|  |  |  |  | 
| nmclinmcli — command-line tool for controlling NetworkManager | 
nmcli  [OPTIONS...] { help  |   general  |   networking  |   radio  |   connection  |   device  |   agent  |   monitor } [COMMAND] [ARGUMENTS...]
nmcli is a command-line tool for controlling NetworkManager and reporting network status. It can be utilized as a replacement for nm-applet or other graphical clients. nmcli is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status.
Typical uses include:
Scripts: Utilize NetworkManager via nmcli instead of managing network connections manually. nmcli supports a terse output format which is better suited for script processing. Note that NetworkManager can also execute scripts, called "dispatcher scripts", in response to network events. See NetworkManager(8) for details about these dispatcher scripts.
Servers, headless machines, and terminals: nmcli can be used to control NetworkManager without a GUI, including creating, editing, starting and stopping network connections and viewing network status.
|    | Output is terse. This mode is designed and suitable for computer (script) processing. | ||||
|    | Output is pretty. This causes nmcli to produce easily readable outputs for humans, i.e. values are aligned, headers are printed, etc. | ||||
|    | Switch between tabular and multiline output: 
 If omitted, default is  
 | ||||
|    | This option controls color output (using terminal escape sequences).
           | ||||
|    | This option is used to specify what fields (column names) should be
          printed. Valid field names differ for specific commands. List available fields
          by providing an invalid value to the  If omitted, default is  | ||||
|    | Whether to escape  If omitted, default is  | ||||
|    | When using this option nmcli will stop and ask for any missing required arguments, so do not use this option for non-interactive purposes like scripts. This option controls, for example, whether you will be prompted for a password if it is required for connecting to a network. | ||||
|    | When using this option nmcli will display passwords and secrets that might be present in an output of an operation. This option also influences echoing passwords typed by user as an input. | ||||
|    | This option sets a timeout period for which nmcli will wait for NetworkManager to finish operations. It is especially useful for commands that may take a longer time to complete, e.g. connection activation. Specifying a value of  | ||||
|    | Instead of conducting the desired action, nmcli will list possible completions for the last argument. This is useful to implement argument completion in shell. The exit status will indicate success or return a code 65 to indicate the last argument is a file name. NetworkManager ships with command completion support for GNU Bash. | ||||
|    | Show nmcli version. | ||||
|    | Print help information. | 
nmcli general  { status  |   hostname  |   permissions  |   logging } [ARGUMENTS...]
Use this command to show NetworkManager status and permissions. You can also get and change system hostname, as well as NetworkManager logging level and domains.
| status | Show overall status of NetworkManager. This is the default action, when no additional command is provided for nmcli general. | 
| 
          hostname
           [ | Get and change system hostname. With no arguments, this prints currently configured hostname. When you pass a hostname, it will be handed over to NetworkManager to be set as a new system hostname. Note that the term "system" hostname may also be referred to as
          "persistent" or "static" by other programs or tools. The hostname is stored
          in  | 
| permissions | Show the permissions a caller has for various authenticated operations that NetworkManager provides, like enable and disable networking, changing Wi-Fi and WWAN state, modifying connections, etc. | 
| 
          logging
           [ | Get and change NetworkManager logging level and
          domains. Without any argument current logging level and domains are shown. In
          order to change logging state, provide  | 
nmcli networking  { on  |   off  |   connectivity } [ARGUMENTS...]
Query NetworkManager networking status, enable and disable networking.
| on, off | Enable enable or disable networking control by NetworkManager. All interfaces managed by NetworkManager are deactivated when networking is disabled. | ||||||||||
| connectivity [check] | Get network connectivity state. The optional  Possible states are: 
 | 
nmcli radio  { all  |   wifi  |   wwan } [ARGUMENTS...]
