Clever Geek Handbook

Managing network connections in Linux using the nmcli console utility

Take full advantage of the NetworkManager network management tool from the Linux command line with the nmcli utility.







The nmcli utility directly calls the API to access the NetworkManager functions.



It appeared in 2010 and for many has become an alternative way to configure network interfaces and connections. Although someone is still using ifconfig . Since nmcli is a command line interface (CLI) tool designed for use in terminal windows and scripts, it is ideal for non-GUI system administrators.



Ncmli Command Syntax



In general, the syntax looks like this: 



$ nmcli <options> <section> <action>


  • options are parameters that determine the subtleties of nmcli,
  • section - defines what features of the utility to use,
  • action - allows you to specify what actually needs to be done.


There are 8 sections in total, each of which is associated with a set of commands (actions):



  • Help provides information on ncmcli commands and their use.
  • General returns the NetworkManager status and global configuration.
  • Networking includes commands to query the status of a network connection and enable / disable connections.
  • Radio includes commands to query WiFi connection status and enable / disable connections.
  • Monitor includes commands to monitor NetworkManager activity and monitor changes in the state of network connections.
  • Connection includes commands for managing network interfaces, for adding new connections and removing existing ones.
  • Device is mainly used to change parameters related to devices (for example, interface name) or to connect devices using an existing connection.
  • Secret registers nmcli as the "secret agent" NetworkManager, which listens for secret messages. This section is rarely used, because nmcli works this way when connecting to networks by default.


Simple examples



Before you start, make sure NetworkManager is running and nmcli can talk to it: 



$ nmcli general
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
connected  full          enabled  enabled  enabled  enabled


Often, work begins by looking at all network connection profiles: 



$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE
Wired connection 1  ac3241e4-b424-35d6-aaa7-07498561688d  ethernet  enp0s3
Wired connection 2  2279d917-fa02-390c-8603-3083ec5a1d3e  ethernet  enp0s8
Wired connection 3  52d89737-de92-35ec-b082-8cf2e5ac36e6  ethernet  enp0s9


This command uses the show action for the Connection section.



The test machine is running Ubuntu 20.04. In this case, we found three wired connections: enp0s3, enp0s8, and enp0s9.



Connection management



It is important to understand that in nmcli by the term Connection we mean an entity that contains all the information about the connection. In other words, it is the network configuration. Connection encapsulates all connection-related information, including link layer and IP addressing information. These are Layer 2 and Layer 3 in the OSI networking model.



When you set up networking in Linux, you usually set up connections that will ultimately be bound to network devices, which in turn are the network interfaces installed on the computer. When a device uses a connection, it is considered active or up. If the connection is not in use, then it is inactive or dropped.



Adding network connections



The ncmli utility allows you to quickly add and immediately configure connections. For example, to add Wired connection 2 (with enp0s8), you need to run the following command as superuser: 



$ sudo nmcli connection add type ethernet ifname enp0s8
Connection 'ethernet-enp0s8' (09d26960-25a0-440f-8b20-c684d7adc2f5) successfully added.


In the type option we indicate that this will be an Ethernet connection, and in the ifname (interface name) option we indicate the network interface that we want to use.



Here's what happens after running the command: 



$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE
Wired connection 1  ac3241e4-b424-35d6-aaa7-07498561688d  ethernet  enp0s3
Wired connection 2  2279d917-fa02-390c-8603-3083ec5a1d3e  ethernet  enp0s8
Wired connection 3  52d89737-de92-35ec-b082-8cf2e5ac36e6  ethernet  enp0s9
ethernet-enp0s8     09d26960-25a0-440f-8b20-c684d7adc2f5  ethernet  --


A new connection has been created, ethernet-enp0s8. It was assigned a UUID, the connection type was Ethernet. Let's bring it up with the up command: 



$ nmcli connection up ethernet-enp0s8
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)


Check the list of active connections again: 



$ nmcli connection show --active
NAME                UUID                                  TYPE      DEVICE
Wired connection 1  ac3241e4-b424-35d6-aaa7-07498561688d  ethernet  enp0s3
ethernet-enp0s8     09d26960-25a0-440f-8b20-c684d7adc2f5  ethernet  enp0s8
Wired connection 3  52d89737-de92-35ec-b082-8cf2e5ac36e6  ethernet  enp0s9


Added a new connection ethernet-enp0s8, it is active and uses the enp0s8 network interface.



Setting up connections



The ncmli utility makes it easy to change the parameters of existing connections. For example, you need to change dynamic (DHCP) to static IP address.



