1NMCLI(1) General Commands Manual NMCLI(1)
2
3
4
6 nmcli - command-line tool for controlling NetworkManager
7
9 nmcli [OPTIONS...] {help | general | networking | radio | connection |
10 device | agent | monitor} [COMMAND] [ARGUMENTS...]
11
13 nmcli is a command-line tool for controlling NetworkManager and
14 reporting network status. It can be utilized as a replacement for
15 nm-applet or other graphical clients. nmcli is used to create,
16 display, edit, delete, activate, and deactivate network connections, as
17 well as control and display network device status. See nmcli-
18 examples(7) for ready to run nmcli examples.
19
20 Typical uses include:
21
22 · Scripts: Utilize NetworkManager via nmcli instead of managing
23 network connections manually. nmcli supports a terse output format
24 which is better suited for script processing. Note that
25 NetworkManager can also execute scripts, called "dispatcher
26 scripts", in response to network events. See NetworkManager(8) for
27 details about these dispatcher scripts.
28
29 · Servers, headless machines, and terminals: nmcli can be used to
30 control NetworkManager without a GUI, including creating, editing,
31 starting and stopping network connections and viewing network
32 status.
33
35 -a | --ask
36 When using this option nmcli will stop and ask for any missing
37 required arguments, so do not use this option for non-interactive
38 purposes like scripts. This option controls, for example, whether
39 you will be prompted for a password if it is required for
40 connecting to a network.
41
42 -c | --colors {yes | no | auto}
43 This option controls color output (using terminal escape
44 sequences). yes enables colors, no disables them, auto only
45 produces colors when standard output is directed to a terminal. The
46 default value is auto.
47
48 The actual colors used are configured as described in terminal-
49 colors.d(5). Please refer to the COLORS section for a list of color
50 names supported by nmcli.
51
52 If the environment variable NO_COLOR is set (to any value), then
53 coloring is disabled with mode "auto". Explicitly enabling coloring
54 overrides the environment variable.
55
56 --complete-args
57 Instead of conducting the desired action, nmcli will list possible
58 completions for the last argument. This is useful to implement
59 argument completion in shell.
60
61 The exit status will indicate success or return a code 65 to
62 indicate the last argument is a file name.
63
64 NetworkManager ships with command completion support for GNU Bash.
65
66 -e | --escape {yes | no}
67 Whether to escape : and \ characters in terse tabular mode. The
68 escape character is \.
69
70 If omitted, default is yes.
71
72 -f | --fields {field1,field2... | all | common}
73 This option is used to specify what fields (column names) should be
74 printed. Valid field names differ for specific commands. List
75 available fields by providing an invalid value to the --fields
76 option. all is used to print all valid field values of the
77 command. common is used to print common field values of the
78 command.
79
80 If omitted, default is common.
81
82 -g | --get-values {field1,field2... | all | common}
83 This option is used to print values from specific fields. It is
84 basically a shortcut for --mode tabular --terse --fields and is a
85 convenient way to retrieve values for particular fields. The values
86 are printed one per line without headers.
87
88 If a section is specified instead of a field, the section name will
89 be printed followed by colon separated values of the fields
90 belonging to that section, all on the same line.
91
92 -h | --help
93 Print help information.
94
95 -m | --mode {tabular | multiline}
96 Switch between tabular and multiline output:
97
98 tabular
99 Output is a table where each line describes a single entry.
100 Columns define particular properties of the entry.
101
102 multiline
103 Each entry comprises multiple lines, each property on its own
104 line. The values are prefixed with the property name.
105
106 If omitted, default is tabular for most commands. For the commands
107 producing more structured information, that cannot be displayed on
108 a single line, default is multiline. Currently, they are:
109
110 · nmcli connection show ID
111
112 · nmcli device show
113
114 -p | --pretty
115 Output is pretty. This causes nmcli to produce easily readable
116 outputs for humans, i.e. values are aligned, headers are printed,
117 etc.
118
119 -s | --show-secrets
120 When using this option nmcli will display passwords and secrets
121 that might be present in an output of an operation. This option
122 also influences echoing passwords typed by user as an input.
123
124 -t | --terse
125 Output is terse. This mode is designed and suitable for computer
126 (script) processing.
127
128 -v | --version
129 Show nmcli version.
130
131 -w | --wait seconds
132 This option sets a timeout period for which nmcli will wait for
133 NetworkManager to finish operations. It is especially useful for
134 commands that may take a longer time to complete, e.g. connection
135 activation.
136
137 Specifying a value of 0 instructs nmcli not to wait but to exit
138 immediately with a status of success. The default value depends on
139 the executed command.
