1NMCLI(1)                    General Commands Manual                   NMCLI(1)
2
3
4

NAME

6       nmcli - command-line tool for controlling NetworkManager
7

SYNOPSIS

9       nmcli [OPTIONS...] {help | general | networking | radio | connection |
10             device | agent | monitor} [COMMAND] [ARGUMENTS...]
11

DESCRIPTION

13       nmcli is a command-line tool for controlling NetworkManager and
14       reporting network status. It can be utilized as a replacement for
15       nm-applet or other graphical clients.  nmcli is used to create,
16       display, edit, delete, activate, and deactivate network connections, as
17       well as control and display network device status. See nmcli-
18       examples(7) for ready to run nmcli examples.
19
20       Typical uses include:
21
22       •   Scripts: Utilize NetworkManager via nmcli instead of managing
23           network connections manually.  nmcli supports a terse output format
24           which is better suited for script processing. Note that
25           NetworkManager can also execute scripts, called "dispatcher
26           scripts", in response to network events. See NetworkManager(8) for
27           details about these dispatcher scripts.
28
29       •   Servers, headless machines, and terminals: nmcli can be used to
30           control NetworkManager without a GUI, including creating, editing,
31           starting and stopping network connections and viewing network
32           status.
33

OPTIONS

35       -a | --ask
36           When using this option nmcli will stop and ask for any missing
37           required arguments, so do not use this option for non-interactive
38           purposes like scripts. This option controls, for example, whether
39           you will be prompted for a password if it is required for
40           connecting to a network.
41
42       -c | --colors {yes | no | auto}
43           This option controls color output (using terminal escape
44           sequences).  yes enables colors, no disables them, auto only
45           produces colors when standard output is directed to a terminal. The
46           default value is auto.
47
48           The actual colors used are configured as described in terminal-
49           colors.d(5). Please refer to the COLORS section for a list of color
50           names supported by nmcli.
51
52           If the environment variable NO_COLOR is set (to any value), then
53           coloring is disabled with mode "auto". Explicitly enabling coloring
54           overrides the environment variable.
55
56       --complete-args
57           Instead of conducting the desired action, nmcli will list possible
58           completions for the last argument. This is useful to implement
59           argument completion in shell.
60
61           The exit status will indicate success or return a code 65 to
62           indicate the last argument is a file name.
63
64           NetworkManager ships with command completion support for GNU Bash.
65
66       -e | --escape {yes | no}
67           Whether to escape : and \ characters in terse tabular mode. The
68           escape character is \.
69
70           If omitted, default is yes.
71
72       -f | --fields {field1,field2... | all | common}
73           This option is used to specify what fields (column names) should be
74           printed. Valid field names differ for specific commands. List
75           available fields by providing an invalid value to the --fields
76           option.  all is used to print all valid field values of the
77           command.  common is used to print common field values of the
78           command.
79
80           If omitted, default is common.
81
82       -g | --get-values {field1,field2... | all | common}
83           This option is used to print values from specific fields. It is
84           basically a shortcut for --mode tabular --terse --fields and is a
85           convenient way to retrieve values for particular fields. The values
86           are printed one per line without headers.
87
88           If a section is specified instead of a field, the section name will
89           be printed followed by colon separated values of the fields
90           belonging to that section, all on the same line.
91
92       -h | --help
93           Print help information.
94
95       -m | --mode {tabular | multiline}
96           Switch between tabular and multiline output:
97
98           tabular
99               Output is a table where each line describes a single entry.
100               Columns define particular properties of the entry.
101
102           multiline
103               Each entry comprises multiple lines, each property on its own
104               line. The values are prefixed with the property name.
105
106           If omitted, default is tabular for most commands. For the commands
107           producing more structured information, that cannot be displayed on
108           a single line, default is multiline. Currently, they are:
109
110           •   nmcli connection show ID
111
112           •   nmcli device show
113
114       -p | --pretty
115           Output is pretty. This causes nmcli to produce easily readable
116           outputs for humans, i.e. values are aligned, headers are printed,
117           etc.
118
119       -s | --show-secrets
120           When using this option nmcli will display passwords and secrets
121           that might be present in an output of an operation. This option
122           also influences echoing passwords typed by user as an input.
123
124       -t | --terse
125           Output is terse. This mode is designed and suitable for computer
126           (script) processing.
127
128       -v | --version
129           Show nmcli version.
130
131       -w | --wait seconds
132           This option sets a timeout period for which nmcli will wait for
133           NetworkManager to finish operations. It is especially useful for
134           commands that may take a longer time to complete, e.g. connection
135           activation.
136
137           Specifying a value of 0 instructs nmcli not to wait but to exit
138           immediately with a status of success. The default value depends on
139           the executed command.
140

