summaryrefslogtreecommitdiff
path: root/man/nmcli.1.in
blob: 66e1567d45f182bf2c52ec87fb79e7b113c47b60 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
.\" nmcli (1) manual page
.\"
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" The GNU General Public License's references to "object code"
.\" and "executables" are to be interpreted as the output of any
.\" document formatting or typesetting system, including
.\" intermediate and printed output.
.\"
.\" This manual is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public Licence along
.\" with this manual; if not, write to the Free Software Foundation, Inc.,
.\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
.\"
.\" Copyright 2010 - 2014 Red Hat, Inc.
.\"
.TH NMCLI "1" "4 November 2014"

.SH NAME
nmcli \- command\(hyline tool for controlling NetworkManager
.SH SYNOPSIS
.ad l
.B nmcli
.RI " [ " OPTIONS " ] " OBJECT " { " COMMAND " | "
.BR help " } "
.sp

.IR OBJECT " := { "
.BR general " | " networking " | " radio " | " connection " | " device " | " agent
.RI " }"
.sp

.IR OPTIONS " := { "
.br
\fB\-t\fR[\fIerse\fR]
.br
\fB\-p\fR[\fIretty\fR]
.br
\fB\-m\fR[\fImode\fR] tabular | multiline
.br
\fB\-f\fR[\fIields\fR] <field1,field2,...> | all | common
.br
\fB\-e\fR[\fIscape\fR] yes | no
.br
\fB\-n\fR[\fIocheck\fR]
.br
\fB\-a\fR[\fIsk\fR]
.br
\fB\-w\fR[\fIait\fR] <seconds>
.br
\fB\-v\fR[\fIersion\fR]
.br
\fB\-h\fR[\fIelp\fR]
.br
.RI "}"

.SH DESCRIPTION
.B nmcli
is a command\(hyline tool for controlling NetworkManager and reporting network
status. It can be utilized as a replacement for \fInm\(hyapplet\fP or other
graphical clients. \fInmcli\fP is used to create, display, edit, delete, activate,
and deactivate network connections, as well as control and display network device
status.
.P
Typical uses include:
.IP \(em 4
Scripts: utilize NetworkManager via \fInmcli\fP instead of managing network
connections manually.  \fInmcli\fP supports a terse output format which is better
suited for script processing. Note that NetworkManager can also execute scripts,
called "dispatcher scripts", in response to network events. See
\fBNetworkManager\fP for details about these dispatcher scripts.
.IP \(em 4
Servers, headless machines, and terminals:  \fInmcli\fP can be used to control
NetworkManager without a GUI, including creating, editing, starting and stopping
network connections and viewing network status.
.SS \fIOPTIONS\fP
.TP
.B \-t, \-\-terse
Output is terse.  This mode is designed and suitable for computer (script)
processing.
.TP
.B \-p, \-\-pretty
Output is pretty. This causes \fInmcli\fP to produce easily readable outputs
for humans, i.e. values are aligned, headers are printed, etc.
.TP
.B \-m, \-\-mode tabular | multiline
Switch between \fItabular\fP and \fImultiline\fP output.
If omitted, default is \fItabular\fP for most commands. For the commands
producing more structured information, that cannot be displayed on a single
line, default is \fImultiline\fP. Currently, they are:
.br
.nf
  'nmcli connection show <ID>'
  'nmcli device show'
.fi
\fItabular\fP   \(en Output is a table where each line describes a single entry.
Columns define particular properties of the entry.
.br
\fImultiline\fP \(en Each entry comprises multiple lines, each property on its own
line. The values are prefixed with the property name.
.TP
.B \-f, \-\-fields <field1,field2,...> | all | common
This option is used to specify what fields (column names) should be printed.
Valid field names differ for specific commands. List available fields by
providing an invalid value to the \fI\-\-fields\fP option.
.br
\fIall\fP is used to print all valid field values of the command.
\fIcommon\fP is used to print common field values of the command.
If omitted, default is \fIcommon\fP.
The option is mandatory when \fI\-\-terse\fP is used.  In this case, generic
values \fIall\fP and \fIcommon\fP cannot be used.  (This is to maintain
compatibility when new fields are added in the future).
.TP
.B \-e, \-\-escape yes | no
Whether to escape ':' and '\\' characters in terse tabular mode.  The escape
character is '\\'.
If omitted, default is \fIyes\fP.
.TP
.B \-n, \-\-nocheck
This option can be used to force \fInmcli\fP to skip checking \fInmcli\fP and
\fINetworkManager\fP version compatibility. Use it with care, because using
incompatible versions may produce incorrect results.
.TP
.B \-a, \-\-ask
When using this option \fInmcli\fP will stop and ask for any missing required
arguments, so do not use this option for non-interactive purposes like scripts.
This option controls, for example, whether you will be prompted for a password
if it is required for connecting to a network.
.TP
.B \-w, \-\-wait <seconds>
This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP
to finsh operations. It is especially useful for commands that may take a longer time to
complete, e.g. connection activation.
Specifying a value of \fB0\fP instructs \fInmcli\fP not to wait but to exit immediately
with a status of success. The default value depends on the executed command.
.TP
.B \-v, \-\-version
Show \fInmcli\fP version.
.TP
.B \-h, \-\-help
Print help information.
.SS \fIOBJECT\fP
.TP
.B general \- general \fINetworkManager\fP status and operations
.br
Use this object to show NetworkManager status and permissions. You can also get
and change system hostname, as well as NetworkManager logging level and domains.
.TP
.SS \fICOMMAND\fP := { status | hostname | permissions | logging }
.sp
.RS
.TP
.B status
.br
Show overall status of NetworkManager. This is the default action, when no additional
command is provided for \fIgeneral\fP object.
.TP
.B hostname [<hostname>]
.br
Get and change system hostname. With no arguments, this prints currently configured hostname.
When you pass a hostname, it will be handed over to NetworkManager to be set as a new system
hostname.
.br
Note that the term \fBsystem\fP hostname may also be referred to as \fBpersistent\fP or
\fBstatic\fP by other programs or tools. The hostname is stored in /etc/hostname
file in most distributions. For example, systemd-hostnamed service uses the term
\fBstatic\fP hostname and it only reads the /etc/hostname file when it starts.
.TP
.B permissions
.br
Show the permissions a caller has for various authenticated operations that
NetworkManager provides, like enable and disable networking, changing Wi\(hyFi,
WWAN, and WiMAX state, modifying connections, etc.
.TP
.B logging [level <log level>] [domains <log domains>]
.br
Get and change \fINetworkManager\fP logging level and domains. Without any argument
current logging level and domains are shown. In order to change logging state, provide
\fIlevel\fP and, or, \fIdomain\fP parameters. See \fBNetworkManager.conf\fP for available
level and domain values.
.RE

