1NMCLI(1) General Commands Manual NMCLI(1)
2
6 nmcli - command-line tool for controlling NetworkManager
7
9 nmcli [OPTIONS...] {help | general | networking | radio | connection |
10 device | agent | monitor} [COMMAND] [ARGUMENTS...]
11
13 nmcli is a command-line tool for controlling NetworkManager and
14 reporting network status. It can be utilized as a replacement for
15 nm-applet or other graphical clients. nmcli is used to create,
16 display, edit, delete, activate, and deactivate network connections, as
17 well as control and display network device status. See nmcli-
18 examples(7) for ready to run nmcli examples.
19 Typical uses include:
21 • Scripts: Utilize NetworkManager via nmcli instead of managing
23 network connections manually. nmcli supports a terse output format
24 which is better suited for script processing. Note that
25 NetworkManager can also execute scripts, called "dispatcher
26 scripts", in response to network events. See NetworkManager(8) for
27 details about these dispatcher scripts.
28 • Servers, headless machines, and terminals: nmcli can be used to
30 control NetworkManager without a GUI, including creating, editing,
31 starting and stopping network connections and viewing network
32 status.
33
35 -a | --ask
36 When using this option nmcli will stop and ask for any missing
37 required arguments, so do not use this option for non-interactive
38 purposes like scripts. This option controls, for example, whether
39 you will be prompted for a password if it is required for
40 connecting to a network.
41 -c | --colors {yes | no | auto}
43 This option controls color output (using terminal escape
44 sequences). yes enables colors, no disables them, auto only
45 produces colors when standard output is directed to a terminal. The
46 default value is auto.
47 The actual colors used are configured as described in terminal-
49 colors.d(5). Please refer to the COLORS section for a list of color
50 names supported by nmcli.
51 If the environment variable NO_COLOR is set (to any value), then
53 coloring is disabled with mode "auto". Explicitly enabling coloring
54 overrides the environment variable.
55 --complete-args
57 Instead of conducting the desired action, nmcli will list possible
58 completions for the last argument. This is useful to implement
59 argument completion in shell.
60 The exit status will indicate success or return a code 65 to
62 indicate the last argument is a file name.
63 NetworkManager ships with command completion support for GNU Bash.
65 -e | --escape {yes | no}
67 Whether to escape : and \ characters in terse tabular mode. The
68 escape character is \.
69 If omitted, default is yes.
71 -f | --fields {field1,field2... | all | common}
73 This option is used to specify what fields (column names) should be
74 printed. Valid field names differ for specific commands. List
75 available fields by providing an invalid value to the --fields
76 option. all is used to print all valid field values of the
77 command. common is used to print common field values of the
78 command.
79 If omitted, default is common.
81 -g | --get-values {field1,field2... | all | common}
83 This option is used to print values from specific fields. It is
84 basically a shortcut for --mode tabular --terse --fields and is a
85 convenient way to retrieve values for particular fields. The values
86 are printed one per line without headers.
87 If a section is specified instead of a field, the section name will
89 be printed followed by colon separated values of the fields
90 belonging to that section, all on the same line.
91 -h | --help
93 Print help information.
94 -m | --mode {tabular | multiline}
96 Switch between tabular and multiline output:
97 tabular
99 Output is a table where each line describes a single entry.
100 Columns define particular properties of the entry.
101 multiline
103 Each entry comprises multiple lines, each property on its own
104 line. The values are prefixed with the property name.
105 If omitted, default is tabular for most commands. For the commands
107 producing more structured information, that cannot be displayed on
108 a single line, default is multiline. Currently, they are:
109 • nmcli connection show ID
111 • nmcli device show
113 -p | --pretty
115 Output is pretty. This causes nmcli to produce easily readable
116 outputs for humans, i.e. values are aligned, headers are printed,
117 etc.
118 -s | --show-secrets
120 When using this option nmcli will display passwords and secrets
121 that might be present in an output of an operation. This option
122 also influences echoing passwords typed by user as an input.
123 -t | --terse
125 Output is terse. This mode is designed and suitable for computer
126 (script) processing.
127 -v | --version
129 Show nmcli version.
130 -w | --wait seconds
132 This option sets a timeout period for which nmcli will wait for
133 NetworkManager to finish operations. It is especially useful for
134 commands that may take a longer time to complete, e.g. connection
135 activation.
136 Specifying a value of 0 instructs nmcli not to wait but to exit
138 immediately with a status of success. The default value depends on
139 the executed command.
140
142 nmcli general {status | hostname | permissions | logging | reload}
143 [ARGUMENTS...]
144 Use this command to show NetworkManager status and permissions. You can
146 also get and change system hostname, as well as NetworkManager logging
147 level and domains.
148 status
150 Show overall status of NetworkManager. This is the default action,
151 when no additional command is provided for nmcli general.
