How to configure network settings with nmcli - Linux Intermediate Guide

How to Configure Network Settings with nmcli Network configuration is a fundamental aspect of system administration, and the NetworkManager command-line interface (nmcli) provides a powerful and flexible way to manage network connections on Linux systems. This comprehensive guide will walk you through everything you need to know about configuring network settings using nmcli, from basic connection management to advanced networking scenarios. Table of Contents 1. [Introduction](#introduction) 2. [Prerequisites](#prerequisites) 3. [Understanding nmcli Basics](#understanding-nmcli-basics) 4. [Viewing Network Information](#viewing-network-information) 5. [Managing Network Connections](#managing-network-connections) 6. [Configuring Ethernet Connections](#configuring-ethernet-connections) 7. [Managing WiFi Connections](#managing-wifi-connections) 8. [Advanced Network Configuration](#advanced-network-configuration) 9. [Troubleshooting Common Issues](#troubleshooting-common-issues) 10. [Best Practices and Tips](#best-practices-and-tips) 11. [Conclusion](#conclusion) Introduction The NetworkManager command-line interface (nmcli) is a versatile tool that allows system administrators and users to configure and manage network settings without relying on graphical interfaces. Whether you're working on a headless server, automating network configurations, or simply prefer command-line tools, nmcli provides comprehensive functionality for managing network connections, including Ethernet, WiFi, VPNs, and more complex networking scenarios. This guide will equip you with the knowledge to effectively use nmcli for various networking tasks, from simple connection management to advanced configuration scenarios. You'll learn how to create, modify, and troubleshoot network connections while following industry best practices. Prerequisites Before diving into nmcli configuration, ensure you have the following: System Requirements - Linux distribution with NetworkManager installed (most modern distributions include it by default) - Root or sudo privileges for system-wide network changes - Basic understanding of networking concepts (IP addresses, subnets, gateways) - Terminal access to your Linux system Software Dependencies ```bash Verify NetworkManager is installed and running systemctl status NetworkManager Install NetworkManager if not present (Ubuntu/Debian) sudo apt update && sudo apt install network-manager Install NetworkManager (RHEL/CentOS/Fedora) sudo dnf install NetworkManager or sudo yum install NetworkManager ``` Checking nmcli Availability ```bash Verify nmcli is available nmcli --version Expected output example: nmcli tool, version 1.30.6 ``` Understanding nmcli Basics Command Structure The nmcli command follows a hierarchical structure that makes it intuitive to use: ```bash nmcli [OPTIONS] OBJECT { COMMAND | help } ``` Primary Objects nmcli works with several key objects: - general: NetworkManager's general status and operations - networking: Overall networking control - radio: WiFi and WWAN radio switches - connection: Network connection profiles - device: Network devices managed by NetworkManager Common Options ```bash Terse output (machine-readable) nmcli -t Pretty output (human-readable formatting) nmcli -p Show specific fields only nmcli -f FIELD1,FIELD2 Get help for any command nmcli help nmcli connection help ``` Viewing Network Information General Network Status Start by examining your current network configuration: ```bash Display general NetworkManager status nmcli general status Show overall networking state nmcli networking Display all network devices nmcli device status Show detailed device information nmcli device show ``` Connection Information ```bash List all connection profiles nmcli connection show Display active connections only nmcli connection show --active Show detailed information for a specific connection nmcli connection show "connection-name" Display connection details in a specific format nmcli -f NAME,TYPE,DEVICE connection show ``` Device-Specific Information ```bash Show detailed information for a specific device nmcli device show eth0 Display WiFi access points nmcli device wifi list Show device statistics nmcli device show eth0 | grep -E "(GENERAL.STATE|IP4|IP6)" ``` Managing Network Connections Creating New Connections Basic Ethernet Connection with DHCP ```bash Create a new Ethernet connection with DHCP nmcli connection add \ type ethernet \ con-name "my-ethernet" \ ifname eth0 Activate