1NMCLI(1)                    General Commands Manual                   NMCLI(1)
2
3
4

NAME

6       nmcli - command-line tool for controlling NetworkManager
7

SYNOPSIS

9       nmcli [OPTIONS...] {help | general | networking | radio | connection |
10             device | agent | monitor} [COMMAND] [ARGUMENTS...]
11

DESCRIPTION

13       nmcli is a command-line tool for controlling NetworkManager and
14       reporting network status. It can be utilized as a replacement for
15       nm-applet or other graphical clients.  nmcli is used to create,
16       display, edit, delete, activate, and deactivate network connections, as
17       well as control and display network device status. See nmcli-
18       examples(7) for ready to run nmcli examples.
19
20       Typical uses include:
21
22       •   Scripts: Utilize NetworkManager via nmcli instead of managing
23           network connections manually.  nmcli supports a terse output format
24           which is better suited for script processing. Note that
25           NetworkManager can also execute scripts, called "dispatcher
26           scripts", in response to network events. See NetworkManager(8) for
27           details about these dispatcher scripts.
28
29       •   Servers, headless machines, and terminals: nmcli can be used to
30           control NetworkManager without a GUI, including creating, editing,
31           starting and stopping network connections and viewing network
32           status.
33

OPTIONS

35       -a | --ask
36           When using this option nmcli will stop and ask for any missing
37           required arguments, so do not use this option for non-interactive
38           purposes like scripts. This option controls, for example, whether
39           you will be prompted for a password if it is required for
40           connecting to a network.
41
42       -c | --colors {yes | no | auto}
43           This option controls color output (using terminal escape
44           sequences).  yes enables colors, no disables them, auto only
45           produces colors when standard output is directed to a terminal. The
46           default value is auto.
47
48           The actual colors used are configured as described in terminal-
49           colors.d(5). Please refer to the COLORS section for a list of color
50           names supported by nmcli.
51
52           If the environment variable NO_COLOR is set (to any value), then
53           coloring is disabled with mode "auto". Explicitly enabling coloring
54           overrides the environment variable.
55
56       --complete-args
57           Instead of conducting the desired action, nmcli will list possible
58           completions for the last argument. This is useful to implement
59           argument completion in shell.
60
61           The exit status will indicate success or return a code 65 to
62           indicate the last argument is a file name.
63
64           NetworkManager ships with command completion support for GNU Bash.
65
66       -e | --escape {yes | no}
67           Whether to escape : and \ characters in terse tabular mode. The
68           escape character is \.
69
70           If omitted, default is yes.
71
72       -f | --fields {field1,field2... | all | common}
73           This option is used to specify what fields (column names) should be
74           printed. Valid field names differ for specific commands. List
75           available fields by providing an invalid value to the --fields
76           option.  all is used to print all valid field values of the
77           command.  common is used to print common field values of the
78           command.
79
80           If omitted, default is common.
81
82       -g | --get-values {field1,field2... | all | common}
83           This option is used to print values from specific fields. It is
84           basically a shortcut for --mode tabular --terse --fields and is a
85           convenient way to retrieve values for particular fields. The values
86           are printed one per line without headers.
87
88           If a section is specified instead of a field, the section name will
89           be printed followed by colon separated values of the fields
90           belonging to that section, all on the same line.
91
92       -h | --help
93           Print help information.
94
95       -m | --mode {tabular | multiline}
96           Switch between tabular and multiline output:
97
98           tabular
99               Output is a table where each line describes a single entry.
100               Columns define particular properties of the entry.
101
102           multiline
103               Each entry comprises multiple lines, each property on its own
104               line. The values are prefixed with the property name.
105
106           If omitted, default is tabular for most commands. For the commands
107           producing more structured information, that cannot be displayed on
108           a single line, default is multiline. Currently, they are:
109
110           •   nmcli connection show ID
111
112           •   nmcli device show
113
114       -p | --pretty
115           Output is pretty. This causes nmcli to produce easily readable
116           outputs for humans, i.e. values are aligned, headers are printed,
117           etc.
118
119       -s | --show-secrets
120           When using this option nmcli will display passwords and secrets
121           that might be present in an output of an operation. This option
122           also influences echoing passwords typed by user as an input.
123
124       -t | --terse
125           Output is terse. This mode is designed and suitable for computer
126           (script) processing.
127
128       --offline
129           Work without a daemon. Makes connection add and connection modify
130           commands accept and produce connection data via standard
131           input/output. Ordinarily, nmcli would communicate with the
132           NetworkManager service.
133
134           The connection data format (keyfile) is described in nm-settings-
135           keyfile(5) manual.
136
137       -v | --version
138           Show nmcli version.
139
140       -w | --wait seconds
141           This option sets a timeout period for which nmcli will wait for
142           NetworkManager to finish operations. It is especially useful for
143           commands that may take a longer time to complete, e.g. connection
144           activation.
145
146           Specifying a value of 0 instructs nmcli not to wait but to exit
147           immediately with a status of success. The default value depends on
148           the executed command.
149