GENERAL COMMANDS

142       nmcli general {status | hostname | permissions | logging | reload}
143                     [ARGUMENTS...]
144
145       Use this command to show NetworkManager status and permissions. You can
146       also get and change system hostname, as well as NetworkManager logging
147       level and domains.
148
149       status
150           Show overall status of NetworkManager. This is the default action,
151           when no additional command is provided for nmcli general.
152
153       hostname [hostname]
154           Get and change system hostname. With no arguments, this prints
155           currently configured hostname. When you pass a hostname, it will be
156           handed over to NetworkManager to be set as a new system hostname.
157
158           Note that the term "system" hostname may also be referred to as
159           "persistent" or "static" by other programs or tools. The hostname
160           is stored in /etc/hostname file in most distributions. For example,
161           systemd-hostnamed service uses the term "static" hostname and it
162           only reads the /etc/hostname file when it starts.
163
164       permissions
165           Show the permissions a caller has for various authenticated
166           operations that NetworkManager provides, like enable and disable
167           networking, changing Wi-Fi and WWAN state, modifying connections,
168           etc.
169
170       logging [level level] [domains domains...]
171           Get and change NetworkManager logging level and domains. Without
172           any argument current logging level and domains are shown. In order
173           to change logging state, provide level and, or, domain parameters.
174           See NetworkManager.conf(5) for available level and domain values.
175
176       reload [flags...]
177           Reload NetworkManager's configuration and perform certain updates,
178           like flushing caches or rewriting external state to disk. This is
179           similar to sending SIGHUP to NetworkManager but it allows for more
180           fine-grained control over what to reload through the flags
181           argument. It also allows non-root access via PolicyKit and contrary
182           to signals it is synchronous. Available flags are:
183
184           conf
185               Reload the NetworkManager.conf configuration from disk. Note
186               that this does not include connections, which can be reloaded
187               through nmcli connection reload instead.
188
189           dns-rc
190               Update DNS configuration, which usually involves writing
191               /etc/resolv.conf anew. This is equivalent to sending the
192               SIGUSR1 signal to the NetworkManager process.
193
194           dns-full
195               Restart the DNS plugin. This is for example useful when using
196               dnsmasq plugin, which uses additional configuration in
197               /etc/NetworkManager/dnsmasq.d. If you edit those files, you can
198               restart the DNS plugin. This action shortly interrupts name
199               resolution.
200
201           With no flags, everything that is supported is reloaded, which is
202           identical to sending a SIGHUP. See NetworkManager(8) for more
203           details about signals.
204

NETWORKING CONTROL COMMANDS

206       nmcli networking {on | off | connectivity} [ARGUMENTS...]
207
208       Query NetworkManager networking status, enable and disable networking.
209
210       on, off
211           Enable or disable networking control by NetworkManager. All
212           interfaces managed by NetworkManager are deactivated when
213           networking is disabled.
214
215       connectivity [check]
216           Get network connectivity state. The optional check argument tells
217           NetworkManager to re-check the connectivity, else the most recent
218           known connectivity state is displayed without re-checking.
219
220           Possible states are:
221
222           none
223               the host is not connected to any network.
224
225           portal
226               the host is behind a captive portal and cannot reach the full
227               Internet.
228
229           limited
230               the host is connected to a network, but it has no access to the
231               Internet.
232
233           full
234               the host is connected to a network and has full access to the
235               Internet.
236
237           unknown
238               the connectivity status cannot be found out.
239

RADIO TRANSMISSION CONTROL COMMANDS

241       nmcli radio {all | wifi | wwan} [ARGUMENTS...]
242
243       Show radio switches status, or enable and disable the switches.
244
245       wifi [on | off]
246           Show or set status of Wi-Fi in NetworkManager. If no arguments are
247           supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables
248           Wi-Fi.
249
250       wwan [on | off]
251           Show or set status of WWAN (mobile broadband) in NetworkManager. If
252           no arguments are supplied, mobile broadband status is printed; on
253           enables mobile broadband, off disables it.
254
255       all [on | off]
256           Show or set all previously mentioned radio switches at the same
257           time.
258

ACTIVITY MONITOR

260       nmcli monitor
261
262       Observe NetworkManager activity. Watches for changes in connectivity
263       state, devices or connection profiles.
264
265       See also nmcli connection monitor and nmcli device monitor to watch for
266       changes in certain devices or connections.
267