.TP
.B networking \- get or set general networking state of NetworkManager
.br
Use this object to show NetworkManager networking status, or to enable and disable
networking. Disabling networking removes the configuration from all devices and
changes them to the 'unmanaged' state.
.TP
.SS \fICOMMAND\fP := { [ on | off | connectivity ] }
.sp
.RS
.TP
.B [ on | off ]
.br
Get networking\(hyenabled status or enable and disable networking by NetworkManager.
All interfaces managed by NetworkManager are deactivated when networking has
been disabled.
.TP
.B connectivity [check]
.br
Get network connectivity state.
The optional \fIcheck\fP argument tells NetworkManager to re-check the connectivity,
else the most recent known connectivity state is displayed without re-checking.
.br
Possible states are:
.RS
.PP
.IP \fInone\fP 9
\(en the host is not connected to any network
.IP \fIportal\fP 9
\(en the host is behind a captive portal and cannot reach the full Internet
.IP \fIlimited\fP 9
\(en the host is connected to a network, but it has no access to the Internet
.IP \fIfull\fP 9
\(en the host is connected to a network and has full access to the Internet
.IP \fIunknown\fP 9
\(en the connectivity status cannot be found out
.RE
.RE

.TP
.B radio \- get or set radio switch states
.br
Use this object to show radio switches status, or enable and disable
the switches.
.TP
.SS \fICOMMAND\fP := { all | wifi | wwan | wimax }
.sp
.RS
.TP
.B wifi [ on | off ]
.br
Show or set status of Wi\(hyFi in NetworkManager. If no arguments are supplied,
Wi\(hyFi status is printed; \fIon\fP enables Wi\(hyFi; \fIoff\fP disables Wi\(hyFi.
.TP
.B wwan [ on | off ]
.br
Show or set status of WWAN (mobile broadband) in NetworkManager. If no arguments
are supplied, mobile broadband status is printed; \fIon\fP enables mobile broadband,
\fIoff\fP disables it.
.TP
.B wimax [ on | off ]
.br
Show or set status of WiMAX in NetworkManager. If no arguments are supplied,
WiMAX status is printed; \fIon\fP enables WiMAX; \fIoff\fP disables WiMAX.  Note:
WiMAX support is a compile\(hytime decision, so it may be unavailable on some
installations.
.TP
.B all [ on | off ]
.br
Show or set all previously mentioned radio switches at the same time.
.RE

