nmcli(1) manual page
NetworkManager developers
<refpurpose>command-line tool for controlling NetworkManager</refpurpose>
<arg choice="opt" rep="repeat"><replaceable>OPTIONS</replaceable></arg>
<group choice='req'>
<arg choice='plain'><option>help</option></arg>
<arg choice='plain'><option>general</option></arg>
<arg choice='plain'><option>networking</option></arg>
<arg choice='plain'><option>radio</option></arg>
<arg choice='plain'><option>connection</option></arg>
<arg choice='plain'><option>device</option></arg>
<arg choice='plain'><option>agent</option></arg>
<arg choice='plain'><option>monitor</option></arg>
<arg rep="repeat"><replaceable>ARGUMENTS</replaceable></arg>
<refsect1 id='description'><title>Description</title>
<para><command>nmcli</command> is a command-line tool for controlling
NetworkManager and reporting network status. It can be utilized as a
replacement for <command>nm-applet</command> or other graphical clients.
<command>nmcli</command> is used to create, display, edit, delete, activate,
and deactivate network connections, as well as control and display network
device status.</para>
<para>Typical uses include:</para>
<para>Scripts: Utilize NetworkManager via <command>nmcli</command> instead of
managing network connections manually. <command>nmcli</command> supports a
terse output format which is better suited for script processing. Note that
NetworkManager can also execute scripts, called "dispatcher scripts", in
response to network events. See
<link linkend='NetworkManager'><link linkend='NetworkManager'><citerefentry><refentrytitle>NetworkManager</refentrytitle><manvolnum>8</manvolnum></citerefentry></link></link>
for details about these dispatcher scripts.</para>
<para>Servers, headless machines, and terminals: <command>nmcli</command> can
be used to control NetworkManager without a GUI, including creating, editing,
starting and stopping network connections and viewing network status.</para>
<refsect1 id='options'><title>Options</title>
<term><group choice='plain'>
<arg choice='plain'><option>-t</option></arg>
<arg choice='plain'><option>--terse</option></arg>
<para>Output is terse. This mode is designed and suitable for computer (script)
<term><group choice='plain'>
<arg choice='plain'><option>-p</option></arg>
<arg choice='plain'><option>--pretty</option></arg>
<para>Output is pretty. This causes <command>nmcli</command> to produce easily
readable outputs for humans, i.e. values are aligned, headers are printed,
<term><group choice='plain'>
<arg choice='plain'><option>-m</option></arg>
<arg choice='plain'><option>--mode</option></arg>
<group choice='req'>
<arg choice='plain'>tabular</arg>
<arg choice='plain'>multiline</arg>
<para>Switch between tabular and multiline output:</para>
<term><arg choice='plain'>tabular</arg></term>
<para>Output is a table where each line describes a single entry.
Columns define particular properties of the entry.</para>
<term><arg choice='plain'>multiline</arg></term>
<para>Each entry comprises multiple lines, each property on its
own line. The values are prefixed with the property name.</para>
<para>If omitted, default is <literal>tabular</literal> for most commands.
For the commands producing more structured information, that cannot be
displayed on a single line, default is <literal>multiline</literal>.
Currently, they are:</para>
<para><literal>nmcli connection show <replaceable>ID</replaceable></literal></para>
<para><literal>nmcli device show</literal></para>
<term><group choice='plain'>
<arg choice='plain'><option>-c</option></arg>
<arg choice='plain'><option>--colors</option></arg>
<group choice='req'>
<arg choice='plain'>yes</arg>
<arg choice='plain'>no</arg>
<arg choice='plain'>auto</arg>
<para>This option controls color output (using terminal escape sequences).
<literal>yes</literal> enables colors, <literal>no</literal> disables them,
<literal>auto</literal> only produces colors when standard output is directed
to a terminal. The default value is <literal>auto</literal>.</para>
<para>The actual colors used are configured as described in
Please refer to the <link linkend='colors' endterm='colors.title' /> section for a
list of color names supported by <command>nmcli</command>.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-f</option></arg>
<arg choice='plain'><option>--fields</option></arg>
<group choice='req'>
<arg choice='plain' rep='repeat'><replaceable>field1</replaceable>,<replaceable>field2</replaceable></arg>
<arg choice='plain'>all</arg>
<arg choice='plain'>common</arg>
<para>This option is used to specify what fields (column names) should be
printed. Valid field names differ for specific commands. List available fields
by providing an invalid value to the <option>--fields</option> option.
<literal>all</literal> is used to print all valid field values of the
command. <literal>common</literal> is used to print common field values of
the command.</para>
<para>If omitted, default is <literal>common</literal>.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-g</option></arg>
<arg choice='plain'><option>--get-values</option></arg>
<group choice='req'>
<arg choice='plain' rep='repeat'><replaceable>field1</replaceable>,<replaceable>field2</replaceable></arg>
<arg choice='plain'>all</arg>
<arg choice='plain'>common</arg>
<para>This option is used to print values from specific fields. It is basically
a shortcut for <literal>--mode tabular --terse --fields</literal> and is a convenient
way to retrieve values for particular fields. The values are printed one per line
without headers.</para>
<para>If a section is specified instead of a field, the section name will be printed
followed by colon separated values of the fields belonging to that section, all on
the same line.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-e</option></arg>
<arg choice='plain'><option>--escape</option></arg>
<group choice='req'>
<arg choice='plain'>yes</arg>
<arg choice='plain'>no</arg>
<para>Whether to escape <literal>:</literal> and <literal>\</literal> characters in terse tabular mode. The
escape character is <literal>\</literal>.</para>
<para>If omitted, default is <literal>yes</literal>.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-a</option></arg>
<arg choice='plain'><option>--ask</option></arg>
<para>When using this option <command>nmcli</command> will stop and ask for any
missing required arguments, so do not use this option for non-interactive
purposes like scripts. This option controls, for example, whether you will be
prompted for a password if it is required for connecting to a network.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-s</option></arg>
<arg choice='plain'><option>--show-secrets</option></arg>
<para>When using this option <command>nmcli</command> will display passwords
and secrets that might be present in an output of an operation. This option
also influences echoing passwords typed by user as an input.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-w</option></arg>
<arg choice='plain'><option>--wait</option></arg></group>
<arg choice='plain'><replaceable>seconds</replaceable></arg>
<para>This option sets a timeout period for which <command>nmcli</command> will
wait for NetworkManager to finish operations. It is
especially useful for commands that may take a longer time to complete, e.g.
connection activation.</para>
<para>Specifying a value of <literal>0</literal> instructs
<command>nmcli</command> not to wait but to exit immediately with a status of
success. The default value depends on the executed command.</para>
2016-07-12 13:44:05 +00:00
<term><group choice='plain'>
<arg choice='plain'><option>--complete-args</option></arg>
<para>Instead of conducting the desired action, <command>nmcli</command>
will list possible completions for the last argument. This is useful to implement
argument completion in shell.</para>
<para>The <link linkend='exit_status'>exit status</link> will indicate success
or return a code 65 to indicate the last argument is a file name.</para>
<para>NetworkManager ships with command completion support for GNU Bash.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-v</option></arg>
<arg choice='plain'><option>--version</option></arg>
<para>Show <command>nmcli</command> version.</para>
<term><group choice='plain'>
<arg choice='plain'><option>-h</option></arg>
<arg choice='plain'><option>--help</option></arg>
<para>Print help information.</para>
<refsect1 id='general'><title>General Commands</title>
<command>nmcli general</command>
<group choice='req'>
<arg choice='plain'><command>status</command></arg>
<arg choice='plain'><command>hostname</command></arg>
<arg choice='plain'><command>permissions</command></arg>
<arg choice='plain'><command>logging</command></arg>
<arg rep='repeat'><replaceable>ARGUMENTS</replaceable></arg>
<para>Use this command to show NetworkManager status and permissions. You can also get
and change system hostname, as well as NetworkManager logging level and domains.</para>
<para>Show overall status of NetworkManager. This is the default action, when
no additional command is provided for <command>nmcli general</command>.</para>
<para>Get and change system hostname. With no arguments, this prints currently
configured hostname. When you pass a hostname, it will be handed over to
NetworkManager to be set as a new system hostname.</para>
<para>Note that the term "system" hostname may also be referred to as
"persistent" or "static" by other programs or tools. The hostname is stored
in <filename>/etc/hostname</filename> file in most distributions. For example,
systemd-hostnamed service uses the term "static" hostname and it only reads
the <filename>/etc/hostname</filename> file when it starts.</para>
<para>Show the permissions a caller has for various authenticated operations
that NetworkManager provides, like enable and disable networking, changing
Wi-Fi and WWAN state, modifying connections, etc.</para>
<arg><option>level</option> <replaceable>level</replaceable></arg>
<arg rep='repeat'><option>domains</option> <replaceable>domains</replaceable></arg>
<para>Get and change NetworkManager logging level and
domains. Without any argument current logging level and domains are shown. In
order to change logging state, provide <option>level</option> and, or,
<option>domain</option> parameters. See
<link linkend='NetworkManager.conf'><link linkend='NetworkManager.conf'><citerefentry><refentrytitle>NetworkManager.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></link></link>
for available level and domain values.</para>
<refsect1 id='networking'><title>Networking Control Commands</title>
<command>nmcli networking</command>
<group choice='req'>
<arg choice='plain'><command>on</command></arg>
<arg choice='plain'><command>off</command></arg>
<arg choice='plain'><command>connectivity</command></arg>
<arg rep='repeat'><replaceable>ARGUMENTS</replaceable></arg>
<para>Query NetworkManager networking status, enable and disable networking.