CONNECTION MANAGEMENT COMMANDS

269       nmcli connection {show | up | down | modify | add | edit | clone |
270                        delete | monitor | reload | load | import | export}
271                        [ARGUMENTS...]
272
273       NetworkManager stores all network configuration as "connections", which
274       are collections of data (Layer2 details, IP addressing, etc.) that
275       describe how to create or connect to a network. A connection is
276       "active" when a device uses that connection's configuration to create
277       or connect to a network. There may be multiple connections that apply
278       to a device, but only one of them can be active on that device at any
279       given time. The additional connections can be used to allow quick
280       switching between different networks and configurations.
281
282       Consider a machine which is usually connected to a DHCP-enabled
283       network, but sometimes connected to a testing network which uses static
284       IP addressing. Instead of manually reconfiguring eth0 each time the
285       network is changed, the settings can be saved as two connections which
286       both apply to eth0, one for DHCP (called default) and one with the
287       static addressing details (called testing). When connected to the
288       DHCP-enabled network the user would run nmcli con up default , and when
289       connected to the static network the user would run nmcli con up
290       testing.
291
292       show [--active] [--order [+-]category:...]
293           List in-memory and on-disk connection profiles, some of which may
294           also be active if a device is using that connection profile.
295           Without a parameter, all profiles are listed. When --active option
296           is specified, only the active profiles are shown.
297
298           The --order option can be used to get custom ordering of
299           connections. The connections can be ordered by active status
300           (active), name (name), type (type) or D-Bus path (path). If
301           connections are equal according to a sort order category, an
302           additional category can be specified. The default sorting order is
303           equivalent to --order active:name:path.  + or no prefix means
304           sorting in ascending order (alphabetically or in numbers), - means
305           reverse (descending) order. The category names can be abbreviated
306           (e.g.  --order -a:na).
307
308       show [--active] [id | uuid | path | apath] ID...
309           Show details for specified connections. By default, both static
310           configuration and active connection data are displayed. When
311           --active option is specified, only the active profiles are taken
312           into account. Use global --show-secrets option to display secrets
313           associated with the profile.
314
315           id, uuid, path and apath keywords can be used if ID is ambiguous.
316           Optional ID-specifying keywords are:
317
318           id
319               the ID denotes a connection name.
320
321           uuid
322               the ID denotes a connection UUID.
323
324           path
325               the ID denotes a D-Bus static connection path in the format of
326               /org/freedesktop/NetworkManager/Settings/num or just num.
327
328           apath
329               the ID denotes a D-Bus active connection path in the format of
330               /org/freedesktop/NetworkManager/ActiveConnection/num or just
331               num.
332
333           It is possible to filter the output using the global --fields
334           option. Use the following values:
335
336           profile
337               only shows static profile configuration.
338
339           active
340               only shows active connection data (when the profile is active).
341
342           You can also specify particular fields. For static configuration,
343           use setting and property names as described in nm-settings-nmcli(5)
344           manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6,
345           VPN.
346
347           When no command is given to the nmcli connection, the default
348           action is nmcli connection show.
349
350       up [id | uuid | path] ID [ifname ifname] [ap BSSID] [passwd-file file]
351           Activate a connection. The connection is identified by its name,
352           UUID or D-Bus path. If ID is ambiguous, a keyword id, uuid or path
353           can be used. When requiring a particular device to activate the
354           connection on, the ifname option with interface name should be
355           given. If the ID is not given an ifname is required, and
356           NetworkManager will activate the best available connection for the
357           given ifname. In case of a VPN connection, the ifname option
358           specifies the device of the base connection. The ap option specify
359           what particular AP should be used in case of a Wi-Fi connection.
360
361           If --wait option is not specified, the default timeout will be 90
362           seconds.
363
364           See connection show above for the description of the ID-specifying
365           keywords.
366
367           Available options are:
368
369           ifname
370               interface that will be used for activation.
371
372           ap
373               BSSID of the AP which the command should connect to (for Wi-Fi
374               connections).
375
376           passwd-file
377               some networks may require credentials during activation. You