140
142 nmcli general {status | hostname | permissions | logging}
143 [ARGUMENTS...]
144
145 Use this command to show NetworkManager status and permissions. You can
146 also get and change system hostname, as well as NetworkManager logging
147 level and domains.
148
149 status
150 Show overall status of NetworkManager. This is the default action,
151 when no additional command is provided for nmcli general.
152
153 hostname [hostname]
154 Get and change system hostname. With no arguments, this prints
155 currently configured hostname. When you pass a hostname, it will be
156 handed over to NetworkManager to be set as a new system hostname.
157
158 Note that the term "system" hostname may also be referred to as
159 "persistent" or "static" by other programs or tools. The hostname
160 is stored in /etc/hostname file in most distributions. For example,
161 systemd-hostnamed service uses the term "static" hostname and it
162 only reads the /etc/hostname file when it starts.
163
164 permissions
165 Show the permissions a caller has for various authenticated
166 operations that NetworkManager provides, like enable and disable
167 networking, changing Wi-Fi and WWAN state, modifying connections,
168 etc.
169
170 logging [level level] [domains domains...]
171 Get and change NetworkManager logging level and domains. Without
172 any argument current logging level and domains are shown. In order
173 to change logging state, provide level and, or, domain parameters.
174 See NetworkManager.conf(5) for available level and domain values.
175
177 nmcli networking {on | off | connectivity} [ARGUMENTS...]
178
179 Query NetworkManager networking status, enable and disable networking.
180
181 on, off
182 Enable or disable networking control by NetworkManager. All
183 interfaces managed by NetworkManager are deactivated when
184 networking is disabled.
185
186 connectivity [check]
187 Get network connectivity state. The optional check argument tells
188 NetworkManager to re-check the connectivity, else the most recent
189 known connectivity state is displayed without re-checking.
190
191 Possible states are:
192
193 none
194 the host is not connected to any network.
195
196 portal
197 the host is behind a captive portal and cannot reach the full
198 Internet.
199
200 limited
201 the host is connected to a network, but it has no access to the
202 Internet.
203
204 full
205 the host is connected to a network and has full access to the
206 Internet.
207
208 unknown
209 the connectivity status cannot be found out.
210
212 nmcli radio {all | wifi | wwan} [ARGUMENTS...]
213
214 Show radio switches status, or enable and disable the switches.
215
216 wifi [on | off]
217 Show or set status of Wi-Fi in NetworkManager. If no arguments are
218 supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables
219 Wi-Fi.
220
221 wwan [on | off]
222 Show or set status of WWAN (mobile broadband) in NetworkManager. If
223 no arguments are supplied, mobile broadband status is printed; on
224 enables mobile broadband, off disables it.
225
226 all [on | off]
227 Show or set all previously mentioned radio switches at the same
228 time.
229
231 nmcli monitor
232
233 Observe NetworkManager activity. Watches for changes in connectivity
234 state, devices or connection profiles.
235
236 See also nmcli connection monitor and nmcli device monitor to watch for
237 changes in certain devices or connections.
238
240 nmcli connection {show | up | down | modify | add | edit | clone |
241 delete | monitor | reload | load | import | export}
242 [ARGUMENTS...]
243
244 NetworkManager stores all network configuration as "connections", which
245 are collections of data (Layer2 details, IP addressing, etc.) that
246 describe how to create or connect to a network. A connection is
247 "active" when a device uses that connection's configuration to create
248 or connect to a network. There may be multiple connections that apply
249 to a device, but only one of them can be active on that device at any
250 given time. The additional connections can be used to allow quick
251 switching between different networks and configurations.
252
253 Consider a machine which is usually connected to a DHCP-enabled
254 network, but sometimes connected to a testing network which uses static
255 IP addressing. Instead of manually reconfiguring eth0 each time the
256 network is changed, the settings can be saved as two connections which
257 both apply to eth0, one for DHCP (called default) and one with the
258 static addressing details (called testing). When connected to the
259 DHCP-enabled network the user would run nmcli con up default , and when
260 connected to the static network the user would run nmcli con up
261 testing.
262
263 show [--active] [--order [+-]category:...]
264 List in-memory and on-disk connection profiles, some of which may
265 also be active if a device is using that connection profile.
266 Without a parameter, all profiles are listed. When --active option
267 is specified, only the active profiles are shown.
268
269 The --order option can be used to get custom ordering of
270 connections. The connections can be ordered by active status
271 (active), name (name), type (type) or D-Bus path (path). If
272 connections are equal according to a sort order category, an
273 additional category can be specified. The default sorting order is
274 equivalent to --order active:name:path. + or no prefix means
275 sorting in ascending order (alphabetically or in numbers), - means
276 reverse (descending) order. The category names can be abbreviated
277 (e.g. --order -a:na).
