Managing network connections on Linux through a terminal window might seem intimidating at first, but I've found nmcli to be one of those tools that becomes second nature once you get comfortable with its syntax.
This powerful command-line tool helps you configure and manage network connections on Linux systems easily and efficiently.
In this detailed, we will learn what nmcli is, its features, and nmcli commands usage with practical examples in Linux.
Table of Contents
What is nmcli?
nmcli stands for NetworkManager Command Line Interface. It lets you:
- View available network interfaces and their status
- Connect to Wi-Fi or wired networks
- Configure static IP addresses
- Enable or disable networking and interfaces
- Manage VPNs and other advanced settings
It’s lightweight, fast, and available on most modern Linux distributions by default.
nmcli is a key part of NetworkManager, which is the standard tool suite for managing networks on Linux.
Think of NetworkManager as the brain that handles all your network connections, from Wi-Fi to Ethernet and even mobile broadband. nmcli gives you direct control over this brain, all from your terminal.
Please note that nmcli is not exclusively used in Red Hat Enterprise Linux (RHEL).
It is a versatile, open-source command-line tool designed for controlling NetworkManager and reporting network status across a wide range of Linux systems
Advantages of nmcli
Many people find nmcli incredibly useful because:
- No Graphical Interface Needed: You can use
nmclito control NetworkManager on servers, "headless" machines (those without screens), or simply from any terminal. You do not need a mouse or a fancy display. - Perfect for Scripts: Indeed,
nmclioffers a special "terse output" format. This format displays only the essential values, making it super easy for computer scripts to read and process network information automatically. - Complete Control: With
nmcli, you can create, display, edit, delete, activate, and deactivate network connections. You can also check and control the status of your network devices.
Understanding nmcli Command Syntax
Every nmcli command follows a simple structure:
nmcli [OPTIONS] OBJECT { COMMAND | help }OPTIONS: These modify how the command works, such as changing the output style.OBJECT: This tellsnmcliwhat you want to manage. Common objects include:general: For overall NetworkManager status.networking: To turn networking on or off.radio: To manage Wi-Fi or mobile broadband radios.connection(orconfor short): For managing saved network profiles.device(ordevfor short): For managing physical or virtual network hardware.
You can often use shorter versions (abbreviations) of the objects and commands. For example, nmcli connection help works the same as nmcli con help.
Essential nmcli Commands with Simple and Practical Examples
Let us explore some common tasks you can perform with nmcli.
1. Checking Your Network's Status
You can quickly get a snapshot of your network's health.
1.1. See NetworkManager's Overall Status
To see if NetworkManager is running and what its general status is, you can use:
nmcli general status # Or the shorter version: nmcli g s
This shows if your system is connected and has full internet access.
Sample Output:
STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN METERED connected full missing enabled missing enabled no (guessed)
For a simpler output suited for scripts, run:
nmcli -t -f STATE general
Output might look like:
Connected
1.2 Check All Network Devices
To list all network devices, whether they are managed by NetworkManager or not, run:
nmcli device status # Or: nmcli d s
This command shows all network interfaces and their current states. You will see devices like ens18 (Ethernet) or lo (loopback), along with their current state (e.g., connected, unmanaged).
Sample Output:
DEVICE TYPE STATE CONNECTION ens18 ethernet connected Wired connection 1 lo loopback connected (externally) lo
1.3. View All Saved Connections
NetworkManager stores connection details in profiles, which act like saved network configurations. You can create multiple profiles for the same interface – perhaps one for DHCP and another for static IP addressing.
To see a list of all your saved network connection profiles, type:
nmcli connection show # Or: nmcli con show
You can see your actual connections (not just devices). This displays their names, unique IDs (UUIDs), types, and which device they are linked to.
Sample Output:
NAME UUID TYPE DEVICE Wired connection 1 2b89e468-7c07-48b0-a59a-5ebae1642386 ethernet ens18 lo 5c293ac3-8bb7-45a9-98d7-cf8d80ea93c4 loopback lo
1.4. Show Only Active Connections
If you only want to see the connections currently in use, add the --active option:
nmcli connection show --active # Or: nmcli con show -a
This helps you quickly identify which profiles are actively managing your network devices.