GENERAL COMMANDS

151       nmcli general {status | hostname | permissions | logging | reload}
152                     [ARGUMENTS...]
153
154       Use this command to show NetworkManager status and permissions. You can
155       also get and change system hostname, as well as NetworkManager logging
156       level and domains.
157
158       status
159           Show overall status of NetworkManager. This is the default action,
160           when no additional command is provided for nmcli general.
161
162       hostname [hostname]
163           Get and change system hostname. With no arguments, this prints
164           currently configured hostname. When you pass a hostname, it will be
165           handed over to NetworkManager to be set as a new system hostname.
166
167           Note that the term "system" hostname may also be referred to as
168           "persistent" or "static" by other programs or tools. The hostname
169           is stored in /etc/hostname file in most distributions. For example,
170           systemd-hostnamed service uses the term "static" hostname and it
171           only reads the /etc/hostname file when it starts.
172
173       permissions
174           Show the permissions a caller has for various authenticated
175           operations that NetworkManager provides, like enable and disable
176           networking, changing Wi-Fi and WWAN state, modifying connections,
177           etc.
178
179       logging [level level] [domains domains...]
180           Get and change NetworkManager logging level and domains. Without
181           any argument current logging level and domains are shown. In order
182           to change logging state, provide level and, or, domain parameters.
183           See NetworkManager.conf(5) for available level and domain values.
184
185       reload [flags...]
186           Reload NetworkManager's configuration and perform certain updates,
187           like flushing caches or rewriting external state to disk. This is
188           similar to sending SIGHUP to NetworkManager but it allows for more
189           fine-grained control over what to reload through the flags
190           argument. It also allows non-root access via PolicyKit and contrary
191           to signals it is synchronous. Available flags are:
192
193           conf
194               Reload the NetworkManager.conf configuration from disk. Note
195               that this does not include connections, which can be reloaded
196               through nmcli connection reload instead.
197
198           dns-rc
199               Update DNS configuration, which usually involves writing
200               /etc/resolv.conf anew. This is equivalent to sending the
201               SIGUSR1 signal to the NetworkManager process.
202
203           dns-full
204               Restart the DNS plugin. This is for example useful when using
205               dnsmasq plugin, which uses additional configuration in
206               /etc/NetworkManager/dnsmasq.d. If you edit those files, you can
207               restart the DNS plugin. This action shortly interrupts name
208               resolution.
209
210           With no flags, everything that is supported is reloaded, which is
211           identical to sending a SIGHUP. See NetworkManager(8) for more
212           details about signals.
213

NETWORKING CONTROL COMMANDS

215       nmcli networking {on | off | connectivity} [ARGUMENTS...]
216
217       Query NetworkManager networking status, enable and disable networking.
218
219       on, off
220           Enable or disable networking control by NetworkManager. All
221           interfaces managed by NetworkManager are deactivated when
222           networking is disabled.
223
224       connectivity [check]
225           Get network connectivity state. The optional check argument tells
226           NetworkManager to re-check the connectivity, else the most recent
227           known connectivity state is displayed without re-checking.
228
229           Possible states are:
230
231           none
232               the host is not connected to any network.
233
234           portal
235               the host is behind a captive portal and cannot reach the full
236               Internet.
237
238           limited
239               the host is connected to a network, but it has no access to the
240               Internet.
241
242           full
243               the host is connected to a network and has full access to the
244               Internet.
245
246           unknown
247               the connectivity status cannot be found out.
248

RADIO TRANSMISSION CONTROL COMMANDS

250       nmcli radio {all | wifi | wwan} [ARGUMENTS...]
251
252       Show radio switches status, or enable and disable the switches.
253
254       wifi [on | off]
255           Show or set status of Wi-Fi in NetworkManager. If no arguments are
256           supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables
257           Wi-Fi.
258
259       wwan [on | off]
260           Show or set status of WWAN (mobile broadband) in NetworkManager. If
261           no arguments are supplied, mobile broadband status is printed; on
262           enables mobile broadband, off disables it.
263
264       all [on | off]
265           Show or set all previously mentioned radio switches at the same
266           time.
267

ACTIVITY MONITOR

269       nmcli monitor
270
271       Observe NetworkManager activity. Watches for changes in connectivity
272       state, devices or connection profiles.
273
274       See also nmcli connection monitor and nmcli device monitor to watch for
275       changes in certain devices or connections.
276

