1NMCLI(1) General Commands Manual NMCLI(1)
2
6 nmcli - command-line tool for controlling NetworkManager
7
9 nmcli [OPTIONS...] {help | general | networking | radio | connection |
10 device | agent | monitor} [COMMAND] [ARGUMENTS...]
11
13 nmcli is a command-line tool for controlling NetworkManager and
14 reporting network status. It can be utilized as a replacement for
15 nm-applet or other graphical clients. nmcli is used to create,
16 display, edit, delete, activate, and deactivate network connections, as
17 well as control and display network device status. See nmcli-
18 examples(7) for ready to run nmcli examples.
19 Typical uses include:
21 • Scripts: Utilize NetworkManager via nmcli instead of managing
23 network connections manually. nmcli supports a terse output format
24 which is better suited for script processing. Note that
25 NetworkManager can also execute scripts, called "dispatcher
26 scripts", in response to network events. See NetworkManager(8) for
27 details about these dispatcher scripts.
28 • Servers, headless machines, and terminals: nmcli can be used to
30 control NetworkManager without a GUI, including creating, editing,
31 starting and stopping network connections and viewing network
32 status.
33
35 -a | --ask
36 When using this option nmcli will stop and ask for any missing
37 required arguments, so do not use this option for non-interactive
38 purposes like scripts. This option controls, for example, whether
39 you will be prompted for a password if it is required for
40 connecting to a network.
41 -c | --colors {yes | no | auto}
43 This option controls color output (using terminal escape
44 sequences). yes enables colors, no disables them, auto only
45 produces colors when standard output is directed to a terminal. The
46 default value is auto.
47 The actual colors used are configured as described in terminal-
49 colors.d(5). Please refer to the COLORS section for a list of color
50 names supported by nmcli.
51 If the environment variable NO_COLOR is set (to any value), then
53 coloring is disabled with mode "auto". Explicitly enabling coloring
54 overrides the environment variable.
55 --complete-args
57 Instead of conducting the desired action, nmcli will list possible
58 completions for the last argument. This is useful to implement
59 argument completion in shell.
60 The exit status will indicate success or return a code 65 to
62 indicate the last argument is a file name.
63 NetworkManager ships with command completion support for GNU Bash.
65 -e | --escape {yes | no}
67 Whether to escape : and \ characters in terse tabular mode. The
68 escape character is \.
69 If omitted, default is yes.
71 -f | --fields {field1,field2... | all | common}
73 This option is used to specify what fields (column names) should be
74 printed. Valid field names differ for specific commands. List
75 available fields by providing an invalid value to the --fields
76 option. all is used to print all valid field values of the
77 command. common is used to print common field values of the
78 command.
79 If omitted, default is common.
81 -g | --get-values {field1,field2... | all | common}
83 This option is used to print values from specific fields. It is
84 basically a shortcut for --mode tabular --terse --fields and is a
85 convenient way to retrieve values for particular fields. The values
86 are printed one per line without headers.
87 If a section is specified instead of a field, the section name will
89 be printed followed by colon separated values of the fields
90 belonging to that section, all on the same line.
91 -h | --help
93 Print help information.
94 -m | --mode {tabular | multiline}
96 Switch between tabular and multiline output:
97 tabular
99 Output is a table where each line describes a single entry.
100 Columns define particular properties of the entry.
101 multiline
103 Each entry comprises multiple lines, each property on its own
104 line. The values are prefixed with the property name.
105 If omitted, default is tabular for most commands. For the commands
107 producing more structured information, that cannot be displayed on
108 a single line, default is multiline. Currently, they are:
109 • nmcli connection show ID
111 • nmcli device show
113 -p | --pretty
115 Output is pretty. This causes nmcli to produce easily readable
116 outputs for humans, i.e. values are aligned, headers are printed,
117 etc.
118 -s | --show-secrets
120 When using this option nmcli will display passwords and secrets
121 that might be present in an output of an operation. This option
122 also influences echoing passwords typed by user as an input.
123 -t | --terse
125 Output is terse. This mode is designed and suitable for computer
126 (script) processing.
127 --offline
129 Work without a daemon. Makes connection add and connection modify
130 commands accept and produce connection data via standard
131 input/output. Ordinarily, nmcli would communicate with the
132 NetworkManager service.
133 The connection data format (keyfile) is described in nm-settings-
135 keyfile(5) manual.
136 -v | --version
138 Show nmcli version.
139 -w | --wait seconds
141 This option sets a timeout period for which nmcli will wait for
142 NetworkManager to finish operations. It is especially useful for
143 commands that may take a longer time to complete, e.g. connection
144 activation.
145 Specifying a value of 0 instructs nmcli not to wait but to exit
147 immediately with a status of success. The default value depends on
148 the executed command.
149
151 nmcli general {status | hostname | permissions | logging | reload}
152 [ARGUMENTS...]
153 Use this command to show NetworkManager status and permissions. You can
155 also get and change system hostname, as well as NetworkManager logging
156 level and domains.
157 status
159 Show overall status of NetworkManager. This is the default action,
160 when no additional command is provided for nmcli general.
