1 .\" nmcli (1) manual page
3 .\" This is free documentation; you can redistribute it and/or
4 .\" modify it under the terms of the GNU General Public License as
5 .\" published by the Free Software Foundation; either version 2 of
6 .\" the License, or (at your option) any later version.
8 .\" The GNU General Public License's references to "object code"
9 .\" and "executables" are to be interpreted as the output of any
10 .\" document formatting or typesetting system, including
11 .\" intermediate and printed output.
13 .\" This manual is distributed in the hope that it will be useful,
14 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
15 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 .\" GNU General Public License for more details.
18 .\" You should have received a copy of the GNU General Public Licence along
19 .\" with this manual; if not, write to the Free Software Foundation, Inc.,
20 .\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 .\" Copyright 2010 - 2015 Red Hat, Inc.
24 .TH NMCLI "1" "2016-03-09" "NetworkManager 1.2"
27 nmcli \- command\(hyline tool for controlling NetworkManager
31 .RI " [ " OPTIONS " ] " OBJECT " { " COMMAND " | "
36 .BR general " | " networking " | " radio " | " connection " | " device " | " agent " | " monitor
44 \fB\-p\fR[\fIretty\fR]
46 \fB\-m\fR[\fImode\fR] tabular | multiline
48 \fB\-c\fR[\fIcolors\fR] auto | yes | no
50 \fB\-f\fR[\fIields\fR] <field1,field2,...> | all | common
52 \fB\-e\fR[\fIscape\fR] yes | no
54 \fB\-n\fR[\fIocheck\fR]
58 \fB\-s\fR[\fIhow-secrets\fR]
60 \fB\-w\fR[\fIait\fR] <seconds>
62 \fB\-v\fR[\fIersion\fR]
70 is a command\(hyline tool for controlling NetworkManager and reporting network
71 status. It can be utilized as a replacement for \fInm\(hyapplet\fP or other
72 graphical clients. \fInmcli\fP is used to create, display, edit, delete, activate,
73 and deactivate network connections, as well as control and display network device
78 Scripts: utilize NetworkManager via \fInmcli\fP instead of managing network
79 connections manually. \fInmcli\fP supports a terse output format which is better
80 suited for script processing. Note that NetworkManager can also execute scripts,
81 called "dispatcher scripts", in response to network events. See
82 \fBNetworkManager\fP for details about these dispatcher scripts.
84 Servers, headless machines, and terminals: \fInmcli\fP can be used to control
85 NetworkManager without a GUI, including creating, editing, starting and stopping
86 network connections and viewing network status.
90 Output is terse. This mode is designed and suitable for computer (script)
94 Output is pretty. This causes \fInmcli\fP to produce easily readable outputs
95 for humans, i.e. values are aligned, headers are printed, etc.
97 .B \-m, \-\-mode tabular | multiline
98 Switch between \fItabular\fP and \fImultiline\fP output.
99 If omitted, default is \fItabular\fP for most commands. For the commands
100 producing more structured information, that cannot be displayed on a single
101 line, default is \fImultiline\fP. Currently, they are:
104 'nmcli connection show <ID>'
107 \fItabular\fP \(en Output is a table where each line describes a single entry.
108 Columns define particular properties of the entry.
110 \fImultiline\fP \(en Each entry comprises multiple lines, each property on its own
111 line. The values are prefixed with the property name.
113 .B \-c, \-\-colors auto|yes|no
114 This option controls color output (using terminal escape sequences). \fIyes\fP
115 enables colors, \fIno\fP disables them, \fIauto\fP only produces colors when
116 standard output is directed to a terminal. The default value is \fIauto\fP.
118 .B \-f, \-\-fields <field1,field2,...> | all | common
119 This option is used to specify what fields (column names) should be printed.
120 Valid field names differ for specific commands. List available fields by
121 providing an invalid value to the \fI\-\-fields\fP option.
123 \fIall\fP is used to print all valid field values of the command.
124 \fIcommon\fP is used to print common field values of the command.
125 If omitted, default is \fIcommon\fP.
126 The option is mandatory when \fI\-\-terse\fP is used. In this case, generic
127 values \fIall\fP and \fIcommon\fP cannot be used. (This is to maintain
128 compatibility when new fields are added in the future).
130 .B \-e, \-\-escape yes | no
131 Whether to escape ':' and '\\' characters in terse tabular mode. The escape
133 If omitted, default is \fIyes\fP.
136 This option can be used to force \fInmcli\fP to skip checking \fInmcli\fP and
137 \fINetworkManager\fP version compatibility. Use it with care, because using
138 incompatible versions may produce incorrect results.
141 When using this option \fInmcli\fP will stop and ask for any missing required
142 arguments, so do not use this option for non-interactive purposes like scripts.
143 This option controls, for example, whether you will be prompted for a password
144 if it is required for connecting to a network.
146 .B \-s, \-\-show-secrets
147 When using this option \fInmcli\fP will display passwords and secrets that might
148 be present in an output of an operation. This option also influences echoing
149 passwords typed by user as an input.
151 .B \-w, \-\-wait <seconds>
152 This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP
153 to finish operations. It is especially useful for commands that may take a longer time to
154 complete, e.g. connection activation.
155 Specifying a value of \fB0\fP instructs \fInmcli\fP not to wait but to exit immediately
156 with a status of success. The default value depends on the executed command.
159 Show \fInmcli\fP version.
162 Print help information.
165 .B general \- general \fINetworkManager\fP status and operations
167 Use this object to show NetworkManager status and permissions. You can also get
168 and change system hostname, as well as NetworkManager logging level and domains.
170 .SS \fICOMMAND\fP := { status | hostname | permissions | logging }
176 Show overall status of NetworkManager. This is the default action, when no additional
177 command is provided for \fIgeneral\fP object.