CONNECTION MANAGEMENT COMMANDS

278       nmcli connection {show | up | down | modify | add | edit | clone |
279                        delete | monitor | reload | load | import | export |
280                        migrate} [ARGUMENTS...]
281
282       NetworkManager stores all network configuration as "connections", which
283       are collections of data (Layer2 details, IP addressing, etc.) that
284       describe how to create or connect to a network. A connection is
285       "active" when a device uses that connection's configuration to create
286       or connect to a network. There may be multiple connections that apply
287       to a device, but only one of them can be active on that device at any
288       given time. The additional connections can be used to allow quick
289       switching between different networks and configurations.
290
291       Consider a machine which is usually connected to a DHCP-enabled
292       network, but sometimes connected to a testing network which uses static
293       IP addressing. Instead of manually reconfiguring eth0 each time the
294       network is changed, the settings can be saved as two connections which
295       both apply to eth0, one for DHCP (called default) and one with the
296       static addressing details (called testing). When connected to the
297       DHCP-enabled network the user would run nmcli con up default , and when
298       connected to the static network the user would run nmcli con up
299       testing.
300
301       show [--active] [--order [+-]category:...]
302           List in-memory and on-disk connection profiles, some of which may
303           also be active if a device is using that connection profile.
304           Without a parameter, all profiles are listed. When --active option
305           is specified, only the active profiles are shown.
306
307           The --order option can be used to get custom ordering of
308           connections. The connections can be ordered by active status
309           (active), name (name), type (type) or D-Bus path (path). If
310           connections are equal according to a sort order category, an
311           additional category can be specified. The default sorting order is
312           equivalent to --order active:name:path.  + or no prefix means
313           sorting in ascending order (alphabetically or in numbers), - means
314           reverse (descending) order. The category names can be abbreviated
315           (e.g.  --order -a:na).
316
317       show [--active] [id | uuid | path | apath] ID...
318           Show details for specified connections. By default, both static
319           configuration and active connection data are displayed. When
320           --active option is specified, only the active profiles are taken
321           into account. Use global --show-secrets option to display secrets
322           associated with the profile.
323
324           id, uuid, path and apath keywords can be used if ID is ambiguous.
325           Optional ID-specifying keywords are:
326
327           id
328               the ID denotes a connection name.
329
330           uuid
331               the ID denotes a connection UUID.
332
333           path
334               the ID denotes a D-Bus static connection path in the format of
335               /org/freedesktop/NetworkManager/Settings/num or just num.
336
337           apath
338               the ID denotes a D-Bus active connection path in the format of
339               /org/freedesktop/NetworkManager/ActiveConnection/num or just
340               num.
341
342           It is possible to filter the output using the global --fields
343           option. Use the following values:
344
345           profile
346               only shows static profile configuration.
347
348           active
349               only shows active connection data (when the profile is active).
350
351           You can also specify particular fields. For static configuration,
352           use setting and property names as described in nm-settings-nmcli(5)
353           manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6,
354           VPN.
355
356           When no command is given to the nmcli connection, the default
357           action is nmcli connection show.
358
359       up [id | uuid | path] ID [ifname ifname] [ap BSSID] [passwd-file file]
360           Activate a connection. The connection is identified by its name,
361           UUID or D-Bus path. If ID is ambiguous, a keyword id, uuid or path
362           can be used. When requiring a particular device to activate the
363           connection on, the ifname option with interface name should be
364           given. If the ID is not given an ifname is required, and
365           NetworkManager will activate the best available connection for the
366           given ifname. In case of a VPN connection, the ifname option
367           specifies the device of the base connection. The ap option specify
368           what particular AP should be used in case of a Wi-Fi connection.
369
370           If --wait option is not specified, the default timeout will be 90
371           seconds.
372
373           See connection show above for the description of the ID-specifying
374           keywords.
375
376           Available options are:
377
378           ifname
379               interface that will be used for activation.
380
381           ap
382               BSSID of the AP which the command should connect to (for Wi-Fi
383               connections).
384
385           passwd-file
386               some networks may require credentials during activation. You
387               can give these credentials using this option. Each line of the
388               file should contain one password in the form:
389
390                   setting_name.property_name:the password
391
392               For example, for WPA Wi-Fi with PSK, the line would be
393
394                   802-11-wireless-security.psk:secret12345
395
396               For 802.1X password, the line would be
397
398                   802-1x.password:my 1X password