378               can give these credentials using this option. Each line of the
379               file should contain one password in the form:
380
381                   setting_name.property_name:the password
382
383               For example, for WPA Wi-Fi with PSK, the line would be
384
385                   802-11-wireless-security.psk:secret12345
386
387               For 802.1X password, the line would be
388
389                   802-1x.password:my 1X password
390
391
392               nmcli also accepts wifi-sec and wifi strings instead of
393               802-11-wireless-security. When NetworkManager requires a
394               password and it is not given, nmcli will ask for it when run
395               with --ask. If --ask was not passed, NetworkManager can ask
396               another secret agent that may be running (typically a GUI
397               secret agent, such as nm-applet or gnome-shell).
398
399       down [id | uuid | path | apath] ID...
400           Deactivate a connection from a device without preventing the device
401           from further auto-activation. Multiple connections can be passed to
402           the command.
403
404           Be aware that this command deactivates the specified active
405           connection, but the device on which the connection was active, is
406           still ready to connect and will perform auto-activation by looking
407           for a suitable connection that has the 'autoconnect' flag set. Note
408           that the deactivating connection profile is internally blocked from
409           autoconnecting again. Hence it will not autoconnect until reboot or
410           until the user performs an action that unblocks autoconnect, like
411           modifying the profile or explicitly activating it.
412
413           In most cases you may want to use device disconnect command
414           instead.
415
416           The connection is identified by its name, UUID or D-Bus path. If ID
417           is ambiguous, a keyword id, uuid, path or apath can be used.
418
419           See connection show above for the description of the ID-specifying
420           keywords.
421
422           If --wait option is not specified, the default timeout will be 10
423           seconds.
424
425       modify [--temporary] [id | uuid | path] ID
426       {option value | [+|-]setting.property value}...
427           Add, modify or remove properties in the connection profile.
428
429           To set the property just specify the property name followed by the
430           value. An empty value ("") resets the property value to the
431           default.
432
433           See nm-settings-nmcli(5) for complete reference of setting and
434           property names, their descriptions and default values. The setting
435           and property can be abbreviated provided they are unique.
436
437           If you want to append an item or a flag to the existing value, use
438           + prefix for the property name or alias. If you want to remove
439           items from a container-type or flag property, use - prefix. For
440           certain properties you can also remove elements by specifying the
441           zero-based index(es). The + and - modifiers only have a real effect
442           for properties that support them. These are for example multi-value
443           (container) properties or flags like ipv4.dns, ip4, ipv4.addresses,
444           bond.options, 802-1x.phase1-auth-flags etc.
445
446           The connection is identified by its name, UUID or D-Bus path. If ID
447           is ambiguous, a keyword id, uuid or path can be used.
448
449       modify [--temporary] [id | uuid | path] ID remove setting
450           Removes a setting from the connection profile.
451
452       add [save {yes | no}] {option value | [+|-]setting.property value}...
453           Create a new connection using specified properties.
454
455           You need to describe the newly created connections with the
456           property and value pairs. See nm-settings-nmcli(5) for the complete
457           reference. The syntax is the same as of the nmcli connection modify
458           command.
459
460           To construct a meaningful connection you at the very least need to
461           set the connection.type property (or use the type alias) to one of
462           known NetworkManager connection types:
463
464           •   6lowpan
465
466           •   802-11-olpc-mesh (alias olpc-mesh)
467
468           •   802-11-wireless (alias wifi)
469
470           •   802-3-ethernet (alias ethernet)
471
472           •   adsl
473
474           •   bluetooth
475
476           •   bond
477
478           •   bond-slave (deprecated for ethernet with master)
479
480           •   bridge
481
482           •   bridge-slave (deprecated for ethernet with master)
483
484           •   cdma
485
486           •   dummy
487
488           •   generic
489
490           •   gsm
491
492           •   infiniband
493
494           •   ip-tunnel
495
496           •   macsec
497
498           •   macvlan
499
500           •   olpc-mesh
501
502           •   ovs-bridge
503
504           •   ovs-dpdk
505
506           •   ovs-interface
507
508           •   ovs-patch
509
510           •   ovs-port
511
512           •   pppoe
513
514           •   team
515
516           •   team-slave (deprecated for ethernet with master)
517
518           •   tun
519
520           •   veth
521
522           •   vlan
523
524           •   vpn
525
526           •   vrf
527
528           •   vxlan
529
530           •   wifi-p2p
531
532           •   wimax
533
534           •   wireguard
