[NetworkManager.git] / man / nmcli.1.in

.\" nmcli (1) manual page
.\"
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" The GNU General Public License's references to "object code"
.\" and "executables" are to be interpreted as the output of any
.\" document formatting or typesetting system, including
.\" intermediate and printed output.
.\"
.\" This manual is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public Licence along
.\" with this manual; if not, write to the Free Software Foundation, Inc.,
.\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
.\"
.\" Copyright 2010 - 2015 Red Hat, Inc.
.\"
.TH NMCLI "1" "2016-03-09" "NetworkManager 1.2"

.SH NAME
nmcli \- command\(hyline tool for controlling NetworkManager
.SH SYNOPSIS
.ad l
.B nmcli
.RI " [ " OPTIONS " ] " OBJECT " { " COMMAND " | "
.BR help " } "
.sp

.IR OBJECT " := { "
.BR general " | " networking " | " radio " | " connection " | " device " | " agent " | " monitor
.RI " }"
.sp

.IR OPTIONS " := { "
.br
\fB\-t\fR[\fIerse\fR]
.br
\fB\-p\fR[\fIretty\fR]
.br
\fB\-m\fR[\fImode\fR] tabular | multiline
.br
\fB\-c\fR[\fIcolors\fR] auto | yes | no
.br
\fB\-f\fR[\fIields\fR] <field1,field2,...> | all | common
.br
\fB\-e\fR[\fIscape\fR] yes | no
.br
\fB\-n\fR[\fIocheck\fR]
.br
\fB\-a\fR[\fIsk\fR]
.br
\fB\-s\fR[\fIhow-secrets\fR]
.br
\fB\-w\fR[\fIait\fR] <seconds>
.br
\fB\-v\fR[\fIersion\fR]
.br
\fB\-h\fR[\fIelp\fR]
.br
.RI "}"

.SH DESCRIPTION
.B nmcli
is a command\(hyline tool for controlling NetworkManager and reporting network
status. It can be utilized as a replacement for \fInm\(hyapplet\fP or other
graphical clients. \fInmcli\fP is used to create, display, edit, delete, activate,
and deactivate network connections, as well as control and display network device
status.
.P
Typical uses include:
.IP \(em 4
Scripts: utilize NetworkManager via \fInmcli\fP instead of managing network
connections manually.  \fInmcli\fP supports a terse output format which is better
suited for script processing. Note that NetworkManager can also execute scripts,
called "dispatcher scripts", in response to network events. See
\fBNetworkManager\fP for details about these dispatcher scripts.
.IP \(em 4
Servers, headless machines, and terminals:  \fInmcli\fP can be used to control
NetworkManager without a GUI, including creating, editing, starting and stopping
network connections and viewing network status.
.SS \fIOPTIONS\fP
.TP
.B \-t, \-\-terse
Output is terse.  This mode is designed and suitable for computer (script)
processing.
.TP
.B \-p, \-\-pretty
Output is pretty. This causes \fInmcli\fP to produce easily readable outputs
for humans, i.e. values are aligned, headers are printed, etc.
.TP
.B \-m, \-\-mode tabular | multiline
Switch between \fItabular\fP and \fImultiline\fP output.
If omitted, default is \fItabular\fP for most commands. For the commands
producing more structured information, that cannot be displayed on a single
line, default is \fImultiline\fP. Currently, they are:
.br
.nf
  'nmcli connection show <ID>'
  'nmcli device show'
.fi
\fItabular\fP   \(en Output is a table where each line describes a single entry.
Columns define particular properties of the entry.
.br
\fImultiline\fP \(en Each entry comprises multiple lines, each property on its own
line. The values are prefixed with the property name.
.TP
.B \-c, \-\-colors auto|yes|no
This option controls color output (using terminal escape sequences). \fIyes\fP
enables colors, \fIno\fP disables them, \fIauto\fP only produces colors when
standard output is directed to a terminal. The default value is \fIauto\fP.
.TP
.B \-f, \-\-fields <field1,field2,...> | all | common
This option is used to specify what fields (column names) should be printed.
Valid field names differ for specific commands. List available fields by
providing an invalid value to the \fI\-\-fields\fP option.
.br
\fIall\fP is used to print all valid field values of the command.
\fIcommon\fP is used to print common field values of the command.
If omitted, default is \fIcommon\fP.
The option is mandatory when \fI\-\-terse\fP is used.  In this case, generic
values \fIall\fP and \fIcommon\fP cannot be used.  (This is to maintain
compatibility when new fields are added in the future).
.TP
.B \-e, \-\-escape yes | no
Whether to escape ':' and '\\' characters in terse tabular mode.  The escape
character is '\\'.
If omitted, default is \fIyes\fP.
.TP
.B \-n, \-\-nocheck
This option can be used to force \fInmcli\fP to skip checking \fInmcli\fP and
\fINetworkManager\fP version compatibility. Use it with care, because using
incompatible versions may produce incorrect results.
.TP
.B \-a, \-\-ask
When using this option \fInmcli\fP will stop and ask for any missing required
arguments, so do not use this option for non-interactive purposes like scripts.
This option controls, for example, whether you will be prompted for a password
if it is required for connecting to a network.
.TP
.B \-s, \-\-show-secrets
When using this option \fInmcli\fP will display passwords and secrets that might
be present in an output of an operation. This option also influences echoing
passwords typed by user as an input.
.TP
.B \-w, \-\-wait <seconds>
This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP
to finish operations. It is especially useful for commands that may take a longer time to
complete, e.g. connection activation.
Specifying a value of \fB0\fP instructs \fInmcli\fP not to wait but to exit immediately
with a status of success. The default value depends on the executed command.
.TP
.B \-v, \-\-version
Show \fInmcli\fP version.
.TP
.B \-h, \-\-help
Print help information.
.SS \fIOBJECT\fP
.TP
.B general \- general \fINetworkManager\fP status and operations
.br
Use this object to show NetworkManager status and permissions. You can also get
and change system hostname, as well as NetworkManager logging level and domains.
.TP
.SS \fICOMMAND\fP := { status | hostname | permissions | logging }
.sp
.RS
.TP
.B status
.br
Show overall status of NetworkManager. This is the default action, when no additional
command is provided for \fIgeneral\fP object.
.TP
.B hostname [<hostname>]
.br
Get and change system hostname. With no arguments, this prints currently configured hostname.
When you pass a hostname, it will be handed over to NetworkManager to be set as a new system
hostname.
.br
Note that the term \fBsystem\fP hostname may also be referred to as \fBpersistent\fP or
\fBstatic\fP by other programs or tools. The hostname is stored in /etc/hostname
file in most distributions. For example, systemd-hostnamed service uses the term
\fBstatic\fP hostname and it only reads the /etc/hostname file when it starts.
.TP
.B permissions
.br
Show the permissions a caller has for various authenticated operations that
NetworkManager provides, like enable and disable networking, changing Wi\(hyFi
and WWAN state, modifying connections, etc.
.TP
.B logging [level <log level>] [domains <log domains>]
.br
Get and change \fINetworkManager\fP logging level and domains. Without any argument
current logging level and domains are shown. In order to change logging state, provide
\fIlevel\fP and, or, \fIdomain\fP parameters. See \fBNetworkManager.conf\fP for available
level and domain values.
.RE

.TP
.B networking \- get or set general networking state of NetworkManager
.br
Use this object to show NetworkManager networking status, or to enable and disable
networking. Disabling networking removes the configuration from all devices and
changes them to the 'unmanaged' state.
.TP
.SS \fICOMMAND\fP := { [ on | off | connectivity ] }
.sp
.RS
.TP
.B [ on | off ]
.br
Get networking\(hyenabled status or enable and disable networking by NetworkManager.
All interfaces managed by NetworkManager are deactivated when networking has
been disabled.
.TP
.B connectivity [check]
.br
Get network connectivity state.
The optional \fIcheck\fP argument tells NetworkManager to re-check the connectivity,
else the most recent known connectivity state is displayed without re-checking.
.br
Possible states are:
.RS
.PP
.IP \fInone\fP 9
\(en the host is not connected to any network
.IP \fIportal\fP 9
\(en the host is behind a captive portal and cannot reach the full Internet
.IP \fIlimited\fP 9
\(en the host is connected to a network, but it has no access to the Internet
.IP \fIfull\fP 9
\(en the host is connected to a network and has full access to the Internet
.IP \fIunknown\fP 9
\(en the connectivity status cannot be found out
.RE
.RE

.TP
.B radio \- get or set radio switch states
.br
Use this object to show radio switches status, or enable and disable
the switches.
.TP
.SS \fICOMMAND\fP := { all | wifi | wwan }
.sp
.RS
.TP
.B wifi [ on | off ]
.br
Show or set status of Wi\(hyFi in NetworkManager. If no arguments are supplied,
Wi\(hyFi status is printed; \fIon\fP enables Wi\(hyFi; \fIoff\fP disables Wi\(hyFi.
.TP
.B wwan [ on | off ]
.br
Show or set status of WWAN (mobile broadband) in NetworkManager. If no arguments
are supplied, mobile broadband status is printed; \fIon\fP enables mobile broadband,
\fIoff\fP disables it.
.TP
.B all [ on | off ]
.br
Show or set all previously mentioned radio switches at the same time.
.RE

.TP
.B monitor \- monitor NetworkManager
.br
Use this object to observe NetworkManager activity. Watches for changes
in connectivity state, devices or connection profiles.
.br
See also \fImonitor\fP command of \fIconnection\fP or \fIdevice\fP object
to watch for changes in certain objects or object classes.
.RE

.TP
.B connection \- start, stop, and manage network connections
.sp
NetworkManager stores all network configuration as \fIconnections\fP, which are
collections of data (Layer2 details, IP addressing, etc.) that describe
how to create or connect to a network.  A connection is \fIactive\fP when
a device uses that connection's configuration to create or connect to a network.
There may be multiple connections that apply to a device, but only one of them
can be active on that device at any given time. The additional connections can
be used to allow quick switching between different networks and configurations.
.sp
Consider a machine which is usually connected to a DHCP-enabled network, but
sometimes connected to a testing network which uses static IP addressing.  Instead
of manually reconfiguring eth0 each time the network is changed, the settings can
be saved as two connections which both apply to eth0, one for DHCP (called
"default") and one with the static addressing details (called "testing").  When
connected to the DHCP-enabled network the user would run "nmcli con up default"
, and when connected to the static network the user would run "nmcli con up testing".
.TP
.SS \fICOMMAND\fP := { show | up | down | add | edit | modify | delete | monitor | reload | load }
.sp
.RS
.TP
.B show [--active]
.br
List in-memory and on-disk connection profiles, some of which may also be
active if a device is using that connection profile. Without a parameter, all
profiles are listed. When --active option is specified, only the active profiles
are shown.
.TP
.B show [--active] [--order <order spec>] [ id | uuid | path | apath ] <ID> ...
.br
Show details for specified connections. By default, both static configuration
and active connection data are displayed.  When --active option is specified,
only the active profiles are taken into account. Use global --show-secrets option
to display secrets associated with the profile.
.sp
Ordering:
.br
The --order option can be used to get custom ordering of connections. The
connections can be ordered by active status, name, type or D-Bus path. If
connections are equal according to a sort order category, an additional
category can be specified.
The default sorting order is equivalent to "--order active:name:path".
.sp
<order spec> := category:category:...
.br
category := [+-]active | [+-]name | [+-]type | [+-]path
.br
\fI+\fP or no prefix means sorting in ascending order (alphabetically or in numbers).
.br
\fI-\fP means reverse (descending) order.
.br
The category names can be abbreviated (e.g. --order -a:na)
.sp
\fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if
\fI<ID>\fP is ambiguous.
.RS
.PP
Optional <ID>-specifying keywords are:
.IP \fIid\fP 13
\(en the <ID> denotes a connection name
.IP \fIuuid\fP 13
\(en the <ID> denotes a connection UUID
.IP \fIpath\fP 13
\(en the <ID> denotes a D-Bus static connection path
in the format of /org/freedesktop/NetworkManager/Settings/<num> or just <num>
.IP \fIapath\fP 13
\(en the <ID> denotes a D-Bus active connection path
in the format of /org/freedesktop/NetworkManager/ActiveConnection/<num> or just <num>
.PP
It is possible to filter the output using the global \fI--fields\fP option. Use the following
values:
.RE
.RS
.PP
.IP \fIprofile\fP 13
\(en only shows static profile configuration
.IP \fIactive\fP 13
\(en only shows active connection data (when the profile is active)
.PP
You can also specify particular fields. For static configuration, use setting and property names
as described in \fInm-settings\fP(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6,
DHCP6, VPN.
.PP
When no command is given to the \fIconnection\fP object, the default action
is 'nmcli connection show'.
.RE
.TP
.B up [ id | uuid | path ] <ID> [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]
.RE
.RS
.B up ifname <ifname> [ap <BSSID>] [passwd-file <file with passwords>]
.RS
.br
Activate a connection.  The connection is identified by its name, UUID or D-Bus
path. If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be
used.  When requiring a particular device to activate the connection on, the
\fIifname\fP option with interface name should be given.  If the <ID> is not
given an \fIifname\fP is required, and NetworkManager will activate the best
available connection for the given \fIifname\fP.  In case of a VPN connection,
the \fIifname\fP option specifies the device of the base connection. The
\fIap\fP option specify what particular AP should be used in case of a Wi\(hyFi
connection.
.br
If '--wait' option is not specified, the default timeout will be 90 seconds.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.RS
.PP
Available options are:
.IP \fIifname\fP 13
\(en interface that will be used for activation
.IP \fIap\fP 13
\(en BSSID of the AP which the command should connect to (for Wi\(hyFi connections)
.IP \fIpasswd-file\fP 13
\(en some networks may require credentials during activation. You can give these
credentials using this option.
Each line of the file should contain one password in the form of
.br
\fBsetting_name.property_name:the password\fP
.br
For example, for WPA Wi-Fi with PSK, the line would be
.br
\fI802-11-wireless-security.psk:secret12345\fP
.br
For 802.1X password, the line would be
.br
\fI802-1x.password:my 1X password\fP
.br
nmcli also accepts "wifi-sec" and "wifi" strings instead of "802-11-wireless-security".
When NetworkManager requires a password and it is not given, nmcli will ask for it
when run with --ask. If --ask was not passed, NetworkManager can ask another secret
agent that may be running (typically a GUI secret agent, such as nm-applet or
gnome-shell).
.RE
.RE
.TP
.B down [ id | uuid | path | apath ] <ID> ...
.br
Deactivate a connection from a device without preventing the device from
further auto-activation. Multiple connections can be passed to the command. 
.sp
Be aware that this command deactivates the specified active connection, but the device
on which the connection was active, is still ready to connect and will perform
auto-activation by looking for a suitable connection that has the 'autoconnect'
flag set. This includes the just deactivated connection. So if the connection is set
to auto-connect, it will be automatically started on the disconnected device again.
.br
In most cases you may want to use \fIdevice disconnect\fP command instead.
.sp
The connection is identified by its name, UUID or D-Bus path.
If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP, \fIpath\fP or
\fIapath\fP can be used.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.br
If '--wait' option is not specified, the default timeout will be 10 seconds.
.TP
.B add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- [+|-]<setting>.<property> <value> ...]
.br
Add a connection for NetworkManager. Arguments differ according to connection types, see below.
.RS
.TP
.B COMMON_OPTIONS:
.IP "\fItype <type>\fP" 42
\(en connection type; see below \fBTYPE_SPECIFIC_OPTIONS\fP for allowed values; (mandatory)
Note that types \fIbond-slave\fP, \fIteam-slave\fP and \fIbridge-slave\fP create \fIethernet\fP
connection profiles. Their use is discouraged in favor of using a specific type with \fImaster\fP
option.
.IP "\fIifname <ifname> | \(dq\&*\(dq\&\fP" 42
\(en interface to bind the connection to. The connection will only be applicable to this
interface name. A special value of "\fB*\fP" can be used for interface-independent connections.
The \fIifname\fP argument is mandatory for all connection types except bond, team, bridge and vlan.
Note: use quotes around \fB*\fP to suppress shell expansion.
.IP "\fI[con-name <connection name>]\fP" 42
\(en connection name (when not provided a default name is generated: <type>[-<ifname>][-<num>])
.IP "\fI[autoconnect yes|no]\fP" 42
\(en whether the connection profile can be automatically activated (default: yes)
.IP "\fI[save yes|no]\fP" 42
\(en whether the connection should be persistent, i.e. NetworkManager should store it on disk (default: yes)
.IP "\fI[master <master (ifname, or connection UUID or name)>]\fP" 42
\(en master interface name, or connection UUID or ID of master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
See below \fBSLAVE_OPTIONS\fP for additional options for slave connection to masters of various types.
.IP "\fI[slave-type <master connection type>]\fP" 42
\(en type of master connection. Only required when it can not be inferred (i.e. the master connection does
not exist yet).
.RE
.RS
.TP
.B TYPE_SPECIFIC_OPTIONS:
.TP
.B ethernet:
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.IP "\fI[cloned-mac <cloned MAC address>]\fP" 42
\(en cloned MAC
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.RE
.RS
.TP
.B wifi:
.IP "\fIssid <SSID>\fP" 42
\(en SSID
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.IP "\fI[cloned-mac <cloned MAC address>]\fP" 42
\(en cloned MAC
.IP "\fI[mode infrastructure|ap|adhoc]\fP" 42
\(en Wi-Fi network mode. If blank, \fIinfrastructure\fP is assumed.
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.RE
.RS
.TP
.B wimax:
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.IP "\fI[nsp <NSP>]\fP" 42
\(en Network Service Provider name
.RE
.RS
.TP
.B pppoe:
.IP "\fIusername <PPPoE username>\fP" 42
\(en PPPoE username
.IP "\fI[password <PPPoE password>]\fP" 42
\(en Password for the PPPoE username
.IP "\fI[service <PPPoE service name>]\fP" 42
\(en PPPoE service name (if required by concentrator)
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.RE
.RS
.TP
.B gsm:
.IP "\fIapn <APN>\fP" 42
\(en APN - GSM Access Point Name
.IP "\fI[user <username>]\fP" 42
\(en user name
.IP "\fI[password <password>]\fP" 42
\(en password
.RE
.RS
.TP
.B cdma:
.IP "\fI[user <username>]\fP" 42
\(en user name
.IP "\fI[password <password>]\fP" 42
\(en password
.RE
.RS
.TP
.B infiniband:
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to (InfiniBand MAC is 20 bytes)
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.IP "\fI[transport-mode datagram | connected]\fP" 42
\(en InfiniBand transport mode
.IP "\fI[parent <interface name>]\fP" 42
\(en the interface name of the parent device (if any)
.IP "\fI[p-key <IPoIB P_Key>]\fP" 42
\(en the InfiniBand P_Key (16-bit unsigned integer)
.RE
.RS
.TP
.B bluetooth:
.IP "\fI[addr <bluetooth address>]\fP" 42
\(en Bluetooth device address (MAC)
.IP "\fI[bt-type panu|dun-gsm|dun-cdma]\fP" 42
\(en Bluetooth connection type
.RE
.RS
.TP
.B vlan:
.IP "\fIdev <parent device (connection UUID, ifname, or MAC)>\fP" 42
\(en parent device this VLAN is on
.IP "\fIid <VLAN ID>\fP" 42
\(en VLAN ID in range <0-4095>
.IP "\fI[flags <VLAN flags>]\fP" 42
\(en flags
.IP "\fI[ingress <ingress priority mapping>]\fP" 42
\(en VLAN ingress priority mapping
.IP "\fI[egress <egress priority mapping>]\fP" 42
\(en VLAN egress priority mapping
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.RE
.RS
.TP
.B bond:
.IP "\fI[mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |\fP"
.IP "\fI      802.3ad    (4) | balance-tlb   (5) | balance-alb (6)]\fP" 42
\(en bonding mode (default: balance-rr)
.IP "\fI[primary <ifname>]\fP" 42
\(en primary interface name (for "active-backup" mode)
.IP "\fI[miimon <num>]\fP" 42
\(en miimon (default: 100)
.IP "\fI[downdelay <num>]\fP" 42
\(en downdelay (default: 0)
.IP "\fI[updelay <num>]\fP" 42
\(en updelay (default: 0)
.IP "\fI[arp-interval <num>]\fP" 42
\(en ARP interval (default: 0)
.IP "\fI[arp-ip-target <num>]\fP" 42
\(en ARP IP target
.RE
.RS
.TP
.B bond-slave:
.IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
\(en master bond interface name, or connection UUID or ID of bond master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
.RE
.RS
.TP
.B team:
.IP "\fI[config <file>|<raw JSON data>]\fP" 42
\(en JSON configuration for team
.RE
.RS
.TP
.B team-slave:
.IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
\(en master team interface name, or connection UUID or ID of team master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
.RE
.RS
.TP
.B bridge:
.IP "\fI[stp yes|no]\fP" 42
\(en controls whether Spanning Tree Protocol (STP) is enabled for this bridge (default: yes)
.IP "\fI[priority <num>]\fP" 42
\(en sets STP priority (default: 128)
.IP "\fI[forward-delay <2-30>]\fP" 42
\(en STP forwarding delay, in seconds (default: 15)
.IP "\fI[hello-time <1-10>]\fP" 42
\(en STP hello time, in seconds (default: 2)
.IP "\fI[max-age <6-42>]\fP" 42
\(en STP maximum message age, in seconds (default: 20)
.IP "\fI[ageing-time <0-1000000>]\fP" 42
\(en the Ethernet MAC address aging time, in seconds (default: 300)
.IP "\fI[multicast-snooping yes|no]\fP" 42
\(en controls whether IGMP snooping is enabled (default: yes)
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the bridge (note: this requires a recent kernel feature,
originally introduced in 3.15 upstream kernel)
.RE
.RS
.TP
.B bridge-slave:
.IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
\(en master bridge interface name, or connection UUID or ID of bridge master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
.RE
.RS
.TP
.B vpn:
.IP "\fIvpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|strongswan|ssh|l2tp|iodine|fortisslvpn|...\fP" 42
\(en VPN type
.IP "\fI[user <username>]\fP" 42
\(en VPN username
.RE
.RS
.TP
.B olpc-mesh:
.IP "\fIssid <SSID>\fP" 42
\(en SSID
.IP "\fI[channel <1-13>]\fP" 42
\(en channel to use for the network
.IP "\fI[dhcp-anycast <MAC address>]\fP" 42
\(en anycast DHCP MAC address used when requesting an IP address via DHCP
.RE
.RS
.TP
.B adsl:
.IP "\fIusername <username>\fP" 42
\(en ADSL user name
.IP "\fIprotocol pppoa|pppoe|ipoatm\fP" 42
\(en ADSL protocol
.IP "\fI[password <password>]\fP" 42
\(en ADSL password
.IP "\fI[encapsulation vcmux|llc]\fP" 42
\(en ADSL encapsulation
.RE
.RS
.TP
.B tun:
.IP "\fImode tun|tap\fP" 42
\(en Mode for the device
.IP "\fI[owner <UID>]\fP" 42
\(en UID of the owner
.IP "\fI[group <GID>]\fP" 42
\(en GID of the group
.IP "\fI[pi yes|no>]\fP" 42
\(en include packet information (~IFF_NO_PI flag)
.IP "\fI[vnet-hdr yes|no>]\fP" 42
\(en send and receive large (i.e. GSO) packets and packets with partial checksums (IFF_VNET_HDR flag)
.IP "\fI[multi-queue yes|no>]\fP" 42
\(en multi-queue support for tun/tap device (IFF_MULTI_QUEUE flag)
.RE
.RS
.TP
.B ip-tunnel:
.IP "\fImode ipip|gre|sit|isatap|vti|ip6ip6|ipip6|ip6gre|vti6\fP" 42
\(en tunnel mode
.IP "\fIremote <remote endpoint IP>\fP" 42
\(en IPv4 or IPv6 address of the remote tunnel endpoint
.IP "\fI[local <local endpoint IP>]\fP" 42
\(en IPv4 or IPv6 address of the local tunnel endpoint
.IP "\fI[dev <parent device (ifname or connection UUID)>]\fP" 42
\(en device to use for tunnel endpoint communication
.RE
.RS
.TP
.B macvlan:
.IP "\fIdev <parent device (connection  UUID, ifname, or MAC)>\fP" 42
\(en parent device this MACVLAN is on
.IP "\fImode vepa|bridge|private|passthru|source\fP" 42
\(en MACVLAN mode, which specifies the communication mechanism between multiple MACVLANs on the same lower device
.IP "\fI[tap yes|no]\fP" 42
\(en controls the device type. If set to 'yes' a MACVTAP will be created (default: no)
.RE
.RS
.TP
.B vxlan:
.IP "\fIid <VXLAN ID>\fP" 42
\(en VXLAN Network Identifer to use
.IP "\fIremote <IP>\fP" 42
\(en unicast destination IP address or multicast IP address to join
.IP "\fI[dev <parent device (ifname or connection UUID)>]\fP" 42
\(en device to use for tunnel endpoint communication
.IP "\fI[local <IP>]\fP" 42
\(en source IP address
.IP "\fI[source-port-min <0-65535>]\fP" 42
\(en minimum UDP source port to communicate to the remote VXLAN tunnel endpoint
.IP "\fI[source-port-max <0-65535>]\fP" 42
\(en maximum UDP source port to communicate to the remote VXLAN tunnel endpoint
.IP "\fI[destination-port <0-65535>]\fP" 42
\(en UDP destination port to communicate to the remote VXLAN tunnel endpoint
.RE
.RS
.TP
.B SLAVE_OPTIONS:
.RE
.RS
.TP
.B bridge:
.IP "\fI[priority <0-63>]\fP" 42
\(en STP priority of this slave (default: 32)
.IP "\fI[path-cost <1-65535>]\fP" 42
\(en STP port cost for destinations via this slave (default: 100)
.IP "\fI[hairpin yes|no]\fP" 42
\(en 'hairpin mode' for the slave, which allows frames
to be sent back out through the slave the frame was received on (default: yes)
.RE
.RS
.TP
.B team:
.IP "\fI[config <file>|<raw JSON data>]\fP" 42
\(en JSON configuration for team
.RE
.RS
.TP
.B IP_OPTIONS:
.IP "\fI[ip4 <IPv4 address>] [gw4 <IPv4 gateway>]\fP" 42
\(en IPv4 addresses
.IP "\fI[ip6 <IPv6 address>] [gw6 <IPv6 gateway>]\fP" 42
\(en IPv6 addresses
.RE
.RS
If a \fI--\fP argument is encountered, the rest of command line is interpreted
as property list in the same format as \fIconnection modify\fP command accepts.
This makes it possible to adjust the connection properties before it's added.
.RE
.TP
.B edit [id | uuid | path ] <ID>  - edit an existing connection
.RE
.RS
.B edit [type <new connection type>] [con-name <new connection name>]  - add a new connection
.RS
Edit an existing connection or add a new one, using an interactive editor.
.br
The existing connection is identified by its name, UUID or D-Bus path.
If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP, or \fIpath\fP can be used.
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
Not providing an <ID> means that a new connection will be added.
.sp
The interactive editor will guide you through the connection editing and
allow you to change connection parameters according to your needs by means of
a simple menu-driven interface. The editor indicates what settings and
properties can be modified and provides in-line help.
.sp
.PP
Available options:
.IP \fItype\fP 13
\(en type of the new connection; valid types are the same as for \fIconnection add\fP command
.IP \fIcon-name\fP 13
\(en name for the new connection. It can be changed later in the editor.
.RE
.RS
.sp
See also \fInm-settings\fP(5) for all NetworkManager settings and property names, and their
descriptions; and \fInmcli-examples\fP(5) for sample editor sessions.
.RE
.TP
.B modify [--temporary] [ id | uuid | path ] <ID> [+|-]<setting>.<property> <value>
.B [+|-]<setting>.<property> <value> ...
.br
Modify one or more properties in the connection profile.
.br
The connection is identified by its name, UUID or D-Bus path. If <ID> is
ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used.  See
\fInm-settings\fP(5) for setting and property names, their descriptions and
default values. This command supports abbreviations for \fIsetting name\fP and
\fIproperty name\fP provided they are unique. Empty \fIvalue\fP ("") removes
the property value (sets the property to the default value).  The provided
value overwrites the existing property value.
.br
If you want to append an item to the existing value, use \fI+\fP prefix for the
property name. If you want to remove just one item from container-type
property, use \fI-\fP prefix for the property name and specify a value or an
zero-based index of the item to remove (or option name for properties with
named options) as \fIvalue\fP. Of course, \fI+|-\fP only have a real effect for
multi-value (container) properties like ipv4.dns, ipv4.addresses, bond.options,
etc.
.br
The changes to the connection profile will be saved persistently by
NetworkManager, unless \fI--temporary\fP option is provided, in which case the
changes won't persist over NetworkManager restart.
.TP
.B clone [--temporary] [ id | uuid | path ] <ID> <new name>
.br
Clone a connection. The connection to be cloned is identified by its
name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
\fIuuid\fP or \fIpath\fP can be used. See \fBconnection show\fP above for
the description of the <ID>-specifying keywords. \fI<new name>\fP is the name
of the new cloned connection. The new connection will be the exact copy except
the connection.id (\fI<new name>\fP) and connection.uuid (generated)
properties.
.br
The new connection profile will be saved as persistent unless \fI--temporary\fP
option is specified, in which case the new profile won't exist after NetworkManager
restart.
.TP
.B delete [ id | uuid | path ] <ID> ...
.br
Delete a configured connection. The connection to be deleted is identified by
its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
\fIuuid\fP or \fIpath\fP can be used.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.br
If '--wait' option is not specified, the default timeout will be 10 seconds.
.TP
.B monitor [ id | uuid | path ] <ID> ...
.br
Monitor connection profile activity. This command prints a line whenever the
specified connection changes. The connection to be monitored is identified by
its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
\fIuuid\fP or \fIpath\fP can be used.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.br
Monitors all connection profiles in case none is specified. The command terminates
when all monitored connections disappear. If you want to monitor connection creation
consider using the global monitor with \fInmcli monitor\fP command.
.TP
.B reload
.br
Reload all connection files from disk. \fINetworkManager\fP does not monitor
changes to connection files by default. So you need to use this command in order
to tell \fINetworkManager\fP to re-read the connection profiles from disk when
a change was made to them. However, the auto-loading feature can be enabled and
then \fINetworkManager\fP will reload connection files any time they change
(monitor-connection-files=true in \fINetworkManager.conf\fP(5)).
.TP
.B load <filename> [<filename>...]
.br
Load/reload one or more connection files from disk. Use this after manually
editing a connection file to ensure that \fBNetworkManager\fP is aware
of its latest state.
.TP
.B import [--temporary] type <type> file <file to import>
.br
Import an external/foreign configuration as a NetworkManager connection profile.
The type of the input file is specified by \fItype\fP option.
.br
Only VPN configurations are supported at the moment. The configuration
is imported by NetworkManager VPN plugins. \fItype\fP values are the same as for
\fIvpn-type\fP option in \fBnmcli connection add\fP. VPN configurations are
imported by VPN plugins. Therefore the proper VPN plugin has to be installed
so that nmcli could import the data.
.br
The imported connection profile will be saved as persistent unless \fI--temporary\fP
option is specified, in which case the new profile won't exist after NetworkManager
restart.
.TP
.B export [ id | uuid | path ] <ID> [<output file>]
.br
Export a connection.
.br
Only VPN connections are supported at the moment. A proper VPN plugin has to be
installed so that nmcli could export a connection. If no \fI<output file>\fP is
provided, the VPN configuration data will be printed to standard output.
.RE

.TP
.B device - show and manage network interfaces
.br
.TP
.SS \fICOMMAND\fP := { status | show | set | connect | reapply | disconnect | delete | monitor | wifi | lldp }
.sp
.RS
.TP
.B status
.br
Print status of devices.
.br
This is the default action if no command is specified to \fIdevice\fP object.
.TP
.B show [<ifname>]
.br
Show detailed information about devices.  Without an argument, all devices are
examined. To get information for a specific device, the interface name has
to be provided.
.TP
.TP
.B set [ifname] <ifname> [autoconnect yes|no] [managed yes|no]
.br
Set device properties.
.TP
.B connect <ifname>
.br
Connect the device. NetworkManager will try to find a suitable connection that
will be activated. It will also consider connections that are not set to auto connect.
.br
If '--wait' option is not specified, the default timeout will be 90 seconds.
.TP
.B reapply <ifname>
.br
Attempt to update device with changes to the currently active connection
made since it was last applied.
.TP
.B disconnect <ifname> ...
.br
Disconnect a device and prevent the device from automatically activating further
connections without user/manual intervention. Note that disconnecting software
devices may mean that the devices will disappear.
.br
If '--wait' option is not specified, the default timeout will be 10 seconds.
.TP
.B delete <ifname> ...
.br
Delete a device. The command removes the interface from the system. Note that
this only works for software devices like bonds, bridges, teams, etc.
Hardware devices (like Ethernet) cannot be deleted by the command.
.br
If '--wait' option is not specified, the default timeout will be 10 seconds.
.TP
.B monitor [<ifname>] ...
.br
Monitor device activity. This command prints a line whenever the specified devices
change state.
.br
Monitors all devices in case no interface is specified. The monitor terminates when
all specified devices disappear. If you want to monitor device addition consider
using the global monitor with \fInmcli monitor\fP command.
.TP
.B wifi [list [ifname <ifname>] [bssid <BSSID>]]
.br
List available Wi\(hyFi access points. The \fIifname\fP and \fIbssid\fP options
can be used to list APs for a particular interface or with a specific BSSID,
respectively.
.TP
.B wifi connect <(B)SSID> [password <password>] [wep\-key\-type key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>]
.B [private yes|no] [hidden yes|no]
.br
Connect to a Wi\(hyFi network specified by SSID or BSSID. The command creates a new
connection and then activates it on a device. This is a command\(hyline counterpart
of clicking an SSID in a GUI client. The command always creates a new connection
and thus it is mainly useful for connecting to new Wi\(hyFi networks. If a connection
for the network already exists, it is better to bring up (activate) the existing connection
as follows: \fInmcli con up id <name>\fP. Note that only open, WEP and WPA\(hyPSK networks
are supported at the moment. It is also supposed that IP configuration is obtained via
DHCP.
.br
If '--wait' option is not specified, the default timeout will be 90 seconds.
.RS
.PP
Available options are:
.IP \fIpassword\fP 13
\(en password for secured networks (WEP or WPA)
.IP \fIwep\-key\-type\fP 13
\(en type of WEP secret, either \fIkey\fP for ASCII/HEX key or \fIphrase\fP for passphrase
.IP \fIifname\fP 13
\(en interface that will be used for activation
.IP \fIbssid\fP 13
\(en if specified, the created connection will be restricted just for the BSSID
.IP \fIname\fP 13
\(en if specified, the connection will use the name (else NM creates a name itself)
.IP \fIprivate\fP 13
\(en if set to \fByes\fP, the connection will only be visible to the user who created it.
Otherwise the connection is system\(hywide, which is the default.
.IP \fIhidden\fP 13
\(en set to \fByes\fP when connecting for the first time to an AP not broadcasting its SSID.
Otherwise the SSID would not be found and the connection attempt would fail.
.RE
.TP
.B wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] [password <password>]
.br
Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to
Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA
if device/driver supports that, otherwise WEP is used.
Use \fIconnection down\fP or \fIdevice disconnect\fP to stop the hotspot.
.br
.RS
.PP
Parameters of the hotspot can be influenced by the optional parameters:
.IP \fIifname\fP 17
\(en what Wi-Fi device is used
.IP \fIcon-name\fP 17
\(en name of the created hotspot connection profile
.IP \fIssid\fP 17
\(en SSID of the hotspot
.IP \fIband\fP 17
\(en Wi-Fi band to use
.IP \fIchannel\fP 17
\(en Wi-Fi channel to use
.IP \fIpassword\fP 17
\(en password to use for the created hotspot. If not provided,
nmcli will generate a password. The password is either WPA
pre-shared key or WEP key.
.PP
Note that \fI--show-secrets\fP global option can be used to print the hotspot
password. It is useful especially when the password was generated.
.RE
.TP
.B wifi rescan [ifname <ifname>] [[ssid <SSID>] ...]
.br
Request that \fINetworkManager\fP immediately re-scan for available access points.
NetworkManager scans Wi\(hyFi networks periodically, but in some cases it can be
useful to start scanning manually (e.g. after resuming the computer). By using
\fIssid\fP, it is possible to scan for a specific SSID, which is useful for APs
with hidden SSIDs. You can provide multiple \fIssid\fP parameters in order to
scan more SSIDs.
.br
This command does not show the APs, use 'nmcli device wifi list' for that.
.TP
.B lldp [list [ifname <ifname>]]
.br
Display information about neighboring devices learned through the Link
Layer Discovery Protocol (LLDP). The \fIifname\fP option can be used to
list neighbors only for a given interface. The protocol must be
enabled in the connection settings.
.RE

.TP
.B agent \- run nmcli as a NetworkManager secret agent, or polkit agent
.br
.TP
.SS \fICOMMAND\fP := { secret | polkit  | all }
.sp
.RS
.TP
.B secret
.br
Register nmcli as a NetworkManager secret agent and listen for secret requests.
You do usually not need this command, because nmcli can handle secrets when
connecting to networks. However, you may find the command useful when you use
another tool for activating connections and you do not have a secret agent
available (like nm-applet).
.TP
.B polkit
.br
Register nmcli as a polkit agent for the user session and listen for
authorization requests. You do not usually need this command, because nmcli can
handle polkit actions related to NetworkManager operations (when run with
--ask).  However, you may find the command useful when you want to run a simple
text based polkit agent and you do not have an agent of a desktop environment.
Note that running this command makes nmcli handle all polkit requests, not only
NetworkManager related ones, because only one polkit agent can run for the
session.
.TP
.B all
.br
Runs nmcli as both NetworkManager secret and a polkit agent.
.RE

.SH ENVIRONMENT VARIABLES
\fInmcli\fP's behavior is affected by the following environment variables.
.IP "LC_ALL" 13
If set to a non\(hyempty string value, it overrides the values of all the other
internationalization variables.
.IP "LC_MESSAGES" 13
Determines the locale to be used for internationalized messages.
.IP "LANG" 13
Provides a default value for the internationalization variables that are unset
or null.

.RE
Internationalization notes:
.br
Be aware that \fInmcli\fP is localized and that is why the output depends on
your environment. This is important to realize especially when you parse the
output.
.br
Call \fInmcli\fP as \fBLC_ALL=C nmcli\fP to be sure the locale is
set to "C" while executing in a script.

\fBLC_ALL\fP, \fBLC_MESSAGES\fP, \fBLANG\fP variables specify the LC_MESSAGES
locale category (in that order), which determines the language that \fInmcli\fP
uses for messages.  The "C" locale is used if none of these variables are set,
and this locale uses English messages.

.SH EXIT STATUS
\fInmcli\fP exits with status 0 if it succeeds, a value greater than 0 is
returned if an error occurs.
.IP "0" 4
Success \(en indicates the operation succeeded
.IP "1" 4
Unknown or unspecified error
.IP "2" 4
Invalid user input, wrong \fInmcli\fP invocation
.IP "3" 4
Timeout expired (see \fI\-\-wait\fP option)
.IP "4" 4
Connection activation failed
.IP "5" 4
Connection deactivation failed
.IP "6" 4
Disconnecting device failed
.IP "7" 4
Connection deletion failed
.IP "8" 4
NetworkManager is not running
.IP "9" 4
\fInmcli\fP and \fINetworkManager\fP versions mismatch
.IP "10" 4
Connection, device, or access point does not exist.

.SH EXAMPLES
.PP
This section presents various examples of nmcli usage. If you want even more,
please refer to \fInmcli-examples\fP(5) manual page.
.sp
.IP "\fB\f(CWnmcli \-t \-f RUNNING general\fP\fP"
.IP
tells you whether NetworkManager is running or not.

.IP "\fB\f(CWnmcli \-t \-f STATE general\fP\fP"
.IP
shows the overall status of NetworkManager.

.IP "\fB\f(CWnmcli radio wifi off\fP\fP"
.IP
switches Wi\(hyFi off.

.IP "\fB\f(CWnmcli connection show\fP\fP"
.IP
lists all connections NetworkManager has.

.IP "\fB\f(CWnmcli \-p \-m multiline \-f all con show\fP\fP"
.IP
shows all configured connections in multi-line mode.

.IP "\fB\f(CWnmcli connection show --active\fP\fP"
.IP
lists all currently active connections.

.IP "\fB\f(CWnmcli \-f name,autoconnect c s\fP\fP"
.IP
shows all connection profile names and their auto-connect property.

.IP "\fB\f(CWnmcli \-p connection show \(dq\&My default em1\(dq\&\fP\fP"
.IP
shows details for "My default em1" connection profile.

.IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP"
.IP
shows details for "My Home WiFi" connection profile with all passwords.
Without \fI--show-secrets\fP option, secrets would not be displayed.

.IP "\fB\f(CWnmcli \-f active connection show \(dq\&My default em1\(dq\&\fP\fP"
.IP
shows details for "My default em1" active connection, like IP, DHCP
information, etc.

.IP "\fB\f(CWnmcli -f profile con s \(dq\&My wired connection\(dq\&\fP\fP"
.IP
shows static configuration details of the connection profile with "My wired connection" name.

.IP "\fB\f(CWnmcli \-p con up \(dq\&My wired connection\(dq\& ifname eth0\fP\fP"
.IP
activates the connection profile with name "My wired connection" on interface eth0.
The \-p option makes nmcli show progress of the activation.

.IP "\fB\f(CWnmcli con up 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 ap 00:3A:98:7C:42:D3\fP\fP"
.IP
connects the Wi\(hyFi connection with UUID 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 to the AP
with BSSID 00:3A:98:7C:42:D3.

.IP "\fB\f(CWnmcli device status\fP\fP"
.IP
shows the status for all devices.

.IP "\fB\f(CWnmcli dev disconnect em2\fP\fP"
.IP
disconnects a connection on interface em2 and marks the device as unavailable for
auto\(hyconnecting. As a result, no connection will automatically be activated on the
device until the device's 'autoconnect' is set to TRUE or the user manually activates
a connection.

.IP "\fB\f(CWnmcli \-f GENERAL,WIFI\-PROPERTIES dev show wlan0\fP\fP"
.IP
shows details for wlan0 interface; only GENERAL and WIFI\-PROPERTIES sections will be shown.

.IP "\fB\f(CWnmcli \-f CONNECTIONS device show wlp3s0\fP\fP"
.IP
shows all available connection profiles for your Wi-Fi interface wlp3s0.

.IP "\fB\f(CWnmcli dev wifi\fP\fP"
.IP
lists available Wi\(hyFi access points known to NetworkManager.

.IP "\fB\f(CWnmcli dev wifi con \(dq\&Cafe Hotspot 1\(dq\& password caffeine name \(dq\&My cafe\(dq\&\fP\fP"
.IP
creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID
using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for
the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the
existing connection profile can be used and no additional is created.

.IP "\fB\f(CWnmcli -s dev wifi hotspot con-name QuickHotspot\fP\fP"
.IP
creates a hotspot profile and connects it. Prints the hotspot password the user should use
to connect to the hotspot from other devices.

.IP "\fB\f(CWnmcli connection add type ethernet autoconnect no ifname eth0\fP\fP"
.IP
non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP),
and disables the connection's "autoconnect" flag.

.IP "\fB\f(CWnmcli c a ifname Maxipes\(hyfik type vlan dev eth0 id 55\fP\fP"
.IP
non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface
will be named Maxipes\(hyfik.

.IP "\fB\f(CWnmcli c a ifname eth0 type ethernet -- ipv4.method disabled ipv6.method link-local\fP\fP"
.IP
non-interactively adds a connection that will use eth0 Ethernet interface and only have an IPv6 link-local
address configured.

.IP "\fB\f(CWnmcli connection edit ethernet\-em1\-2\fP\fP"
.IP
edits existing "ethernet\(hyem1\(hy2" connection in the interactive editor.

.IP "\fB\f(CWnmcli connection edit type ethernet con-name \(dq\&yet another Ethernet connection\(dq\&\fP\fP"
.IP
adds a new Ethernet connection in the interactive editor.

.IP "\fB\f(CWnmcli con mod ethernet\-2 connection.autoconnect no\fP\fP"
.IP
modifies 'autoconnect' property in the 'connection' setting of 'ethernet\(hy2' connection.

.IP "\fB\f(CWnmcli con mod \(dq\&Home Wi\-Fi\(dq\& wifi.mtu 1350\fP\fP"
.IP
modifies 'mtu' property in the 'wifi' setting of 'Home Wi\(hyFi' connection.

.IP "\fB\f(CWnmcli con mod em1-1 ipv4.method manual ipv4.addr \(dq\&192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11\(dq\&\fP\fP"
.IP
sets manual addressing and the addresses in em1-1 profile.

.IP "\fB\f(CWnmcli con modify ABC +ipv4.dns 8.8.8.8\fP\fP"
.IP
appends a Google public DNS server to DNS servers in ABC profile.

.IP "\fB\f(CWnmcli con modify ABC -ipv4.addresses \(dq\&192.168.100.25/24 192.168.1.1\(dq\&\fP\fP"
.IP
removes the specified IP address from (static) profile ABC.

.IP "\fB\f(CWnmcli con import type openvpn file ~/Downloads/frootvpn.ovpn\fP\fP"
.IP
imports an OpenVPN configuration to NetworkManager.

.IP "\fB\f(CWnmcli con export corp-vpnc /home/joe/corpvpn.conf\fP\fP"
.IP
exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc) configuration.

.SH NOTES
\fInmcli\fP accepts abbreviations, as long as they are a unique prefix in the set
of possible options. As new options get added, these abbreviations are not guaranteed
to stay unique. For scripting and long term compatibility it is therefore strongly
advised to spell out the full option names.

.SH BUGS
There are probably some bugs.  If you find a bug, please report it to
https://bugzilla.gnome.org/ \(em product \fINetworkManager\fP.

.SH SEE ALSO
.BR nmcli\-examples (5),
.BR nm\-online (1),
.BR NetworkManager (8),
.BR NetworkManager.conf (5),
.BR nm\-settings (5),
.BR nm\-applet (1),
.BR nm\-connection\-editor (1).