399
400
401               nmcli also accepts wifi-sec and wifi strings instead of
402               802-11-wireless-security. When NetworkManager requires a
403               password and it is not given, nmcli will ask for it when run
404               with --ask. If --ask was not passed, NetworkManager can ask
405               another secret agent that may be running (typically a GUI
406               secret agent, such as nm-applet or gnome-shell).
407
408       down [id | uuid | path | apath] ID...
409           Deactivate a connection from a device without preventing the device
410           from further auto-activation. Multiple connections can be passed to
411           the command.
412
413           Be aware that this command deactivates the specified active
414           connection, but the device on which the connection was active, is
415           still ready to connect and will perform auto-activation by looking
416           for a suitable connection that has the 'autoconnect' flag set. Note
417           that the deactivating connection profile is internally blocked from
418           autoconnecting again. Hence it will not autoconnect until reboot or
419           until the user performs an action that unblocks autoconnect, like
420           modifying the profile or explicitly activating it.
421
422           In most cases you may want to use device down command instead.
423
424           The connection is identified by its name, UUID or D-Bus path. If ID
425           is ambiguous, a keyword id, uuid, path or apath can be used.
426
427           See connection show above for the description of the ID-specifying
428           keywords.
429
430           If --wait option is not specified, the default timeout will be 10
431           seconds.
432
433       modify [--temporary] [id | uuid | path] [ID]
434       {option value | [+|-]setting.property value}...
435           Add, modify or remove properties in the connection profile.
436
437           To set the property just specify the property name followed by the
438           value. An empty value ("") resets the property value to the
439           default.
440
441           See nm-settings-nmcli(5) for complete reference of setting and
442           property names, their descriptions and default values. The setting
443           and property can be abbreviated provided they are unique.
444
445           If you want to append an item or a flag to the existing value, use
446           + prefix for the property name or alias. If you want to remove
447           items from a container-type or flag property, use - prefix. For
448           certain properties you can also remove elements by specifying the
449           zero-based index(es). The + and - modifiers only have a real effect
450           for properties that support them. These are for example multi-value
451           (container) properties or flags like ipv4.dns, ip4, ipv4.addresses,
452           bond.options, 802-1x.phase1-auth-flags etc.
453
454           The connection is identified by its name, UUID or D-Bus path. If ID
455           is ambiguous, a keyword id, uuid or path can be used. The ID is not
456           used with the global --offline option.
457
458           When the global --offline is used, the command reads the connection
459           from the standard input and prints the modified connection to
460           standard output instead of making the the NetworkManager daemon act
461           upon specified connection.
462
463       modify [--temporary] [id | uuid | path] ID remove setting
464           Removes a setting from the connection profile.
465
466       add [save {yes | no}] {option value | [+|-]setting.property value}...
467           Create a new connection using specified properties.
468
469           You need to describe the newly created connections with the
470           property and value pairs. See nm-settings-nmcli(5) for the complete
471           reference. The syntax is the same as of the nmcli connection modify
472           command.
473
474           To construct a meaningful connection you at the very least need to
475           set the connection.type property (or use the type alias) to one of
476           known NetworkManager connection types:
477
478           •   6lowpan
479
480           •   802-11-olpc-mesh (alias olpc-mesh)
481
482           •   802-11-wireless (alias wifi)
483
484           •   802-3-ethernet (alias ethernet)
485
486           •   adsl
487
488           •   bluetooth
489
490           •   bond
491
492           •   bond-slave (deprecated for ethernet with master)
493
494           •   bridge
495
496           •   bridge-slave (deprecated for ethernet with master)
497
498           •   cdma
499
500           •   dummy
501
502           •   generic
503
504           •   gsm
505
506           •   infiniband
507
508           •   ip-tunnel
509
510           •   macsec
511
512           •   macvlan
513
514           •   olpc-mesh
515
516           •   ovs-bridge
517
518           •   ovs-dpdk
519
520           •   ovs-interface
521
522           •   ovs-patch
523
524           •   ovs-port
525
526           •   pppoe
527
528           •   team
529
530           •   team-slave (deprecated for ethernet with master)
531
532           •   tun
533
534           •   veth
535
536           •   vlan
537
538           •   vpn
539
540           •   vrf
541
542           •   vxlan
543
544           •   wifi-p2p
545
546           •   wimax
547
548           •   wireguard
549
550           •   wpan
551
552           The most typical uses are described in the EXAMPLES section.
553
554           Aside from the properties and values two special options are
555           accepted:
556
557           save
558               Controls whether the connection should be persistent, i.e.
559               NetworkManager should store it on disk (default: yes).
560
561           --
562               If a single -- argument is encountered it is ignored. This is
563               for compatibility with older versions on nmcli.
564
565           When the global --offline is used, the command prints the resulting
566           connection to standard output instead of actually adding the
567           connection via the NetworkManager daemon.
568
569       edit {[id | uuid | path] ID | [type type] [con-name name] }
570           Edit an existing connection or add a new one, using an interactive
571           editor.
572
573           The existing connection is identified by its name, UUID or D-Bus
574           path. If ID is ambiguous, a keyword id, uuid, or path can be used.
575           See connection show above for the description of the ID-specifying
576           keywords. Not providing an ID means that a new connection will be
577           added.
578
579           The interactive editor will guide you through the connection
580           editing and allow you to change connection parameters according to
581           your needs by means of a simple menu-driven interface. The editor
582           indicates what settings and properties can be modified and provides
583           in-line help.
584
585           Available options:
586
587           type
588               type of the new connection; valid types are the same as for
589               connection add command.
590
591           con-name
592               name for the new connection. It can be changed later in the
593               editor.
594
595           See also nm-settings-nmcli(5) for all NetworkManager settings and
596           property names, and their descriptions; and nmcli-examples(7) for
597           sample editor sessions.
598
599       clone [--temporary] [id | uuid | path] ID new_name
600           Clone a connection. The connection to be cloned is identified by
601           its name, UUID or D-Bus path. If ID is ambiguous, a keyword id,
602           uuid or path can be used. See connection show above for the
603           description of the ID-specifying keywords.  new_name is the name of
604           the new cloned connection. The new connection will be the exact
605           copy except the connection.id (new_name) and connection.uuid
606           (generated) properties.
607
608           The new connection profile will be saved as persistent unless
609           --temporary option is specified, in which case the new profile
610           won't exist after NetworkManager restart.
611
612       delete [id | uuid | path] ID...
613           Delete a configured connection. The connection to be deleted is
614           identified by its name, UUID or D-Bus path. If ID is ambiguous, a
615           keyword id, uuid or path can be used. See connection show above for
616           the description of the ID-specifying keywords.
617
618           If --wait option is not specified, the default timeout will be 10
619           seconds.
620
621       monitor [id | uuid | path] ID...
622           Monitor connection profile activity. This command prints a line
623           whenever the specified connection changes. The connection to be
624           monitored is identified by its name, UUID or D-Bus path. If ID is
625           ambiguous, a keyword id, uuid or path can be used. See connection
626           show above for the description of the ID-specifying keywords.
627
628           Monitors all connection profiles in case none is specified. The
629           command terminates when all monitored connections disappear. If you
630           want to monitor connection creation consider using the global
631           monitor with nmcli monitor command.
632
633       reload
634           Reload all connection files from disk. NetworkManager does not
635           monitor changes to connection. So you need to use this command in
636           order to tell NetworkManager to re-read the connection profiles
637           from disk when a change was made to them.
638
639       load filename...
640           Load/reload one or more connection files from disk. Use this after
641           manually editing a connection file to ensure that NetworkManager is
642           aware of its latest state.
643
644       import [--temporary] type type file file
645           Import an external/foreign configuration as a NetworkManager
646           connection profile. The type of the input file is specified by type
647           option.
648
649           Only VPN configurations are supported at the moment. The
650           configuration is imported by NetworkManager VPN plugins.  type
651           values are the same as for vpn-type option in nmcli connection add.
652           VPN configurations are imported by VPN plugins. Therefore the
653           proper VPN plugin has to be installed so that nmcli could import
654           the data.
655
656           The imported connection profile will be saved as persistent unless
657           --temporary option is specified, in which case the new profile
658           won't exist after NetworkManager restart.
659
660       export [id | uuid | path] ID [file]
661           Export a connection.
662
663           Only VPN connections are supported at the moment. A proper VPN
664           plugin has to be installed so that nmcli could export a connection.
665           If no file is provided, the VPN configuration data will be printed
666           to standard output.
667
668       migrate [--plugin plugin...] [id | uuid | path] [ID...]
669           Migrate connection profiles to a different settings plugin, such as
670           keyfile (default) or ifcfg-rh.
671
672           The connection to be migrated is identified by its name, UUID or
673           D-Bus path. If ID is ambiguous, a keyword id, uuid or path can be
674           used. See connection show above for the description of the
675           ID-specifying keywords.
676
677           If no connections are specified, the command acts on all available
678           connections. Therefore, with no arguments, the command migrates all
679           connection profiles to the keyfile plugin.
680
681           If --wait option is not specified, the default timeout will be 10
682           seconds.
683