1.5. Check Wi-Fi Radio Status
To see if your Wi-Fi radio is on or off, use:
nmcli radio wifi
Sample Output:
enabled
You can also turn it on or off with nmcli radio wifi on or nmcli radio wifi off.
2. Managing Network Connections
nmcli makes it easy to set up, change, activate, and remove network connections.
2.1. Create a New Ethernet Connection (Dynamic IP)
For a new Ethernet connection that gets its IP address automatically (DHCP):
nmcli connection add type ethernet con-name wired-connection ifname ens18
This creates a profile named wired-connection for the ens18 interface.
To start using it, activate it:
nmcli connection up wired-connection
You will then see the ens18 device connected to wired-connection.
If you want the connection name (profile name) to contain spaces, you must enclose the name in quotes. Without quotes, the shell will treat the spaces as separate arguments and the command will fail.
nmcli connection add type ethernet con-name "Office LAN Connection" ifname ens18
Once created, you can activate it like this:
nmcli connection up "Office LAN Connection"
And if you need to modify or delete it later, always quote the name.
2.2. Create a New Ethernet Connection (Static IP)
If you need to set a specific (static) IP address, gateway, and DNS servers:
nmcli connection add type ethernet con-name wired-network ifname ens18 ip4 192.168.1.13/24 gw4 192.168.1.101
This sets up a profile named wired-network with a static IPv4 address and gateway.
To add DNS servers to this profile:
nmcli connection modify wired-network ipv4.dns "8.8.8.8 8.8.4.4"
This replaces any existing IPv4 DNS servers.
To add more without replacing, use +ipv4.dns.
2.3. List Available Wi-Fi Networks
Before connecting to a WiFi network, you might want to see what Wi-Fi networks are nearby:
nmcli device wifi list
This command shows SSIDs, signal strength, and security types.
Sample Output:
IN-USE BSSID SSID MODE CHAN RATE SIGNAL BARS SECURITY
* F4:S7:C8:36:N2:46 Ostechnix_jio_4g Infra 6 130 Mbit/s 100 ▂▄▆█ WPA2
N4:Z7:C6:96:B2:2A Ostechnix_jio_5g Infra 36 270 Mbit/s 100 ▂▄▆█ WPA2
9A:04:88:25:62:74 vivo Y39 5G Infra 1 117 Mbit/s 54 ▂▄__ WPA2
D2:78:C9:C5:31:E1 Govindaraju Infra 6 270 Mbit/s 52 ▂▄__ WPA2 2.4. Connect to a Wi-Fi Network
To connect to a Wi-Fi network that requires a password:
nmcli device wifi connect "Your_WiFi_SSID" password "Your_Password"
If it is a hidden network, add hidden yes.
Example 1: For visible networks
nmcli device wifi connect MyWiFi password mysecretpass
Example 2: For hidden networks
nmcli device wifi connect MyHiddenWiFi password mysecretpass hidden yes
2.5. Modify an Existing Connection
You can change various properties of a saved connection. For instance, to change the mtu (Maximum Transmission Unit) for a Wi-Fi connection named MyConnection:
nmcli connection modify MyConnection 802-11-wireless.mtu 1350
NetworkManager refers to 802-11-wireless as the "setting" and mtu as its "property".
2.6. Activate a Connection
To make a saved connection (E.g. MyConnection) active on its assigned device:
nmcli connection up MyConnection
This command connects your device using the chosen profile.
2.7. Deactivate a Connection
To stop a specific connection from being active:
nmcli connection down MyConnection
Note that this command deactivates the connection but the device remains ready to connect. It will try to auto-activate another suitable connection.
2.8. Delete a Connection
If you no longer need a network profile, you can remove it:
nmcli connection delete "Old Profile Name"
Replace "Old Profile Name" with the actual profile name. This deletes the connection profile from NetworkManager.
2.9. Reload Connection Profiles
nmcli connection reload
3. Controlling Network Devices
Beyond connections, you can also manage the devices themselves.
3.1. Disconnect a Device
To disconnect a network device and stop it from automatically connecting again until you tell it to:
nmcli device disconnect ens18
This is different from connection down, as it truly prevents the device from re-connecting on its own.