535
536           •   wpan
537
538           The most typical uses are described in the EXAMPLES section.
539
540           Aside from the properties and values two special options are
541           accepted:
542
543           save
544               Controls whether the connection should be persistent, i.e.
545               NetworkManager should store it on disk (default: yes).
546
547           --
548               If a single -- argument is encountered it is ignored. This is
549               for compatibility with older versions on nmcli.
550
551       edit {[id | uuid | path] ID | [type type] [con-name name] }
552           Edit an existing connection or add a new one, using an interactive
553           editor.
554
555           The existing connection is identified by its name, UUID or D-Bus
556           path. If ID is ambiguous, a keyword id, uuid, or path can be used.
557           See connection show above for the description of the ID-specifying
558           keywords. Not providing an ID means that a new connection will be
559           added.
560
561           The interactive editor will guide you through the connection
562           editing and allow you to change connection parameters according to
563           your needs by means of a simple menu-driven interface. The editor
564           indicates what settings and properties can be modified and provides
565           in-line help.
566
567           Available options:
568
569           type
570               type of the new connection; valid types are the same as for
571               connection add command.
572
573           con-name
574               name for the new connection. It can be changed later in the
575               editor.
576
577           See also nm-settings-nmcli(5) for all NetworkManager settings and
578           property names, and their descriptions; and nmcli-examples(7) for
579           sample editor sessions.
580
581       clone [--temporary] [id | uuid | path] ID new_name
582           Clone a connection. The connection to be cloned is identified by
583           its name, UUID or D-Bus path. If ID is ambiguous, a keyword id,
584           uuid or path can be used. See connection show above for the
585           description of the ID-specifying keywords.  new_name is the name of
586           the new cloned connection. The new connection will be the exact
587           copy except the connection.id (new_name) and connection.uuid
588           (generated) properties.
589
590           The new connection profile will be saved as persistent unless
591           --temporary option is specified, in which case the new profile
592           won't exist after NetworkManager restart.
593
594       delete [id | uuid | path] ID...
595           Delete a configured connection. The connection to be deleted is
596           identified by its name, UUID or D-Bus path. If ID is ambiguous, a
597           keyword id, uuid or path can be used. See connection show above for
598           the description of the ID-specifying keywords.
599
600           If --wait option is not specified, the default timeout will be 10
601           seconds.
602
603       monitor [id | uuid | path] ID...
604           Monitor connection profile activity. This command prints a line
605           whenever the specified connection changes. The connection to be
606           monitored is identified by its name, UUID or D-Bus path. If ID is
607           ambiguous, a keyword id, uuid or path can be used. See connection
608           show above for the description of the ID-specifying keywords.
609
610           Monitors all connection profiles in case none is specified. The
611           command terminates when all monitored connections disappear. If you
612           want to monitor connection creation consider using the global
613           monitor with nmcli monitor command.
614
615       reload
616           Reload all connection files from disk. NetworkManager does not
617           monitor changes to connection. So you need to use this command in
618           order to tell NetworkManager to re-read the connection profiles
619           from disk when a change was made to them.
620
621       load filename...
622           Load/reload one or more connection files from disk. Use this after
623           manually editing a connection file to ensure that NetworkManager is
624           aware of its latest state.
625
626       import [--temporary] type type file file
627           Import an external/foreign configuration as a NetworkManager
628           connection profile. The type of the input file is specified by type
629           option.
630
631           Only VPN configurations are supported at the moment. The
632           configuration is imported by NetworkManager VPN plugins.  type
633           values are the same as for vpn-type option in nmcli connection add.
634           VPN configurations are imported by VPN plugins. Therefore the
635           proper VPN plugin has to be installed so that nmcli could import
636           the data.
637
638           The imported connection profile will be saved as persistent unless
639           --temporary option is specified, in which case the new profile
640           won't exist after NetworkManager restart.
641
642       export [id | uuid | path] ID [file]
643           Export a connection.
644
645           Only VPN connections are supported at the moment. A proper VPN
646           plugin has to be installed so that nmcli could export a connection.
647           If no file is provided, the VPN configuration data will be printed
648           to standard output.
649