.TP
.B connection \- start, stop, and manage network connections
.sp
NetworkManager stores all network configuration as \fIconnections\fP, which are
collections of data (Layer2 details, IP addressing, etc.) that describe
how to create or connect to a network.  A connection is \fIactive\fP when
a device uses that connection's configuration to create or connect to a network.
There may be multiple connections that apply to a device, but only one of them
can be active on that device at any given time. The additional connections can
be used to allow quick switching between different networks and configurations.
.sp
Consider a machine which is usually connected to a DHCP-enabled network, but
sometimes connected to a testing network which uses static IP addressing.  Instead
of manually reconfiguring eth0 each time the network is changed, the settings can
be saved as two connections which both apply to eth0, one for DHCP (called
"default") and one with the static addressing details (called "testing").  When
connected to the DHCP-enabled network the user would run "nmcli con up default"
, and when connected to the static network the user would run "nmcli con up testing".
.TP
.SS \fICOMMAND\fP := { show | up | down | add | edit | modify | delete | reload | load }
.sp
.RS
.TP
.B show [--active]
.br
List in-memory and on-disk connection profiles, some of which may also be
active if a device is using that connection profile. Without a parameter, all
profiles are listed. When --active option is specified, only the active profiles
are shown.
.TP
.B show [--active] [--show-secrets] [ id | uuid | path | apath ] <ID> ...
.br
Show details for specified connections. By default, both static configuration
and active connection data are displayed.  When --active option is specified,
only the active profiles are taken into account. When --show-secrets option is
specified, secrets associated with the profile will be revealed too.
\fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if
\fI<ID>\fP is ambiguous.
.RS
.PP
Optional <ID>-specifying keywords are:
.IP \fIid\fP 13
\(en the <ID> denotes a connection name
.IP \fIuuid\fP 13
\(en the <ID> denotes a connection UUID
.IP \fIpath\fP 13
\(en the <ID> denotes a D-Bus static connection path
in the format of /org/freedesktop/NetworkManager/Settings/<num> or just <num>
.IP \fIapath\fP 13
\(en the <ID> denotes a D-Bus active connection path
in the format of /org/freedesktop/NetworkManager/ActiveConnection/<num> or just <num>
.PP
It is possible to filter the output using the global \fI--fields\fP option. Use the following
values:
.RE
.RS
.PP
.IP \fIprofile\fP 13
\(en only shows static profile configuration
.IP \fIactive\fP 13
\(en only shows active connection data (when the profile is active)
.PP
You can also specify particular fields. For static configuration, use setting and property names
as described in \fInm-settings\fP(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6,
DHCP6, VPN.
.PP
When no command is given to the \fIconnection\fP object, the default action
is 'nmcli connection show'.
.RE
.TP
.B up [ id | uuid | path ] <ID> [ifname <ifname>] [ap <BSSID>] [nsp <name>] [passwd <file with passwords>]
.RE
.RS
.B up ifname <ifname> [ap <BSSID>] [nsp <name>] [passwd <file with passwords>]
.RS
.br
Activate a connection.  The connection is identified by its name, UUID or D-Bus
path. If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be
used.  When requiring a particular device to activate the connection on, the
\fIifname\fP option with interface name should be given.  If the <ID> is not
given an \fIifname\fP is required, and NetworkManager will activate the best
available connection for the given \fIifname\fP.  In case of a VPN connection,
the \fIifname\fP option specifies the device of the base connection. The
\fIap\fP option specify what particular AP should be used in case of a Wi\(hyFi
connection.
.br
If '--wait' option is not specified, the default timeout will be 90 seconds.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.RS
.PP
Available options are:
.IP \fIifname\fP 13
\(en interface that will be used for activation
.IP \fIap\fP 13
\(en BSSID of the AP which the command should connect to (for Wi\(hyFi connections)
.IP \fInsp\fP 13
\(en NSP (Network Service Provider) which the command should connect to (for WiMAX connections)
.IP \fIpasswd-file\fP 13
\(en some networks may require credentials during activation. You can give these
credentials using this option.
Each line of the file should contain one password in the form of
.br
\fBsetting_name.property_name:the password\fP
.br
For example, for WPA Wi-Fi with PSK, the line would be
.br
\fI802-11-wireless-security.psk:secret12345\fP
.br
For 802.1X password, the line would be
.br
\fI802-1x.password:my 1X password\fP
.br
nmcli also accepts "wifi-sec" and "wifi" strings instead of "802-11-wireless-security".
When NetworkManager requires a password and it is not given, nmcli will ask for it
when run with --ask. If --ask was not passed, NetworkManager can ask another secret
agent that may be running (typically a GUI secret agent, such as nm-applet or
gnome-shell).
.RE
.RE
.TP
.B down [ id | uuid | path | apath ] <ID>
.br
Deactivate a connection from a device without preventing the device from
further auto-activation.
.sp
Be aware that this command deactivates the specified active connection. The device
on which the connection was active, is still ready to connect and will perform
auto-activation by looking for a suitable connection that has the 'autoconnect'
flag set. This includes the just deactivated connection, so if the connection is set
to auto-connect, it will be automatically started on the disconnected device again.
.br
In most cases you may want to use \fIdevice disconnect\fP command instead.
.sp
The connection is identified by its name, UUID or D-Bus path.
If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP, \fIpath\fP or
\fIapath\fP can be used.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.TP
.B add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS
.br
Add a connection for NetworkManager. Arguments differ according to connection types, see below.
.RS
.TP
.B COMMON_OPTIONS:
.IP "\fItype <type>\fP" 42
\(en connection type; see below \fBTYPE_SPECIFIC_OPTIONS\fP for allowed values; (mandatory)
.IP "\fIifname <ifname> | \(dq\&*\(dq\&\fP" 42
\(en interface to bind the connection to. The connection will only be applicable to this
interface name. A special value of "\fB*\fP" can be used for interface-independent connections.
The \fIifname\fP argument is mandatory for all connection types except bond, team, bridge and vlan.
Note: use quotes around \fB*\fP to suppress shell expansion.
.IP "\fI[con-name <connection name>]\fP" 42
\(en connection name (when not provided a default name is generated: <type>[-<ifname>][-<num>])
.IP "\fI[autoconnect yes|no]\fP" 42
\(en whether the connection profile can be automatically activated (default: yes)
.IP "\fI[save yes|no]\fP" 42
\(en whether the connection should be persistent, i.e. NetworkManager should store it on disk (default: yes)
.RE
.RS
.TP
.B TYPE_SPECIFIC_OPTIONS:
.TP
.B ethernet:
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.IP "\fI[cloned-mac <cloned MAC address>]\fP" 42
\(en cloned MAC
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.RE
.RS
.TP
.B wifi:
.IP "\fIssid <SSID>\fP" 42
\(en SSID
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.IP "\fI[cloned-mac <cloned MAC address>]\fP" 42
\(en cloned MAC
.IP "\fI[mode infrastructure|ap|adhoc]\fP" 42
\(en Wi-Fi network mode. If blank, \fIinfrastructure\fP is assumed.
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.RE
.RS
.TP
.B wimax:
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.IP "\fI[nsp <NSP>]\fP" 42
\(en Network Service Provider name
.RE
.RS
.TP
.B pppoe:
.IP "\fIusername <PPPoE username>\fP" 42
\(en PPPoE username
.IP "\fI[password <PPPoE password>]\fP" 42
\(en Password for the PPPoE username
.IP "\fI[service <PPPoE service name>]\fP" 42
\(en PPPoE service name (if required by concentrator)
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to
