diff --git a/configure.ac b/configure.ac index 131c5d185..447bb375e 100644 --- a/configure.ac +++ b/configure.ac @@ -961,6 +961,7 @@ GTK_DOC_CHECK(1.0) # check for pregenerated manpages to be installed install_pregen_manpages=no if test "$enable_gtk_doc" != "yes" \ + -a -f man/nmcli.1 \ -a -f man/NetworkManager.conf.5 \ -a -f man/nm-settings.5 \ -a -f man/nm-settings-keyfile.5 \ @@ -1076,7 +1077,6 @@ introspection/all.xml man/Makefile man/nm-system-settings.conf.5 man/nm-online.1 -man/nmcli.1 man/nmtui.1 po/Makefile.in policy/Makefile diff --git a/docs/api/Makefile.am b/docs/api/Makefile.am index c37ceff17..7174b3a47 100644 --- a/docs/api/Makefile.am +++ b/docs/api/Makefile.am @@ -80,6 +80,7 @@ content_files = \ $(top_builddir)/introspection/nmdbus-settings-org.freedesktop.NetworkManager.Settings.xml \ $(top_builddir)/introspection/nmdbus-device-ethernet-org.freedesktop.NetworkManager.Device.Wired.xml \ $(top_builddir)/introspection/nmdbus-ip4-config-org.freedesktop.NetworkManager.IP4Config.xml \ + $(top_builddir)/man/nmcli.xml \ $(top_builddir)/man/NetworkManager.xml \ $(top_builddir)/man/NetworkManager.conf.xml \ $(top_builddir)/man/nmcli-examples.xml \ diff --git a/docs/api/network-manager-docs.xml b/docs/api/network-manager-docs.xml index a5ccc39f8..584908a26 100644 --- a/docs/api/network-manager-docs.xml +++ b/docs/api/network-manager-docs.xml @@ -144,6 +144,7 @@ UNIX Manual Pages + diff --git a/man/Makefile.am b/man/Makefile.am index 65d8d007f..5154a48dc 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -17,12 +17,15 @@ XSLTPROC_MAN_FLAGS = \ if ENABLE_GTK_DOC -%.8: %.xml +%.1: %.xml $(AM_V_GEN) xsltproc $(XSLTPROC_MAN_FLAGS) $< %.5: %.xml $(AM_V_GEN) xsltproc $(XSLTPROC_MAN_FLAGS) $< +%.8: %.xml + $(AM_V_GEN) xsltproc $(XSLTPROC_MAN_FLAGS) $< + endif CLEANFILES += NetworkManager.conf.xml @@ -66,12 +69,12 @@ CLEANFILES += \ endif configure_generated_man_pages = \ - nmcli.1 \ nmtui.1 \ nm-online.1 \ nm-system-settings.conf.5 docbook_generated_man_pages = \ + nmcli.1 \ NetworkManager.8 \ NetworkManager.conf.5 \ nmcli-examples.5 diff --git a/man/nmcli.1.in b/man/nmcli.1.in deleted file mode 100644 index 3c76348f8..000000000 --- a/man/nmcli.1.in +++ /dev/null @@ -1,1282 +0,0 @@ -.\" nmcli (1) manual page -.\" -.\" This is free documentation; you can redistribute it and/or -.\" modify it under the terms of the GNU General Public License as -.\" published by the Free Software Foundation; either version 2 of -.\" the License, or (at your option) any later version. -.\" -.\" The GNU General Public License's references to "object code" -.\" and "executables" are to be interpreted as the output of any -.\" document formatting or typesetting system, including -.\" intermediate and printed output. -.\" -.\" This manual is distributed in the hope that it will be useful, -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.\" GNU General Public License for more details. -.\" -.\" You should have received a copy of the GNU General Public Licence along -.\" with this manual; if not, write to the Free Software Foundation, Inc., -.\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -.\" -.\" Copyright 2010 - 2015 Red Hat, Inc. -.\" -.TH NMCLI "1" "2016-03-09" "NetworkManager 1.2" - -.SH NAME -nmcli \- command\(hyline tool for controlling NetworkManager -.SH SYNOPSIS -.ad l -.B nmcli -.RI " [ " OPTIONS " ] " OBJECT " { " COMMAND " | " -.BR help " } " -.sp - -.IR OBJECT " := { " -.BR general " | " networking " | " radio " | " connection " | " device " | " agent " | " monitor -.RI " }" -.sp - -.IR OPTIONS " := { " -.br -\fB\-t\fR[\fIerse\fR] -.br -\fB\-p\fR[\fIretty\fR] -.br -\fB\-m\fR[\fImode\fR] tabular | multiline -.br -\fB\-c\fR[\fIcolors\fR] auto | yes | no -.br -\fB\-f\fR[\fIields\fR] | all | common -.br -\fB\-e\fR[\fIscape\fR] yes | no -.br -\fB\-n\fR[\fIocheck\fR] -.br -\fB\-a\fR[\fIsk\fR] -.br -\fB\-s\fR[\fIhow-secrets\fR] -.br -\fB\-w\fR[\fIait\fR] -.br -\fB\-v\fR[\fIersion\fR] -.br -\fB\-h\fR[\fIelp\fR] -.br -.RI "}" - -.SH DESCRIPTION -.B nmcli -is a command\(hyline tool for controlling NetworkManager and reporting network -status. It can be utilized as a replacement for \fInm\(hyapplet\fP or other -graphical clients. \fInmcli\fP is used to create, display, edit, delete, activate, -and deactivate network connections, as well as control and display network device -status. -.P -Typical uses include: -.IP \(em 4 -Scripts: utilize NetworkManager via \fInmcli\fP instead of managing network -connections manually. \fInmcli\fP supports a terse output format which is better -suited for script processing. Note that NetworkManager can also execute scripts, -called "dispatcher scripts", in response to network events. See -\fBNetworkManager\fP for details about these dispatcher scripts. -.IP \(em 4 -Servers, headless machines, and terminals: \fInmcli\fP can be used to control -NetworkManager without a GUI, including creating, editing, starting and stopping -network connections and viewing network status. -.SS \fIOPTIONS\fP -.TP -.B \-t, \-\-terse -Output is terse. This mode is designed and suitable for computer (script) -processing. -.TP -.B \-p, \-\-pretty -Output is pretty. This causes \fInmcli\fP to produce easily readable outputs -for humans, i.e. values are aligned, headers are printed, etc. -.TP -.B \-m, \-\-mode tabular | multiline -Switch between \fItabular\fP and \fImultiline\fP output. -If omitted, default is \fItabular\fP for most commands. For the commands -producing more structured information, that cannot be displayed on a single -line, default is \fImultiline\fP. Currently, they are: -.br -.nf - 'nmcli connection show ' - 'nmcli device show' -.fi -\fItabular\fP \(en Output is a table where each line describes a single entry. -Columns define particular properties of the entry. -.br -\fImultiline\fP \(en Each entry comprises multiple lines, each property on its own -line. The values are prefixed with the property name. -.TP -.B \-c, \-\-colors auto|yes|no -This option controls color output (using terminal escape sequences). \fIyes\fP -enables colors, \fIno\fP disables them, \fIauto\fP only produces colors when -standard output is directed to a terminal. The default value is \fIauto\fP. -.TP -.B \-f, \-\-fields | all | common -This option is used to specify what fields (column names) should be printed. -Valid field names differ for specific commands. List available fields by -providing an invalid value to the \fI\-\-fields\fP option. -.br -\fIall\fP is used to print all valid field values of the command. -\fIcommon\fP is used to print common field values of the command. -If omitted, default is \fIcommon\fP. -The option is mandatory when \fI\-\-terse\fP is used. In this case, generic -values \fIall\fP and \fIcommon\fP cannot be used. (This is to maintain -compatibility when new fields are added in the future). -.TP -.B \-e, \-\-escape yes | no -Whether to escape ':' and '\\' characters in terse tabular mode. The escape -character is '\\'. -If omitted, default is \fIyes\fP. -.TP -.B \-n, \-\-nocheck -This option can be used to force \fInmcli\fP to skip checking \fInmcli\fP and -\fINetworkManager\fP version compatibility. Use it with care, because using -incompatible versions may produce incorrect results. -.TP -.B \-a, \-\-ask -When using this option \fInmcli\fP will stop and ask for any missing required -arguments, so do not use this option for non-interactive purposes like scripts. -This option controls, for example, whether you will be prompted for a password -if it is required for connecting to a network. -.TP -.B \-s, \-\-show-secrets -When using this option \fInmcli\fP will display passwords and secrets that might -be present in an output of an operation. This option also influences echoing -passwords typed by user as an input. -.TP -.B \-w, \-\-wait -This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP -to finish operations. It is especially useful for commands that may take a longer time to -complete, e.g. connection activation. -Specifying a value of \fB0\fP instructs \fInmcli\fP not to wait but to exit immediately -with a status of success. The default value depends on the executed command. -.TP -.B \-v, \-\-version -Show \fInmcli\fP version. -.TP -.B \-h, \-\-help -Print help information. -.SS \fIOBJECT\fP -.TP -.B general \- general \fINetworkManager\fP status and operations -.br -Use this object to show NetworkManager status and permissions. You can also get -and change system hostname, as well as NetworkManager logging level and domains. -.TP -.SS \fICOMMAND\fP := { status | hostname | permissions | logging } -.sp -.RS -.TP -.B status -.br -Show overall status of NetworkManager. This is the default action, when no additional -command is provided for \fIgeneral\fP object. -.TP -.B hostname [] -.br -Get and change system hostname. With no arguments, this prints currently configured hostname. -When you pass a hostname, it will be handed over to NetworkManager to be set as a new system -hostname. -.br -Note that the term \fBsystem\fP hostname may also be referred to as \fBpersistent\fP or -\fBstatic\fP by other programs or tools. The hostname is stored in /etc/hostname -file in most distributions. For example, systemd-hostnamed service uses the term -\fBstatic\fP hostname and it only reads the /etc/hostname file when it starts. -.TP -.B permissions -.br -Show the permissions a caller has for various authenticated operations that -NetworkManager provides, like enable and disable networking, changing Wi\(hyFi -and WWAN state, modifying connections, etc. -.TP -.B logging [level ] [domains ] -.br -Get and change \fINetworkManager\fP logging level and domains. Without any argument -current logging level and domains are shown. In order to change logging state, provide -\fIlevel\fP and, or, \fIdomain\fP parameters. See \fBNetworkManager.conf\fP for available -level and domain values. -.RE - -.TP -.B networking \- get or set general networking state of NetworkManager -.br -Use this object to show NetworkManager networking status, or to enable and disable -networking. Disabling networking removes the configuration from all devices and -changes them to the 'unmanaged' state. -.TP -.SS \fICOMMAND\fP := { [ on | off | connectivity ] } -.sp -.RS -.TP -.B [ on | off ] -.br -Get networking\(hyenabled status or enable and disable networking by NetworkManager. -All interfaces managed by NetworkManager are deactivated when networking has -been disabled. -.TP -.B connectivity [check] -.br -Get network connectivity state. -The optional \fIcheck\fP argument tells NetworkManager to re-check the connectivity, -else the most recent known connectivity state is displayed without re-checking. -.br -Possible states are: -.RS -.PP -.IP \fInone\fP 9 -\(en the host is not connected to any network -.IP \fIportal\fP 9 -\(en the host is behind a captive portal and cannot reach the full Internet -.IP \fIlimited\fP 9 -\(en the host is connected to a network, but it has no access to the Internet -.IP \fIfull\fP 9 -\(en the host is connected to a network and has full access to the Internet -.IP \fIunknown\fP 9 -\(en the connectivity status cannot be found out -.RE -.RE - -.TP -.B radio \- get or set radio switch states -.br -Use this object to show radio switches status, or enable and disable -the switches. -.TP -.SS \fICOMMAND\fP := { all | wifi | wwan } -.sp -.RS -.TP -.B wifi [ on | off ] -.br -Show or set status of