man--nmcli
NMCLI(1) General Commands Manual NMCLI(1)
NAME
nmcli - command-line tool for controlling NetworkManager
SYNOPSIS
nmcli [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { general | networking | radio | connection | device | agent
}
OPTIONS := {
-t[erse]
-p[retty]
-m[mode] tabular | multiline
-f[ields] <field1,field2,...> | all | common
-e[scape] yes | no
-n[ocheck]
-a[sk]
-w[ait] <seconds>
-v[ersion]
-h[elp]
}
DESCRIPTION
nmcli is a command-line tool for controlling NetworkManager and report-
ing network status. It can be utilized as a replacement for nm-applet
or other graphical clients. nmcli is used to create, display, edit,
delete, activate, and deactivate network connections, as well as con-
trol and display network device status.
Typical uses include:
-- Scripts: utilize NetworkManager via nmcli instead of managing net-
work connections manually. nmcli supports a terse output format
which is better suited for script processing. Note that NetworkMan-
ager can also execute scripts, called "dispatcher scripts", in
response to network events. See NetworkManager for details about
these dispatcher scripts.
-- Servers, headless machines, and terminals: nmcli can be used to
control NetworkManager without a GUI, including creating, editing,
starting and stopping network connections and viewing network sta-
tus.
OPTIONS
-t, --terse
Output is terse. This mode is designed and suitable for com-
puter (script) processing.
-p, --pretty
Output is pretty. This causes nmcli to produce easily readable
outputs for humans, i.e. values are aligned, headers are
printed, etc.
-m, --mode tabular | multiline
Switch between tabular and multiline output. If omitted,
default is tabular for most commands. For the commands producing
more structured information, that cannot be displayed on a sin-
gle line, default is multiline. Currently, they are:
'nmcli connection show <ID>'
'nmcli device show'
tabular - Output is a table where each line describes a single
entry. Columns define particular properties of the entry.
multiline - Each entry comprises multiple lines, each property
on its own line. The values are prefixed with the property name.
-f, --fields <field1,field2,...> | all | common
This option is used to specify what fields (column names) should
be printed. Valid field names differ for specific commands.
List available fields by providing an invalid value to the
--fields option.
all is used to print all valid field values of the command.
common is used to print common field values of the command. If
omitted, default is common. The option is mandatory when
--terse is used. In this case, generic values all and common
cannot be used. (This is to maintain compatibility when new
fields are added in the future).
-e, --escape yes | no
Whether to escape ':' and '\' characters in terse tabular mode.
The escape character is '\'. If omitted, default is yes.
-n, --nocheck
This option can be used to force nmcli to skip checking nmcli
and NetworkManager version compatibility. Use it with care,
because using incompatible versions may produce incorrect
results.
-a, --ask
When using this option nmcli will stop and ask for any missing
required arguments, so do not use this option for non-interac-
tive purposes like scripts. This option controls, for example,
whether you will be prompted for a password if it is required
for connecting to a network.
-w, --wait <seconds>
This option sets a timeout period for which nmcli will wait for
NetworkManager to finish operations. It is especially useful for
commands that may take a longer time to complete, e.g. connec-
tion activation. Specifying a value of 0 instructs nmcli not to
wait but to exit immediately with a status of success. The
default value depends on the executed command.
-v, --version
Show nmcli version.
-h, --help
Print help information.
OBJECT
general - general NetworkManager status and operations
Use this object to show NetworkManager status and permissions.
You can also get and change system hostname, as well as Network-
Manager logging level and domains.
COMMAND := { status | hostname | permissions | logging }
status
Show overall status of NetworkManager. This is the
default action, when no additional command is provided
for general object.
hostname [<hostname>]
Get and change system hostname. With no arguments, this
prints currently configured hostname. When you pass a
hostname, it will be handed over to NetworkManager to be
set as a new system hostname.
Note that the term system hostname may also be referred
to as persistent or static by other programs or tools.
The hostname is stored in /etc/hostname file in most dis-
tributions. For example, systemd-hostnamed service uses
the term static hostname and it only reads the /etc/host-
name file when it starts.
permissions
Show the permissions a caller has for various authenti-
cated operations that NetworkManager provides, like
enable and disable networking, changing Wi-Fi, WWAN, and
WiMAX state, modifying connections, etc.
logging [level <log level>] [domains <log domains>]
Get and change NetworkManager logging level and domains.