the connection nmcli connection up "my-ethernet" ``` Static IP Configuration ```bash Create Ethernet connection with static IP nmcli connection add \ type ethernet \ con-name "static-ethernet" \ ifname eth0 \ ip4 192.168.1.100/24 \ gw4 192.168.1.1 Add DNS servers nmcli connection modify "static-ethernet" \ ipv4.dns "8.8.8.8,8.8.4.4" Set manual IP method nmcli connection modify "static-ethernet" \ ipv4.method manual Activate the connection nmcli connection up "static-ethernet" ``` Modifying Existing Connections ```bash Change IP address of existing connection nmcli connection modify "my-connection" \ ipv4.addresses 192.168.1.150/24 Add additional IP address nmcli connection modify "my-connection" \ +ipv4.addresses 192.168.1.151/24 Change DNS servers nmcli connection modify "my-connection" \ ipv4.dns "1.1.1.1,1.0.0.1" Add additional DNS server nmcli connection modify "my-connection" \ +ipv4.dns "9.9.9.9" Modify connection to use DHCP nmcli connection modify "my-connection" \ ipv4.method auto ``` Connection Management Operations ```bash Activate a connection nmcli connection up "connection-name" Deactivate a connection nmcli connection down "connection-name" Delete a connection profile nmcli connection delete "connection-name" Reload connection profiles nmcli connection reload Clone an existing connection nmcli connection clone "original-connection" "new-connection" ``` Configuring Ethernet Connections Advanced Ethernet Configuration Multiple IP Addresses ```bash Create connection with multiple IP addresses nmcli connection add \ type ethernet \ con-name "multi-ip-ethernet" \ ifname eth0 \ ip4 "192.168.1.100/24,192.168.1.101/24" \ gw4 192.168.1.1 Add IP addresses to existing connection nmcli connection modify "existing-connection" \ +ipv4.addresses "192.168.1.102/24" ``` Custom MTU and Other Parameters ```bash Set custom MTU nmcli connection modify "my-connection" \ ethernet.mtu 9000 Configure connection to start automatically nmcli connection modify "my-connection" \ connection.autoconnect yes Set connection priority nmcli connection modify "my-connection" \ connection.autoconnect-priority 10 ``` VLAN Configuration ```bash Create VLAN interface nmcli connection add \ type vlan \ con-name "vlan100" \ dev eth0 \ id 100 \ ip4 192.168.100.10/24 \ gw4 192.168.100.1 Activate VLAN connection nmcli connection up "vlan100" ``` Bridge Configuration ```bash Create bridge interface nmcli connection add \ type bridge \ con-name "br0" \ ifname br0 \ ip4 192.168.1.200/24 \ gw4 192.168.1.1 Add slave interface to bridge nmcli connection add \ type bridge-slave \ con-name "bridge-slave-eth0" \ ifname eth0 \ master br0 Activate bridge nmcli connection up "br0" ``` Managing WiFi Connections WiFi Network Discovery and Connection ```bash Enable WiFi radio nmcli radio wifi on Scan for available networks nmcli device wifi rescan List available WiFi networks nmcli device wifi list Connect to WiFi network nmcli device wifi connect "SSID" password "password" Connect to hidden network nmcli device wifi connect "Hidden-SSID" password "password" hidden yes ``` Creating WiFi Connection Profiles ```bash Create WiFi connection profile nmcli connection add \ type wifi \ con-name "my-wifi" \ ifname wlan0 \ ssid "My-Network" \ wifi-sec.key-mgmt wpa-psk \ wifi-sec.psk "network-password" Create WiFi connection with static IP nmcli connection add \ type wifi \ con-name "office-wifi" \ ifname wlan0 \ ssid "Office-Network" \ wifi-sec.key-mgmt wpa-psk \ wifi-sec.psk "office-password" \ ip4 192.168.10.50/24 \ gw4 192.168.10.1 \ ipv4.method manual ``` Enterprise WiFi (WPA-Enterprise) ```bash Configure WPA-Enterprise connection nmcli connection add \ type wifi \ con-name "enterprise-wifi" \ ifname wlan0 \ ssid "Corporate-Network" \ wifi-sec.key-mgmt wpa-eap \ 802-1x.eap peap \ 802-1x.phase2-auth mschapv2 \ 802-1x.identity "username" \ 802-1x.password "password" ``` WiFi Hotspot Creation ```bash Create WiFi hotspot nmcli device wifi hotspot \ ifname wlan0 \ con-name "my-hotspot" \ ssid "MyHotspot" \ password "hotspot-password" Configure hotspot with specific settings nmcli connection add \ type wifi \ con-name "custom-hotspot" \ ifname wlan0 \ ssid "CustomHotspot" \ mode ap \ wifi-sec.key-mgmt wpa-psk \ wifi-sec.psk "secure-password" \ ip4 192.168.4.1/24 \ ipv4.method shared ``` Advanced Network Configuration IPv6 Configuration ```bash Configure IPv6 static address nmcli connection modify "my-connection" \ ipv6.addresses "2001:db8::100/64" \ ipv6.gateway "2001:db8::1" \ ipv6.method manual Enable IPv6 auto-configuration nmcli