Show radio switches status, or enable and disable the switches.
| wifi [ on | off ] | Show or set status of Wi-Fi in NetworkManager. If no arguments are
          supplied, Wi-Fi status is printed;  | 
| wwan [ on | off ] | Show or set status of WWAN (mobile broadband) in NetworkManager. If no
          arguments are supplied, mobile broadband status is printed;
           | 
| all [ on | off ] | Show or set all previously mentioned radio switches at the same time. | 
nmcli monitor 
Observe NetworkManager activity. Watches for changes in connectivity state, devices or connection profiles.
See also nmcli connection monitor and nmcli device monitor to watch for changes in certain devices or connections.
nmcli connection  { show  |   up  |   down  |   modify  |   add  |   edit  |   clone  |   delete  |   monitor  |   reload  |   load  |   import  |   export } [ARGUMENTS...]
NetworkManager stores all network configuration as "connections", which are collections of data (Layer2 details, IP addressing, etc.) that describe how to create or connect to a network. A connection is "active" when a device uses that connection's configuration to create or connect to a network. There may be multiple connections that apply to a device, but only one of them can be active on that device at any given time. The additional connections can be used to allow quick switching between different networks and configurations.
Consider a machine which is usually connected to a DHCP-enabled network,
    but sometimes connected to a testing network which uses static IP addressing.
    Instead of manually reconfiguring eth0 each time the network is changed, the
    settings can be saved as two connections which both apply to eth0, one for DHCP
    (called default) and one with the static addressing details (called
    testing). When connected to the DHCP-enabled network the user would run
    nmcli con up default , and when connected to the static network the user
    would run nmcli con up testing.
| 
          show
           [ | List in-memory and on-disk connection profiles, some of which may also be
          active if a device is using that connection profile. Without a parameter, all
          profiles are listed. When  The  | ||||||||||||
| 
          show
           [ | Show details for specified connections. By default, both static
          configuration and active connection data are displayed. When
           
 
 It is possible to filter the output using the global
           
 You can also specify particular fields. For static configuration, use setting and property names as described in nm-settings(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6, DHCP6, VPN. When no command is given to the nmcli connection, the default action is nmcli connection show. | ||||||||||||
| 
          up
           [  | Activate a connection. The connection is identified by its name, UUID or
          D-Bus path. If  If  See connection show above for the description of the
           Available options are: 
 | ||||||||||||
| 
          down
           [  | Deactivate a connection from a device without preventing the device from further auto-activation. Multiple connections can be passed to the command. Be aware that this command deactivates the specified active connection, but the device on which the connection was active, is still ready to connect and will perform auto-activation by looking for a suitable connection that has the 'autoconnect' flag set. This includes the just deactivated connection. So if the connection is set to auto-connect, it will be automatically started on the disconnected device again. In most cases you may want to use device disconnect command instead. The connection is identified by its name, UUID or D-Bus path. If
            See connection show above for the description of
          the  If  | ||||||||||||
| 
          modify
           [ | Add, modify or remove properties in the connection profile. To set the property just specify the property name followed by the
          value. An empty value ( In addition to the properties, you can also use short names for some of the properties. Consult the Property Aliases section for details. If you want to append an item to the existing value, use
           See nm-settings(5) for complete reference of setting and property names, their descriptions
          and default values. The  The connection is identified by its name, UUID or D-Bus path. If
           | ||||||||||||
| 
          add
           [ | Create a new connection using specified properties. You need to describe the newly created connections with the property and value pairs. See nm-settings(5) for the complete reference. You can also use the aliases described in Property Aliases section. The syntax is the same as of the nmcli connection modify command. To construct a meaningful connection you at the very least need to set the
           
 The most typical uses are described in the Examples section. Aside from the properties and values two special options are accepted: 
 | ||||||||||||
| 
          edit
           { 
              [  | Edit an existing connection or add a new one, using an interactive editor. The existing connection is identified by its name, UUID or D-Bus path. If
           The interactive editor will guide you through the connection editing and allow you to change connection parameters according to your needs by means of a simple menu-driven interface. The editor indicates what settings and properties can be modified and provides in-line help. Available options: 
 See also nm-settings(5) for all NetworkManager settings and property names, and their descriptions; and nmcli-examples(7) for sample editor sessions. | ||||||||||||
| 
          clone
           [ | Clone a connection. The connection to be cloned is identified by its
          name, UUID or D-Bus path. If  The new connection profile will be saved as persistent unless
           | ||||||||||||
| 
          delete
           [  | Delete a configured connection. The connection to be deleted is