161 hostname [hostname]
163 Get and change system hostname. With no arguments, this prints
164 currently configured hostname. When you pass a hostname, it will be
165 handed over to NetworkManager to be set as a new system hostname.
166 Note that the term "system" hostname may also be referred to as
168 "persistent" or "static" by other programs or tools. The hostname
169 is stored in /etc/hostname file in most distributions. For example,
170 systemd-hostnamed service uses the term "static" hostname and it
171 only reads the /etc/hostname file when it starts.
172 permissions
174 Show the permissions a caller has for various authenticated
175 operations that NetworkManager provides, like enable and disable
176 networking, changing Wi-Fi and WWAN state, modifying connections,
177 etc.
178 logging [level level] [domains domains...]
180 Get and change NetworkManager logging level and domains. Without
181 any argument current logging level and domains are shown. In order
182 to change logging state, provide level and, or, domain parameters.
183 See NetworkManager.conf(5) for available level and domain values.
184 reload [flags...]
186 Reload NetworkManager's configuration and perform certain updates,
187 like flushing caches or rewriting external state to disk. This is
188 similar to sending SIGHUP to NetworkManager but it allows for more
189 fine-grained control over what to reload through the flags
190 argument. It also allows non-root access via PolicyKit and contrary
191 to signals it is synchronous. Available flags are:
192 conf
194 Reload the NetworkManager.conf configuration from disk. Note
195 that this does not include connections, which can be reloaded
196 through nmcli connection reload instead.
197 dns-rc
199 Update DNS configuration, which usually involves writing
200 /etc/resolv.conf anew. This is equivalent to sending the
201 SIGUSR1 signal to the NetworkManager process.
202 dns-full
204 Restart the DNS plugin. This is for example useful when using
205 dnsmasq plugin, which uses additional configuration in
206 /etc/NetworkManager/dnsmasq.d. If you edit those files, you can
207 restart the DNS plugin. This action shortly interrupts name
208 resolution.
209 With no flags, everything that is supported is reloaded, which is
211 identical to sending a SIGHUP. See NetworkManager(8) for more
212 details about signals.
213
215 nmcli networking {on | off | connectivity} [ARGUMENTS...]
216 Query NetworkManager networking status, enable and disable networking.
218 on, off
220 Enable or disable networking control by NetworkManager. All
221 interfaces managed by NetworkManager are deactivated when
222 networking is disabled.
223 connectivity [check]
225 Get network connectivity state. The optional check argument tells
226 NetworkManager to re-check the connectivity, else the most recent
227 known connectivity state is displayed without re-checking.
228 Possible states are:
230 none
232 the host is not connected to any network.
233 portal
235 the host is behind a captive portal and cannot reach the full
236 Internet.
237 limited
239 the host is connected to a network, but it has no access to the
240 Internet.
241 full
243 the host is connected to a network and has full access to the
244 Internet.
245 unknown
247 the connectivity status cannot be found out.
248
250 nmcli radio {all | wifi | wwan} [ARGUMENTS...]
251 Show radio switches status, or enable and disable the switches.
253 wifi [on | off]
255 Show or set status of Wi-Fi in NetworkManager. If no arguments are
256 supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables
257 Wi-Fi.
258 wwan [on | off]
260 Show or set status of WWAN (mobile broadband) in NetworkManager. If
261 no arguments are supplied, mobile broadband status is printed; on
262 enables mobile broadband, off disables it.
263 all [on | off]
265 Show or set all previously mentioned radio switches at the same
266 time.
267
269 nmcli monitor
270 Observe NetworkManager activity. Watches for changes in connectivity
272 state, devices or connection profiles.
273 See also nmcli connection monitor and nmcli device monitor to watch for
275 changes in certain devices or connections.
276
278 nmcli connection {show | up | down | modify | add | edit | clone |
279 delete | monitor | reload | load | import | export |
280 migrate} [ARGUMENTS...]
281 NetworkManager stores all network configuration as "connections", which
283 are collections of data (Layer2 details, IP addressing, etc.) that
284 describe how to create or connect to a network. A connection is
285 "active" when a device uses that connection's configuration to create
286 or connect to a network. There may be multiple connections that apply
287 to a device, but only one of them can be active on that device at any
288 given time. The additional connections can be used to allow quick
289 switching between different networks and configurations.
290 Consider a machine which is usually connected to a DHCP-enabled
292 network, but sometimes connected to a testing network which uses static
293 IP addressing. Instead of manually reconfiguring eth0 each time the
294 network is changed, the settings can be saved as two connections which
295 both apply to eth0, one for DHCP (called default) and one with the
296 static addressing details (called testing). When connected to the
297 DHCP-enabled network the user would run nmcli con up default , and when
298 connected to the static network the user would run nmcli con up
299 testing.
300 show [--active] [--order [+-]category:...]
302 List in-memory and on-disk connection profiles, some of which may
303 also be active if a device is using that connection profile.
304 Without a parameter, all profiles are listed. When --active option
305 is specified, only the active profiles are shown.
306 The --order option can be used to get custom ordering of
308 connections. The connections can be ordered by active status
309 (active), name (name), type (type) or D-Bus path (path). If
310 connections are equal according to a sort order category, an
311 additional category can be specified. The default sorting order is
312 equivalent to --order active:name:path. + or no prefix means
313 sorting in ascending order (alphabetically or in numbers), - means
314 reverse (descending) order. The category names can be abbreviated
315 (e.g. --order -a:na).
316 show [--active] [id | uuid | path | apath] ID...
318 Show details for specified connections. By default, both static
319 configuration and active connection data are displayed. When
320 --active option is specified, only the active profiles are taken
321 into account. Use global --show-secrets option to display secrets
322 associated with the profile.
323 id, uuid, path and apath keywords can be used if ID is ambiguous.
325 Optional ID-specifying keywords are:
326 id
328 the ID denotes a connection name.
329 uuid
331 the ID denotes a connection UUID.
332 path
334 the ID denotes a D-Bus static connection path in the format of
335 /org/freedesktop/NetworkManager/Settings/num or just num.
336 apath
338 the ID denotes a D-Bus active connection path in the format of
339 /org/freedesktop/NetworkManager/ActiveConnection/num or just
340 num.
341 It is possible to filter the output using the global --fields
343 option. Use the following values:
344 profile
346 only shows static profile configuration.
347 active
349 only shows active connection data (when the profile is active).
350 You can also specify particular fields. For static configuration,
352 use setting and property names as described in nm-settings-nmcli(5)
353 manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6,
354 VPN.
355 When no command is given to the nmcli connection, the default
357 action is nmcli connection show.
358 up [id | uuid | path] ID [ifname ifname] [ap BSSID] [passwd-file file]
360 Activate a connection. The connection is identified by its name,
361 UUID or D-Bus path. If ID is ambiguous, a keyword id, uuid or path
362 can be used. When requiring a particular device to activate the
363 connection on, the ifname option with interface name should be
364 given. If the ID is not given an ifname is required, and
365 NetworkManager will activate the best available connection for the
366 given ifname. In case of a VPN connection, the ifname option
367 specifies the device of the base connection. The ap option specify
368 what particular AP should be used in case of a Wi-Fi connection.
369 If --wait option is not specified, the default timeout will be 90
371 seconds.
372 See connection show above for the description of the ID-specifying
374 keywords.
375 Available options are:
377 ifname
379 interface that will be used for activation.
380 ap
382 BSSID of the AP which the command should connect to (for Wi-Fi
383 connections).
384 passwd-file
386 some networks may require credentials during activation. You
387 can give these credentials using this option. Each line of the
388 file should contain one password in the form:
389 setting_name.property_name:the password
391 For example, for WPA Wi-Fi with PSK, the line would be
393 802-11-wireless-security.psk:secret12345
395 For 802.1X password, the line would be
397 802-1x.password:my 1X password
399 nmcli also accepts wifi-sec and wifi strings instead of
402 802-11-wireless-security. When NetworkManager requires a
403 password and it is not given, nmcli will ask for it when run
404 with --ask. If --ask was not passed, NetworkManager can ask
405 another secret agent that may be running (typically a GUI
406 secret agent, such as nm-applet or gnome-shell).
407 down [id | uuid | path | apath] ID...
409 Deactivate a connection from a device without preventing the device
410 from further auto-activation. Multiple connections can be passed to
411 the command.
412 Be aware that this command deactivates the specified active
414 connection, but the device on which the connection was active, is
415 still ready to connect and will perform auto-activation by looking
416 for a suitable connection that has the 'autoconnect' flag set. Note
417 that the deactivating connection profile is internally blocked from
418 autoconnecting again. Hence it will not autoconnect until reboot or
419 until the user performs an action that unblocks autoconnect, like
420 modifying the profile or explicitly activating it.
421 In most cases you may want to use device down command instead.
423 The connection is identified by its name, UUID or D-Bus path. If ID
425 is ambiguous, a keyword id, uuid, path or apath can be used.
426 See connection show above for the description of the ID-specifying
428 keywords.
429 If --wait option is not specified, the default timeout will be 10
431 seconds.
432 modify [--temporary] [id | uuid | path] [ID]
434 {option value | [+|-]setting.property value}...
435 Add, modify or remove properties in the connection profile.
436 To set the property just specify the property name followed by the
438 value. An empty value ("") resets the property value to the
439 default.
440 See nm-settings-nmcli(5) for complete reference of setting and
442 property names, their descriptions and default values. The setting
443 and property can be abbreviated provided they are unique.
444 If you want to append an item or a flag to the existing value, use
446 + prefix for the property name or alias. If you want to remove
447 items from a container-type or flag property, use - prefix. For
448 certain properties you can also remove elements by specifying the
449 zero-based index(es). The + and - modifiers only have a real effect
450 for properties that support them. These are for example multi-value
451 (container) properties or flags like ipv4.dns, ip4, ipv4.addresses,
452 bond.options, 802-1x.phase1-auth-flags etc.
453 The connection is identified by its name, UUID or D-Bus path. If ID
455 is ambiguous, a keyword id, uuid or path can be used. The ID is not
456 used with the global --offline option.
457 When the global --offline is used, the command reads the connection
459 from the standard input and prints the modified connection to
460 standard output instead of making the the NetworkManager daemon act
461 upon specified connection.
462 modify [--temporary] [id | uuid | path] ID remove setting
464 Removes a setting from the connection profile.
465 add [save {yes | no}] {option value | [+|-]setting.property value}...
467 Create a new connection using specified properties.
468 You need to describe the newly created connections with the
470 property and value pairs. See nm-settings-nmcli(5) for the complete
471 reference. The syntax is the same as of the nmcli connection modify
472 command.
473 To construct a meaningful connection you at the very least need to
475 set the connection.type property (or use the type alias) to one of
476 known NetworkManager connection types:
477 • 6lowpan
479 • 802-11-olpc-mesh (alias olpc-mesh)
481 • 802-11-wireless (alias wifi)
483 • 802-3-ethernet (alias ethernet)
485 • adsl
487 • bluetooth
489 • bond
491 • bond-slave (deprecated for ethernet with master)
493 • bridge
495 • bridge-slave (deprecated for ethernet with master)
497 • cdma
499 • dummy
501 • generic
503 • gsm
505 • infiniband
507 • ip-tunnel
509 • macsec
511 • macvlan
513 • olpc-mesh
515 • ovs-bridge
517 • ovs-dpdk
519 • ovs-interface
521 • ovs-patch
523 • ovs-port
525 • pppoe
527 • team
529 • team-slave (deprecated for ethernet with master)
531 • tun
533 • veth
535 • vlan
537 • vpn
539 • vrf
541 • vxlan
543 • wifi-p2p
545 • wimax
547 • wireguard
549 • wpan
551 The most typical uses are described in the EXAMPLES section.
553 Aside from the properties and values two special options are
555 accepted:
556 save
558 Controls whether the connection should be persistent, i.e.
559 NetworkManager should store it on disk (default: yes).
560 --
562 If a single -- argument is encountered it is ignored. This is
563 for compatibility with older versions on nmcli.
564 When the global --offline is used, the command prints the resulting
566 connection to standard output instead of actually adding the
567 connection via the NetworkManager daemon.
568 edit {[id | uuid | path] ID | [type type] [con-name name] }
570 Edit an existing connection or add a new one, using an interactive
571 editor.
572 The existing connection is identified by its name, UUID or D-Bus
574 path. If ID is ambiguous, a keyword id, uuid, or path can be used.
575 See connection show above for the description of the ID-specifying
576 keywords. Not providing an ID means that a new connection will be
577 added.
578 The interactive editor will guide you through the connection
580 editing and allow you to change connection parameters according to
581 your needs by means of a simple menu-driven interface. The editor
582 indicates what settings and properties can be modified and provides
583 in-line help.
584 Available options:
586 type
588 type of the new connection; valid types are the same as for
589 connection add command.
590 con-name
592 name for the new connection. It can be changed later in the
593 editor.
594 See also nm-settings-nmcli(5) for all NetworkManager settings and
596 property names, and their descriptions; and nmcli-examples(7) for
597 sample editor sessions.
598 clone [--temporary] [id | uuid | path] ID new_name
600 Clone a connection. The connection to be cloned is identified by
601 its name, UUID or D-Bus path. If ID is ambiguous, a keyword id,
602 uuid or path can be used. See connection show above for the
603 description of the ID-specifying keywords. new_name is the name of
604 the new cloned connection. The new connection will be the exact
605 copy except the connection.id (new_name) and connection.uuid
606 (generated) properties.
607 The new connection profile will be saved as persistent unless
609 --temporary option is specified, in which case the new profile
610 won't exist after NetworkManager restart.
611 delete [id | uuid | path] ID...
613 Delete a configured connection. The connection to be deleted is
614 identified by its name, UUID or D-Bus path. If ID is ambiguous, a
615 keyword id, uuid or path can be used. See connection show above for
616 the description of the ID-specifying keywords.
617 If --wait option is not specified, the default timeout will be 10
619 seconds.
620 monitor [id | uuid | path] ID...
622 Monitor connection profile activity. This command prints a line
623 whenever the specified connection changes. The connection to be
624 monitored is identified by its name, UUID or D-Bus path. If ID is
625 ambiguous, a keyword id, uuid or path can be used. See connection
626 show above for the description of the ID-specifying keywords.
627 Monitors all connection profiles in case none is specified. The
629 command terminates when all monitored connections disappear. If you
630 want to monitor connection creation consider using the global
631 monitor with nmcli monitor command.
632 reload
634 Reload all connection files from disk. NetworkManager does not
635 monitor changes to connection. So you need to use this command in
636 order to tell NetworkManager to re-read the connection profiles
637 from disk when a change was made to them.
638 load filename...
640 Load/reload one or more connection files from disk. Use this after
641 manually editing a connection file to ensure that NetworkManager is
642 aware of its latest state.
643 import [--temporary] type type file file
645 Import an external/foreign configuration as a NetworkManager
646 connection profile. The type of the input file is specified by type
647 option.