179 .B hostname [<hostname>]
181 Get and change system hostname. With no arguments, this prints currently configured hostname.
182 When you pass a hostname, it will be handed over to NetworkManager to be set as a new system
185 Note that the term \fBsystem\fP hostname may also be referred to as \fBpersistent\fP or
186 \fBstatic\fP by other programs or tools. The hostname is stored in /etc/hostname
187 file in most distributions. For example, systemd-hostnamed service uses the term
188 \fBstatic\fP hostname and it only reads the /etc/hostname file when it starts.
192 Show the permissions a caller has for various authenticated operations that
193 NetworkManager provides, like enable and disable networking, changing Wi\(hyFi
194 and WWAN state, modifying connections, etc.
196 .B logging [level <log level>] [domains <log domains>]
198 Get and change \fINetworkManager\fP logging level and domains. Without any argument
199 current logging level and domains are shown. In order to change logging state, provide
200 \fIlevel\fP and, or, \fIdomain\fP parameters. See \fBNetworkManager.conf\fP for available
201 level and domain values.
205 .B networking \- get or set general networking state of NetworkManager
207 Use this object to show NetworkManager networking status, or to enable and disable
208 networking. Disabling networking removes the configuration from all devices and
209 changes them to the 'unmanaged' state.
211 .SS \fICOMMAND\fP := { [ on | off | connectivity ] }
217 Get networking\(hyenabled status or enable and disable networking by NetworkManager.
218 All interfaces managed by NetworkManager are deactivated when networking has
221 .B connectivity [check]
223 Get network connectivity state.
224 The optional \fIcheck\fP argument tells NetworkManager to re-check the connectivity,
225 else the most recent known connectivity state is displayed without re-checking.
231 \(en the host is not connected to any network
233 \(en the host is behind a captive portal and cannot reach the full Internet
235 \(en the host is connected to a network, but it has no access to the Internet
237 \(en the host is connected to a network and has full access to the Internet
239 \(en the connectivity status cannot be found out
244 .B radio \- get or set radio switch states
246 Use this object to show radio switches status, or enable and disable
249 .SS \fICOMMAND\fP := { all | wifi | wwan }
255 Show or set status of Wi\(hyFi in NetworkManager. If no arguments are supplied,
256 Wi\(hyFi status is printed; \fIon\fP enables Wi\(hyFi; \fIoff\fP disables Wi\(hyFi.
260 Show or set status of WWAN (mobile broadband) in NetworkManager. If no arguments
261 are supplied, mobile broadband status is printed; \fIon\fP enables mobile broadband,
262 \fIoff\fP disables it.
266 Show or set all previously mentioned radio switches at the same time.
270 .B monitor \- monitor NetworkManager
272 Use this object to observe NetworkManager activity. Watches for changes
273 in connectivity state, devices or connection profiles.
275 See also \fImonitor\fP command of \fIconnection\fP or \fIdevice\fP object
276 to watch for changes in certain objects or object classes.
280 .B connection \- start, stop, and manage network connections
282 NetworkManager stores all network configuration as \fIconnections\fP, which are
283 collections of data (Layer2 details, IP addressing, etc.) that describe
284 how to create or connect to a network. A connection is \fIactive\fP when
285 a device uses that connection's configuration to create or connect to a network.
286 There may be multiple connections that apply to a device, but only one of them
287 can be active on that device at any given time. The additional connections can
288 be used to allow quick switching between different networks and configurations.
290 Consider a machine which is usually connected to a DHCP-enabled network, but
291 sometimes connected to a testing network which uses static IP addressing. Instead
292 of manually reconfiguring eth0 each time the network is changed, the settings can
293 be saved as two connections which both apply to eth0, one for DHCP (called
294 "default") and one with the static addressing details (called "testing"). When
295 connected to the DHCP-enabled network the user would run "nmcli con up default"
296 , and when connected to the static network the user would run "nmcli con up testing".
298 .SS \fICOMMAND\fP := { show | up | down | add | edit | modify | delete | monitor | reload | load }
304 List in-memory and on-disk connection profiles, some of which may also be
305 active if a device is using that connection profile. Without a parameter, all
306 profiles are listed. When --active option is specified, only the active profiles
309 .B show [--active] [--order <order spec>] [ id | uuid | path | apath ] <ID> ...
311 Show details for specified connections. By default, both static configuration
312 and active connection data are displayed. When --active option is specified,
313 only the active profiles are taken into account. Use global --show-secrets option
314 to display secrets associated with the profile.
318 The --order option can be used to get custom ordering of connections. The
319 connections can be ordered by active status, name, type or D-Bus path. If
320 connections are equal according to a sort order category, an additional
321 category can be specified.
322 The default sorting order is equivalent to "--order active:name:path".
324 <order spec> := category:category:...
326 category := [+-]active | [+-]name | [+-]type | [+-]path
328 \fI+\fP or no prefix means sorting in ascending order (alphabetically or in numbers).
330 \fI-\fP means reverse (descending) order.
332 The category names can be abbreviated (e.g. --order -a:na)
334 \fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if
335 \fI<ID>\fP is ambiguous.
338 Optional <ID>-specifying keywords are:
340 \(en the <ID> denotes a connection name
342 \(en the <ID> denotes a connection UUID
344 \(en the <ID> denotes a D-Bus static connection path
345 in the format of /org/freedesktop/NetworkManager/Settings/<num> or just <num>
347 \(en the <ID> denotes a D-Bus active connection path
348 in the format of /org/freedesktop/NetworkManager/ActiveConnection/<num> or just <num>
350 It is possible to filter the output using the global \fI--fields\fP option. Use the following
356 \(en only shows static profile configuration
358 \(en only shows active connection data (when the profile is active)
360 You can also specify particular fields. For static configuration, use setting and property names
361 as described in \fInm-settings\fP(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6,
364 When no command is given to the \fIconnection\fP object, the default action
365 is 'nmcli connection show'.
368 .B up [ id | uuid | path ] <ID> [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]
371 .B up ifname <ifname> [ap <BSSID>] [passwd-file <file with passwords>]
374 Activate a connection. The connection is identified by its name, UUID or D-Bus
375 path. If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be
376 used. When requiring a particular device to activate the connection on, the
377 \fIifname\fP option with interface name should be given. If the <ID> is not
378 given an \fIifname\fP is required, and NetworkManager will activate the best
379 available connection for the given \fIifname\fP. In case of a VPN connection,
380 the \fIifname\fP option specifies the device of the base connection. The
381 \fIap\fP option specify what particular AP should be used in case of a Wi\(hyFi
384 If '--wait' option is not specified, the default timeout will be 90 seconds.
386 See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
389 Available options are:
391 \(en interface that will be used for activation
393 \(en BSSID of the AP which the command should connect to (for Wi\(hyFi connections)
394 .IP \fIpasswd-file\fP 13
395 \(en some networks may require credentials during activation. You can give these
396 credentials using this option.
397 Each line of the file should contain one password in the form of
399 \fBsetting_name.property_name:the password\fP
401 For example, for WPA Wi-Fi with PSK, the line would be
403 \fI802-11-wireless-security.psk:secret12345\fP
405 For 802.1X password, the line would be
407 \fI802-1x.password:my 1X password\fP
409 nmcli also accepts "wifi-sec" and "wifi" strings instead of "802-11-wireless-security".
410 When NetworkManager requires a password and it is not given, nmcli will ask for it
411 when run with --ask. If --ask was not passed, NetworkManager can ask another secret
412 agent that may be running (typically a GUI secret agent, such as nm-applet or
417 .B down [ id | uuid | path | apath ] <ID> ...
419 Deactivate a connection from a device without preventing the device from
420 further auto-activation. Multiple connections can be passed to the command.
422 Be aware that this command deactivates the specified active connection, but the device
423 on which the connection was active, is still ready to connect and will perform
424 auto-activation by looking for a suitable connection that has the 'autoconnect'
425 flag set. This includes the just deactivated connection. So if the connection is set
426 to auto-connect, it will be automatically started on the disconnected device again.
428 In most cases you may want to use \fIdevice disconnect\fP command instead.
430 The connection is identified by its name, UUID or D-Bus path.
431 If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP, \fIpath\fP or
432 \fIapath\fP can be used.
434 See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
436 If '--wait' option is not specified, the default timeout will be 10 seconds.
438 .B add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- [+|-]<setting>.<property> <value> ...]
440 Add a connection for NetworkManager. Arguments differ according to connection types, see below.
444 .IP "\fItype <type>\fP" 42
445 \(en connection type; see below \fBTYPE_SPECIFIC_OPTIONS\fP for allowed values; (mandatory)
446 Note that types \fIbond-slave\fP, \fIteam-slave\fP and \fIbridge-slave\fP create \fIethernet\fP
447 connection profiles. Their use is discouraged in favor of using a specific type with \fImaster\fP
449 .IP "\fIifname <ifname> | \(dq\&*\(dq\&\fP" 42
450 \(en interface to bind the connection to. The connection will only be applicable to this
451 interface name. A special value of "\fB*\fP" can be used for interface-independent connections.
452 The \fIifname\fP argument is mandatory for all connection types except bond, team, bridge and vlan.
453 Note: use quotes around \fB*\fP to suppress shell expansion.
454 .IP "\fI[con-name <connection name>]\fP" 42
455 \(en connection name (when not provided a default name is generated: <type>[-<ifname>][-<num>])
456 .IP "\fI[autoconnect yes|no]\fP" 42
457 \(en whether the connection profile can be automatically activated (default: yes)
458 .IP "\fI[save yes|no]\fP" 42
459 \(en whether the connection should be persistent, i.e. NetworkManager should store it on disk (default: yes)
460 .IP "\fI[master <master (ifname, or connection UUID or name)>]\fP" 42
461 \(en master interface name, or connection UUID or ID of master connection profile.
462 The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
463 See below \fBSLAVE_OPTIONS\fP for additional options for slave connection to masters of various types.
464 .IP "\fI[slave-type <master connection type>]\fP" 42
465 \(en type of master connection. Only required when it can not be inferred (i.e. the master connection does
470 .B TYPE_SPECIFIC_OPTIONS:
473 .IP "\fI[mac <MAC address>]\fP" 42
474 \(en MAC address of the device this connection is locked to
475 .IP "\fI[cloned-mac <cloned MAC address>]\fP" 42
477 .IP "\fI[mtu <MTU>]\fP" 42
483 .IP "\fIssid <SSID>\fP" 42
485 .IP "\fI[mac <MAC address>]\fP" 42
486 \(en MAC address of the device this connection is locked to
487 .IP "\fI[cloned-mac <cloned MAC address>]\fP" 42
489 .IP "\fI[mode infrastructure|ap|adhoc]\fP" 42
490 \(en Wi-Fi network mode. If blank, \fIinfrastructure\fP is assumed.