          identified by its name, UUID or D-Bus path. If  If  | ||||||||||||
| 
          monitor
           [  | Monitor connection profile activity. This command prints a line whenever
          the specified connection changes. The connection to be monitored is identified
          by its name, UUID or D-Bus path. If  Monitors all connection profiles in case none is specified. The command terminates when all monitored connections disappear. If you want to monitor connection creation consider using the global monitor with nmcli monitor command. | ||||||||||||
| reload | Reload all connection files from disk. NetworkManager does not monitor changes to connection files by default. So you need to use this command in order to tell NetworkManager to re-read the connection profiles from disk when a change was made to them. However, the auto-loading feature can be enabled and then NetworkManager will reload connection files any time they change (monitor-connection-files=true in NetworkManager.conf(5)). | ||||||||||||
| 
          load
             | Load/reload one or more connection files from disk. Use this after manually editing a connection file to ensure that NetworkManager is aware of its latest state. | ||||||||||||
| 
          import
           [ | Import an external/foreign configuration as a NetworkManager connection
          profile. The type of the input file is specified by  Only VPN configurations are supported at the moment. The configuration is
          imported by NetworkManager VPN plugins.  The imported connection profile will be saved as persistent unless
           | ||||||||||||
| 
          export
           [  | Export a connection. Only VPN connections are supported at the moment. A proper VPN plugin has
          to be installed so that nmcli could export a connection. If no
           | 
nmcli device  { status  |   show  |   set  |   connect  |   reapply  |   modify  |   disconnect  |   delete  |   monitor  |   wifi  |   lldp } [ARGUMENTS...]
Show and manage network interfaces.
| status | Print status of devices. This is the default action if no command is specified to nmcli device. | ||||||||||||||
| 
          show
           [ | Show detailed information about devices. Without an argument, all devices are examined. To get information for a specific device, the interface name has to be provided. | ||||||||||||||
| 
          set
           [ifname]
             | Set device properties. | ||||||||||||||
| 
          connect
             | Connect the device. NetworkManager will try to find a suitable connection that will be activated. It will also consider connections that are not set to auto connect. If  | ||||||||||||||
| 
          reapply
             | Attempt to update device with changes to the currently active connection made since it was last applied. | ||||||||||||||
| 
          modify
             | Modify the settings currently active on the device. This command lets you do temporary changes to a configuration active on a particular device. The changes are not preserved in the connection profile. See nm-settings(5) for the list of available properties. Please note that some properties can't be changed on an already connected device. You can also use the aliases described in Property Aliases section. The syntax is the same as of the nmcli connection modify command. | ||||||||||||||
| 
          disconnect
             | Disconnect a device and prevent the device from automatically activating further connections without user/manual intervention. Note that disconnecting software devices may mean that the devices will disappear. If  | ||||||||||||||
| 
          delete
             | Delete a device. The command removes the interface from the system. Note that this only works for software devices like bonds, bridges, teams, etc. Hardware devices (like Ethernet) cannot be deleted by the command. If  | ||||||||||||||
| 
          monitor
           [ | Monitor device activity. This command prints a line whenever the specified devices change state. Monitors all devices in case no interface is specified. The monitor terminates when all specified devices disappear. If you want to monitor device addition consider using the global monitor with nmcli monitor command. | ||||||||||||||
| 
          wifi
           [
            list
             [ | List available Wi-Fi access points. The  | ||||||||||||||
| 
          wifi
          connect
             | Connect to a Wi-Fi network specified by SSID or BSSID. The command
          creates a new connection and then activates it on a device. This is a
          command-line counterpart of clicking an SSID in a GUI client. The command
          always creates a new connection and thus it is mainly useful for connecting to
          new Wi-Fi networks. If a connection for the network already exists, it is
          better to bring up (activate) the existing connection as follows:
          nmcli con up id  If  Available options are: 
 | ||||||||||||||
| 
          wifi
          hotspot
           [ | Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA if device/driver supports that, otherwise WEP is used. Use connection down or device disconnect to stop the hotspot. Parameters of the hotspot can be influenced by the optional parameters: 
 | ||||||||||||||
| 
          wifi
          rescan
           [ | Request that NetworkManager immediately re-scan for
          available access points. NetworkManager scans Wi-Fi networks periodically, but
          in some cases it can be useful to start scanning manually (e.g. after resuming
          the computer). By using  This command does not show the APs, use nmcli device wifi list for that. | ||||||||||||||
| 
          lldp
           [
            list
             [ | Display information about neighboring devices learned through the Link
          Layer Discovery Protocol (LLDP). The  | 
nmcli agent  { secret  |   polkit  |   all }
Run nmcli as a NetworkManager secret agent, or polkit agent.