.RE
.RS
.TP
.B gsm:
.IP "\fIapn <APN>\fP" 42
\(en APN - GSM Access Point Name
.IP "\fI[user <username>]\fP" 42
\(en user name
.IP "\fI[password <password>]\fP" 42
\(en password
.RE
.RS
.TP
.B cdma:
.IP "\fI[user <username>]\fP" 42
\(en user name
.IP "\fI[password <password>]\fP" 42
\(en password
.RE
.RS
.TP
.B infiniband:
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the device this connection is locked to (InfiniBand MAC is 20 bytes)
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.IP "\fI[transport-mode datagram | connected]\fP" 42
\(en InfiniBand transport mode
.IP "\fI[parent <interface name>]\fP" 42
\(en the interface name of the parent device (if any)
.IP "\fI[p-key <IPoIB P_Key>]\fP" 42
\(en the InfiniBand P_Key (16-bit unsigned integer)
.RE
.RS
.TP
.B bluetooth:
.IP "\fI[addr <bluetooth address>]\fP" 42
\(en Bluetooth device address (MAC)
.IP "\fI[bt-type panu|dun-gsm|dun-cdma]\fP" 42
\(en Bluetooth connection type
.RE
.RS
.TP
.B vlan:
.IP "\fIdev <parent device (connection UUID, ifname, or MAC)>\fP" 42
\(en parent device this VLAN is on
.IP "\fIid <VLAN ID>\fP" 42
\(en VLAN ID in range <0-4095>
.IP "\fI[flags <VLAN flags>]\fP" 42
\(en flags
.IP "\fI[ingress <ingress priority mapping>]\fP" 42
\(en VLAN ingress priority mapping
.IP "\fI[egress <egress priority mapping>]\fP" 42
\(en VLAN egress priority mapping
.IP "\fI[mtu <MTU>]\fP" 42
\(en MTU
.RE
.RS
.TP
.B bond:
.IP "\fI[mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |\fP"
.IP "\fI      802.3ad    (4) | balance-tlb   (5) | balance-alb (6)]\fP" 42
\(en bonding mode (default: balance-rr)
.IP "\fI[primary <ifname>]\fP" 42
\(en primary interface name (for "active-backup" mode)
.IP "\fI[miimon <num>]\fP" 42
\(en miimon (default: 100)
.IP "\fI[downdelay <num>]\fP" 42
\(en downdelay (default: 0)
.IP "\fI[updelay <num>]\fP" 42
\(en updelay (default: 0)
.IP "\fI[arp-interval <num>]\fP" 42
\(en ARP interval (default: 0)
.IP "\fI[arp-ip-target <num>]\fP" 42
\(en ARP IP target
.RE
.RS
.TP
.B bond-slave:
.IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
\(en master bond interface name, or connection UUID or ID of bond master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
.RE
.RS
.TP
.B team:
.IP "\fI[config <file>|<raw JSON data>]\fP" 42
\(en JSON configuration for team
.RE
.RS
.TP
.B team-slave:
.IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
\(en master team interface name, or connection UUID or ID of team master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
.IP "\fI[config <file>|<raw JSON data>]\fP" 42
\(en JSON configuration for team
.RE
.RS
.TP
.B bridge:
.IP "\fI[stp yes|no]\fP" 42
\(en controls whether Spanning Tree Protocol (STP) is enabled for this bridge (default: yes)
.IP "\fI[priority <num>]\fP" 42
\(en sets STP priority (default: 128)
.IP "\fI[forward-delay <2-30>]\fP" 42
\(en STP forwarding delay, in seconds (default: 15)
.IP "\fI[hello-time <1-10>]\fP" 42
\(en STP hello time, in seconds (default: 2)
.IP "\fI[max-age <6-42>]\fP" 42
\(en STP maximum message age, in seconds (default: 20)
.IP "\fI[ageing-time <0-1000000>]\fP" 42
\(en the Ethernet MAC address aging time, in seconds (default: 300)
.IP "\fI[mac <MAC address>]\fP" 42
\(en MAC address of the bridge (note: this requires a recent kernel feature,
originally introduced in 3.15 upstream kernel)
.RE
.RS
.TP
.B bridge-slave:
.IP "\fImaster <master (ifname, or connection UUID or name)>\fP" 42
\(en master bridge interface name, or connection UUID or ID of bridge master connection profile.
The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it.
.IP "\fI[priority <0-63>]\fP" 42
\(en STP priority of this slave (default: 32)
.IP "\fI[path-cost <1-65535>]\fP" 42
\(en STP port cost for destinations via this slave (default: 100)
.IP "\fI[hairpin yes|no]\fP" 42
\(en 'hairpin mode' for the slave, which allows frames
to be sent back out through the slave the frame was received on (default: yes)
.RE
.RS
.TP
.B vpn:
.IP "\fIvpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|ssh|l2tp|iodine|...\fP" 42
\(en VPN type
.IP "\fI[user <username>]\fP" 42
\(en VPN username
.RE
.RS
.TP
.B olpc-mesh:
.IP "\fIssid <SSID>\fP" 42
\(en SSID
.IP "\fI[channel <1-13>]\fP" 42
\(en channel to use for the network
.IP "\fI[dhcp-anycast <MAC address>]\fP" 42
\(en anycast DHCP MAC address used when requesting an IP address via DHCP
.RE
.RS
.TP
.B IP_OPTIONS:
.IP "\fI[ip4 <IPv4 address>] [gw4 <IPv4 gateway>]\fP" 42
\(en IPv4 addresses
.IP "\fI[ip6 <IPv6 address>] [gw6 <IPv6 gateway>]\fP" 42
\(en IPv6 addresses
.RE
.TP
.B edit [id | uuid | path ] <ID>  - edit an existing connection
.RE
.RS
.B edit [type <new connection type>] [con-name <new connection name>]  - add a new connection
.RS
Edit an existing connection or add a new one, using an interactive editor.
.br
The existing connection is identified by its name, UUID or D-Bus path.
If <ID> is ambiguous, a keyword \fIid\fP, \fIuuid\fP, or \fIpath\fP can be used.
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
Not providing an <ID> means that a new connection will be added.
.sp
The interactive editor will guide you through the connection editing and
allow you to change connection parameters according to your needs by means of
a simple menu-driven interface. The editor indicates what settings and
properties can be modified and provides in-line help.
.sp
.PP
Available options:
.IP \fItype\fP 13
\(en type of the new connection; valid types are the same as for \fIconnection add\fP command
.IP \fIcon-name\fP 13
\(en name for the new connection. It can be changed later in the editor.
.RE
.RS
.sp
See also \fInm-settings\fP(5) for all NetworkManager settings and property names, and their
descriptions; and \fInmcli-examples\fP(5) for sample editor sessions.
.RE
.TP
.B modify [--temporary] [ id | uuid | path ] <ID> [+|-]<setting>.<property> <value>
.B [+|-]<setting>.<property> <value> ...
.br
Modify one or more properties in the connection profile.
.br
The connection is identified by its name, UUID or D-Bus path. If <ID> is
ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used.  See
\fInm-settings\fP(5) for setting and property names, their descriptions and
default values. This command supports abbreviations for \fIsetting name\fP and
\fIproperty name\fP provided they are unique. Empty \fIvalue\fP ("") removes
the property value (sets the property to the default value).  The provided
value overwrites the existing property value.
.br
If you want to append an item to the existing value, use \fI+\fP prefix for the
property name. If you want to remove just one item from container-type
property, use \fI-\fP prefix for the property name and specify a value or an
zero-based index of the item to remove (or option name for properties with
named options) as \fIvalue\fP. Of course, \fI+|-\fP only have a real effect for
multi-value (container) properties like ipv4.dns, ipv4.addresses, bond.options,
etc.
.br
The changes to the connection profile will be saved persistently by
NetworkManager, unless \fI--temporary\fP option is provided, in which case the
changes won't persist over NetworkManager restart.
.TP
.B delete [ id | uuid | path ] <ID> ...
.br
Delete a configured connection. The connection to be deleted is identified by
its name, UUID or D-Bus path. If <ID> is ambiguous, a keyword \fIid\fP,
\fIuuid\fP or \fIpath\fP can be used.
.br
See \fBconnection show\fP above for the description of the <ID>-specifying keywords.
.TP
.B reload
.br
Reload all connection files from disk. \fINetworkManager\fP does not monitor
changes to connection files by default. So you need to use this command in order
to tell \fINetworkManager\fP to re-read the connection profiles from disk when
a change was made to them. However, the auto-loading feature can be enabled and
then \fINetworkManager\fP will reload connection files any time they change
(monitor-connection-files=true in \fINetworkManager.conf\fP(5)).
.TP
.B load <filename> [<filename>...]
.br
Load/reload one or more connection files from disk. Use this after manually
editing a connection file to ensure that \fBNetworkManager\fP is aware
of its latest state.
.RE