491 .IP "\fI[mtu <MTU>]\fP" 42
497 .IP "\fI[mac <MAC address>]\fP" 42
498 \(en MAC address of the device this connection is locked to
499 .IP "\fI[nsp <NSP>]\fP" 42
500 \(en Network Service Provider name
505 .IP "\fIusername <PPPoE username>\fP" 42
507 .IP "\fI[password <PPPoE password>]\fP" 42
508 \(en Password for the PPPoE username
509 .IP "\fI[service <PPPoE service name>]\fP" 42
510 \(en PPPoE service name (if required by concentrator)
511 .IP "\fI[mtu <MTU>]\fP" 42
513 .IP "\fI[mac <MAC address>]\fP" 42
514 \(en MAC address of the device this connection is locked to
519 .IP "\fIapn <APN>\fP" 42
520 \(en APN - GSM Access Point Name
521 .IP "\fI[user <username>]\fP" 42
523 .IP "\fI[password <password>]\fP" 42
529 .IP "\fI[user <username>]\fP" 42
531 .IP "\fI[password <password>]\fP" 42
537 .IP "\fI[mac <MAC address>]\fP" 42
538 \(en MAC address of the device this connection is locked to (InfiniBand MAC is 20 bytes)
539 .IP "\fI[mtu <MTU>]\fP" 42
541 .IP "\fI[transport-mode datagram | connected]\fP" 42
542 \(en InfiniBand transport mode
543 .IP "\fI[parent <interface name>]\fP" 42
544 \(en the interface name of the parent device (if any)
545 .IP "\fI[p-key <IPoIB P_Key>]\fP" 42
546 \(en the InfiniBand P_Key (16-bit unsigned integer)
551 .IP "\fI[addr <bluetooth address>]\fP" 42
552 \(en Bluetooth device address (MAC)
553 .IP "\fI[bt-type panu|dun-gsm|dun-cdma]\fP" 42
554 \(en Bluetooth connection type
559 .IP "\fIdev <parent device (connection UUID, ifname, or MAC)>\fP" 42
560 \(en parent device this VLAN is on
561 .IP "\fIid <VLAN ID>\fP" 42
562 \(en VLAN ID in range <0-4095>
563 .IP "\fI[flags <VLAN flags>]\fP" 42
565 .IP "\fI[ingress <ingress priority mapping>]\fP" 42
566 \(en VLAN ingress priority mapping
567 .IP "\fI[egress <egress priority mapping>]\fP" 42
568 \(en VLAN egress priority mapping
569 .IP "\fI[mtu <MTU>]\fP" 42
575 .IP "\fI[mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |\fP"
576 .IP "\fI 802.3ad (4) | balance-tlb (5) | balance-alb (6)]\fP" 42
577 \(en bonding mode (default: balance-rr)
578 .IP "\fI[primary <ifname>]\fP" 42
579 \(en primary interface name (for "active-backup" mode)
580 .IP "\fI[miimon <num>]\fP" 42
581 \(en miimon (default: 100)
582 .IP "\fI[downdelay <num>]\fP" 42
583 \(en downdelay (default: 0)
584 .IP "\fI[updelay <num>]\fP" 42
585 \(en updelay (default: 0)
586 .IP "\fI[arp-interval <num>]\fP" 42
587 \(en ARP interval (default: 0)
588 .IP "\fI[arp-ip-target <num>]\fP" 42
594 .IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
595 \(en master bond interface name, or connection UUID or ID of bond master connection profile.
596 The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
601 .IP "\fI[config <file>|<raw JSON data>]\fP" 42
602 \(en JSON configuration for team
607 .IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
608 \(en master team interface name, or connection UUID or ID of team master connection profile.
609 The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
614 .IP "\fI[stp yes|no]\fP" 42
615 \(en controls whether Spanning Tree Protocol (STP) is enabled for this bridge (default: yes)
616 .IP "\fI[priority <num>]\fP" 42
617 \(en sets STP priority (default: 128)
618 .IP "\fI[forward-delay <2-30>]\fP" 42
619 \(en STP forwarding delay, in seconds (default: 15)
620 .IP "\fI[hello-time <1-10>]\fP" 42
621 \(en STP hello time, in seconds (default: 2)
622 .IP "\fI[max-age <6-42>]\fP" 42
623 \(en STP maximum message age, in seconds (default: 20)
624 .IP "\fI[ageing-time <0-1000000>]\fP" 42
625 \(en the Ethernet MAC address aging time, in seconds (default: 300)
626 .IP "\fI[multicast-snooping yes|no]\fP" 42
627 \(en controls whether IGMP snooping is enabled (default: yes)
628 .IP "\fI[mac <MAC address>]\fP" 42
629 \(en MAC address of the bridge (note: this requires a recent kernel feature,
630 originally introduced in 3.15 upstream kernel)
635 .IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
636 \(en master bridge interface name, or connection UUID or ID of bridge master connection profile.