Without any argument current logging level and domains
are shown. In order to change logging state, provide
level and, or, domain parameters. See NetworkManager.conf
for available level and domain values.
networking - get or set general networking state of NetworkManager
Use this object to show NetworkManager networking status, or to
enable and disable networking. Disabling networking removes the
configuration from all devices and changes them to the 'unman-
aged' state.
COMMAND := { [ on | off | connectivity ] }
[ on | off ]
Get networking-enabled status or enable and disable net-
working by NetworkManager. All interfaces managed by
NetworkManager are deactivated when networking has been
disabled.
connectivity [check]
Get network connectivity state. The optional check argu-
ment tells NetworkManager to re-check the connectivity,
else the most recent known connectivity state is dis-
played without re-checking.
Possible states are:
none - the host is not connected to any network
portal - the host is behind a captive portal and cannot
reach the full Internet
limited - the host is connected to a network, but it has
no access to the Internet
full - the host is connected to a network and has
full access to the Internet
unknown - the connectivity status cannot be found out
radio - get or set radio switch states
Use this object to show radio switches status, or enable and
disable the switches.
COMMAND := { all | wifi | wwan | wimax }
wifi [ on | off ]
Show or set status of Wi-Fi in NetworkManager. If no
arguments are supplied, Wi-Fi status is printed; on
enables Wi-Fi; off disables Wi-Fi.
wwan [ on | off ]
Show or set status of WWAN (mobile broadband) in Network-
Manager. If no arguments are supplied, mobile broadband
status is printed; on enables mobile broadband, off dis-
ables it.
wimax [ on | off ]
Show or set status of WiMAX in NetworkManager. If no
arguments are supplied, WiMAX status is printed; on
enables WiMAX; off disables WiMAX. Note: WiMAX support
is a compile-time decision, so it may be unavailable on
some installations.
all [ on | off ]
Show or set all previously mentioned radio switches at
the same time.
connection - start, stop, and manage network connections
NetworkManager stores all network configuration as connections,
which are collections of data (Layer2 details, IP addressing,
etc.) that describe how to create or connect to a network. A
connection is active when a device uses that connection's con-
figuration to create or connect to a network. There may be mul-
tiple connections that apply to a device, but only one of them
can be active on that device at any given time. The additional
connections can be used to allow quick switching between differ-
ent networks and configurations.
Consider a machine which is usually connected to a DHCP-enabled
network, but sometimes connected to a testing network which uses
static IP addressing. Instead of manually reconfiguring eth0
each time the network is changed, the settings can be saved as
two connections which both apply to eth0, one for DHCP (called
"default") and one with the static addressing details (called
"testing"). When connected to the DHCP-enabled network the user
would run "nmcli con up default" , and when connected to the
static network the user would run "nmcli con up testing".
COMMAND := { show | up | down | add | edit | modify | delete |
reload | load }
show [--active]
List in-memory and on-disk connection profiles, some of
which may also be active if a device is using that con-
nection profile. Without a parameter, all profiles are
listed. When --active option is specified, only the
active profiles are shown.
show [--active] [--show-secrets] [ id | uuid | path | apath ]
<ID> ...
Show details for specified connections. By default, both
static configuration and active connection data are dis-
played. When --active option is specified, only the
active profiles are taken into account. When --show-
secrets option is specified, secrets associated with the
profile will be revealed too. id, uuid, path and apath
keywords can be used if <ID> is ambiguous.
Optional <ID>-specifying keywords are:
id - the <ID> denotes a connection name
uuid - the <ID> denotes a connection UUID
path - the <ID> denotes a D-Bus static connection
path in the format of /org/freedesktop/Net-
workManager/Settings/<num> or just <num>
apath - the <ID> denotes a D-Bus active connection
path in the format of /org/freedesktop/Net-
workManager/ActiveConnection/<num> or just
<num>
It is possible to filter the output using the global
--fields option. Use the following values:
profile - only shows static profile configuration
active - only shows active connection data (when
the profile is active)
You can also specify particular fields. For static con-
figuration, use setting and property names as described
in nm-settings(5) manual page. For active data use GEN-
ERAL, IP4, DHCP4, IP6, DHCP6, VPN.