DEVICE MANAGEMENT COMMANDS

651       nmcli device {status | show | set | connect | reapply | modify |
652                    disconnect | delete | monitor | wifi | lldp}
653                    [ARGUMENTS...]
654
655       Show and manage network interfaces.
656
657       status
658           Print status of devices.
659
660           This is the default action if no command is specified to nmcli
661           device.
662
663       show [ifname]
664           Show detailed information about devices. Without an argument, all
665           devices are examined. To get information for a specific device, the
666           interface name has to be provided.
667
668       set [ifname] ifname [autoconnect {yes | no}] [managed {yes | no}]
669           Set device properties.
670
671       connect ifname
672           Connect the device. NetworkManager will try to find a suitable
673           connection that will be activated. It will also consider
674           connections that are not set to auto connect.
675
676           If no compatible connection exists, a new profile with default
677           settings will be created and activated. This differentiates nmcli
678           connection up ifname "$DEVICE" from nmcli device connect "$DEVICE"
679
680           If --wait option is not specified, the default timeout will be 90
681           seconds.
682
683       reapply ifname
684           Attempt to update device with changes to the currently active
685           connection made since it was last applied.
686
687       modify ifname {option value | [+|-]setting.property value}...
688           Modify the settings currently active on the device.
689
690           This command lets you do temporary changes to a configuration
691           active on a particular device. The changes are not preserved in the
692           connection profile.
693
694           See nm-settings-nmcli(5) for the list of available properties.
695           Please note that some properties can't be changed on an already
696           connected device.
697
698       disconnect ifname...
699           Disconnect a device and prevent the device from automatically
700           activating further connections without user/manual intervention.
701           Note that disconnecting software devices may mean that the devices
702           will disappear.
703
704           If --wait option is not specified, the default timeout will be 10
705           seconds.
706
707       delete ifname...
708           Delete a device. The command removes the interface from the system.
709           Note that this only works for software devices like bonds, bridges,
710           teams, etc. Hardware devices (like Ethernet) cannot be deleted by
711           the command.
712
713           If --wait option is not specified, the default timeout will be 10
714           seconds.
715
716       monitor [ifname...]
717           Monitor device activity. This command prints a line whenever the
718           specified devices change state.
719
720           Monitors all devices in case no interface is specified. The monitor
721           terminates when all specified devices disappear. If you want to
722           monitor device addition consider using the global monitor with
723           nmcli monitor command.
724
725       wifi [list [--rescan | auto | no | yes] [ifname ifname] [bssid BSSID]]
726           List available Wi-Fi access points. The ifname and bssid options
727           can be used to list APs for a particular interface or with a
728           specific BSSID, respectively.
729
730           By default, nmcli ensures that the access point list is no older
731           than 30 seconds and triggers a network scan if necessary. The
732           --rescan can be used to either force or disable the scan regardless
733           of how fresh the access point list is.
734
735       wifi connect (B)SSID [password password] [wep-key-type {key | phrase}]
736       [ifname ifname] [bssid BSSID] [name name] [private {yes | no}]
737       [hidden {yes | no}]
738           Connect to a Wi-Fi network specified by SSID or BSSID. The command
739           finds a matching connection or creates one and then activates it on
740           a device. This is a command-line counterpart of clicking an SSID in
741           a GUI client. If a connection for the network already exists, it is
742           possible to bring up (activate) the existing profile as follows:
743           nmcli con up id name. Note that only open, WEP and WPA-PSK networks
744           are supported if no previous connection exists. It is also assumed
745           that IP configuration is obtained via DHCP.
746
747           If --wait option is not specified, the default timeout will be 90
748           seconds.
749
750           Available options are:
751
752           password
753               password for secured networks (WEP or WPA).
754
755           wep-key-type
756               type of WEP secret, either key for ASCII/HEX key or phrase for
757               passphrase.
758
759           ifname
760               interface that will be used for activation.
761
762           bssid
763               if specified, the created connection will be restricted just
764               for the BSSID.
765
766           name
767               if specified, the connection will use the name (else NM creates
768               a name itself).
769
770           private
771               if set to yes, the connection will only be visible to the user
772               who created it. Otherwise, the connection is system-wide, which
773               is the default.
774
775           hidden
776               set to yes when connecting for the first time to an AP not
777               broadcasting its SSID. Otherwise, the SSID would not be found
778               and the connection attempt would fail.
779
780       wifi hotspot [ifname ifname] [con-name name] [ssid SSID]
781       [band {a | bg}] [channel channel] [password password]
782           Create a Wi-Fi hotspot. The command creates a hotspot connection
783           profile according to Wi-Fi device capabilities and activates it on
784           the device. The hotspot is secured with WPA if device/driver
785           supports that, otherwise WEP is used. Use connection down or device
786           disconnect to stop the hotspot.
787
788           Parameters of the hotspot can be influenced by the optional
789           parameters:
790
791           ifname
792               what Wi-Fi device is used.
793
794           con-name
795               name of the created hotspot connection profile.
796
797           ssid
798               SSID of the hotspot.
799
800           band
801               Wi-Fi band to use.
802
803           channel
804               Wi-Fi channel to use.
805
806           password
807               password to use for the created hotspot. If not provided, nmcli
808               will generate a password. The password is either WPA pre-shared
809               key or WEP key.
810
811               Note that --show-secrets global option can be used to print the
812               hotspot password. It is useful especially when the password was
813               generated.
814
815       wifi rescan [ifname ifname] [ssid SSID...]
816           Request that NetworkManager immediately re-scan for available
817           access points. NetworkManager scans Wi-Fi networks periodically,
818           but in some cases it can be useful to start scanning manually (e.g.
819           after resuming the computer). By using ssid, it is possible to scan
820           for a specific SSID, which is useful for APs with hidden SSIDs. You
821           can provide multiple ssid parameters in order to scan more SSIDs.
822
823           This command does not show the APs, use nmcli device wifi list for
824           that.
825
826       wifi show-password [ifname ifname]
827           Show the details of the active Wi-Fi networks, including the
828           secrets.
829
830       lldp [list [ifname ifname]]
831           Display information about neighboring devices learned through the
832           Link Layer Discovery Protocol (LLDP). The ifname option can be used
833           to list neighbors only for a given interface. The protocol must be
834           enabled in the connection settings.
835

SECRET AGENT

837       nmcli agent {secret | polkit | all}
838
839       Run nmcli as a NetworkManager secret agent, or polkit agent.
840
841       secret
842           Register nmcli as a NetworkManager secret agent and listen for
843           secret requests. You usually do not need this command, because
844           nmcli can handle secrets when connecting to networks. However, you
845           may find the command useful when you use another tool for
846           activating connections and you do not have a secret agent available
847           (like nm-applet).
848
849       polkit
850           Register nmcli as a polkit agent for the user session and listen
851           for authorization requests. You do not usually need this command,
852           because nmcli can handle polkit actions related to NetworkManager
853           operations (when run with --ask). However, you may find the command
854           useful when you want to run a simple text based polkit agent and
855           you do not have an agent of a desktop environment. Note that
856           running this command makes nmcli handle all polkit requests, not
857           only NetworkManager related ones, because only one polkit agent can
858           run for the session.
859
860       all
861           Runs nmcli as both NetworkManager secret and a polkit agent.
862