Let's say we need to set the IP address to 192.168.4.26. For this we use two commands. The first will directly set the IP address, and the second will switch the method for setting the IP address to manual: 



$ nmcli connection modify ethernet-enp0s8 ipv4.address 192.168.4.26/24
$ nmcli connection modify ethernet-enp0s8 ipv4.method manual


Don't forget to set the subnet mask as well. For our test connection, this is 255.255.255.0, or s / 24 for Classless Routing (CIDR).



For the changes to take effect, you need to deactivate and then activate the connection again: 



$ nmcli connection down ethernet-enp0s8
Connection 'ethernet-enp0s8' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
$ nmcli connection up ethernet-enp0s8
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveC


If you need to install DHCP instead, use auto instead of manual: 



$ nmcli connection modify ethernet-enp0s8 ipv4.method auto


Working with devices



For this we use the Device section.



Checking device status



$ nmcli device status
DEVICE  TYPE      STATE      CONNECTION        
enp0s3  ethernet  connected  Wired connection 1
enp0s8  ethernet  connected  ethernet-enp0s8    
enp0s9  ethernet  connected  Wired connection 3
lo      loopback  unmanaged  --


Requesting device information



To do this, use the show action from the Device section (you must specify the device name). The utility displays a lot of information, often on several pages.

Let's take a look at the enp0s8 interface that our new connection uses. Let's make sure that it uses exactly the same IP address that we set earlier: 



$ nmcli device show enp0s8
GENERAL.DEVICE:                         enp0s8
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         08:00:27:81:16:20
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ethernet-enp0s8
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/6
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.4.26/24
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 192.168.4.0/24, nh = 0.0.0.0, mt = 103
IP6.ADDRESS[1]:                         fe80::6d70:90de:cb83:4491/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 103
IP6.ROUTE[2]:                           dst = ff00::/8, nh = ::, mt = 256, table=255


There is a lot of information. Let's highlight the main thing:



  • Network interface name: enp0s8.
  • Connection type: wired Ethernet connection.
  • We see the MAC address of the device.
  • Specified Maximum transmission unit (MTU) - the maximum size of the useful data unit of one packet that can be transmitted by the protocol without fragmentation.
  • The device is currently connected .
  • The name of the connection the device is using is ethernet-enp0s8.
  • The device uses the same IP address that we set earlier: 192.168.4.26/24.


Other information relates to the default routing and gateway settings for the connection. They are network specific.



Interactive nmcli editor



Nmcli also has a simple interactive editor in which someone might be more comfortable working. To run it, for example for ethernet-enp0s8 connection, use the edit action : 



$ nmcli connection edit ethernet-enp0s8


He also has a little help, which, however, is smaller in size than the console version: 



===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'ethernet-enp0s8'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli>


If you enter the print command and press Enter, nmcli will display all the connection properties: 



===============================================================================
                 Connection profile details (ethernet-enp0s8)
===============================================================================
connection.id:                          ethernet-enp0s8
connection.uuid:                        09d26960-25a0-440f-8b20-c684d7adc2f5
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              enp0s8
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1593967212
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --


For example, to set the DHCP property for a connection, type goto ipv4 and press Enter : 



nmcli> goto ipv4
You may edit the following properties: method, dns, dns-search, 
dns-options, dns-priority, addresses, gateway, routes, route-metric, 
route-table, routing-rules, ignore-auto-routes, ignore-auto-dns, 
dhcp-client-id, dhcp-iaid, dhcp-timeout, dhcp-send-hostname, 
dhcp-hostname, dhcp-fqdn, dhcp-hostname-flags, never-default, may-fail, 
dad-timeout
nmcli ipv4>


Then write set method auto and press Enter : 



nmcli ipv4> set method auto
Do you also want to clear 'ipv4.addresses'? [yes]:


If you want to clear the static IP, press Enter . Otherwise, enter no and press Enter. You can keep it if you think you will need it in the future. But even with a static IP address stored, DHCP will be used if method is set to auto.



Use the save command to save your changes: 



nmcli ipv4> save
Connection 'ethernet-enp0s8' (09d26960-25a0-440f-8b20-c684d7adc2f5) successfully updated.
nmcli ipv4>


Enter quit to exit the nmcli Interactive Editor. If you change your mind about leaving, use the back command.



And that's not all



Open the nmcli Interactive Editor and see how many settings there are and how many properties each setting has. The interactive editor is a great tool, but if you want to use nmcli in one-liners or scripts, you'll need the regular command line version.



Now that you have the basics, check out the nmcli man page to see how else it can help you.





Advertising



Epic Servers are Windows or Linux virtual servers with powerful AMD EPYC processors and very fast Intel NVMe drives. Hurry to order!





More articles:


All Articles