1NMCLI(1) General Commands Manual NMCLI(1)
2
6 nmcli - command-line tool for controlling NetworkManager
7
9 nmcli [OPTIONS...] {help | general | networking | radio | connection |
10 device | agent | monitor} [COMMAND] [ARGUMENTS...]
11
13 nmcli is a command-line tool for controlling NetworkManager and
14 reporting network status. It can be utilized as a replacement for
15 nm-applet or other graphical clients. nmcli is used to create,
16 display, edit, delete, activate, and deactivate network connections, as
17 well as control and display network device status. See nmcli-
18 examples(7) for ready to run nmcli examples.
19 Typical uses include:
21 • Scripts: Utilize NetworkManager via nmcli instead of managing
23 network connections manually. nmcli supports a terse output format
24 which is better suited for script processing. Note that
25 NetworkManager can also execute scripts, called "dispatcher
26 scripts", in response to network events. See NetworkManager(8) for
27 details about these dispatcher scripts.
28 • Servers, headless machines, and terminals: nmcli can be used to
30 control NetworkManager without a GUI, including creating, editing,
31 starting and stopping network connections and viewing network
32 status.
33
35 -a | --ask
36 When using this option nmcli will stop and ask for any missing
37 required arguments, so do not use this option for non-interactive
38 purposes like scripts. This option controls, for example, whether
39 you will be prompted for a password if it is required for
40 connecting to a network.
41 -c | --colors {yes | no | auto}
43 This option controls color output (using terminal escape
44 sequences). yes enables colors, no disables them, auto only
45 produces colors when standard output is directed to a terminal. The
46 default value is auto.
47 The actual colors used are configured as described in terminal-
49 colors.d(5). Please refer to the COLORS section for a list of color
50 names supported by nmcli.
51 If the environment variable NO_COLOR is set (to any non-empty
53 value), then coloring is disabled with mode "auto". If the
54 environment variable CLICOLOR_FORCE is set (to any non-empty
55 value), then coloring is enabled with mode "auto". Explicitly
56 enabling coloring overrides the environment variable.
57 --complete-args
59 Instead of conducting the desired action, nmcli will list possible
60 completions for the last argument. This is useful to implement
61 argument completion in shell.
62 The exit status will indicate success or return a code 65 to
64 indicate the last argument is a file name.
65 NetworkManager ships with command completion support for GNU Bash.
67 -e | --escape {yes | no}
69 Whether to escape : and \ characters in terse tabular mode. The
70 escape character is \.
71 If omitted, default is yes.
73 -f | --fields {field1,field2... | all | common}
75 This option is used to specify what fields (column names) should be
76 printed. Valid field names differ for specific commands. List
77 available fields by providing an invalid value to the --fields
78 option. all is used to print all valid field values of the
79 command. common is used to print common field values of the
80 command.
81 If omitted, default is common.
83 -g | --get-values {field1,field2... | all | common}
85 This option is used to print values from specific fields. It is
86 basically a shortcut for --mode tabular --terse --fields and is a
87 convenient way to retrieve values for particular fields. The values
88 are printed one per line without headers.
89 If a section is specified instead of a field, the section name will
91 be printed followed by colon separated values of the fields
92 belonging to that section, all on the same line.
93 -h | --help
95 Print help information.
96 -m | --mode {tabular | multiline}
98 Switch between tabular and multiline output:
99 tabular
101 Output is a table where each line describes a single entry.
102 Columns define particular properties of the entry.
103 multiline
105 Each entry comprises multiple lines, each property on its own
106 line. The values are prefixed with the property name.
107 If omitted, default is tabular for most commands. For the commands
109 producing more structured information, that cannot be displayed on
110 a single line, default is multiline. Currently, they are:
111 • nmcli connection show ID
113 • nmcli device show
115 -p | --pretty
117 Output is pretty. This causes nmcli to produce easily readable
118 outputs for humans, i.e. values are aligned, headers are printed,
119 etc.
120 -s | --show-secrets
122 When using this option nmcli will display passwords and secrets
123 that might be present in an output of an operation. This option
124 also influences echoing passwords typed by user as an input.
125 -t | --terse
127 Output is terse. This mode is designed and suitable for computer
128 (script) processing.
129 --offline
131 Work without a daemon. Makes connection add and connection modify
132 commands accept and produce connection data via standard
133 input/output. Ordinarily, nmcli would communicate with the
134 NetworkManager service.
135 The connection data format (keyfile) is described in nm-settings-
137 keyfile(5) manual.
138 -v | --version
140 Show nmcli version.
141 -w | --wait seconds
143 This option sets a timeout period for which nmcli will wait for
144 NetworkManager to finish operations. It is especially useful for
145 commands that may take a longer time to complete, e.g. connection
146 activation.
147 Specifying a value of 0 instructs nmcli not to wait but to exit
149 immediately with a status of success. The default value depends on
150 the executed command.
151
153 nmcli general {status | hostname | permissions | logging | reload}
154 [ARGUMENTS...]
155 Use this command to show NetworkManager status and permissions. You can
157 also get and change system hostname, as well as NetworkManager logging
158 level and domains.