DEVICE MANAGEMENT COMMANDS

685       nmcli device {status | show | set | up | connect | reapply | modify |
686                    down | disconnect | delete | monitor | wifi | lldp |
687                    checkpoint} [ARGUMENTS...]
688
689       Show and manage network interfaces.
690
691       status
692           Print status of devices.
693
694           This is the default action if no command is specified to nmcli
695           device.
696
697       show [ifname]
698           Show detailed information about devices. Without an argument, all
699           devices are examined. To get information for a specific device, the
700           interface name has to be provided.
701
702       set [ifname] ifname [autoconnect {yes | no}] [managed {yes | no}]
703           Set device properties.
704
705       up ifname
706           Connect the device. NetworkManager will try to find a suitable
707           connection that will be activated. It will also consider
708           connections that are not set to auto connect.
709
710           If no compatible connection exists, a new profile with default
711           settings will be created and activated. This differentiates nmcli
712           connection up ifname "$DEVICE" from nmcli device up "$DEVICE"
713
714           If --wait option is not specified, the default timeout will be 90
715           seconds.
716
717       connect ifname
718           Alias for command up. Before version 1.34.0 up was not supported.
719
720       reapply ifname
721           Attempt to update device with changes to the currently active
722           connection made since it was last applied.
723
724       modify ifname {option value | [+|-]setting.property value}...
725           Modify the settings currently active on the device.
726
727           This command lets you do temporary changes to a configuration
728           active on a particular device. The changes are not preserved in the
729           connection profile.
730
731           See nm-settings-nmcli(5) for the list of available properties.
732           Please note that some properties can't be changed on an already
733           connected device.
734
735       down ifname...
736           Disconnect a device and prevent the device from automatically
737           activating further connections without user/manual intervention.
738           Note that disconnecting software devices may mean that the devices
739           will disappear.
740
741           If --wait option is not specified, the default timeout will be 10
742           seconds.
743
744       disconnect ifname...
745           Alias for command down. Before version 1.34.0 down was not
746           supported.
747
748       delete ifname...
749           Delete a device. The command removes the interface from the system.
750           Note that this only works for software devices like bonds, bridges,
751           teams, etc. Hardware devices (like Ethernet) cannot be deleted by
752           the command.
753
754           If --wait option is not specified, the default timeout will be 10
755           seconds.
756
757       monitor [ifname...]
758           Monitor device activity. This command prints a line whenever the
759           specified devices change state.
760
761           Monitors all devices in case no interface is specified. The monitor
762           terminates when all specified devices disappear. If you want to
763           monitor device addition consider using the global monitor with
764           nmcli monitor command.
765
766       wifi [list [--rescan | auto | no | yes] [ifname ifname] [bssid BSSID]]
767           List available Wi-Fi access points. The ifname and bssid options
768           can be used to list APs for a particular interface or with a
769           specific BSSID, respectively.
770
771           By default, nmcli ensures that the access point list is no older
772           than 30 seconds and triggers a network scan if necessary. The
773           --rescan can be used to either force or disable the scan regardless
774           of how fresh the access point list is.
775
776       wifi connect (B)SSID [password password] [wep-key-type {key | phrase}]
777       [ifname ifname] [bssid BSSID] [name name] [private {yes | no}]
778       [hidden {yes | no}]
779           Connect to a Wi-Fi network specified by SSID or BSSID. The command
780           finds a matching connection or creates one and then activates it on
781           a device. This is a command-line counterpart of clicking an SSID in
782           a GUI client. If a connection for the network already exists, it is
783           possible to bring up (activate) the existing profile as follows:
784           nmcli con up id name. Note that only open, WEP and WPA-PSK networks
785           are supported if no previous connection exists. It is also assumed
786           that IP configuration is obtained via DHCP.
787
788           If --wait option is not specified, the default timeout will be 90
789           seconds.
790
791           Available options are:
792
793           password
794               password for secured networks (WEP or WPA).
795
796           wep-key-type
797               type of WEP secret, either key for ASCII/HEX key or phrase for
798               passphrase.
799
800           ifname
801               interface that will be used for activation.
802
803           bssid
804               if specified, the created connection will be restricted just
805               for the BSSID.
806
807           name
808               if specified, the connection will use the name (else NM creates
809               a name itself).
810
811           private
812               if set to yes, the connection will only be visible to the user
813               who created it. Otherwise, the connection is system-wide, which
814               is the default.
815
816           hidden
817               set to yes when connecting for the first time to an AP not
818               broadcasting its SSID. Otherwise, the SSID would not be found
819               and the connection attempt would fail.
820
821       wifi hotspot [ifname ifname] [con-name name] [ssid SSID]
822       [band {a | bg}] [channel channel] [password password]
823           Create a Wi-Fi hotspot. The command creates a hotspot connection
824           profile according to Wi-Fi device capabilities and activates it on
825           the device. The hotspot is secured with WPA if device/driver
826           supports that, otherwise WEP is used. Use connection down or device
827           down to stop the hotspot.
828
829           Parameters of the hotspot can be influenced by the optional
830           parameters:
831
832           ifname
833               what Wi-Fi device is used.
834
835           con-name
836               name of the created hotspot connection profile.
837
838           ssid
839               SSID of the hotspot.
840
841           band
842               Wi-Fi band to use.
843
844           channel
845               Wi-Fi channel to use.
846
847           password
848               password to use for the created hotspot. If not provided, nmcli
849               will generate a password. The password is either WPA pre-shared
850               key or WEP key.
851
852               Note that --show-secrets global option can be used to print the
853               hotspot password. It is useful especially when the password was
854               generated.
855
856       wifi rescan [ifname ifname] [ssid SSID...]
857           Request that NetworkManager immediately re-scan for available
858           access points. NetworkManager scans Wi-Fi networks periodically,
859           but in some cases it can be useful to start scanning manually (e.g.
860           after resuming the computer). By using ssid, it is possible to scan
861           for a specific SSID, which is useful for APs with hidden SSIDs. You
862           can provide multiple ssid parameters in order to scan more SSIDs.
863
864           This command does not show the APs, use nmcli device wifi list for
865           that.
866
867       wifi show-password [ifname ifname]
868           Show the details of the active Wi-Fi networks, including the
869           secrets.
870
871       lldp [list [ifname ifname]]
872           Display information about neighboring devices learned through the
873           Link Layer Discovery Protocol (LLDP). The ifname option can be used
874           to list neighbors only for a given interface. The protocol must be
875           enabled in the connection settings.
876
877       checkpoint [--timeout seconds] [ifname...] -- COMMAND...
878           Runs the command with a configuration checkpoint taken and asks for
879           a confirmation when finished. When the confirmation is not given,
880           the checkpoint is automatically restored after timeout.
881
882           This allows doing disruptive configuration changes over remote
883           connections with an option of restoring the network configuration
884           to a known good state in case of an error.
885
886           If the a list of interface names is specified, the checkpoint is
887           taken, the checkpoint is takes only on the specified devices.
888           Otherwise a checkpoint is taken for all devices.
889
890           Currently the timeout defaults to 15 seconds. This may change in a
891           future version.
892

