.\" nmcli (1) manual page .\" .\" This is free documentation; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License as .\" published by the Free Software Foundation; either version 2 of .\" the License, or (at your option) any later version. .\" .\" The GNU General Public License's references to "object code" .\" and "executables" are to be interpreted as the output of any .\" document formatting or typesetting system, including .\" intermediate and printed output. .\" .\" This manual is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public Licence along .\" with this manual; if not, write to the Free Software Foundation, Inc., .\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. .\" .\" Copyright 2010 - 2015 Red Hat, Inc. .\" .TH NMCLI "1" "2016-03-09" "NetworkManager 1.2" .SH NAME nmcli \- command\(hyline tool for controlling NetworkManager .SH SYNOPSIS .ad l .B nmcli .RI " [ " OPTIONS " ] " OBJECT " { " COMMAND " | " .BR help " } " .sp .IR OBJECT " := { " .BR general " | " networking " | " radio " | " connection " | " device " | " agent " | " monitor .RI " }" .sp .IR OPTIONS " := { " .br \fB\-t\fR[\fIerse\fR] .br \fB\-p\fR[\fIretty\fR] .br \fB\-m\fR[\fImode\fR] tabular | multiline .br \fB\-c\fR[\fIcolors\fR] auto | yes | no .br \fB\-f\fR[\fIields\fR] | all | common .br \fB\-e\fR[\fIscape\fR] yes | no .br \fB\-n\fR[\fIocheck\fR] .br \fB\-a\fR[\fIsk\fR] .br \fB\-s\fR[\fIhow-secrets\fR] .br \fB\-w\fR[\fIait\fR] .br \fB\-v\fR[\fIersion\fR] .br \fB\-h\fR[\fIelp\fR] .br .RI "}" .SH DESCRIPTION .B nmcli is a command\(hyline tool for controlling NetworkManager and reporting network status. It can be utilized as a replacement for \fInm\(hyapplet\fP or other graphical clients. \fInmcli\fP is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status. .P Typical uses include: .IP \(em 4 Scripts: utilize NetworkManager via \fInmcli\fP instead of managing network connections manually. \fInmcli\fP supports a terse output format which is better suited for script processing. Note that NetworkManager can also execute scripts, called "dispatcher scripts", in response to network events. See \fBNetworkManager\fP for details about these dispatcher scripts. .IP \(em 4 Servers, headless machines, and terminals: \fInmcli\fP can be used to control NetworkManager without a GUI, including creating, editing, starting and stopping network connections and viewing network status. .SS \fIOPTIONS\fP .TP .B \-t, \-\-terse Output is terse. This mode is designed and suitable for computer (script) processing. .TP .B \-p, \-\-pretty Output is pretty. This causes \fInmcli\fP to produce easily readable outputs for humans, i.e. values are aligned, headers are printed, etc. .TP .B \-m, \-\-mode tabular | multiline Switch between \fItabular\fP and \fImultiline\fP output. If omitted, default is \fItabular\fP for most commands. For the commands producing more structured information, that cannot be displayed on a single line, default is \fImultiline\fP. Currently, they are: .br .nf 'nmcli connection show ' 'nmcli device show' .fi \fItabular\fP \(en Output is a table where each line describes a single entry. Columns define particular properties of the entry. .br \fImultiline\fP \(en Each entry comprises multiple lines, each property on its own line. The values are prefixed with the property name. .TP .B \-c, \-\-colors auto|yes|no This option controls color output (using terminal escape sequences). \fIyes\fP enables colors, \fIno\fP disables them, \fIauto\fP only produces colors when standard output is directed to a terminal. The default value is \fIauto\fP. .TP .B \-f, \-\-fields | all | common This option is used to specify what fields (column names) should be printed. Valid field names differ for specific commands. List available fields by providing an invalid value to the \fI\-\-fields\fP option. .br \fIall\fP is used to print all valid field values of the command. \fIcommon\fP is used to print common field values of the command. If omitted, default is \fIcommon\fP. The option is mandatory when \fI\-\-terse\fP is used. In this case, generic values \fIall\fP and \fIcommon\fP cannot be used. (This is to maintain compatibility when new fields are added in the future). .TP .B \-e, \-\-escape yes | no Whether to escape ':' and '\\' characters in terse tabular mode. The escape character is '\\'. If omitted, default is \fIyes\fP. .TP .B \-n, \-\-nocheck This option can be used to force \fInmcli\fP to skip checking \fInmcli\fP and \fINetworkManager\fP version compatibility. Use it with care, because using incompatible versions may produce incorrect results. .TP .B \-a, \-\-ask When using this option \fInmcli\fP will stop and ask for any missing required arguments, so do not use this option for non-interactive purposes like scripts. This option controls, for example, whether you will be prompted for a password if it is required for connecting to a network. .TP .B \-s, \-\-show-secrets When using this option \fInmcli\fP will display passwords and secrets that might be present in an output of an operation. This option also influences echoing passwords typed by user as an input. .TP .B \-w, \-\-wait This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP to finish operations. It is especially useful for commands that may take a longer time to complete, e.g. connection activation. Specifying a value of \fB0\fP instructs \fInmcli\fP not to wait but to exit immediately with a status of success. The default value depends on the executed command. .TP .B \-v, \-\-version Show \fInmcli\fP version. .TP .B \-h, \-\-help Print help information. .SS \fIOBJECT\fP .TP .B general \- general \fINetworkManager\fP status and operations .br Use this object to show NetworkManager status and permissions. You can also get and change system hostname, as well as NetworkManager logging level and domains. .TP .SS \fICOMMAND\fP := { status | hostname | permissions | logging } .sp .RS .TP .B status .br Show overall status of NetworkManager. This is the default action, when no additional command is provided for \fIgeneral\fP object. .TP .B hostname [] .br Get and change system hostname. With no arguments, this prints currently configured hostname. When you pass a hostname, it will be handed over to NetworkManager to be set as a new system hostname. .br Note that the term \fBsystem\fP hostname may also be referred to as \fBpersistent\fP or \fBstatic\fP by other programs or tools. The hostname is stored in /etc/hostname file in most distributions. For example, systemd-hostnamed service uses the term \fBstatic\fP hostname and it only reads the /etc/hostname file when it starts. .TP .B permissions .br Show the permissions a caller has for various authenticated operations that NetworkManager provides, like enable and disable networking, changing Wi\(hyFi and WWAN state, modifying connections, etc. .TP .B logging [level ] [domains ] .br Get and change \fINetworkManager\fP logging level and domains. Without any argument current logging level and domains are shown. In order to change logging state, provide \fIlevel\fP and, or, \fIdomain\fP parameters. See \fBNetworkManager.conf\fP for available level and domain values. .RE .TP .B networking \- get or set general networking state of NetworkManager .br Use this object to show NetworkManager networking status, or to enable and disable networking. Disabling networking removes the configuration from all devices and changes them to the 'unmanaged' state. .TP .SS \fICOMMAND\fP := { [ on | off | connectivity ] } .sp .RS .TP .B [ on | off ] .br Get networking\(hyenabled status or enable and disable networking by NetworkManager. All interfaces managed by NetworkManager are deactivated when networking has been disabled. .TP .B connectivity [check] .br Get network connectivity state. The optional \fIcheck\fP argument tells NetworkManager to re-check the connectivity, else the most recent known connectivity state is displayed without re-checking. .br Possible states are: .RS .PP .IP \fInone\fP 9 \(en the host is not connected to any network .IP \fIportal\fP 9 \(en the host is behind a captive portal and cannot reach the full Internet .IP \fIlimited\fP 9 \(en the host is connected to a network, but it has no access to the Internet .IP \fIfull\fP 9 \(en the host is connected to a network and has full access to the Internet .IP \fIunknown\fP 9 \(en the connectivity status cannot be found out .RE .RE .TP .B radio \- get or set radio switch states .br Use this object to show radio switches status, or enable and disable the switches. .TP .SS \fICOMMAND\fP := { all | wifi | wwan } .sp .RS .TP .B wifi [ on | off ] .br Show or set status of Wi\(hyFi in NetworkManager. If no arguments are supplied, Wi\(hyFi status is printed; \fIon\fP enables Wi\(hyFi; \fIoff\fP disables Wi\(hyFi. .TP .B wwan [ on | off ] .br Show or set status of WWAN (mobile broadband) in NetworkManager. If no arguments are supplied, mobile broadband status is printed; \fIon\fP enables mobile broadband, \fIoff\fP disables it. .TP .B all [ on | off ] .br Show or set all previously mentioned radio switches at the same time. .RE .TP .B monitor \- monitor NetworkManager .br Use this object to observe NetworkManager activity. Watches for changes in connectivity state, devices or connection profiles. .br See also \fImonitor\fP command of \fIconnection\fP or \fIdevice\fP object to watch for changes in certain objects or object classes. .RE .TP .B connection \- start, stop, and manage network connections .sp NetworkManager stores all network configuration as \fIconnections\fP, which are collections of data (Layer2 details, IP addressing, etc.) that describe how to create or connect to a network. A connection is \fIactive\fP when a device uses that connection's configuration to create or connect to a network. There may be multiple connections that apply to a device, but only one of them can be active on that device at any given time. The additional connections can be used to allow quick switching between different networks and configurations. .sp Consider a machine which is usually connected to a DHCP-enabled network, but sometimes connected to a testing network which uses static IP addressing. Instead of manually reconfiguring eth0 each time the network is changed, the settings can be saved as two connections which both apply to eth0, one for DHCP (called "default") and one with the static addressing details (called "testing"). When connected to the DHCP-enabled network the user would run "nmcli con up default" , and when connected to the static network the user would run "nmcli con up testing". .TP .SS \fICOMMAND\fP := { show | up | down | add | edit | modify | delete | monitor | reload | load } .sp .RS .TP .B show [--active] .br List in-memory and on-disk connection profiles, some of which may also be active if a device is using that connection profile. Without a parameter, all profiles are listed. When --active option is specified, only the active profiles are shown. .TP .B show [--active] [--order ] [ id | uuid | path | apath ] ... .br Show details for specified connections. By default, both static configuration and active connection data are displayed. When --active option is specified, only the active profiles