2017-01-09 11:02:50 +00:00
<para>Enable or disable networking control by NetworkManager.
All interfaces managed by NetworkManager are deactivated when networking
is disabled.</para>
<para>Get network connectivity state. The optional <option>check</option>
argument tells NetworkManager to re-check the connectivity, else the most
recent known connectivity state is displayed without re-checking.</para>
<para>Possible states are:</para>
<term><arg choice='plain'>none</arg></term>
<para>the host is not connected to any network.</para>
<term><arg choice='plain'>portal</arg></term>
<para>the host is behind a captive portal and cannot reach the full Internet.</para>
<term><arg choice='plain'>limited</arg></term>
<para>the host is connected to a network, but it has no access to the Internet.</para>
<term><arg choice='plain'>full</arg></term>
<para>the host is connected to a network and has full access to the Internet.</para>
<term><arg choice='plain'>unknown</arg></term>
<para>the connectivity status cannot be found out.</para>
<refsect1 id='radio'><title>Radio Transmission Control Commands</title>
<command>nmcli radio</command>
<group choice='req'>
<arg choice='plain'><command>all</command></arg>
<arg choice='plain'><command>wifi</command></arg>
<arg choice='plain'><command>wwan</command></arg>
<arg rep='repeat'><replaceable>ARGUMENTS</replaceable></arg>
<para>Show radio switches status, or enable and disable the switches.</para>
<arg choice='plain'>on</arg>
<arg choice='plain'>off</arg>
<para>Show or set status of Wi-Fi in NetworkManager. If no arguments are
supplied, Wi-Fi status is printed; <option>on</option> enables Wi-Fi;
<option>off</option> disables Wi-Fi.</para>
<arg choice='plain'>on</arg>
<arg choice='plain'>off</arg>
<para>Show or set status of WWAN (mobile broadband) in NetworkManager. If no
arguments are supplied, mobile broadband status is printed;
<option>on</option> enables mobile broadband, <option>off</option>
disables it.</para>
<arg choice='plain'>on</arg>
<arg choice='plain'>off</arg>
<para>Show or set all previously mentioned radio switches at the same time.</para>
<refsect1 id='monitor'><title>Activity Monitor</title>
<command>nmcli monitor</command>
<para>Observe NetworkManager activity. Watches for changes
in connectivity state, devices or connection profiles.</para>
<para>See also <command>nmcli connection monitor</command>
and <command>nmcli device monitor</command> to watch
for changes in certain devices or connections.</para>
<refsect1 id='connection'><title>Connection Management Commands</title>
<command>nmcli connection</command>
<group choice='req'>
<arg choice='plain'><command>show</command></arg>
<arg choice='plain'><command>up</command></arg>
<arg choice='plain'><command>down</command></arg>
<arg choice='plain'><command>modify</command></arg>
<arg choice='plain'><command>add</command></arg>
<arg choice='plain'><command>edit</command></arg>
<arg choice='plain'><command>clone</command></arg>
<arg choice='plain'><command>delete</command></arg>
<arg choice='plain'><command>monitor</command></arg>
<arg choice='plain'><command>reload</command></arg>
<arg choice='plain'><command>load</command></arg>
<arg choice='plain'><command>import</command></arg>
<arg choice='plain'><command>export</command></arg>
<arg rep='repeat'><replaceable>ARGUMENTS</replaceable></arg>
<para>NetworkManager stores all network configuration as "connections",
which are collections of data (Layer2 details, IP addressing, etc.) that
describe how to create or connect to a network. A connection is "active"
when a device uses that connection's configuration to create or connect to
a network. There may be multiple connections that apply to a device, but only
one of them can be active on that device at any given time. The additional
connections can be used to allow quick switching between different networks
and configurations.</para>
<para>Consider a machine which is usually connected to a DHCP-enabled network,
but sometimes connected to a testing network which uses static IP addressing.
Instead of manually reconfiguring eth0 each time the network is changed, the
settings can be saved as two connections which both apply to eth0, one for DHCP
(called <literal>default</literal>) and one with the static addressing details (called
<literal>testing</literal>). When connected to the DHCP-enabled network the user would run
<command>nmcli con up default</command> , and when connected to the static network the user
would run <command>nmcli con up testing</command>.</para>
<arg choice='plain' rep='repeat'>[+-]<replaceable>category</replaceable>:</arg>
<para>List in-memory and on-disk connection profiles, some of which may also be
active if a device is using that connection profile. Without a parameter, all
profiles are listed. When <option>--active</option> option is specified, only
the active profiles are shown.</para>
<para>The <option>--order</option> option can be used to get custom
ordering of connections. The connections can be ordered by active status
(<literal>active</literal>), name (<literal>name</literal>), type
(<literal>type</literal>) or D-Bus path (<literal>path</literal>). If
connections are equal according to a sort order category, an additional
category can be specified. The default sorting order is equivalent to
<literal>--order active:name:path</literal>. <literal>+</literal> or no
prefix means sorting in ascending order (alphabetically or in numbers),
<literal>-</literal> means reverse (descending) order. The category names
can be abbreviated (e.g. <literal>--order -a:na</literal>).</para>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><option>apath</option></arg>
<arg rep='repeat' choice='plain'><replaceable>ID</replaceable></arg>
<para>Show details for specified connections. By default, both static
configuration and active connection data are displayed. When
<option>--active</option> option is specified, only the active profiles are
taken into account. Use global <option>--show-secrets</option> option to
display secrets associated with the profile.</para>
<para><option>id</option>, <option>uuid</option>,
<option>path</option> and <option>apath</option> keywords can be used
if <replaceable>ID</replaceable> is ambiguous. Optional
<replaceable>ID</replaceable>-specifying keywords are:</para>
<para>the <replaceable>ID</replaceable> denotes a connection name.</para>
<para>the <replaceable>ID</replaceable> denotes a connection UUID.</para>
<para>the <replaceable>ID</replaceable> denotes a D-Bus
static connection path in the format of
or just <replaceable>num</replaceable>.</para>
<para>the <replaceable>ID</replaceable> denotes a D-Bus active connection path in the format of
/org/freedesktop/NetworkManager/ActiveConnection/<replaceable>num</replaceable> or just
<para>It is possible to filter the output using the global
<option>--fields</option> option. Use the following values:</para>
<para>only shows static profile configuration.</para>
<para>only shows active connection data (when the profile is active).</para>
<para>You can also specify particular fields. For static configuration, use
setting and property names as described in
</citerefentry> manual page. For active data use GENERAL, IP4, DHCP4, IP6,
DHCP6, VPN.</para>
<para>When no command is given to the <command>nmcli connection</command>,
the default action is <command>nmcli connection show</command>.</para>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><replaceable>ID</replaceable></arg>
<arg><option>ifname</option> <replaceable>ifname</replaceable></arg>
<arg><option>ap</option> <replaceable>BSSID</replaceable></arg>
<arg><option>passwd-file</option> <replaceable>file</replaceable></arg>
<para>Activate a connection. The connection is identified by its name, UUID or
D-Bus path. If <replaceable>ID</replaceable> is ambiguous, a keyword <option>id</option>,
<option>uuid</option> or <option>path</option> can be used. When
requiring a particular device to activate the connection on, the
<option>ifname</option> option with interface name should be given. If the
<replaceable>ID</replaceable> is not given an <option>ifname</option> is required, and
NetworkManager will activate the best available connection for the given
<option>ifname</option>. In case of a VPN connection, the
<option>ifname</option> option specifies the device of the base connection.
The <option>ap</option> option specify what particular AP should be used in
case of a Wi-Fi connection.</para>
<para>If <option>--wait</option> option is not specified, the default timeout will be 90
<para>See <command>connection show</command> above for the description of the
<replaceable>ID</replaceable>-specifying keywords.</para>
<para>Available options are:</para>
<para>interface that will be used for activation.</para>
<para>BSSID of the AP which the command should connect to (for Wi-Fi connections).</para>
<para>some networks may require credentials during activation. You can give
these credentials using this option. Each line of the file should contain one
password in the form:
<programlisting>setting_name.property_name:the password</programlisting>
For example, for WPA Wi-Fi with PSK, the line would be
For 802.1X password, the line would be
<programlisting>802-1x.password:my 1X password</programlisting>
<command>nmcli</command> also accepts <literal>wifi-sec</literal> and <literal>wifi</literal> strings instead of
<literal>802-11-wireless-security</literal>. When NetworkManager requires a password and it is
not given, <command>nmcli</command> will ask for it when run with <option>--ask</option>.
If <option>--ask</option> was not passed, NetworkManager can ask another secret
agent that may be running (typically a GUI secret agent, such as nm-applet or
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><option>apath</option></arg>
<arg rep='repeat' choice='plain'><replaceable>ID</replaceable></arg>
<para>Deactivate a connection from a device without preventing the device from
further auto-activation. Multiple connections can be passed to the
<para>Be aware that this command deactivates the specified active connection,
but the device on which the connection was active, is still ready to connect
and will perform auto-activation by looking for a suitable connection that has
the 'autoconnect' flag set. This includes the just deactivated connection. So
if the connection is set to auto-connect, it will be automatically started on
the disconnected device again.</para>
<para>In most cases you may want to use <command>device disconnect</command>
command instead.</para>
<para>The connection is identified by its name, UUID or D-Bus path. If
<replaceable>ID</replaceable> is ambiguous, a keyword <option>id</option>,
<option>uuid</option>, <option>path</option> or
<option>apath</option> can be used.</para>
<para> See <command>connection show</command> above for the description of
the <replaceable>ID</replaceable>-specifying keywords.</para>
<para>If <option>--wait</option> option is not specified, the default timeout
will be 10 seconds.</para>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><replaceable>ID</replaceable></arg>
<arg rep='repeat' choice='plain'>
<group choice='req'>
<arg choice='plain'><replaceable>option</replaceable> <replaceable>value</replaceable></arg>
<arg choice='plain'>[+|-]<replaceable>setting</replaceable>.<replaceable>property</replaceable> <replaceable>value</replaceable></arg>
<para>Add, modify or remove properties in the connection profile.</para>
<para>To set the property just specify the property name followed by the
value. An empty value (<literal>""</literal>) removes the property value.</para>
<para>In addition to the properties, you can also use short names for some of
the properties. Consult the <link linkend='property_aliases' endterm='property_aliases.title' />
section for details.</para>
<para>If you want to append an item to the existing value, use
<literal>+</literal> prefix for the property name. If you want to remove just
one item from container-type property, use <literal>-</literal> prefix for
the property name and specify a value or an zero-based index of the item to
remove (or option name for properties with named options) as
<replaceable>value</replaceable>. The <literal>+</literal> and <literal>-</literal>
modifies only have a real effect for multi-value (container)
properties like <literal>ipv4.dns</literal>, <literal>ipv4.addresses</literal>,
<literal>bond.options</literal>, etc.</para>
<para>See <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> for complete reference of setting and property names, their descriptions
and default values. The <replaceable>setting</replaceable> and
<replaceable>property</replaceable> can be abbreviated provided they are unique.</para>
<para>The connection is identified by its name, UUID or D-Bus path. If
<replaceable>ID</replaceable> is ambiguous, a keyword <option>id</option>,
<option>uuid</option> or <option>path</option> can be used.</para>
<arg><option>save</option><group choice='req'><arg choice='plain'>yes</arg><arg choice='plain'>no</arg></group></arg>
<arg rep='repeat' choice='plain'>
<group choice='req'>
<arg choice='plain'><replaceable>option</replaceable> <replaceable>value</replaceable></arg>
<arg choice='plain'>[+|-]<replaceable>setting</replaceable>.<replaceable>property</replaceable> <replaceable>value</replaceable></arg>
<para>Create a new connection using specified properties.</para>
<para>You need to describe the newly created connections with the property and value pairs.
See <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> for the complete reference. You can also use the aliases described in
<link linkend='property_aliases' endterm='property_aliases.title' /> section. The syntax is
the same as of the <command>nmcli connection modify</command> command.</para>
<para>To construct a meaningful connection you at the very least need to set the
<option>connection.type</option> property (or use the <option>type</option> alias)
to one of known NetworkManager connection types:</para>
<itemizedlist spacing='compact'>
2017-02-01 14:19:29 +00:00
<para>The most typical uses are described in the <link linkend='examples' endterm='examples.title' /> section.</para>
<para>Aside from the properties and values two special options are accepted:</para>
<para>Controls whether the connection should be persistent, i.e. NetworkManager should
store it on disk (default: <literal>yes</literal>).</para>
<para>If a single <option>--</option> argument is encountered it is ignored.
This is for compatibility with older versions on <command>nmcli</command>.</para>
<group choice='req'>
<arg choice='plain'>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><replaceable>ID</replaceable></arg>
<arg choice='plain'>
<arg><option>type</option> <replaceable>type</replaceable></arg>
<arg><option>con-name</option> <replaceable>name</replaceable></arg>
<para>Edit an existing connection or add a new one, using an interactive editor.</para>
<para>The existing connection is identified by its name, UUID or D-Bus path. If
<replaceable>ID</replaceable> is ambiguous, a keyword <option>id</option>,
<option>uuid</option>, or <option>path</option> can be used. See
<command>connection show</command> above for the description of the
<replaceable>ID</replaceable>-specifying keywords. Not providing an
<replaceable>ID</replaceable> means that a new connection will be added.</para>
<para>The interactive editor will guide you through the connection editing and
allow you to change connection parameters according to your needs by means of
a simple menu-driven interface. The editor indicates what settings and
properties can be modified and provides in-line help.</para>
<para>Available options:</para>
<para>type of the new connection; valid types are the same as for
<command>connection add</command> command.</para>
<para>name for the new connection. It can be changed later in the editor.</para>
<para>See also
</citerefentry> for all NetworkManager settings and property names, and their
descriptions; and
<link linkend='nmcli-examples'><citerefentry><refentrytitle>nmcli-examples</refentrytitle><manvolnum>7</manvolnum></citerefentry></link>
for sample editor sessions.</para>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><replaceable>ID</replaceable></arg>
<arg choice='plain'><replaceable>new_name</replaceable></arg>
<para>Clone a connection. The connection to be cloned is identified by its
name, UUID or D-Bus path. If <replaceable>ID</replaceable> is ambiguous, a keyword
<option>id</option>, <option>uuid</option> or <option>path</option>
can be used. See <command>connection show</command> above for the description
of the <replaceable>ID</replaceable>-specifying keywords. <replaceable>new_name</replaceable> is
the name of the new cloned connection. The new connection will be the exact
copy except the (<replaceable>new_name</replaceable>) and
connection.uuid (generated) properties.</para>
<para>The new connection profile will be saved as persistent unless
<option>--temporary</option> option is specified, in which case the new profile
won't exist after NetworkManager restart.</para>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain' rep='repeat'><replaceable>ID</replaceable></arg>
<para>Delete a configured connection. The connection to be deleted is
identified by its name, UUID or D-Bus path. If <replaceable>ID</replaceable> is ambiguous, a
keyword <option>id</option>, <option>uuid</option> or <option>path</option> can be used.