Wi\(hyFi in NetworkManager. If no arguments are supplied, -Wi\(hyFi status is printed; \fIon\fP enables Wi\(hyFi; \fIoff\fP disables Wi\(hyFi. -.TP -.B wwan [ on | off ] -.br -Show or set status of WWAN (mobile broadband) in NetworkManager. If no arguments -are supplied, mobile broadband status is printed; \fIon\fP enables mobile broadband, -\fIoff\fP disables it. -.TP -.B all [ on | off ] -.br -Show or set all previously mentioned radio switches at the same time. -.RE - -.TP -.B monitor \- monitor NetworkManager -.br -Use this object to observe NetworkManager activity. Watches for changes -in connectivity state, devices or connection profiles. -.br -See also \fImonitor\fP command of \fIconnection\fP or \fIdevice\fP object -to watch for changes in certain objects or object classes. -.RE - -.TP -.B connection \- start, stop, and manage network connections -.sp -NetworkManager stores all network configuration as \fIconnections\fP, which are -collections of data (Layer2 details, IP addressing, etc.) that describe -how to create or connect to a network. A connection is \fIactive\fP when -a device uses that connection's configuration to create or connect to a network. -There may be multiple connections that apply to a device, but only one of them -can be active on that device at any given time. The additional connections can -be used to allow quick switching between different networks and configurations. -.sp -Consider a machine which is usually connected to a DHCP-enabled network, but -sometimes connected to a testing network which uses static IP addressing. Instead -of manually reconfiguring eth0 each time the network is changed, the settings can -be saved as two connections which both apply to eth0, one for DHCP (called -"default") and one with the static addressing details (called "testing"). When -connected to the DHCP-enabled network the user would run "nmcli con up default" -, and when connected to the static network the user would run "nmcli con up testing". -.TP -.SS \fICOMMAND\fP := { show | up | down | add | edit | modify | delete | monitor | reload | load } -.sp -.RS -.TP -.B show [--active] -.br -List in-memory and on-disk connection profiles, some of which may also be -active if a device is using that connection profile. Without a parameter, all -profiles are listed. When --active option is specified, only the active profiles -are shown. -.TP -.B show [--active] [--order ] [ id | uuid | path | apath ] ... -.br -Show details for specified connections. By default, both static configuration -and active connection data are displayed. When --active option is specified, -only the active profiles are taken into account. Use global --show-secrets option -to display secrets associated with the profile. -.sp -Ordering: -.br -The --order option can be used to get custom ordering of connections. The -connections can be ordered by active status, name, type or D-Bus path. If -connections are equal according to a sort order category, an additional -category can be specified. -The default sorting order is equivalent to "--order active:name:path". -.sp - := category:category:... -.br -category := [+-]active | [+-]name | [+-]type | [+-]path -.br -\fI+\fP or no prefix means sorting in ascending order (alphabetically or in numbers). -.br -\fI-\fP means reverse (descending) order. -.br -The category names can be abbreviated (e.g. --order -a:na) -.sp -\fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if -\fI\fP is ambiguous. -.RS -.PP -Optional -specifying keywords are: -.IP \fIid\fP 13 -\(en the denotes a connection name -.IP \fIuuid\fP 13 -\(en the denotes a connection UUID -.IP \fIpath\fP 13 -\(en the denotes a D-Bus static connection path -in the format of /org/freedesktop/NetworkManager/Settings/ or just -.IP \fIapath\fP 13 -\(en the denotes a D-Bus active connection path -in the format of /org/freedesktop/NetworkManager/ActiveConnection/ or just -.PP -It is possible to filter the output using the global \fI--fields\fP option. Use the following -values: -.RE -.RS -.PP -.IP \fIprofile\fP 13 -\(en only shows static profile configuration -.IP \fIactive\fP 13 -\(en only shows active connection data (when the profile is active) -.PP -You can also specify particular fields. For static configuration, use setting and property names -as described in \fInm-settings\fP(5) manual page. For active data use GENERAL, IP4, DHCP4, IP6, -DHCP6, VPN. -.PP -When no command is given to the \fIconnection\fP object, the default action -is 'nmcli connection show'. -.RE -.TP -.B up [ id | uuid | path ] [ifname ] [ap ] [passwd-file ] -.RE -.RS -.B up ifname [ap ] [passwd-file ] -.RS -.br -Activate a connection. The connection is identified by its name, UUID or D-Bus -path. If is ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be -used. When requiring a particular device to activate the connection on, the -\fIifname\fP option with interface name should be given. If the is not -given an \fIifname\fP is required, and NetworkManager will activate the best -available connection for the given \fIifname\fP. In case of a VPN connection, -the \fIifname\fP option specifies the device of the base connection. The -\fIap\fP option specify what particular AP should be used in case of a Wi\(hyFi -connection. -.br -If '--wait' option is not specified, the default timeout will be 90 seconds. -.br -See \fBconnection show\fP above for the description of the -specifying keywords. -.RS -.PP -Available options are: -.IP \fIifname\fP 13 -\(en interface that will be used for activation -.IP \fIap\fP 13 -\(en BSSID of the AP which the command should connect to (for Wi\(hyFi connections) -.IP \fIpasswd-file\fP 13 -\(en some networks may require credentials during activation. You can give these -credentials using this option. -Each line of the file should contain one password in the form of -.br -\fBsetting_name.property_name:the password\fP -.br -For example, for WPA Wi-Fi with PSK, the line would be -.br -\fI802-11-wireless-security.psk:secret12345\fP -.br -For 802.1X password, the line would be -.br -\fI802-1x.password:my 1X password\fP -.br -nmcli also accepts "wifi-sec" and "wifi" strings instead of "802-11-wireless-security". -When NetworkManager requires a password and it is not given, nmcli will ask for it -when run with --ask. If --ask was not passed, NetworkManager can ask another secret -agent that may be running (typically a GUI secret agent, such as nm-applet or -gnome-shell). -.RE -.RE -.TP -.B down [ id | uuid | path | apath ] ... -.br -Deactivate a connection from a device without preventing the device from -further auto-activation. Multiple connections can be passed to the command. -.sp -Be aware that this command deactivates the specified active connection, but the device -on which the connection was active, is still ready to connect and will perform -auto-activation by looking for a suitable connection that has the 'autoconnect' -flag set. This includes the just deactivated connection. So if the connection is set -to auto-connect, it will be automatically started on the disconnected device again. -.br -In most cases you may want to use \fIdevice disconnect\fP command instead. -.sp -The connection is identified by its name, UUID or D-Bus path. -If is ambiguous, a keyword \fIid\fP, \fIuuid\fP, \fIpath\fP or -\fIapath\fP can be used. -.br -See \fBconnection show\fP above for the description of the -specifying keywords. -.br -If '--wait' option is not specified, the default timeout will be 10 seconds. -.TP -.B add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS [-- [+|-]. ...] -.br -Add a connection for NetworkManager. Arguments differ according to connection types, see below. -.RS -.TP -.B COMMON_OPTIONS: -.IP "\fItype \fP" 42 -\(en connection type; see below \fBTYPE_SPECIFIC_OPTIONS\fP for allowed values; (mandatory) -Note that types \fIbond-slave\fP, \fIteam-slave\fP and \fIbridge-slave\fP create \fIethernet\fP -connection profiles. Their use is discouraged in favor of using a specific type with \fImaster\fP -option. -.IP "\fIifname | \(dq\&*\(dq\&\fP" 42 -\(en interface to bind the connection to. The connection will only be applicable to this -interface name. A special value of "\fB*\fP" can be used for interface-independent connections. -The \fIifname\fP argument is mandatory for all connection types except bond, team, bridge and vlan. -Note: use quotes around \fB*\fP to suppress shell expansion. -.IP "\fI[con-name ]\fP" 42 -\(en connection name (when not provided a default name is generated: [-][-]) -.IP "\fI[autoconnect yes|no]\fP" 42 -\(en whether the connection profile can be automatically activated (default: yes) -.IP "\fI[save yes|no]\fP" 42 -\(en whether the connection should be persistent, i.e. NetworkManager should store it on disk (default: yes) -.IP "\fI[master ]\fP" 42 -\(en master interface name, or connection UUID or ID of master connection profile. -The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. -.IP "\fI[slave-type ]\fP" 42 -\(en type of master connection. Only required when it can not be inferred (i.e. the master connection does -not exist yet). -.RE -.RS -.TP -.B TYPE_SPECIFIC_OPTIONS: -.TP -.B ethernet: -.IP "\fI[mac ]\fP" 42 -\(en MAC address of the device this connection is locked to -.IP "\fI[cloned-mac ]\fP" 42 -\(en cloned MAC -.IP "\fI[mtu ]\fP" 42 -\(en MTU -.RE -.RS -.TP -.B wifi: -.IP "\fIssid \fP" 42 -\(en SSID -.IP "\fI[mac ]\fP" 42 -\(en MAC address of the device this connection is locked to -.IP "\fI[cloned-mac ]\fP" 42 -\(en cloned MAC -.IP "\fI[mode infrastructure|ap|adhoc]\fP" 42 -\(en Wi-Fi network mode. If blank, \fIinfrastructure\fP is assumed. -.IP "\fI[mtu ]\fP" 42 -\(en MTU -.RE -.RS -.TP -.B wimax: -.IP "\fI[mac ]\fP" 42 -\(en MAC address of the device this connection is locked to -.IP "\fI[nsp ]\fP" 42 -\(en Network Service Provider name -.RE -.RS -.TP -.B pppoe: -.IP "\fIusername \fP" 42 -\(en PPPoE username -.IP "\fI[password ]\fP" 42 -\(en Password for the PPPoE username -.IP "\fI[service ]\fP" 42 -\(en PPPoE service name (if required by concentrator) -.IP "\fI[mtu ]\fP" 42 -\(en MTU -.IP "\fI[mac ]\fP" 42 -\(en MAC address of the device this connection is locked to -.RE -.RS -.TP -.B gsm: -.IP "\fIapn \fP" 42 -\(en APN - GSM Access Point Name -.IP "\fI[user ]\fP" 42 -\(en user name -.IP "\fI[password ]\fP" 42 -\(en password -.RE -.RS -.TP -.B cdma: -.IP "\fI[user ]\fP" 42 -\(en user name -.IP "\fI[password ]\fP" 42 -\(en password -.RE -.RS -.TP -.B infiniband: -.IP "\fI[mac ]\fP" 42 -\(en MAC address of the device this connection is locked to (InfiniBand MAC is 20 bytes) -.IP "\fI[mtu ]\fP" 42 -\(en MTU -.IP "\fI[transport-mode datagram | connected]\fP" 42 -\(en InfiniBand transport mode -.IP "\fI[parent ]\fP" 42 -\(en the interface name of the parent device (if any) -.IP "\fI[p-key ]\fP" 42 -\(en the InfiniBand P_Key (16-bit unsigned integer) -.RE -.RS -.TP -.B bluetooth: -.IP "\fI[addr ]\fP" 42 -\(en Bluetooth device address (MAC) -.IP "\fI[bt-type panu|dun-gsm|dun-cdma]\fP" 42 -\(en Bluetooth connection type -.RE -.RS -.TP -.B vlan: -.IP "\fIdev \fP" 42 -\(en parent device this VLAN is on -.IP "\fIid \fP" 42 -\(en VLAN ID in range <0-4095> -.IP "\fI[flags ]\fP" 42 -\(en flags -.IP "\fI[ingress ]\fP" 42 -\(en VLAN ingress priority mapping -.IP "\fI[egress ]\fP" 42 -\(en VLAN egress priority mapping -.IP "\fI[mtu ]\fP" 42 -\(en MTU -.RE -.RS -.TP -.B bond: -.IP "\fI[mode