637 The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
642 .IP "\fIvpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|strongswan|ssh|l2tp|iodine|fortisslvpn|...\fP" 42
644 .IP "\fI[user <username>]\fP" 42
650 .IP "\fIssid <SSID>\fP" 42
652 .IP "\fI[channel <1-13>]\fP" 42
653 \(en channel to use for the network
654 .IP "\fI[dhcp-anycast <MAC address>]\fP" 42
655 \(en anycast DHCP MAC address used when requesting an IP address via DHCP
660 .IP "\fIusername <username>\fP" 42
662 .IP "\fIprotocol pppoa|pppoe|ipoatm\fP" 42
664 .IP "\fI[password <password>]\fP" 42
666 .IP "\fI[encapsulation vcmux|llc]\fP" 42
667 \(en ADSL encapsulation
672 .IP "\fImode tun|tap\fP" 42
673 \(en Mode for the device
674 .IP "\fI[owner <UID>]\fP" 42
675 \(en UID of the owner
676 .IP "\fI[group <GID>]\fP" 42
677 \(en GID of the group
678 .IP "\fI[pi yes|no>]\fP" 42
679 \(en include packet information (~IFF_NO_PI flag)
680 .IP "\fI[vnet-hdr yes|no>]\fP" 42
681 \(en send and receive large (i.e. GSO) packets and packets with partial checksums (IFF_VNET_HDR flag)
682 .IP "\fI[multi-queue yes|no>]\fP" 42
683 \(en multi-queue support for tun/tap device (IFF_MULTI_QUEUE flag)
688 .IP "\fImode ipip|gre|sit|isatap|vti|ip6ip6|ipip6|ip6gre|vti6\fP" 42
690 .IP "\fIremote <remote endpoint IP>\fP" 42
691 \(en IPv4 or IPv6 address of the remote tunnel endpoint
692 .IP "\fI[local <local endpoint IP>]\fP" 42
693 \(en IPv4 or IPv6 address of the local tunnel endpoint
694 .IP "\fI[dev <parent device (ifname or connection UUID)>]\fP" 42
695 \(en device to use for tunnel endpoint communication
700 .IP "\fIdev <parent device (connection UUID, ifname, or MAC)>\fP" 42
701 \(en parent device this MACVLAN is on
702 .IP "\fImode vepa|bridge|private|passthru|source\fP" 42
703 \(en MACVLAN mode, which specifies the communication mechanism between multiple MACVLANs on the same lower device
704 .IP "\fI[tap yes|no]\fP" 42
705 \(en controls the device type. If set to 'yes' a MACVTAP will be created (default: no)
710 .IP "\fIid <VXLAN ID>\fP" 42
711 \(en VXLAN Network Identifer to use
712 .IP "\fIremote <IP>\fP" 42
713 \(en unicast destination IP address or multicast IP address to join
714 .IP "\fI[dev <parent device (ifname or connection UUID)>]\fP" 42
715 \(en device to use for tunnel endpoint communication
716 .IP "\fI[local <IP>]\fP" 42
717 \(en source IP address
718 .IP "\fI[source-port-min <0-65535>]\fP" 42
719 \(en minimum UDP source port to communicate to the remote VXLAN tunnel endpoint
720 .IP "\fI[source-port-max <0-65535>]\fP" 42
721 \(en maximum UDP source port to communicate to the remote VXLAN tunnel endpoint
722 .IP "\fI[destination-port <0-65535>]\fP" 42
723 \(en UDP destination port to communicate to the remote VXLAN tunnel endpoint
732 .IP "\fI[priority <0-63>]\fP" 42
733 \(en STP priority of this slave (default: 32)
734 .IP "\fI[path-cost <1-65535>]\fP" 42
735 \(en STP port cost for destinations via this slave (default: 100)
736 .IP "\fI[hairpin yes|no]\fP" 42
737 \(en 'hairpin mode' for the slave, which allows frames
738 to be sent back out through the slave the frame was received on (default: yes)
743 .IP "\fI[config <file>|<raw JSON data>]\fP" 42
744 \(en JSON configuration for team
749 .IP "\fI[ip4 <IPv4 address>] [gw4 <IPv4 gateway>]\fP" 42
751 .IP "\fI[ip6 <IPv6 address>] [gw6 <IPv6 gateway>]\fP" 42
755 If a \fI--\fP argument is encountered, the rest of command line is interpreted
756 as property list in the same format as \fIconnection modify\fP command accepts.
757 This makes it possible to adjust the connection properties before it's added.
760 .B edit [id | uuid | path ] <ID> - edit an existing connection
763 .B edit [type <new connection type>] [con-name <new connection name>] - add a new connection
765 Edit an existing connection or add a new one, using an interactive editor.
767 The existing connection is identified by its name, UUID or D-Bus path.
768 If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP, or \fIpath\fP can be used.
769 See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
770 Not providing an <ID> means that a new connection will be added.
772 The interactive editor will guide you through the connection editing and
773 allow you to change connection parameters according to your needs by means of
774 a simple menu-driven interface. The editor indicates what settings and
775 properties can be modified and provides in-line help.
780 \(en type of the new connection; valid types are the same as for \fIconnection add\fP command
781 .IP \fIcon-name\fP 13
782 \(en name for the new connection. It can be changed later in the editor.
786 See also \fInm-settings\fP(5) for all NetworkManager settings and property names, and their
787 descriptions; and \fInmcli-examples\fP(5) for sample editor sessions.
790 .B modify [--temporary] [ id | uuid | path ] <ID> [+|-]<setting>.<property> <value>
791 .B [+|-]<setting>.<property> <value> ...
793 Modify one or more properties in the connection profile.
795 The connection is identified by its name, UUID or D-Bus path. If <ID> is
796 ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. See
797 \fInm-settings\fP(5) for setting and property names, their descriptions and
798 default values. This command supports abbreviations for \fIsetting name\fP and
799 \fIproperty name\fP provided they are unique. Empty \fIvalue\fP ("") removes
800 the property value (sets the property to the default value). The provided
801 value overwrites the existing property value.
803 If you want to append an item to the existing value, use \fI+\fP prefix for the
804 property name. If you want to remove just one item from container-type
805 property, use \fI-\fP prefix for the property name and specify a value or an
806 zero-based index of the item to remove (or option name for properties with
807 named options) as \fIvalue\fP. Of course, \fI+|-\fP only have a real effect for
808 multi-value (container) properties like ipv4.dns, ipv4.addresses, bond.options,
811 The changes to the connection profile will be saved persistently by
812 NetworkManager, unless \fI--temporary\fP option is provided, in which case the
813 changes won't persist over NetworkManager restart.
815 .B clone [--temporary] [ id | uuid | path ] <ID> <new name>
817 Clone a connection. The connection to be cloned is identified by its
818 name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
819 \fIuuid\fP or \fIpath\fP can be used. See \fBconnection show\fP above for
820 the description of the <ID>-specifying keywords. \fI<new name>\fP is the name
821 of the new cloned connection. The new connection will be the exact copy except
822 the connection.id (\fI<new name>\fP) and connection.uuid (generated)
825 The new connection profile will be saved as persistent unless \fI--temporary\fP
826 option is specified, in which case the new profile won't exist after NetworkManager
829 .B delete [ id | uuid | path ] <ID> ...