159 status
161 Show overall status of NetworkManager. This is the default action,
162 when no additional command is provided for nmcli general.
163 hostname [hostname]
165 Get and change system hostname. With no arguments, this prints
166 currently configured hostname. When you pass a hostname, it will be
167 handed over to NetworkManager to be set as a new system hostname.
168 Note that the term "system" hostname may also be referred to as
170 "persistent" or "static" by other programs or tools. The hostname
171 is stored in /etc/hostname file in most distributions. For example,
172 systemd-hostnamed service uses the term "static" hostname and it
173 only reads the /etc/hostname file when it starts.
174 permissions
176 Show the permissions a caller has for various authenticated
177 operations that NetworkManager provides, like enable and disable
178 networking, changing Wi-Fi and WWAN state, modifying connections,
179 etc.
180 logging [level level] [domains domains...]
182 Get and change NetworkManager logging level and domains. Without
183 any argument current logging level and domains are shown. In order
184 to change logging state, provide level and, or, domain parameters.
185 See NetworkManager.conf(5) for available level and domain values.
186 reload [flags...]
188 Reload NetworkManager's configuration and perform certain updates,
189 like flushing caches or rewriting external state to disk. This is
190 similar to sending SIGHUP to NetworkManager but it allows for more
191 fine-grained control over what to reload through the flags
192 argument. It also allows non-root access via PolicyKit and contrary
193 to signals it is synchronous. Available flags are:
194 conf
196 Reload the NetworkManager.conf configuration from disk. Note
197 that this does not include connections, which can be reloaded
198 through nmcli connection reload instead.
199 dns-rc
201 Update DNS configuration, which usually involves writing
202 /etc/resolv.conf anew. This is equivalent to sending the
203 SIGUSR1 signal to the NetworkManager process.
204 dns-full
206 Restart the DNS plugin. This is for example useful when using
207 dnsmasq plugin, which uses additional configuration in
208 /etc/NetworkManager/dnsmasq.d. If you edit those files, you can
209 restart the DNS plugin. This action shortly interrupts name
210 resolution.
211 With no flags, everything that is supported is reloaded, which is
213 identical to sending a SIGHUP. See NetworkManager(8) for more
214 details about signals.
215
217 nmcli networking {on | off | connectivity} [ARGUMENTS...]
218 Query NetworkManager networking status, enable and disable networking.
220 on, off
222 Enable or disable networking control by NetworkManager. All
223 interfaces managed by NetworkManager are deactivated when
224 networking is disabled.
225 connectivity [check]
227 Get network connectivity state. The optional check argument tells
228 NetworkManager to re-check the connectivity, else the most recent
229 known connectivity state is displayed without re-checking.
230 Possible states are:
232 none
234 the host is not connected to any network.
235 portal
237 the host is behind a captive portal and cannot reach the full
238 Internet.
239 limited
241 the host is connected to a network, but it has no access to the
242 Internet.
243 full
245 the host is connected to a network and has full access to the
246 Internet.
247 unknown
249 the connectivity status cannot be found out.
250
252 nmcli radio {all | wifi | wwan} [ARGUMENTS...]
253 Show radio switches status, or enable and disable the switches.
255 wifi [on | off]
257 Show or set status of Wi-Fi in NetworkManager. If no arguments are
258 supplied, Wi-Fi status is printed; on enables Wi-Fi; off disables
259 Wi-Fi.
260 wwan [on | off]
262 Show or set status of WWAN (mobile broadband) in NetworkManager. If
263 no arguments are supplied, mobile broadband status is printed; on
264 enables mobile broadband, off disables it.
265 all [on | off]
267 Show or set all previously mentioned radio switches at the same
268 time.
269
271 nmcli monitor
272 Observe NetworkManager activity. Watches for changes in connectivity
274 state, devices or connection profiles.
275 See also nmcli connection monitor and nmcli device monitor to watch for
277 changes in certain devices or connections.
278
280 nmcli connection {show | up | down | modify | add | edit | clone |
281 delete | monitor | reload | load | import | export |
282 migrate} [ARGUMENTS...]
283 NetworkManager stores all network configuration as "connections", which
285 are collections of data (Layer2 details, IP addressing, etc.) that
286 describe how to create or connect to a network. A connection is
287 "active" when a device uses that connection's configuration to create
288 or connect to a network. There may be multiple connections that apply
289 to a device, but only one of them can be active on that device at any
290 given time. The additional connections can be used to allow quick
291 switching between different networks and configurations.
292 Consider a machine which is usually connected to a DHCP-enabled
294 network, but sometimes connected to a testing network which uses static
295 IP addressing. Instead of manually reconfiguring eth0 each time the
296 network is changed, the settings can be saved as two connections which
297 both apply to eth0, one for DHCP (called default) and one with the
298 static addressing details (called testing). When connected to the
299 DHCP-enabled network the user would run nmcli con up default , and when
300 connected to the static network the user would run nmcli con up
301 testing.
302 show [--active] [--order [+-]category:...]
304 List in-memory and on-disk connection profiles, some of which may
305 also be active if a device is using that connection profile.
