Managing network connections in Linux using the nmcli console utility

Take full advantage of the NetworkManager network management tool from the Linux command line with the nmcli utility.

Utility nmcli accesses the API directly to access NetworkManager functions.

It appeared in 2010 and for many has become an alternative way to configure network interfaces and connections. Although someone still uses ifconfig… Since nmcli is a command line interface (CLI) tool designed for use in terminal windows and scripts, it is ideal for non-GUI sysadmins.

Ncmli Command Syntax

In general, the syntax looks like this:

$ nmcli  

  • options are parameters that determine the subtleties of nmcli,
  • section – defines what features of the utility to use,
  • action – allows you to specify what actually needs to be done.

There are 8 sections in total, each of which is associated with a set of commands (actions):

  • Help provides information on ncmcli commands and their use.
  • General returns NetworkManager status and global configuration.
  • Networking includes commands to query network connection status and enable / disable connections.
  • Radio includes commands to query the status of the WiFi connection and enable / disable connections.
  • Monitor includes commands for monitoring NetworkManager activity and monitoring changes in the state of network connections.
  • Connection includes commands for managing network interfaces, for adding new connections and deleting existing ones.
  • Device mainly used to change device-related parameters (such as interface name) or to connect devices using an existing connection.
  • Secret registers nmcli as a “secret agent” NetworkManager listening for secret messages. This section is rarely used because nmcli works this way when connected to networks by default.

Simple examples

Before getting started, make sure NetworkManager is running and nmcli can talk to it:

$ nmcli general
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
connected  full          enabled  enabled  enabled  enabled

Often, you start by looking at all network connection profiles:

$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE
Wired connection 1  ac3241e4-b424-35d6-aaa7-07498561688d  ethernet  enp0s3
Wired connection 2  2279d917-fa02-390c-8603-3083ec5a1d3e  ethernet  enp0s8
Wired connection 3  52d89737-de92-35ec-b082-8cf2e5ac36e6  ethernet  enp0s9

This command uses act show for the Connection section.

The test machine is running Ubuntu 20.04. In this case, we found three wired connections: enp0s3, enp0s8, and enp0s9.

Connection management

It is important to understand that in nmcli, by the term Connection we mean an entity that contains all the information about the connection. In other words, it is the network configuration. Connection encapsulates all connection-related information, including link layer and IP addressing information. These are Layer 2 and Layer 3 in the OSI networking model.

When you set up a network in Linux, you usually set up connections that will eventually bind to network devices, which in turn are the network interfaces installed on the computer. When a device uses a connection, it is considered active or up. If the connection is not in use, then it is inactive or dropped.

Adding network connections

The ncmli utility allows you to quickly add and immediately configure connections. For example, to add Wired connection 2 (with enp0s8), you need to run the following command as the superuser:

$ sudo nmcli connection add type ethernet ifname enp0s8
Connection 'ethernet-enp0s8' (09d26960-25a0-440f-8b20-c684d7adc2f5) successfully added.

In the type option, we indicate that this will be an Ethernet connection, and in the ifname (interface name) option, we indicate the network interface that we want to use.

Here’s what happens after running the command:

$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE
Wired connection 1  ac3241e4-b424-35d6-aaa7-07498561688d  ethernet  enp0s3
Wired connection 2  2279d917-fa02-390c-8603-3083ec5a1d3e  ethernet  enp0s8
Wired connection 3  52d89737-de92-35ec-b082-8cf2e5ac36e6  ethernet  enp0s9
ethernet-enp0s8     09d26960-25a0-440f-8b20-c684d7adc2f5  ethernet  --  

A new connection has been created, ethernet-enp0s8. It was assigned a UUID, the connection type was Ethernet. Let’s bring it up with the up command:

$ nmcli connection up ethernet-enp0s8
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)

Check the list of active connections again:

$ nmcli connection show --active
NAME                UUID                                  TYPE      DEVICE
Wired connection 1  ac3241e4-b424-35d6-aaa7-07498561688d  ethernet  enp0s3
ethernet-enp0s8     09d26960-25a0-440f-8b20-c684d7adc2f5  ethernet  enp0s8
Wired connection 3  52d89737-de92-35ec-b082-8cf2e5ac36e6  ethernet  enp0s9

Added a new connection ethernet-enp0s8, it is active and uses the enp0s8 network interface.

Setting up connections

The ncmli utility makes it easy to change the parameters of existing connections. For example, you need to change dynamic (DHCP) to static IP address.

