nmcli cheat sheet

Home

1 Summary Cheat

  • nmcli dev
  • nmcli dev status

2 Controlling NetworkManager

nmcli is the command-line tool for controlling NetworkManager

  1. nmcli options
    • -p for pretty output
    • -m –mode switch from tabular mode to multiline mode (default is tabular)
    • -s –show-secrets will show passwords in remote connection events
    • -v –version
    • -h –help
    • -f –????
    • -t –????
  2. nmcli object
    • g[eneral] NetworkManager's general status and operations
    • n[etworking] overall networking control
    • r[adio] NetworkManager radio switches
    • c[onnection] NetworkManager's connections
    • d[evice] devices managed by NetworkManager
    • a[gent] NetworkManager secret agent or polkit agent
    • m[onitor] monitor NetworkManager changes

3 nmcli general

  • nmcli general hostname
  • nmcli general hostname this-will-be-my-new-hostname
  • nmcli general logging
  • nmcli -t -f RUNNING general

3.1 used to correct which network connection is the default/active one

vm5 ifcfg-ens3 file was deleted, so I created a new one, but it was out of sync with what was showing on nmcli dev show. Even after a reboot, or a systemctl restart NetworkManager

Running nmcli dev show on my vm4-pyenv, I noticed that I had this: 

GENERAL.DEVICE:                         ens3
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         52:54:00:21:A9:87
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     Wired connection 1
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.111.164/24      #######
IP4.GATEWAY:                            192.168.111.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.111.1, mt = 100
IP4.ROUTE[2]:                           dst = 192.168.111.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]:                             192.168.111.1
IP4.DOMAIN[1]:                          ops335-nat-dhcp

Even though my /etc/sysconfig/network-scripts/ifcfg-ens3 file was as follows: 

HWADDR=52:54:00:21:A9:87
TYPE=Ethernet
DEVICE=ens3
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=ens3
UUID=21d47e65-8523-1a06-af22-6f121086f085
#NM: PREFIX-24
IPADDR=192.168.111.15      ########
GATEWAY=192.168.111.1
DNS1=192.168.111.1
DOMAIN="zintis.ops earth.continents.ops"
IPV6INIT=no
DEVICE=ens3
ONBOOT=yes
NM_CONTROLLED=yes
PREFIX=24
PEERDNS=no

So, where was this 192.168.111.164 configuration coming from ? And how do I change it? I also noticed that the general.connection was named "wired connection 1" Where is that configured and how do I change that? See "renaming a connection" for the answer.

Well for a start I would: sudo systemctl restart NetworkManager and check if fixed.

3.2 nmcli general permissions

zintis@c8host /backup/incremental[1013] $
nmcli general permissions
PERMISSION                                                        VALUE   
org.freedesktop.NetworkManager.enable-disable-network             yes     
org.freedesktop.NetworkManager.enable-disable-wifi                yes     
org.freedesktop.NetworkManager.enable-disable-wwan                yes     
org.freedesktop.NetworkManager.enable-disable-wimax               yes     
org.freedesktop.NetworkManager.sleep-wake                         no      
org.freedesktop.NetworkManager.network-control                    yes     
org.freedesktop.NetworkManager.wifi.share.protected               yes     
org.freedesktop.NetworkManager.wifi.share.open                    yes     
org.freedesktop.NetworkManager.settings.modify.system             yes     
org.freedesktop.NetworkManager.settings.modify.own                yes     
org.freedesktop.NetworkManager.settings.modify.hostname           auth    
org.freedesktop.NetworkManager.settings.modify.global-dns         auth    
org.freedesktop.NetworkManager.reload                             auth    
org.freedesktop.NetworkManager.checkpoint-rollback                auth    
org.freedesktop.NetworkManager.enable-disable-statistics          yes     
org.freedesktop.NetworkManager.enable-disable-connectivity-check  yes     
org.freedesktop.NetworkManager.wifi.scan                          unknown 
zintis@c8host /backup/incremental[1014] $