152 hostname [hostname]
154 Get and change system hostname. With no arguments, this prints
155 currently configured hostname. When you pass a hostname, it will be
156 handed over to NetworkManager to be set as a new system hostname.
157 Note that the term "system" hostname may also be referred to as
159 "persistent" or "static" by other programs or tools. The hostname
160 is stored in /etc/hostname file in most distributions. For example,
161 systemd-hostnamed service uses the term "static" hostname and it
162 only reads the /etc/hostname file when it starts.
163 permissions
165 Show the permissions a caller has for various authenticated
166 operations that NetworkManager provides, like enable and disable
167 networking, changing Wi-Fi and WWAN state, modifying connections,
168 etc.
169 logging [level level] [domains domains...]
171 Get and change NetworkManager logging level and domains. Without
172 any argument current logging level and domains are shown. In order
173 to change logging state, provide level and, or, domain parameters.
174 See NetworkManager.conf(5) for available level and domain values.
175 reload [flags...]
177 Reload NetworkManager's configuration and perform certain updates,
178 like flushing caches or rewriting external state to disk. This is
179 similar to sending SIGHUP to NetworkManager but it allows for more
180 fine-grained control over what to reload through the flags
181 argument. It also allows non-root access via PolicyKit and contrary
182 to signals it is synchronous. Available flags are:
183 conf
185 Reload the NetworkManager.conf configuration from disk. Note
186 that this does not include connections, which can be reloaded
187 through nmcli connection reload instead.
188 dns-rc
190 Update DNS configuration, which usually involves writing
191 /etc/resolv.conf anew. This is equivalent to sending the
192 SIGUSR1 signal to the NetworkManager process.
193 dns-full
195 Restart the DNS plugin. This is for example useful when using
196 dnsmasq plugin, which uses additional configuration in
197 /etc/NetworkManager/dnsmasq.d. If you edit those files, you can
198 restart the DNS plugin. This action shortly interrupts name
199 resolution.
200 With no flags, everything that is supported is reloaded, which is
202 identical to sending a SIGHUP. See NetworkManager(8) for more
203 details about signals.
204
206 nmcli networking {on | off | connectivity} [ARGUMENTS...]
207 Query NetworkManager networking status, enable and disable networking.
209 on, off
211 Enable or disable networking control by NetworkManager. All
212 interfaces managed by NetworkManager are deactivated when
213 networking is disabled.
214 connectivity [check]
216 Get network connectivity state. The optional check argument tells
217 NetworkManager to re-check the connectivity, else the most recent
218 known connectivity state is displayed without re-checking.
219 Possible states are:
221 none
223 the host is not connected to any network.
224 portal
226 the host is behind a captive portal and cannot reach the full
227 Internet.
228 limited
230 the host is connected to a network, but it has no access to the
231 Internet.
232 full
234 the host is connected to a network and has full access to the
235 Internet.
236 unknown
238 the connectivity status cannot be found out.
239
241 nmcli radio {all | wifi | wwan} [ARGUMENTS...]
242 Show radio switches status, or enable and disable the switches.
244 wifi [on | off]
246 Show or set status of Wi-Fi in NetworkManager. If no arguments are
247 supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables
248 Wi-Fi.
249 wwan [on | off]
251 Show or set status of WWAN (mobile broadband) in NetworkManager. If
252 no arguments are supplied, mobile broadband status is printed; on
253 enables mobile broadband, off disables it.
254 all [on | off]
256 Show or set all previously mentioned radio switches at the same
257 time.
258
260 nmcli monitor
261 Observe NetworkManager activity. Watches for changes in connectivity
263 state, devices or connection profiles.
264 See also nmcli connection monitor and nmcli device monitor to watch for
266 changes in certain devices or connections.
267
269 nmcli connection {show | up | down | modify | add | edit | clone |
270 delete | monitor | reload | load | import | export |
271 migrate} [ARGUMENTS...]
272 NetworkManager stores all network configuration as "connections", which
274 are collections of data (Layer2 details, IP addressing, etc.) that
275 describe how to create or connect to a network. A connection is
276 "active" when a device uses that connection's configuration to create
277 or connect to a network. There may be multiple connections that apply
278 to a device, but only one of them can be active on that device at any
279 given time. The additional connections can be used to allow quick
280 switching between different networks and configurations.
281 Consider a machine which is usually connected to a DHCP-enabled
283 network, but sometimes connected to a testing network which uses static
284 IP addressing. Instead of manually reconfiguring eth0 each time the
285 network is changed, the settings can be saved as two connections which
286 both apply to eth0, one for DHCP (called default) and one with the
287 static addressing details (called testing). When connected to the
288 DHCP-enabled network the user would run nmcli con up default , and when
289 connected to the static network the user would run nmcli con up
290 testing.
291 show [--active] [--order [+-]category:...]