SECRET AGENT

894       nmcli agent {secret | polkit | all}
895
896       Run nmcli as a NetworkManager secret agent, or polkit agent.
897
898       secret
899           Register nmcli as a NetworkManager secret agent and listen for
900           secret requests. You usually do not need this command, because
901           nmcli can handle secrets when connecting to networks. However, you
902           may find the command useful when you use another tool for
903           activating connections and you do not have a secret agent available
904           (like nm-applet).
905
906       polkit
907           Register nmcli as a polkit agent for the user session and listen
908           for authorization requests. You do not usually need this command,
909           because nmcli can handle polkit actions related to NetworkManager
910           operations (when run with --ask). However, you may find the command
911           useful when you want to run a simple text based polkit agent and
912           you do not have an agent of a desktop environment. Note that
913           running this command makes nmcli handle all polkit requests, not
914           only NetworkManager related ones, because only one polkit agent can
915           run for the session.
916
917       all
918           Runs nmcli as both NetworkManager secret and a polkit agent.
919

COLORS

921       Implicit coloring can be disabled by an empty file
922       /etc/terminal-colors.d/nmcli.disable.
923
924       See terminal-colors.d(5) for more details about colorization
925       configuration. The logical color names supported by nmcli are:
926
927       connection-activated
928           A connection that is active.
929
930       connection-activating
931           Connection that is being activated.
932
933       connection-disconnecting
934           Connection that is being disconnected.
935
936       connection-external
937           Connection representing configuration created externally to
938           NetworkManager.
939
940       connection-invisible
941           Connection whose details is the user not permitted to see.
942
943       connection-deprecated
944           Connection that uses deprecated settings. It might not be possible
945           to activate it.
946
947       connectivity-full
948           Connectivity state when Internet is reachable.
949
950       connectivity-limited
951           Connectivity state when only a local network reachable.
952
953       connectivity-none
954           Connectivity state when the network is disconnected.
955
956       connectivity-portal
957           Connectivity state when a captive portal hijacked the connection.
958
959       connectivity-unknown
960           Connectivity state when a connectivity check didn't run.
961
962       device-activated
963           Device that is connected.
964
965       device-activating
966           Device that is being configured.
967
968       device-disconnected
969           Device that is not connected.
970
971       device-external
972           Device configured externally to NetworkManager.
973
974       device-firmware-missing
975           Warning of a missing device firmware.
976
977       device-plugin-missing
978           Warning of a missing device plugin.
979
980       device-unavailable
981           Device that is not available for activation.
982
983       device-disabled
984           Device is disabled by software or hardware kill switch.
985
986       manager-running
987           Notice that the NetworkManager daemon is available.
988
989       manager-starting
990           Notice that the NetworkManager daemon is being initially connected.
991
992       manager-stopped
993           Notice that the NetworkManager daemon is not available.
994
995       permission-auth
996           An action that requires user authentication to get permission.
997
998       permission-no
999           An action that is not permitted.
1000
1001       permission-yes
1002           An action that is permitted.
1003
1004       prompt
1005           Prompt in interactive mode.
1006
1007       state-asleep
1008           Indication that NetworkManager in suspended state.
1009
1010       state-connected-global
1011           Indication that NetworkManager in connected to Internet.
1012
1013       state-connected-local
1014           Indication that NetworkManager in local network.
1015
1016       state-connected-site
1017           Indication that NetworkManager in connected to networks other than
1018           Internet.
1019
1020       state-connecting
1021           Indication that NetworkManager is establishing a network
1022           connection.
1023
1024       state-disconnected
1025           Indication that NetworkManager is disconnected from a network.
1026
1027       state-disconnecting
1028           Indication that NetworkManager is being disconnected from a
1029           network.
1030
1031       wifi-signal-excellent
1032           Wi-Fi network with an excellent signal level.
1033
1034       wifi-signal-fair
1035           Wi-Fi network with a fair signal level.
1036
1037       wifi-signal-good
1038           Wi-Fi network with a good signal level.
1039
1040       wifi-signal-poor
1041           Wi-Fi network with a poor signal level.
1042
1043       wifi-signal-unknown
1044           Wi-Fi network that hasn't been actually seen (a hidden AP).
1045
1046       wifi-deprecated
1047           Wi-Fi network that might be impossible to connect to due to use of
1048           deprecated functionality.
1049
1050       disabled
1051           A property that is turned off.
1052
1053       enabled
1054           A property that is turned on.
1055

ENVIRONMENT VARIABLES

1057       nmcli's behavior is affected by the following environment variables.
1058
1059       LC_ALL
1060           If set to a non-empty string value, it overrides the values of all
1061           the other internationalization variables.
1062
1063       LC_MESSAGES
1064           Determines the locale to be used for internationalized messages.
1065
1066       LANG
1067           Provides a default value for the internationalization variables
1068           that are unset or null.
1069
1070       NO_COLOR
1071           Default to not producing colored and paged output. The --colors
1072           option, if used, takes precedence.
1073
1074       PAGER
1075           Filter to pipe the output through if it doesn't fit on a screen.
1076           Can be a file name of an executable or a shell command. Empty
1077           string to disable the functionality.
1078
1079           Note that the pager command is expected to handle wide characters
1080           and ANSI escape sequences for changing colors (unless they're
1081           disabled).  nmcli sets up the environment variables LESS and
1082           LESSCHARSET appropriately for the less(1) pager, other pagers may
1083           or may not need extra configuration.
1084
1085           If unspecified, pager(1), less(1) and more(1) will be tried (in
1086           that order).
1087
1088       TERM
1089           Terminal type. If dumb, nmcli will not use a pager or produce ANSI
1090           escape sequences for coloring.
1091
1092           Terminal types other than dumb are assumed to support ASCII escape
1093           sequences for setting the output color.
1094

INTERNATIONALIZATION NOTES

1096       Be aware that nmcli is localized and that is why the output depends on
1097       your environment. This is important to realize especially when you
1098       parse the output.
1099
1100       Call nmcli as LC_ALL=C nmcli to be sure the locale is set to C while
1101       executing in a script.
1102
1103       LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale
1104       category (in that order), which determines the language that nmcli uses
1105       for messages. The C locale is used if none of these variables are set,
1106       and this locale uses English messages.
1107

EXIT STATUS

1109       nmcli exits with status 0 if it succeeds, a value greater than 0 is
1110       returned if an error occurs.
1111
1112       0
1113           Success – indicates the operation succeeded.
1114
1115       1
1116           Unknown or unspecified error.
1117
1118       2
1119           Invalid user input, wrong nmcli invocation.
1120
1121       3
1122           Timeout expired (see --wait option).
1123
1124       4
1125           Connection activation failed.
1126
1127       5
1128           Connection deactivation failed.
1129
1130       6
1131           Disconnecting device failed.
1132
1133       7
1134           Connection deletion failed.
1135
1136       8
1137           NetworkManager is not running.
1138
1139       10
1140           Connection, device, or access point does not exist.
1141
1142       65
1143           When used with --complete-args option, a file name is expected to
1144           follow.
1145