Let’s say we need to set the IP address to 192.168.4.26. For this we use two commands. The first will directly set the IP address, and the second will switch the method for setting the IP address to manual:

$ nmcli connection modify ethernet-enp0s8 ipv4.address 192.168.4.26/24
$ nmcli connection modify ethernet-enp0s8 ipv4.method manual

Don’t forget to set the subnet mask as well. For our test connection, this is 255.255.255.0, or s / 24 for Classless Routing (CIDR).

For the changes to take effect, you need to deactivate and then activate the connection again:

$ nmcli connection down ethernet-enp0s8
Connection 'ethernet-enp0s8' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
$ nmcli connection up ethernet-enp0s8
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveC

If you need to install DHCP on the contrary, use auto instead of manual:

$ nmcli connection modify ethernet-enp0s8 ipv4.method auto

Working with devices

For this we use the Device section.

Checking device status

$ nmcli device status
DEVICE  TYPE      STATE      CONNECTION        
enp0s3  ethernet  connected  Wired connection 1
enp0s8  ethernet  connected  ethernet-enp0s8    
enp0s9  ethernet  connected  Wired connection 3
lo      loopback  unmanaged  --  

Requesting device information

To do this, use the show action from the Device section (you must specify the device name). The utility displays a lot of information, often on several pages.
Let’s take a look at the enp0s8 interface that our new connection uses. Let’s make sure that it uses exactly the same IP address that we set earlier:

$ nmcli device show enp0s8
GENERAL.DEVICE:                         enp0s8
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         08:00:27:81:16:20
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ethernet-enp0s8
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/6
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.4.26/24
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 192.168.4.0/24, nh = 0.0.0.0, mt = 103
IP6.ADDRESS[1]:                         fe80::6d70:90de:cb83:4491/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 103
IP6.ROUTE[2]:                           dst = ff00::/8, nh = ::, mt = 256, table=255

There is a lot of information. Let’s highlight the main thing:

  • Network interface name: enp0s8.
  • Connection type: wired Ethernet connection.
  • We see the MAC address of the device.
  • Maximum transmission unit (MTU) specified – the maximum size of the payload of one packet that can be transmitted by the protocol without fragmentation.
  • Device currently connected
  • Connection namewhich the device is using: ethernet-enp0s8.
  • The device uses one IP addresswhich we installed earlier: 192.168.4.26/24.

Other information relates to the default routing and gateway settings for the connection. They are network specific.

Interactive nmcli editor

Nmcli also has a simple interactive editor in which someone may be more comfortable working. To start it for example for ethernet-enp0s8 connection use act edit:

$ nmcli connection edit ethernet-enp0s8

He also has a little help, which, however, is smaller in size than the console version:

===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'ethernet-enp0s8'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [.]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli>

If you enter the print command and press Enter, nmcli will display all the connection properties:

===============================================================================
                 Connection profile details (ethernet-enp0s8)
===============================================================================
connection.id:                          ethernet-enp0s8
connection.uuid:                        09d26960-25a0-440f-8b20-c684d7adc2f5
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              enp0s8
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1593967212
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --

For example, to set the DHCP property for the connection, type goto ipv4 and click Enter:

nmcli> goto ipv4
You may edit the following properties: method, dns, dns-search, 
dns-options, dns-priority, addresses, gateway, routes, route-metric, 
route-table, routing-rules, ignore-auto-routes, ignore-auto-dns, 
dhcp-client-id, dhcp-iaid, dhcp-timeout, dhcp-send-hostname, 
dhcp-hostname, dhcp-fqdn, dhcp-hostname-flags, never-default, may-fail, 
dad-timeout
nmcli ipv4>

Then write set method auto and click Enter:

nmcli ipv4> set method auto
Do you also want to clear 'ipv4.addresses'? [yes]:

If you want to clear the static IP, click Enter… Otherwise, enter no and press Enter. You can keep it if you think you will need it in the future. But even with a static IP address stored, DHCP will be used if method is set to auto.

Use the save command to save your changes:

nmcli ipv4> save
Connection 'ethernet-enp0s8' (09d26960-25a0-440f-8b20-c684d7adc2f5) successfully updated.
nmcli ipv4>

Enter quit to exit the nmcli Interactive Editor. If you change your mind about leaving, use the back command.

And that’s not all

Open the nmcli Interactive Editor and see how many settings there are and how many properties each setting has. The interactive editor is a great tool, but if you want to use nmcli in one-liners or scripts, you’ll need the regular command line version.

Now that you have the basics, check out man page nmcli to see how else it can help you.


Advertising

Epic servers – this is virtual servers on Windows or Linux with powerful AMD EPYC processors and very fast Intel NVMe drives. Hurry to order!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *