NetworkManager, nmcli essential guide
- 1) connection
- Show details of connection profiles
- Up, activate a connection on a device
- Down, deactivate a connection from a device
- Add a new connection profile
- Modify one or more properties of a connection profile
- Clone an existing connection profile
- Delete a connection profile
- Reload all connection files from disk
- Load or reload one or more connection files from disk.
- 2) device
- 3) general
- 4) networking
- 5) radio
For fully detailed information, please see man nmcli.
nmcli con show [--active, --show-secrets] [id | uuid | path] <ID>
The flag '–active' will only show the profiles of the current active profiles.
For displaying also the associated secrets use the '–show-secrets' option.
nmcli con up ifname <ifname> [ap <BSSID>] [nsp <name>] [passwd-file <file with passwords>]
nmcli con down [id | uuid | path | apath] <ID>
This option is crucial since we manually define an entire profile for an interface.
The basic interfaces we'll be defining are
- Ethernet profiles
- Wi-Fi profiles
- Bridge (master device) profiles
- Bridge Slaves (slave devices) profiles
By adding a new connection profile we can define many properties (everything on the man page) as the IPv4 addresses and gateways, automatic addresses (from the DHCP) for dynamic IPs or static IPs with manual configuration, we can define the DNS configuration, and so on.
Basic properties:
- con-name: The connection profile name
- ifname: The interface name where the profile will be applied
- type: The type of profile (ethernet, wifi, bridge, bridge-slave, …)
- ipv4.addresses (or ip4): The IPv4 address
- ipv4.gateway (or gw4): The IPv4 gateway adress
- ssid: The SSID of a network (also if it is hidden)
- wifi-sec.key-mgmt: The key management as wpa-psk (preshared-key), wpa-eap, …
- wifi-sec.psk: The SSID preshared key (the "password" of the wifi network)
Examples:
-
Define a ethernet profile
nmcli con add con-name ethProfile ifname eth0 type ethernet ip4 192.168.1.14/24 gw4 192.168.1.1 -
Define a wifi profile
nmcli con add con-name wifiProfile ifname wl0 type wifi ip4 192.168.1.14/24 gw4 192.168.1.1 ssid "MiFibra-5C60" wifi-sec.key-mgmt wpa-psk wifi-sec.psk "password" -
Define a bridge profile
nmcli con add con-name myBridge type bridge ip4 192.168.1.14/24 gw4 192.168.1.1 -
Define a bridge-slave profile
nmcli con add con-name brSlave type bridge-slave ifname eth0 master myBridge
nmcli con modify [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+
nmcli con clone [--temporary] [id | uuid | path] <ID> <new name>
nmcli con delete [id | uuid | path] <ID>
nmcli con reload
nmcli con load <filename>
nmcli dev show [<ifname>]
The command lists details for all devices, or for a given device.
nmcli dev status
By default, the following columns are shown:
- DEVICE - interface name
- TYPE - device type
- STATE - device state
- CONNECTION - connection activated on device (if any)
| DEVICE | TYPE | STATE | CONNECTION |
|---|---|---|---|
| ens33 | ethernet | connected | Wired connection 1 |
| lo | loopback | unmanaged | -- |
nmcli dev set [ifname] ifname [autoconnect {yes | no}]
nmcli dev set [ifname] ifname [managed {yes | no}]
nmcli dev connect [<ifname>]
NetworkManager will try to find a suitable connection that will be activated.
It will also consider connections that are not set to auto-connect.
nmcli dev disconnect [<ifname>]
The command disconnects the device and prevents it from auto-activating further connections without user/manual intervention.
Modify one or more properties currently active on the device without modifying the connection profile. The changes have immediate effect.
nmcli dev modify <ifname> ([+|-]<setting>.<property> <value>)+
NOTE: The changes do not modify the connection profile!
nmcli dev delete [<ifname>]
The command removes the interfaces. It only works for software devices like:
- Bonds
- Brigdes
- etc.
NOTE: Hardware devices cannot be deleted by the command!
-
List available Wi-Fi access points
nmcli dev wifi list [ifname <ifname>] [bssid <BSSID>] [--rescan yes|no|auto]The options 'ifname' and 'bssid' can be used for listing and showing APs (access points) for a particular 'ifname'.
The –rescan flag tells if a new scan should be done for listing APs.
-
Connect to a Wi-Fi network specified by SSID or BSSID
sudo nmcli dev wifi connect connect <(B)SSID> [password <password>] [wep-key-type key|phrase] [ifname <ifname>] [bssid <BSSID>] [name <name>] [private yes|no] [hidden yes|no]The most common use would be:
sudo nmcli dev wifi connect <"SSID"> password <"PASSWORD">And for security purposes, for not displaying the 'SSID' network password we should run:
sudo nmcli --ask dev wifi connect <"SSID"> -
Re-scan for available access points.
nmcli dev wifi rescan [ifname <ifname>] [[ssid <SSID to scan>] ...]The option 'ssid' allows scanning for a specific SSID, which is useful for APs with hidden SSIDs.
NOTE: Performing a rescan would not show the APs!
-
Create a Wi-Fi hotspot
nmcli dev wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] [password <password>]Parameters:
- ifname: Wi-Fi device to use
- con-name: Hotspot connection profile name
- ssid: SSID of the hotspot
- band: Wi-Fi band to use
- channel: Wi-Fi channel to use
- password: Password for the hotspot
NOTE: Use 'connection down' or 'device disconnect' to stop the hotspot.
-
Show a password of an interface
nmcli dev wifi show-password <ifname>
We can check the status by doing:
nmcli gen status
Or also:
nmcli gen
nmcli net on
nmcli net off
nmcli net connectivity [check]
The optional check argument makes NetworkManager re-check the connectivity.
Possible states are:
-
none: The host is not connected to any network.
-
portal: The host is behind a captive portal and cannot reach the full Internet.
-
limited: The host is connected to a network, but it has no access to the Internet.
-
full: The host is connected to a network and has full access to the Internet.
-
unknown: The connectivity status cannot be found out.
nmcli radio all [on | off]
nmcli radio wifi [on | off]
nmcli radio wwan [on | off]