831 Delete a configured connection. The connection to be deleted is identified by
832 its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
833 \fIuuid\fP or \fIpath\fP can be used.
835 See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
837 If '--wait' option is not specified, the default timeout will be 10 seconds.
839 .B monitor [ id | uuid | path ] <ID> ...
841 Monitor connection profile activity. This command prints a line whenever the
842 specified connection changes. The connection to be monitored is identified by
843 its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
844 \fIuuid\fP or \fIpath\fP can be used.
846 See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
848 Monitors all connection profiles in case none is specified. The command terminates
849 when all monitored connections disappear. If you want to monitor connection creation
850 consider using the global monitor with \fInmcli monitor\fP command.
854 Reload all connection files from disk. \fINetworkManager\fP does not monitor
855 changes to connection files by default. So you need to use this command in order
856 to tell \fINetworkManager\fP to re-read the connection profiles from disk when
857 a change was made to them. However, the auto-loading feature can be enabled and
858 then \fINetworkManager\fP will reload connection files any time they change
859 (monitor-connection-files=true in \fINetworkManager.conf\fP(5)).
861 .B load <filename> [<filename>...]
863 Load/reload one or more connection files from disk. Use this after manually
864 editing a connection file to ensure that \fBNetworkManager\fP is aware
867 .B import [--temporary] type <type> file <file to import>
869 Import an external/foreign configuration as a NetworkManager connection profile.
870 The type of the input file is specified by \fItype\fP option.
872 Only VPN configurations are supported at the moment. The configuration
873 is imported by NetworkManager VPN plugins. \fItype\fP values are the same as for
874 \fIvpn-type\fP option in \fBnmcli connection add\fP. VPN configurations are
875 imported by VPN plugins. Therefore the proper VPN plugin has to be installed
876 so that nmcli could import the data.
878 The imported connection profile will be saved as persistent unless \fI--temporary\fP
879 option is specified, in which case the new profile won't exist after NetworkManager
882 .B export [ id | uuid | path ] <ID> [<output file>]
886 Only VPN connections are supported at the moment. A proper VPN plugin has to be
887 installed so that nmcli could export a connection. If no \fI<output file>\fP is
888 provided, the VPN configuration data will be printed to standard output.
892 .B device - show and manage network interfaces
895 .SS \fICOMMAND\fP := { status | show | set | connect | reapply | disconnect | delete | monitor | wifi | lldp }
901 Print status of devices.
903 This is the default action if no command is specified to \fIdevice\fP object.
907 Show detailed information about devices. Without an argument, all devices are
908 examined. To get information for a specific device, the interface name has
912 .B set [ifname] <ifname> [autoconnect yes|no] [managed yes|no]
914 Set device properties.
918 Connect the device. NetworkManager will try to find a suitable connection that
919 will be activated. It will also consider connections that are not set to auto connect.
921 If '--wait' option is not specified, the default timeout will be 90 seconds.
925 Attempt to update device with changes to the currently active connection
926 made since it was last applied.
928 .B disconnect <ifname> ...
930 Disconnect a device and prevent the device from automatically activating further
931 connections without user/manual intervention. Note that disconnecting software
932 devices may mean that the devices will disappear.
934 If '--wait' option is not specified, the default timeout will be 10 seconds.
936 .B delete <ifname> ...
938 Delete a device. The command removes the interface from the system. Note that
939 this only works for software devices like bonds, bridges, teams, etc.
940 Hardware devices (like Ethernet) cannot be deleted by the command.
942 If '--wait' option is not specified, the default timeout will be 10 seconds.
944 .B monitor [<ifname>] ...
946 Monitor device activity. This command prints a line whenever the specified devices
949 Monitors all devices in case no interface is specified. The monitor terminates when
950 all specified devices disappear. If you want to monitor device addition consider
951 using the global monitor with \fInmcli monitor\fP command.
953 .B wifi [list [ifname <ifname>] [bssid <BSSID>]]
955 List available Wi\(hyFi access points. The \fIifname\fP and \fIbssid\fP options
956 can be used to list APs for a particular interface or with a specific BSSID,
959 .B wifi connect <(B)SSID> [password <password>] [wep\-key\-type key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>]
960 .B [private yes|no] [hidden yes|no]
962 Connect to a Wi\(hyFi network specified by SSID or BSSID. The command creates a new
963 connection and then activates it on a device. This is a command\(hyline counterpart
964 of clicking an SSID in a GUI client. The command always creates a new connection
965 and thus it is mainly useful for connecting to new Wi\(hyFi networks. If a connection
966 for the network already exists, it is better to bring up (activate) the existing connection
967 as follows: \fInmcli con up id <name>\fP. Note that only open, WEP and WPA\(hyPSK networks
968 are supported at the moment. It is also supposed that IP configuration is obtained via
971 If '--wait' option is not specified, the default timeout will be 90 seconds.
974 Available options are:
975 .IP \fIpassword\fP 13
976 \(en password for secured networks (WEP or WPA)
977 .IP \fIwep\-key\-type\fP 13
978 \(en type of WEP secret, either \fIkey\fP for ASCII/HEX key or \fIphrase\fP for passphrase
980 \(en interface that will be used for activation
982 \(en if specified, the created connection will be restricted just for the BSSID
984 \(en if specified, the connection will use the name (else NM creates a name itself)
986 \(en if set to \fByes\fP, the connection will only be visible to the user who created it.
987 Otherwise the connection is system\(hywide, which is the default.
989 \(en set to \fByes\fP when connecting for the first time to an AP not broadcasting its SSID.