3.3 nmcli general logging

The logging argument is used to get and change NetworkManager logging level for domains. Without any argument, the current logging level and domains are shown as follows: 

   nmcli general logging
   LEVEL  DOMAINS                                                                                                                                                                                                                       
   INFO   PLATFORM,RFKILL,ETHER,
          WIFI,BT,MB,DHCP4,DHCP6,
nm	  PPP,IP4,IP6,AUTOIP4,DNS,
	  VPN,SHARING,SUPPLICANT,
	  AGENTS,SETTINGS,SUSPEND,
	  CORE,DEVICE,OLPC,INFINIBAND,
	  FIREWALL,ADSL,BOND,
	  VLAN,BRIDGE,TEAM,
	  CONCHECK,DCB,DISPATCH,
	  AUDIT,SYSTEMD,PROXY

To change logging state, provide the level and/or domain parameters using the following syntax:

nmcli general logging [level [log level]] [domains [log domains]] The logging level can be one of the following (listed in order of verbosity):

  • ERR Logs only critical errors
  • WARN logs warnings that might affect operation
  • INFO Logs various informational messages that are useful for trackiong state and ops
  • DEBUG Vebose logging for debugging purposes

4 nmcli networking

nmcli networking off nmcli networking on nmcli networking connectivity check

4.1 Possible states are:

  • none: the host is not connected to any network.
  • portal: the host is behind a captive portal and cannot reach the full Internet.
  • limited: the host is connected to a network, but it has no access to the Internet.
  • full: the host is connected to a network and has full access to the Internet.
  • unknown: the connectivity status cannot be found out.

5 nmcli radio (for wifi radio)

nmcli radio help nmcli radio nmcli radio wifi off

6 nmcli connectio nmcli connection (same as show)

6.1 nmcli connection show

   nmcli connection show  
nmcli connection show --active  
nmcli connection show id esn3
nmcli connection show vnet0   # to see a guest VM's connection (issue from c8host)


nmcli connection add
nmcli connection add type ethernet con-name google ifname ens33
nmcli connection add type ethernet con-name wired ifname ens33

nmcli connection clone         # followed by modify (or edit)

nmcli connection edit
nmcli connection edit type ethernet con-name google

nmcli connection down static
nmcli connection up static
nmcli connection up ens33  (or is it id ens33 ? )    ###### this one?
nmcli connection up filename "/etc/sysconfig/network-scripts/ifcfg-$1"

nmcli connection monitor
(similar to :)
ip monitor link route file my-ip-monitor-output dev ens33

nmcli connection reload    # forces NetworkManager to re-read ifcfg-* files #
nmcli connection delete <name> to remove that ifcfg-file and connection    ##

6.2 nmcli connection modify

   nmcli connection modify google ipv4.dns "8.8.8.8 8.8.4.4"

nmcli connection modify static ipv4.dns "208.67.222.222 208.67.220.220"
nmcli connection modify static ipv4.gateway 192.168.128.1
nmcli connection modify static ipv4.method manual
nmcli connection modify static connection.autoconnect no
nmcli connection modify name ipv4.dns-search continents.earth.ops
nmcli connection modify name ipv4.dns 127.0.0.1


nmcli connection modify seneca-google autoconnect off  # equivalent to ONBOOT=no
nmcli connection modify opendns ipv4.dns "208.67.222.222  208.67.220.220"  

nmcli connection load "/etc/sysconfig/network-scripts/ifcfg-$1" &&      ##?
exec nmcli connection up filename "/etc/sysconfig/network-scripts/ifcfg-$1"

nmcli connection modify ens33 ipv4.addresses 192.168.1.4/24

6.3 Connectio modify to add a permanent route

nmcli connection modify ens33 ipv4.routes "192.168.111.0/24 192.168.111.11 100"

compare this to the ip command: sudo ip route add 192.168.111.0/255.255.255.0 dev ens3 which add a temporary route.