When no command is given to the connection object, the
default action is 'nmcli connection show'.
up [ id | uuid | path ] <ID> [ifname <ifname>] [ap <BSSID>] [nsp
<name>] [passwd <file with passwords>]
up ifname <ifname> [ap <BSSID>] [nsp <name>] [passwd <file with
passwords>]
Activate a connection. The connection is identified by
its name, UUID or D-Bus path. If <ID> is ambiguous, a
keyword id, uuid or path can be used. When requiring a
particular device to activate the connection on, the
ifname option with interface name should be given. If
the <ID> is not given an ifname is required, and Network-
Manager will activate the best available connection for
the given ifname. In case of a VPN connection, the
ifname option specifies the device of the base connec-
tion. The ap option specify what particular AP should be
used in case of a Wi-Fi connection.
If '--wait' option is not specified, the default timeout
will be 90 seconds.
See connection show above for the description of the
<ID>-specifying keywords.
Available options are:
ifname - interface that will be used for
activation
ap - BSSID of the AP which the command
should connect to (for Wi-Fi connec-
tions)
nsp - NSP (Network Service Provider)
which the command should connect to
(for WiMAX connections)
passwd-file - some networks may require creden-
tials during activation. You can give
these credentials using this option.
Each line of the file should contain
one password in the form of
setting_name.property_name:the pass-
word
For example, for WPA Wi-Fi with PSK,
the line would be
802-11-wireless-secu-
rity.psk:secret12345
For 802.1X password, the line would
be
802-1x.password:my 1X password
nmcli also accepts "wifi-sec" and
"wifi" strings instead of
"802-11-wireless-security". When
NetworkManager requires a password
and it is not given, nmcli will ask
for it when run with --ask. If --ask
was not passed, NetworkManager can
ask another secret agent that may be
running (typically a GUI secret
agent, such as nm-applet or gnome-
shell).
down [ id | uuid | path | apath ] <ID> ...
Deactivate a connection from a device without preventing
the device from further auto-activation. Multiple connec-
tions can be passed to the command.
Be aware that this command deactivates the specified
active connection, but the device on which the connection
was active, is still ready to connect and will perform
auto-activation by looking for a suitable connection that
has the 'autoconnect' flag set. This includes the just
deactivated connection. So if the connection is set to
auto-connect, it will be automatically started on the
disconnected device again.
In most cases you may want to use device disconnect com-
mand instead.
The connection is identified by its name, UUID or D-Bus
path. If <ID> is ambiguous, a keyword id, uuid, path or
apath can be used.
See connection show above for the description of the
<ID>-specifying keywords.
If '--wait' option is not specified, the default timeout
will be 10 seconds.
add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS
Add a connection for NetworkManager. Arguments differ
according to connection types, see below.
COMMON_OPTIONS:
type <type> - connection
type; see below
TYPE_SPE-
CIFIC_OPTIONS
for allowed
values; (manda-
tory)
ifname <ifname> | "*" - interface to
bind the con-
nection to. The
connection will
only be appli-
cable to this
interface name.
A special value
of "*" can be
used for inter-
face-indepen-
dent connec-
tions. The
ifname argument
is mandatory
for all connec-
tion types
except bond,
team, bridge
and vlan.
Note: use
quotes around *
to suppress
shell expan-
sion.
[con-name <connection name>] - connection
name (when not
provided a
default name is
generated:
<type>[-<ifname>][-<num>])
[autoconnect yes|no] - whether the
connection pro-
file can be
automatically
activated
(default: yes)
[save yes|no] - whether the
connection
should be per-
sistent, i.e.
NetworkManager
should store it
on disk
(default: yes)
TYPE_SPECIFIC_OPTIONS:
ethernet:
[mac <MAC address>] - MAC address
of the device
this connection
is locked to
[cloned-mac <cloned MAC address>] - cloned MAC
[mtu <MTU>] - MTU
wifi:
ssid <SSID> - SSID
[mac <MAC address>] - MAC address
of the device
this connection
is locked to
[cloned-mac <cloned MAC address>] - cloned MAC
[mode infrastructure|ap|adhoc] - Wi-Fi network
mode. If blank,
infrastructure
is assumed.