3.2. Set a Device as Unmanaged
Sometimes, you might want NetworkManager to ignore a device, allowing you to manage it manually (e.g., with a script). To temporarily set a device as unmanaged:
nmcli device set enp18 managed no
This tells NetworkManager to leave enp18 alone.
3.3. Permanently Configure a Device as Unmanaged
For permanent changes, create a configuration file like /etc/NetworkManager/conf.d/99-unmanaged-devices.conf with the following content:
[keyfile] unmanaged-devices=interface-name:enp18
To set multiple devices as unmanaged, separate the entries in the unmanaged-devices parameter with semicolon like below:
[keyfile] unmanaged-devices=interface-name:enp18;interface-name:ens3
Finally, reload the NetworkManager service to take effect the changes:
sudo systemctl reload NetworkManager
You can verify the list of unmanaged devices using command:
nmcli device status
Sample Output:
DEVICE TYPE STATE CONNECTION enp1s0 ethernet unmanaged --
4. Advanced nmcli Commands Usage for Efficiency
nmcli offers useful options to tailor its output to your needs.
4.1. Terse Output (-t)
When writing scripts, you often want only the raw data without extra formatting. The -t option provides exactly that:
nmcli -t device
This makes parsing the output in scripts much simpler.
Sample Output:
ens18:ethernet:connected:Wired connection 1 lo:loopback:connected (externally):lo
4.2. Field Filtering (-f)
You can choose which specific pieces of information (fields) to display. This reduces clutter and helps you focus on what matters:
nmcli -f DEVICE,TYPE device
Sample Output:
DEVICE TYPE ens18 ethernet lo loopback
Combine this with -t for script-friendly, specific data: nmcli -t -f DEVICE,TYPE device.
4.3. Pretty Output (-p)
For human readers, nmcli can make its output neat and aligned with headers. This is great for viewing information directly in the terminal:
nmcli -p device
This makes the information much easier to read at a glance.
Sample Output:
===================== Status of devices ===================== DEVICE TYPE STATE CONNECTION ----------------------------------------------------------------------------------- ens18 ethernet connected Wired connection 1 lo loopback connected (externally) lo
4.4. Interactive Editor
For more complex configurations or if you prefer a guided approach, nmcli has an interactive editor:
nmcli connection edit
It will ask you for the connection type and then lead you through setting various properties.
Valid connection types: 6lowpan, 802-11-olpc-mesh (olpc-mesh), 802-11-wireless (wifi), 802-3-ethernet (ethernet), adsl, bluetooth, bond, bridge, cdma, dummy, generic, gsm, hsr, infiniband, ip-tunnel, ipvlan, loopback, macsec, macvlan, ovs-bridge, ovs-interface, ovs-port, pppoe, team, tun, veth, vlan, vpn, vrf, vxlan, wifi-p2p, wimax, wireguard, wpan, bond-slave, bridge-slave, team-slave
Enter connection type: ethernet
===| nmcli interactive connection editor |===
Adding a new '802-3-ethernet' connection
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, hostname, link, tc, proxy
nmcli>
This is helpful for exploring options and ensuring correct syntax.
You can directly give the connection type (E.g. ethernet, wifi etc) like below:
nmcli connection edit type ethernet
For even more examples and detailed information, consider checking the nmcli manual page.
man nmcli
5. Checking Logs for Troubleshooting
When things break, you can check the logs using command:
nmcli general logging
You'll see the logging level and monitored domains, which can help pinpoint misconfigurations.
6. Setting Connection Permissions with nmcli
nmcli lets you restrict or grant permissions for specific Ethernet (or any) connection profiles. This feature is useful when multiple users share the same system but you want control over who can activate or modify a network profile.
By default, any user with access to NetworkManager can bring a connection up or down. But you can restrict this by assigning connection-specific permissions.
1. Allow a Single User to Manage a Connection
nmcli connection modify MyConnection connection.permissions user:senthil
MyConnection: The name (ID) of your connection profile.connection.permissions: The property to define allowed users.user:john: Grants permission only to usersenthil.
2. Allow Multiple Users
If more than one user should manage the connection, separate usernames with commas (no spaces):
nmcli connection modify MyConnection connection.permissions user:senthil,kumar
This lets both senthil and kumar activate, deactivate, or modify the profile named MyConnection.
3. Remove All Permissions (Make It Global Again)
To remove restrictions and allow all users to manage the connection, clear the property:
nmcli connection modify MyConnection connection.permissions \"\"
4. Testing Permission Restrictions
If a user not listed in connection.permissions (E.g. satheesh) tries to bring up the connection:
nmcli connection up MyConnection
They’ll get a permission denied error, and the profile won’t activate. Because, the current user does not have permission to manage the MyConnection profile.
To resolve this, you have three options:
1. Switch to an allowed user (e.g., su senthil).
2. Add the current user to the profile:
nmcli connection modify MyConnection connection.permissions user:senthil.kumar,satheesh
3. Remove all restrictions:
nmcli connection modify MyConnection connection.permissions ""
7. Quick Reference Commands
Here are the commands I use most frequently:
nmcli device- Show device statusnmcli connection show- List all connectionsnmcli device wifi list- Scan WiFi networksnmcli connection up "name"- Activate connectionnmcli connection down "name"- Deactivate connectionnmcli connection delete "name"- Remove connection profile
nmcli Commands Cheatsheet
Here’s a practical nmcli commands cheatsheet that covers the most essential tasks.
1. General Network Status
| Purpose | Command |
|---|---|
| Show overall status | nmcli general status |
| Show only connection state | nmcli -t -f STATE general |
| Show NetworkManager version | nmcli --version |
2. List and Manage Devices
| Purpose | Command |
|---|---|
| List all network devices | nmcli device status |
| Disconnect a device | nmcli device disconnect eth0 |
| Reconnect a device | nmcli device connect eth0 |
| Scan available Wi-Fi networks | nmcli device wifi list |
3. Managing Connections (Profiles)
| Purpose | Command |
|---|---|
| List all saved connections | nmcli connection show |
| List only active connections | nmcli connection show --active |
| Activate a connection | nmcli connection up my-office |
| Deactivate a connection | nmcli connection down my-office |
| Delete a connection | nmcli connection delete my-office |
4. Connect to Wi-Fi
| Purpose | Command |
|---|---|
| Connect to Wi-Fi using SSID | nmcli device wifi connect MyWiFi password mysecretpass |
| Connect to a hidden network | nmcli device wifi connect HiddenSSID password mysecretpass hidden yes |
5. Create a New Ethernet Connection
| Purpose | Command |
|---|---|
| Add a DHCP-based connection | nmcli connection add type ethernet con-name my-office ifname ens3 |
| Set a static IP | bash\nnmcli connection modify my-office \\\n ipv4.addresses 192.168.1.100/24 \\\n ipv4.gateway 192.168.1.1 \\\n ipv4.dns 8.8.8.8,1.1.1.1 \\\n ipv4.method manual |
| Reactivate the modified connection | nmcli connection up my-office |
6. Quick Abbreviations
| Full Command | Short Form |
|---|---|
nmcli connection show | nmcli con show |
nmcli connection up | nmcli con up |
nmcli device status | nmcli dev |
nmcli general status | nmcli g |
7. Troubleshooting Commands
| Purpose | Command |
|---|---|
| Show NetworkManager logs | nmcli general logging |
| Restart NetworkManager | sudo systemctl restart NetworkManager |
| Reload connection profiles | nmcli connection reload |
Summary
The nmcli is truly a Swiss Army knife for Linux network management. It can handle everything from basic network status checks to complex connection setups for system administrators and power users.
By mastering nmcli commands usage, you can gain precise control over your network in Linux.
Related Read:
- How To Configure Static IP Address In Linux And Unix
- How To Configure Static IP Address In Ubuntu
- How To Assign Multiple IP Addresses To A Single Network Interface Card In Linux
- How To Configure Static And Dynamic IP Address In Arch Linux
- Connect And Disconnect WiFi From Commandline In Linux
- How To Find Default Gateway IP Address In Linux And Unix From Commandline
- How To Find Out The Connected State Of A Network Cable In Linux
- vnStat – Monitor Network Bandwidth In Linux and BSD
- Display Network Information In Linux Using What IP Tool