are taken into account. Use global --show-secrets option to display secrets associated with the profile. .sp Ordering: .br The --order option can be used to get custom ordering of connections. The connections can be ordered by active status, name, type or D-Bus path. If connections are equal according to a sort order category, an additional category can be specified. The default sorting order is equivalent to "--order active:name:path". .sp := category:category:... .br category := [+-]active | [+-]name | [+-]type | [+-]path .br \fI+\fP or no prefix means sorting in ascending order (alphabetically or in numbers). .br \fI-\fP means reverse (descending) order. .br The category names can be abbreviated (e.g. --order -a:na) .sp \fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if \fI\fP is ambiguous. .RS .PP Optional -specifying keywords are: .IP \fIid\fP 13 \(en the denotes a connection name .IP \fIuuid\fP 13 \(en the denotes a connection UUID .IP \fIpath\fP 13 \(en the denotes a D-Bus static connection path in the format of /org/freedesktop/NetworkManager/Settings/ or just .IP \fIapath\fP 13 \(en the denotes a D-Bus active connection path in the format of /org/freedesktop/NetworkManager/ActiveConnection/ or just .PP It is possible to filter the output using the global \fI--fields\fP option. Use the following values: .RE .RS .PP .IP \fIprofile\fP 13 \(en only shows static profile configuration .IP \fIactive\fP 13 \(en only shows active connection data (when the profile is active) .PP You can also specify particular fields. For static configuration, use setting and property names as described in \fInm-settings\fP(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6, VPN. .PP When no command is given to the \fIconnection\fP object, the default action is 'nmcli connection show'. .RE .TP .B up [ id | uuid | path ] [ifname ] [ap ] [passwd-file ] .RE .RS .B up ifname [ap ] [passwd-file ] .RS .br Activate a connection. The connection is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. When requiring a particular device to activate the connection on, the \fIifname\fP option with interface name should be given. If the is not given an \fIifname\fP is required, and NetworkManager will activate the best available connection for the given \fIifname\fP. In case of a VPN connection, the \fIifname\fP option specifies the device of the base connection. The \fIap\fP option specify what particular AP should be used in case of a Wi\(hyFi connection. .br If '--wait' option is not specified, the default timeout will be 90 seconds. .br See \fBconnection show\fP above for the description of the -specifying keywords. .RS .PP Available options are: .IP \fIifname\fP 13 \(en interface that will be used for activation .IP \fIap\fP 13 \(en BSSID of the AP which the command should connect to (for Wi\(hyFi connections) .IP \fIpasswd-file\fP 13 \(en some networks may require credentials during activation. You can give these credentials using this option. Each line of the file should contain one password in the form of .br \fBsetting_name.property_name:the password\fP .br For example, for WPA Wi-Fi with PSK, the line would be .br \fI802-11-wireless-security.psk:secret12345\fP .br For 802.1X password, the line would be .br \fI802-1x.password:my 1X password\fP .br nmcli also accepts "wifi-sec" and "wifi" strings instead of "802-11-wireless-security". When NetworkManager requires a password and it is not given, nmcli will ask for it when run with --ask. If --ask was not passed, NetworkManager can ask another secret agent that may be running (typically a GUI secret agent, such as nm-applet or gnome-shell). .RE .RE .TP .B down [ id | uuid | path | apath ] ... .br Deactivate a connection from a device without preventing the device from further auto-activation. Multiple connections can be passed to the command. .sp Be aware that this command deactivates the specified active connection, but the device on which the connection was active, is still ready to connect and will perform auto-activation by looking for a suitable connection that has the 'autoconnect' flag set. This includes the just deactivated connection. So if the connection is set to auto-connect, it will be automatically started on the disconnected device again. .br In most cases you may want to use \fIdevice disconnect\fP command instead. .sp The connection is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP, \fIpath\fP or \fIapath\fP can be used. .br See \fBconnection show\fP above for the description of the -specifying keywords. .br If '--wait' option is not specified, the default timeout will be 10 seconds. .TP .B add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- [+|-]. ...] .br Add a connection for NetworkManager. Arguments differ according to connection types, see below. .RS .TP .B COMMON_OPTIONS: .IP "\fItype \fP" 42 \(en connection type; see below \fBTYPE_SPECIFIC_OPTIONS\fP for allowed values; (mandatory) Note that types \fIbond-slave\fP, \fIteam-slave\fP and \fIbridge-slave\fP create \fIethernet\fP connection profiles. Their use is discouraged in favor of using a specific type with \fImaster\fP option. .IP "\fIifname | \(dq\&*\(dq\&\fP" 42 \(en interface to bind the connection to. The connection will only be applicable to this interface name. A special value of "\fB*\fP" can be used for interface-independent connections. The \fIifname\fP argument is mandatory for all connection types except bond, team, bridge and vlan. Note: use quotes around \fB*\fP to suppress shell expansion. .IP "\fI[con-name ]\fP" 42 \(en connection name (when not provided a default name is