7 nmcli device

nmcli device nmcli device disconnect ens33 # this is ususally better than nmcli conn down ens33

From the nmcli man pages: Be aware that this command deactivates the specified active connection, but the device on which the connection was active, is still ready to connect and will perform auto-activation by looking for a suitable connection that has the 'autoconnect' flag set. Note that the deactivating connection profile is internally blocked from autoconnecting again. Hence it will not autoconnect until reboot or until the user performs an action that unblocks autoconnect, like modifying the profile or explicitly activating it.

In most cases you may want to use device disconnect command instead. 

   nmcli device status
nmcli device show ens33
nmcli device set ens33 autoconnect no
nmcli device set ens33 managed yes

nmcli device connect ens33       # will try to connect ens33
nmcli device disconnect ens33
nmcli device monitor      # prints a line whenever a device's state changes
nmcli device monitor ens33   # above but only for ens33

8 nmcli man page examples (non-exhaustive)

  • nmcli -t -f RUNNING general

tells you whether NetworkManager is running or not.

  • nmcli -t -f STATE general

shows the overall status of NetworkManager.

  • nmcli -p -m multiline -f all con show

shows all configured connections in multi-line mode.

  • nmcli connection show --active

lists all currently active connections.

  • nmcli -f name,autoconnect connection show

shows all connection profile names and their auto-connect property.

  • nmcli -p connection show "My default em1"

shows details for "My default em1" connection profile.

  • nmcli -f active connection show "My default em1"

shows details for "My default em1" active connection, like IP, DHCP information, etc.

  • nmcli -f profile con s "My wired connection"

shows static configuration details of the connection profile with "My wired connection" name.

9 Files used by NetworkManager

9.0.1 /etc/sysconfig/network-scripts directory

The file is ifcfg-eth0 or ifcfg-ens33 (whatever the physical name is) Here are two examples, the first using dhcp, the second using static ip addressing:

ifcfg-eth0 

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=dae548fd-88f6-4250-ad80-deaebde0104a
DEVICE=ens33
ONBOOT=yes

ifcfg-eth0 

TYPE=Ethernet
NM_CONTROLLED=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=172.17.18.19
NETMASK=255.255.255.0
NETWORK=172.17.18.0
BROADCAST=172.17.18.255
GATEWAY=172.17.18.1
DNS1=208.67.220.220
DNS2=208.67.222.222
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=dae548fd-88f6-4250-ad80-deaebde0104a
DEVICE=ens33
ONBOOT=yes

zintis@c8host /etc/sysconfig/network-scripts $ grep ONBOOT ifcfg-* ifcfg-ens33:ONBOOT=yes ifcfg-seneca-k1001:ONBOOT=yes ifcfg-seneca-opendns:ONBOOT=yes ifcfg-static:ONBOOT=no

10 nmcli vs equivalent ifcfg-* configuratios

Use sudo nmcli conn mod ens3 …….

nmcli connection modify ifcfg-* file Outcome
ipv4.method manual BOOTPROTO=none IPv4 address is static
ipv4.method auto BOOTPROTO=dhcp IPv4 settings assigned
    by dhcp protocol
ipv4.address "10.1.1.5/24" IPADDR=10.1.1.5 Set static ip addr
  PREFIX=24 AND subnet mask
ipv4.gateway 10.1.1.1 GATEWAY=10.1.1.1 Set ipv4 gateway
ipv4.dns "8.8.8.8 8.8.4.4" DNS1=8.8.8.8 /etc/resolv.conf is
  DNS2=8.8.4.4 updated
ipv4.dns-search acme.com DOMAIN=acme.com /etc/resolv.conf is
useful   modified to use acme.com
ipv4.ignore-auto-dns true PEERDNS=no Ignore DNS server info
    received from DHCP
connection.autoconnect=yes ONBOOT=yes Active this on boot
connection.id eth0 NAME=eth0 Name of this connection
connection.interface-name DEVICE=eth0 Bind this connection to
eth0   the interface eth0
802-3-ethernet.mac-address HWADDR=00:00:ca:fe:be:ef The connection is bound
00:00:ca:fe::be:ef   to the network using
    this MAC addr
ipv4.never-default no DEFROUTE=yes Never use provided int
    gateway as default gw

