NetworkManager includes a command-line tool, nmcli, which is used to control NetworkManager. You can use nmcli to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status. The syntax is:
# nmlci OPTIONS OBJECT { COMMAND | help }
There are five different objects on which most of the operations are performed using nmcli command:
1. general
2. networking
3. radio
4. connection
5. device.
Use the help argument to display the options and information about the five different objects:
# nmcli --help
Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }
OPTIONS
-t[erse] terse output
-p[retty] pretty output
-m[ode] tabular|multiline output mode
-c[olors] auto|yes|no whether to use colors in output
-f[ields] [field1,field2,...]|all|common specify fields to output
-e[scape] yes|no escape columns separators in values
-a[sk] ask for missing parameters
-s[how-secrets] allow displaying passwords
-w[ait] [seconds> set timeout waiting for finishing operations
-v[ersion] show program version
-h[elp] print this help
OBJECT
g[eneral] NetworkManager's general status and operations
n[etworking] overall networking control
r[adio] NetworkManager radio switches
c[onnection] NetworkManager's connections
d[evice] devices managed by NetworkManager
a[gent] NetworkManager secret agent or polkit agent
m[onitor] monitor NetworkManager changes
The ‘nmcli general’ sub-command
Use the nmcli general object to show NetworkManager status and permissions. This command also allows you view and change the system hostname and the NetworkManager logging level. The following command provides help on the nmcli general object:
# nmcli general help
Usage: nmcli general { COMMAND | help }
COMMAND := { status | hostname | permissions | logging }
status
hostname [[hostname]]
permissions
logging [level [log level]] [domains [log domains]]
Some examples of using this command follow.
Example 1 : Overall status of NetworkManager
Use the following command to display the overall status of NetworkManager. The status argument is the default and can be omitted.
# nmcli general status STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN connected full enabled enabled enabled enabled
Example 2 : Changing the hostname
The hostname argument is used to display or change the system hostname. The hostname is stored in the /etc/hostname file. The following example changes the hostname to geeklab.example.com and updates the /etc/hostname file:
# nmcli general hostname geeklab.example.com
Example 3 : View permissions a caller has for various operations
The permissions argument shows the permissions a caller has for the various authenticated operations that NetworkManager provides. The following example shows permissions for enabling and disabling networking, changing Wi-Fi and WWAN state, modifying connections, and other operations:
# nmcli general permissions PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network yes org.freedesktop.NetworkManager.enable-disable-wifi yes org.freedesktop.NetworkManager.enable-disable-wwan yes org.freedesktop.NetworkManager.enable-disable-wimax yes org.freedesktop.NetworkManager.sleep-wake yes org.freedesktop.NetworkManager.network-control yes org.freedesktop.NetworkManager.wifi.share.protected yes org.freedesktop.NetworkManager.wifi.share.open yes org.freedesktop.NetworkManager.settings.modify.system yes org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.hostname yes org.freedesktop.NetworkManager.settings.modify.global-dns yes org.freedesktop.NetworkManager.reload yes org.freedesktop.NetworkManager.checkpoint-rollback yes org.freedesktop.NetworkManager.enable-disable-statistics yes
Example 4 : Change NetworkManager logging level
The logging argument is used to get and change NetworkManager logging level for domains. Without any argument, the current logging level and domains are shown as follows:
# nmcli general logging
LEVEL DOMAINS
INFO PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,IP4,IP6,AUTOIP4,DNS,VPN,SHARING,SUPPLICANT,AGENTS,SETTINGS,SUSPEND,CORE,DEVICE,OLPC,INFINIBAND,FIREWALL
,ADSL,BOND,VLAN,BRIDGE,TEAM,CONCHECK,DCB,DISPATCH,AUDIT,SYSTEMD,PROXY
To change logging state, provide the level and/or domain parameters using the following syntax:
# nmcli general logging [level [log level]] [domains [log domains]]
The logging level can be one of the following (listed in order of verbosity):
| Log Level | Description |
|---|---|
| ERR | Logs only critical errors |
| WARN | Logs warnings that might reflect operation |
| INFO | Logs various informational messages that are useful for tracking state and operations |
| DEBUG | Enables verbose logging for debugging purposes |
The following example sets the logging level to DEBUG for the IPv4 domain:
# nmcli general logging level DEBUG domains IP4
The following example sets the logging level to INFO for all domains:
# nmcli general logging level INFO domains ALL
For information on configuring NetworkManager logging and for domain descriptions, see the NetworkManager.conf man page.
# man NetworkManager.conf
The ‘nmcli networking’ sub-command
Use the nmcli networking object to show NetworkManager networking status, or to enable and disable networking. Disabling networking removes the configuration from all devices and changes them to the “unmanaged“” state. The following command provides help on the nmcli networking object:
# nmcli networking help
Usage: nmcli networking { COMMAND | help }
COMMAND := { [ on | off | connectivity ] }
on
off
connectivity [check]
Some examples of using this command are given.
Example 1 : Check networking status and enable/disable it
The following sequence of commands displays the networking status and then disables and enables networking:
# nmcli networking enabled # nmcli networking off
# nmcli networking disabled # nmcli networking on
Example 2 : Check the network connectivity state
The connectivity argument shows the network connectivity state. An optional check argument tells NetworkManager to recheck the connectivity. Without the check argument, the command displays the most recent known connectivity state without rechecking. The following example includes the check argument:
# nmcli networking connectivity check full
Possible states are:
| State | Description |
|---|---|
| none | The host is not connected to any network. |
| portal | The host is behind a captive portal and cannot reach the full Internet. |
| limited | The host is connected to a network, but it has no access to the Internet. |
| full | The host is connected to a network and has full access to the Internet. |
| unknown | The connectivity status cannot be determined. |
The ‘nmcli radio’ sub-command
Use the nmcli radio object to show radio switch status, or to enable and disable the switches. The following command provides help on the nmcli radio object:
# nmcli radio help
Usage: nmcli radio { COMMAND | help }
COMMAND := { all | wifi | wwan }
all | wifi | wwan [ on | off ]
Some examples of using this command are given.
Example 1 : Check Radion Switch status
The following command displays the radio switch status.
# nmcli radio WIFI-HW WIFI WWAN-HW WWAN enabled enabled enabled enabled
Example 2: Disable Wi-Fi in NetworkManager
Following Example disable the Wi-Fi in NetworkManager.
# nmcli radio wifi off
# nmcli radio WIFI-HW WIFI WWAN-HW WWAN enabled disabled enabled enabled
The nmcli connection sub-command
Use the nmcli connection object to start, stop, and manage network connections. NetworkManager stores all network configuration information as connections. Connections contain all the information, such as MAC address and IP address, required to create or connect to a network. A connection is active when a device uses that connection’s configuration to create or connect to a network.
There can be multiple connections for a given device but only one of them can be active on that device at any given time. The additional connections can be used to allow quick switching between different networks and configurations. For example, you can have a connection defined for a network interface that uses static IP addressing. You could have a second connection defined for the same network interface that uses DHCP.
The following command provides help on the nmcli connection object:
# nmcli connection help
Usage: nmcli connection { COMMAND | help }
COMMAND := { show | up | down | add | modify | clone | edit | delete | monitor | reload | load | import | export }
....
Example 1 : View connection profiles
Use the show argument to list connection profiles. Include the –active option to list only the active profiles. Example:
# nmcli connection show --active NAME UUID TYPE DEVICE ens33 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet ens33
You can also view detailed information for a specific connection by specifying an optional [ID] keyword followed by an associated value. The [ID] can be id, uuid, path, or apath. The following example uses the id keyword to show detailed information for the enp134s1f0 connection. Only partial output is shown:
# nmcli connection show id ens33 connection.id: ens33 connection.uuid: bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 connection.stable-id: -- connection.interface-name: ens33 connection.type: 802-3-ethernet connection.autoconnect: no connection.autoconnect-priority: 0 connection.timestamp: 1511842397 connection.read-only: no ...
Example 2 : The nmcli connection up|down Commands
Use the up argument to activate a connection. The connection is specified by its name, UUID, or D-Bus path. When requiring a particular device to activate the connection on, use the ifname option with the interface name. The following example activates the “ens33” connection. The show argument is issued before and after to illustrate the result of the up argument:
# nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 dba7561b-dd02-3b58-92c0-07ce94b6250f 802-3-ethernet ens36 ens33 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet --
# nmcli connection up id ens33 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
# nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 dba7561b-dd02-3b58-92c0-07ce94b6250f 802-3-ethernet ens36 ens33 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet ens33
Use the down argument to deactivate a specific active connection. The following example deactivates the eth1 connection. The show argument is issued before and after to illustrate the result of the down argument:
# nmcli connection show NAME UUID TYPE DEVICE System eth0 ..... 802-3-ethernet eth0 System eth1 ..... 802-3-ethernet eth1
# nmcli connection down id ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4
# nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 dba7561b-dd02-3b58-92c0-07ce94b6250f 802-3-ethernet ens36 ens33 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet --
If the connection has the “connection.autoconnect“” flag set to “yes“, the connection automatically starts on the disconnected device again. In this case, use the nmcli device disconnect command instead of the nmcli connection down command.
Example 3 : The nmcli connection add Command
Use the add argument to add a connection for NetworkManager. The syntax follows:
# nmcli connection add [COMMON_OPTIONS] [TYPE_SPECIFIC] [OPTIONS] [IP_OPTIONS]
The COMMON_OPTIONS for the add argument are described:
- type [type]: Connection type. Valid types of connections are ethernet, wifi, wimax, pppoe, gsm, cdma, infiniband, bluetooth, vlan, bond, bond-slave, team, team-slave, bridge, bridge-slave, vpn, and olpc-mesh.
- ifname [ifname]: Interface to bind the connection to. A special value of “*” can be used for interface-independent connections.
- con-name [connection_name]: Connection name. This is optional. When not provided, a default name is generated, [type][-ifname][-num].
- autoconnect yes|no: Whether the connection profile can be automatically activated. This is optional. The default is yes.
- save yes|no: Whether the connection is persistent. This is optional. The default is yes.
Some of the TYPE_SPECIFIC OPTIONS for the add argument are given below. The following lists the TYPE_SPECIFIC OPTIONS for Ethernet and WiFi connections:
- ethernet TYPE_SPECIFIC OPTIONS:
- mac [MAC_address]: MAC address of the device this connection is locked to
- cloned-mac [cloned_MAC_address]: Clone MAC address
- mtu [MTU]: MTU
- wifi TYPE_SPECIFIC OPTIONS:
- ssid [SSID]: SSID
- mac [MAC_address]: MAC address of the device this connection is locked to
- cloned-mac [cloned_MAC_address]: Clone MAC address
- mtu [MTU]: MTU
The IP_OPTIONS for the add argument are described:
- ip4 [IPv4_address] gw4 [IPv4_address]: IPv4 addresses
- ip6 [IPv6_address] gw6 [IPv6_address]: IPv6 addresses
The following example adds an Ethernet connection. The nmcli connection show command is issued afterwards to view the results. Only partial output is shown.
nmcli connection add con-name new-ens33 ifname ens33 type ethernet ip4 192.168.2.100/24 gw4 192.168.2.1 Connection 'new-ens33' (f0c23472-1aec-4e84-8f1b-be8a2ecbeade) successfully added.
# nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 dba7561b-dd02-3b58-92c0-07ce94b6250f 802-3-ethernet ens36 ens33 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet ens33 new-ens33 f0c23472-1aec-4e84-8f1b-be8a2ecbeade 802-3-ethernet --
Each new connection creates an associated network interface configuration file in the /etc/sysconfig/network-scripts directory. For example:
# ls /etc/sysconfig/network-scripts/ifcfg* /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-new-ens33
Example 4 : The nmcli connection edit Command
Use the edit argument to edit an existing connection, identified by the connection ID, UUID, or D-Bus path. The following example specifies editing of the new-ens33 connection:
# nmcli connection edit new-ens33 ===| nmcli interactive connection editor |=== Editing existing '802-3-ethernet' connection: 'new-ens33' Type 'help' or '?' for available commands. Type 'describe [[setting].[prop]]' for detailed property description. You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, ipv4, ipv6 nmcli>
Use the ‘?’ key or type ‘help’ to display the available commands.
nmcli> ? ------------------------------------------------------------------------------ ---[ Main menu ]--- goto [[setting] | [prop]] :: go to a setting or property remove [setting][.[prop]] | [prop] :: remove setting or reset property value set [[setting].[prop] [value]] :: set property value describe [[setting].[prop]] :: describe property print [all | [setting][.[prop]]] :: print the connection verify [all | fix] :: verify the connection save [persistent|temporary] :: save the connection activate [[ifname]] [/[ap]|[nsp]] :: activate the connection back :: go one level up (back) help/? [[command]] :: print this help nmcli [conf-option] [value] :: nmcli configuration quit :: exit nmcli ------------------------------------------------------------------------------ nmcli>
Use the edit argument without specifying a connection identifier to add a new connection. The interactive editor guides you through the connection editing. The following example adds a new Ethernet connection:
# nmcli connection edit Valid connection types: generic, 802-3-ethernet (ethernet), pppoe, 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave, no-slave, tun, ip-tunnel, macvlan, vxlan Enter connection type: ethernet ===| nmcli interactive connection editor |=== Adding a new '802-3-ethernet' connection Type 'help' or '?' for available commands. Type 'describe [[setting].[prop]]' for detailed property description. You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, ipv4, ipv6 nmcli> set connection.id new-eth1 nmcli> set connection.interface-name eth1 nmcli> set connection.autoconnect yes nmcli> set 802-3-ethernet.mtu auto nmcli> set ipv4.method manual nmcli> set ipv4.addresses 192.168.2.101/24 nmcli> set ipv6.method auto nmcli> save Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection. Do you still want to save? (yes/no) [yes] yes Connection 'new-eth1' (817e285b-60f0-42d8-b259-4b62e21d823d) successfully saved. nmcli> quit
A new network interface configuration file is created in the /etc/sysconfig/network-scripts directory:
# ls -lrt /etc/sysconfig/network-scripts/ifcfg* -rw-r--r--. 1 root root 254 Sep 12 2016 /etc/sysconfig/network-scripts/ifcfg-lo -rw-r--r--. 1 root root 309 Oct 19 18:44 /etc/sysconfig/network-scripts/ifcfg-ens33 -rw-r--r--. 1 root root 338 Nov 28 09:51 /etc/sysconfig/network-scripts/ifcfg-new-ens33 -rw-r--r--. 1 root root 316 Nov 28 10:00 /etc/sysconfig/network-scripts/ifcfg-new-eth1
Example 5 : The nmcli connection modify Command
Use the modify argument to modify one or more properties in the connection profile. Identify the connection to modify by its ID, UUID, or D-Bus path. The provided value overwrites the existing property value.
Use an empty value (“”) to set the property value to the default. You can use the + prefix for the property name to append an item to the existing value, or use the – prefix to remove a specified value. The following example modifies the IPv4 DNS server address. The show argument displays the values before and after the modification:
Before
# nmcli connection show new-eth1 ... ipv4.dns: ...
# nmcli connection modify new-eth1 ipv4.dns 192.168.134.21
After
# nmcli connection show new-eth1 ... ipv4.dns: 192.168.134.21 ...
Example 6 : The nmcli connection delete | reload | load Command
1. Use the delete argument to delete a configured connection. For example:
# nmcli connection delete new-eth1
2. Use the reload argument to reload all connection files from disk. Use this command to tell NetworkManager to re-read the connection profiles from disk whenever a change was made to them. Set the monitor-connection-files to true to enable the auto-loading feature. In this case, NetworkManager reloads connection files any time they change. For example:
# nmcli connection reload
3. Use the load argument to load or reload one or more specific configuration files from disk. This is not needed if the auto-loading feature is enabled for the connection. For example :
# nmcli connection load /etc/sysconfig/network- scripts/ifcfg-new-eth0
The nmcli device Sub-Command
The nmcli device object provides the following commands:
- status: Display the status of all devices.