.TP
.B device - show and manage network interfaces
.br
.TP
.SS \fICOMMAND\fP := { status | show | connect | disconnect | delete | wifi | wimax }
.sp
.RS
.TP
.B status
.br
Print status of devices.
.br
This is the default action if no command is specified to \fIdevice\fP object.
.TP
.B show [<ifname>]
.br
Show detailed information about devices.  Without an argument, all devices are
examined. To get information for a specific device, the interface name has
to be provided.
.TP
.B connect <ifname>
.br
Connect the device. NetworkManager will try to find a suitable connection that
will be activated. It will also consider connections that are not set to auto connect.
.br
If '--wait' option is not specified, the default timeout will be 90 seconds.
.TP
.B disconnect <ifname>
.br
Disconnect a device and prevent the device from automatically activating further
connections without user/manual intervention.
.br
If '--wait' option is not specified, the default timeout will be 10 seconds.
.TP
.B delete <ifname>
.br
Delete a device. The command removes the interface from the system. Note that
this only works for software devices like bonds, bridges, teams, etc.
Hardware devices (like Ethernet) cannot be deleted by the command.
.br
If '--wait' option is not specified, the default timeout will be 10 seconds.
.TP
.B wifi [list [ifname <ifname>] [bssid <BSSID>]]
.br
List available Wi\(hyFi access points. The \fIifname\fP and \fIbssid\fP options
can be used to list APs for a particular interface or with a specific BSSID,
respectively.
.TP
.B wifi connect <(B)SSID> [password <password>] [wep\-key\-type key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>] [private yes|no]
.br
Connect to a Wi\(hyFi network specified by SSID or BSSID. The command creates a new
connection and then activates it on a device. This is a command\(hyline counterpart
of clicking an SSID in a GUI client. The command always creates a new connection
and thus it is mainly useful for connecting to new Wi\(hyFi networks. If a connection
for the network already exists, it is better to bring up (activate) the existing connection
as follows: \fInmcli con up id <name>\fP. Note that only open, WEP and WPA\(hyPSK networks
are supported at the moment. It is also supposed that IP configuration is obtained via
DHCP.
.br
If '--wait' option is not specified, the default timeout will be 90 seconds.
.RS
.PP
Available options are:
.IP \fIpassword\fP 13
\(en password for secured networks (WEP or WPA)
.IP \fIwep\-key\-type\fP 13
\(en type of WEP secret, either \fIkey\fP for ASCII/HEX key or \fIphrase\fP for passphrase
.IP \fIifname\fP 13
\(en interface that will be used for activation
.IP \fIbssid\fP 13
\(en if specified, the created connection will be restricted just for the BSSID
.IP \fIname\fP 13
\(en if specified, the connection will use the name (else NM creates a name itself)
.IP \fIprivate\fP 13
\(en if set to \fByes\fP, the connection will only be visible to the user who created it.
Otherwise the connection is system\(hywide, which is the default.
.RE
.TP
.B wifi rescan [[ifname] <ifname>]
.br
Request that \fINetworkManager\fP immediately re-scan for available access points.
NetworkManager scans Wi\(hyFi networks periodically, but in some cases it can be
useful to start scanning manually (e.g. after resuming the computer).
This command does not show the APs, use 'nmcli device wifi list' for that.
.TP
.B wimax [list [ifname <ifname>] [nsp <name>]]
.br
List available WiMAX NSP. The \fIifname\fP and \fInsp\fP options
can be used to list networks for a particular interface or with a specific
NSP, respectively.
.RE