See <command>connection show</command> above for the description of
the <replaceable>ID</replaceable>-specifying keywords.</para>
<para>If <option>--wait</option> option is not specified, the default timeout will be 10
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain' rep='repeat'><replaceable>ID</replaceable></arg>
<para>Monitor connection profile activity. This command prints a line whenever
the specified connection changes. The connection to be monitored is identified
by its name, UUID or D-Bus path. If <replaceable>ID</replaceable> is ambiguous, a keyword
<option>id</option>, <option>uuid</option> or <option>path</option>
can be used. See <command>connection show</command> above for the description of the
<replaceable>ID</replaceable>-specifying keywords.</para>
<para>Monitors all connection profiles in case none is specified. The command
terminates when all monitored connections disappear. If you want to monitor
connection creation consider using the global monitor with <command>nmcli
monitor</command> command.</para>
<para>Reload all connection files from disk.
NetworkManager does not monitor changes to connection
files by default. So you need to use this command in order to tell
NetworkManager to re-read the connection profiles from
disk when a change was made to them. However, the auto-loading feature can be
enabled and then NetworkManager will reload connection
files any time they change (monitor-connection-files=true in
<link linkend='NetworkManager.conf'><link linkend='NetworkManager.conf'><citerefentry><refentrytitle>NetworkManager.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></link></link>).
<arg choice='plain' rep='repeat'><replaceable>filename</replaceable></arg>
<para>Load/reload one or more connection files from disk. Use this after
manually editing a connection file to ensure that
NetworkManager is aware of its latest state.</para>
<arg choice='plain'><option>type</option> <replaceable>type</replaceable></arg>
<arg choice='plain'><option>file</option> <replaceable>file</replaceable></arg>
<para>Import an external/foreign configuration as a NetworkManager connection
profile. The type of the input file is specified by <option>type</option>
<para>Only VPN configurations are supported at the moment. The configuration is
imported by NetworkManager VPN plugins. <option>type</option> values are
the same as for <option>vpn-type</option> option in <command>nmcli
connection add</command>. VPN configurations are imported by VPN plugins.
Therefore the proper VPN plugin has to be installed so that <command>nmcli</command> could import
the data.</para>
<para>The imported connection profile will be saved as persistent unless
<option>--temporary</option> option is specified, in which case the new profile
won't exist after NetworkManager restart.</para>
<arg choice='plain'><option>id</option></arg>
<arg choice='plain'><option>uuid</option></arg>
<arg choice='plain'><option>path</option></arg>
<arg choice='plain'><replaceable>ID</replaceable></arg>
<para>Export a connection.</para>
<para>Only VPN connections are supported at the moment. A proper VPN plugin has
to be installed so that <command>nmcli</command> could export a connection. If no
<replaceable>file</replaceable> is provided, the VPN configuration
data will be printed to standard output.</para>
<refsect1 id='device'><title>Device Management Commands</title>
<command>nmcli device</command>
<group choice='req'>
<arg choice='plain'><command>status</command></arg>
<arg choice='plain'><command>show</command></arg>
<arg choice='plain'><command>set</command></arg>
<arg choice='plain'><command>connect</command></arg>
<arg choice='plain'><command>reapply</command></arg>
<arg choice='plain'><command>modify</command></arg>
<arg choice='plain'><command>disconnect</command></arg>
<arg choice='plain'><command>delete</command></arg>
<arg choice='plain'><command>monitor</command></arg>
<arg choice='plain'><command>wifi</command></arg>
<arg choice='plain'><command>lldp</command></arg>
<arg rep='repeat'><replaceable>ARGUMENTS</replaceable></arg>
<para>Show and manage network interfaces.</para>
<para>Print status of devices.</para>
<para>This is the default action if no command is specified to
<command>nmcli device</command>.</para>
<para>Show detailed information about devices. Without an argument, all
devices are examined. To get information for a specific device, the interface
name has to be provided.</para>
<arg choice='plain'><replaceable>ifname</replaceable></arg>
<group choice='req'>
<arg choice='plain'>yes</arg>
<arg choice='plain'>no</arg>
<group choice='req'>
<arg choice='plain'>yes</arg>
<arg choice='plain'>no</arg>
<para>Set device properties.</para>
<arg choice='plain'><replaceable>ifname</replaceable></arg>
<para>Connect the device. NetworkManager will try to find a suitable connection
that will be activated. It will also consider connections that are not set to
auto connect.</para>
<para>If no compatible connection exists, a new profile with default
settings will be created and activated. This differentiates
<command>nmcli connection up ifname "$DEVICE"</command> from
<command>nmcli device connect "$DEVICE"</command></para>
<para>If <option>--wait</option> option is not specified, the default timeout will be 90
<arg choice='plain'><replaceable>ifname</replaceable></arg>
<para>Attempt to update device with changes to the currently active connection
made since it was last applied.</para>
<arg choice='plain'><replaceable>ifname</replaceable></arg>
<arg rep='repeat' choice='plain'>
<group choice='req'>
<arg choice='plain'><replaceable>option</replaceable> <replaceable>value</replaceable></arg>
<arg choice='plain'>[+|-]<replaceable>setting</replaceable>.<replaceable>property</replaceable> <replaceable>value</replaceable></arg>
<para>Modify the settings currently active on the device.</para>
<para>This command lets you do temporary changes to a configuration active on
a particular device. The changes are not preserved in the connection profile.</para>
<para>See <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> for the list of available properties. Please note that some
properties can't be changed on an already connected device.</para>
<para>You can also use the aliases described in
<link linkend='property_aliases' endterm='property_aliases.title' /> section. The syntax is
the same as of the <command>nmcli connection modify</command> command.</para>
<arg choice='plain' rep='repeat'><replaceable>ifname</replaceable></arg>
<para>Disconnect a device and prevent the device from automatically activating
further connections without user/manual intervention. Note that disconnecting
software devices may mean that the devices will disappear.</para>
<para>If <option>--wait</option> option is not specified, the default timeout
will be 10 seconds.</para>
<arg choice='plain' rep='repeat'><replaceable>ifname</replaceable></arg>
<para>Delete a device. The command removes the interface from the system. Note
that this only works for software devices like bonds, bridges, teams, etc.