306 Without a parameter, all profiles are listed. When --active option
307 is specified, only the active profiles are shown.
308 The --order option can be used to get custom ordering of
310 connections. The connections can be ordered by active status
311 (active), name (name), type (type) or D-Bus path (path). If
312 connections are equal according to a sort order category, an
313 additional category can be specified. The default sorting order is
314 equivalent to --order active:name:path. + or no prefix means
315 sorting in ascending order (alphabetically or in numbers), - means
316 reverse (descending) order. The category names can be abbreviated
317 (e.g. --order -a:na).
318 show [--active] [id | uuid | path | apath] ID...
320 Show details for specified connections. By default, both static
321 configuration and active connection data are displayed. When
322 --active option is specified, only the active profiles are taken
323 into account. Use global --show-secrets option to display secrets
324 associated with the profile.
325 id, uuid, path and apath keywords can be used if ID is ambiguous.
327 Optional ID-specifying keywords are:
328 id
330 the ID denotes a connection name.
331 uuid
333 the ID denotes a connection UUID.
334 path
336 the ID denotes a D-Bus static connection path in the format of
337 /org/freedesktop/NetworkManager/Settings/num or just num.
338 apath
340 the ID denotes a D-Bus active connection path in the format of
341 /org/freedesktop/NetworkManager/ActiveConnection/num or just
342 num.
343 It is possible to filter the output using the global --fields
345 option. Use the following values:
346 profile
348 only shows static profile configuration.
349 active
351 only shows active connection data (when the profile is active).
352 You can also specify particular fields. For static configuration,
354 use setting and property names as described in nm-settings-nmcli(5)
355 manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6,
356 VPN.
357 When no command is given to the nmcli connection, the default
359 action is nmcli connection show.
360 up [id | uuid | path] ID [ifname ifname] [ap BSSID] [passwd-file file]
362 Activate a connection. The connection is identified by its name,
363 UUID or D-Bus path. If ID is ambiguous, a keyword id, uuid or path
364 can be used. When requiring a particular device to activate the
365 connection on, the ifname option with interface name should be
366 given. If the ID is not given an ifname is required, and
367 NetworkManager will activate the best available connection for the
368 given ifname. In case of a VPN connection, the ifname option
369 specifies the device of the base connection. The ap option specify
370 what particular AP should be used in case of a Wi-Fi connection.
371 If --wait option is not specified, the default timeout will be 90
373 seconds.
374 See connection show above for the description of the ID-specifying
376 keywords.
377 Available options are:
379 ifname
381 interface that will be used for activation.
382 ap
384 BSSID of the AP which the command should connect to (for Wi-Fi
385 connections).
386 passwd-file
388 some networks may require credentials during activation. You
389 can give these credentials using this option. Each line of the
390 file should contain one password in the form:
391 setting_name.property_name:the password
393 For example, for WPA Wi-Fi with PSK, the line would be
395 802-11-wireless-security.psk:secret12345
397 For 802.1X password, the line would be
399 802-1x.password:my 1X password
401 nmcli also accepts wifi-sec and wifi strings instead of
404 802-11-wireless-security. When NetworkManager requires a
405 password and it is not given, nmcli will ask for it when run
406 with --ask. If --ask was not passed, NetworkManager can ask
407 another secret agent that may be running (typically a GUI
408 secret agent, such as nm-applet or gnome-shell).
409 down [id | uuid | path | apath] ID...
411 Deactivate a connection from a device without preventing the device
412 from further auto-activation. Multiple connections can be passed to
413 the command.
414 Be aware that this command deactivates the specified active
416 connection, but the device on which the connection was active, is
417 still ready to connect and will perform auto-activation by looking
418 for a suitable connection that has the 'autoconnect' flag set. Note
419 that the deactivating connection profile is internally blocked from
420 autoconnecting again. Hence it will not autoconnect until reboot or
421 until the user performs an action that unblocks autoconnect, like
422 modifying the profile or explicitly activating it.
423 In most cases you may want to use device down command instead.
425 The connection is identified by its name, UUID or D-Bus path. If ID
427 is ambiguous, a keyword id, uuid, path or apath can be used.
428 See connection show above for the description of the ID-specifying
430 keywords.
431 If --wait option is not specified, the default timeout will be 10
433 seconds.
434 modify [--temporary] [id | uuid | path] [ID]
436 {option value | [+|-]setting.property value}...
437 Add, modify or remove properties in the connection profile.
438 To set the property just specify the property name followed by the
440 value. An empty value ("") resets the property value to the
441 default.
442 See nm-settings-nmcli(5) for complete reference of setting and
444 property names, their descriptions and default values. The setting
445 and property can be abbreviated provided they are unique.
446 If you want to append an item or a flag to the existing value, use
448 + prefix for the property name or alias. If you want to remove
449 items from a container-type or flag property, use - prefix. For
450 certain properties you can also remove elements by specifying the
451 zero-based index(es). The + and - modifiers only have a real effect
452 for properties that support them. These are for example multi-value
453 (container) properties or flags like ipv4.dns, ip4, ipv4.addresses,
454 bond.options, 802-1x.phase1-auth-flags etc.