648 Only VPN configurations are supported at the moment. The
650 configuration is imported by NetworkManager VPN plugins. type
651 values are the same as for vpn-type option in nmcli connection add.
652 VPN configurations are imported by VPN plugins. Therefore the
653 proper VPN plugin has to be installed so that nmcli could import
654 the data.
655 The imported connection profile will be saved as persistent unless
657 --temporary option is specified, in which case the new profile
658 won't exist after NetworkManager restart.
659 export [id | uuid | path] ID [file]
661 Export a connection.
662 Only VPN connections are supported at the moment. A proper VPN
664 plugin has to be installed so that nmcli could export a connection.
665 If no file is provided, the VPN configuration data will be printed
666 to standard output.
667 migrate [--plugin plugin...] [id | uuid | path] [ID...]
669 Migrate connection profiles to a different settings plugin, such as
670 keyfile (default) or ifcfg-rh.
671 The connection to be migrated is identified by its name, UUID or
673 D-Bus path. If ID is ambiguous, a keyword id, uuid or path can be
674 used. See connection show above for the description of the
675 ID-specifying keywords.
676 If no connections are specified, the command acts on all available
678 connections. Therefore, with no arguments, the command migrates all
679 connection profiles to the keyfile plugin.
680 If --wait option is not specified, the default timeout will be 10
682 seconds.
683
685 nmcli device {status | show | set | up | connect | reapply | modify |
686 down | disconnect | delete | monitor | wifi | lldp |
687 checkpoint} [ARGUMENTS...]
688 Show and manage network interfaces.
690 status
692 Print status of devices.
693 This is the default action if no command is specified to nmcli
695 device.
696 show [ifname]
698 Show detailed information about devices. Without an argument, all
699 devices are examined. To get information for a specific device, the
700 interface name has to be provided.
701 set [ifname] ifname [autoconnect {yes | no}] [managed {yes | no}]
703 Set device properties.
704 up ifname
706 Connect the device. NetworkManager will try to find a suitable
707 connection that will be activated. It will also consider
708 connections that are not set to auto connect.
709 If no compatible connection exists, a new profile with default
711 settings will be created and activated. This differentiates nmcli
712 connection up ifname "$DEVICE" from nmcli device up "$DEVICE"
713 If --wait option is not specified, the default timeout will be 90
715 seconds.
716 connect ifname
718 Alias for command up. Before version 1.34.0 up was not supported.
719 reapply ifname
721 Attempt to update device with changes to the currently active
722 connection made since it was last applied.
723 modify ifname {option value | [+|-]setting.property value}...
725 Modify the settings currently active on the device.
726 This command lets you do temporary changes to a configuration
728 active on a particular device. The changes are not preserved in the
729 connection profile.
730 See nm-settings-nmcli(5) for the list of available properties.
732 Please note that some properties can't be changed on an already
733 connected device.
734 down ifname...
736 Disconnect a device and prevent the device from automatically
737 activating further connections without user/manual intervention.
738 Note that disconnecting software devices may mean that the devices
739 will disappear.
740 If --wait option is not specified, the default timeout will be 10
742 seconds.
743 disconnect ifname...
745 Alias for command down. Before version 1.34.0 down was not
746 supported.
747 delete ifname...
749 Delete a device. The command removes the interface from the system.
750 Note that this only works for software devices like bonds, bridges,
751 teams, etc. Hardware devices (like Ethernet) cannot be deleted by
752 the command.
753 If --wait option is not specified, the default timeout will be 10
755 seconds.
756 monitor [ifname...]
758 Monitor device activity. This command prints a line whenever the
759 specified devices change state.
760 Monitors all devices in case no interface is specified. The monitor
762 terminates when all specified devices disappear. If you want to
763 monitor device addition consider using the global monitor with
764 nmcli monitor command.
765 wifi [list [--rescan | auto | no | yes] [ifname ifname] [bssid BSSID]]
767 List available Wi-Fi access points. The ifname and bssid options
768 can be used to list APs for a particular interface or with a
769 specific BSSID, respectively.
770 By default, nmcli ensures that the access point list is no older
772 than 30 seconds and triggers a network scan if necessary. The
773 --rescan can be used to either force or disable the scan regardless
774 of how fresh the access point list is.
775 wifi connect (B)SSID [password password] [wep-key-type {key | phrase}]
777 [ifname ifname] [bssid BSSID] [name name] [private {yes | no}]
778 [hidden {yes | no}]
779 Connect to a Wi-Fi network specified by SSID or BSSID. The command
780 finds a matching connection or creates one and then activates it on
781 a device. This is a command-line counterpart of clicking an SSID in
782 a GUI client. If a connection for the network already exists, it is
783 possible to bring up (activate) the existing profile as follows:
784 nmcli con up id name. Note that only open, WEP and WPA-PSK networks
785 are supported if no previous connection exists. It is also assumed
786 that IP configuration is obtained via DHCP.
787 If --wait option is not specified, the default timeout will be 90
789 seconds.
790 Available options are:
792 password
794 password for secured networks (WEP or WPA).