293 List in-memory and on-disk connection profiles, some of which may
294 also be active if a device is using that connection profile.
295 Without a parameter, all profiles are listed. When --active option
296 is specified, only the active profiles are shown.
297 The --order option can be used to get custom ordering of
299 connections. The connections can be ordered by active status
300 (active), name (name), type (type) or D-Bus path (path). If
301 connections are equal according to a sort order category, an
302 additional category can be specified. The default sorting order is
303 equivalent to --order active:name:path. + or no prefix means
304 sorting in ascending order (alphabetically or in numbers), - means
305 reverse (descending) order. The category names can be abbreviated
306 (e.g. --order -a:na).
307 show [--active] [id | uuid | path | apath] ID...
309 Show details for specified connections. By default, both static
310 configuration and active connection data are displayed. When
311 --active option is specified, only the active profiles are taken
312 into account. Use global --show-secrets option to display secrets
313 associated with the profile.
314 id, uuid, path and apath keywords can be used if ID is ambiguous.
316 Optional ID-specifying keywords are:
317 id
319 the ID denotes a connection name.
320 uuid
322 the ID denotes a connection UUID.
323 path
325 the ID denotes a D-Bus static connection path in the format of
326 /org/freedesktop/NetworkManager/Settings/num or just num.
327 apath
329 the ID denotes a D-Bus active connection path in the format of
330 /org/freedesktop/NetworkManager/ActiveConnection/num or just
331 num.
332 It is possible to filter the output using the global --fields
334 option. Use the following values:
335 profile
337 only shows static profile configuration.
338 active
340 only shows active connection data (when the profile is active).
341 You can also specify particular fields. For static configuration,
343 use setting and property names as described in nm-settings-nmcli(5)
344 manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6,
345 VPN.
346 When no command is given to the nmcli connection, the default
348 action is nmcli connection show.
349 up [id | uuid | path] ID [ifname ifname] [ap BSSID] [passwd-file file]
351 Activate a connection. The connection is identified by its name,
352 UUID or D-Bus path. If ID is ambiguous, a keyword id, uuid or path
353 can be used. When requiring a particular device to activate the
354 connection on, the ifname option with interface name should be
355 given. If the ID is not given an ifname is required, and
356 NetworkManager will activate the best available connection for the
357 given ifname. In case of a VPN connection, the ifname option
358 specifies the device of the base connection. The ap option specify
359 what particular AP should be used in case of a Wi-Fi connection.
360 If --wait option is not specified, the default timeout will be 90
362 seconds.
363 See connection show above for the description of the ID-specifying
365 keywords.
366 Available options are:
368 ifname
370 interface that will be used for activation.
371 ap
373 BSSID of the AP which the command should connect to (for Wi-Fi
374 connections).
375 passwd-file
377 some networks may require credentials during activation. You
378 can give these credentials using this option. Each line of the
379 file should contain one password in the form:
380 setting_name.property_name:the password
382 For example, for WPA Wi-Fi with PSK, the line would be
384 802-11-wireless-security.psk:secret12345
386 For 802.1X password, the line would be
388 802-1x.password:my 1X password
390 nmcli also accepts wifi-sec and wifi strings instead of
393 802-11-wireless-security. When NetworkManager requires a
394 password and it is not given, nmcli will ask for it when run
395 with --ask. If --ask was not passed, NetworkManager can ask
396 another secret agent that may be running (typically a GUI
397 secret agent, such as nm-applet or gnome-shell).
398 down [id | uuid | path | apath] ID...
400 Deactivate a connection from a device without preventing the device
401 from further auto-activation. Multiple connections can be passed to
402 the command.
403 Be aware that this command deactivates the specified active
405 connection, but the device on which the connection was active, is
406 still ready to connect and will perform auto-activation by looking
407 for a suitable connection that has the 'autoconnect' flag set. Note
408 that the deactivating connection profile is internally blocked from
409 autoconnecting again. Hence it will not autoconnect until reboot or
410 until the user performs an action that unblocks autoconnect, like
411 modifying the profile or explicitly activating it.
412 In most cases you may want to use device down command instead.
414 The connection is identified by its name, UUID or D-Bus path. If ID
416 is ambiguous, a keyword id, uuid, path or apath can be used.
417 See connection show above for the description of the ID-specifying
419 keywords.
420 If --wait option is not specified, the default timeout will be 10
422 seconds.
423 modify [--temporary] [id | uuid | path] ID
425 {option value | [+|-]setting.property value}...
426 Add, modify or remove properties in the connection profile.
427 To set the property just specify the property name followed by the
429 value. An empty value ("") resets the property value to the
430 default.
431 See nm-settings-nmcli(5) for complete reference of setting and
433 property names, their descriptions and default values. The setting
434 and property can be abbreviated provided they are unique.