278
279 show [--active] [id | uuid | path | apath] ID...
280 Show details for specified connections. By default, both static
281 configuration and active connection data are displayed. When
282 --active option is specified, only the active profiles are taken
283 into account. Use global --show-secrets option to display secrets
284 associated with the profile.
285
286 id, uuid, path and apath keywords can be used if ID is ambiguous.
287 Optional ID-specifying keywords are:
288
289 id
290 the ID denotes a connection name.
291
292 uuid
293 the ID denotes a connection UUID.
294
295 path
296 the ID denotes a D-Bus static connection path in the format of
297 /org/freedesktop/NetworkManager/Settings/num or just num.
298
299 apath
300 the ID denotes a D-Bus active connection path in the format of
301 /org/freedesktop/NetworkManager/ActiveConnection/num or just
302 num.
303
304 It is possible to filter the output using the global --fields
305 option. Use the following values:
306
307 profile
308 only shows static profile configuration.
309
310 active
311 only shows active connection data (when the profile is active).
312
313 You can also specify particular fields. For static configuration,
314 use setting and property names as described in nm-settings-nmcli(5)
315 manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6,
316 VPN.
317
318 When no command is given to the nmcli connection, the default
319 action is nmcli connection show.
320
321 up [id | uuid | path] ID [ifname ifname] [ap BSSID] [passwd-file file]
322 Activate a connection. The connection is identified by its name,
323 UUID or D-Bus path. If ID is ambiguous, a keyword id, uuid or path
324 can be used. When requiring a particular device to activate the
325 connection on, the ifname option with interface name should be
326 given. If the ID is not given an ifname is required, and
327 NetworkManager will activate the best available connection for the
328 given ifname. In case of a VPN connection, the ifname option
329 specifies the device of the base connection. The ap option specify
330 what particular AP should be used in case of a Wi-Fi connection.
331
332 If --wait option is not specified, the default timeout will be 90
333 seconds.
334
335 See connection show above for the description of the ID-specifying
336 keywords.
337
338 Available options are:
339
340 ifname
341 interface that will be used for activation.
342
343 ap
344 BSSID of the AP which the command should connect to (for Wi-Fi
345 connections).
346
347 passwd-file
348 some networks may require credentials during activation. You
349 can give these credentials using this option. Each line of the
350 file should contain one password in the form:
351
352 setting_name.property_name:the password
353
354 For example, for WPA Wi-Fi with PSK, the line would be
355
356 802-11-wireless-security.psk:secret12345
357
358 For 802.1X password, the line would be
359
360 802-1x.password:my 1X password
361
362
363 nmcli also accepts wifi-sec and wifi strings instead of
364 802-11-wireless-security. When NetworkManager requires a
365 password and it is not given, nmcli will ask for it when run
366 with --ask. If --ask was not passed, NetworkManager can ask
367 another secret agent that may be running (typically a GUI
368 secret agent, such as nm-applet or gnome-shell).
369
370 down [id | uuid | path | apath] ID...
371 Deactivate a connection from a device without preventing the device
372 from further auto-activation. Multiple connections can be passed to
373 the command.
374
375 Be aware that this command deactivates the specified active
376 connection, but the device on which the connection was active, is
377 still ready to connect and will perform auto-activation by looking
378 for a suitable connection that has the 'autoconnect' flag set. Note
379 that the deactivating connection profile is internally blocked from
380 autoconnecting again. Hence it will not autoconnect until reboot or
381 until the user performs an action that unblocks autoconnect, like
382 modifying the profile or explicitly activating it.
383
384 In most cases you may want to use device disconnect command
385 instead.
386
387 The connection is identified by its name, UUID or D-Bus path. If ID
388 is ambiguous, a keyword id, uuid, path or apath can be used.
389
390 See connection show above for the description of the ID-specifying
391 keywords.
392
393 If --wait option is not specified, the default timeout will be 10
394 seconds.
395
396 modify [--temporary] [id | uuid | path] ID
397 {option value | [+|-]setting.property value}...
398 Add, modify or remove properties in the connection profile.
399
400 To set the property just specify the property name followed by the
401 value. An empty value ("") resets the property value to the
402 default.
403
404 See nm-settings-nmcli(5) for complete reference of setting and
405 property names, their descriptions and default values. The setting
406 and property can be abbreviated provided they are unique.
407
408 If you want to append an item or a flag to the existing value, use
409 + prefix for the property name or alias. If you want to remove
410 items from a container-type or flag property, use - prefix. For
411 certain properties you can also remove elements by specifying the
412 zero-based index(es). The + and - modifiers only have a real effect
413 for properties that support them. These are for example multi-value
414 (container) properties or flags like ipv4.dns, ip4, ipv4.addresses,
415 bond.options, 802-1x.phase1-auth-flags etc.
416
417 The connection is identified by its name, UUID or D-Bus path. If ID
418 is ambiguous, a keyword id, uuid or path can be used.
419
420 modify [--temporary] [id | uuid | path] ID remove setting
421 Removes a setting from the connection profile.
422
423 add [save {yes | no}] {option value | [+|-]setting.property value}...
424 Create a new connection using specified properties.
425
426 You need to describe the newly created connections with the
427 property and value pairs. See nm-settings-nmcli(5) for the complete
428 reference. The syntax is the same as of the nmcli connection modify
429 command.
430
431 To construct a meaningful connection you at the very least need to
432 set the connection.type property (or use the type alias) to one of
433 known NetworkManager connection types:
434
435 · ethernet
436
437 · wifi
438
439 · wimax
440
441 · pppoe
442
443 · gsm
444
445 · cdma
446
447 · infiniband
448
449 · bluetooth
450
451 · vlan
452
453 · bond
454
455 · bond-slave
456
457 · team
458
459 · team-slave
460
461 · bridge
462
463 · bridge-slave
464
465 · vpn
466
467 · olpc-mesh
468
469 · adsl
470
471 · tun
472
473 · ip-tunnel
474
475 · macvlan
476
477 · vxlan
478
479 · dummy
480
481 The most typical uses are described in the EXAMPLES section.
482
483 Aside from the properties and values two special options are
484 accepted:
485
486 save
487 Controls whether the connection should be persistent, i.e.
488 NetworkManager should store it on disk (default: yes).
489
490 --
491 If a single -- argument is encountered it is ignored. This is
492 for compatibility with older versions on nmcli.
493
494 edit {[id | uuid | path] ID | [type type] [con-name name] }
495 Edit an existing connection or add a new one, using an interactive
496 editor.
497
498 The existing connection is identified by its name, UUID or D-Bus
499 path. If ID is ambiguous, a keyword id, uuid, or path can be used.
500 See connection show above for the description of the ID-specifying
501 keywords. Not providing an ID means that a new connection will be
502 added.
503
504 The interactive editor will guide you through the connection
505 editing and allow you to change connection parameters according to
506 your needs by means of a simple menu-driven interface. The editor
507 indicates what settings and properties can be modified and provides
508 in-line help.
509
510 Available options:
511
512 type
513 type of the new connection; valid types are the same as for
514 connection add command.
515
516 con-name
517 name for the new connection. It can be changed later in the
518 editor.
519
520 See also nm-settings-nmcli(5) for all NetworkManager settings and
521 property names, and their descriptions; and nmcli-examples(7) for
522 sample editor sessions.
523
524 clone [--temporary] [id | uuid | path] ID new_name
525 Clone a connection. The connection to be cloned is identified by
526 its name, UUID or D-Bus path. If ID is ambiguous, a keyword id,
527 uuid or path can be used. See connection show above for the
528 description of the ID-specifying keywords. new_name is the name of
529 the new cloned connection. The new connection will be the exact
530 copy except the connection.id (new_name) and connection.uuid
531 (generated) properties.
532
533 The new connection profile will be saved as persistent unless
534 --temporary option is specified, in which case the new profile
535 won't exist after NetworkManager restart.
536
537 delete [id | uuid | path] ID...
538 Delete a configured connection. The connection to be deleted is
539 identified by its name, UUID or D-Bus path. If ID is ambiguous, a
540 keyword id, uuid or path can be used. See connection show above for
541 the description of the ID-specifying keywords.
542
543 If --wait option is not specified, the default timeout will be 10
544 seconds.
545
546 monitor [id | uuid | path] ID...
547 Monitor connection profile activity. This command prints a line
548 whenever the specified connection changes. The connection to be
549 monitored is identified by its name, UUID or D-Bus path. If ID is
550 ambiguous, a keyword id, uuid or path can be used. See connection
551 show above for the description of the ID-specifying keywords.
552
553 Monitors all connection profiles in case none is specified. The
554 command terminates when all monitored connections disappear. If you
555 want to monitor connection creation consider using the global
556 monitor with nmcli monitor command.
557
558 reload
559 Reload all connection files from disk. NetworkManager does not
560 monitor changes to connection. So you need to use this command in
561 order to tell NetworkManager to re-read the connection profiles
562 from disk when a change was made to them.
563
564 load filename...
565 Load/reload one or more connection files from disk. Use this after
566 manually editing a connection file to ensure that NetworkManager is
567 aware of its latest state.
568
569 import [--temporary] type type file file
570 Import an external/foreign configuration as a NetworkManager
571 connection profile. The type of the input file is specified by type
572 option.
573
574 Only VPN configurations are supported at the moment. The
575 configuration is imported by NetworkManager VPN plugins. type
576 values are the same as for vpn-type option in nmcli connection add.
577 VPN configurations are imported by VPN plugins. Therefore the
578 proper VPN plugin has to be installed so that nmcli could import
579 the data.
580
581 The imported connection profile will be saved as persistent unless
582 --temporary option is specified, in which case the new profile
583 won't exist after NetworkManager restart.
584
585 export [id | uuid | path] ID [file]
586 Export a connection.
587
588 Only VPN connections are supported at the moment. A proper VPN
589 plugin has to be installed so that nmcli could export a connection.
590 If no file is provided, the VPN configuration data will be printed
591 to standard output.
592
594 nmcli device {status | show | set | connect | reapply | modify |
595 disconnect | delete | monitor | wifi | lldp}
596 [ARGUMENTS...]
597
598 Show and manage network interfaces.
599
600 status
601 Print status of devices.
602
603 This is the default action if no command is specified to nmcli
604 device.
605
606 show [ifname]
607 Show detailed information about devices. Without an argument, all
608 devices are examined. To get information for a specific device, the
609 interface name has to be provided.
610
611 set [ifname] ifname [autoconnect {yes | no}] [managed {yes | no}]
612 Set device properties.
613
614 connect ifname
615 Connect the device. NetworkManager will try to find a suitable
616 connection that will be activated. It will also consider
617 connections that are not set to auto connect.
618
619 If no compatible connection exists, a new profile with default
620 settings will be created and activated. This differentiates nmcli
621 connection up ifname "$DEVICE" from nmcli device connect "$DEVICE"
622
623 If --wait option is not specified, the default timeout will be 90
624 seconds.
625
626 reapply ifname
627 Attempt to update device with changes to the currently active
628 connection made since it was last applied.
629
630 modify ifname {option value | [+|-]setting.property value}...
631 Modify the settings currently active on the device.
632
633 This command lets you do temporary changes to a configuration
634 active on a particular device. The changes are not preserved in the
635 connection profile.
636
637 See nm-settings-nmcli(5) for the list of available properties.
638 Please note that some properties can't be changed on an already
639 connected device.
640
641 disconnect ifname...
642 Disconnect a device and prevent the device from automatically
643 activating further connections without user/manual intervention.
644 Note that disconnecting software devices may mean that the devices
645 will disappear.
646
647 If --wait option is not specified, the default timeout will be 10
648 seconds.
649
650 delete ifname...
651 Delete a device. The command removes the interface from the system.
652 Note that this only works for software devices like bonds, bridges,
653 teams, etc. Hardware devices (like Ethernet) cannot be deleted by
654 the command.
655
656 If --wait option is not specified, the default timeout will be 10
657 seconds.
658
659 monitor [ifname...]
660 Monitor device activity. This command prints a line whenever the
661 specified devices change state.
662
663 Monitors all devices in case no interface is specified. The monitor
664 terminates when all specified devices disappear. If you want to
665 monitor device addition consider using the global monitor with
666 nmcli monitor command.
667
668 wifi [list [--rescan | auto | no | yes] [ifname ifname] [bssid BSSID]]
669 List available Wi-Fi access points. The ifname and bssid options
670 can be used to list APs for a particular interface or with a
671 specific BSSID, respectively.
672
673 By default, nmcli ensures that the access point list is no older
674 than 30 seconds and triggers a network scan if necessary. The
675 --rescan can be used to either force or disable the scan regardless
676 of how fresh the access point list is.
677
678 wifi connect (B)SSID [password password] [wep-key-type {key | phrase}]
679 [ifname ifname] [bssid BSSID] [name name] [private {yes | no}]
680 [hidden {yes | no}]
681 Connect to a Wi-Fi network specified by SSID or BSSID. The command
682 finds a matching connection or creates one and then activates it on
683 a device. This is a command-line counterpart of clicking an SSID in
684 a GUI client. If a connection for the network already exists, it is
685 possible to bring up (activate) the existing profile as follows:
686 nmcli con up id name. Note that only open, WEP and WPA-PSK networks
687 are supported if no previous connection exists. It is also assumed
688 that IP configuration is obtained via DHCP.
689
690 If --wait option is not specified, the default timeout will be 90
691 seconds.
692
693 Available options are:
694
695 password
696 password for secured networks (WEP or WPA).
697
698 wep-key-type
699 type of WEP secret, either key for ASCII/HEX key or phrase for
700 passphrase.
701
702 ifname
703 interface that will be used for activation.
704
705 bssid
706 if specified, the created connection will be restricted just
707 for the BSSID.
708
709 name
710 if specified, the connection will use the name (else NM creates
711 a name itself).
712
713 private
714 if set to yes, the connection will only be visible to the user
715 who created it. Otherwise the connection is system-wide, which
716 is the default.
717
718 hidden
719 set to yes when connecting for the first time to an AP not
720 broadcasting its SSID. Otherwise the SSID would not be found
721 and the connection attempt would fail.
722
723 wifi hotspot [ifname ifname] [con-name name] [ssid SSID]
724 [band {a | bg}] [channel channel] [password password]
725 Create a Wi-Fi hotspot. The command creates a hotspot connection
726 profile according to Wi-Fi device capabilities and activates it on
727 the device. The hotspot is secured with WPA if device/driver
728 supports that, otherwise WEP is used. Use connection down or device
729 disconnect to stop the hotspot.
730
731 Parameters of the hotspot can be influenced by the optional
732 parameters:
733
734 ifname
735 what Wi-Fi device is used.
736
737 con-name
738 name of the created hotspot connection profile.
739
740 ssid
741 SSID of the hotspot.
742
743 band
744 Wi-Fi band to use.
745
746 channel
747 Wi-Fi channel to use.
748
749 password
750 password to use for the created hotspot. If not provided, nmcli
751 will generate a password. The password is either WPA pre-shared
752 key or WEP key.
753
754 Note that --show-secrets global option can be used to print the
755 hotspot password. It is useful especially when the password was
756 generated.
757
758 wifi rescan [ifname ifname] [ssid SSID...]
759 Request that NetworkManager immediately re-scan for available
760 access points. NetworkManager scans Wi-Fi networks periodically,
761 but in some cases it can be useful to start scanning manually (e.g.
762 after resuming the computer). By using ssid, it is possible to scan
763 for a specific SSID, which is useful for APs with hidden SSIDs. You
764 can provide multiple ssid parameters in order to scan more SSIDs.
765
766 This command does not show the APs, use nmcli device wifi list for
767 that.
768
769 wifi show-password [ifname ifname]
770 Show the details of the active Wi-Fi networks, including the
771 secrets.
772
773 lldp [list [ifname ifname]]
774 Display information about neighboring devices learned through the
775 Link Layer Discovery Protocol (LLDP). The ifname option can be used
776 to list neighbors only for a given interface. The protocol must be
777 enabled in the connection settings.
778
780 nmcli agent {secret | polkit | all}
781
782 Run nmcli as a NetworkManager secret agent, or polkit agent.
783
784 secret
785 Register nmcli as a NetworkManager secret agent and listen for
786 secret requests. You do usually not need this command, because
787 nmcli can handle secrets when connecting to networks. However, you
788 may find the command useful when you use another tool for
789 activating connections and you do not have a secret agent available
790 (like nm-applet).
791
792 polkit
793 Register nmcli as a polkit agent for the user session and listen
794 for authorization requests. You do not usually need this command,
795 because nmcli can handle polkit actions related to NetworkManager
796 operations (when run with --ask). However, you may find the command
797 useful when you want to run a simple text based polkit agent and
798 you do not have an agent of a desktop environment. Note that
799 running this command makes nmcli handle all polkit requests, not
800 only NetworkManager related ones, because only one polkit agent can
801 run for the session.
802
803 all
804 Runs nmcli as both NetworkManager secret and a polkit agent.
805
807 Implicit coloring can be disabled by an empty file
808 /etc/terminal-colors.d/nmcli.disable.
809
810 See terminal-colors.d(5) for more details about colorization
811 configuration. The logical color names supported by nmcli are:
812
813 connection-activated
814 A connection that is active.
815
816 connection-activating
817 Connection that is being activated.
818
819 connection-disconnecting
820 Connection that is being disconnected.
821
822 connection-invisible
823 Connection whose details is the user not permitted to see.
824
825 connectivity-full
826 Conectivity state when Internet is reachable.
827
828 connectivity-limited
829 Conectivity state when only a local network reachable.
830
831 connectivity-none
832 Conectivity state when the network is disconnected.
833
834 connectivity-portal
835 Conectivity state when a captive portal hijacked the connection.
836
837 connectivity-unknown
838 Conectivity state when a connectivity check didn't run.
839
840 device-activated
841 Device that is connected.
842
843 device-activating
844 Device that is being configured.
845
846 device-disconnected
847 Device that is not connected.
848
849 device-firmware-missing
850 Warning of a missing device firmware.
851
852 device-plugin-missing
853 Warning of a missing device plugin.
854
855 device-unavailable
856 Device that is not available for activation.
857
858 device-disabled
859 Device is disabled by software or hardware kill switch.
860
861 manager-running
862 Notice that the NetworkManager daemon is available.
863
864 manager-starting
865 Notice that the NetworkManager daemon is being initially connected.
866
867 manager-stopped
868 Notice that the NetworkManager daemon is not available.
869
870 permission-auth
871 An action that requires user authentication to get permission.
872
873 permission-no
874 An action that is not permitted.
875
876 permission-yes
877 An action that is permitted.
878
879 prompt
880 Prompt in interactive mode.
881
882 state-asleep
883 Indication that NetworkManager in suspended state.
884
885 state-connected-global
886 Indication that NetworkManager in connected to Internet.
887
888 state-connected-local
889 Indication that NetworkManager in local network.
890
891 state-connected-site
892 Indication that NetworkManager in connected to networks other than
893 Internet.
894
895 state-connecting
896 Indication that NetworkManager is establishing a network
897 connection.
898
899 state-disconnected
900 Indication that NetworkManager is disconnected from a network.
901
902 state-disconnecting
903 Indication that NetworkManager is being disconnected from a
904 network.
905
906 wifi-signal-excellent
907 Wi-Fi network with an excellent signal level.
908
909 wifi-signal-fair
910 Wi-Fi network with a fair signal level.
911
912 wifi-signal-good
913 Wi-Fi network with a good signal level.
914
915 wifi-signal-poor
916 Wi-Fi network with a poor signal level.
917
918 wifi-signal-unknown
919 Wi-Fi network that hasn't been actually seen (a hidden AP).
920
921 disabled
922 A property that is turned off.
923
924 enabled
925 A property that is turned on.
926
928 nmcli's behavior is affected by the following environment variables.
929
930 LC_ALL
931 If set to a non-empty string value, it overrides the values of all
932 the other internationalization variables.
933
934 LC_MESSAGES
935 Determines the locale to be used for internationalized messages.
936
937 LANG
938 Provides a default value for the internationalization variables
939 that are unset or null.
940
942 Be aware that nmcli is localized and that is why the output depends on
943 your environment. This is important to realize especially when you
944 parse the output.
945
946 Call nmcli as LC_ALL=C nmcli to be sure the locale is set to C while
947 executing in a script.
948
949 LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale
950 category (in that order), which determines the language that nmcli uses
951 for messages. The C locale is used if none of these variables are set,
952 and this locale uses English messages.
953
955 nmcli exits with status 0 if it succeeds, a value greater than 0 is
956 returned if an error occurs.
957
958 0
959 Success – indicates the operation succeeded.
960
961 1
962 Unknown or unspecified error.
963
964 2
965 Invalid user input, wrong nmcli invocation.
966
967 3
968 Timeout expired (see --wait option).
969
970 4
971 Connection activation failed.
972
973 5
974 Connection deactivation failed.
975
976 6
977 Disconnecting device failed.
978
979 7
980 Connection deletion failed.
981
982 8
983 NetworkManager is not running.
984
985 10
986 Connection, device, or access point does not exist.
987
988 65
989 When used with --complete-args option, a file name is expected to
990 follow.
991
993 This section presents various examples of nmcli usage. If you want even
994 more, please refer to nmcli-examples(7) manual page.
995
996 nmcli -t -f RUNNING general
997 tells you whether NetworkManager is running or not.
998
999 nmcli -t -f STATE general
1000 shows the overall status of NetworkManager.
1001
1002 nmcli radio wifi off
1003 switches Wi-Fi off.
1004
1005 nmcli connection show
1006 lists all connections NetworkManager has.
1007
1008 nmcli -p -m multiline -f all con show
1009 shows all configured connections in multi-line mode.
1010
1011 nmcli connection show --active
1012 lists all currently active connections.
1013
1014 nmcli -f name,autoconnect c s
1015 shows all connection profile names and their auto-connect property.
1016
1017 nmcli -p connection show "My default em1"
1018 shows details for "My default em1" connection profile.
1019
1020 nmcli --show-secrets connection show "My Home Wi-Fi"
1021 shows details for "My Home Wi-Fi" connection profile with all
1022 passwords. Without --show-secrets option, secrets would not be
1023 displayed.
1024
1025 nmcli -f active connection show "My default em1"
1026 shows details for "My default em1" active connection, like IP, DHCP
1027 information, etc.