balance-rr (0) | active-backup (1) | balance-xor (2) | broadcast (3) |\fP" -.IP "\fI 802.3ad (4) | balance-tlb (5) | balance-alb (6)]\fP" 42 -\(en bonding mode (default: balance-rr) -.IP "\fI[primary ]\fP" 42 -\(en primary interface name (for "active-backup" mode) -.IP "\fI[miimon ]\fP" 42 -\(en miimon (default: 100) -.IP "\fI[downdelay ]\fP" 42 -\(en downdelay (default: 0) -.IP "\fI[updelay ]\fP" 42 -\(en updelay (default: 0) -.IP "\fI[arp-interval ]\fP" 42 -\(en ARP interval (default: 0) -.IP "\fI[arp-ip-target ]\fP" 42 -\(en ARP IP target -.RE -.RS -.TP -.B bond-slave: -.IP "\fImaster \fP" 42 -\(en master bond interface name, or connection UUID or ID of bond master connection profile. -The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. -.RE -.RS -.TP -.B team: -.IP "\fI[config |]\fP" 42 -\(en JSON configuration for team -.RE -.RS -.TP -.B team-slave: -.IP "\fImaster \fP" 42 -\(en master team interface name, or connection UUID or ID of team master connection profile. -The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. -.RE -.RS -.TP -.IP "\fI[config |]\fP" 42 -\(en JSON configuration for team -.RE -.RS -.TP -.B bridge: -.IP "\fI[stp yes|no]\fP" 42 -\(en controls whether Spanning Tree Protocol (STP) is enabled for this bridge (default: yes) -.IP "\fI[priority ]\fP" 42 -\(en sets STP priority (default: 128) -.IP "\fI[forward-delay <2-30>]\fP" 42 -\(en STP forwarding delay, in seconds (default: 15) -.IP "\fI[hello-time <1-10>]\fP" 42 -\(en STP hello time, in seconds (default: 2) -.IP "\fI[max-age <6-42>]\fP" 42 -\(en STP maximum message age, in seconds (default: 20) -.IP "\fI[ageing-time <0-1000000>]\fP" 42 -\(en the Ethernet MAC address aging time, in seconds (default: 300) -.IP "\fI[multicast-snooping yes|no]\fP" 42 -\(en controls whether IGMP snooping is enabled (default: yes) -.IP "\fI[mac ]\fP" 42 -\(en MAC address of the bridge (note: this requires a recent kernel feature, -originally introduced in 3.15 upstream kernel) -.RE -.RS -.TP -.B bridge-slave: -.IP "\fImaster \fP" 42 -\(en master bridge interface name, or connection UUID or ID of bridge master connection profile. -The value can be prefixed with \fBifname/\fP, \fBuuid/\fP or \fBid/\fP to disambiguate it. -.RE -.RS -.TP -.IP "\fI[priority <0-63>]\fP" 42 -\(en STP priority of this slave (default: 32) -.IP "\fI[path-cost <1-65535>]\fP" 42 -\(en STP port cost for destinations via this slave (default: 100) -.IP "\fI[hairpin yes|no]\fP" 42 -\(en 'hairpin mode' for the slave, which allows frames -to be sent back out through the slave the frame was received on (default: yes) -.RE -.RS -.TP -.B vpn: -.IP "\fIvpn-type vpnc|openvpn|pptp|openconnect|openswan|libreswan|strongswan|ssh|l2tp|iodine|fortisslvpn|...\fP" 42 -\(en VPN type -.IP "\fI[user ]\fP" 42 -\(en VPN username -.RE -.RS -.TP -.B olpc-mesh: -.IP "\fIssid \fP" 42 -\(en SSID -.IP "\fI[channel <1-13>]\fP" 42 -\(en channel to use for the network -.IP "\fI[dhcp-anycast ]\fP" 42 -\(en anycast DHCP MAC address used when requesting an IP address via DHCP -.RE -.RS -.TP -.B adsl: -.IP "\fIusername \fP" 42 -\(en ADSL user name -.IP "\fIprotocol pppoa|pppoe|ipoatm\fP" 42 -\(en ADSL protocol -.IP "\fI[password ]\fP" 42 -\(en ADSL password -.IP "\fI[encapsulation vcmux|llc]\fP" 42 -\(en ADSL encapsulation -.RE -.RS -.TP -.B tun: -.IP "\fImode tun|tap\fP" 42 -\(en Mode for the device -.IP "\fI[owner ]\fP" 42 -\(en UID of the owner -.IP "\fI[group ]\fP" 42 -\(en GID of the group -.IP "\fI[pi yes|no>]\fP" 42 -\(en include packet information (~IFF_NO_PI flag) -.IP "\fI[vnet-hdr yes|no>]\fP" 42 -\(en send and receive large (i.e. GSO) packets and packets with partial checksums (IFF_VNET_HDR flag) -.IP "\fI[multi-queue yes|no>]\fP" 42 -\(en multi-queue support for tun/tap device (IFF_MULTI_QUEUE flag) -.RE -.RS -.TP -.B ip-tunnel: -.IP "\fImode ipip|gre|sit|isatap|vti|ip6ip6|ipip6|ip6gre|vti6\fP" 42 -\(en tunnel mode -.IP "\fIremote \fP" 42 -\(en IPv4 or IPv6 address of the remote tunnel endpoint -.IP "\fI[local ]\fP" 42 -\(en IPv4 or IPv6 address of the local tunnel endpoint -.IP "\fI[dev ]\fP" 42 -\(en device to use for tunnel endpoint communication -.RE -.RS -.TP -.B macvlan: -.IP "\fIdev \fP" 42 -\(en parent device this MACVLAN is on -.IP "\fImode vepa|bridge|private|passthru|source\fP" 42 -\(en MACVLAN mode, which specifies the communication mechanism between multiple MACVLANs on the same lower device -.IP "\fI[tap yes|no]\fP" 42 -\(en controls the device type. If set to 'yes' a MACVTAP will be created (default: no) -.RE -.RS -.TP -.B vxlan: -.IP "\fIid \fP" 42 -\(en VXLAN Network Identifer to use -.IP "\fIremote \fP" 42 -\(en unicast destination IP address or multicast IP address to join -.IP "\fI[dev ]\fP" 42 -\(en device to use for tunnel endpoint communication -.IP "\fI[local ]\fP" 42 -\(en source IP address -.IP "\fI[source-port-min <0-65535>]\fP" 42 -\(en minimum UDP source port to communicate to the remote VXLAN tunnel endpoint -.IP "\fI[source-port-max <0-65535>]\fP" 42 -\(en maximum UDP source port to communicate to the remote VXLAN tunnel endpoint -.IP "\fI[destination-port <0-65535>]\fP" 42 -\(en UDP destination port to communicate to the remote VXLAN tunnel endpoint -.RE -.RS -.TP -.B IP_OPTIONS: -.IP "\fI[ip4 ] [gw4 ]\fP" 42 -\(en IPv4 addresses -.IP "\fI[ip6 ] [gw6 ]\fP" 42 -\(en IPv6 addresses -.RE -.RS -If a \fI--\fP argument is encountered, the rest of command line is interpreted -as property list in the same format as \fIconnection modify\fP command accepts. -This makes it possible to adjust the connection properties before it's added. -.RE -.TP -.B edit [id | uuid | path ] - edit an existing connection -.RE -.RS -.B edit [type ] [con-name ] - add a new connection -.RS -Edit an existing connection or add a new one, using an interactive editor. -.br -The existing connection is identified by its name, UUID or D-Bus path. -If is ambiguous, a keyword \fIid\fP, \fIuuid\fP, or \fIpath\fP can be used. -See \fBconnection show\fP above for the description of the -specifying keywords. -Not providing an means that a new connection will be added. -.sp -The interactive editor will guide you through the connection editing and -allow you to change connection parameters according to your needs by means of -a simple menu-driven interface. The editor indicates what settings and -properties can be modified and provides in-line help. -.sp -.PP -Available options: -.IP \fItype\fP 13 -\(en type of the new connection; valid types are the same as for \fIconnection add\fP command -.IP \fIcon-name\fP 13 -\(en name for the new connection. It can be changed later in the editor. -.RE -.RS -.sp -See also \fInm-settings\fP(5) for all NetworkManager settings and property names, and their -descriptions; and \fInmcli-examples\fP(5) for sample editor sessions. -.RE -.TP -.B modify [--temporary] [ id | uuid | path ] [+|-]. -.B [+|-]. ... -.br -Modify one or more properties in the connection profile. -.br -The connection is identified by its name, UUID or D-Bus path. If is -ambiguous, a keyword \fIid\fP, \fIuuid\fP or \fIpath\fP can be used. See -\fInm-settings\fP(5) for setting and property names, their descriptions and -default values. This command supports abbreviations for \fIsetting name\fP and -\fIproperty name\fP provided they are unique. Empty \fIvalue\fP ("") removes -the property value (sets the property to the default value). The provided -value overwrites the existing property value. -.br -If you want to append an item to the existing value, use \fI+\fP prefix for the -property name. If you want to remove just one item from container-type -property, use \fI-\fP prefix for the property name and specify a value or an -zero-based index of the item to remove (or option name for properties with -named options) as \fIvalue\fP. Of course, \fI+|-\fP only have a real effect for -multi-value (container) properties like ipv4.dns, ipv4.addresses, bond.options, -etc. -.br -The changes to the connection profile will be saved persistently by -NetworkManager, unless \fI--temporary\fP option is provided, in which case the -changes won't persist over NetworkManager restart. -.TP -.B clone [--temporary] [ id | uuid | path ] -.br -Clone a connection. The connection to be cloned is identified by its -name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, -\fIuuid\fP or \fIpath\fP can be used. See \fBconnection show\fP above for -the description of the -specifying keywords. \fI\fP is the name -of the new cloned connection. The new connection will be the exact copy except -the connection.id (\fI\fP) and connection.uuid (generated) -properties. -.br -The new connection profile will be saved as persistent unless \fI--temporary\fP -option is specified, in which case the new profile won't exist after NetworkManager -restart. -.TP -.B delete [ id | uuid | path ] ... -.br -Delete a configured connection. The connection to be deleted is identified by -its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, -\fIuuid\fP or \fIpath\fP can be used. -.br -See \fBconnection show\fP above for the description of the -specifying keywords. -.br -If '--wait' option is not specified, the default timeout will be 10 seconds. -.TP -.B monitor [ id | uuid | path ] ... -.br -Monitor connection profile activity. This command prints a line whenever the -specified connection changes. The connection to be monitored is identified by -its name, UUID or D-Bus path. If is ambiguous, a keyword \fIid\fP, -\fIuuid\fP or \fIpath\fP can be used. -.br -See \fBconnection show\fP above for the description of the -specifying keywords. -.br -Monitors all connection profiles in case none is specified. The command terminates -when all monitored connections disappear. If you want to monitor connection creation -consider using the global monitor with \fInmcli monitor\fP command. -.TP -.B reload -.br -Reload all connection files from disk. \fINetworkManager\fP does not monitor -changes to connection files by default. So you need to use this command in order -to tell \fINetworkManager\fP to re-read the connection profiles from disk when -a change was made to them. However, the auto-loading feature can be enabled and -then \fINetworkManager\fP will reload connection files any time they change -(monitor-connection-files=true in \fINetworkManager.conf\fP(5)). -.TP -.B load [...] -.br -Load/reload one or more connection files from disk. Use this after manually -editing a connection file to ensure that \fBNetworkManager\fP is aware -of its latest state. -.TP -.B import [--temporary] type file -.br -Import an external/foreign configuration as a NetworkManager connection profile. -The type of the input file is specified by \fItype\fP option. -.br -Only VPN configurations are supported at the moment. The configuration -is imported by NetworkManager VPN plugins. \fItype\fP values are the same as for -\fIvpn-type\fP option in \fBnmcli connection add\fP. VPN configurations are -imported by VPN plugins. Therefore the proper VPN plugin has to be installed -so that nmcli could import the data. -.br -The imported connection profile will be saved as persistent unless \fI--temporary\fP -option is specified, in which case the new profile won't exist after NetworkManager -restart. -.TP -.B export [ id | uuid | path ] [] -.br -Export a connection. -.br -Only VPN connections are supported at the moment. A proper VPN plugin has to be -installed so that nmcli could export a