Hardware devices (like Ethernet) cannot be deleted by the command.</para>
<para>If <option>--wait</option> option is not specified, the default timeout will be 10
<arg rep='repeat'><replaceable>ifname</replaceable></arg>
<para>Monitor device activity. This command prints a line whenever the
specified devices change state.</para>
<para>Monitors all devices in case no interface is specified. The monitor
terminates when all specified devices disappear. If you want to monitor device
addition consider using the global monitor with <command>nmcli
monitor</command> command.</para>
<arg choice='plain'><option>auto</option></arg>
<arg choice='plain'><option>no</option></arg>
<arg choice='plain'><option>yes</option></arg>
<arg><option>ifname</option> <replaceable>ifname</replaceable></arg>
<arg><option>bssid</option> <replaceable>BSSID</replaceable></arg>
<para>List available Wi-Fi access points. The <option>ifname</option> and
<option>bssid</option> options can be used to list APs for a particular
interface or with a specific BSSID, respectively.</para>
<para>By default, <command>nmcli</command> ensures that the access point list
is no older than 30 seconds and triggers a network scan if necessary. The
<option>--rescan</option> can be used to either force or disable the scan
regardless of how fresh the access point list is.</para>
<arg choice='plain'><replaceable>(B)SSID</replaceable></arg>
<arg><option>password</option> <replaceable>password</replaceable></arg>
<group choice='req'>
<arg choice='plain'>key</arg>
<arg choice='plain'>phrase</arg>
<arg><option>ifname</option> <replaceable>ifname</replaceable></arg>
<arg><option>bssid</option> <replaceable>BSSID</replaceable></arg>
<arg><option>name</option> <replaceable>name</replaceable></arg>
<group choice='req'>
<arg choice='plain'>yes</arg>
<arg choice='plain'>no</arg>
<group choice='req'>
<arg choice='plain'>yes</arg>
<arg choice='plain'>no</arg>
<para>Connect to a Wi-Fi network specified by SSID or BSSID. The command
creates a new connection and then activates it on a device. This is a
command-line counterpart of clicking an SSID in a GUI client. The command
always creates a new connection and thus it is mainly useful for connecting to
new Wi-Fi networks. If a connection for the network already exists, it is
better to bring up (activate) the existing connection as follows:
<command>nmcli con up id <replaceable>name</replaceable></command>. Note that
only open, WEP and WPA-PSK networks are supported at the moment. It is also
supposed that IP configuration is obtained via DHCP.</para>
<para>If <option>--wait</option> option is not specified, the default timeout will be 90
<para>Available options are:</para>
<para>password for secured networks (WEP or WPA).</para>
<para>type of WEP secret, either <option>key</option> for ASCII/HEX key or
<option>phrase</option> for passphrase.</para>
<para>interface that will be used for activation.</para>
<para>if specified, the created connection will be restricted just for the
<para>if specified, the connection will use the name (else NM creates a name
<para>if set to <literal>yes</literal>, the connection will only be visible
to the user who created it. Otherwise the connection is system-wide, which is
the default.</para>
<para>set to <literal>yes</literal> when connecting for the first time to an
AP not broadcasting its SSID. Otherwise the SSID would not be found and the
connection attempt would fail.</para>
<arg><option>ifname</option> <replaceable>ifname</replaceable></arg>
<arg><option>con-name</option> <replaceable>name</replaceable></arg>
<arg><option>ssid</option> <replaceable>SSID</replaceable></arg>
<group choice='req'>
<arg choice='plain'>a</arg>
<arg choice='plain'>bg</arg>
<arg><option>channel</option> <replaceable>channel</replaceable></arg>
<arg><option>password</option> <replaceable>password</replaceable></arg>
<para>Create a Wi-Fi hotspot. The command creates a hotspot connection profile
according to Wi-Fi device capabilities and activates it on the device. The
hotspot is secured with WPA if device/driver supports that, otherwise WEP is
used. Use <command>connection down</command> or <command>device
disconnect</command> to stop the hotspot.</para>
<para>Parameters of the hotspot can be influenced by the optional
<para>what Wi-Fi device is used.</para>
<para>name of the created hotspot connection profile.</para>
<para>SSID of the hotspot.</para>
<para>Wi-Fi band to use.</para>
<para>Wi-Fi channel to use.</para>
<para>password to use for the created hotspot. If not provided, <command>nmcli</command> will
generate a password. The password is either WPA pre-shared key or WEP
<para>Note that <option>--show-secrets</option> global option can be used to
print the hotspot password. It is useful especially when the password was
<arg><option>ifname</option> <replaceable>ifname</replaceable></arg>
<arg rep='repeat'><option>ssid</option> <replaceable>SSID</replaceable></arg>
<para>Request that NetworkManager immediately re-scan for
available access points. NetworkManager scans Wi-Fi networks periodically, but
in some cases it can be useful to start scanning manually (e.g. after resuming
the computer). By using <option>ssid</option>, it is possible to scan for a
specific SSID, which is useful for APs with hidden SSIDs. You can provide
multiple <option>ssid</option> parameters in order to scan more
<para>This command does not show the APs, use <command>nmcli device wifi list</command>
for that.</para>
<arg><option>ifname</option> <replaceable>ifname</replaceable></arg>
<para>Display information about neighboring devices learned through the Link
Layer Discovery Protocol (LLDP). The <option>ifname</option> option can be
used to list neighbors only for a given interface. The protocol must be enabled
in the connection settings.</para>
<refsect1 id='agent'><title>Secret Agent</title>
<command>nmcli agent</command>
<group choice='req'>
<arg choice='plain'><command>secret</command></arg>
<arg choice='plain'><command>polkit</command></arg>
<arg choice='plain'><command>all</command></arg>
<para>Run <command>nmcli</command> as a NetworkManager secret agent, or polkit agent.</para>
<para>Register <command>nmcli</command> as a NetworkManager secret agent and listen for secret
requests. You do usually not need this command, because <command>nmcli</command> can handle
secrets when connecting to networks. However, you may find the command useful
when you use another tool for activating connections and you do not have a
secret agent available (like nm-applet).</para>
<para>Register <command>nmcli</command> as a polkit agent for the user session and listen for
authorization requests. You do not usually need this command, because <command>nmcli</command> can
handle polkit actions related to NetworkManager operations (when run with
<option>--ask</option>). However, you may find the command useful when you want
to run a simple text based polkit agent and you do not have an agent of a desktop
environment. Note that running this command makes <command>nmcli</command> handle all polkit requests,
not only NetworkManager related ones, because only one polkit agent can run for the
<para>Runs <command>nmcli</command> as both NetworkManager secret and a polkit agent.</para>
<refsect1 id='property_aliases'><title id='property_aliases.title'>Property Aliases</title>
<para>Apart from the property-value pairs, <command>connection add</command>,
<command>connection modify</command> and <command>device modify</command> also
accept short forms of some properties. They exist for convenience. Some aliases can
affect multiple connection properties at once.</para>
<para>The overview of the aliases is below. An actual connection type is used to
disambiguate these options from the options of the same name that are valid for
multiple connection types (such as <option>mtu</option>).</para>
<table><title>Options for all connections</title><tgroup cols="3">
<entry align="left">type</entry>
<entry align="left"><link linkend="">connection.type</link></entry>
<entry align="left" valign="top">This alias also accepts values of <option>bond-slave</option>,
<option>team-slave</option> and <option>bridge-slave</option>. They create
<option>ethernet</option> connection profiles. Their use is discouraged in
favor of using a specific type with <option>master</option> option.</entry>
<entry align="left">con-name</entry>
<entry align="left"><link linkend=""></link></entry>
<entry align="left" valign="top">When not provided a default name is generated: &lt;type&gt;[-&lt;ifname&gt;][-&lt;num&gt;]).</entry>
<row><entry align="left">autoconnect</entry><entry align="left"><link linkend="">connection.autoconnect</link></entry><entry align="left" /></row>
<entry align="left">ifname</entry>
<entry align="left"><link linkend="">connection.interface-name</link></entry>
<entry align="left" valign="top">A value of <literal>*</literal> will be interpreted as
no value, making the connection profile interface-independent.
Note: use quotes around <literal>*</literal> to suppress shell expansion.
For bond, team and bridge connections a default name will be generated if not set.</entry>
<entry align="left">master</entry>
<entry align="left"><link linkend="">connection.master</link></entry>
<entry align="left" valign="top">Value specified here will be canonicalized.
It can be prefixed with <literal>ifname/</literal>, <literal>uuid/</literal>
or <literal>id/</literal> to disambiguate it.</entry>
If the master connection can be found this will set <literal>connection.slave-type</literal>
property as well.