435 If you want to append an item or a flag to the existing value, use
437 + prefix for the property name or alias. If you want to remove
438 items from a container-type or flag property, use - prefix. For
439 certain properties you can also remove elements by specifying the
440 zero-based index(es). The + and - modifiers only have a real effect
441 for properties that support them. These are for example multi-value
442 (container) properties or flags like ipv4.dns, ip4, ipv4.addresses,
443 bond.options, 802-1x.phase1-auth-flags etc.
444 The connection is identified by its name, UUID or D-Bus path. If ID
446 is ambiguous, a keyword id, uuid or path can be used.
447 modify [--temporary] [id | uuid | path] ID remove setting
449 Removes a setting from the connection profile.
450 add [save {yes | no}] {option value | [+|-]setting.property value}...
452 Create a new connection using specified properties.
453 You need to describe the newly created connections with the
455 property and value pairs. See nm-settings-nmcli(5) for the complete
456 reference. The syntax is the same as of the nmcli connection modify
457 command.
458 To construct a meaningful connection you at the very least need to
460 set the connection.type property (or use the type alias) to one of
461 known NetworkManager connection types:
462 • 6lowpan
464 • 802-11-olpc-mesh (alias olpc-mesh)
466 • 802-11-wireless (alias wifi)
468 • 802-3-ethernet (alias ethernet)
470 • adsl
472 • bluetooth
474 • bond
476 • bond-slave (deprecated for ethernet with master)
478 • bridge
480 • bridge-slave (deprecated for ethernet with master)
482 • cdma
484 • dummy
486 • generic
488 • gsm
490 • infiniband
492 • ip-tunnel
494 • macsec
496 • macvlan
498 • olpc-mesh
500 • ovs-bridge
502 • ovs-dpdk
504 • ovs-interface
506 • ovs-patch
508 • ovs-port
510 • pppoe
512 • team
514 • team-slave (deprecated for ethernet with master)
516 • tun
518 • veth
520 • vlan
522 • vpn
524 • vrf
526 • vxlan
528 • wifi-p2p
530 • wimax
532 • wireguard
534 • wpan
536 The most typical uses are described in the EXAMPLES section.
538 Aside from the properties and values two special options are
540 accepted:
541 save
543 Controls whether the connection should be persistent, i.e.
544 NetworkManager should store it on disk (default: yes).
545 --
547 If a single -- argument is encountered it is ignored. This is
548 for compatibility with older versions on nmcli.
549 edit {[id | uuid | path] ID | [type type] [con-name name] }
551 Edit an existing connection or add a new one, using an interactive
552 editor.
553 The existing connection is identified by its name, UUID or D-Bus
555 path. If ID is ambiguous, a keyword id, uuid, or path can be used.
556 See connection show above for the description of the ID-specifying
557 keywords. Not providing an ID means that a new connection will be
558 added.
559 The interactive editor will guide you through the connection
561 editing and allow you to change connection parameters according to
562 your needs by means of a simple menu-driven interface. The editor
563 indicates what settings and properties can be modified and provides
564 in-line help.
565 Available options:
567 type
569 type of the new connection; valid types are the same as for
570 connection add command.
571 con-name
573 name for the new connection. It can be changed later in the
574 editor.
575 See also nm-settings-nmcli(5) for all NetworkManager settings and
577 property names, and their descriptions; and nmcli-examples(7) for
578 sample editor sessions.
579 clone [--temporary] [id | uuid | path] ID new_name
581 Clone a connection. The connection to be cloned is identified by
582 its name, UUID or D-Bus path. If ID is ambiguous, a keyword id,
583 uuid or path can be used. See connection show above for the
584 description of the ID-specifying keywords. new_name is the name of
585 the new cloned connection. The new connection will be the exact
586 copy except the connection.id (new_name) and connection.uuid
587 (generated) properties.
588 The new connection profile will be saved as persistent unless
590 --temporary option is specified, in which case the new profile
591 won't exist after NetworkManager restart.
592 delete [id | uuid | path] ID...
594 Delete a configured connection. The connection to be deleted is
595 identified by its name, UUID or D-Bus path. If ID is ambiguous, a
596 keyword id, uuid or path can be used. See connection show above for
597 the description of the ID-specifying keywords.
598 If --wait option is not specified, the default timeout will be 10
600 seconds.
601 monitor [id | uuid | path] ID...
603 Monitor connection profile activity. This command prints a line
604 whenever the specified connection changes. The connection to be
605 monitored is identified by its name, UUID or D-Bus path. If ID is
606 ambiguous, a keyword id, uuid or path can be used. See connection
607 show above for the description of the ID-specifying keywords.
608 Monitors all connection profiles in case none is specified. The
610 command terminates when all monitored connections disappear. If you
611 want to monitor connection creation consider using the global
612 monitor with nmcli monitor command.
