How to Configure and Manage Network Connections Using ‘nmcli’ Tool

As a Linux administrator you’ve got various tools to use in order to configure your network connections, such as: nmtui, your NetworkManager with GNOME graphical user interface and of course nmcli (network manager command line tool).

Configure Network Ethernet Connection Using nmcli Tool

Configure Network Ethernet Connection Using nmcli Tool

I have seen many administrators using nmtui for simplicity. However using nmcli saves your time, gives you confidence, can use it in scripts and it’s the first tool to use in order to troubleshoot your Linux server networking and bring back rapidly its functionality.

Seeing many comments asking help about nmcli, I decided to write this article. Of course you should always read carefully man pages (its the No1 help for you). My aim is to save your time and show you some hints.

The syntax of nmcli is:

# nmcli [OPTIONS] OBJECT {COMMAND | help}

Where OBJECT is one of: general, networking, radio, connection, device, agent.

A good starting point would be to check our devices:

# nmcli dev status

DEVICE      TYPE      STATE         CONNECTION 
docker0     bridge    connected     docker0    
virbr0      bridge    connected     virbr0     
enp0s3      ethernet  connected     enp0s3     
virbr0-nic  ethernet  disconnected  --         
lo          loopback  unmanaged     --         

As we can see in the first column is a list of our network devices. We have one network cards with name enp0s3. In your machine you could see other names.

Naming depends on the type of the network card (if it is onboard, pci card , etc). In the last column we see our configuration files which is used by our devices in order to connect to the network.

It is simple to understand that our devices by themselves can do nothing. They need us to make a configuration file to tell them how to achieve network connectivity. We call these files also as “connection profiles”. We find them in /etc/sysconfig/network-scripts directory.

# cd /etc/sysconfig/network-scripts/
# ls
Sample Output
ifcfg-enp0s3  ifdown-isdn      ifup          ifup-plip      ifup-tunnel
ifcfg-lo      ifdown-post      ifup-aliases  ifup-plusb     ifup-wireless
ifdown        ifdown-ppp       ifup-bnep     ifup-post      init.ipv6-global
ifdown-bnep   ifdown-routes    ifup-eth      ifup-ppp       network-functions
ifdown-eth    ifdown-sit       ifup-ib       ifup-routes    network-functions-ipv6
ifdown-ib     ifdown-Team      ifup-ippp     ifup-sit
ifdown-ippp   ifdown-TeamPort  ifup-ipv6     ifup-Team
ifdown-ipv6   ifdown-tunnel    ifup-isdn     ifup-TeamPort

As you can see here the files with name starting with ifcfg- (interface configuration) are connection profiles. When we create a new connection or modify an existing one with nmcli or nmtui, the results are saved here as connection profiles.

Ι ‘ll show you two of them from my machine, one with a dhcp configuration and one with static ip.

# cat ifcfg-static1
# cat ifcfg-Myoffice1
Check Network Configuration

Check Network Configuration

We realize that some properties have different values and some others don’t exist if it isn’t necessary. Let’s have a quick look to most important of them.

  1. TYPE, we have ethernet type here. We could have wifi, team, bond and others.
  2. DEVICE, the name of the network device which is associated with this profile.
  3. BOOTPROTO, if it has value “dhcp” then our connection profile takes dynamic IP from dhcp server, if it has value “none” then it takes no dynamic IP and probably whe assign a static IP.
  4. IPADDR, is the static IP we assign to our profile.
  5. PREFIX, the subnet mask. A value of 24 means 255.255.255.0. You can understand better the subnet mask if you write down its binary format. For example values of 16, 24, 26 means that the first 16, 24 or 26 bits respectively are 1 and the rest 0, defining exactly what the network address is and what is the range of ip which can be assigned.
  6. GATEWAY, the gateway IP.
  7. DNS1, DNS2, two dns servers we want to use.
  8. ONBOOT, if it has value “yes” it means, that on boot our computer will read this profile and try to assign it to its device.

Now, let’s move on and check our connections:

# nmcli con show
Show Active Network Connections

Show Active Network Connections

The last column of devices helps us understand which connection is “UP” and running and which is not. In the above image you can see the two connections which are active: Myoffice1 and enp0s8.

Hint: If you want to see only the active connections, type:

# nmcli con show -a

Hint: You can use the auto-complete hitting Tab when you use nmcli, but is better to use minimal format of the command. Thus, the following commands are equal:

# nmcli connection show
# nmcli con show
# nmcli c s

If I check the ip addresses of my devices:

# ip a
Check Server IP Address

Check Server IP Address

I see that my device enp0s3 took the 192.168.1.6 IP from dhcp server, because the connection profile Myoffice1 which is up has a dhcp configuration. If I bring “up” my connection profile with name static1 then my device will take the static IP 192.168.1.40 as it is defined in the connection profile.

# nmcli con down Myoffice1 ; nmcli con up static1
# nmcli con show

Let’s see the IP address again:

# ip a
Check Network Static IP Address

Check Network Static IP Address

We can make our first connection profile. The minimum properties we must define are type, ifname and con-name:

  1. type – for the type of connection.
  2. ifname – for the device name which is assigned our connection.
  3. con-name – for the connection name.