<row><entry align="left">slave-type</entry><entry align="left"><link linkend="">connection.slave-type</link></entry><entry align="left" /></row>
<table><title>PPPoE options</title><tgroup cols="2">
<row><entry align="left">username</entry><entry align="left"><link linkend="">pppoe.username</link></entry></row>
<row><entry align="left">password</entry><entry align="left"><link linkend="">pppoe.password</link></entry></row>
<row><entry align="left">service</entry><entry align="left"><link linkend="">pppoe.service</link></entry></row>
2017-09-13 10:01:00 +00:00
<row><entry align="left">parent</entry><entry align="left"><link linkend="">pppoe.parent</link></entry></row>
<table><title>Wired Ethernet options</title><tgroup cols="2">
<row><entry align="left">mtu</entry><entry align="left"><link linkend="">wired.mtu</link></entry></row>
<row><entry align="left">mac</entry><entry align="left"><link linkend="">wired.mac-address</link></entry></row>
<row><entry align="left">cloned-mac</entry><entry align="left"><link linkend="">wired.cloned-mac-address</link></entry></row>
<table><title>Infiniband options</title><tgroup cols="2">
<row><entry align="left">mtu</entry><entry align="left"><link linkend="">infiniband.mtu</link></entry></row>
<row><entry align="left">mac</entry><entry align="left"><link linkend="">infiniband.mac-address</link></entry></row>
<row><entry align="left">transport-mode</entry><entry align="left"><link linkend="">infiniband.transport-mode</link></entry></row>
<row><entry align="left">parent</entry><entry align="left"><link linkend="">infiniband.parent</link></entry></row>
<row><entry align="left">p-key</entry><entry align="left"><link linkend="">infiniband.p-key</link></entry></row>
<table><title>Wi-Fi options</title><tgroup cols="2">
<row><entry align="left">ssid</entry><entry align="left"><link linkend="">wireless.ssid</link></entry></row>
<row><entry align="left">mode</entry><entry align="left"><link linkend="">wireless.mode</link></entry></row>
<row><entry align="left">mtu</entry><entry align="left"><link linkend="">wireless.mtu</link></entry></row>
<row><entry align="left">mac</entry><entry align="left"><link linkend="">wireless.mac-address</link></entry></row>
<row><entry align="left">cloned-mac</entry><entry align="left"><link linkend="">wireless.cloned-mac-address</link></entry></row>
<table><title>WiMax options</title><tgroup cols="2">
<row><entry align="left">nsp</entry><entry align="left"><link linkend=""></link></entry></row>
<row><entry align="left">mac</entry><entry align="left"><link linkend="">wimax.mac-address</link></entry></row>
<table><title>GSM options</title><tgroup cols="2">
<row><entry align="left">apn</entry><entry align="left"><link linkend="">gsm.apn</link></entry></row>
<row><entry align="left">user</entry><entry align="left"><link linkend="">gsm.username</link></entry></row>
<row><entry align="left">password</entry><entry align="left"><link linkend="">gsm.password</link></entry></row>
<table><title>CDMA options</title><tgroup cols="2">
<row><entry align="left">user</entry><entry align="left"><link linkend="">cdma.username</link></entry></row>
<row><entry align="left">password</entry><entry align="left"><link linkend="">cdma.password</link></entry></row>
<table><title>Bluetooth options</title><tgroup cols="3">
<row><entry align="left">addr</entry><entry align="left"><link linkend="">bluetooth.bdaddr</link></entry><entry align="left" /></row>
<entry align="left">bt-type</entry>
<entry align="left"><link linkend="">bluetooth.type</link></entry>
<entry align="left" valign="top">Apart from the usual <literal>panu</literal>,
<literal>nap</literal> and <literal>dun</literal> options, the values of
<literal>dun-gsm</literal> and <literal>dun-cdma</literal> can be used for compatibility
with older versions. They are equivalent to using <literal>dun</literal> and setting
appropriate <literal>gsm.*</literal> or <literal>cdma.*</literal> properties.</entry>
<table><title>VLAN options</title><tgroup cols="2">
<row><entry align="left">dev</entry><entry align="left"><link linkend="">vlan.parent</link></entry></row>
<row><entry align="left">id</entry><entry align="left"><link linkend=""></link></entry></row>
<row><entry align="left">flags</entry><entry align="left"><link linkend="">vlan.flags</link></entry></row>
<row><entry align="left">ingress</entry><entry align="left"><link linkend="">vlan.ingress-priority-map</link></entry></row>
<row><entry align="left">egress</entry><entry align="left"><link linkend="">vlan.egress-priority-map</link></entry></row>
<table><title>Bonding options</title><tgroup cols="3">
<entry align="left">mode</entry>
<entry align="left" morerows="7">bond.options</entry>
<entry align="left" morerows="7" valign="top">Setting each of these adds the option to <literal>bond.options</literal> property.
It's equivalent to the <literal>+bond.options 'option=value'</literal> syntax.</entry>
<row><entry align="left">primary</entry></row>
<row><entry align="left">miimon</entry></row>
<row><entry align="left">downdelay</entry></row>
<row><entry align="left">updelay</entry></row>
<row><entry align="left">arp-interval</entry></row>
<row><entry align="left">arp-ip-target</entry></row>
<row><entry align="left">lacp-rate</entry></row>
<table><title>Team options</title><tgroup cols="3">
<row><entry align="left">config</entry><entry align="left"><link linkend="">team.config</link></entry>
<entry align="left">Either a filename or a team configuration in JSON format. To enforce one or the other, the value can be prefixed with "file://" or "json://".</entry>
<table><title>Team port options</title><tgroup cols="3">
<row><entry align="left">config</entry><entry align="left"><link linkend="">team-port.config</link></entry>
<entry align="left">Either a filename or a team configuration in JSON format. To enforce one or the other, the value can be prefixed with "file://" or "json://".</entry>
<table><title>Bridge options</title><tgroup cols="2">
<row><entry align="left">stp</entry><entry align="left"><link linkend="">bridge.stp</link></entry></row>
<row><entry align="left">priority</entry><entry align="left"><link linkend="">bridge.priority</link></entry></row>
<row><entry align="left">forward-delay</entry><entry align="left"><link linkend="">bridge.forward-delay</link></entry></row>
<row><entry align="left">hello-time</entry><entry align="left"><link linkend="">bridge.hello-time</link></entry></row>
<row><entry align="left">max-age</entry><entry align="left"><link linkend="">bridge.max-age</link></entry></row>
<row><entry align="left">ageing-time</entry><entry align="left"><link linkend="">bridge.ageing-time</link></entry></row>
2017-09-13 10:01:00 +00:00
<row><entry align="left">group-forward-mask</entry><entry align="left"><link linkend=""></link></entry></row>
<row><entry align="left">multicast-snooping</entry><entry align="left"><link linkend="">bridge.multicast-snooping</link></entry></row>
<row><entry align="left">mac</entry><entry align="left"><link linkend="">bridge.mac-address</link></entry></row>
<row><entry align="left">priority</entry><entry align="left"><link linkend="">bridge-port.priority</link></entry></row>
<row><entry align="left">path-cost</entry><entry align="left"><link linkend="">bridge-port.path-cost</link></entry></row>