.TP
.B agent \- run nmcli as a NetworkManager secret agent, or polkit agent
.br
.TP
.SS \fICOMMAND\fP := { secret | polkit  | all }
.sp
.RS
.TP
.B secret
.br
Register nmcli as a NetworkManager secret agent and listen for secret requests.
You do usually not need this command, because nmcli can handle secrets when
connecting to networks. However, you may find the command useful when you use
another tool for activating connections and you do not have a secret agent
available (like nm-applet).
.TP
.B polkit
.br
Register nmcli as a polkit agent for the user session and listen for
authorization requests. You do not usually need this command, because nmcli can
handle polkit actions related to NetworkManager operations (when run with
--ask).  However, you may find the command useful when you want to run a simple
text based polkit agent and you do not have an agent of a desktop environment.
Note that running this command makes nmcli handle all polkit requests, not only
NetworkManager related ones, because only one polkit agent can run for the
session.
.TP
.B all
.br
Runs nmcli as both NetworkManager secret and a polkit agent.
.RE

.SH ENVIRONMENT VARIABLES
\fInmcli\fP's behavior is affected by the following environment variables.
.IP "LC_ALL" 13
If set to a non\(hyempty string value, it overrides the values of all the other
internationalization variables.
.IP "LC_MESSAGES" 13
Determines the locale to be used for internationalized messages.
.IP "LANG" 13
Provides a default value for the internationalization variables that are unset
or null.