1028
1029 nmcli -f profile con s "My wired connection"
1030 shows static configuration details of the connection profile with
1031 "My wired connection" name.
1032
1033 nmcli -p con up "My wired connection" ifname eth0
1034 activates the connection profile with name "My wired connection" on
1035 interface eth0. The -p option makes nmcli show progress of the
1036 activation.
1037
1038 nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
1039 connects the Wi-Fi connection with UUID
1040 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
1041 00:3A:98:7C:42:D3.
1042
1043 nmcli device status
1044 shows the status for all devices.
1045
1046 nmcli dev disconnect em2
1047 disconnects a connection on interface em2 and marks the device as
1048 unavailable for auto-connecting. As a result, no connection will
1049 automatically be activated on the device until the device's
1050 'autoconnect' is set to TRUE or the user manually activates a
1051 connection.
1052
1053 nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
1054 shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
1055 sections will be shown.
1056
1057 nmcli -f CONNECTIONS device show wlp3s0
1058 shows all available connection profiles for your Wi-Fi interface
1059 wlp3s0.
1060
1061 nmcli dev wifi
1062 lists available Wi-Fi access points known to NetworkManager.
1063
1064 nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
1065 creates a new connection named "My cafe" and then connects it to
1066 "Cafe Hotspot 1" SSID using password "caffeine". This is mainly
1067 useful when connecting to "Cafe Hotspot 1" for the first time. Next
1068 time, it is better to use nmcli con up id "My cafe" so that the
1069 existing connection profile can be used and no additional is
1070 created.
1071
1072 nmcli -s dev wifi hotspot con-name QuickHotspot
1073 creates a hotspot profile and connects it. Prints the hotspot
1074 password the user should use to connect to the hotspot from other
1075 devices.
1076
1077 nmcli dev modify em1 ipv4.method shared
1078 starts IPv4 connection sharing using em1 device. The sharing will
1079 be active until the device is disconnected.
1080
1081 nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de
1082 temporarily adds an IP address to a device. The address will be
1083 removed when the same connection is activated again.
1084
1085 nmcli connection add type ethernet autoconnect no ifname eth0
1086 non-interactively adds an Ethernet connection tied to eth0
1087 interface with automatic IP configuration (DHCP), and disables the
1088 connection's autoconnect flag.
1089
1090 nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
1091 non-interactively adds a VLAN connection with ID 55. The connection
1092 will use eth0 and the VLAN interface will be named Maxipes-fik.
1093
1094 nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method
1095 link-local
1096 non-interactively adds a connection that will use eth0 Ethernet
1097 interface and only have an IPv6 link-local address configured.
1098
1099 nmcli connection edit ethernet-em1-2
1100 edits existing "ethernet-em1-2" connection in the interactive
1101 editor.
1102
1103 nmcli connection edit type ethernet con-name "yet another Ethernet
1104 connection"
1105 adds a new Ethernet connection in the interactive editor.
1106
1107 nmcli con mod ethernet-2 connection.autoconnect no
1108 modifies 'autoconnect' property in the 'connection' setting of
1109 'ethernet-2' connection.
1110
1111 nmcli con mod "Home Wi-Fi" wifi.mtu 1350
1112 modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
1113 connection.
1114
1115 nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
1116 192.168.1.1, 10.10.1.5/8, 10.0.0.11"
1117 sets manual addressing and the addresses in em1-1 profile.
1118
1119 nmcli con modify ABC +ipv4.dns 8.8.8.8
1120 appends a Google public DNS server to DNS servers in ABC profile.
1121
1122 nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
1123 removes the specified IP address from (static) profile ABC.
1124
1125 nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn
1126 imports an OpenVPN configuration to NetworkManager.
1127
1128 nmcli con export corp-vpnc /home/joe/corpvpn.conf
1129 exports NetworkManager VPN profile corp-vpnc as standard Cisco
1130 (vpnc) configuration.
1131
1133 nmcli accepts abbreviations, as long as they are a unique prefix in the
1134 set of possible options. As new options get added, these abbreviations
1135 are not guaranteed to stay unique. For scripting and long term
1136 compatibility it is therefore strongly advised to spell out the full
1137 option names.
1138
1140 There are probably some bugs. If you find a bug, please report it to
1141 your distribution or upstream at
1142 https://gitlab.freedesktop.org/NetworkManager/NetworkManager.
1143
1145 nmcli-examples(7), nm-settings-nmcli(5), nm-online(1),
1146 NetworkManager(8), NetworkManager.conf(5), nm-applet(1), nm-connection-
1147 editor(1), terminal-colors.d(5).
1148
1149
1150
1151NetworkManager 1.26.6 NMCLI(1)