EXAMPLES

1147       This section presents various examples of nmcli usage. If you want even
1148       more, please refer to nmcli-examples(7) manual page.
1149
1150       nmcli -t -f RUNNING general
1151           tells you whether NetworkManager is running or not.
1152
1153       nmcli -t -f STATE general
1154           shows the overall status of NetworkManager.
1155
1156       nmcli radio wifi off
1157           switches Wi-Fi off.
1158
1159       nmcli connection show
1160           lists all connections NetworkManager has.
1161
1162       nmcli -p -m multiline -f all con show
1163           shows all configured connections in multi-line mode.
1164
1165       nmcli connection show --active
1166           lists all currently active connections.
1167
1168       nmcli -f name,autoconnect c s
1169           shows all connection profile names and their auto-connect property.
1170
1171       nmcli -p connection show "My default em1"
1172           shows details for "My default em1" connection profile.
1173
1174       nmcli --show-secrets connection show "My Home Wi-Fi"
1175           shows details for "My Home Wi-Fi" connection profile with all
1176           passwords. Without --show-secrets option, secrets would not be
1177           displayed.
1178
1179       nmcli -f active connection show "My default em1"
1180           shows details for "My default em1" active connection, like IP, DHCP
1181           information, etc.
1182
1183       nmcli -f profile con s "My wired connection"
1184           shows static configuration details of the connection profile with
1185           "My wired connection" name.
1186
1187       nmcli -p con up "My wired connection" ifname eth0
1188           activates the connection profile with name "My wired connection" on
1189           interface eth0. The -p option makes nmcli show progress of the
1190           activation.
1191
1192       nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
1193           connects the Wi-Fi connection with UUID
1194           6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
1195           00:3A:98:7C:42:D3.
1196
1197       nmcli device status
1198           shows the status for all devices.
1199
1200       nmcli dev down em2
1201           disconnects a connection on interface em2 and marks the device as
1202           unavailable for auto-connecting. As a result, no connection will
1203           automatically be activated on the device until the device's
1204           'autoconnect' is set to TRUE or the user manually activates a
1205           connection.
1206
1207       nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
1208           shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
1209           sections will be shown.
1210
1211       nmcli -f CONNECTIONS device show wlp3s0
1212           shows all available connection profiles for your Wi-Fi interface
1213           wlp3s0.
1214
1215       nmcli dev wifi
1216           lists available Wi-Fi access points known to NetworkManager.
1217
1218       nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
1219           creates a new connection named "My cafe" and then connects it to
1220           "Cafe Hotspot 1" SSID using password "caffeine". This is mainly
1221           useful when connecting to "Cafe Hotspot 1" for the first time. Next
1222           time, it is better to use nmcli con up id "My cafe" so that the
1223           existing connection profile can be used and no additional is
1224           created.
1225
1226       nmcli -s dev wifi hotspot con-name QuickHotspot
1227           creates a hotspot profile and connects it. Prints the hotspot
1228           password the user should use to connect to the hotspot from other
1229           devices.
1230
1231       nmcli dev modify em1 ipv4.method shared
1232           starts IPv4 connection sharing using em1 device. The sharing will
1233           be active until the device is disconnected.
1234
1235       nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de
1236           temporarily adds an IP address to a device. The address will be
1237           removed when the same connection is activated again.
1238
1239       nmcli connection add type ethernet autoconnect no ifname eth0
1240           non-interactively adds an Ethernet connection tied to eth0
1241           interface with automatic IP configuration (DHCP), and disables the
1242           connection's autoconnect flag.
1243
1244       nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
1245           non-interactively adds a VLAN connection with ID 55. The connection
1246           will use eth0 and the VLAN interface will be named Maxipes-fik.
1247
1248       nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method
1249       link-local
1250           non-interactively adds a connection that will use eth0 Ethernet
1251           interface and only have an IPv6 link-local address configured.
1252
1253       nmcli connection edit ethernet-em1-2
1254           edits existing "ethernet-em1-2" connection in the interactive
1255           editor.
1256
1257       nmcli connection edit type ethernet con-name "yet another Ethernet
1258       connection"
1259           adds a new Ethernet connection in the interactive editor.
1260
1261       nmcli con mod ethernet-2 connection.autoconnect no
1262           modifies 'autoconnect' property in the 'connection' setting of
1263           'ethernet-2' connection.
1264
1265       nmcli con mod "Home Wi-Fi" wifi.mtu 1350
1266           modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
1267           connection.
1268
1269       nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
1270       192.168.1.1, 10.10.1.5/8, 10.0.0.11"
1271           sets manual addressing and the addresses in em1-1 profile.
1272
1273       nmcli con modify ABC +ipv4.dns 8.8.8.8
1274           appends a Google public DNS server to DNS servers in ABC profile.
1275
1276       nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
1277           removes the specified IP address from (static) profile ABC.
1278
1279       nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn
1280           imports an OpenVPN configuration to NetworkManager.
1281
1282       nmcli con export corp-vpnc /home/joe/corpvpn.conf
1283           exports NetworkManager VPN profile corp-vpnc as standard Cisco
1284           (vpnc) configuration.
1285

NOTES

1287       nmcli accepts abbreviations, as long as they are a unique prefix in the
1288       set of possible options. As new options get added, these abbreviations
1289       are not guaranteed to stay unique. For scripting and long term
1290       compatibility it is therefore strongly advised to spell out the full
1291       option names.
1292

BUGS

1294       There are probably some bugs. If you find a bug, please report it to
1295       your distribution or upstream at
1296       https://gitlab.freedesktop.org/NetworkManager/NetworkManager.
1297

SEE ALSO

1299       nmcli-examples(7), nm-settings-nmcli(5), nm-online(1),
1300       NetworkManager(8), NetworkManager.conf(5), nm-applet(1), nm-connection-
1301       editor(1), terminal-colors.d(5).
1302
1303
1304
1305NetworkManager 1.42.8                                                 NMCLI(1)
Impressum