[mtu <MTU>] - MTU
wimax:
[mac <MAC address>] - MAC address
of the device
this connection
is locked to
[nsp <NSP>] - Network Ser-
vice Provider
name
pppoe:
username <PPPoE username> - PPPoE user-
name
[password <PPPoE password>] - Password for
the PPPoE user-
name
[service <PPPoE service name>] - PPPoE service
name (if
required by
concentrator)
[mtu <MTU>] - MTU
[mac <MAC address>] - MAC address
of the device
this connection
is locked to
gsm:
apn <APN> - APN - GSM
Access Point
Name
[user <username>] - user name
[password <password>] - password
cdma:
[user <username>] - user name
[password <password>] - password
infiniband:
[mac <MAC address>] - MAC address
of the device
this connection
is locked to
(InfiniBand MAC
is 20 bytes)
[mtu <MTU>] - MTU
[transport-mode datagram | connected] - InfiniBand
transport mode
[parent <interface name>] - the interface
name of the
parent device
(if any)
[p-key <IPoIB P_Key>] - the Infini-
Band P_Key
(16-bit
unsigned inte-
ger)
bluetooth:
[addr <bluetooth address>] - Bluetooth
device address
(MAC)
[bt-type panu|dun-gsm|dun-cdma] - Bluetooth
connection type
vlan:
dev <parent device (connection UUID, ifname, or MAC)>
- parent device
this VLAN is on
id <VLAN ID> - VLAN ID in
range <0-4095>
[flags <VLAN flags>] - flags
[ingress <ingress priority mapping>] - VLAN ingress
priority map-
ping
[egress <egress priority mapping>] - VLAN egress
priority map-
ping
[mtu <MTU>] - MTU
bond:
[mode balance-rr (0) | active-backup (1) | balance-xor
(2) | broadcast (3) |
802.3ad (4) | balance-tlb (5) | balance-alb
(6)]
- bonding mode
(default: bal-
ance-rr)
[primary <ifname>] - primary
interface name
(for "active-
backup" mode)
[miimon <num>] - miimon
(default: 100)
[downdelay <num>] - downdelay
(default: 0)
[updelay <num>] - updelay
(default: 0)
[arp-interval <num>] - ARP interval
(default: 0)
[arp-ip-target <num>] - ARP IP target
bond-slave:
master <master (ifname, or connection UUID or name)>
- master bond
interface name,
or connection
UUID or ID of
bond master
connection pro-
file. The
value can be
prefixed with
ifname/, uuid/
or id/ to dis-
ambiguate it.
team:
[config <file>|<raw JSON data>] - JSON configu-
ration for team
team-slave:
master <master (ifname, or connection UUID or name)>
- master team
interface name,
or connection
UUID or ID of
team master
connection pro-
file. The
value can be
prefixed with
ifname/, uuid/
or id/ to dis-
ambiguate it.
[config <file>|<raw JSON data>] - JSON configu-
ration for team
bridge:
[stp yes|no] - controls
whether Span-
ning Tree Pro-
tocol (STP) is
enabled for
this bridge
(default: yes)
[priority <num>] - sets STP pri-
ority (default:
128)
[forward-delay <2-30>] - STP forward-
ing delay, in
seconds
(default: 15)
[hello-time <1-10>] - STP hello
time, in sec-
onds (default:
2)
[max-age <6-42>] - STP maximum
message age, in
seconds
(default: 20)
[ageing-time <0-1000000>] - the Ethernet
MAC address
aging time, in
seconds
(default: 300)
[mac <MAC address>] - MAC address
of the bridge
(note: this
requires a
recent kernel
feature, origi-
nally intro-
duced in 3.15
upstream ker-
nel)
bridge-slave:
master <master (ifname, or connection UUID or name)>
- master bridge
interface name,
or connection
UUID or ID of
bridge master
connection pro-
file. The
value can be
prefixed with
ifname/, uuid/
or id/ to dis-
ambiguate it.
[priority <0-63>] - STP priority
of this slave
(default: 32)
[path-cost <1-65535>] - STP port cost
for destina-
tions via this
slave (default:
100)
[hairpin yes|no] - 'hairpin
mode' for the
slave, which
allows frames
to be sent back
out through the
slave the frame
was received on
(default: yes)
vpn:
vpn-type vpnc|openvpn|pptp|opencon-
nect|openswan|libreswan|ssh|l2tp|iodine|...