generated: [-][-]) .IP "\fI[autoconnect yes|no]\fP" 42 \(en whether the connection profile can be automatically activated (default: yes) .IP "\fI[save yes|no]\fP" 42 \(en whether the connection should be persistent, i.e. NetworkManager should store it on disk (default: yes) .IP "\fI[master ]\fP" 42 \(en master interface name, or connection UUID or ID of master connection profile. The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. See below \fBSLAVE_OPTIONS\fP for additional options for slave connection to masters of various types. .IP "\fI[slave-type ]\fP" 42 \(en type of master connection. Only required when it can not be inferred (i.e. the master connection does not exist yet). .RE .RS .TP .B TYPE_SPECIFIC_OPTIONS: .TP .B ethernet: .IP "\fI[mac ]\fP" 42 \(en MAC address of the device this connection is locked to .IP "\fI[cloned-mac ]\fP" 42 \(en cloned MAC .IP "\fI[mtu ]\fP" 42 \(en MTU .RE .RS .TP .B wifi: .IP "\fIssid \fP" 42 \(en SSID .IP "\fI[mac ]\fP" 42 \(en MAC address of the device this connection is locked to .IP "\fI[cloned-mac ]\fP" 42 \(en cloned MAC .IP "\fI[mode infrastructure|ap|adhoc]\fP" 42 \(en Wi-Fi network mode. If blank, \fIinfrastructure\fP is assumed. .IP "\fI[mtu ]\fP" 42 \(en MTU .RE .RS .TP .B wimax: .IP "\fI[mac ]\fP" 42 \(en MAC address of the device this connection is locked to .IP "\fI[nsp ]\fP" 42 \(en Network Service Provider name .RE .RS .TP .B pppoe: .IP "\fIusername \fP" 42 \(en PPPoE username .IP "\fI[password ]\fP" 42 \(en Password for the PPPoE username .IP "\fI[service ]\fP" 42 \(en PPPoE service name (if required by concentrator) .IP "\fI[mtu ]\fP" 42 \(en MTU .IP "\fI[mac ]\fP" 42 \(en MAC address of the device this connection is locked to .RE .RS .TP .B gsm: .IP "\fIapn \fP" 42 \(en APN - GSM Access Point Name .IP "\fI[user ]\fP" 42 \(en user name .IP "\fI[password ]\fP" 42 \(en password .RE .RS .TP .B cdma: .IP "\fI[user ]\fP" 42 \(en user name .IP "\fI[password ]\fP" 42 \(en password .RE .RS .TP .B infiniband: .IP "\fI[mac ]\fP" 42 \(en MAC address of the device this connection is locked to (InfiniBand MAC is 20 bytes) .IP "\fI[mtu ]\fP" 42 \(en MTU .IP "\fI[transport-mode datagram | connected]\fP" 42 \(en InfiniBand transport mode .IP "\fI[parent ]\fP" 42 \(en the interface name of the parent device (if any) .IP "\fI[p-key ]\fP" 42 \(en the InfiniBand P_Key (16-bit unsigned integer) .RE .RS .TP .B bluetooth: .IP "\fI[addr ]\fP" 42 \(en Bluetooth device address (MAC) .IP "\fI[bt-type panu|dun-gsm|dun-cdma]\fP" 42 \(en Bluetooth connection type .RE .RS .TP .B vlan: .IP "\fIdev \fP" 42 \(en parent device this VLAN is on .IP "\fIid \fP" 42 \(en VLAN ID in range <0-4095> .IP "\fI[flags ]\fP" 42 \(en flags .IP "\fI[ingress ]\fP" 42 \(en VLAN ingress priority mapping .IP "\fI[egress ]\fP" 42 \(en VLAN egress priority mapping .IP "\fI[mtu ]\fP" 42 \(en MTU .RE .RS .TP .B bond: .IP "\fI[mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |\fP" .IP "\fI 802.3ad (4) | balance-tlb (5) | balance-alb (6)]\fP" 42 \(en bonding mode (default: balance-rr) .IP "\fI[primary ]\fP" 42 \(en primary interface name (for "active-backup" mode) .IP "\fI[miimon ]\fP" 42 \(en miimon (default: 100) .IP "\fI[downdelay ]\fP" 42 \(en downdelay (default: 0) .IP "\fI[updelay ]\fP" 42 \(en updelay (default: 0) .IP "\fI[arp-interval ]\fP" 42 \(en ARP interval (default: 0) .IP "\fI[arp-ip-target ]\fP" 42 \(en ARP IP target .RE .RS .TP .B bond-slave: .IP "\fImaster \fP" 42 \(en master bond interface name, or connection UUID or ID of bond master connection profile. The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. .RE .RS .TP .B team: .IP "\fI[config |]\fP" 42 \(en JSON configuration for team .RE .RS .TP .B team-slave: .IP "\fImaster \fP" 42 \(en master team interface name, or connection UUID or ID of team master connection profile. The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. .RE .RS .TP .B bridge: .IP "\fI[stp yes|no]\fP" 42 \(en controls whether Spanning Tree Protocol (STP) is enabled for this bridge (default: yes) .IP "\fI[priority ]\fP" 42 \(en sets STP priority (default: 128) .IP "\fI[forward-delay <2-30>]\fP" 42 \(en STP forwarding delay, in seconds (default: 15) .IP "\fI[hello-time <1-10>]\fP" 42 \(en STP hello time, in seconds (default: 2) .IP "\fI[max-age <6-42>]\fP" 42 \(en STP maximum message age, in seconds (default: 20) .IP "\fI[ageing-time <0-1000000>]\fP" 42 \(en the Ethernet MAC address aging time, in seconds (default: 300) .IP "\fI[multicast-snooping yes|no]\fP" 42 \(en controls whether IGMP snooping is enabled (default: yes) .IP "\fI[mac ]\fP" 42 \(en MAC address of the bridge (note: this requires a recent kernel feature, originally introduced in 3.15 upstream kernel) .RE .RS .TP .B bridge-slave: .IP "\fImaster \fP" 42 \(en master bridge interface name, or connection UUID or ID of bridge master connection profile. The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. .RE .RS .TP .B vpn: .IP "\fIvpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|strongswan|ssh|l2tp|iodine|fortisslvpn|...