613 reload
615 Reload all connection files from disk. NetworkManager does not
616 monitor changes to connection. So you need to use this command in
617 order to tell NetworkManager to re-read the connection profiles
618 from disk when a change was made to them.
619 load filename...
621 Load/reload one or more connection files from disk. Use this after
622 manually editing a connection file to ensure that NetworkManager is
623 aware of its latest state.
624 import [--temporary] type type file file
626 Import an external/foreign configuration as a NetworkManager
627 connection profile. The type of the input file is specified by type
628 option.
629 Only VPN configurations are supported at the moment. The
631 configuration is imported by NetworkManager VPN plugins. type
632 values are the same as for vpn-type option in nmcli connection add.
633 VPN configurations are imported by VPN plugins. Therefore the
634 proper VPN plugin has to be installed so that nmcli could import
635 the data.
636 The imported connection profile will be saved as persistent unless
638 --temporary option is specified, in which case the new profile
639 won't exist after NetworkManager restart.
640 export [id | uuid | path] ID [file]
642 Export a connection.
643 Only VPN connections are supported at the moment. A proper VPN
645 plugin has to be installed so that nmcli could export a connection.
646 If no file is provided, the VPN configuration data will be printed
647 to standard output.
648 migrate [--plugin plugin...] [id | uuid | path] [ID...]
650 Migrate connection profiles to a different settings plugin, such as
651 keyfile (default) or ifcfg-rh.
652 The connection to be migrated is identified by its name, UUID or
654 D-Bus path. If ID is ambiguous, a keyword id, uuid or path can be
655 used. See connection show above for the description of the
656 ID-specifying keywords.
657 If no connections are specified, the command acts on all available
659 connections. Therefore, with no arguments, the command migrates all
660 connection profiles to the keyfile plugin.
661 If --wait option is not specified, the default timeout will be 10
663 seconds.
664
666 nmcli device {status | show | set | up | connect | reapply | modify |
667 down | disconnect | delete | monitor | wifi | lldp}
668 [ARGUMENTS...]
669 Show and manage network interfaces.
671 status
673 Print status of devices.
674 This is the default action if no command is specified to nmcli
676 device.
677 show [ifname]
679 Show detailed information about devices. Without an argument, all
680 devices are examined. To get information for a specific device, the
681 interface name has to be provided.
682 set [ifname] ifname [autoconnect {yes | no}] [managed {yes | no}]
684 Set device properties.
685 up ifname
687 Connect the device. NetworkManager will try to find a suitable
688 connection that will be activated. It will also consider
689 connections that are not set to auto connect.
690 If no compatible connection exists, a new profile with default
692 settings will be created and activated. This differentiates nmcli
693 connection up ifname "$DEVICE" from nmcli device up "$DEVICE"
694 If --wait option is not specified, the default timeout will be 90
696 seconds.
697 connect ifname
699 Alias for command up. Before version 1.34.0 up was not supported.
700 reapply ifname
702 Attempt to update device with changes to the currently active
703 connection made since it was last applied.
704 modify ifname {option value | [+|-]setting.property value}...
706 Modify the settings currently active on the device.
707 This command lets you do temporary changes to a configuration
709 active on a particular device. The changes are not preserved in the
710 connection profile.
711 See nm-settings-nmcli(5) for the list of available properties.
713 Please note that some properties can't be changed on an already
714 connected device.
715 down ifname...
717 Disconnect a device and prevent the device from automatically
718 activating further connections without user/manual intervention.
719 Note that disconnecting software devices may mean that the devices
720 will disappear.
721 If --wait option is not specified, the default timeout will be 10
723 seconds.
724 disconnect ifname...
726 Alias for command down. Before version 1.34.0 down was not
727 supported.
728 delete ifname...
730 Delete a device. The command removes the interface from the system.
731 Note that this only works for software devices like bonds, bridges,
732 teams, etc. Hardware devices (like Ethernet) cannot be deleted by
733 the command.
734 If --wait option is not specified, the default timeout will be 10
736 seconds.
737 monitor [ifname...]
739 Monitor device activity. This command prints a line whenever the
740 specified devices change state.
741 Monitors all devices in case no interface is specified. The monitor
743 terminates when all specified devices disappear. If you want to
744 monitor device addition consider using the global monitor with
745 nmcli monitor command.
746 wifi [list [--rescan | auto | no | yes] [ifname ifname] [bssid BSSID]]
748 List available Wi-Fi access points. The ifname and bssid options
749 can be used to list APs for a particular interface or with a
750 specific BSSID, respectively.
751 By default, nmcli ensures that the access point list is no older
753 than 30 seconds and triggers a network scan if necessary. The
754 --rescan can be used to either force or disable the scan regardless
755 of how fresh the access point list is.