990 Otherwise the SSID would not be found and the connection attempt would fail.
993 .B wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] [password <password>]
995 Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to
996 Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA
997 if device/driver supports that, otherwise WEP is used.
998 Use \fIconnection down\fP or \fIdevice disconnect\fP to stop the hotspot.
1002 Parameters of the hotspot can be influenced by the optional parameters:
1004 \(en what Wi-Fi device is used
1005 .IP \fIcon-name\fP 17
1006 \(en name of the created hotspot connection profile
1008 \(en SSID of the hotspot
1010 \(en Wi-Fi band to use
1011 .IP \fIchannel\fP 17
1012 \(en Wi-Fi channel to use
1013 .IP \fIpassword\fP 17
1014 \(en password to use for the created hotspot. If not provided,
1015 nmcli will generate a password. The password is either WPA
1016 pre-shared key or WEP key.
1018 Note that \fI--show-secrets\fP global option can be used to print the hotspot
1019 password. It is useful especially when the password was generated.
1022 .B wifi rescan [ifname <ifname>] [[ssid <SSID>] ...]
1024 Request that \fINetworkManager\fP immediately re-scan for available access points.
1025 NetworkManager scans Wi\(hyFi networks periodically, but in some cases it can be
1026 useful to start scanning manually (e.g. after resuming the computer). By using
1027 \fIssid\fP, it is possible to scan for a specific SSID, which is useful for APs
1028 with hidden SSIDs. You can provide multiple \fIssid\fP parameters in order to
1031 This command does not show the APs, use 'nmcli device wifi list' for that.
1033 .B lldp [list [ifname <ifname>]]
1035 Display information about neighboring devices learned through the Link
1036 Layer Discovery Protocol (LLDP). The \fIifname\fP option can be used to
1037 list neighbors only for a given interface. The protocol must be
1038 enabled in the connection settings.
1042 .B agent \- run nmcli as a NetworkManager secret agent, or polkit agent
1045 .SS \fICOMMAND\fP := { secret | polkit | all }
1051 Register nmcli as a NetworkManager secret agent and listen for secret requests.
1052 You do usually not need this command, because nmcli can handle secrets when
1053 connecting to networks. However, you may find the command useful when you use
1054 another tool for activating connections and you do not have a secret agent
1055 available (like nm-applet).
1059 Register nmcli as a polkit agent for the user session and listen for
1060 authorization requests. You do not usually need this command, because nmcli can
1061 handle polkit actions related to NetworkManager operations (when run with
1062 --ask). However, you may find the command useful when you want to run a simple
1063 text based polkit agent and you do not have an agent of a desktop environment.
1064 Note that running this command makes nmcli handle all polkit requests, not only
1065 NetworkManager related ones, because only one polkit agent can run for the
1070 Runs nmcli as both NetworkManager secret and a polkit agent.
1073 .SH ENVIRONMENT VARIABLES
1074 \fInmcli\fP's behavior is affected by the following environment variables.
1076 If set to a non\(hyempty string value, it overrides the values of all the other
1077 internationalization variables.
1078 .IP "LC_MESSAGES" 13
1079 Determines the locale to be used for internationalized messages.
1081 Provides a default value for the internationalization variables that are unset
1085 Internationalization notes:
1087 Be aware that \fInmcli\fP is localized and that is why the output depends on
1088 your environment. This is important to realize especially when you parse the
1091 Call \fInmcli\fP as \fBLC_ALL=C nmcli\fP to be sure the locale is
1092 set to "C" while executing in a script.
1094 \fBLC_ALL\fP, \fBLC_MESSAGES\fP, \fBLANG\fP variables specify the LC_MESSAGES
1095 locale category (in that order), which determines the language that \fInmcli\fP
1096 uses for messages. The "C" locale is used if none of these variables are set,
1097 and this locale uses English messages.
1100 \fInmcli\fP exits with status 0 if it succeeds, a value greater than 0 is
1101 returned if an error occurs.
1103 Success \(en indicates the operation succeeded
1105 Unknown or unspecified error
1107 Invalid user input, wrong \fInmcli\fP invocation
1109 Timeout expired (see \fI\-\-wait\fP option)
1111 Connection activation failed
1113 Connection deactivation failed
1115 Disconnecting device failed
1117 Connection deletion failed
1119 NetworkManager is not running
1121 \fInmcli\fP and \fINetworkManager\fP versions mismatch
1123 Connection, device, or access point does not exist.
1127 This section presents various examples of nmcli usage. If you want even more,
1128 please refer to \fInmcli-examples\fP(5) manual page.
1130 .IP "\fB\f(CWnmcli \-t \-f RUNNING general\fP\fP"
1132 tells you whether NetworkManager is running or not.
1134 .IP "\fB\f(CWnmcli \-t \-f STATE general\fP\fP"
1136 shows the overall status of NetworkManager.
1138 .IP "\fB\f(CWnmcli radio wifi off\fP\fP"
1140 switches Wi\(hyFi off.
1142 .IP "\fB\f(CWnmcli connection show\fP\fP"
1144 lists all connections NetworkManager has.
1146 .IP "\fB\f(CWnmcli \-p \-m multiline \-f all con show\fP\fP"
1148 shows all configured connections in multi-line mode.
1150 .IP "\fB\f(CWnmcli connection show --active\fP\fP"
1152 lists all currently active connections.
1154 .IP "\fB\f(CWnmcli \-f name,autoconnect c s\fP\fP"
1156 shows all connection profile names and their auto-connect property.
1158 .IP "\fB\f(CWnmcli \-p connection show \(dq\&My default em1\(dq\&\fP\fP"
1160 shows details for "My default em1" connection profile.
1162 .IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP"
1164 shows details for "My Home WiFi" connection profile with all passwords.