| secret | Register nmcli as a NetworkManager secret agent and listen for secret requests. You do usually not need this command, because nmcli can handle secrets when connecting to networks. However, you may find the command useful when you use another tool for activating connections and you do not have a secret agent available (like nm-applet). | 
| polkit | Register nmcli as a polkit agent for the user session and listen for
          authorization requests. You do not usually need this command, because nmcli can
          handle polkit actions related to NetworkManager operations (when run with
           | 
| all | Runs nmcli as both NetworkManager secret and a polkit agent. | 
Apart from the property-value pairs, connection add, connection modify and device modify also accept short forms of some properties. They exist for convenience and compatiblity with older versions of nmcli that could not accept the raw properties.
The overview of the aliases is below. An actual connection type is used to
   disambiguate these options from the options of the same name that are valid for
   multiple connection types (such as mtu).
Table 1. Options for all connections
| Alias | Property | Note | 
|---|---|---|
| type | connection.type | This option also accepts values of bond-slave,team-slaveandbridge-slave. They createethernetconnection profiles. Their use is discouraged in
favor of using a specific type withmasteroption. | 
| con-name | connection.id | When not provided a default name is generated: <type>[-<ifname>][-<num>]). | 
| autoconnect | connection.autoconnect | |
| ifname | connection.interface-name | A value of *will be interpreted as
no value, making the connection profile interface-independent.
Note: use quotes around*to suppress shell expansion.
For bond, team and bridge connections a default name will be generated if not set. | 
| master | connection.master | Value specified here will be canonicalized.
It can be prefixed with ifname/,uuid/orid/to disambiguate it. | 
| slave-type | connection.slave-type | 
Table 2. PPPoE options
| Alias | Property | 
|---|---|
| username | pppoe.username | 
| password | pppoe.password | 
| service | pppoe.service | 
Table 3. Wired Ethernet options
| Alias | Property | 
|---|---|
| mtu | wired.mtu | 
| mac | wired.mac-address | 
| cloned-mac | wired.cloned-mac-address | 
Table 4. Infiniband options
| Alias | Property | 
|---|---|
| mtu | infiniband.mtu | 
| mac | infiniband.mac-address | 
| transport-mode | infiniband.transport-mode | 
| parent | infiniband.parent | 
| p-key | infiniband.p-key | 
Table 5. Wi-Fi options
| Alias | Property | 
|---|---|
| ssid | wireless.ssid | 
| mode | wireless.mode | 
| mtu | wireless.mtu | 
| mac | wireless.mac-address | 
| cloned-mac | wireless.cloned-mac-address | 
Table 9. Bluetooth options
| Alias | Property | Note | 
|---|---|---|
| addr | bluetooth.bdaddr | |
| bt-type | bluetooth.type | Apart from the usual dunandpanuoptions, the values ofdun-gsmanddun-cdmacan be used for compatibility with older
versions. They are equivalent to usingdunand setting
appropriategsm.*orcdma.*properties. | 
Table 10. VLAN options
| Alias | Property | 
|---|---|
| dev | vlan.parent | 
| id | vlan.id | 
| flags | vlan.flags | 
| ingress | vlan.ingress-priority-map | 
| egress | vlan.egress-priority-map | 
Table 11. Bonding options
| Alias | Property | Note | 
|---|---|---|
| mode | bond.options | Setting each of these adds the option to bond.optionsproperty.