.RE
Internationalization notes:
.br
Be aware that \fInmcli\fP is localized and that is why the output depends on
your environment. This is important to realize especially when you parse the
output.
.br
Call \fInmcli\fP as \fBLC_ALL=C nmcli\fP to be sure the locale is
set to "C" while executing in a script.

\fBLC_ALL\fP, \fBLC_MESSAGES\fP, \fBLANG\fP variables specify the LC_MESSAGES
locale category (in that order), which determines the language that \fInmcli\fP
uses for messages.  The "C" locale is used if none of these variables are set,
and this locale uses English messages.

.SH EXIT STATUS
\fInmcli\fP exits with status 0 if it succeeds, a value greater than 0 is
returned if an error occurs.
.IP "0" 4
Success \(en indicates the operation succeeded
.IP "1" 4
Unknown or unspecified error
.IP "2" 4
Invalid user input, wrong \fInmcli\fP invocation
.IP "3" 4
Timeout expired (see \fI\-\-wait\fP option)
.IP "4" 4
Connection activation failed
.IP "5" 4
Connection deactivation failed
.IP "6" 4
Disconnecting device failed
.IP "7" 4
Connection deletion failed
.IP "8" 4
NetworkManager is not running
.IP "9" 4
\fInmcli\fP and \fINetworkManager\fP versions mismatch
.IP "10" 4
Connection, device, or access point does not exist.

.SH EXAMPLES
.PP
This section presents various examples of nmcli usage. If you want even more,
please refer to \fInmcli-examples\fP(5) manual page.
.sp
.IP "\fB\f(CWnmcli \-t \-f RUNNING general\fP\fP"
.IP
tells you whether NetworkManager is running or not.

.IP "\fB\f(CWnmcli \-t \-f STATE general\fP\fP"
.IP
shows the overall status of NetworkManager.

.IP "\fB\f(CWnmcli radio wifi off\fP\fP"
.IP
switches Wi\(hyFi off.

.IP "\fB\f(CWnmcli connection show\fP\fP"
.IP
lists all connections NetworkManager has.

.IP "\fB\f(CWnmcli \-p \-m multiline \-f all con show\fP\fP"
.IP
shows all configured connections in multi-line mode.

.IP "\fB\f(CWnmcli connection show --active\fP\fP"
.IP
lists all currently active connections.

.IP "\fB\f(CWnmcli \-f name,autoconnect c s\fP\fP"
.IP
shows all connection profile names and their auto-connect property.

.IP "\fB\f(CWnmcli \-p connection show \(dq\&My default em1\(dq\&\fP\fP"
.IP
shows details for "My default em1" connection profile.