455 The connection is identified by its name, UUID or D-Bus path. If ID
457 is ambiguous, a keyword id, uuid or path can be used. The ID is not
458 used with the global --offline option.
459 When the global --offline is used, the command reads the connection
461 from the standard input and prints the modified connection to
462 standard output instead of making the the NetworkManager daemon act
463 upon specified connection.
464 modify [--temporary] [id | uuid | path] ID remove setting
466 Removes a setting from the connection profile.
467 add [save {yes | no}] {option value | [+|-]setting.property value}...
469 Create a new connection using specified properties.
470 You need to describe the newly created connections with the
472 property and value pairs. See nm-settings-nmcli(5) for the complete
473 reference. The syntax is the same as of the nmcli connection modify
474 command.
475 To construct a meaningful connection you at the very least need to
477 set the connection.type property (or use the type alias) to one of
478 known NetworkManager connection types:
479 • 6lowpan
481 • 802-11-olpc-mesh (alias olpc-mesh)
483 • 802-11-wireless (alias wifi)
485 • 802-3-ethernet (alias ethernet)
487 • adsl
489 • bluetooth
491 • bond
493 • bond-slave (deprecated for ethernet with master)
495 • bridge
497 • bridge-slave (deprecated for ethernet with master)
499 • cdma
501 • dummy
503 • generic
505 • gsm
507 • infiniband
509 • ip-tunnel
511 • macsec
513 • macvlan
515 • olpc-mesh
517 • ovs-bridge
519 • ovs-dpdk
521 • ovs-interface
523 • ovs-patch
525 • ovs-port
527 • pppoe
529 • team
531 • team-slave (deprecated for ethernet with master)
533 • tun
535 • veth
537 • vlan
539 • vpn
541 • vrf
543 • vxlan
545 • wifi-p2p
547 • wimax
549 • wireguard
551 • wpan
553 The most typical uses are described in the EXAMPLES section.
555 Aside from the properties and values two special options are
557 accepted:
558 save
560 Controls whether the connection should be persistent, i.e.
561 NetworkManager should store it on disk (default: yes).
562 --
564 If a single -- argument is encountered it is ignored. This is
565 for compatibility with older versions on nmcli.
566 When the global --offline is used, the command prints the resulting
568 connection to standard output instead of actually adding the
569 connection via the NetworkManager daemon.
570 edit {[id | uuid | path] ID | [type type] [con-name name] }
572 Edit an existing connection or add a new one, using an interactive
573 editor.
574 The existing connection is identified by its name, UUID or D-Bus
576 path. If ID is ambiguous, a keyword id, uuid, or path can be used.
577 See connection show above for the description of the ID-specifying
578 keywords. Not providing an ID means that a new connection will be
579 added.
580 The interactive editor will guide you through the connection
582 editing and allow you to change connection parameters according to
583 your needs by means of a simple menu-driven interface. The editor
584 indicates what settings and properties can be modified and provides
585 in-line help.
586 Available options:
588 type
590 type of the new connection; valid types are the same as for
591 connection add command.
592 con-name
594 name for the new connection. It can be changed later in the
595 editor.
596 See also nm-settings-nmcli(5) for all NetworkManager settings and
598 property names, and their descriptions; and nmcli-examples(7) for
599 sample editor sessions.
600 clone [--temporary] [id | uuid | path] ID new_name
602 Clone a connection. The connection to be cloned is identified by
603 its name, UUID or D-Bus path. If ID is ambiguous, a keyword id,
604 uuid or path can be used. See connection show above for the
605 description of the ID-specifying keywords. new_name is the name of
606 the new cloned connection. The new connection will be the exact
607 copy except the connection.id (new_name) and connection.uuid
608 (generated) properties.
609 The new connection profile will be saved as persistent unless
611 --temporary option is specified, in which case the new profile
612 won't exist after NetworkManager restart.
613 delete [id | uuid | path] ID...
615 Delete a configured connection. The connection to be deleted is
616 identified by its name, UUID or D-Bus path. If ID is ambiguous, a
617 keyword id, uuid or path can be used. See connection show above for
618 the description of the ID-specifying keywords.
619 If --wait option is not specified, the default timeout will be 10
621 seconds.
622 monitor [id | uuid | path] ID...
624 Monitor connection profile activity. This command prints a line
625 whenever the specified connection changes. The connection to be
626 monitored is identified by its name, UUID or D-Bus path. If ID is
627 ambiguous, a keyword id, uuid or path can be used. See connection
628 show above for the description of the ID-specifying keywords.
629 Monitors all connection profiles in case none is specified. The
631 command terminates when all monitored connections disappear. If you
632 want to monitor connection creation consider using the global
633 monitor with nmcli monitor command.
634 reload
636 Reload all connection files from disk. NetworkManager does not
637 monitor changes to connection. So you need to use this command in
638 order to tell NetworkManager to re-read the connection profiles
639 from disk when a change was made to them.
640 load filename...
642 Load/reload one or more connection files from disk. Use this after
643 manually editing a connection file to ensure that NetworkManager is
644 aware of its latest state.