It's equivalent of using the+bond.options 'option=value'syntax. | 
| primary | ||
| miimon | ||
| downdelay | ||
| updelay | ||
| arp-interval | ||
| arp-ip-target | ||
| lacp-rate | 
Table 14. Bridge options
| Alias | Property | 
|---|---|
| stp | bridge.stp | 
| priority | bridge.priority | 
| forward-delay | bridge.forward-delay | 
| hello-time | bridge.hello-time | 
| max-age | bridge.max-age | 
| ageing-time | bridge.ageing-time | 
| multicast-snooping | bridge.multicast-snooping | 
| mac | bridge.mac-address | 
| priority | bridge-port.priority | 
| path-cost | bridge-port.path-cost | 
| hairpin | bridge-port.hairpin-mode | 
Table 16. OLPC Mesh options
| Alias | Property | 
|---|---|
| ssid | olpc-mesh.ssid | 
| channel | olpc-mesh.channel | 
| dhcp-anycast | olpc-mesh.dhcp-anycast-address | 
Table 17. ADSL options
| Alias | Property | 
|---|---|
| username | adsl.username | 
| protocol | adsl.protocol | 
| password | adsl.password | 
| encapsulation | adsl.encapsulation | 
Table 19. VxLAN options
| Alias | Property | 
|---|---|
| id | vxlan.id | 
| remote | vxlan.remote | 
| dev | vxlan.parent | 
| local | vxlan.local | 
| source-port-min | vxlan.source-port-min | 
| source-port-max | vxlan.source-port-max | 
| destination-port | vxlan.destination-port | 
Table 20. Tun options
| Alias | Property | 
|---|---|
| mode | tun.mode | 
| owner | tun.owner | 
| group | tun.group | 
| pi | tun.pi | 
| vnet-hdr | tun.vnet-hdr | 
| multi-queue | tun.multi-queue | 
Table 21. IP tunneling options
| Alias | Property | 
|---|---|
| mode | ip-tunnel.mode | 
| local | ip-tunnel.local | 
| remote | ip-tunnel.remote | 
| dev | ip-tunnel.parent | 
Table 22. IPv4 options
| Alias | Property | Note | 
|---|---|---|
| ip4 | ipv4.addresses | This option can be specified multiple times.
It's equivalent of using +ipv4.addressessyntax. | 
| gw4 | ipv4.gateway | 
Table 23. IPv6 options
| Alias | Property | Note | 
|---|---|---|
| ip6 | ipv6.addresses | This option can be specified multiple times.
It's equivalent of using +ipv6.addressessyntax. | 
| gw6 | ipv6.gateway | 
nmcli's behavior is affected by the following environment variables.
| 
 | If set to a non-empty string value, it overrides the values of all the other internationalization variables. | 
| 
 | Determines the locale to be used for internationalized messages. | 
| 
 | Provides a default value for the internationalization variables that are unset or null. | 
Be aware that nmcli is localized and that is why the output depends on your environment. This is important to realize especially when you parse the output.
Call nmcli as LC_ALL=C nmcli to
    be sure the locale is set to C while executing in a script.