connection modify "my-connection" \ ipv6.method auto Disable IPv6 nmcli connection modify "my-connection" \ ipv6.method ignore ``` Bonding Configuration ```bash Create bonding interface nmcli connection add \ type bond \ con-name "bond0" \ ifname bond0 \ bond.options "mode=active-backup,miimon=100" \ ip4 192.168.1.100/24 \ gw4 192.168.1.1 Add slave interfaces to bond nmcli connection add \ type bond-slave \ con-name "bond-slave-eth0" \ ifname eth0 \ master bond0 nmcli connection add \ type bond-slave \ con-name "bond-slave-eth1" \ ifname eth1 \ master bond0 Activate bonding nmcli connection up "bond0" ``` Team Configuration ```bash Create team interface nmcli connection add \ type team \ con-name "team0" \ ifname team0 \ config '{"runner": {"name": "activebackup"}}' \ ip4 192.168.1.100/24 \ gw4 192.168.1.1 Add team slaves nmcli connection add \ type team-slave \ con-name "team-slave-eth0" \ ifname eth0 \ master team0 nmcli connection add \ type team-slave \ con-name "team-slave-eth1" \ ifname eth1 \ master team0 ``` Routing Configuration ```bash Add static route nmcli connection modify "my-connection" \ +ipv4.routes "10.0.0.0/8 192.168.1.254" Add multiple routes nmcli connection modify "my-connection" \ +ipv4.routes "172.16.0.0/12 192.168.1.254" \ +ipv4.routes "192.168.100.0/24 192.168.1.253" Remove route nmcli connection modify "my-connection" \ -ipv4.routes "10.0.0.0/8 192.168.1.254" ``` Troubleshooting Common Issues Connection Issues Connection Won't Activate ```bash Check connection details for errors nmcli connection show "problematic-connection" Check device status nmcli device status Try to activate with verbose output nmcli --ask connection up "problematic-connection" Check NetworkManager logs journalctl -u NetworkManager -f ``` IP Address Not Assigned ```bash Verify DHCP configuration nmcli connection show "connection-name" | grep ipv4.method Check if device is properly connected nmcli device show eth0 | grep GENERAL.STATE Restart NetworkManager if necessary sudo systemctl restart NetworkManager Release and renew DHCP lease nmcli connection down "connection-name" nmcli connection up "connection-name" ``` WiFi Connection Problems ```bash Check WiFi radio status nmcli radio wifi Enable WiFi if disabled nmcli radio wifi on Check for interference or weak signal nmcli device wifi list Delete and recreate problematic WiFi connection nmcli connection delete "wifi-connection" nmcli device wifi connect "SSID" password "password" Check WiFi security settings nmcli connection show "wifi-connection" | grep 802-11-wireless-security ``` DNS Resolution Issues ```bash Check DNS configuration nmcli connection show "connection-name" | grep ipv4.dns Test DNS resolution nslookup google.com dig google.com Temporarily change DNS servers nmcli connection modify "connection-name" \ ipv4.dns "8.8.8.8,8.8.4.4" nmcli connection up "connection-name" Check systemd-resolved status (if applicable) systemctl status systemd-resolved ``` Performance Issues ```bash Check interface statistics nmcli device show eth0 | grep -E "(RX|TX)" Monitor real-time statistics watch -n 1 'nmcli device show eth0 | grep -E "(RX|TX)"' Check MTU settings nmcli connection show "connection-name" | grep mtu Adjust MTU if necessary nmcli connection modify "connection-name" ethernet.mtu 1500 ``` Configuration File Issues ```bash Check connection configuration files ls -la /etc/NetworkManager/system-connections/ Validate connection file syntax nmcli connection reload Import connection from file nmcli connection import type openvpn file /path/to/config.ovpn Export connection to file nmcli connection export "connection-name" ``` Best Practices and Tips Security Considerations 1. Use Strong Passwords: Always use strong, unique passwords for WiFi connections ```bash Generate strong password openssl rand -base64 32 ``` 2. Limit Connection Permissions: Restrict connection access to specific users ```bash nmcli connection modify "sensitive-connection" \ connection.permissions "user:username" ``` 3. Disable Unused Interfaces: Turn off radio interfaces when not needed ```bash nmcli radio wifi off nmcli radio wwan off ``` Performance Optimization 1. Optimize Connection Priorities: Set appropriate autoconnect priorities ```bash nmcli connection modify "primary-connection" \ connection.autoconnect-priority 100 nmcli connection modify "backup-connection" \ connection.autoconnect-priority 50 ``` 2. Configure Appropriate MTU: Set optimal MTU for your network ```bash Test optimal MTU ping -M do -s 1472 gateway-ip Set MTU based on test results nmcli connection modify "connection-name" ethernet.mtu 1500 ``` 3. Use Connection Profiles: Create specific profiles for different environments ```bash Work profile nmcli connection add type ethernet con-name "work-profile" \ ifname eth0 ip4 192.168.1.100/24 gw4 192.168.1.1 Home profile nmcli connection add type ethernet con-name "home-profile" \ ifname eth0 ip4 192.168.0.100/24 gw4 192.168.0.1 ``` Automation and Scripting 1. Use Machine-Readable Output: Employ terse mode for scripts ```bash #!