How to manage NetworkManager → nmcli device|connection .. - Networking & Diagnostics Guide

How to Manage NetworkManager with nmcli: Complete Guide to Device and Connection Management Table of Contents 1. [Introduction](#introduction) 2. [Prerequisites](#prerequisites) 3. [Understanding NetworkManager Architecture](#understanding-networkmanager-architecture) 4. [Basic nmcli Syntax and Structure](#basic-nmcli-syntax-and-structure) 5. [Managing Network Devices](#managing-network-devices) 6. [Managing Network Connections](#managing-network-connections) 7. [Advanced Configuration Examples](#advanced-configuration-examples) 8. [Troubleshooting Common Issues](#troubleshooting-common-issues) 9. [Best Practices and Professional Tips](#best-practices-and-professional-tips) 10. [Conclusion](#conclusion) Introduction NetworkManager is the default network management service on most modern Linux distributions, providing a robust framework for handling network connectivity. The `nmcli` (NetworkManager Command Line Interface) tool serves as the primary command-line interface for managing network devices and connections, offering administrators and users powerful capabilities for network configuration without requiring a graphical interface. This comprehensive guide will teach you how to effectively use `nmcli` to manage network devices and connections, covering everything from basic operations to advanced configurations. Whether you're a system administrator managing servers, a developer working with containers, or a Linux enthusiast wanting to understand network management better, this article provides the knowledge you need to master NetworkManager's command-line interface. By the end of this guide, you'll understand how to view network status, configure network interfaces, create and modify connections, troubleshoot network issues, and implement best practices for network management using nmcli. Prerequisites Before diving into nmcli management, ensure you have the following: System Requirements - Linux distribution with NetworkManager installed (Ubuntu 16.04+, CentOS 7+, Fedora 20+, etc.) - NetworkManager service running and enabled - Administrative privileges (sudo access) for most configuration changes - Basic understanding of networking concepts (IP addresses, subnets, gateways) Verifying NetworkManager Installation Check if NetworkManager is installed and running: ```bash Check NetworkManager service status systemctl status NetworkManager Verify nmcli is available which nmcli nmcli --version ``` Required Permissions Most nmcli operations require root privileges or membership in the `netdev` group: ```bash Add user to netdev group (if available) sudo usermod -a -G netdev $USER Or use sudo for individual commands sudo nmcli device status ``` Understanding NetworkManager Architecture Key Concepts Before using nmcli effectively, it's crucial to understand NetworkManager's core concepts: Devices: Physical or virtual network interfaces (eth0, wlan0, enp3s0, etc.) Connections: Configuration profiles that can be applied to devices Profiles: Stored connection configurations with specific settings States: Current operational status of devices and connections The Device vs Connection Distinction This distinction is fundamental to understanding nmcli: - Devices are the actual network hardware or virtual interfaces - Connections are configuration profiles that define how devices should behave - Multiple connections can exist for a single device - Only one connection can be active on a device at a time Basic nmcli Syntax and Structure Command Structure The nmcli command follows this general pattern: ```bash nmcli [OPTIONS] OBJECT { COMMAND | help } ``` Where: - `OPTIONS`: Global options like `-t` (terse), `-f` (fields), `-c` (colors) - `OBJECT`: Primary objects like `device`, `connection`, `general`, `networking` - `COMMAND`: Specific actions like `show`, `status`, `up`, `down`, `add`, `modify` Common Global Options ```bash Terse output (machine-readable) nmcli -t device status Show specific fields only nmcli -f NAME,TYPE,STATE device status Disable color output nmcli -c no device status Pretty output (default) nmcli -p device status ``` Getting Help nmcli provides comprehensive help at multiple levels: ```bash General help nmcli help Object-specific help nmcli device help nmcli connection help Command-specific help nmcli device show help nmcli connection add help ``` Managing Network Devices Viewing Device Information Basic Device Status ```bash Show all devices and their status nmcli device status Show detailed information for all devices nmcli device show Show information for a specific device