795 wep-key-type
797 type of WEP secret, either key for ASCII/HEX key or phrase for
798 passphrase.
799 ifname
801 interface that will be used for activation.
802 bssid
804 if specified, the created connection will be restricted just
805 for the BSSID.
806 name
808 if specified, the connection will use the name (else NM creates
809 a name itself).
810 private
812 if set to yes, the connection will only be visible to the user
813 who created it. Otherwise, the connection is system-wide, which
814 is the default.
815 hidden
817 set to yes when connecting for the first time to an AP not
818 broadcasting its SSID. Otherwise, the SSID would not be found
819 and the connection attempt would fail.
820 wifi hotspot [ifname ifname] [con-name name] [ssid SSID]
822 [band {a | bg}] [channel channel] [password password]
823 Create a Wi-Fi hotspot. The command creates a hotspot connection
824 profile according to Wi-Fi device capabilities and activates it on
825 the device. The hotspot is secured with WPA if device/driver
826 supports that, otherwise WEP is used. Use connection down or device
827 down to stop the hotspot.
828 Parameters of the hotspot can be influenced by the optional
830 parameters:
831 ifname
833 what Wi-Fi device is used.
834 con-name
836 name of the created hotspot connection profile.
837 ssid
839 SSID of the hotspot.
840 band
842 Wi-Fi band to use.
843 channel
845 Wi-Fi channel to use.
846 password
848 password to use for the created hotspot. If not provided, nmcli
849 will generate a password. The password is either WPA pre-shared
850 key or WEP key.
851 Note that --show-secrets global option can be used to print the
853 hotspot password. It is useful especially when the password was
854 generated.
855 wifi rescan [ifname ifname] [ssid SSID...]
857 Request that NetworkManager immediately re-scan for available
858 access points. NetworkManager scans Wi-Fi networks periodically,
859 but in some cases it can be useful to start scanning manually (e.g.
860 after resuming the computer). By using ssid, it is possible to scan
861 for a specific SSID, which is useful for APs with hidden SSIDs. You
862 can provide multiple ssid parameters in order to scan more SSIDs.
863 This command does not show the APs, use nmcli device wifi list for
865 that.
866 wifi show-password [ifname ifname]
868 Show the details of the active Wi-Fi networks, including the
869 secrets.
870 lldp [list [ifname ifname]]
872 Display information about neighboring devices learned through the
873 Link Layer Discovery Protocol (LLDP). The ifname option can be used
874 to list neighbors only for a given interface. The protocol must be
875 enabled in the connection settings.
876 checkpoint [--timeout seconds] [ifname...] -- COMMAND...
878 Runs the command with a configuration checkpoint taken and asks for
879 a confirmation when finished. When the confirmation is not given,
880 the checkpoint is automatically restored after timeout.
881 This allows doing disruptive configuration changes over remote
883 connections with an option of restoring the network configuration
884 to a known good state in case of an error.
885 If the a list of interface names is specified, the checkpoint is
887 taken, the checkpoint is takes only on the specified devices.
888 Otherwise a checkpoint is taken for all devices.
889 Currently the timeout defaults to 15 seconds. This may change in a
891 future version.
892
894 nmcli agent {secret | polkit | all}
895 Run nmcli as a NetworkManager secret agent, or polkit agent.
897 secret
899 Register nmcli as a NetworkManager secret agent and listen for
900 secret requests. You usually do not need this command, because
901 nmcli can handle secrets when connecting to networks. However, you
902 may find the command useful when you use another tool for
903 activating connections and you do not have a secret agent available
904 (like nm-applet).
905 polkit
907 Register nmcli as a polkit agent for the user session and listen
908 for authorization requests. You do not usually need this command,
909 because nmcli can handle polkit actions related to NetworkManager
910 operations (when run with --ask). However, you may find the command
911 useful when you want to run a simple text based polkit agent and
912 you do not have an agent of a desktop environment. Note that
913 running this command makes nmcli handle all polkit requests, not
914 only NetworkManager related ones, because only one polkit agent can
915 run for the session.
916 all
918 Runs nmcli as both NetworkManager secret and a polkit agent.
919
921 Implicit coloring can be disabled by an empty file
922 /etc/terminal-colors.d/nmcli.disable.
923 See terminal-colors.d(5) for more details about colorization
925 configuration. The logical color names supported by nmcli are:
926 connection-activated
928 A connection that is active.
929 connection-activating
931 Connection that is being activated.
932 connection-disconnecting
934 Connection that is being disconnected.
935 connection-external
937 Connection representing configuration created externally to
938 NetworkManager.
939 connection-invisible
941 Connection whose details is the user not permitted to see.
942 connection-deprecated
944 Connection that uses deprecated settings. It might not be possible
945 to activate it.
