoconnect-priority: 0
402 connection.timestamp: 0
403 connection.read-only: no
404 connection.permissions:
405 connection.zone: --
406 connection.master: --
407 connection.slave-type: --
408 connection.secondaries:
409 connection.gateway-ping-timeout: 0
410 ---------------------------------------------------------------------------
411 802-3-ethernet.port: --
412 802-3-ethernet.speed: 0
413 802-3-ethernet.duplex: --
414 802-3-ethernet.auto-negotiate: yes
415 802-3-ethernet.mac-address: --
416 802-3-ethernet.cloned-mac-address: --
417 802-3-ethernet.mac-address-blacklist:
418 802-3-ethernet.mtu: 1492
419 802-3-ethernet.s390-subchannels:
420 802-3-ethernet.s390-nettype: --
421 802-3-ethernet.s390-options:
422 ---------------------------------------------------------------------------
423 ipv4.method: manual
424 ipv4.dns:
425 ipv4.dns-search:
426 ipv4.addresses: 192.168.1.100/24
427 ipv4.gateway: 192.168.1.1
428 ipv4.routes:
429 ipv4.route-metric: -1
430 ipv4.ignore-auto-routes: no
431 ipv4.ignore-auto-dns: no
432 ipv4.dhcp-client-id: --
433 ipv4.dhcp-send-hostname: yes
434 ipv4.dhcp-hostname: --
435 ipv4.never-default: no
436 ipv4.may-fail: yes
437 ---------------------------------------------------------------------------
438 ipv6.method: auto
439 ipv6.dns:
440 ipv6.dns-search:
441 ipv6.addresses:
442 ipv6.routes:
443 ipv6.route-metric: -1
444 ipv6.ignore-auto-routes: no
445 ipv6.ignore-auto-dns: no
446 ipv6.never-default: no
447 ipv6.may-fail: yes
448 ipv6.ip6-privacy: -1 (unknown)
449 ipv6.dhcp-hostname: --
450 ---------------------------------------------------------------------------
451 nmcli> set ipv4.dns 8.8.8.8 8.8.4.4
452 nmcli> print
453 ===========================================================================
454 Connection details
455 ===========================================================================
456 connection.id: ethernet-4
457 connection.uuid: de89cdeb-a3e1-4d53-8fa0-c22546c775f4
458 connection.interface-name: --
459 connection.type: 802-3-ethernet
460 connection.autoconnect: yes
461 connection.autoconnect-priority: 0
462 connection.timestamp: 0
463 connection.read-only: no
464 connection.permissions:
465 connection.zone: --
466 connection.master: --
467 connection.slave-type: --
468 connection.secondaries:
469 connection.gateway-ping-timeout: 0
470 ---------------------------------------------------------------------------
471 802-3-ethernet.port: --
472 802-3-ethernet.speed: 0
473 802-3-ethernet.duplex: --
474 802-3-ethernet.auto-negotiate: yes
475 802-3-ethernet.mac-address: --
476 802-3-ethernet.cloned-mac-address: --
477 802-3-ethernet.mac-address-blacklist:
478 802-3-ethernet.mtu: 1492
479 802-3-ethernet.s390-subchannels:
480 802-3-ethernet.s390-nettype: --
481 802-3-ethernet.s390-options:
482 ---------------------------------------------------------------------------
483 ipv4.method: manual
484 ipv4.dns: 8.8.8.8,8.8.4.4
485 ipv4.dns-search:
486 ipv4.addresses: 192.168.1.100/24
487 ipv4.gateway: 192.168.1.1
488 ipv4.routes:
489 ipv4.route-metric: -1
490 ipv4.ignore-auto-routes: no
491 ipv4.ignore-auto-dns: no
492 ipv4.dhcp-client-id: --
493 ipv4.dhcp-send-hostname: yes
494 ipv4.dhcp-hostname: --
495 ipv4.never-default: no
496 ipv4.may-fail: yes
497 ---------------------------------------------------------------------------
498 ipv6.method: auto
499 ipv6.dns:
500 ipv6.dns-search:
501 ipv6.addresses:
502 ipv6.gateway: --
503 ipv6.routes:
504 ipv6.route-metric: -1
505 ipv6.ignore-auto-routes: no
506 ipv6.ignore-auto-dns: no
507 ipv6.never-default: no
508 ipv6.may-fail: yes
509 ipv6.ip6-privacy: -1 (unknown)
510 ipv6.dhcp-hostname: --
511 ---------------------------------------------------------------------------
512 nmcli> verify
513 Verify connection: OK
514 nmcli> save
515 Connection 'ethernet-4' (de89cdeb-a3e1-4d53-8fa0-c22546c775f4) successfully
516 saved.
517 nmcli> quit
518 Example session in the nmcli interactive connection editor. The
520 scenario creates an Ethernet connection profile with static addressing
521 (IPs and DNS).
522
524 nmcli(1), NetworkManager(8), NetworkManager.conf(5), nm-settings(5),
525 nm-online(1), nm-applet(1), nm-connection-editor(1)
526NetworkManager 1.14.0 NMCLI-EXAMPLES(7)