COLORS

864       Implicit coloring can be disabled by an empty file
865       /etc/terminal-colors.d/nmcli.disable.
866
867       See terminal-colors.d(5) for more details about colorization
868       configuration. The logical color names supported by nmcli are:
869
870       connection-activated
871           A connection that is active.
872
873       connection-activating
874           Connection that is being activated.
875
876       connection-disconnecting
877           Connection that is being disconnected.
878
879       connection-invisible
880           Connection whose details is the user not permitted to see.
881
882       connectivity-full
883           Connectivity state when Internet is reachable.
884
885       connectivity-limited
886           Connectivity state when only a local network reachable.
887
888       connectivity-none
889           Connectivity state when the network is disconnected.
890
891       connectivity-portal
892           Connectivity state when a captive portal hijacked the connection.
893
894       connectivity-unknown
895           Connectivity state when a connectivity check didn't run.
896
897       device-activated
898           Device that is connected.
899
900       device-activating
901           Device that is being configured.
902
903       device-disconnected
904           Device that is not connected.
905
906       device-firmware-missing
907           Warning of a missing device firmware.
908
909       device-plugin-missing
910           Warning of a missing device plugin.
911
912       device-unavailable
913           Device that is not available for activation.
914
915       device-disabled
916           Device is disabled by software or hardware kill switch.
917
918       manager-running
919           Notice that the NetworkManager daemon is available.
920
921       manager-starting
922           Notice that the NetworkManager daemon is being initially connected.
923
924       manager-stopped
925           Notice that the NetworkManager daemon is not available.
926
927       permission-auth
928           An action that requires user authentication to get permission.
929
930       permission-no
931           An action that is not permitted.
932
933       permission-yes
934           An action that is permitted.
935
936       prompt
937           Prompt in interactive mode.
938
939       state-asleep
940           Indication that NetworkManager in suspended state.
941
942       state-connected-global
943           Indication that NetworkManager in connected to Internet.
944
945       state-connected-local
946           Indication that NetworkManager in local network.
947
948       state-connected-site
949           Indication that NetworkManager in connected to networks other than
950           Internet.
951
952       state-connecting
953           Indication that NetworkManager is establishing a network
954           connection.
955
956       state-disconnected
957           Indication that NetworkManager is disconnected from a network.
958
959       state-disconnecting
960           Indication that NetworkManager is being disconnected from a
961           network.
962
963       wifi-signal-excellent
964           Wi-Fi network with an excellent signal level.
965
966       wifi-signal-fair
967           Wi-Fi network with a fair signal level.
968
969       wifi-signal-good
970           Wi-Fi network with a good signal level.
971
972       wifi-signal-poor
973           Wi-Fi network with a poor signal level.
974
975       wifi-signal-unknown
976           Wi-Fi network that hasn't been actually seen (a hidden AP).
977
978       disabled
979           A property that is turned off.
980
981       enabled
982           A property that is turned on.
983

ENVIRONMENT VARIABLES

985       nmcli's behavior is affected by the following environment variables.
986
987       LC_ALL
988           If set to a non-empty string value, it overrides the values of all
989           the other internationalization variables.
990
991       LC_MESSAGES
992           Determines the locale to be used for internationalized messages.
993
994       LANG
995           Provides a default value for the internationalization variables
996           that are unset or null.
997

INTERNATIONALIZATION NOTES

999       Be aware that nmcli is localized and that is why the output depends on
1000       your environment. This is important to realize especially when you
1001       parse the output.
1002
1003       Call nmcli as LC_ALL=C nmcli to be sure the locale is set to C while
1004       executing in a script.
1005
1006       LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale
1007       category (in that order), which determines the language that nmcli uses
1008       for messages. The C locale is used if none of these variables are set,
1009       and this locale uses English messages.
1010

EXIT STATUS

1012       nmcli exits with status 0 if it succeeds, a value greater than 0 is
1013       returned if an error occurs.
1014
1015       0
1016           Success – indicates the operation succeeded.
1017
1018       1
1019           Unknown or unspecified error.
1020
1021       2
1022           Invalid user input, wrong nmcli invocation.
1023
1024       3
1025           Timeout expired (see --wait option).
1026
1027       4
1028           Connection activation failed.
1029
1030       5
1031           Connection deactivation failed.
1032
1033       6
1034           Disconnecting device failed.
1035
1036       7
1037           Connection deletion failed.
1038
1039       8
1040           NetworkManager is not running.
1041
1042       10
1043           Connection, device, or access point does not exist.
1044
1045       65
1046           When used with --complete-args option, a file name is expected to
1047           follow.
1048