connection. If no \fI\fP is -provided, the VPN configuration data will be printed to standard output. -.RE - -.TP -.B device - show and manage network interfaces -.br -.TP -.SS \fICOMMAND\fP := { status | show | set | connect | reapply | disconnect | delete | monitor | wifi | lldp } -.sp -.RS -.TP -.B status -.br -Print status of devices. -.br -This is the default action if no command is specified to \fIdevice\fP object. -.TP -.B show [] -.br -Show detailed information about devices. Without an argument, all devices are -examined. To get information for a specific device, the interface name has -to be provided. -.TP -.TP -.B set [ifname] [autoconnect yes|no] [managed yes|no] -.br -Set device properties. -.TP -.B connect -.br -Connect the device. NetworkManager will try to find a suitable connection that -will be activated. It will also consider connections that are not set to auto connect. -.br -If '--wait' option is not specified, the default timeout will be 90 seconds. -.TP -.B reapply -.br -Attempt to update device with changes to the currently active connection -made since it was last applied. -.TP -.B disconnect ... -.br -Disconnect a device and prevent the device from automatically activating further -connections without user/manual intervention. Note that disconnecting software -devices may mean that the devices will disappear. -.br -If '--wait' option is not specified, the default timeout will be 10 seconds. -.TP -.B delete ... -.br -Delete a device. The command removes the interface from the system. Note that -this only works for software devices like bonds, bridges, teams, etc. -Hardware devices (like Ethernet) cannot be deleted by the command. -.br -If '--wait' option is not specified, the default timeout will be 10 seconds. -.TP -.B monitor [] ... -.br -Monitor device activity. This command prints a line whenever the specified devices -change state. -.br -Monitors all devices in case no interface is specified. The monitor terminates when -all specified devices disappear. If you want to monitor device addition consider -using the global monitor with \fInmcli monitor\fP command. -.TP -.B wifi [list [ifname ] [bssid ]] -.br -List available Wi\(hyFi access points. The \fIifname\fP and \fIbssid\fP options -can be used to list APs for a particular interface or with a specific BSSID, -respectively. -.TP -.B wifi connect <(B)SSID> [password ] [wep\-key\-type key|phrase] [ifname ] [bssid ] [name ] -.B [private yes|no] [hidden yes|no] -.br -Connect to a Wi\(hyFi network specified by SSID or BSSID. The command creates a new -connection and then activates it on a device. This is a command\(hyline counterpart -of clicking an SSID in a GUI client. The command always creates a new connection -and thus it is mainly useful for connecting to new Wi\(hyFi networks. If a connection -for the network already exists, it is better to bring up (activate) the existing connection -as follows: \fInmcli con up id \fP. Note that only open, WEP and WPA\(hyPSK networks -are supported at the moment. It is also supposed that IP configuration is obtained via -DHCP. -.br -If '--wait' option is not specified, the default timeout will be 90 seconds. -.RS -.PP -Available options are: -.IP \fIpassword\fP 13 -\(en password for secured networks (WEP or WPA) -.IP \fIwep\-key\-type\fP 13 -\(en type of WEP secret, either \fIkey\fP for ASCII/HEX key or \fIphrase\fP for passphrase -.IP \fIifname\fP 13 -\(en interface that will be used for activation -.IP \fIbssid\fP 13 -\(en if specified, the created connection will be restricted just for the BSSID -.IP \fIname\fP 13 -\(en if specified, the connection will use the name (else NM creates a name itself) -.IP \fIprivate\fP 13 -\(en if set to \fByes\fP, the connection will only be visible to the user who created it. -Otherwise the connection is system\(hywide, which is the default. -.IP \fIhidden\fP 13 -\(en set to \fByes\fP when connecting for the first time to an AP not broadcasting its SSID. -Otherwise the SSID would not be found and the connection attempt would fail. -.RE -.TP -.B wifi hotspot [ifname ] [con-name ] [ssid ] [band a|bg] [channel ] [password ] -.br -Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to -Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA -if device/driver supports that, otherwise WEP is used. -Use \fIconnection down\fP or \fIdevice disconnect\fP to stop the hotspot. -.br -.RS -.PP -Parameters of the hotspot can be influenced by the optional parameters: -.IP \fIifname\fP 17 -\(en what Wi-Fi device is used -.IP \fIcon-name\fP 17 -\(en name of the created hotspot connection profile -.IP \fIssid\fP 17 -\(en SSID of the hotspot -.IP \fIband\fP 17 -\(en Wi-Fi band to use -.IP \fIchannel\fP 17 -\(en Wi-Fi channel to use -.IP \fIpassword\fP 17 -\(en password to use for the created hotspot. If not provided, -nmcli will generate a password. The password is either WPA -pre-shared key or WEP key. -.PP -Note that \fI--show-secrets\fP global option can be used to print the hotspot -password. It is useful especially when the password was generated. -.RE -.TP -.B wifi rescan [ifname ] [[ssid ] ...] -.br -Request that \fINetworkManager\fP immediately re-scan for available access points. -NetworkManager scans Wi\(hyFi networks periodically, but in some cases it can be -useful to start scanning manually (e.g. after resuming the computer). By using -\fIssid\fP, it is possible to scan for a specific SSID, which is useful for APs -with hidden SSIDs. You can provide multiple \fIssid\fP parameters in order to -scan more SSIDs. -.br -This command does not show the APs, use 'nmcli device wifi list' for that. -.TP -.B lldp [list [ifname ]] -.br -Display information about neighboring devices learned through the Link -Layer Discovery Protocol (LLDP). The \fIifname\fP option can be used to -list neighbors only for a given interface. The protocol must be -enabled in the connection settings. -.RE - -.TP -.B agent \- run nmcli as a NetworkManager secret agent, or polkit agent -.br -.TP -.SS \fICOMMAND\fP := { secret | polkit | all } -.sp -.RS -.TP -.B secret -.br -Register nmcli as a NetworkManager secret agent and listen for secret requests. -You do usually not need this command, because nmcli can handle secrets when -connecting to networks. However, you may find the command useful when you use -another tool for activating connections and you do not have a secret agent -available (like nm-applet). -.TP -.B polkit -.br -Register nmcli as a polkit agent for the user session and listen for -authorization requests. You do not usually need this command, because nmcli can -handle polkit actions related to NetworkManager operations (when run with ---ask). However, you may find the command useful when you want to run a simple -text based polkit agent and you do not have an agent of a desktop environment. -Note that running this command makes nmcli handle all polkit requests, not only -NetworkManager related ones, because only one polkit agent can run for the -session. -.TP -.B all -.br -Runs nmcli as both NetworkManager secret and a polkit agent. -.RE - -.SH ENVIRONMENT VARIABLES -\fInmcli\fP's behavior is affected by the following environment variables. -.IP "LC_ALL" 13 -If set to a non\(hyempty string value, it overrides the values of all the other -internationalization variables. -.IP "LC_MESSAGES" 13 -Determines the locale to be used for internationalized messages. -.IP "LANG" 13 -Provides a default value for the internationalization variables that are unset -or null. - -.RE -Internationalization notes: -.br -Be aware that \fInmcli\fP is localized and that is why the output depends on -your environment. This is important to realize especially when you parse the -output. -.br -Call \fInmcli\fP as \fBLC_ALL=C nmcli\fP to be sure the locale is -set to "C" while executing in a script. - -\fBLC_ALL\fP, \fBLC_MESSAGES\fP, \fBLANG\fP variables specify the LC_MESSAGES -locale category (in that order), which determines the language that \fInmcli\fP -uses for messages. The "C" locale is used if none of these variables are set, -and this locale uses English messages. - -.SH EXIT STATUS -\fInmcli\fP exits with status 0 if it succeeds, a value greater than 0 is -returned if an error occurs. -.IP "0" 4 -Success \(en indicates the operation succeeded -.IP "1" 4 -Unknown or unspecified error -.IP "2" 4 -Invalid user input, wrong \fInmcli\fP invocation -.IP "3" 4 -Timeout expired (see \fI\-\-wait\fP option) -.IP "4" 4 -Connection activation failed -.IP "5" 4 -Connection deactivation failed -.IP "6" 4 -Disconnecting device failed -.IP "7" 4 -Connection deletion failed -.IP "8" 4 -NetworkManager is not running -.IP "9" 4 -\fInmcli\fP and \fINetworkManager\fP versions mismatch -.IP "10" 4 -Connection, device, or access point does not exist. - -.SH EXAMPLES -.PP -This section presents various examples of nmcli usage. If you want even more, -please refer to \fInmcli-examples\fP(5) manual page. -.sp -.IP "\fB\f(CWnmcli \-t \-f RUNNING general\fP\fP" -.IP -tells you whether NetworkManager is running or not. - -.IP "\fB\f(CWnmcli \-t \-f STATE general\fP\fP" -.IP -shows the overall status of NetworkManager. - -.IP "\fB\f(CWnmcli radio wifi off\fP\fP" -.IP -switches Wi\(hyFi off. - -.IP "\fB\f(CWnmcli connection show\fP\fP" -.IP -lists all connections NetworkManager has. - -.IP "\fB\f(CWnmcli \-p \-m multiline \-f all con show\fP\fP" -.IP -shows all configured connections in multi-line mode. - -.IP "\fB\f(CWnmcli connection show --active\fP\fP" -.IP -lists all currently active connections. - -.IP "\fB\f(CWnmcli \-f name,autoconnect c s\fP\fP" -.IP -shows all connection profile names and their auto-connect property. - -.IP "\fB\f(CWnmcli \-p connection show \(dq\&My default em1\(dq\&\fP\fP" -.IP -shows details for "My default em1" connection profile. - -.IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP" -.IP -shows details for "My Home WiFi" connection profile with all passwords. -Without \fI--show-secrets\fP option, secrets would not be displayed. - -.IP "\fB\f(CWnmcli \-f active connection show \(dq\&My default em1\(dq\&\fP\fP" -.IP -shows details for "My default em1" active connection, like IP, DHCP -information, etc. - -.IP "\fB\f(CWnmcli -f profile con s \(dq\&My wired connection\(dq\&\fP\fP" -.IP -shows static configuration details of the connection profile with "My wired connection" name. - -.IP "\fB\f(CWnmcli \-p con up \(dq\&My wired connection\(dq\& ifname eth0\fP\fP" -.IP -activates the connection profile with name "My wired connection" on interface eth0. -The \-p option makes nmcli show progress of the activation. - -.IP "\fB\f(CWnmcli con up 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 ap 00:3A:98:7C:42:D3\fP\fP" -.IP -connects the Wi\(hyFi connection with UUID 6b028a27\-6dc9\-4411\-9886\-e9ad1dd43761 to the AP -with BSSID 00:3A:98:7C:42:D3. - -.IP "\fB\f(CWnmcli device status\fP\fP" -.IP -shows the status for all devices. - -.IP "\fB\f(CWnmcli dev disconnect em2\fP\fP" -.IP -disconnects a connection on interface em2 and marks the device as unavailable for -auto\(hyconnecting. As a result, no connection will automatically be activated on the -device until the device's 'autoconnect' is set to TRUE or the user manually activates -a connection. - -.IP "\fB\f(CWnmcli \-f GENERAL,WIFI\-PROPERTIES dev show wlan0\fP\fP" -.IP -shows details for wlan0 interface; only GENERAL and WIFI\-PROPERTIES