\fP" 42 \(en VPN type .IP "\fI[user ]\fP" 42 \(en VPN username .RE .RS .TP .B olpc-mesh: .IP "\fIssid \fP" 42 \(en SSID .IP "\fI[channel <1-13>]\fP" 42 \(en channel to use for the network .IP "\fI[dhcp-anycast ]\fP" 42 \(en anycast DHCP MAC address used when requesting an IP address via DHCP .RE .RS .TP .B adsl: .IP "\fIusername \fP" 42 \(en ADSL user name .IP "\fIprotocol pppoa|pppoe|ipoatm\fP" 42 \(en ADSL protocol .IP "\fI[password ]\fP" 42 \(en ADSL password .IP "\fI[encapsulation vcmux|llc]\fP" 42 \(en ADSL encapsulation .RE .RS .TP .B tun: .IP "\fImode tun|tap\fP" 42 \(en Mode for the device .IP "\fI[owner ]\fP" 42 \(en UID of the owner .IP "\fI[group ]\fP" 42 \(en GID of the group .IP "\fI[pi yes|no>]\fP" 42 \(en include packet information (~IFF_NO_PI flag) .IP "\fI[vnet-hdr yes|no>]\fP" 42 \(en send and receive large (i.e. GSO) packets and packets with partial checksums (IFF_VNET_HDR flag) .IP "\fI[multi-queue yes|no>]\fP" 42 \(en multi-queue support for tun/tap device (IFF_MULTI_QUEUE flag) .RE .RS .TP .B ip-tunnel: .IP "\fImode ipip|gre|sit|isatap|vti|ip6ip6|ipip6|ip6gre|vti6\fP" 42 \(en tunnel mode .IP "\fIremote \fP" 42 \(en IPv4 or IPv6 address of the remote tunnel endpoint .IP "\fI[local ]\fP" 42 \(en IPv4 or IPv6 address of the local tunnel endpoint .IP "\fI[dev ]\fP" 42 \(en device to use for tunnel endpoint communication .RE .RS .TP .B macvlan: .IP "\fIdev \fP" 42 \(en parent device this MACVLAN is on .IP "\fImode vepa|bridge|private|passthru|source\fP" 42 \(en MACVLAN mode, which specifies the communication mechanism between multiple MACVLANs on the same lower device .IP "\fI[tap yes|no]\fP" 42 \(en controls the device type. If set to 'yes' a MACVTAP will be created (default: no) .RE .RS .TP .B vxlan: .IP "\fIid \fP" 42 \(en VXLAN Network Identifer to use .IP "\fIremote \fP" 42 \(en unicast destination IP address or multicast IP address to join .IP "\fI[dev ]\fP" 42 \(en device to use for tunnel endpoint communication .IP "\fI[local ]\fP" 42 \(en source IP address .IP "\fI[source-port-min <0-65535>]\fP" 42 \(en minimum UDP source port to communicate to the remote VXLAN tunnel endpoint .IP "\fI[source-port-max <0-65535>]\fP" 42 \(en maximum UDP source port to communicate to the remote VXLAN tunnel endpoint .IP "\fI[destination-port <0-65535>]\fP" 42 \(en UDP destination port to communicate to the remote VXLAN tunnel endpoint .RE .RS .TP .B SLAVE_OPTIONS: .RE .RS .TP .B bridge: .IP "\fI[priority <0-63>]\fP" 42 \(en STP priority of this slave (default: 32) .IP "\fI[path-cost <1-65535>]\fP" 42 \(en STP port cost for destinations via this slave (default: 100) .IP "\fI[hairpin yes|no]\fP" 42 \(en 'hairpin mode' for the slave, which allows frames to be sent back out through the slave the frame was received on (default: yes) .RE .RS .TP .B team: .IP "\fI[config |]\fP" 42 \(en JSON configuration for team .RE .RS .TP .B IP_OPTIONS: .IP "\fI[ip4 ] [gw4 ]\fP" 42 \(en IPv4 addresses .IP "\fI[ip6 ] [gw6 ]\fP" 42 \(en IPv6 addresses .RE .RS If a \fI--\fP argument is encountered, the rest of command line is interpreted as property list in the same format as \fIconnection modify\fP command accepts. This makes it possible to adjust the connection properties before it's added. .RE .TP .B edit [id | uuid | path ] - edit an existing connection .RE .RS .B edit [type ] [con-name ] - add a new connection .RS Edit an existing connection or add a new one, using an interactive editor. .br The existing connection is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP, or \fIpath\fP can be used. See \fBconnection show\fP above for the description of the -specifying keywords. Not providing an means that a new connection will be added. .sp The interactive editor will guide you through the connection editing and allow you to change connection parameters according to your needs by means of a simple menu-driven interface. The editor indicates what settings and properties can be modified and provides in-line help. .sp .PP Available options: .IP \fItype\fP 13 \(en type of the new connection; valid types are the same as for \fIconnection add\fP command .IP \fIcon-name\fP 13 \(en name for the new connection. It can be changed later in the editor. .RE .RS .sp See also \fInm-settings\fP(5) for all NetworkManager settings and property names, and their descriptions; and \fInmcli-examples\fP(5) for sample editor sessions. .RE .TP .B modify [--temporary] [ id | uuid | path ] [+|-]. .B [+|-]. ... .br Modify one or more properties in the connection profile. .br The connection is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. See \fInm-settings\fP(5) for setting and property names, their descriptions and default values. This command supports abbreviations for \fIsetting name\fP and \fIproperty name\fP provided they are unique. Empty \fIvalue\fP ("") removes the property value (sets the property to the default value). The provided value overwrites the existing property value. .br If you want to append an item to the existing value, use \fI+\fP prefix for the property name. If you want to remove just one item from container-type property, use \fI-\fP prefix for the property name and specify a value or an zero-based index of the item to remove (or option name for properties with named options) as \fIvalue\fP. Of course, \fI+|-\fP only have a real effect for multi-value (container) properties like ipv4.dns, ipv4.addresses, bond.options, etc. .br The changes to the connection profile will be saved persistently by NetworkManager, unless \fI--temporary\fP option is provided, in which case the changes won't persist over NetworkManager restart. .TP .B clone [--temporary] [ id | uuid | path ] .br Clone a connection. The connection to be cloned is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. See \fBconnection show\fP above for the description of the -specifying keywords. \fI\fP is the name of the new cloned connection. The new connection will be the exact copy except the connection.id (\fI\fP) and connection.uuid (generated) properties. .br The new connection profile will be saved as persistent unless \fI--temporary\fP option is specified, in which case the new profile won't exist after NetworkManager restart. .TP .B delete [ id | uuid | path ] ... .br Delete a configured connection. The connection to be deleted is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. .br See \fBconnection show\fP above for the description of the -specifying keywords. .br If '--wait' option is not specified, the default timeout will be 10 seconds. .TP .B monitor [ id | uuid | path ] ... .br Monitor connection profile activity. This command prints a line whenever the specified connection changes. The connection to be monitored is identified by its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. .br See \fBconnection show\fP above for the description of the -specifying keywords. .br Monitors all connection profiles in case none is specified. The command terminates when all monitored connections disappear. If you want to monitor connection creation consider using the global monitor with \fInmcli monitor\fP command. .TP .B reload .br Reload all connection files from disk. \fINetworkManager\fP does not monitor changes to connection files by default. So you need to use this command in order to tell \fINetworkManager\fP to re-read the connection profiles from disk when a change was made to them. However, the auto-loading feature can be enabled and then \fINetworkManager\fP will reload connection files any time they change (monitor-connection-files=true in \fINetworkManager.conf\fP(5)). .TP .B load [...] .br Load/reload one or more connection files from disk. Use this after manually editing a connection file to ensure that \fBNetworkManager\fP is aware of its latest state. .TP .B import [--temporary] type file .br Import an external/foreign configuration as a NetworkManager connection profile. The type of the input file is specified by \fItype\fP option. .br Only VPN configurations are supported at the moment. The configuration is imported by NetworkManager VPN plugins. \fItype\fP values are the same as for \fIvpn-type\fP option in \fBnmcli connection add\fP. VPN configurations are imported by VPN plugins. Therefore the proper VPN plugin has to be installed so that nmcli could import the data. .br The imported connection profile will be saved as persistent unless \fI--temporary\fP option is specified, in which case the new profile won't exist after NetworkManager restart. .TP .B export [ id | uuid | path ] [] .br Export a connection. .br Only VPN connections are supported at the moment. A proper VPN plugin has to be installed so that nmcli could export a connection. If no \fI\fP is provided, the VPN configuration data will be printed to standard output. .RE .TP .B device - show and manage network interfaces .br .TP .SS \fICOMMAND\fP := { status | show | set | connect | reapply | disconnect | delete | monitor | wifi | lldp } .sp .RS .TP .B status .br Print status of devices. .br This is the default action if no command is specified to \fIdevice\fP object. .TP .B show [] .br Show detailed information about devices. Without an argument, all devices are examined. To get information for a specific device, the interface name has to be provided. .TP .TP .B set [ifname] [autoconnect yes|no] [managed yes|no] .br Set device properties. .TP .B connect .br Connect the device. NetworkManager will try to find a suitable connection that will be activated. It will also consider connections that are not set to auto connect. .br If '--wait' option is not specified, the default timeout will be 90 seconds. .TP .B reapply .br Attempt to update device with changes to the currently active connection made since it was last applied. .TP .B disconnect ... .br Disconnect a device and prevent the device from automatically activating further connections without user/manual intervention. Note that disconnecting software devices may mean that the devices will disappear. .br If '--wait' option is not specified, the default timeout will be 10 seconds. .TP .B delete ... .br Delete a device. The command removes the interface from the system. Note that this only works for software devices like bonds, bridges, teams, etc. Hardware devices (like Ethernet) cannot be deleted by the command. .br If '--wait' option is not specified, the default timeout will be 10 seconds. .TP .B monitor [] ... .br Monitor device activity. This command prints a line whenever the specified devices change state. .br Monitors all devices in case no interface is specified. The monitor terminates when all specified devices disappear. If you want to monitor device addition consider using the global monitor with \fInmcli monitor\fP command. .TP .B wifi [list [ifname ] [bssid ]] .br List available Wi\(hyFi access points. The \fIifname\fP and \fIbssid\fP options can be used to list APs for a particular interface or with a specific BSSID, respectively. .TP .B wifi connect <(B)SSID> [password ] [wep\-key\-type key|phrase] [ifname ] [bssid ] [name ] .B [private yes|no] [hidden yes|no] .br Connect to a Wi\(hyFi network specified by SSID or BSSID. The command creates a new connection and then activates it on a device. This is a command\(hyline counterpart of clicking an SSID in a GUI client. The command always creates a new connection and thus it is mainly useful for connecting to new Wi\(hyFi networks. If a connection for the network already exists, it is better to bring up (activate) the existing connection as follows: \fInmcli con up id \fP. Note that only open, WEP and WPA\(hyPSK networks are supported at the moment. It is also supposed that IP configuration is obtained via DHCP. .br If '--wait' option is not specified, the default timeout will be 90 seconds. .RS .PP Available options are: .IP \fIpassword\fP 13 \(en