<row><entry align="left">hairpin</entry><entry align="left"><link linkend="">bridge-port.hairpin-mode</link></entry></row>
<table><title>VPN options</title><tgroup cols="2">
<row><entry align="left">vpn-type</entry><entry align="left"><link linkend="">vpn.service-type</link></entry></row>
<row><entry align="left">user</entry><entry align="left"><link linkend="">vpn.user-name</link></entry></row>
<table><title>OLPC Mesh options</title><tgroup cols="2">
<row><entry align="left">ssid</entry><entry align="left"><link linkend="">olpc-mesh.ssid</link></entry></row>
<row><entry align="left">channel</entry><entry align="left"><link linkend=""></link></entry></row>
<row><entry align="left">dhcp-anycast</entry><entry align="left"><link linkend="">olpc-mesh.dhcp-anycast-address</link></entry></row>
<table><title>ADSL options</title><tgroup cols="2">
<row><entry align="left">username</entry><entry align="left"><link linkend="">adsl.username</link></entry></row>
<row><entry align="left">protocol</entry><entry align="left"><link linkend="">adsl.protocol</link></entry></row>
<row><entry align="left">password</entry><entry align="left"><link linkend="">adsl.password</link></entry></row>
<row><entry align="left">encapsulation</entry><entry align="left"><link linkend="">adsl.encapsulation</link></entry></row>
<table><title>MACVLAN options</title><tgroup cols="2">
<row><entry align="left">dev</entry><entry align="left"><link linkend="">macvlan.parent</link></entry></row>
<row><entry align="left">mode</entry><entry align="left"><link linkend="">macvlan.mode</link></entry></row>
<row><entry align="left">tap</entry><entry align="left"><link linkend="">macvlan.tap</link></entry></row>
2017-09-13 10:01:00 +00:00
<table><title>MACsec options</title><tgroup cols="2">
<row><entry align="left">dev</entry><entry align="left"><link linkend="">macsec.parent</link></entry></row>
<row><entry align="left">mode</entry><entry align="left"><link linkend="">macsec.mode</link></entry></row>
<row><entry align="left">encrypt</entry><entry align="left"><link linkend="">macsec.encrypt</link></entry></row>
<row><entry align="left">cak</entry><entry align="left"><link linkend="">macsec.cak</link></entry></row>
<row><entry align="left">ckn</entry><entry align="left"><link linkend="">macsec.ckn</link></entry></row>
<row><entry align="left">port</entry><entry align="left"><link linkend="">macsec.port</link></entry></row>
<table><title>VxLAN options</title><tgroup cols="2">
<row><entry align="left">id</entry><entry align="left"><link linkend=""></link></entry></row>
<row><entry align="left">remote</entry><entry align="left"><link linkend="">vxlan.remote</link></entry></row>
<row><entry align="left">dev</entry><entry align="left"><link linkend="">vxlan.parent</link></entry></row>
<row><entry align="left">local</entry><entry align="left"><link linkend="">vxlan.local</link></entry></row>
<row><entry align="left">source-port-min</entry><entry align="left"><link linkend="">vxlan.source-port-min</link></entry></row>
<row><entry align="left">source-port-max</entry><entry align="left"><link linkend="">vxlan.source-port-max</link></entry></row>
<row><entry align="left">destination-port</entry><entry align="left"><link linkend="">vxlan.destination-port</link></entry></row>
<table><title>Tun options</title><tgroup cols="2">
<row><entry align="left">mode</entry><entry align="left"><link linkend="">tun.mode</link></entry></row>
<row><entry align="left">owner</entry><entry align="left"><link linkend="">tun.owner</link></entry></row>
<row><entry align="left">group</entry><entry align="left"><link linkend=""></link></entry></row>
<row><entry align="left">pi</entry><entry align="left"><link linkend="">tun.pi</link></entry></row>
<row><entry align="left">vnet-hdr</entry><entry align="left"><link linkend="">tun.vnet-hdr</link></entry></row>
<row><entry align="left">multi-queue</entry><entry align="left"><link linkend="">tun.multi-queue</link></entry></row>
<table><title>IP tunneling options</title><tgroup cols="2">
<row><entry align="left">mode</entry><entry align="left"><link linkend="">ip-tunnel.mode</link></entry></row>
<row><entry align="left">local</entry><entry align="left"><link linkend="">ip-tunnel.local</link></entry></row>
<row><entry align="left">remote</entry><entry align="left"><link linkend="">ip-tunnel.remote</link></entry></row>
<row><entry align="left">dev</entry><entry align="left"><link linkend="">ip-tunnel.parent</link></entry></row>
2018-03-09 17:21:10 +00:00
<table><title>WPAN options</title><tgroup cols="2">
<row><entry align="left">mac</entry><entry align="left"><link linkend="">wpan.mac</link></entry></row>
<row><entry align="left">short-addr</entry><entry align="left"><link linkend="">wpan.short-addr</link></entry></row>
<row><entry align="left">pan-id</entry><entry align="left"><link linkend="">wpan.pan-id</link></entry></row>
2018-05-22 15:11:30 +00:00
<table><title>6LoWPAN options</title><tgroup cols="2">
<row><entry align="left">dev</entry><entry align="left"><link linkend="">6lowpan.parent</link></entry></row>
<table><title>IPv4 options</title><tgroup cols="3">
<entry align="left">ip4</entry>
<entry align="left"><link linkend="">ipv4.addresses</link> <link linkend="">ipv4.method</link></entry>
<entry align="left" valign="top">The alias is equivalent to the <literal>+ipv4.addresses</literal> syntax and also sets <literal>ipv4.method</literal> to <literal>manual</literal>. It can be specified multiple times.</entry>
<row><entry align="left">gw4</entry><entry align="left"><link linkend="">ipv4.gateway</link></entry><entry align="left" /></row>
<table><title>IPv6 options</title><tgroup cols="3">
<entry align="left">ip6</entry>
<entry align="left"><link linkend="">ipv6.addresses</link> <link linkend="">ipv6.method</link></entry>
<entry align="left" valign="top">The alias is equivalent to the <literal>+ipv6.addresses</literal> syntax and also sets <literal>ipv6.method</literal> to <literal>manual</literal>. It can be specified multiple times.</entry>
<row><entry align="left">gw6</entry><entry align="left"><link linkend="">ipv6.gateway</link></entry><entry align="left" /></row>
<table><title>Proxy options</title><tgroup cols="3">
2017-09-13 10:01:00 +00:00
<row><entry align="left">method</entry><entry align="left"><link linkend="">proxy.method</link></entry><entry align="left" /></row>
<row><entry align="left">browser-only</entry><entry align="left"><link linkend="">proxy.browser-only</link></entry><entry align="left" /></row>
<row><entry align="left">pac-url</entry><entry align="left"><link linkend="">proxy.pac-url</link></entry><entry align="left" /></row>
2017-09-13 10:01:00 +00:00
<entry align="left">pac-script</entry>
<entry align="left"><link linkend="">proxy.pac-script</link></entry>
2017-09-13 10:01:00 +00:00
<entry align="left" valign="top">Read the JavaScript PAC (proxy auto-config) script from file or pass it directly on the command line. Prefix the value with "file://" or "js://" to force one or the other.</entry>
<refsect1 id='colors'><title id='colors.title'>Colors</title>
<para>Implicit coloring can be disabled by an empty file
<para>See <citerefentry><refentrytitle>terminal-colors.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more details about colorization configuration.