645 import [--temporary] type type file file
647 Import an external/foreign configuration as a NetworkManager
648 connection profile. The type of the input file is specified by type
649 option.
650 Only VPN configurations are supported at the moment. The
652 configuration is imported by NetworkManager VPN plugins. type
653 values are the same as for vpn-type option in nmcli connection add.
654 VPN configurations are imported by VPN plugins. Therefore the
655 proper VPN plugin has to be installed so that nmcli could import
656 the data.
657 The imported connection profile will be saved as persistent unless
659 --temporary option is specified, in which case the new profile
660 won't exist after NetworkManager restart.
661 export [id | uuid | path] ID [file]
663 Export a connection.
664 Only VPN connections are supported at the moment. A proper VPN
666 plugin has to be installed so that nmcli could export a connection.
667 If no file is provided, the VPN configuration data will be printed
668 to standard output.
669 migrate [--plugin plugin...] [id | uuid | path] [ID...]
671 Migrate connection profiles to a different settings plugin, such as
672 keyfile (default) or ifcfg-rh.
673 The connection to be migrated is identified by its name, UUID or
675 D-Bus path. If ID is ambiguous, a keyword id, uuid or path can be
676 used. See connection show above for the description of the
677 ID-specifying keywords.
678 If no connections are specified, the command acts on all available
680 connections. Therefore, with no arguments, the command migrates all
681 connection profiles to the keyfile plugin.
682 If --wait option is not specified, the default timeout will be 10
684 seconds.
685
687 nmcli device {status | show | set | up | connect | reapply | modify |
688 down | disconnect | delete | monitor | wifi | lldp |
689 checkpoint} [ARGUMENTS...]
690 Show and manage network interfaces.
692 status
694 Print status of devices.
695 This is the default action if no command is specified to nmcli
697 device.
698 show [ifname]
700 Show detailed information about devices. Without an argument, all
701 devices are examined. To get information for a specific device, the
702 interface name has to be provided.
703 set [ifname] ifname [autoconnect {yes | no}] [managed {yes | no}]
705 Set device properties.
706 up ifname
708 Connect the device. NetworkManager will try to find a suitable
709 connection that will be activated. It will also consider
710 connections that are not set to auto connect.
711 If no compatible connection exists, a new profile with default
713 settings will be created and activated. This differentiates nmcli
714 connection up ifname "$DEVICE" from nmcli device up "$DEVICE"
715 If --wait option is not specified, the default timeout will be 90
717 seconds.
718 connect ifname
720 Alias for command up. Before version 1.34.0 up was not supported.
721 reapply ifname
723 Attempt to update device with changes to the currently active
724 connection made since it was last applied.
725 modify ifname {option value | [+|-]setting.property value}...
727 Modify the settings currently active on the device.
728 This command lets you do temporary changes to a configuration
730 active on a particular device. The changes are not preserved in the
731 connection profile.
732 See nm-settings-nmcli(5) for the list of available properties.
734 Please note that some properties can't be changed on an already
735 connected device.
736 down ifname...
738 Disconnect a device and prevent the device from automatically
739 activating further connections without user/manual intervention.
740 Note that disconnecting software devices may mean that the devices
741 will disappear.
742 If --wait option is not specified, the default timeout will be 10
744 seconds.
745 disconnect ifname...
747 Alias for command down. Before version 1.34.0 down was not
748 supported.
749 delete ifname...
751 Delete a device. The command removes the interface from the system.
752 Note that this only works for software devices like bonds, bridges,
753 teams, etc. Hardware devices (like Ethernet) cannot be deleted by
754 the command.
755 If --wait option is not specified, the default timeout will be 10
757 seconds.
758 monitor [ifname...]
760 Monitor device activity. This command prints a line whenever the
761 specified devices change state.
762 Monitors all devices in case no interface is specified. The monitor
764 terminates when all specified devices disappear. If you want to
765 monitor device addition consider using the global monitor with
766 nmcli monitor command.
767 wifi [list [--rescan | auto | no | yes] [ifname ifname] [bssid BSSID]]
769 List available Wi-Fi access points. The ifname and bssid options
770 can be used to list APs for a particular interface or with a
771 specific BSSID, respectively.
772 By default, nmcli ensures that the access point list is no older
774 than 30 seconds and triggers a network scan if necessary. The
775 --rescan can be used to either force or disable the scan regardless
776 of how fresh the access point list is.
777 wifi connect (B)SSID [password password] [wep-key-type {key | phrase}]
779 [ifname ifname] [bssid BSSID] [name name] [private {yes | no}]
780 [hidden {yes | no}]
781 Connect to a Wi-Fi network specified by SSID or BSSID. The command
782 finds a matching connection or creates one and then activates it on
783 a device. This is a command-line counterpart of clicking an SSID in
784 a GUI client. If a connection for the network already exists, it is
785 possible to bring up (activate) the existing profile as follows:
786 nmcli con up id name. Note that only open, WEP and WPA-PSK networks
787 are supported if no previous connection exists. It is also assumed
788 that IP configuration is obtained via DHCP.
789 If --wait option is not specified, the default timeout will be 90
791 seconds.