sections will be shown. - -.IP "\fB\f(CWnmcli \-f CONNECTIONS device show wlp3s0\fP\fP" -.IP -shows all available connection profiles for your Wi-Fi interface wlp3s0. - -.IP "\fB\f(CWnmcli dev wifi\fP\fP" -.IP -lists available Wi\(hyFi access points known to NetworkManager. - -.IP "\fB\f(CWnmcli dev wifi con \(dq\&Cafe Hotspot 1\(dq\& password caffeine name \(dq\&My cafe\(dq\&\fP\fP" -.IP -creates a new connection named "My cafe" and then connects it to "Cafe Hotspot 1" SSID -using password "caffeine". This is mainly useful when connecting to "Cafe Hotspot 1" for -the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the -existing connection profile can be used and no additional is created. - -.IP "\fB\f(CWnmcli -s dev wifi hotspot con-name QuickHotspot\fP\fP" -.IP -creates a hotspot profile and connects it. Prints the hotspot password the user should use -to connect to the hotspot from other devices. - -.IP "\fB\f(CWnmcli connection add type ethernet autoconnect no ifname eth0\fP\fP" -.IP -non-interactively adds an Ethernet connection tied to eth0 interface with automatic IP configuration (DHCP), -and disables the connection's "autoconnect" flag. - -.IP "\fB\f(CWnmcli c a ifname Maxipes\(hyfik type vlan dev eth0 id 55\fP\fP" -.IP -non-interactively adds a VLAN connection with ID 55. The connection will use eth0 and the VLAN interface -will be named Maxipes\(hyfik. - -.IP "\fB\f(CWnmcli c a ifname eth0 type ethernet -- ipv4.method disabled ipv6.method link-local\fP\fP" -.IP -non-interactively adds a connection that will use eth0 Ethernet interface and only have an IPv6 link-local -address configured. - -.IP "\fB\f(CWnmcli connection edit ethernet\-em1\-2\fP\fP" -.IP -edits existing "ethernet\(hyem1\(hy2" connection in the interactive editor. - -.IP "\fB\f(CWnmcli connection edit type ethernet con-name \(dq\&yet another Ethernet connection\(dq\&\fP\fP" -.IP -adds a new Ethernet connection in the interactive editor. - -.IP "\fB\f(CWnmcli con mod ethernet\-2 connection.autoconnect no\fP\fP" -.IP -modifies 'autoconnect' property in the 'connection' setting of 'ethernet\(hy2' connection. - -.IP "\fB\f(CWnmcli con mod \(dq\&Home Wi\-Fi\(dq\& wifi.mtu 1350\fP\fP" -.IP -modifies 'mtu' property in the 'wifi' setting of 'Home Wi\(hyFi' connection. - -.IP "\fB\f(CWnmcli con mod em1-1 ipv4.method manual ipv4.addr \(dq\&192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11\(dq\&\fP\fP" -.IP -sets manual addressing and the addresses in em1-1 profile. - -.IP "\fB\f(CWnmcli con modify ABC +ipv4.dns 8.8.8.8\fP\fP" -.IP -appends a Google public DNS server to DNS servers in ABC profile. - -.IP "\fB\f(CWnmcli con modify ABC -ipv4.addresses \(dq\&192.168.100.25/24 192.168.1.1\(dq\&\fP\fP" -.IP -removes the specified IP address from (static) profile ABC. - -.IP "\fB\f(CWnmcli con import type openvpn file ~/Downloads/frootvpn.ovpn\fP\fP" -.IP -imports an OpenVPN configuration to NetworkManager. - -.IP "\fB\f(CWnmcli con export corp-vpnc /home/joe/corpvpn.conf\fP\fP" -.IP -exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc) configuration. - -.SH NOTES -\fInmcli\fP accepts abbreviations, as long as they are a unique prefix in the set -of possible options. As new options get added, these abbreviations are not guaranteed -to stay unique. For scripting and long term compatibility it is therefore strongly -advised to spell out the full option names. - -.SH BUGS -There are probably some bugs. If you find a bug, please report it to -https://bugzilla.gnome.org/ \(em product \fINetworkManager\fP. - -.SH SEE ALSO -.BR nmcli\-examples (5), -.BR nm\-online (1), -.BR NetworkManager (8), -.BR NetworkManager.conf (5), -.BR nm\-settings (5), -.BR nm\-applet (1), -.BR nm\-connection\-editor (1). diff --git a/man/nmcli.xml b/man/nmcli.xml new file mode 100644 index 000000000..21faf1af4 --- /dev/null +++ b/man/nmcli.xml @@ -0,0 +1,3113 @@ + + + + + + + + + + nmcli + NetworkManager developers + + + + nmcli + 1 + NetworkManager + General Commands Manual + 1.2 + + + + nmcli + command-line tool for controlling NetworkManager + + + + + nmcli + OPTIONS + + + + + + + + + + + COMMAND + ARGUMENTS + + + + Description + nmcli is a command-line tool for controlling + NetworkManager and reporting network status. It can be utilized as a + replacement for nm-applet or other graphical clients. + nmcli is used to create, display, edit, delete, activate, + and deactivate network connections, as well as control and display network + device status. + + Typical uses include: + + + Scripts: Utilize NetworkManager via nmcli instead of + managing network connections manually. nmcli supports a + terse output format which is better suited for script processing. Note that + NetworkManager can also execute scripts, called "dispatcher scripts", in + response to network events. See + NetworkManager8 + for details about these dispatcher scripts. + + + + Servers, headless machines, and terminals: nmcli can + be used to control NetworkManager without a GUI, including creating, editing, + starting and stopping network connections and viewing network status. + + + + + Options + + + + + + + + + + Output is terse. This mode is designed and suitable for computer (script) + processing. + + + + + + + + + + + Output is pretty. This causes nmcli to produce easily + readable outputs for humans, i.e. values are aligned, headers are printed, + etc. + + + + + + + + + tabular + multiline + + + + + Switch between tabular and multiline output: + + + + tabular + + Output is a table where each line describes a single entry. + Columns define particular properties of the entry. + + + + + multiline + + Each entry comprises multiple lines, each property on its + own line. The values are prefixed with the property name. + + + + + If omitted, default is tabular for most commands. + For the commands producing more structured information, that cannot be + displayed on a single line, default is multiline. + Currently, they are: + + + + nmcli connection show ID + + + + nmcli device show + + + + + + + + + + + + yes + no + auto + + + + + This option controls color output (using terminal escape sequences). + yes enables colors, no disables them, + auto only produces colors when standard output is directed + to a terminal. The default value is auto. + + + + + + + + + field + all + common + + + + + This option is used to specify what fields (column names) should be + printed. Valid field names differ for specific commands. List available fields + by providing an invalid value to the option. + all is used to print all valid field values of the + command. common is used to print common field values of + the command. + + If omitted, default is common. The option is + mandatory when is used. In this case, generic values + all and common cannot be used. This + is to maintain compatibility when new fields are added in the future. + + + + + + + + + yes + no + + + + + Whether to escape : and \ characters in terse tabular mode. The + escape character is \. + + If omitted, default is yes. + + + + + + + + + + + This option can be used to force nmcli to skip + checking nmcli and NetworkManager + version compatibility. Use it with care, because using incompatible versions + may produce incorrect results. + + + + + + + + + + + When using this option nmcli will stop and ask for any + missing required arguments, so do not use this option for non-interactive + purposes like scripts. This option controls, for example, whether you will be + prompted for a password if it is required for connecting to a network. + + + + + + + + + + + When using this option nmcli will display passwords + and secrets that might be present in an output of an operation. This option + also influences echoing passwords typed by user as an input. + + + + + + + + + + seconds + + + + This option sets a timeout period for which nmcli will + wait for NetworkManager to finish operations. It is + especially useful for commands that may take a longer time to complete, e.g. + connection activation. + + Specifying a value of 0 instructs + nmcli not to wait but to exit immediately with a status of + success. The default value depends on the executed command. + + + + + + + + + + + Show nmcli version. + + + + + + + + + + + Print help information. + + + + + + + General Commands + + + nmcli general + + status + hostname + permissions + logging + + ARGUMENTS + + + Use this command to show NetworkManager status and permissions. You can also get + and change system hostname, as well as NetworkManager logging level and domains. + + + + + status + + + Show overall status of NetworkManager. This is the default action, when + no additional command is provided for nmcli general. + + + + + + hostname + hostname + + + + Get and change system hostname. With no arguments, this prints currently + configured hostname. When you pass a hostname, it will be handed over to + NetworkManager to be set as a new system hostname. + + Note that the term "system" hostname may also be referred to as + "persistent" or "static" by other programs or tools. The hostname is stored + in /etc/hostname file in most distributions. For example, + systemd-hostnamed service uses the term "static" hostname and it only reads + the /etc/hostname file when it starts. + + + + + permissions + + + Show the permissions a caller has for various authenticated operations + that NetworkManager provides, like enable and disable networking, changing + Wi-Fi and WWAN state, modifying connections, etc. + + + + + + logging + level + domains + + + + Get and change NetworkManager logging level and + domains. Without any argument current logging level and domains are shown. In + order to change logging state, provide and, or, + parameters. See + NetworkManager.conf5 + for available level and domain values. + + + + + + Networking Control Commands + + + nmcli networking + + on + off + connectivity + + ARGUMENTS + + + Query NetworkManager networking status, enable and disable networking. + + + + + + on + off + + + Enable enable or disable networking control by NetworkManager. + All interfaces managed by NetworkManager are deactivated when networking + is disabled. + + + + + + connectivity + check + + + + Get network connectivity state. The optional + argument tells NetworkManager to re-check the connectivity, else the most + recent known connectivity state is displayed without re-checking. + + Possible states are: + + + + none + + the host is not connected to any network. + + + + portal + + the host is behind a captive portal and cannot reach the full Internet. + + + + limited + + the host is connected to a network, but it has no access to the Internet. + + + + full + + the host is connected to a network and has full access to the Internet. + + + + unknown + + the connectivity status cannot be found out. + + + + + + + + + + Radio Transmission Control Commands + + + nmcli radio + + all + wifi + wwan + + ARGUMENTS + + + Show radio switches status, or enable and disable the switches. + + + + + + wifi + + on + off + + + + + Show or set status of Wi-Fi in NetworkManager. If no arguments are + supplied, Wi-Fi status is printed; enables Wi-Fi; + disables Wi-Fi. + + + + + + wwan + + on + off + + + + + Show or set status of WWAN (mobile broadband) in NetworkManager. If no + arguments are supplied, mobile broadband status is printed; + enables mobile broadband, + disables it. + + + + + + all + + on + off + + + + + Show or set