password for secured networks (WEP or WPA) .IP \fIwep\-key\-type\fP 13 \(en type of WEP secret, either \fIkey\fP for ASCII/HEX key or \fIphrase\fP for passphrase .IP \fIifname\fP 13 \(en interface that will be used for activation .IP \fIbssid\fP 13 \(en if specified, the created connection will be restricted just for the BSSID .IP \fIname\fP 13 \(en if specified, the connection will use the name (else NM creates a name itself) .IP \fIprivate\fP 13 \(en if set to \fByes\fP, the connection will only be visible to the user who created it. Otherwise the connection is system\(hywide, which is the default. .IP \fIhidden\fP 13 \(en set to \fByes\fP when connecting for the first time to an AP not broadcasting its SSID. Otherwise the SSID would not be found and the connection attempt would fail. .RE .TP .B wifi hotspot [ifname ] [con-name ] [ssid ] [band a|bg] [channel ] [password ] .br Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA if device/driver supports that, otherwise WEP is used. Use \fIconnection down\fP or \fIdevice disconnect\fP to stop the hotspot. .br .RS .PP Parameters of the hotspot can be influenced by the optional parameters: .IP \fIifname\fP 17 \(en what Wi-Fi device is used .IP \fIcon-name\fP 17 \(en name of the created hotspot connection profile .IP \fIssid\fP 17 \(en SSID of the hotspot .IP \fIband\fP 17 \(en Wi-Fi band to use .IP \fIchannel\fP 17 \(en Wi-Fi channel to use .IP \fIpassword\fP 17 \(en password to use for the created hotspot. If not provided, nmcli will generate a password. The password is either WPA pre-shared key or WEP key. .PP Note that \fI--show-secrets\fP global option can be used to print the hotspot password. It is useful especially when the password was generated. .RE .TP .B wifi rescan [ifname ] [[ssid ] ...] .br Request that \fINetworkManager\fP immediately re-scan for available access points. NetworkManager scans Wi\(hyFi networks periodically, but in some cases it can be useful to start scanning manually (e.g. after resuming the computer). By using \fIssid\fP, it is possible to scan for a specific SSID, which is useful for APs with hidden SSIDs. You can provide multiple \fIssid\fP parameters in order to scan more SSIDs. .br This command does not show the APs, use 'nmcli device wifi list' for that. .TP .B lldp [list [ifname ]] .br Display information about neighboring devices learned through the Link Layer Discovery Protocol (LLDP). The \fIifname\fP option can be used to list neighbors only for a given interface. The protocol must be enabled in the connection settings. .RE .TP .B agent \- run nmcli as a NetworkManager secret agent, or polkit agent .br .TP .SS \fICOMMAND\fP := { secret | polkit | all } .sp .RS .TP .B secret .br Register nmcli as a NetworkManager secret agent and listen for secret requests. You do usually not need this command, because nmcli can handle secrets when connecting to networks. However, you may find the command useful when you use another tool for activating connections and you do not have a secret agent available (like nm-applet). .TP .B polkit .br Register nmcli as a polkit agent for the user session and listen for authorization requests. You do not usually need this command, because nmcli can handle polkit actions related to NetworkManager operations (when run with --ask). However, you may find the command useful when you want to run a simple text based polkit agent and you do not have an agent of a desktop environment. Note that running this command makes nmcli handle all polkit requests, not only NetworkManager related ones, because only one polkit agent can run for the session. .TP .B all .br Runs nmcli as both NetworkManager secret and a polkit agent. .RE .SH ENVIRONMENT VARIABLES \fInmcli\fP's behavior is affected by the following environment variables. .IP "LC_ALL" 13 If set to a non\(hyempty string value, it overrides the values of all the other internationalization variables. .IP "LC_MESSAGES" 13 Determines the locale to be used for internationalized messages. .IP "LANG" 13 Provides a default value for the internationalization variables that are unset or null. .RE Internationalization notes: .br Be aware that \fInmcli\fP is localized and that is why the output depends on your environment. This is important to realize especially when you parse the output. .br Call \fInmcli\fP as \fBLC_ALL=C nmcli\fP to be sure the locale is set to "C" while executing in a script. \fBLC_ALL\fP, \fBLC_MESSAGES\fP, \fBLANG\fP variables specify the LC_MESSAGES locale category (in that order), which determines the language that \fInmcli\fP uses for messages. The "C" locale is used if none of these variables are set, and this locale uses English messages. .SH EXIT STATUS \fInmcli\fP exits with status 0 if it succeeds, a value greater than 0 is returned if an error occurs. .IP "0" 4 Success \(en indicates the operation succeeded .IP "1" 4 Unknown or unspecified error .IP "2" 4 Invalid user input, wrong \fInmcli\fP invocation .IP "3" 4 Timeout expired (see \fI\-\-wait\fP option) .IP "4" 4 Connection activation failed .IP "5" 4 Connection deactivation failed .IP "6" 4 Disconnecting device failed .IP "7" 4 Connection deletion failed .IP "8" 4 NetworkManager is not running .IP "9" 4 \fInmcli\fP and \fINetworkManager\fP versions mismatch .IP "10" 4 Connection, device, or access point does not exist. .SH EXAMPLES .PP This section presents various examples of nmcli usage. If you want even more, please refer to \fInmcli-examples\fP(5) manual page. .sp .IP "\fB\f(CWnmcli \-t \-f RUNNING general\fP\fP" .IP tells you whether NetworkManager is running or not. .IP "\fB\f(CWnmcli \-t \-f STATE general\fP\fP" .IP shows the overall status of NetworkManager. .IP "\fB\f(CWnmcli radio wifi off\fP\fP" .IP switches Wi\(hyFi off. .IP "\fB\f(CWnmcli connection show\fP\fP" .IP lists all connections NetworkManager has. .IP "\fB\f(CWnmcli \-p \-m multiline \-f all con show\fP\fP" .IP shows all configured connections in multi-line mode. .IP "\fB\f(CWnmcli connection show --active\fP\fP" .IP lists all currently active connections. .IP "\fB\f(CWnmcli \-f name,autoconnect c s\fP\fP" .IP shows all connection profile names and their auto-connect property. .IP "\fB\f(CWnmcli \-p connection show \(dq\&My default em1\(dq\&\fP\fP" .IP shows details for "My default em1" connection profile. .IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP" .IP shows details for "My Home WiFi" connection profile with all passwords. Without \fI--show-secrets\fP option, secrets would not be displayed. .IP "\fB\f(CWnmcli \-f active connection show \(dq\&My default em1\(dq\&\fP\fP" .IP shows details for "My default em1" active connection, like IP, DHCP information, etc. .IP "\fB\f(CWnmcli -f profile con s \(dq\&My wired connection\(dq\&\fP\fP" .IP shows static configuration details of the connection profile with "My wired connection" name. .IP "\fB\f(CWnmcli \-p con up \(dq\&My wired connection\(dq\& ifname eth0\fP\fP" .IP activates the connection profile with name "My wired connection" on interface eth0. The \-p option makes nmcli show progress of the activation. .IP "\fB\f(CWnmcli con up 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 ap 00:3A:98:7C:42:D3\fP\fP" .IP connects the Wi\(hyFi connection with UUID 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 to the AP with BSSID 00:3A:98:7C:42:D3. .IP "\fB\f(CWnmcli device status\fP\fP" .IP shows the status for all devices. .IP "\fB\f(CWnmcli dev disconnect em2\fP\fP" .IP disconnects a connection on interface em2 and marks the device as unavailable for auto\(hyconnecting. As a result, no connection will automatically be activated on the device until the device's 'autoconnect' is set to TRUE or the user manually activates a connection. .IP "\fB\f(CWnmcli \-f GENERAL,WIFI\-PROPERTIES dev show wlan0\fP\fP" .IP shows details for wlan0 interface; only GENERAL and WIFI\-PROPERTIES sections will be shown. .IP "\fB\f(CWnmcli \-f CONNECTIONS device show wlp3s0\fP\fP" .IP shows all available connection profiles for your Wi-Fi interface wlp3s0. .IP "\fB\f(CWnmcli dev wifi\fP\fP" .IP lists available Wi\(hyFi access points known to NetworkManager. .IP "\fB\f(CWnmcli dev wifi con \(dq\&Cafe Hotspot 1\(dq\& password caffeine name \(dq\&My cafe\(dq\&\fP\fP" .IP creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the existing connection profile can be used and no additional is created. .IP "\fB\f(CWnmcli -s dev wifi hotspot con-name QuickHotspot\fP\fP" .IP creates a hotspot profile and connects it. Prints the hotspot password the user should use to connect to the hotspot from other devices. .IP "\fB\f(CWnmcli connection add type ethernet autoconnect no ifname eth0\fP\fP" .IP non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP), and disables the connection's "autoconnect" flag. .IP "\fB\f(CWnmcli c a ifname Maxipes\(hyfik type vlan dev eth0 id 55\fP\fP" .IP non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface will be named Maxipes\(hyfik. .IP "\fB\f(CWnmcli c a ifname eth0 type ethernet -- ipv4.method disabled ipv6.method link-local\fP\fP" .IP non-interactively adds a connection that will use eth0 Ethernet interface and only have an IPv6 link-local address configured. .IP "\fB\f(CWnmcli connection edit ethernet\-em1\-2\fP\fP" .IP edits existing "ethernet\(hyem1\(hy2" connection in the interactive editor. .IP "\fB\f(CWnmcli connection edit type ethernet con-name \(dq\&yet another Ethernet connection\(dq\&\fP\fP" .IP adds a new Ethernet connection in the interactive editor. .IP "\fB\f(CWnmcli con mod ethernet\-2 connection.autoconnect no\fP\fP" .IP modifies 'autoconnect' property in the 'connection' setting of 'ethernet\(hy2' connection. .IP "\fB\f(CWnmcli con mod \(dq\&Home Wi\-Fi\(dq\& wifi.mtu 1350\fP\fP" .IP modifies 'mtu' property in the 'wifi' setting of 'Home Wi\(hyFi' connection. .IP "\fB\f(CWnmcli con mod em1-1 ipv4.method manual ipv4.addr \(dq\&192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11\(dq\&\fP\fP" .IP sets manual addressing and the addresses in em1-1 profile. .IP "\fB\f(CWnmcli con modify ABC +ipv4.dns 8.8.8.8\fP\fP" .IP appends a Google public DNS server to DNS servers in ABC profile. .IP "\fB\f(CWnmcli con modify ABC -ipv4.addresses \(dq\&192.168.100.25/24 192.168.1.1\(dq\&\fP\fP" .IP removes the specified IP address from (static) profile ABC. .IP "\fB\f(CWnmcli con import type openvpn file ~/Downloads/frootvpn.ovpn\fP\fP" .IP imports an OpenVPN configuration to NetworkManager. .IP "\fB\f(CWnmcli con export corp-vpnc /home/joe/corpvpn.conf\fP\fP" .IP exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc) configuration. .SH NOTES \fInmcli\fP accepts abbreviations, as long as they are a unique prefix in the set of possible options. As new options get added, these abbreviations are not guaranteed to stay unique. For scripting and long term compatibility it is therefore strongly advised to spell out the full option names. .SH BUGS There are probably some bugs. If you find a bug, please report it to https://bugzilla.gnome.org/ \(em product \fINetworkManager\fP. .SH SEE ALSO .BR nmcli\-examples (5), .BR nm\-online (1), .BR NetworkManager (8), .BR NetworkManager.conf (5), .BR nm\-settings (5), .BR nm\-applet (1), .BR nm\-connection\-editor (1).