For example, I renamed my connection from ens3 to eth0 then back to ens3 here: 

root @australinea ~ [998]$
nmcli dev
DEVICE  TYPE      STATE      CONNECTION 
ens3    ethernet  connected  ens3       

root @australinea ~ [999]$
nmcli conn mod ens3 connection.id eth0
                                  ----

root @australinea ~ [1000]$
nmcli dev
DEVICE  TYPE      STATE      CONNECTION 
ens3    ethernet  connected  eth0       
                             ----


root @australinea ~ [1003]$
nmcli conn mod eth0 connection.id ens3
               ----

root @australinea ~ [1004]$
nmcli dev
DEVICE  TYPE      STATE      CONNECTION 
ens3    ethernet  connected  ens3

11 Example using nmcli to change domain settings:

These three nmcli commands: 

sudo nmcli conn mod ens33 ipv4.dns 127.0.0.1
sudo nmcli conn mod System eth0 ipv4.dns-search "zintis.ops"
sudo nmcli conn mod ens33 ipv4.dns-search zintis.ops
sudo nmcli conn mod ens33 +ipv4.dns-search continents.earth.ops
sudo nmcli conn mod ens33 ipv4.ignore-auto-dns true

Changed my …scripts/ifcfg-ens33 file to have the lines 

DNS1=127.0.0.1
DOMAIN="zintis.ops continents.earth.ops"

Note that hostnamectl (no arguments) will show you whether the hostname is thought of as a vm1.localhost or vm1.zintis.ops. If it is localhost, issue the command: hostnamectl set-hostname vm1 And that seems to fix the problem.

12 Using nmcli show commands:

nmcli -f ip4 device show ens33

This might be why I have to use the FQDN to use my dns server properly. i.e. dig pan gives me something from root servers where dig pan.zintis.ops. gives me the correct (local) address. 

root@c8host /etc [794]$ nmcli -f ip4 device show ens33
IP4.ADDRESS[1]:                         192.168.2.19/24
IP4.GATEWAY:                            192.168.2.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.2.1, mt = 100
IP4.ROUTE[2]:                           dst = 192.168.2.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]:                             192.168.2.1
IP4.DNS[2]:                             207.164.234.129
IP4.DNS[3]:                             127.0.0.1
IP4.DOMAIN[1]:                          home
root@c8host /etc [795]$

alias ip4='nmcli -f ip4 device show'

13 renaming a connection

13.1 tested and confirmed with Centos 8 March 28th.

/sbin/ip link set <olddevicename> name <newdevicename>).

For example: 

/sbin/ip link set eth1 down
/sbin/ip link set eth1 name eth123
/sbin/ip link set eth123 up

Simply changing the name and device of the interface

/etc/sysconfig/network-scripts/ifcfg-eth0

(and renaming the file) will cause the device to be named correctly as long as the hwaddr= field is included in the configuration file. referenced update.

To make the changes survive a reboot in Red Hat Linux, modify the relevant file in /etc/sysconfig/network-scripts Rename the file:

ifcfg_<old_device_name> to ifcfg_<new_device_name>\

and change the DEVICE variable inside to <new_device_name>.

Also, make sure the HWADDR variable is set and is correct. There is no need to touch udev rules, since 60-net.rules is actually there to read the ifcfg configuration files in /etc/sysconfig/network-scripts.

  • nmcli connection up ens3
  • nmcli connection up wired
  • nmcli connection down wired
  • nmcli connection show
  • nmcli connection delete wired
  • nmcli connection delete "Wired connection 1"
  • conn show
  • conn mod ens3 connection.id ens3
  • conn mod ens3 connection.interface-name ens3
  • device wifi list

14 Troubleshooting

14.1 nmcli dev shows state as "unmanaged"

I simply had to say nmcli networking on Something must have turned it off, even after reboots it stayed off. Still, simple fix.

14.2 Home