LC_ALL, LC_MESSAGES, LANG
    variables specify the LC_MESSAGES locale category (in that
    order), which determines the language that nmcli uses for
    messages. The C locale is used if none of these variables are set, and this
    locale uses English messages.
nmcli exits with status 0 if it succeeds, a value greater than 0 is returned if an error occurs.
| 0 | Success – indicates the operation succeeded. | 
| 1 | Unknown or unspecified error. | 
| 2 | Invalid user input, wrong nmcli invocation. | 
| 3 | Timeout expired (see  | 
| 4 | Connection activation failed. | 
| 5 | Connection deactivation failed. | 
| 6 | Disconnecting device failed. | 
| 7 | Connection deletion failed. | 
| 8 | NetworkManager is not running. | 
| 10 | Connection, device, or access point does not exist. | 
| 65 | When used with  | 
This section presents various examples of nmcli usage. If you want even more, please refer to nmcli-examples(7) manual page.
| 
 | tells you whether NetworkManager is running or not. | 
| 
 | shows the overall status of NetworkManager. | 
| 
 | switches Wi-Fi off. | 
| 
 | lists all connections NetworkManager has. | 
| 
 | shows all configured connections in multi-line mode. | 
| 
 | lists all currently active connections. | 
| 
 | shows all connection profile names and their auto-connect property. | 
| 
 | shows details for "My default em1" connection profile. | 
| 
 | shows details for "My Home WiFi" connection profile with all passwords.
          Without  | 
| 
 | shows details for "My default em1" active connection, like IP, DHCP information, etc. | 
| 
 | shows static configuration details of the connection profile with "My wired connection" name. | 
| 
 | activates the connection profile with name "My wired connection" on interface eth0. The -p option makes nmcli show progress of the activation. | 
| 
 | connects the Wi-Fi connection with UUID 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID 00:3A:98:7C:42:D3. | 
| 
 | shows the status for all devices. | 
| 
 | disconnects a connection on interface em2 and marks the device as unavailable for auto-connecting. As a result, no connection will automatically be activated on the device until the device's 'autoconnect' is set to TRUE or the user manually activates a connection. | 
| 
 | shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES sections will be shown. | 
| 
 | shows all available connection profiles for your Wi-Fi interface wlp3s0. | 
| 
 | lists available Wi-Fi access points known to NetworkManager. | 
| 
 | creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for the first time. Next time, it is better to use nmcli con up id "My cafe" so that the existing connection profile can be used and no additional is created. | 
| 
 | creates a hotspot profile and connects it. Prints the hotspot password the user should use to connect to the hotspot from other devices. | 
| 
 | starts IPv4 connection sharing using em1 device. The sharing will be active until the device is disconnected. | 
| 
 | temporarily adds an IP address to a device. The address will be removed when the same connection is activated again. | 
| 
 | non-interactively adds an Ethernet connection tied to eth0 interface with
          automatic IP configuration (DHCP), and disables the connection's  | 
| 
 | non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface will be named Maxipes-fik. | 
| 
 | non-interactively adds a connection that will use eth0 Ethernet interface and only have an IPv6 link-local address configured. | 
| 
 | edits existing "ethernet-em1-2" connection in the interactive editor. | 
| 
 | adds a new Ethernet connection in the interactive editor. | 
| 
 | modifies 'autoconnect' property in the 'connection' setting of 'ethernet-2' connection. | 
| 
 | modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi' connection. | 
| 
 | sets manual addressing and the addresses in em1-1 profile. | 
| 
 | appends a Google public DNS server to DNS servers in ABC profile. | 
| 
 | removes the specified IP address from (static) profile ABC. | 
| 
 | imports an OpenVPN configuration to NetworkManager. | 
| 
 | exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc) configuration. | 
nmcli accepts abbreviations, as long as they are a unique prefix in the set of possible options. As new options get added, these abbreviations are not guaranteed to stay unique. For scripting and long term compatibility it is therefore strongly advised to spell out the full option names.
There are probably some bugs. If you find a bug, please report it to
    https://bugzilla.gnome.org/ — product NetworkManager.
nmcli-examples(7), nm-online(1), NetworkManager(8), NetworkManager.conf(5), nm-settings(5), nm-applet(1), nm-connection-editor(1).