792 Available options are:
794 password
796 password for secured networks (WEP or WPA).
797 wep-key-type
799 type of WEP secret, either key for ASCII/HEX key or phrase for
800 passphrase.
801 ifname
803 interface that will be used for activation.
804 bssid
806 if specified, the created connection will be restricted just
807 for the BSSID.
808 name
810 if specified, the connection will use the name (else NM creates
811 a name itself).
812 private
814 if set to yes, the connection will only be visible to the user
815 who created it. Otherwise, the connection is system-wide, which
816 is the default.
817 hidden
819 set to yes when connecting for the first time to an AP not
820 broadcasting its SSID. Otherwise, the SSID would not be found
821 and the connection attempt would fail.
822 wifi hotspot [ifname ifname] [con-name name] [ssid SSID]
824 [band {a | bg}] [channel channel] [password password]
825 Create a Wi-Fi hotspot. The command creates a hotspot connection
826 profile according to Wi-Fi device capabilities and activates it on
827 the device. The hotspot is secured with WPA if device/driver
828 supports that, otherwise WEP is used. Use connection down or device
829 down to stop the hotspot.
830 Parameters of the hotspot can be influenced by the optional
832 parameters:
833 ifname
835 what Wi-Fi device is used.
836 con-name
838 name of the created hotspot connection profile.
839 ssid
841 SSID of the hotspot.
842 band
844 Wi-Fi band to use.
845 channel
847 Wi-Fi channel to use.
848 password
850 password to use for the created hotspot. If not provided, nmcli
851 will generate a password. The password is either WPA pre-shared
852 key or WEP key.
853 Note that --show-secrets global option can be used to print the
855 hotspot password. It is useful especially when the password was
856 generated.
857 wifi rescan [ifname ifname] [ssid SSID...]
859 Request that NetworkManager immediately re-scan for available
860 access points. NetworkManager scans Wi-Fi networks periodically,
861 but in some cases it can be useful to start scanning manually (e.g.
862 after resuming the computer). By using ssid, it is possible to scan
863 for a specific SSID, which is useful for APs with hidden SSIDs. You
864 can provide multiple ssid parameters in order to scan more SSIDs.
865 This command does not show the APs, use nmcli device wifi list for
867 that.
868 wifi show-password [ifname ifname]
870 Show the details of the active Wi-Fi networks, including the
871 secrets.
872 lldp [list [ifname ifname]]
874 Display information about neighboring devices learned through the
875 Link Layer Discovery Protocol (LLDP). The ifname option can be used
876 to list neighbors only for a given interface. The protocol must be
877 enabled in the connection settings.
878 checkpoint [--timeout seconds] [ifname...] -- COMMAND...
880 Runs the command with a configuration checkpoint taken and asks for
881 a confirmation when finished. When the confirmation is not given,
882 the checkpoint is automatically restored after timeout.
883 This allows doing disruptive configuration changes over remote
885 connections with an option of restoring the network configuration
886 to a known good state in case of an error.
887 If the a list of interface names is specified, the checkpoint is
889 taken, the checkpoint is takes only on the specified devices.
890 Otherwise a checkpoint is taken for all devices.
891 Currently the timeout defaults to 15 seconds. This may change in a
893 future version.
894
896 nmcli agent {secret | polkit | all}
897 Run nmcli as a NetworkManager secret agent, or polkit agent.
899 secret
901 Register nmcli as a NetworkManager secret agent and listen for
902 secret requests. You usually do not need this command, because
903 nmcli can handle secrets when connecting to networks. However, you
904 may find the command useful when you use another tool for
905 activating connections and you do not have a secret agent available
906 (like nm-applet).
907 polkit
909 Register nmcli as a polkit agent for the user session and listen
910 for authorization requests. You do not usually need this command,
911 because nmcli can handle polkit actions related to NetworkManager
912 operations (when run with --ask). However, you may find the command
913 useful when you want to run a simple text based polkit agent and
914 you do not have an agent of a desktop environment. Note that
915 running this command makes nmcli handle all polkit requests, not
916 only NetworkManager related ones, because only one polkit agent can
917 run for the session.
918 all
920 Runs nmcli as both NetworkManager secret and a polkit agent.
921
923 Implicit coloring can be disabled by an empty file
924 /etc/terminal-colors.d/nmcli.disable.
925 See terminal-colors.d(5) for more details about colorization
927 configuration. The logical color names supported by nmcli are:
928 connection-activated
930 A connection that is active.
931 connection-activating
933 Connection that is being activated.
934 connection-disconnecting
936 Connection that is being disconnected.
937 connection-external
939 Connection representing configuration created externally to
940 NetworkManager.
941 connection-invisible
943 Connection whose details is the user not permitted to see.
944 connection-deprecated
946 Connection that uses deprecated settings. It might not be possible
947 to activate it.