all previously mentioned radio switches at the same time. + + + + + + Activity Monitor + + + nmcli monitor + + + Observe NetworkManager activity. Watches for changes + in connectivity state, devices or connection profiles. + + See also nmcli connection monitor + and nmcli device monitor to watch + for changes in certain devices or connections. + + + Connection Management Commands + + + nmcli connection + + show + up + down + add + edit + modify + delete + monitor + reload + load + + ARGUMENTS + + + NetworkManager stores all network configuration as "connections", + which are collections of data (Layer2 details, IP addressing, etc.) that + describe how to create or connect to a network. A connection is "active" + when a device uses that connection's configuration to create or connect to + a network. There may be multiple connections that apply to a device, but only + one of them can be active on that device at any given time. The additional + connections can be used to allow quick switching between different networks + and configurations. + + Consider a machine which is usually connected to a DHCP-enabled network, + but sometimes connected to a testing network which uses static IP addressing. + Instead of manually reconfiguring eth0 each time the network is changed, the + settings can be saved as two connections which both apply to eth0, one for DHCP + (called default) and one with the static addressing details (called + testing). When connected to the DHCP-enabled network the user would run + nmcli con up default , and when connected to the static network the user + would run nmcli con up testing. + + + + + + show + + + + [+-]category: + + + + + List in-memory and on-disk connection profiles, some of which may also be + active if a device is using that connection profile. Without a parameter, all + profiles are listed. When option is specified, only + the active profiles are shown. + + The option can be used to get custom + ordering of connections. The connections can be ordered by active status + (active), name (name), type + (type) or D-Bus path (path). If + connections are equal according to a sort order category, an additional + category can be specified. The default sorting order is equivalent to + --order active:name:path. + or no + prefix means sorting in ascending order (alphabetically or in numbers), + - means reverse (descending) order. The category names + can be abbreviated (e.g. --order -a:na). + + + + + + show + + + + + + + + ID + + + + Show details for specified connections. By default, both static + configuration and active connection data are displayed. When + option is specified, only the active profiles are + taken into account. Use global option to + display secrets associated with the profile. + + , , + and keywords can be used + if ID is ambiguous. Optional + ID-specifying keywords are: + + + + + + the ID denotes a connection name. + + + + + + the ID denotes a connection UUID. + + + + + + the ID denotes a D-Bus + static connection path in the format of + /org/freedesktop/NetworkManager/Settings/num + or just num. + + + + + + the ID denotes a D-Bus active connection path in the format of + /org/freedesktop/NetworkManager/ActiveConnection/num or just + num. + + + + + It is possible to filter the output using the global + option. Use the following values: + + + + + + only shows static profile configuration. + + + + + + only shows active connection data (when the profile is active). + + + + + You can also specify particular fields. For static configuration, use + setting and property names as described in + nm-settings5 + manual page. For active data use GENERAL, IP4, DHCP4, IP6, + DHCP6, VPN. + + When no command is given to the nmcli connection, + the default action is nmcli connection show. + + + + + + + up + + + + + + ID + ifname + BSSID + file + + + + Activate a connection. The connection is identified by its name, UUID or + D-Bus path. If ID is ambiguous, a keyword , + or can be used. When + requiring a particular device to activate the connection on, the + option with interface name should be given. If the + ID is not given an is required, and + NetworkManager will activate the best available connection for the given + . In case of a VPN connection, the + option specifies the device of the base connection. + The option specify what particular AP should be used in + case of a Wi-Fi connection. + + If option is not specified, the default timeout will be 90 + seconds. + + See connection show above for the description of the + ID-specifying keywords. + + Available options are: + + + + + + interface that will be used for activation. + + + + + + BSSID of the AP which the command should connect to (for Wi-Fi connections). + + + + + + some networks may require credentials during activation. You can give + these credentials using this option. Each line of the file should contain one + password in the form: + + setting_name.property_name:the password + + For example, for WPA Wi-Fi with PSK, the line would be + + 802-11-wireless-security.psk:secret12345 + + For 802.1X password, the line would be + + 802-1x.password:my 1X password + + nmcli also accepts wifi-sec and wifi strings instead of + 802-11-wireless-security. When NetworkManager requires a password and it is + not given, nmcli will ask for it when run with . + If was not passed, NetworkManager can ask another secret + agent that may be running (typically a GUI secret agent, such as nm-applet or + gnome-shell). + + + + + + + + + + down + + + + + + + ID + + + + Deactivate a connection from a device without preventing the device from + further auto-activation. Multiple connections can be passed to the + command. + + Be aware that this command deactivates the specified active connection, + but the device on which the connection was active, is still ready to connect + and will perform auto-activation by looking for a suitable connection that has + the 'autoconnect' flag set. This includes the just deactivated connection. So + if the connection is set to auto-connect, it will be automatically started on + the disconnected device again. + + In most cases you may want to use device disconnect + command instead. + + The connection is identified by its name, UUID or D-Bus path. If + ID is ambiguous, a keyword , + , or + can be used. + + See connection show above for the description of + the ID-specifying keywords. + + If option is not specified, the default timeout + will be 10 seconds. + + + + + + add + ifname + con-name name + + + + yes + no + + + + + + yes + no + + + master master + slave-type type + type type + ARGUMENTS + ip4 addr + gw4 addr + ip6 addr + gw6 addr + + + + [+|-]setting.property + value + + + + + + Add a connection for NetworkManager. Arguments differ according to connection types, see below. + + + + + + + interface to bind the connection to. The connection will only be + applicable to this interface name. A special value of * + can be used for interface-independent connections. The + argument is mandatory for all connection types + except bond, team, bridge and vlan. Note: use quotes around + * to suppress shell expansion. + + + + + + + connection name (when not provided a default name is generated: + <type>[-<ifname>][-<num>]). + + + + + + + whether the connection profile can be automatically activated (default: + yes). + + + + + + + whether the connection should be persistent, i.e. NetworkManager should + store it on disk (default: yes). + + + + + + + master interface name, or connection UUID or ID of master connection + profile. The value can be prefixed with ifname/, + uuid/ or id/ to disambiguate it. + + + + + + + type of master connection. Only required when it can not be inferred + (i.e. the master connection does + not exist yet). + + + + + + + connection type; see below for allowed values. Note that types + , and + create connection + profiles. Their use is discouraged in favor of using a specific type with + option. + + + + + + + addr + addr + mtu + + + + + + + MAC address of the device this connection is locked to. + + + + + + + cloned MAC. + + + + + + + MTU. + + + + + + + + + + SSID + addr + addr + + + + infrastructure + ap + adhoc + + + mtu + + + + + + + SSID. + + + + + + + MAC address of the device this connection is locked to. + + + + + + + cloned MAC. + + + + + + + Wi-Fi network mode. If blank, infrastructure + is assumed. + + + + + + + MTU. + + + + + + + + + + addr + nsp + + + + + + + MAC address of the device this connection is locked to. + + + + + + + Network Service Provider name. + + + + + + + + + + user + passwd + name + mtu + addr + + + + + + + PPPoE username. + + + + + + + Password for the PPPoE username. + + + + + + + PPPoE service name (if required by concentrator). + + + + + + + MTU. + + + + + + + MAC address of the device this connection is locked to. + + + + + + + + + + APN + user + passwd + + + + + + + APN - GSM Access Point Name. + + + + + + + user name. + + + + + + + password. + + + + + + + + + + user + passwd + + + + + + + user name. + + + + + + + password. + + + + + + + + + + addr + mtu + + + + datagram + connected + + + device + key + + + + + + + MAC address of the device this connection is locked to + (InfiniBand MAC is 20 bytes). + + + + + + + MTU. + + + + + + + InfiniBand transport mode. + + + + + + + the interface name of the parent device (if any). + + + + + + + the InfiniBand P_Key (16-bit unsigned integer). + + + + + + + + + + addr + + + + panu + dun-gsm + dun-cdma + + + + + + + + + Bluetooth device address (MAC). + + + + + + + Bluetooth connection type. + + + + + + + + + + device + id + flags + mapping + mapping + mtu + + + + + + + parent device this VLAN is on. + + + + + + + VLAN ID in range 0-4095. + + + + + + + flags. + + + + + + + VLAN ingress priority mapping. + + + + + + + VLAN egress priority mapping. + + + + + + + MTU. + + + + + + + + + + + + + active-backup + balance-xor + broadcast + 802.3ad + balance-tlb + balance-alb + num + + + ifname + num + num + num + num + num + + + + + + + + bonding mode (default: balance-rr). + + + + + + + primary interface name (for active-backup mode). + + + + + + + miimon (default: 100). + + + + + + + downdelay (default: 0). + + + + + + + updelay (default: 0). + + + + + + + ARP interval (default: 0). + + + + + + + ARP IP target. + + + + + + + + + + master + + + + + + + master bond interface name, or connection UUID or + ID of bond master connection profile. The value can be + prefixed with ifname/, + uuid/ or id/ to + disambiguate it. + + + + + + + + + + + + + file + JSON + + + + + + + + + + JSON configuration for team. + + + + + + + + + + + + + + + + + + + + master team interface name, or connection UUID or + ID of team master connection profile. The value can be + prefixed with ifname/, + uuid/ or id/to + disambiguate it. + + + + + + + JSON configuration for team. + + + + + + + + + + + + + yes + no + + + num + 2-30 + 1-10 + 6-42 + 0-1000000 + + + + yes + no + + + addr + + + + + + + controls whether Spanning Tree Protocol (STP) is enabled for this bridge + (default: yes). + + + + + + + sets STP priority (default: 128). + + + + + + + STP forwarding delay, in seconds (default: 15). + + + + + + + STP hello time, in seconds (default: 2). + + + + + + + STP maximum message age, in seconds (default: 20). + + + + + + + the Ethernet MAC address aging time, in seconds (default: 300). + + + + + + + controls whether IGMP snooping is enabled (default: yes). + + + + + + + MAC address of the bridge (note: this requires a recent kernel feature, + originally introduced in 3.15 upstream kernel). + + + + + + + + + + master + num + 1-65535 + + + + yes + no + + + + + + + + + master bridge interface name, or connection UUID + or ID of bridge master connection profile. The value + can be prefixed with ifname/, + uuid/ or id/ + to disambiguate it. + + + + + + + STP priority of this slave (default: 32). + + + + + + + STP port cost for destinations via this slave (default: 100). + + + + + + + 'hairpin mode' for the slave, which allows frames to be sent back out + through the slave the frame was received on (default: yes). + + + + + + + + + + type + username + + + + + + + VPN type. + + + + + + + VPN username. + + + + + + + + + + SSID + 1-13 + MAC + + + + + + + SSID. + + + + + + + channel to use for the network. + + + + + + + anycast DHCP MAC address used when requesting an IP address via DHCP. + + + + + + + + + + username + + + + pppoa + pppoe + ipoatm + + + passwd + + + + vcmux + llc + + + + + + + + + ADSL user name. + + + + + + + ADSL protocol. + + + + + + + ADSL password. + + + + + + + ADSL encapsulation. + + + + + + + + + + + + + tun + tap + + + UID + GID + + + + yes + no + + + + + + yes + no + + + + + + yes + no + + + + + + + + + Mode for the device. + + + + + + + UID of the owner. + + + + + + + GID of the group. + + + + + + + include packet information (~IFF_NO_PI flag). + + + + + + + send and receive large (i.e. GSO) packets and packets with partial + checksums (IFF_VNET_HDR flag). + + + + + + + multi-queue support for tun/tap device (IFF_MULTI_QUEUE flag). + + + + + + + + + + + + + ipip + gre + sit + isatap + vti + ip6ip6 + ipip6 + ip6gre + vti6 + tun + + + addr + addr + device + + + + + + + tunnel mode. + + + + + + + IPv4 or IPv6 address of the remote tunnel endpoint. + + + + + + + IPv4 or IPv6 address of the local tunnel endpoint. + + + + + + + device to use for tunnel endpoint communication. + + + + + + + + + + device + + + + vepa + bridge + private + passthru + source + + + + + + yes + no + + + + + + + + + parent device this MACVLAN is on. + + + + + + + MACVLAN mode, which specifies the communication mechanism between + multiple MACVLANs on the same lower device. + + + + + + + controls the device type. If set to 'yes' a MACVTAP will be created + (default: no). + + + + + + + + + + id + addr + parent device (ifname or connection UUID) + addr + 0-65535 + 0-65535 + 0-65535 + + + + + + + VXLAN Network Identifer to use. + + + + + + + unicast destination IP address or multicast IP address to join. + + + + + + + device to use for tunnel endpoint communication. + + + + + + + source IP address. + + + + + + + minimum UDP source port to communicate to the remote VXLAN tunnel endpoint. + + + + + + + maximum UDP source port to communicate to the remote VXLAN tunnel endpoint. + + + + + + + UDP destination port to communicate to the remote VXLAN tunnel endpoint. + + + + + + + + + + + IPv4 addresses. + + + + + + + + IPv6 addresses. + + + + + + + If a argument is encountered, the rest of command + line is interpreted as property list in the same format as connection + modify command accepts. This makes it possible to adjust the + connection properties before it's added. + + + + + + + + + edit + + + + + + + + ID + + + type + name + + + + + + Edit an existing connection or add a new one, using an interactive editor. + + The existing connection is identified by its name, UUID or D-Bus path. If + ID is ambiguous, a keyword , + , or can be used. See + connection show above for the description of the + ID-specifying keywords. Not providing an + ID means that a new connection will be added. + + The interactive editor will guide you through the connection editing and + allow you to change connection parameters according to your needs by means of + a simple menu-driven interface. The editor indicates what settings and + properties can be modified and provides in-line help. + + Available options: + + + + + + type of the new connection; valid types are the same as for + connection add command. + + + + + + name for the new connection. It can be changed later in the editor. + + + + + See also + nm-settings5 + for all NetworkManager settings and property names, and their + descriptions; and + nmcli-examples5 + for sample editor sessions. + + + + + + modify + + + + + + + ID + + [+|-]setting.property + value + + + + + Modify one or more properties in the connection profile. + + The connection is identified by its name, UUID or D-Bus path. If + ID is ambiguous, a keyword , + or can be used. See + nm-settings5 + for setting and property names, their descriptions and default + values. This command supports abbreviations for setting + and property provided they are unique. Empty + value ("") removes the property value (sets + the property to the default value). The provided value overwrites the existing + property value. + + If you want to append an item to the existing value, use + + prefix for the property name. If you want to remove just + one item from container-type property, use - prefix for + the property name and specify a value or an zero-based index of the item to + remove (or option name for properties with named options) as + value. Of course, + and + - only have a real effect for multi-value (container) + properties like ipv4.dns, ipv4.addresses, + bond.options, etc. + + + + + + clone + + + + + + + ID + name + + + + Clone a connection. The connection to be cloned is identified by its + name, UUID or D-Bus path. If ID is ambiguous, a keyword + , or + can be used. See connection show above for the description + of the ID-specifying keywords. name is + the name of the new cloned connection. The new connection will be the exact + copy except the connection.id (name) and + connection.uuid (generated) properties. + + The new connection profile will be saved as persistent unless + option is specified, in which case the new profile + won't exist after NetworkManager restart. + + + + + + delete + + + + + + ID + + + + Delete a configured connection. The connection to be deleted is + identified by its name, UUID or D-Bus path. If ID is ambiguous, a + keyword , or can be used. + See connection show above for the description of + the ID-specifying keywords. + + If option is not specified, the default timeout will be 10 + seconds. + + + + + + monitor + + + + + + ID + + + + Monitor connection profile activity. This command prints a line whenever + the specified connection changes. The connection to be monitored is identified + by its name, UUID or D-Bus path. If ID is ambiguous, a keyword + , or + can be used. See connection show above for the description of the + ID-specifying keywords. + + Monitors all connection profiles in case none is specified. The command + terminates when all monitored connections disappear. If you want to monitor + connection creation consider using the global monitor with nmcli + monitor command. + + + + + + reload + + + + Reload all connection files from disk. + NetworkManager does not monitor changes to connection + files by default. So you need to use this command in order to tell + NetworkManager to re-read the connection profiles from + disk when a change was made to them. However, the auto-loading feature can be + enabled and then NetworkManager will reload connection + files any time they change (monitor-connection-files=true in + NetworkManager.conf5). + + + + + + + load + filename + + + + Load/reload one or more connection files from disk. Use this after + manually editing a connection file to ensure that + NetworkManager is aware of its latest state. + + + + + + import + + type + file + + + + Import an external/foreign configuration as a NetworkManager connection + profile. The type of the input file is specified by + option. + + Only VPN configurations are supported at the moment. The configuration is + imported by NetworkManager VPN plugins. values are + the same as for option in nmcli + connection add. VPN configurations are imported by VPN plugins. + Therefore the proper VPN plugin has to be installed so that nmcli could import + the data. + + The imported connection profile will be saved as persistent unless + option is specified, in which case the new profile + won't exist after NetworkManager restart. + + + + + + export + + + + + + ID + file + + + + Export a connection. + + Only VPN connections are supported at the moment. A proper VPN plugin has + to be installed so that nmcli could export a connection. If no + file is provided, the VPN configuration + data will be printed to standard output. + + + + + + Device Management Commands + + + nmcli device + + status + show + set + connect + reapply + disconnect + delete + monitor + wifi + lldp + + ARGUMENTS + + + Show and manage network interfaces. + + + + + status + + + Print status of devices. + + This is the default action if no command is specified to + nmcli device. + + + + + + show + ifname + + + + Show detailed information about devices. Without an argument, all + devices are examined. To get information for a specific device, the interface + name has to be provided. + + + + + + set + ifname + ifname + + + + yes + no + + + + + + yes + no + + + + + + Set device properties. + + + + + + connect + ifname + + + + Connect the device. NetworkManager will try to find a suitable connection + that will be activated. It will also consider connections that are not set to + auto connect. + + If option is not specified, the default timeout will be 90 + seconds. + + + + + + reapply + ifname + + + + Attempt to update device with changes to the currently active connection + made since it was last applied. + + + + + + disconnect + ifname + + + + Disconnect a device and prevent the device from automatically activating + further connections without user/manual intervention. Note that disconnecting + software devices may mean that the devices will disappear. + + If option is not specified, the default timeout + will be 10 seconds. + + + + + + + delete + ifname + + + + Delete a device. The command removes the interface from the system. Note + that this only works for software devices like bonds, bridges, teams, etc. + Hardware devices (like Ethernet) cannot be deleted by the command. + + If option is not specified, the default timeout will be 10 + seconds. + + + + + + monitor + ifname + + + + Monitor device activity. This command prints a line whenever the + specified devices change state. + + Monitors all devices in case no interface is specified. The monitor + terminates when all specified devices disappear. If you want to monitor device + addition consider using the global monitor with nmcli + monitor command. + + + + + + wifi + + list + ifname + BSSID + + + + + List available Wi-Fi access points. The and + options can be used to list APs for a particular + interface or with a specific BSSID, respectively. + + + + + + wifi + connect + (B)SSID + password + + + + key + phrase + + + ifname + BSSID + name + + + + yes + no + + + + + + yes + no + + + + + + Connect to a Wi-Fi network specified by SSID or BSSID. The command + creates a new connection and then activates it on a device. This is a + command-line counterpart of clicking an SSID in a GUI client. The command + always creates a new connection and thus it is mainly useful for connecting to + new Wi-Fi networks. If a connection for the network already exists, it