1165 Without \fI--show-secrets\fP option, secrets would not be displayed.
1167 .IP "\fB\f(CWnmcli \-f active connection show \(dq\&My default em1\(dq\&\fP\fP"
1169 shows details for "My default em1" active connection, like IP, DHCP
1172 .IP "\fB\f(CWnmcli -f profile con s \(dq\&My wired connection\(dq\&\fP\fP"
1174 shows static configuration details of the connection profile with "My wired connection" name.
1176 .IP "\fB\f(CWnmcli \-p con up \(dq\&My wired connection\(dq\& ifname eth0\fP\fP"
1178 activates the connection profile with name "My wired connection" on interface eth0.
1179 The \-p option makes nmcli show progress of the activation.
1181 .IP "\fB\f(CWnmcli con up 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 ap 00:3A:98:7C:42:D3\fP\fP"
1183 connects the Wi\(hyFi connection with UUID 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 to the AP
1184 with BSSID 00:3A:98:7C:42:D3.
1186 .IP "\fB\f(CWnmcli device status\fP\fP"
1188 shows the status for all devices.
1190 .IP "\fB\f(CWnmcli dev disconnect em2\fP\fP"
1192 disconnects a connection on interface em2 and marks the device as unavailable for
1193 auto\(hyconnecting. As a result, no connection will automatically be activated on the
1194 device until the device's 'autoconnect' is set to TRUE or the user manually activates
1197 .IP "\fB\f(CWnmcli \-f GENERAL,WIFI\-PROPERTIES dev show wlan0\fP\fP"
1199 shows details for wlan0 interface; only GENERAL and WIFI\-PROPERTIES sections will be shown.
1201 .IP "\fB\f(CWnmcli \-f CONNECTIONS device show wlp3s0\fP\fP"
1203 shows all available connection profiles for your Wi-Fi interface wlp3s0.
1205 .IP "\fB\f(CWnmcli dev wifi\fP\fP"
1207 lists available Wi\(hyFi access points known to NetworkManager.
1209 .IP "\fB\f(CWnmcli dev wifi con \(dq\&Cafe Hotspot 1\(dq\& password caffeine name \(dq\&My cafe\(dq\&\fP\fP"
1211 creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID
1212 using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for
1213 the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the
1214 existing connection profile can be used and no additional is created.
1216 .IP "\fB\f(CWnmcli -s dev wifi hotspot con-name QuickHotspot\fP\fP"
1218 creates a hotspot profile and connects it. Prints the hotspot password the user should use
1219 to connect to the hotspot from other devices.
1221 .IP "\fB\f(CWnmcli connection add type ethernet autoconnect no ifname eth0\fP\fP"
1223 non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP),
1224 and disables the connection's "autoconnect" flag.
1226 .IP "\fB\f(CWnmcli c a ifname Maxipes\(hyfik type vlan dev eth0 id 55\fP\fP"
1228 non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface
1229 will be named Maxipes\(hyfik.
1231 .IP "\fB\f(CWnmcli c a ifname eth0 type ethernet -- ipv4.method disabled ipv6.method link-local\fP\fP"
1233 non-interactively adds a connection that will use eth0 Ethernet interface and only have an IPv6 link-local
1236 .IP "\fB\f(CWnmcli connection edit ethernet\-em1\-2\fP\fP"
1238 edits existing "ethernet\(hyem1\(hy2" connection in the interactive editor.
1240 .IP "\fB\f(CWnmcli connection edit type ethernet con-name \(dq\&yet another Ethernet connection\(dq\&\fP\fP"
1242 adds a new Ethernet connection in the interactive editor.
1244 .IP "\fB\f(CWnmcli con mod ethernet\-2 connection.autoconnect no\fP\fP"
1246 modifies 'autoconnect' property in the 'connection' setting of 'ethernet\(hy2' connection.
1248 .IP "\fB\f(CWnmcli con mod \(dq\&Home Wi\-Fi\(dq\& wifi.mtu 1350\fP\fP"
1250 modifies 'mtu' property in the 'wifi' setting of 'Home Wi\(hyFi' connection.
1252 .IP "\fB\f(CWnmcli con mod em1-1 ipv4.method manual ipv4.addr \(dq\&192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11\(dq\&\fP\fP"
1254 sets manual addressing and the addresses in em1-1 profile.
1256 .IP "\fB\f(CWnmcli con modify ABC +ipv4.dns 8.8.8.8\fP\fP"
1258 appends a Google public DNS server to DNS servers in ABC profile.
1260 .IP "\fB\f(CWnmcli con modify ABC -ipv4.addresses \(dq\&192.168.100.25/24 192.168.1.1\(dq\&\fP\fP"
1262 removes the specified IP address from (static) profile ABC.
1264 .IP "\fB\f(CWnmcli con import type openvpn file ~/Downloads/frootvpn.ovpn\fP\fP"
1266 imports an OpenVPN configuration to NetworkManager.
1268 .IP "\fB\f(CWnmcli con export corp-vpnc /home/joe/corpvpn.conf\fP\fP"
1270 exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc) configuration.
1273 \fInmcli\fP accepts abbreviations, as long as they are a unique prefix in the set
1274 of possible options. As new options get added, these abbreviations are not guaranteed
1275 to stay unique. For scripting and long term compatibility it is therefore strongly
1276 advised to spell out the full option names.
1279 There are probably some bugs. If you find a bug, please report it to
1280 https://bugzilla.gnome.org/ \(em product \fINetworkManager\fP.
1283 .BR nmcli\-examples (5),
1285 .BR NetworkManager (8),
1286 .BR NetworkManager.conf (5),
1287 .BR nm\-settings (5),
1289 .BR nm\-connection\-editor (1).