- show [ifname]: Show detailed information about devices.
- connect [ifname]: Connect the device.
- disconnect [ifname]: Disconnect the device.
- wifi list | connect | rescan: List Wi-Fi access points. Connect to a Wi-Fi network. Rescan for available access points.
Use the nmcli device object to show and manage network interfaces. The following command provides help on the nmcli device object:
# nmcli device help
Usage: nmcli device { COMMAND | help }
COMMAND := { status | show | set | connect | reapply | modify | disconnect | delete | monitor | wifi | lldp }
status
show [[ifname]]
set [ifname] [ifname] [autoconnect yes|no] [managed yes|no]
connect [ifname]
reapply [ifname]
modify [ifname] ([+|-][setting].[property] [value])+
disconnect [ifname] ...
delete [ifname] ...
monitor [ifname] ...
wifi [list [ifname [ifname]] [bssid [BSSID]]]
wifi connect [(B)SSID] [password [password]] [wep-key-type key|phrase] [ifname [ifname]]
[bssid [BSSID]] [name [name]] [private yes|no] [hidden yes|no]
wifi hotspot [ifname [ifname]] [con-name [name]] [ssid [SSID]] [band a|bg] [channel [channel]] [password [password]]
wifi rescan [ifname [ifname]] [[ssid [SSID to scan]] ...]
lldp [list [ifname [ifname]]]
Some examples of using this command are given.
Example 1 : Display status of all the devices
The following sequence of commands displays the status of all devices. The status argument is the default.
# nmcli device DEVICE TYPE STATE CONNECTION ens33 ethernet connected ens33 ens36 ethernet connected Wired connection 1 lo loopback unmanaged --
Example 2 : Display information oabout devices
The following example displays detailed information about a device:
# nmcli device show GENERAL.DEVICE: ens33 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:54:F7:20 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens33 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/5 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.219.150/24 IP4.GATEWAY: 192.168.219.2 IP4.DNS[1]: 192.168.219.2 IP4.DOMAIN[1]: localdomain IP6.ADDRESS[1]: fe80::3442:365:1982:aa4b/64 IP6.GATEWAY: GENERAL.DEVICE: ens36 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:54:F7:2A GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: Wired connection 1 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.219.155/24 IP4.GATEWAY: 192.168.219.2 IP4.DNS[1]: 192.168.219.2 IP4.DOMAIN[1]: localdomain IP6.ADDRESS[1]: fe80::e87:3cb9:edf5:1084/64 IP6.GATEWAY: GENERAL.DEVICE: lo GENERAL.TYPE: loopback GENERAL.HWADDR: 00:00:00:00:00:00 GENERAL.MTU: 65536 GENERAL.STATE: 10 (unmanaged) GENERAL.CONNECTION: -- GENERAL.CON-PATH: -- IP4.ADDRESS[1]: 127.0.0.1/8 IP4.GATEWAY: IP6.ADDRESS[1]: ::1/128 IP6.GATEWAY:
Example 3 : Connect and disconect a device
The following example shows the effect of using the disconnect and connect arguments:
# nmcli device disconnect ens33 Device 'ens33' successfully disconnected.
# nmcli device DEVICE TYPE STATE CONNECTION ens36 ethernet connected Wired connection 1 ens33 ethernet disconnected -- lo loopback unmanaged --
# nmcli device connect ens33 Device 'ens33' successfully activated with 'bbe539aa-5042-4d28-a0e6-2a4d4f5dd744'.
# nmcli device DEVICE TYPE STATE CONNECTION ens33 ethernet connected ens33 ens36 ethernet connected Wired connection 1 lo loopback unmanaged --
The “nmcli device wifi“” command provides the following arguments:
- list: List available Wi-Fi access points.
- connect [(B)SSID]: Connect to a Wi-Fi network specified by Service Set Identifier (SSID) or Basic Service Set Identifier (BSSID).
- rescan: Request that NetworkManager re-scan for available Wi-Fi access points.