is + better to bring up (activate) the existing connection as follows: + nmcli con up id name. Note that + only open, WEP and WPA-PSK networks are supported at the moment. It is also + supposed that IP configuration is obtained via DHCP. + + If option is not specified, the default timeout will be 90 + seconds. + + Available options are: + + + + + + password for secured networks (WEP or WPA). + + + + + + type of WEP secret, either for ASCII/HEX key or + for passphrase. + + + + + + interface that will be used for activation. + + + + + + if specified, the created connection will be restricted just for the + BSSID. + + + + + + if specified, the connection will use the name (else NM creates a name + itself). + + + + + + if set to yes, the connection will only be visible + to the user who created it. Otherwise the connection is system-wide, which is + the default. + + + + + + set to yes when connecting for the first time to an + AP not broadcasting its SSID. Otherwise the SSID would not be found and the + connection attempt would fail. + + + + + + + + + wifi + hotspot + ifname + name + SSID + + + + a + bg + + + channel + password + + + + Create a Wi-Fi hotspot. The command creates a hotspot connection profile + according to Wi-Fi device capabilities and activates it on the device. The + hotspot is secured with WPA if device/driver supports that, otherwise WEP is + used. Use connection down or device + disconnect to stop the hotspot. + + Parameters of the hotspot can be influenced by the optional + parameters: + + + + + + what Wi-Fi device is used. + + + + + + name of the created hotspot connection profile. + + + + + + SSID of the hotspot. + + + + + + Wi-Fi band to use. + + + + + + Wi-Fi channel to use. + + + + + + password to use for the created hotspot. If not provided, nmcli will + generate a password. The password is either WPA pre-shared key or WEP + key. + + Note that global option can be used to + print the hotspot password. It is useful especially when the password was + generated. + + + + + + + + + wifi + rescan + ifname + SSID + + + + Request that NetworkManager immediately re-scan for + available access points. NetworkManager scans Wi-Fi networks periodically, but + in some cases it can be useful to start scanning manually (e.g. after resuming + the computer). By using , it is possible to scan for a + specific SSID, which is useful for APs with hidden SSIDs. You can provide + multiple parameters in order to scan more + SSIDs. + + This command does not show the APs, use nmcli device wifi list + for that. + + + + + + lldp + + list + ifname + + + + + Display information about neighboring devices learned through the Link + Layer Discovery Protocol (LLDP). The option can be + used to list neighbors only for a given interface. The protocol must be enabled + in the connection settings. + + + + + + Secret Agent + + + nmcli agent + + secret + polkit + all + + + + Run nmcli as a NetworkManager secret agent, or polkit agent. + + + + + secret + + + Register nmcli as a NetworkManager secret agent and listen for secret + requests. You do usually not need this command, because nmcli can handle + secrets when connecting to networks. However, you may find the command useful + when you use another tool for activating connections and you do not have a + secret agent available (like nm-applet). + + + + + + polkit + + + + Register nmcli as a polkit agent for the user session and listen for + authorization requests. You do not usually need this command, because nmcli can + handle polkit actions related to NetworkManager operations (when run with + ). However, you may find the command useful when you want + to run a simple text based polkit agent and you do not have an agent of a desktop + environment. Note that running this command makes nmcli handle all polkit requests, + not only NetworkManager related ones, because only one polkit agent can run for the + session. + + + + + + all + + + + Runs nmcli as both NetworkManager secret and a polkit agent. + + + + + + + + Environment Variables + + nmcli's behavior is affected by the following + environment variables. + + + + LC_ALL + + If set to a non-empty string value, it overrides the values of all the + other internationalization variables. + + + + + LC_MESSAGES + + Determines the locale to be used for internationalized messages. + + + + + LANG + + Provides a default value for the internationalization variables that are + unset or null. + + + + + + + Internationalization notes + + Be aware that nmcli is localized and that is why the + output depends on your environment. This is important to realize especially + when you parse the output. + + Call nmcli as LC_ALL=C nmcli to + be sure the locale is set to C while executing in a script. + + LC_ALL, LC_MESSAGES, LANG + variables specify the LC_MESSAGES locale category (in that + order), which determines the language that nmcli uses for + messages. The C locale is used if none of these variables are set, and this + locale uses English messages. + + + + Exit Status + + nmcli exits with status 0 if it succeeds, a value + greater than 0 is returned if an error occurs. + + + + 0 + + Success – indicates the operation succeeded. + + + + + 1 + + Unknown or unspecified error. + + + + + 2 + + Invalid user input, wrong nmcli + invocation. + + + + + 3 + + Timeout expired (see option). + + + + + 4 + + Connection activation failed. + + + + + 5 + + Connection deactivation failed. + + + + + 6 + + Disconnecting device failed. + + + + + 7 + + Connection deletion failed. + + + + + 8 + + NetworkManager is not running. + + + + + 9 + + nmcli and NetworkManager + versions mismatch. + + + + + 10 + + Connection, device, or access point does not exist. + + + + + + Examples + + This section presents various examples of nmcli usage. If you want even + more, please refer to + nmcli-examples5 + manual page. + + + + nmcli -t -f RUNNING general + + tells you whether NetworkManager is running or not. + + + + + nmcli -t -f STATE general + + shows the overall status of NetworkManager. + + + + + nmcli radio wifi off + + switches Wi-Fi off. + + + + + nmcli connection show + + lists all connections NetworkManager has. + + + + + nmcli -p -m multiline -f all con show + + shows all configured connections in multi-line mode. + + + + + nmcli connection show --active + + lists all currently active connections. + + + + + nmcli -f name,autoconnect c s + + shows all connection profile names and their auto-connect property. + + + + + nmcli -p connection show "My default em1" + + shows details for "My default em1" connection profile. + + + + + nmcli --show-secrets connection show "My Home WiFi" + + shows details for "My Home WiFi" connection profile with all passwords. + Without option, secrets would not be + displayed. + + + + + nmcli -f active connection show "My default em1" + + shows details for "My default em1" active connection, like IP, DHCP + information, etc. + + + + + nmcli -f profile con s "My wired connection" + + shows static configuration details of the connection profile with "My + wired connection" name. + + + + + nmcli -p con up "My wired connection" ifname eth0 + + activates the connection profile with name "My wired connection" on + interface eth0. The -p option makes nmcli show progress of the + activation. + + + + + nmcli con up 6b028a27-6dc9-4411-9886-e9ad1dd43761 ap 00:3A:98:7C:42:D3 + + connects the Wi-Fi connection with UUID + 6b028a27-6dc9-4411-9886-e9ad1dd43761 to the AP with BSSID + 00:3A:98:7C:42:D3. + + + + + nmcli device status + + shows the status for all devices. + + + + + nmcli dev disconnect em2 + + disconnects a connection on interface em2 and marks the device as + unavailable for auto-connecting. As a result, no connection will automatically + be activated on the device until the device's 'autoconnect' is set to TRUE or + the user manually activates a connection. + + + + + nmcli -f GENERAL,WIFI-PROPERTIES dev show wlan0 + + shows details for wlan0 interface; only GENERAL and WIFI-PROPERTIES + sections will be shown. + + + + + nmcli -f CONNECTIONS device show wlp3s0 + + shows all available connection profiles for your Wi-Fi interface + wlp3s0. + + + + + nmcli dev wifi + + lists available Wi-Fi access points known to NetworkManager. + + + + + nmcli dev wifi con "Cafe Hotspot 1" password caffeine name "My cafe" + + creates a new connection named "My cafe" and then connects it to "Cafe + Hotspot 1" SSID using password "caffeine". This is mainly useful when + connecting to "Cafe Hotspot 1" for the first time. Next time, it is better to + use nmcli con up id "My cafe" so that the + existing connection profile can be used and no additional is created. + + + + + nmcli -s dev wifi hotspot con-name QuickHotspot + + creates a hotspot profile and connects it. Prints the hotspot password + the user should use to connect to the hotspot from other devices. + + + + + nmcli connection add type ethernet autoconnect no ifname eth0 + + non-interactively adds an Ethernet connection tied to eth0 interface with + automatic IP configuration (DHCP), and disables the connection's autoconnect + flag. + + + + + nmcli c a ifname Maxipes-fik type vlan dev eth0 id 55 + + non-interactively adds a VLAN connection with ID 55. The connection will + use eth0 and the VLAN interface will be named Maxipes-fik. + + + + + nmcli c a ifname eth0 type ethernet -- ipv4.method disabled ipv6.method link-local + + non-interactively adds a connection that will use eth0 Ethernet interface + and only have an IPv6 link-local address configured. + + + + + nmcli connection edit ethernet-em1-2 + + edits existing "ethernet-em1-2" connection in the interactive + editor. + + + + + nmcli connection edit type ethernet con-name "yet another Ethernet connection" + + adds a new Ethernet connection in the interactive editor. + + + + + nmcli con mod ethernet-2 connection.autoconnect no + + modifies 'autoconnect' property in the 'connection' setting of + 'ethernet-2' connection. + + + + + nmcli con mod "Home Wi-Fi" wifi.mtu 1350 + + modifies 'mtu' property in the 'wifi' setting of 'Home Wi-Fi' + connection. + + + + + nmcli con mod em1-1 ipv4.method manual ipv4.addr "192.168.1.23/24 192.168.1.1, 10.10.1.5/8, 10.0.0.11" + + sets manual addressing and the addresses in em1-1 profile. + + + + + nmcli con modify ABC +ipv4.dns 8.8.8.8 + + appends a Google public DNS server to DNS servers in ABC profile. + + + + + nmcli con modify ABC -ipv4.addresses "192.168.100.25/24 192.168.1.1" + + removes the specified IP address from (static) profile ABC. + + + + + nmcli con import type openvpn file ~/Downloads/frootvpn.ovpn + + imports an OpenVPN configuration to NetworkManager. + + + + + nmcli con export corp-vpnc /home/joe/corpvpn.conf + + exports NetworkManager VPN profile corp-vpnc as standard Cisco (vpnc) + configuration. + + + + + + Notes + nmcli accepts abbreviations, as long as they are a unique prefix in the set + of possible options. As new options get added, these abbreviations are not guaranteed + to stay unique. For scripting and long term compatibility it is therefore strongly + advised to spell out the full option names. + + + Bugs + There are probably some bugs. If you find a bug, please report it to + https://bugzilla.gnome.org/ — product NetworkManager. + + + See Also + nmcli-examples5, + nm-online1, + NetworkManager8, + NetworkManager.conf5, + nm-settings5, + nm-applet1, + nm-connection-editor1. + + +