/bin/bash Get connection status in script-friendly format STATUS=$(nmcli -t -f GENERAL.STATE device show eth0) if [[ "$STATUS" == "connected" ]]; then echo "Interface is connected" fi ``` 2. Error Handling: Always check command exit codes ```bash #!/bin/bash if nmcli connection up "my-connection"; then echo "Connection activated successfully" else echo "Failed to activate connection" exit 1 fi ``` 3. Configuration Backup: Regular backup of network configurations ```bash #!/bin/bash Backup all connection profiles mkdir -p /backup/network-configs/$(date +%Y%m%d) cp /etc/NetworkManager/system-connections/* \ /backup/network-configs/$(date +%Y%m%d)/ ``` Monitoring and Maintenance 1. Regular Health Checks: Monitor network connectivity ```bash #!/bin/bash Simple connectivity check if ! ping -c 1 8.8.8.8 &>/dev/null; then echo "Network connectivity issue detected" nmcli connection down "current-connection" nmcli connection up "backup-connection" fi ``` 2. Log Monitoring: Keep track of NetworkManager logs ```bash Monitor NetworkManager logs in real-time journalctl -u NetworkManager -f Check for specific error patterns journalctl -u NetworkManager | grep -i error ``` 3. Connection Cleanup: Regularly clean up unused connections ```bash List all connections and their usage nmcli -f NAME,DEVICE,STATE connection show Remove unused connections nmcli connection delete "unused-connection" ``` Documentation and Version Control 1. Document Network Changes: Maintain change logs ```bash Create network configuration documentation cat > /etc/network-documentation.txt << EOF Network Configuration Changes Date: $(date) Connection: my-connection Changes: Updated IP from 192.168.1.100 to 192.168.1.150 Reason: IP conflict resolution EOF ``` 2. Version Control: Track configuration changes ```bash Initialize git repository for network configs cd /etc/NetworkManager/system-connections git init git add . git commit -m "Initial network configuration" ``` Conclusion The nmcli tool provides comprehensive network management capabilities that make it an essential utility for Linux system administrators and power users. Throughout this guide, we've covered everything from basic connection management to advanced networking scenarios, including Ethernet configuration, WiFi management, VLANs, bonding, and troubleshooting techniques. Key Takeaways 1. Versatility: nmcli handles virtually all network configuration tasks through a consistent command-line interface 2. Automation-Friendly: The tool's scriptable nature makes it perfect for automated deployments and configuration management 3. Comprehensive Coverage: From simple DHCP connections to complex bonding and VLAN configurations, nmcli covers all scenarios 4. Troubleshooting Power: Built-in diagnostic capabilities help identify and resolve network issues quickly Next Steps To further enhance your network management skills: 1. Explore NetworkManager Dispatcher Scripts: Learn to automate actions based on network events 2. Study Advanced VPN Configuration: Dive deeper into OpenVPN and other VPN technologies with nmcli 3. Practice Network Automation: Integrate nmcli commands into larger infrastructure automation workflows 4. Monitor Performance: Implement comprehensive network monitoring using nmcli in combination with other tools Additional Resources - NetworkManager official documentation - Linux networking fundamentals - Network security best practices - Infrastructure as Code tools integration By mastering nmcli, you've gained a powerful tool that will serve you well in managing network configurations across various Linux environments. Whether you're working on a single server or managing a large infrastructure, the principles and techniques covered in this guide will help you maintain reliable, secure, and well-configured network connections. Remember to always test configuration changes in non-production environments first, maintain proper documentation of your network configurations, and follow security best practices to ensure your network infrastructure remains robust and secure.