946 connectivity-full
948 Connectivity state when Internet is reachable.
949 connectivity-limited
951 Connectivity state when only a local network reachable.
952 connectivity-none
954 Connectivity state when the network is disconnected.
955 connectivity-portal
957 Connectivity state when a captive portal hijacked the connection.
958 connectivity-unknown
960 Connectivity state when a connectivity check didn't run.
961 device-activated
963 Device that is connected.
964 device-activating
966 Device that is being configured.
967 device-disconnected
969 Device that is not connected.
970 device-external
972 Device configured externally to NetworkManager.
973 device-firmware-missing
975 Warning of a missing device firmware.
976 device-plugin-missing
978 Warning of a missing device plugin.
979 device-unavailable
981 Device that is not available for activation.
982 device-disabled
984 Device is disabled by software or hardware kill switch.
985 manager-running
987 Notice that the NetworkManager daemon is available.
988 manager-starting
990 Notice that the NetworkManager daemon is being initially connected.
991 manager-stopped
993 Notice that the NetworkManager daemon is not available.
994 permission-auth
996 An action that requires user authentication to get permission.
997 permission-no
999 An action that is not permitted.
1000 permission-yes
1002 An action that is permitted.
1003 prompt
1005 Prompt in interactive mode.
1006 state-asleep
1008 Indication that NetworkManager in suspended state.
1009 state-connected-global
1011 Indication that NetworkManager in connected to Internet.
1012 state-connected-local
1014 Indication that NetworkManager in local network.
1015 state-connected-site
1017 Indication that NetworkManager in connected to networks other than
1018 Internet.
1019 state-connecting
1021 Indication that NetworkManager is establishing a network
1022 connection.
1023 state-disconnected
1025 Indication that NetworkManager is disconnected from a network.
1026 state-disconnecting
1028 Indication that NetworkManager is being disconnected from a
1029 network.
1030 wifi-signal-excellent
1032 Wi-Fi network with an excellent signal level.
1033 wifi-signal-fair
1035 Wi-Fi network with a fair signal level.
1036 wifi-signal-good
1038 Wi-Fi network with a good signal level.
1039 wifi-signal-poor
1041 Wi-Fi network with a poor signal level.
1042 wifi-signal-unknown
1044 Wi-Fi network that hasn't been actually seen (a hidden AP).
1045 wifi-deprecated
1047 Wi-Fi network that might be impossible to connect to due to use of
1048 deprecated functionality.
1049 disabled
1051 A property that is turned off.
1052 enabled
1054 A property that is turned on.
1055
1057 nmcli's behavior is affected by the following environment variables.
1058 LC_ALL
1060 If set to a non-empty string value, it overrides the values of all
1061 the other internationalization variables.
1062 LC_MESSAGES
1064 Determines the locale to be used for internationalized messages.
1065 LANG
1067 Provides a default value for the internationalization variables
1068 that are unset or null.
1069 NO_COLOR
1071 Default to not producing colored and paged output. The --colors
1072 option, if used, takes precedence.
1073 PAGER
1075 Filter to pipe the output through if it doesn't fit on a screen.
1076 Can be a file name of an executable or a shell command. Empty
1077 string to disable the functionality.
1078 Note that the pager command is expected to handle wide characters
1080 and ANSI escape sequences for changing colors (unless they're
1081 disabled). nmcli sets up the environment variables LESS and
1082 LESSCHARSET appropriately for the less(1) pager, other pagers may
1083 or may not need extra configuration.
1084 If unspecified, pager(1), less(1) and more(1) will be tried (in
1086 that order).
1087 TERM
1089 Terminal type. If dumb, nmcli will not use a pager or produce ANSI
1090 escape sequences for coloring.
1091 Terminal types other than dumb are assumed to support ASCII escape
1093 sequences for setting the output color.
1094
1096 Be aware that nmcli is localized and that is why the output depends on
1097 your environment. This is important to realize especially when you
1098 parse the output.
1099 Call nmcli as LC_ALL=C nmcli to be sure the locale is set to C while
1101 executing in a script.
1102 LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale
1104 category (in that order), which determines the language that nmcli uses
1105 for messages. The C locale is used if none of these variables are set,
1106 and this locale uses English messages.
1107
1109 nmcli exits with status 0 if it succeeds, a value greater than 0 is
1110 returned if an error occurs.
1111 0
1113 Success – indicates the operation succeeded.
1114 1
1116 Unknown or unspecified error.
1117 2
1119 Invalid user input, wrong nmcli invocation.
1120 3
1122 Timeout expired (see --wait option).
1123 4
1125 Connection activation failed.
1126 5
1128 Connection deactivation failed.
1129 6
1131 Disconnecting device failed.
1132 7
1134 Connection deletion failed.
1135 8
1137 NetworkManager is not running.
1138 10
1140 Connection, device, or access point does not exist.
1141 65
1143 When used with --complete-args option, a file name is expected to
1144 follow.
1145
1147 This section presents various examples of nmcli usage. If you want even
1148 more, please refer to nmcli-examples(7) manual page.
1149 nmcli -t -f RUNNING general
1151 tells you whether NetworkManager is running or not.
1152 nmcli -t -f STATE general
1154 shows the overall status of NetworkManager.
1155 nmcli radio wifi off
1157 switches Wi-Fi off.
1158 nmcli connection show
1160 lists all connections NetworkManager has.
1161 nmcli -p -m multiline -f all con show
1163 shows all configured connections in multi-line mode.