756 wifi connect (B)SSID [password password] [wep-key-type {key | phrase}]
758 [ifname ifname] [bssid BSSID] [name name] [private {yes | no}]
759 [hidden {yes | no}]
760 Connect to a Wi-Fi network specified by SSID or BSSID. The command
761 finds a matching connection or creates one and then activates it on
762 a device. This is a command-line counterpart of clicking an SSID in
763 a GUI client. If a connection for the network already exists, it is
764 possible to bring up (activate) the existing profile as follows:
765 nmcli con up id name. Note that only open, WEP and WPA-PSK networks
766 are supported if no previous connection exists. It is also assumed
767 that IP configuration is obtained via DHCP.
768 If --wait option is not specified, the default timeout will be 90
770 seconds.
771 Available options are:
773 password
775 password for secured networks (WEP or WPA).
776 wep-key-type
778 type of WEP secret, either key for ASCII/HEX key or phrase for
779 passphrase.
780 ifname
782 interface that will be used for activation.
783 bssid
785 if specified, the created connection will be restricted just
786 for the BSSID.
787 name
789 if specified, the connection will use the name (else NM creates
790 a name itself).
791 private
793 if set to yes, the connection will only be visible to the user
794 who created it. Otherwise, the connection is system-wide, which
795 is the default.
796 hidden
798 set to yes when connecting for the first time to an AP not
799 broadcasting its SSID. Otherwise, the SSID would not be found
800 and the connection attempt would fail.
801 wifi hotspot [ifname ifname] [con-name name] [ssid SSID]
803 [band {a | bg}] [channel channel] [password password]
804 Create a Wi-Fi hotspot. The command creates a hotspot connection
805 profile according to Wi-Fi device capabilities and activates it on
806 the device. The hotspot is secured with WPA if device/driver
807 supports that, otherwise WEP is used. Use connection down or device
808 down to stop the hotspot.
809 Parameters of the hotspot can be influenced by the optional
811 parameters:
812 ifname
814 what Wi-Fi device is used.
815 con-name
817 name of the created hotspot connection profile.
818 ssid
820 SSID of the hotspot.
821 band
823 Wi-Fi band to use.
824 channel
826 Wi-Fi channel to use.
827 password
829 password to use for the created hotspot. If not provided, nmcli
830 will generate a password. The password is either WPA pre-shared
831 key or WEP key.
832 Note that --show-secrets global option can be used to print the
834 hotspot password. It is useful especially when the password was
835 generated.
836 wifi rescan [ifname ifname] [ssid SSID...]
838 Request that NetworkManager immediately re-scan for available
839 access points. NetworkManager scans Wi-Fi networks periodically,
840 but in some cases it can be useful to start scanning manually (e.g.
841 after resuming the computer). By using ssid, it is possible to scan
842 for a specific SSID, which is useful for APs with hidden SSIDs. You
843 can provide multiple ssid parameters in order to scan more SSIDs.
844 This command does not show the APs, use nmcli device wifi list for
846 that.
847 wifi show-password [ifname ifname]
849 Show the details of the active Wi-Fi networks, including the
850 secrets.
851 lldp [list [ifname ifname]]
853 Display information about neighboring devices learned through the
854 Link Layer Discovery Protocol (LLDP). The ifname option can be used
855 to list neighbors only for a given interface. The protocol must be
856 enabled in the connection settings.
857
859 nmcli agent {secret | polkit | all}
860 Run nmcli as a NetworkManager secret agent, or polkit agent.
862 secret
864 Register nmcli as a NetworkManager secret agent and listen for
865 secret requests. You usually do not need this command, because
866 nmcli can handle secrets when connecting to networks. However, you
867 may find the command useful when you use another tool for
868 activating connections and you do not have a secret agent available
869 (like nm-applet).
870 polkit
872 Register nmcli as a polkit agent for the user session and listen
873 for authorization requests. You do not usually need this command,
874 because nmcli can handle polkit actions related to NetworkManager
875 operations (when run with --ask). However, you may find the command
876 useful when you want to run a simple text based polkit agent and
877 you do not have an agent of a desktop environment. Note that
878 running this command makes nmcli handle all polkit requests, not
879 only NetworkManager related ones, because only one polkit agent can
880 run for the session.
881 all
883 Runs nmcli as both NetworkManager secret and a polkit agent.
884
886 Implicit coloring can be disabled by an empty file
887 /etc/terminal-colors.d/nmcli.disable.
888 See terminal-colors.d(5) for more details about colorization
890 configuration. The logical color names supported by nmcli are:
891 connection-activated
893 A connection that is active.
894 connection-activating
896 Connection that is being activated.
897 connection-disconnecting
899 Connection that is being disconnected.
900 connection-external
902 Connection representing configuration created externally to
903 NetworkManager.
904 connection-invisible
906 Connection whose details is the user not permitted to see.
907 connection-deprecated
909 Connection that uses deprecated settings. It might not be possible
910 to activate it.