Let’s make a new ethernet connection with name Myhome1, assigned to device enp0s3:

# nmcli con add type ethernet con-name Myhome1 ifname enp0s3

Check its configuration:

# cat ifcfg-Myhome1
Create New Network Connection

Create New Network Connection

As you can see it has BOOTPROTO=dhcp, because we didn’t give any static ip address.

Hint: We can modify any connection with the “nmcli con mod“ command. However if you modify a dhcp connection and change it to static don’t forget to change its “ipv4.method” from “auto” to “manual”. Otherwise you will end up with two IP addresses: one from dhcp server and the static one.

Let’s make a new Ethernet connection profile with name static2, which will be assigned to device enp0s3, with static IP 192.168.1.50, subnet mask 255.255.255.0=24 and gateway 192.168.1.1.

# nmcli con add type ethernet con-name static2 ifname enp0s3 ip4 192.168.1.50/24 gw4 192.168.1.1

Check its configuration:

# cat ifcfg-static2
Create New Ethernet Connection

Create New Ethernet Connection

Let’s modify the last connection profile and add two dns servers.

# nmcli con mod static2 ipv4.dns “8.8.8.8 8.8.4.4”

Hint: There is something here you must pay attention: the properties for IP address and gateway have different names when you add and when you modify a connection. When you add connections you use “ip4” and “gw4”, while when you modify them you use “ipv4” and “gwv4”.

Now let’s bring up this connection profile:

# nmcli con down static1 ; nmcli con up static2

As you can see, the device enp0s3 has now IP address 192.168.1.50.

# ip a
Verify IP Address of New Network Connection

Verify IP Address of New Network Connection

Hint: There are a lot of properties you can modify. If you don’t remember them by heart you can help yourself by typing “nmcli con show” and after that the connection name:

# nmcli con show static2
Verify IP Address of New Network Connection

Verify IP Address of New Network Connection

You can modify all these properties written in lowercase.

For example: when you bring down a connection profile, the NetworkManager searches for another connection profile and brings it up automatically. (I leave it as exercise to check it). If you don’t want your connection profile to autoconnect:

# nmcli con mod static2 connection.autoconnect no

The last exercise is very usefull: you made a connection profile but you want it to be used by specific users. It’s good to classify your users!

We let only user stella to use this profile:

# nmcli con mod static2 connection.permissions stella

Hint: If you want to give permissions to more than one users, you must type user:user1,user2 without blank space between them:

# nmcli con mod static2 connection.permissions user:stella,john
Allow Network Connections to Users

Allow Network Connections to Users

If you login as another user you can’t bring “up” this connection profile:

# nmcli con show
# nmcli con up static2
# ls /etc/sysconfig/network-scripts
Enable Network Connection

Enable Network Connection

An error message says that connection ‘static2’ does not exist, even if we see that it exists. That’s because current user has no permissions to bring up this connection.

Conclusion: don’t hesitate to use nmcli. It’s easy and helpful.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Ioannis Koustoudis

Ioannis Koustoudis is a LFCS­ Linux sysadmin from Kavala, Greece. He works for the ministry of education and supports almost 200 school units in their infrastructure. If he is not in front of a computer screen, he plays music (he is a multi­-instrumentalist) or take care of his two lovely kids.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

11 Responses

  1. Harish says:

    Hi, I created a profile a profile name static3 by root user account still is showing ‘static3’ does not exist, Please tell me what cloud be the problem?

    • s.m.rehan says:

      You can check all the profiles by (nmcli c s). Check that your static3 connection is showing over there or not else list the path (ls /etc/sysconfg/network-script).

      If you did not find connection/profile here that means it’s not created yet.

      try to make another

  2. matian says:

    Hi,

    Really good article with well explanation, you rock, geek passionate bro..

  3. Kingstan says:

    Hi,

    I have 2 problem.

    1. How to find which ifcfg-anything is up or active?
    2. I have internet connection on my VM but when i fire nmcli con up test1. It throws an error. like “Error: Connection activation failed: No suitable device found for this connection.”

    Assist on this. I can send the screen shot if anyone will to teach me via mail.

    • s.m.rehan says:
      • 1. use (nmcli c s) to all connection it will show all connection up/down both, (nmcli c s -a) will show the only active connection.
      • 2. you need to down the current using connection then try that connection to get up (nmcli con up {connection name}).
  4. Amal says:

    Excellent article..!

  5. shailendra says:

    I have type all command correctly and connection added successfully is also showing. but m checking nmcli connection show device field is showing blank please suggest.

    Thank you.

  6. Mightyme says:

    My current interface eno16780032 has an IP 10.131.206.49
    I want to change to new IP address: 10.131.206.54
    is there a way to change the existing IP address immediately from one command line without creating an alias?

    • Ravi Saive says:

      @Mightyme,

      Yes, you can change the existing IP with new IP using nmcli tool on the fly as shown.

      # nmcli con mod net-eth0 ipv4.addresses "10.131.206.54"
      # nmcli con mod net-eth0 ipv4.method manual
      # nmcli con up net-eth0
      
  7. Shahebaaz Shaikh says:

    Excellent article!
    Thanks for so much clearification.

  8. jace brodsky says:

    typed in ; #sudo nmcli con show
    error came back ; Error: ‘con’ command ‘show’ is not valid.

Leave a Reply to shailendra Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.