1164 nmcli connection show --active
1166 lists all currently active connections.
1167 nmcli -f name,autoconnect c s
1169 shows all connection profile names and their auto-connect property.
1170 nmcli -p connection show "My default em1"
1172 shows details for "My default em1" connection profile.
1173 nmcli --show-secrets connection show "My Home Wi-Fi"
1175 shows details for "My Home Wi-Fi" connection profile with all
1176 passwords. Without --show-secrets option, secrets would not be
1177 displayed.
1178 nmcli -f active connection show "My default em1"
1180 shows details for "My default em1" active connection, like IP, DHCP
1181 information, etc.
1182 nmcli -f profile con s "My wired connection"
1184 shows static configuration details of the connection profile with
1185 "My wired connection" name.
1186 nmcli -p con up "My wired connection" ifname eth0
1188 activates the connection profile with name "My wired connection" on
1189 interface eth0. The -p option makes nmcli show progress of the
1190 activation.
1191 nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
1193 connects the Wi-Fi connection with UUID
1194 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
1195 00:3A:98:7C:42:D3.
1196 nmcli device status
1198 shows the status for all devices.
1199 nmcli dev down em2
1201 disconnects a connection on interface em2 and marks the device as
1202 unavailable for auto-connecting. As a result, no connection will
1203 automatically be activated on the device until the device's
1204 'autoconnect' is set to TRUE or the user manually activates a
1205 connection.
1206 nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
1208 shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
1209 sections will be shown.
1210 nmcli -f CONNECTIONS device show wlp3s0
1212 shows all available connection profiles for your Wi-Fi interface
1213 wlp3s0.
1214 nmcli dev wifi
1216 lists available Wi-Fi access points known to NetworkManager.
1217 nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
1219 creates a new connection named "My cafe" and then connects it to
1220 "Cafe Hotspot 1" SSID using password "caffeine". This is mainly
1221 useful when connecting to "Cafe Hotspot 1" for the first time. Next
1222 time, it is better to use nmcli con up id "My cafe" so that the
1223 existing connection profile can be used and no additional is
1224 created.
1225 nmcli -s dev wifi hotspot con-name QuickHotspot
1227 creates a hotspot profile and connects it. Prints the hotspot
1228 password the user should use to connect to the hotspot from other
1229 devices.
1230 nmcli dev modify em1 ipv4.method shared
1232 starts IPv4 connection sharing using em1 device. The sharing will
1233 be active until the device is disconnected.
1234 nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de
1236 temporarily adds an IP address to a device. The address will be
1237 removed when the same connection is activated again.
1238 nmcli connection add type ethernet autoconnect no ifname eth0
1240 non-interactively adds an Ethernet connection tied to eth0
1241 interface with automatic IP configuration (DHCP), and disables the
1242 connection's autoconnect flag.
1243 nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
1245 non-interactively adds a VLAN connection with ID 55. The connection
1246 will use eth0 and the VLAN interface will be named Maxipes-fik.
1247 nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method
1249 link-local
1250 non-interactively adds a connection that will use eth0 Ethernet
1251 interface and only have an IPv6 link-local address configured.
1252 nmcli connection edit ethernet-em1-2
1254 edits existing "ethernet-em1-2" connection in the interactive
1255 editor.
1256 nmcli connection edit type ethernet con-name "yet another Ethernet
1258 connection"
1259 adds a new Ethernet connection in the interactive editor.
1260 nmcli con mod ethernet-2 connection.autoconnect no
1262 modifies 'autoconnect' property in the 'connection' setting of
1263 'ethernet-2' connection.
1264 nmcli con mod "Home Wi-Fi" wifi.mtu 1350
1266 modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
1267 connection.
1268 nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
1270 192.168.1.1, 10.10.1.5/8, 10.0.0.11"
1271 sets manual addressing and the addresses in em1-1 profile.
1272 nmcli con modify ABC +ipv4.dns 8.8.8.8
1274 appends a Google public DNS server to DNS servers in ABC profile.
1275 nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
1277 removes the specified IP address from (static) profile ABC.
1278 nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn
1280 imports an OpenVPN configuration to NetworkManager.
1281 nmcli con export corp-vpnc /home/joe/corpvpn.conf
1283 exports NetworkManager VPN profile corp-vpnc as standard Cisco
1284 (vpnc) configuration.
1285
1287 nmcli accepts abbreviations, as long as they are a unique prefix in the
1288 set of possible options. As new options get added, these abbreviations
1289 are not guaranteed to stay unique. For scripting and long term
1290 compatibility it is therefore strongly advised to spell out the full
1291 option names.
1292
1294 There are probably some bugs. If you find a bug, please report it to
1295 your distribution or upstream at
1296 https://gitlab.freedesktop.org/NetworkManager/NetworkManager.
1297
1299 nmcli-examples(7), nm-settings-nmcli(5), nm-online(1),
1300 NetworkManager(8), NetworkManager.conf(5), nm-applet(1), nm-connection-
1301 editor(1), terminal-colors.d(5).
1302NetworkManager 1.42.8 NMCLI(1)