911 connectivity-full
913 Connectivity state when Internet is reachable.
914 connectivity-limited
916 Connectivity state when only a local network reachable.
917 connectivity-none
919 Connectivity state when the network is disconnected.
920 connectivity-portal
922 Connectivity state when a captive portal hijacked the connection.
923 connectivity-unknown
925 Connectivity state when a connectivity check didn't run.
926 device-activated
928 Device that is connected.
929 device-activating
931 Device that is being configured.
932 device-disconnected
934 Device that is not connected.
935 device-external
937 Device configured externally to NetworkManager.
938 device-firmware-missing
940 Warning of a missing device firmware.
941 device-plugin-missing
943 Warning of a missing device plugin.
944 device-unavailable
946 Device that is not available for activation.
947 device-disabled
949 Device is disabled by software or hardware kill switch.
950 manager-running
952 Notice that the NetworkManager daemon is available.
953 manager-starting
955 Notice that the NetworkManager daemon is being initially connected.
956 manager-stopped
958 Notice that the NetworkManager daemon is not available.
959 permission-auth
961 An action that requires user authentication to get permission.
962 permission-no
964 An action that is not permitted.
965 permission-yes
967 An action that is permitted.
968 prompt
970 Prompt in interactive mode.
971 state-asleep
973 Indication that NetworkManager in suspended state.
974 state-connected-global
976 Indication that NetworkManager in connected to Internet.
977 state-connected-local
979 Indication that NetworkManager in local network.
980 state-connected-site
982 Indication that NetworkManager in connected to networks other than
983 Internet.
984 state-connecting
986 Indication that NetworkManager is establishing a network
987 connection.
988 state-disconnected
990 Indication that NetworkManager is disconnected from a network.
991 state-disconnecting
993 Indication that NetworkManager is being disconnected from a
994 network.
995 wifi-signal-excellent
997 Wi-Fi network with an excellent signal level.
998 wifi-signal-fair
1000 Wi-Fi network with a fair signal level.
1001 wifi-signal-good
1003 Wi-Fi network with a good signal level.
1004 wifi-signal-poor
1006 Wi-Fi network with a poor signal level.
1007 wifi-signal-unknown
1009 Wi-Fi network that hasn't been actually seen (a hidden AP).
1010 wifi-deprecated
1012 Wi-Fi network that might be impossible to connect to due to use of
1013 deprecated functionality.
1014 disabled
1016 A property that is turned off.
1017 enabled
1019 A property that is turned on.
1020
1022 nmcli's behavior is affected by the following environment variables.
1023 LC_ALL
1025 If set to a non-empty string value, it overrides the values of all
1026 the other internationalization variables.
1027 LC_MESSAGES
1029 Determines the locale to be used for internationalized messages.
1030 LANG
1032 Provides a default value for the internationalization variables
1033 that are unset or null.
1034
1036 Be aware that nmcli is localized and that is why the output depends on
1037 your environment. This is important to realize especially when you
1038 parse the output.
1039 Call nmcli as LC_ALL=C nmcli to be sure the locale is set to C while
1041 executing in a script.
1042 LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale
1044 category (in that order), which determines the language that nmcli uses
1045 for messages. The C locale is used if none of these variables are set,
1046 and this locale uses English messages.
1047
1049 nmcli exits with status 0 if it succeeds, a value greater than 0 is
1050 returned if an error occurs.
1051 0
1053 Success – indicates the operation succeeded.
1054 1
1056 Unknown or unspecified error.
1057 2
1059 Invalid user input, wrong nmcli invocation.
1060 3
1062 Timeout expired (see --wait option).
1063 4
1065 Connection activation failed.
1066 5
1068 Connection deactivation failed.
1069 6
1071 Disconnecting device failed.
1072 7
1074 Connection deletion failed.
1075 8
1077 NetworkManager is not running.
1078 10
1080 Connection, device, or access point does not exist.
1081 65
1083 When used with --complete-args option, a file name is expected to
1084 follow.
1085
1087 This section presents various examples of nmcli usage. If you want even
1088 more, please refer to nmcli-examples(7) manual page.
1089 nmcli -t -f RUNNING general
1091 tells you whether NetworkManager is running or not.
1092 nmcli -t -f STATE general
1094 shows the overall status of NetworkManager.
1095 nmcli radio wifi off
1097 switches Wi-Fi off.
1098 nmcli connection show
1100 lists all connections NetworkManager has.
1101 nmcli -p -m multiline -f all con show
1103 shows all configured connections in multi-line mode.
1104 nmcli connection show --active
1106 lists all currently active connections.
1107 nmcli -f name,autoconnect c s
1109 shows all connection profile names and their auto-connect property.
1110 nmcli -p connection show "My default em1"
1112 shows details for "My default em1" connection profile.