.IP "\fB\f(CWnmcli connection show --show-secrets \(dq\&My Home WiFi\(dq\&\fP\fP"
.IP
shows details for "My Home WiFi" connection profile with all passwords.
Without \fI--show-secrets\fP option, secrets would not be displayed.

.IP "\fB\f(CWnmcli \-f active connection show \(dq\&My default em1\(dq\&\fP\fP"
.IP
shows details for "My default em1" active connection, like IP, DHCP
information, etc.

.IP "\fB\f(CWnmcli -f profile con s \(dq\&My wired connection\(dq\&\fP\fP"
.IP
shows static configuration details of the connection profile with "My wired connection" name.

.IP "\fB\f(CWnmcli \-p con up \(dq\&My wired connection\(dq\& ifname eth0\fP\fP"
.IP
activates the connection profile with name "My wired connection" on interface eth0.
The \-p option makes nmcli show progress of the activation.

.IP "\fB\f(CWnmcli con up 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 ap 00:3A:98:7C:42:D3\fP\fP"
.IP
connects the Wi\(hyFi connection with UUID 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 to the AP
with BSSID 00:3A:98:7C:42:D3.

.IP "\fB\f(CWnmcli device status\fP\fP"
.IP
shows the status for all devices.

.IP "\fB\f(CWnmcli dev disconnect em2\fP\fP"
.IP
disconnects a connection on interface em2 and marks the device as unavailable for
auto\(hyconnecting. As a result, no connection will automatically be activated on the
device until the device's 'autoconnect' is set to TRUE or the user manually activates
a connection.

.IP "\fB\f(CWnmcli \-f GENERAL,WIFI\-PROPERTIES dev show wlan0\fP\fP"
.IP
shows details for wlan0 interface; only GENERAL and WIFI\-PROPERTIES sections will be shown.

.IP "\fB\f(CWnmcli dev wifi\fP\fP"
.IP
lists available Wi\(hyFi access points known to NetworkManager.

.IP "\fB\f(CWnmcli dev wifi con \(dq\&Cafe Hotspot 1\(dq\& password caffeine name \(dq\&My cafe\(dq\&\fP\fP"
.IP
creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID
using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for
the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the
existing connection profile can be used and no additional is created.

.IP "\fB\f(CWnmcli connection add type ethernet autoconnect no ifname eth0\fP\fP"
.IP
non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP),
and disables the connection's "autoconnect" flag.

.IP "\fB\f(CWnmcli c a ifname Maxipes\(hyfik type vlan dev eth0 id 55\fP\fP"
.IP
non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface
will be named Maxipes\(hyfik.

.IP "\fB\f(CWnmcli connection edit ethernet\-em1\-2\fP\fP"
.IP
edits existing "ethernet\(hyem1\(hy2" connection in the interactive editor.

.IP "\fB\f(CWnmcli connection edit type ethernet con-name \(dq\&yet another Ethernet connection\(dq\&\fP\fP"
.IP
adds a new Ethernet connection in the interactive editor.

.IP "\fB\f(CWnmcli con mod ethernet\-2 connection.autoconnect no\fP\fP"
.IP
modifies 'autoconnect' property in the 'connection' setting of 'ethernet\(hy2' connection.

.IP "\fB\f(CWnmcli con mod \(dq\&Home Wi\-Fi\(dq\& wifi.mtu 1350\fP\fP"
.IP
modifies 'mtu' property in the 'wifi' setting of 'Home Wi\(hyFi' connection.

.IP "\fB\f(CWnmcli con mod em1-1 ipv4.method manual ipv4.addr \(dq\&192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11\(dq\&\fP\fP"
.IP
sets manual addressing and the addresses in em1-1 profile.

.IP "\fB\f(CWnmcli con modify ABC +ipv4.dns 8.8.8.8\fP\fP"
.IP
appends a Google public DNS server to DNS servers in ABC profile.

.IP "\fB\f(CWnmcli con modify ABC -ipv4.addresses \(dq\&192.168.100.25/24 192.168.1.1\(dq\&\fP\fP"
.IP
removes the specified IP address from (static) profile ABC.

.SH NOTES
\fInmcli\fP accepts abbreviations, as long as they are a unique prefix in the set
of possible options. As new options get added, these abbreviations are not guaranteed
to stay unique. For scripting and long term compatiblity it is therefore strongly
advised to spell out the full option names.

.SH BUGS
There are probably some bugs.  If you find a bug, please report it to
https://bugzilla.gnome.org/ \(em product \fINetworkManager\fP.

.SH SEE ALSO
.BR nmcli\-examples (5),
.BR nm\-online (1),
.BR NetworkManager (8),
.BR NetworkManager.conf (5),
.BR nm\-settings (5),
.BR nm\-applet (1),
.BR nm\-connection\-editor (1).