EXAMPLES

1050       This section presents various examples of nmcli usage. If you want even
1051       more, please refer to nmcli-examples(7) manual page.
1052
1053       nmcli -t -f RUNNING general
1054           tells you whether NetworkManager is running or not.
1055
1056       nmcli -t -f STATE general
1057           shows the overall status of NetworkManager.
1058
1059       nmcli radio wifi off
1060           switches Wi-Fi off.
1061
1062       nmcli connection show
1063           lists all connections NetworkManager has.
1064
1065       nmcli -p -m multiline -f all con show
1066           shows all configured connections in multi-line mode.
1067
1068       nmcli connection show --active
1069           lists all currently active connections.
1070
1071       nmcli -f name,autoconnect c s
1072           shows all connection profile names and their auto-connect property.
1073
1074       nmcli -p connection show "My default em1"
1075           shows details for "My default em1" connection profile.
1076
1077       nmcli --show-secrets connection show "My Home Wi-Fi"
1078           shows details for "My Home Wi-Fi" connection profile with all
1079           passwords. Without --show-secrets option, secrets would not be
1080           displayed.
1081
1082       nmcli -f active connection show "My default em1"
1083           shows details for "My default em1" active connection, like IP, DHCP
1084           information, etc.
1085
1086       nmcli -f profile con s "My wired connection"
1087           shows static configuration details of the connection profile with
1088           "My wired connection" name.
1089
1090       nmcli -p con up "My wired connection" ifname eth0
1091           activates the connection profile with name "My wired connection" on
1092           interface eth0. The -p option makes nmcli show progress of the
1093           activation.
1094
1095       nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
1096           connects the Wi-Fi connection with UUID
1097           6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
1098           00:3A:98:7C:42:D3.
1099
1100       nmcli device status
1101           shows the status for all devices.
1102
1103       nmcli dev disconnect em2
1104           disconnects a connection on interface em2 and marks the device as
1105           unavailable for auto-connecting. As a result, no connection will
1106           automatically be activated on the device until the device's
1107           'autoconnect' is set to TRUE or the user manually activates a
1108           connection.
1109
1110       nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
1111           shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
1112           sections will be shown.
1113
1114       nmcli -f CONNECTIONS device show wlp3s0
1115           shows all available connection profiles for your Wi-Fi interface
1116           wlp3s0.
1117
1118       nmcli dev wifi
1119           lists available Wi-Fi access points known to NetworkManager.
1120
1121       nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
1122           creates a new connection named "My cafe" and then connects it to
1123           "Cafe Hotspot 1" SSID using password "caffeine". This is mainly
1124           useful when connecting to "Cafe Hotspot 1" for the first time. Next
1125           time, it is better to use nmcli con up id "My cafe" so that the
1126           existing connection profile can be used and no additional is
1127           created.
1128
1129       nmcli -s dev wifi hotspot con-name QuickHotspot
1130           creates a hotspot profile and connects it. Prints the hotspot
1131           password the user should use to connect to the hotspot from other
1132           devices.
1133
1134       nmcli dev modify em1 ipv4.method shared
1135           starts IPv4 connection sharing using em1 device. The sharing will
1136           be active until the device is disconnected.
1137
1138       nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de
1139           temporarily adds an IP address to a device. The address will be
1140           removed when the same connection is activated again.
1141
1142       nmcli connection add type ethernet autoconnect no ifname eth0
1143           non-interactively adds an Ethernet connection tied to eth0
1144           interface with automatic IP configuration (DHCP), and disables the
1145           connection's autoconnect flag.
1146
1147       nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
1148           non-interactively adds a VLAN connection with ID 55. The connection
1149           will use eth0 and the VLAN interface will be named Maxipes-fik.
1150
1151       nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method
1152       link-local
1153           non-interactively adds a connection that will use eth0 Ethernet
1154           interface and only have an IPv6 link-local address configured.
1155
1156       nmcli connection edit ethernet-em1-2
1157           edits existing "ethernet-em1-2" connection in the interactive
1158           editor.
1159
1160       nmcli connection edit type ethernet con-name "yet another Ethernet
1161       connection"
1162           adds a new Ethernet connection in the interactive editor.
1163
1164       nmcli con mod ethernet-2 connection.autoconnect no
1165           modifies 'autoconnect' property in the 'connection' setting of
1166           'ethernet-2' connection.
1167
1168       nmcli con mod "Home Wi-Fi" wifi.mtu 1350
1169           modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
1170           connection.
1171
1172       nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
1173       192.168.1.1, 10.10.1.5/8, 10.0.0.11"
1174           sets manual addressing and the addresses in em1-1 profile.
1175
1176       nmcli con modify ABC +ipv4.dns 8.8.8.8
1177           appends a Google public DNS server to DNS servers in ABC profile.
1178
1179       nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
1180           removes the specified IP address from (static) profile ABC.
1181
1182       nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn
1183           imports an OpenVPN configuration to NetworkManager.
1184
1185       nmcli con export corp-vpnc /home/joe/corpvpn.conf
1186           exports NetworkManager VPN profile corp-vpnc as standard Cisco
1187           (vpnc) configuration.
1188

NOTES

1190       nmcli accepts abbreviations, as long as they are a unique prefix in the
1191       set of possible options. As new options get added, these abbreviations
1192       are not guaranteed to stay unique. For scripting and long term
1193       compatibility it is therefore strongly advised to spell out the full
1194       option names.
1195

BUGS

1197       There are probably some bugs. If you find a bug, please report it to
1198       your distribution or upstream at
1199       https://gitlab.freedesktop.org/NetworkManager/NetworkManager.
1200

SEE ALSO

1202       nmcli-examples(7), nm-settings-nmcli(5), nm-online(1),
1203       NetworkManager(8), NetworkManager.conf(5), nm-applet(1), nm-connection-
1204       editor(1), terminal-colors.d(5).
1205
1206
1207
1208NetworkManager 1.32.12                                                NMCLI(1)
Impressum