1113 nmcli --show-secrets connection show "My Home Wi-Fi"
1115 shows details for "My Home Wi-Fi" connection profile with all
1116 passwords. Without --show-secrets option, secrets would not be
1117 displayed.
1118 nmcli -f active connection show "My default em1"
1120 shows details for "My default em1" active connection, like IP, DHCP
1121 information, etc.
1122 nmcli -f profile con s "My wired connection"
1124 shows static configuration details of the connection profile with
1125 "My wired connection" name.
1126 nmcli -p con up "My wired connection" ifname eth0
1128 activates the connection profile with name "My wired connection" on
1129 interface eth0. The -p option makes nmcli show progress of the
1130 activation.
1131 nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
1133 connects the Wi-Fi connection with UUID
1134 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
1135 00:3A:98:7C:42:D3.
1136 nmcli device status
1138 shows the status for all devices.
1139 nmcli dev down em2
1141 disconnects a connection on interface em2 and marks the device as
1142 unavailable for auto-connecting. As a result, no connection will
1143 automatically be activated on the device until the device's
1144 'autoconnect' is set to TRUE or the user manually activates a
1145 connection.
1146 nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
1148 shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
1149 sections will be shown.
1150 nmcli -f CONNECTIONS device show wlp3s0
1152 shows all available connection profiles for your Wi-Fi interface
1153 wlp3s0.
1154 nmcli dev wifi
1156 lists available Wi-Fi access points known to NetworkManager.
1157 nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
1159 creates a new connection named "My cafe" and then connects it to
1160 "Cafe Hotspot 1" SSID using password "caffeine". This is mainly
1161 useful when connecting to "Cafe Hotspot 1" for the first time. Next
1162 time, it is better to use nmcli con up id "My cafe" so that the
1163 existing connection profile can be used and no additional is
1164 created.
1165 nmcli -s dev wifi hotspot con-name QuickHotspot
1167 creates a hotspot profile and connects it. Prints the hotspot
1168 password the user should use to connect to the hotspot from other
1169 devices.
1170 nmcli dev modify em1 ipv4.method shared
1172 starts IPv4 connection sharing using em1 device. The sharing will
1173 be active until the device is disconnected.
1174 nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de
1176 temporarily adds an IP address to a device. The address will be
1177 removed when the same connection is activated again.
1178 nmcli connection add type ethernet autoconnect no ifname eth0
1180 non-interactively adds an Ethernet connection tied to eth0
1181 interface with automatic IP configuration (DHCP), and disables the
1182 connection's autoconnect flag.
1183 nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
1185 non-interactively adds a VLAN connection with ID 55. The connection
1186 will use eth0 and the VLAN interface will be named Maxipes-fik.
1187 nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method
1189 link-local
1190 non-interactively adds a connection that will use eth0 Ethernet
1191 interface and only have an IPv6 link-local address configured.
1192 nmcli connection edit ethernet-em1-2
1194 edits existing "ethernet-em1-2" connection in the interactive
1195 editor.
1196 nmcli connection edit type ethernet con-name "yet another Ethernet
1198 connection"
1199 adds a new Ethernet connection in the interactive editor.
1200 nmcli con mod ethernet-2 connection.autoconnect no
1202 modifies 'autoconnect' property in the 'connection' setting of
1203 'ethernet-2' connection.
1204 nmcli con mod "Home Wi-Fi" wifi.mtu 1350
1206 modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
1207 connection.
1208 nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
1210 192.168.1.1, 10.10.1.5/8, 10.0.0.11"
1211 sets manual addressing and the addresses in em1-1 profile.
1212 nmcli con modify ABC +ipv4.dns 8.8.8.8
1214 appends a Google public DNS server to DNS servers in ABC profile.
1215 nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
1217 removes the specified IP address from (static) profile ABC.
1218 nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn
1220 imports an OpenVPN configuration to NetworkManager.
1221 nmcli con export corp-vpnc /home/joe/corpvpn.conf
1223 exports NetworkManager VPN profile corp-vpnc as standard Cisco
1224 (vpnc) configuration.
1225
1227 nmcli accepts abbreviations, as long as they are a unique prefix in the
1228 set of possible options. As new options get added, these abbreviations
1229 are not guaranteed to stay unique. For scripting and long term
1230 compatibility it is therefore strongly advised to spell out the full
1231 option names.
1232
1234 There are probably some bugs. If you find a bug, please report it to
1235 your distribution or upstream at
1236 https://gitlab.freedesktop.org/NetworkManager/NetworkManager.
1237
1239 nmcli-examples(7), nm-settings-nmcli(5), nm-online(1),
1240 NetworkManager(8), NetworkManager.conf(5), nm-applet(1), nm-connection-
1241 editor(1), terminal-colors.d(5).
1242NetworkManager 1.38.0 NMCLI(1)