- VPN type
[user <username>] - VPN username
olpc-mesh:
ssid <SSID> - SSID
[channel <1-13>] - channel to
use for the
network
[dhcp-anycast <MAC address>] - anycast DHCP
MAC address
used when
requesting an
IP address via
DHCP
adsl:
username <username> - ADSL user
name
protocol pppoa|pppoe|ipoatm - ADSL protocol
[password <password>] - ADSL password
[encapsulation vcmux|llc] - ADSL encapsu-
lation
IP_OPTIONS:
[ip4 <IPv4 address>] [gw4 <IPv4 gateway>] - IPv4
addresses
[ip6 <IPv6 address>] [gw6 <IPv6 gateway>] - IPv6
addresses
edit [id | uuid | path ] <ID> - edit an existing connection
edit [type <new connection type>] [con-name <new connection
name>] - add a new connection
Edit an existing connection or add a new one, using an
interactive editor.
The existing connection is identified by its name, UUID
or D-Bus path. If <ID> is ambiguous, a keyword id, uuid,
or path can be used. See connection show above for the
description of the <ID>-specifying keywords. Not provid-
ing an <ID> means that a new connection will be added.
The interactive editor will guide you through the connec-
tion editing and allow you to change connection parame-
ters according to your needs by means of a simple menu-
driven interface. The editor indicates what settings and
properties can be modified and provides in-line help.
Available options:
type - type of the new connection; valid types
are the same as for connection add command
con-name - name for the new connection. It can be
changed later in the editor.
See also nm-settings(5) for all NetworkManager settings
and property names, and their descriptions; and nmcli-
examples(5) for sample editor sessions.
modify [--temporary] [ id | uuid | path ] <ID> [+|-]<set-
ting>.<property> <value>
[+|-]<setting>.<property> <value> ...
Modify one or more properties in the connection profile.
The connection is identified by its name, UUID or D-Bus
path. If <ID> is ambiguous, a keyword id, uuid or path
can be used. See nm-settings(5) for setting and property
names, their descriptions and default values. This com-
mand supports abbreviations for setting name and property
name provided they are unique. Empty value ("") removes
the property value (sets the property to the default
value). The provided value overwrites the existing prop-
erty value.
If you want to append an item to the existing value, use
+ prefix for the property name. If you want to remove
just one item from container-type property, use - prefix
for the property name and specify a value or an zero-
based index of the item to remove (or option name for
properties with named options) as value. Of course, +|-
only have a real effect for multi-value (container) prop-
erties like ipv4.dns, ipv4.addresses, bond.options, etc.
The changes to the connection profile will be saved per-
sistently by NetworkManager, unless --temporary option is
provided, in which case the changes won't persist over
NetworkManager restart.
delete [ id | uuid | path ] <ID> ...
Delete a configured connection. The connection to be
deleted is identified by its name, UUID or D-Bus path. If
<ID> is ambiguous, a keyword id, uuid or path can be
used.
See connection show above for the description of the
<ID>-specifying keywords.
If '--wait' option is not specified, the default timeout
will be 10 seconds.
reload
Reload all connection files from disk. NetworkManager
does not monitor changes to connection files by default.
So you need to use this command in order to tell Network-
Manager to re-read the connection profiles from disk when
a change was made to them. However, the auto-loading fea-
ture can be enabled and then NetworkManager will reload
connection files any time they change (monitor-connec-
tion-files=true in NetworkManager.conf(5)).
load <filename> [<filename>...]
Load/reload one or more connection files from disk. Use
this after manually editing a connection file to ensure
that NetworkManager is aware of its latest state.
device - show and manage network interfaces
COMMAND := { status | show | connect | disconnect | delete | wifi |
wimax }
status
Print status of devices.
This is the default action if no command is specified to
device object.
show [<ifname>]
Show detailed information about devices. Without an
argument, all devices are examined. To get information
for a specific device, the interface name has to be pro-
vided.
connect <ifname>
Connect the device. NetworkManager will try to find a
suitable connection that will be activated. It will also
consider connections that are not set to auto connect.
If '--wait' option is not specified, the default timeout
will be 90 seconds.
disconnect <ifname> ...
Disconnect a device and prevent the device from automati-
cally activating further connections without user/manual
intervention. Note that disconnecting software devices
may mean that the devices will disappear.
If '--wait' option is not specified, the default timeout
will be 10 seconds.
delete <ifname> ...