948 connectivity-full
950 Connectivity state when Internet is reachable.
951 connectivity-limited
953 Connectivity state when only a local network reachable.
954 connectivity-none
956 Connectivity state when the network is disconnected.
957 connectivity-portal
959 Connectivity state when a captive portal hijacked the connection.
960 connectivity-unknown
962 Connectivity state when a connectivity check didn't run.
963 device-activated
965 Device that is connected.
966 device-activating
968 Device that is being configured.
969 device-disconnected
971 Device that is not connected.
972 device-external
974 Device configured externally to NetworkManager.
975 device-firmware-missing
977 Warning of a missing device firmware.
978 device-plugin-missing
980 Warning of a missing device plugin.
981 device-unavailable
983 Device that is not available for activation.
984 device-disabled
986 Device is disabled by software or hardware kill switch.
987 manager-running
989 Notice that the NetworkManager daemon is available.
990 manager-starting
992 Notice that the NetworkManager daemon is being initially connected.
993 manager-stopped
995 Notice that the NetworkManager daemon is not available.
996 permission-auth
998 An action that requires user authentication to get permission.
999 permission-no
1001 An action that is not permitted.
1002 permission-yes
1004 An action that is permitted.
1005 prompt
1007 Prompt in interactive mode.
1008 state-asleep
1010 Indication that NetworkManager in suspended state.
1011 state-connected-global
1013 Indication that NetworkManager in connected to Internet.
1014 state-connected-local
1016 Indication that NetworkManager in local network.
1017 state-connected-site
1019 Indication that NetworkManager in connected to networks other than
1020 Internet.
1021 state-connecting
1023 Indication that NetworkManager is establishing a network
1024 connection.
1025 state-disconnected
1027 Indication that NetworkManager is disconnected from a network.
1028 state-disconnecting
1030 Indication that NetworkManager is being disconnected from a
1031 network.
1032 wifi-signal-excellent
1034 Wi-Fi network with an excellent signal level.
1035 wifi-signal-fair
1037 Wi-Fi network with a fair signal level.
1038 wifi-signal-good
1040 Wi-Fi network with a good signal level.
1041 wifi-signal-poor
1043 Wi-Fi network with a poor signal level.
1044 wifi-signal-unknown
1046 Wi-Fi network that hasn't been actually seen (a hidden AP).
1047 wifi-deprecated
1049 Wi-Fi network that might be impossible to connect to due to use of
1050 deprecated functionality.
1051 disabled
1053 A property that is turned off.
1054 enabled
1056 A property that is turned on.
1057
1059 nmcli's behavior is affected by the following environment variables.
1060 LC_ALL
1062 If set to a non-empty string value, it overrides the values of all
1063 the other internationalization variables.
1064 LC_MESSAGES
1066 Determines the locale to be used for internationalized messages.
1067 LANG
1069 Provides a default value for the internationalization variables
1070 that are unset or null.
1071 NO_COLOR
1073 Default to not producing colored and paged output. The --colors
1074 option, if used, takes precedence.
1075 PAGER
1077 Filter to pipe the output through if it doesn't fit on a screen.
1078 Can be a file name of an executable or a shell command. Empty
1079 string to disable the functionality.
1080 Note that the pager command is expected to handle wide characters
1082 and ANSI escape sequences for changing colors (unless they're
1083 disabled). nmcli sets up the environment variables LESS and
1084 LESSCHARSET appropriately for the less(1) pager, other pagers may
1085 or may not need extra configuration.
1086 If unspecified, pager(1), less(1) and more(1) will be tried (in
1088 that order).
1089 TERM
1091 Terminal type. If dumb, nmcli will not use a pager or produce ANSI
1092 escape sequences for coloring.
1093 Terminal types other than dumb are assumed to support ASCII escape
1095 sequences for setting the output color.
1096
1098 Be aware that nmcli is localized and that is why the output depends on
1099 your environment. This is important to realize especially when you
1100 parse the output.
1101 Call nmcli as LC_ALL=C nmcli to be sure the locale is set to C while
1103 executing in a script.
1104 LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale
1106 category (in that order), which determines the language that nmcli uses
1107 for messages. The C locale is used if none of these variables are set,
1108 and this locale uses English messages.
1109
1111 nmcli exits with status 0 if it succeeds, a value greater than 0 is
1112 returned if an error occurs.
1113 0
1115 Success – indicates the operation succeeded.
1116 1
1118 Unknown or unspecified error.
1119 2
1121 Invalid user input, wrong nmcli invocation.
1122 3
1124 Timeout expired (see --wait option).
1125 4
1127 Connection activation failed.
1128 5
1130 Connection deactivation failed.
1131 6
1133 Disconnecting device failed.
1134 7
1136 Connection deletion failed.
1137 8
1139 NetworkManager is not running.
1140 10
1142 Connection, device, or access point does not exist.
1143 65
1145 When used with --complete-args option, a file name is expected to
1146 follow.
1147
1149 This section presents various examples of nmcli usage. If you want even
1150 more, please refer to nmcli-examples(7) manual page.
1151 nmcli -t -f RUNNING general
1153 tells you whether NetworkManager is running or not.
1154 nmcli -t -f STATE general
1156 shows the overall status of NetworkManager.
1157 nmcli radio wifi off
1159 switches Wi-Fi off.
1160 nmcli connection show
1162 lists all connections NetworkManager has.
1163 nmcli -p -m multiline -f all con show
1165 shows all configured connections in multi-line mode.