The logical color names supported by <command>nmcli</command> are:</para>
<para>A connection that is active.</para>
<para>Connection that is being activated.</para>
<para>Connection that is being disconnected.</para>
<para>Connection whose details is the user not permitted to see.</para>
<para>Conectivity state when Internet is reachable.</para>
<para>Conectivity state when only a local network reachable.</para>
<para>Conectivity state when the network is disconnected.</para>
<para>Conectivity state when a captive portal hijacked the connection.</para>
<para>Conectivity state when a connectivity check didn't run.</para>
<para>Device that is connected.</para>
<para>Device that is being configured.</para>
<para>Device that is not connected.</para>
<para>Warning of a missing device firmware.</para>
<para>Warning of a missing device plugin.</para>
<para>Device that is not available for activation.</para>
<para>Notice that the NetworkManager daemon is available.</para>
<para>Notice that the NetworkManager daemon is being initially connected.</para>
<para>Notice that the NetworkManager daemon is not available.</para>
<para>An action that requires user authentication to get permission.</para>
<para>An action that is not permitted.</para>
<para>An action that is permitted.</para>
<para>Prompt in interactive mode.</para>
<para>Indication that NetworkManager in suspended state.</para>
<para>Indication that NetworkManager in connected to Internet.</para>
<para>Indication that NetworkManager in local network.</para>
<para>Indication that NetworkManager in connected to networks other than Internet.</para>
<para>Indication that NetworkManager is establishing a network connection.</para>
<para>Indication that NetworkManager is disconnected from a network.</para>
<para>Indication that NetworkManager is being disconnected from a network.</para>
<para>Wi-Fi network with an excellent signal level.</para>
<para>Wi-Fi network with a fair signal level.</para>
<para>Wi-Fi network with a good signal level.</para>
<para>Wi-Fi network with a poor signal level.</para>
<para>Wi-Fi network that hasn't been actually seen (a hidden AP).</para>
<para>A property that is turned off.</para>
<para>A property that is turned on.</para>
<refsect1 id='environment_variables'><title>Environment Variables</title>
<para><command>nmcli</command>'s behavior is affected by the following
environment variables.</para>
<para>If set to a non-empty string value, it overrides the values of all the
other internationalization variables.</para>
<para>Determines the locale to be used for internationalized messages.</para>
<para>Provides a default value for the internationalization variables that are
unset or null.</para>
<refsect1 id='internationalization_notes'><title>Internationalization notes</title>
<para>Be aware that <command>nmcli</command> is localized and that is why the
output depends on your environment. This is important to realize especially
when you parse the output.</para>
<para>Call <command>nmcli</command> as <command>LC_ALL=C nmcli</command> to
be sure the locale is set to <literal>C</literal> while executing in a script.</para>
<para><envar>LC_ALL</envar>, <envar>LC_MESSAGES</envar>, <envar>LANG</envar>
variables specify the <envar>LC_MESSAGES</envar> locale category (in that
order), which determines the language that <command>nmcli</command> uses for
messages. The <literal>C</literal> locale is used if none of these variables are set, and this
locale uses English messages.</para>
<refsect1 id='exit_status'><title>Exit Status</title>
<para><command>nmcli</command> exits with status 0 if it succeeds, a value
greater than 0 is returned if an error occurs.</para>
<variablelist spacing='compact' termlength='3'>
<para>Success &ndash; indicates the operation succeeded.</para>
<para>Unknown or unspecified error.</para>
<para>Invalid user input, wrong <command>nmcli</command>
<para>Timeout expired (see <option>--wait</option> option).</para>
<para>Connection activation failed.</para>
<para>Connection deactivation failed.</para>
<para>Disconnecting device failed.</para>
<para>Connection deletion failed.</para>
<para>NetworkManager is not running.</para>
<para>Connection, device, or access point does not exist.</para>
<para>When used with <option>--complete-args</option> option, a file name is expected to follow.</para>
<refsect1 id='examples'><title id='examples.title'>Examples</title>
<para>This section presents various examples of <command>nmcli</command> usage. If you want even
more, please refer to
<link linkend='nmcli-examples'><citerefentry><refentrytitle>nmcli-examples</refentrytitle><manvolnum>7</manvolnum></citerefentry></link>
manual page.</para>
<term><userinput>nmcli -t -f RUNNING general</userinput></term>
<para>tells you whether NetworkManager is running or not.</para>
<term><userinput>nmcli -t -f STATE general</userinput></term>
<para>shows the overall status of NetworkManager.</para>
<term><userinput>nmcli radio wifi off</userinput></term>
<para>switches Wi-Fi off.</para>
<term><userinput>nmcli connection show</userinput></term>
<para>lists all connections NetworkManager has.</para>
<term><userinput>nmcli -p -m multiline -f all con show</userinput></term>
<para>shows all configured connections in multi-line mode.</para>
<term><userinput>nmcli connection show --active</userinput></term>
<para>lists all currently active connections.</para>
<term><userinput>nmcli -f name,autoconnect c s</userinput></term>
<para>shows all connection profile names and their auto-connect property.</para>
<term><userinput>nmcli -p connection show "My default em1"</userinput></term>
<para>shows details for "My default em1" connection profile.</para>
<term><userinput>nmcli --show-secrets connection show "My Home WiFi"</userinput></term>
<para>shows details for "My Home WiFi" connection profile with all passwords.
Without <option>--show-secrets</option> option, secrets would not be
<term><userinput>nmcli -f active connection show "My default em1"</userinput></term>
<para>shows details for "My default em1" active connection, like IP, DHCP
information, etc.</para>
<term><userinput>nmcli -f profile con s "My wired connection"</userinput></term>
<para>shows static configuration details of the connection profile with "My
wired connection" name.</para>
<term><userinput>nmcli -p con up "My wired connection" ifname eth0</userinput></term>
<para>activates the connection profile with name "My wired connection" on
interface eth0. The -p option makes <command>nmcli</command> show progress of the
<term><userinput>nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3</userinput></term>
<para>connects the Wi-Fi connection with UUID
6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID
<term><userinput>nmcli device status</userinput></term>
<para>shows the status for all devices.</para>
<term><userinput>nmcli dev disconnect em2</userinput></term>
<para>disconnects a connection on interface em2 and marks the device as
unavailable for auto-connecting. As a result, no connection will automatically
be activated on the device until the device's 'autoconnect' is set to TRUE or
the user manually activates a connection.</para>
<term><userinput>nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0</userinput></term>
<para>shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES
sections will be shown.</para>
<term><userinput>nmcli -f CONNECTIONS device show wlp3s0</userinput></term>
<para>shows all available connection profiles for your Wi-Fi interface
<term><userinput>nmcli dev wifi</userinput></term>
<para>lists available Wi-Fi access points known to NetworkManager.</para>
<term><userinput>nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe"</userinput></term>
<para>creates a new connection named "My cafe" and then connects it to "Cafe
Hotspot 1" SSID using password "caffeine". This is mainly useful when
connecting to "Cafe Hotspot 1" for the first time. Next time, it is better to
use <command>nmcli con up id "My cafe"</command> so that the
existing connection profile can be used and no additional is created.</para>
<term><userinput>nmcli -s dev wifi hotspot con-name QuickHotspot</userinput></term>
<para>creates a hotspot profile and connects it. Prints the hotspot password
the user should use to connect to the hotspot from other devices.</para>
<term><userinput>nmcli dev modify em1 ipv4.method shared</userinput></term>
<para>starts IPv4 connection sharing using em1 device. The sharing will be active
until the device is disconnected.</para>
<term><userinput>nmcli dev modify em1 ipv6.address 2001:db8::a:bad:c0de</userinput></term>
<para>temporarily adds an IP address to a device. The address will be removed
when the same connection is activated again.</para>
<term><userinput>nmcli connection add type ethernet autoconnect no ifname eth0</userinput></term>
<para>non-interactively adds an Ethernet connection tied to eth0 interface with
automatic IP configuration (DHCP), and disables the connection's <literal>autoconnect</literal>
<term><userinput>nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55</userinput></term>
<para>non-interactively adds a VLAN connection with ID 55. The connection will
use eth0 and the VLAN interface will be named Maxipes-fik.</para>
<term><userinput>nmcli c a ifname eth0 type ethernet ipv4.method disabled ipv6.method link-local</userinput></term>
<para>non-interactively adds a connection that will use eth0 Ethernet interface
and only have an IPv6 link-local address configured.</para>
<term><userinput>nmcli connection edit ethernet-em1-2</userinput></term>
<para>edits existing "ethernet-em1-2" connection in the interactive
<term><userinput>nmcli connection edit type ethernet con-name "yet another Ethernet connection"</userinput></term>
<para>adds a new Ethernet connection in the interactive editor.</para>
<term><userinput>nmcli con mod ethernet-2 connection.autoconnect no</userinput></term>
<para>modifies 'autoconnect' property in the 'connection' setting of
'ethernet-2' connection.</para>
<term><userinput>nmcli con mod "Home Wi-Fi" wifi.mtu 1350</userinput></term>
<para>modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi'
<term><userinput>nmcli con mod em1-1 ipv4.method manual ipv4.addr ",,"</userinput></term>
<para>sets manual addressing and the addresses in em1-1 profile.</para>
<term><userinput>nmcli con modify ABC +ipv4.dns</userinput></term>
<para>appends a Google public DNS server to DNS servers in ABC profile.</para>
<term><userinput>nmcli con modify ABC -ipv4.addresses ""</userinput></term>
<para>removes the specified IP address from (static) profile ABC.</para>
<term><userinput>nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn</userinput></term>
<para>imports an OpenVPN configuration to NetworkManager.</para>
<term><userinput>nmcli con export corp-vpnc /home/joe/corpvpn.conf</userinput></term>
<para>exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc)
<refsect1 id='notes'><title>Notes</title>
<para><command>nmcli</command> accepts abbreviations, as long as they are a unique prefix in the set
of possible options. As new options get added, these abbreviations are not guaranteed
to stay unique. For scripting and long term compatibility it is therefore strongly
advised to spell out the full option names.</para>
<refsect1 id='bugs'><title>Bugs</title>
<para>There are probably some bugs. If you find a bug, please report it to &mdash; product <literal>NetworkManager</literal>.</para>