Delete a device. The command removes the interface from
the system. Note that this only works for software
devices like bonds, bridges, teams, etc. Hardware
devices (like Ethernet) cannot be deleted by the command.
If '--wait' option is not specified, the default timeout
will be 10 seconds.
wifi [list [ifname <ifname>] [bssid <BSSID>]]
List available Wi-Fi access points. The ifname and bssid
options can be used to list APs for a particular inter-
face or with a specific BSSID, respectively.
wifi connect <(B)SSID> [password <password>] [wep-key-type
key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>]
[private yes|no] [hidden yes|no]
Connect to a Wi-Fi network specified by SSID or BSSID.
The command creates a new connection and then activates
it on a device. This is a command-line counterpart of
clicking an SSID in a GUI client. The command always cre-
ates a new connection and thus it is mainly useful for
connecting to new Wi-Fi networks. If a connection for the
network already exists, it is better to bring up (acti-
vate) the existing connection as follows: nmcli con up id
<name>. Note that only open, WEP and WPA-PSK networks are
supported at the moment. It is also supposed that IP con-
figuration is obtained via DHCP.
If '--wait' option is not specified, the default timeout
will be 90 seconds.
Available options are:
password - password for secured networks (WEP or WPA)
wep-key-type - type of WEP secret, either key for
ASCII/HEX key or phrase for passphrase
ifname - interface that will be used for activation
bssid - if specified, the created connection will
be restricted just for the BSSID
name - if specified, the connection will use the
name (else NM creates a name itself)
private - if set to yes, the connection will only be
visible to the user who created it. Other-
wise the connection is system-wide, which is
the default.
hidden - set to yes when connecting for the first
time to an AP not broadcasting its SSID.
Otherwise the SSID would not be found and
the connection attempt would fail.
wifi rescan [ifname <ifname>] [[ssid <SSID>] ...]
Request that NetworkManager immediately re-scan for
available access points. NetworkManager scans Wi-Fi net-
works periodically, but in some cases it can be useful to
start scanning manually (e.g. after resuming the com-
puter). By using ssid, it is possible to scan for a spe-
cific SSID, which is useful for APs with hidden SSIDs.
You can provide multiple ssid parameters in order to scan
more SSIDs.
This command does not show the APs, use 'nmcli device
wifi list' for that.
wimax [list [ifname <ifname>] [nsp <name>]]
List available WiMAX NSP. The ifname and nsp options can
be used to list networks for a particular interface or
with a specific NSP, respectively.
agent - run nmcli as a NetworkManager secret agent, or polkit agent
COMMAND := { secret | polkit | all }
secret
Register nmcli as a NetworkManager secret agent and lis-
ten for secret requests. You do usually not need this
command, because nmcli can handle secrets when connecting
to networks. However, you may find the command useful
when you use another tool for activating connections and
you do not have a secret agent available (like nm-
applet).
polkit
Register nmcli as a polkit agent for the user session and
listen for authorization requests. You do not usually
need this command, because nmcli can handle polkit
actions related to NetworkManager operations (when run
with --ask). However, you may find the command useful
when you want to run a simple text based polkit agent and
you do not have an agent of a desktop environment. Note
that running this command makes nmcli handle all polkit
requests, not only NetworkManager related ones, because
only one polkit agent can run for the session.
all
Runs nmcli as both NetworkManager secret and a polkit
agent.
ENVIRONMENT VARIABLES
nmcli's behavior is affected by the following environment variables.
LC_ALL If set to a non-empty string value, it overrides the val-
ues of all the other internationalization variables.
LC_MESSAGES Determines the locale to be used for internationalized
messages.
LANG Provides a default value for the internationalization
variables that are unset or null.
Internationalization notes:
Be aware that nmcli is localized and that is why the output depends on
your environment. This is important to realize especially when you
parse the output.
Call nmcli as LC_ALL=C nmcli to be sure the locale is set to "C" while
executing in a script.
LC_ALL, LC_MESSAGES, LANG variables specify the LC_MESSAGES locale cat-
egory (in that order), which determines the language that nmcli uses
for messages. The "C" locale is used if none of these variables are
set, and this locale uses English messages.
EXIT STATUS
nmcli exits with status 0 if it succeeds, a value greater than 0 is
returned if an error occurs.