1166 nmcli connection show --active
1168 lists all currently active connections.
1169 nmcli -f name,autoconnect c s
1171 shows all connection profile names and their auto-connect property.
1172 nmcli -p connection show "My default em1"
1174 shows details for "My default em1" connection profile.
1175 nmcli --show-secrets connection show "My Home Wi-Fi"
1177 shows details for "My Home Wi-Fi" connection profile with all
1178 passwords. Without --show-secrets option, secrets would not be
1179 displayed.
1180 nmcli -f active connection show "My default em1"
1182 shows details for "My default em1" active connection, like IP, DHCP
1183 information, etc.
1184 nmcli -f profile con s "My wired connection"
1186 shows static configuration details of the connection profile with
1187 "My wired connection" name.
1188 nmcli -p con up "My wired connection" ifname eth0
1190 activates the connection profile with name "My wired connection" on
1191 interface eth0. The -p option makes nmcli show progress of the
1192 activation.
1193 nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
1195 connects the Wi-Fi connection with UUID
1196 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
1197 00:3A:98:7C:42:D3.
1198 nmcli device status
1200 shows the status for all devices.
1201 nmcli dev down em2
1203 disconnects a connection on interface em2 and marks the device as
1204 unavailable for auto-connecting. As a result, no connection will
1205 automatically be activated on the device until the device's
1206 'autoconnect' is set to TRUE or the user manually activates a
1207 connection.
1208 nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
1210 shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
1211 sections will be shown.
1212 nmcli -f CONNECTIONS device show wlp3s0
1214 shows all available connection profiles for your Wi-Fi interface
1215 wlp3s0.
1216 nmcli dev wifi
1218 lists available Wi-Fi access points known to NetworkManager.
1219 nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
1221 creates a new connection named "My cafe" and then connects it to
1222 "Cafe Hotspot 1" SSID using password "caffeine". This is mainly
1223 useful when connecting to "Cafe Hotspot 1" for the first time. Next
1224 time, it is better to use nmcli con up id "My cafe" so that the
1225 existing connection profile can be used and no additional is
1226 created.
1227 nmcli -s dev wifi hotspot con-name QuickHotspot
1229 creates a hotspot profile and connects it. Prints the hotspot
1230 password the user should use to connect to the hotspot from other
1231 devices.
1232 nmcli dev modify em1 ipv4.method shared
1234 starts IPv4 connection sharing using em1 device. The sharing will
1235 be active until the device is disconnected.
1236 nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de
1238 temporarily adds an IP address to a device. The address will be
1239 removed when the same connection is activated again.
1240 nmcli connection add type ethernet autoconnect no ifname eth0
1242 non-interactively adds an Ethernet connection tied to eth0
1243 interface with automatic IP configuration (DHCP), and disables the
1244 connection's autoconnect flag.
1245 nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
1247 non-interactively adds a VLAN connection with ID 55. The connection
1248 will use eth0 and the VLAN interface will be named Maxipes-fik.
1249 nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method
1251 link-local
1252 non-interactively adds a connection that will use eth0 Ethernet
1253 interface and only have an IPv6 link-local address configured.
1254 nmcli connection edit ethernet-em1-2
1256 edits existing "ethernet-em1-2" connection in the interactive
1257 editor.
1258 nmcli connection edit type ethernet con-name "yet another Ethernet
1260 connection"
1261 adds a new Ethernet connection in the interactive editor.
1262 nmcli con mod ethernet-2 connection.autoconnect no
1264 modifies 'autoconnect' property in the 'connection' setting of
1265 'ethernet-2' connection.
1266 nmcli con mod "Home Wi-Fi" wifi.mtu 1350
1268 modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
1269 connection.
1270 nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
1272 192.168.1.1, 10.10.1.5/8, 10.0.0.11"
1273 sets manual addressing and the addresses in em1-1 profile.
1274 nmcli con modify ABC +ipv4.dns 8.8.8.8
1276 appends a Google public DNS server to DNS servers in ABC profile.
1277 nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
1279 removes the specified IP address from (static) profile ABC.
1280 nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn
1282 imports an OpenVPN configuration to NetworkManager.
1283 nmcli con export corp-vpnc /home/joe/corpvpn.conf
1285 exports NetworkManager VPN profile corp-vpnc as standard Cisco
1286 (vpnc) configuration.
1287
1289 nmcli accepts abbreviations, as long as they are a unique prefix in the
1290 set of possible options. As new options get added, these abbreviations
1291 are not guaranteed to stay unique. For scripting and long term
1292 compatibility it is therefore strongly advised to spell out the full
1293 option names.
1294
1296 There are probably some bugs. If you find a bug, please report it to
1297 your distribution or upstream at
1298 https://gitlab.freedesktop.org/NetworkManager/NetworkManager.
1299
1301 nmcli-examples(7), nm-settings-nmcli(5), nm-online(1),
1302 NetworkManager(8), NetworkManager.conf(5), nm-applet(1), nm-connection-
1303 editor(1), terminal-colors.d(5).
1304NetworkManager 1.44.2 NMCLI(1)