0 Success - indicates the operation succeeded
1 Unknown or unspecified error
2 Invalid user input, wrong nmcli invocation
3 Timeout expired (see --wait option)
4 Connection activation failed
5 Connection deactivation failed
6 Disconnecting device failed
7 Connection deletion failed
8 NetworkManager is not running
9 nmcli and NetworkManager versions mismatch
10 Connection, device, or access point does not exist.
EXAMPLES
This section presents various examples of nmcli usage. If you want even
more, please refer to nmcli-examples(5) manual page.
nmcli -t -f RUNNING general
tells you whether NetworkManager is running or not.
nmcli -t -f STATE general
shows the overall status of NetworkManager.
nmcli radio wifi off
switches Wi-Fi off.
nmcli connection show
lists all connections NetworkManager has.
nmcli -p -m multiline -f all con show
shows all configured connections in multi-line mode.
nmcli connection show --active
lists all currently active connections.
nmcli -f name,autoconnect c s
shows all connection profile names and their auto-connect prop-
erty.
nmcli -p connection show "My default em1"
shows details for "My default em1" connection profile.
nmcli connection show --show-secrets "My Home WiFi"
shows details for "My Home WiFi" connection profile with all
passwords. Without --show-secrets option, secrets would not be
displayed.
nmcli -f active connection show "My default em1"
shows details for "My default em1" active connection, like IP,
DHCP information, etc.
nmcli -f profile con s "My wired connection"
shows static configuration details of the connection profile
with "My wired connection" name.
nmcli -p con up "My wired connection" ifname eth0
activates the connection profile with name "My wired connection"
on interface eth0. The -p option makes nmcli show progress of
the activation.
nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3
connects the Wi-Fi connection with UUID
6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
00:3A:98:7C:42:D3.
nmcli device status
shows the status for all devices.
nmcli dev disconnect em2
disconnects a connection on interface em2 and marks the device
as unavailable for auto-connecting. As a result, no connection
will automatically be activated on the device until the device's
'autoconnect' is set to TRUE or the user manually activates a
connection.
nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0
shows details for wlan0 interface; only GENERAL and WIFI-PROPER-
TIES sections will be shown.
nmcli dev wifi
lists available Wi-Fi access points known to NetworkManager.
nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"
creates a new connection named "My cafe" and then connects it to
"Cafe Hotspot 1" SSID using password "caffeine". This is mainly
useful when connecting to "Cafe Hotspot 1" for the first time.
Next time, it is better to use 'nmcli con up id "My cafe"' so
that the existing connection profile can be used and no addi-
tional is created.
nmcli connection add type ethernet autoconnect no ifname eth0
non-interactively adds an Ethernet connection tied to eth0
interface with automatic IP configuration (DHCP), and disables
the connection's "autoconnect" flag.
nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55
non-interactively adds a VLAN connection with ID 55. The connec-
tion will use eth0 and the VLAN interface will be named Maxipes-
fik.
nmcli connection edit ethernet-em1-2
edits existing "ethernet-em1-2" connection in the interactive
editor.
nmcli connection edit type ethernet con-name "yet another Ethernet con-
nection"
adds a new Ethernet connection in the interactive editor.
nmcli con mod ethernet-2 connection.autoconnect no
modifies 'autoconnect' property in the 'connection' setting of
'ethernet-2' connection.
nmcli con mod "Home Wi-Fi" wifi.mtu 1350
modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
connection.
nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24
192.168.1.1, 10.10.1.5/8, 10.0.0.11"
sets manual addressing and the addresses in em1-1 profile.
nmcli con modify ABC +ipv4.dns 8.8.8.8
appends a Google public DNS server to DNS servers in ABC pro-
file.
nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1"
removes the specified IP address from (static) profile ABC.
NOTES
nmcli accepts abbreviations, as long as they are a unique prefix in the
set of possible options. As new options get added, these abbreviations
are not guaranteed to stay unique. For scripting and long term compati-
blity it is therefore strongly advised to spell out the full option
names.
BUGS
There are probably some bugs. If you find a bug, please report it to
https://bugzilla.gnome.org/ -- product NetworkManager.
SEE ALSO
nmcli-examples(5), nm-online(1), NetworkManager(8), NetworkMan-
ager.conf(5), nm-settings(5), nm-applet(1), nm-connection-editor(1).
12 August 2015 NMCLI(1)