nmcli device show eth0 ``` Example output: ``` DEVICE TYPE STATE CONNECTION eth0 ethernet connected Wired connection 1 wlan0 wifi disconnected -- lo loopback unmanaged -- ``` Detailed Device Information ```bash Comprehensive device details nmcli device show eth0 Show specific properties nmcli -f DEVICE,TYPE,STATE,IP4.ADDRESS device show ``` Device State Management Connecting and Disconnecting Devices ```bash Connect a device (activates the best available connection) nmcli device connect eth0 Disconnect a device nmcli device disconnect eth0 Reconnect a device nmcli device reapply eth0 ``` Managing Device States ```bash Set device to managed state nmcli device set eth0 managed yes Set device to unmanaged state (NetworkManager ignores it) nmcli device set eth0 managed no Check if device is managed nmcli device show eth0 | grep GENERAL.STATE ``` WiFi Device Management Scanning and Connecting to WiFi ```bash List available WiFi networks nmcli device wifi list Rescan for WiFi networks nmcli device wifi rescan Connect to a WiFi network nmcli device wifi connect "SSID_NAME" password "password" Connect with specific interface nmcli device wifi connect "SSID_NAME" password "password" ifname wlan0 ``` WiFi Hotspot Creation ```bash Create a WiFi hotspot nmcli device wifi hotspot ifname wlan0 ssid "MyHotspot" password "mypassword" Create hotspot with specific band nmcli device wifi hotspot ifname wlan0 ssid "MyHotspot" band bg password "mypassword" ``` Managing Network Connections Viewing Connection Information Listing Connections ```bash Show all connections nmcli connection show Show only active connections nmcli connection show --active Show specific connection details nmcli connection show "connection-name" ``` Connection Status Information ```bash Show connection with specific fields nmcli -f NAME,TYPE,DEVICE connection show Show connection statistics nmcli connection show "connection-name" | grep -i stats ``` Creating New Connections Ethernet Connection ```bash Create basic ethernet connection nmcli connection add type ethernet con-name "my-ethernet" ifname eth0 Create ethernet connection with static IP nmcli connection add type ethernet con-name "static-eth" ifname eth0 \ ip4 192.168.1.100/24 gw4 192.168.1.1 Create ethernet connection with DNS nmcli connection add type ethernet con-name "custom-eth" ifname eth0 \ ip4 192.168.1.100/24 gw4 192.168.1.1 \ ipv4.dns "8.8.8.8,8.8.4.4" ``` WiFi Connection ```bash Create WiFi connection with WPA2 nmcli connection add type wifi con-name "my-wifi" ifname wlan0 \ ssid "NetworkName" wifi-sec.key-mgmt wpa-psk \ wifi-sec.psk "password" Create WiFi connection with static IP nmcli connection add type wifi con-name "wifi-static" ifname wlan0 \ ssid "NetworkName" wifi-sec.key-mgmt wpa-psk \ wifi-sec.psk "password" \ ip4 192.168.1.50/24 gw4 192.168.1.1 ``` Bridge Connection ```bash Create bridge interface nmcli connection add type bridge con-name "br0" ifname br0 Add ethernet interface to bridge nmcli connection add type ethernet slave-type bridge \ con-name "bridge-slave-eth0" ifname eth0 master br0 ``` Modifying Existing Connections Changing IP Configuration ```bash Change to static IP nmcli connection modify "connection-name" \ ipv4.method manual \ ipv4.addresses 192.168.1.100/24 \ ipv4.gateway 192.168.1.1 Change to DHCP nmcli connection modify "connection-name" ipv4.method auto Add additional IP address nmcli connection modify "connection-name" \ +ipv4.addresses 192.168.1.101/24 ``` Modifying DNS Settings ```bash Set DNS servers nmcli connection modify "connection-name" \ ipv4.dns "8.8.8.8,8.8.4.4" Add additional DNS server nmcli connection modify "connection-name" \ +ipv4.dns "1.1.1.1" Ignore auto DNS nmcli connection modify "connection-name" \ ipv4.ignore-auto-dns yes ``` Changing Connection Priority ```bash Set connection priority (higher number = higher priority) nmcli connection modify "connection-name" connection.autoconnect-priority 10 Enable/disable autoconnect nmcli connection modify "connection-name" connection.autoconnect yes ``` Connection State Management Activating and Deactivating Connections ```bash Activate a connection nmcli connection up "connection-name" Activate connection on specific device nmcli connection up "connection-name" ifname eth0 Deactivate connection nmcli connection down "connection-name" ``` Reloading and Reapplying Connections ```bash Reload all connection files nmcli connection reload Reload specific connection nmcli connection reload "connection-name" Reapply connection settings nmcli connection reapply "connection-name" ``` Deleting Connections ```bash Delete a connection nmcli connection delete "connection-name" Delete connection by UUID nmcli connection delete uuid "connection-uuid" ``` Advanced Configuration Examples VLAN Configuration ```bash Create VLAN interface nmcli connection add type vlan con-name "vlan100" \ ifname eth0.100 vlan.parent eth0 vlan.id 100 \ ip4 192.168.100.10/24 Create VLAN with specific naming nmcli connection add type vlan con-name "production-vlan" \ ifname vlan-prod vlan.parent eth0 vlan.id 200 \ ip4 10.0.200.10/24 gw4 10.0.200.1 ``` Bonding Configuration ```bash Create bond interface nmcli connection add type bond con-name "bond0" \ ifname bond0 bond.options "mode=active-backup,miimon=100" Add slaves to bond nmcli connection add type ethernet slave-type bond \ con-name "bond0-slave1" ifname eth0 master bond0 nmcli connection add type ethernet slave-type bond \ con-name "bond0-slave2" ifname eth1 master bond0 Configure IP on bond nmcli connection modify bond0 \ ipv4.method manual \ ipv4.addresses 192.168.1.100/24 \ ipv4.gateway 192.168.1.1 ``` Team Configuration ```bash Create team interface nmcli connection add type team con-name "team0" ifname team0 \ team.config '{"runner": {"name": "activebackup"}}' Add team ports nmcli connection add type ethernet slave-type team \ con-name "team0-port1" ifname eth0 master team0 nmcli connection add type ethernet slave-type team \ con-name "team0-port2" ifname eth1 master team0 ``` IPv6 Configuration ```bash Configure static IPv6 nmcli connection modify "connection-name" \ ipv6.method manual \ ipv6.addresses 2001:db8::1/64 \ ipv6.gateway 2001:db8::1 Enable IPv6 privacy extensions nmcli connection modify "connection-name" \ ipv6.ip6-privacy 2 Configure IPv6 DNS nmcli connection modify "connection-name" \ ipv6.dns "2001:4860:4860::8888,2001:4860:4860::8844" ``` Troubleshooting Common Issues Diagnostic Commands Network Status Overview ```bash General network status nmcli general status Check NetworkManager permissions nmcli general permissions View NetworkManager logs journalctl -u NetworkManager -f ``` Connection Troubleshooting ```bash Show connection details with all properties nmcli -f all connection show "connection-name" Check device capabilities nmcli device show eth0 | grep -i cap Monitor connection changes nmcli monitor ``` Common Issues and Solutions Issue 1: Device Not Managed Problem: Device shows as "unmanaged" Solution: ```bash Check if device is managed nmcli device show eth0 | grep GENERAL.STATE Set device to managed nmcli device set eth0 managed yes Check NetworkManager configuration sudo cat /etc/NetworkManager/NetworkManager.conf ``` Issue 2: Connection Fails to Activate Problem: Connection exists but won't activate Diagnosis: ```bash Check connection status nmcli connection show "connection-name" Try to activate with verbose output nmcli connection up "connection-name" --verbose Check for conflicts nmcli connection show --active ``` Solution: ```bash Delete and recreate connection nmcli connection delete "connection-name" nmcli connection add type ethernet con-name "new-connection" ifname eth0 Or modify existing connection nmcli connection modify "connection-name" connection.autoconnect yes ``` Issue 3: DNS Resolution Problems Problem: Network connected but DNS not working Diagnosis: ```bash Check DNS configuration nmcli device show eth0 | grep DNS Test DNS resolution nslookup google.com dig @8.8.8.8 google.com ``` Solution: ```bash Set custom DNS nmcli connection modify "connection-name" \ ipv4.dns "8.8.8.8,8.8.4.4" \ ipv4.ignore-auto-dns yes Restart connection nmcli connection down "connection-name" nmcli connection up "connection-name" ``` Issue 4: WiFi Connection Problems Problem: Cannot connect to WiFi network Diagnosis: ```bash Check WiFi device status nmcli device show wlan0 Scan for networks nmcli device wifi list Check WiFi regulatory domain iw reg get ``` Solution: ```bash Reset WiFi device nmcli device disconnect wlan0 nmcli device connect wlan0 Delete and recreate WiFi connection nmcli connection delete "wifi-connection" nmcli device wifi connect "SSID" password "password" ``` Performance Troubleshooting Network Speed Issues ```bash Check interface statistics nmcli device show eth0 | grep -E "(SPEED|DUPLEX)" Monitor network traffic nmcli connection show --active | grep -E "(RX|TX)" Check for errors cat /proc/net/dev | grep eth0 ``` Connection Stability Issues ```bash Monitor connection events nmcli monitor connection Check for frequent disconnections journalctl -u NetworkManager | grep -i disconnect Verify hardware status ethtool eth0 ``` Best Practices and Professional Tips Configuration Management Version Control for Network Configs ```bash Backup network configurations sudo cp -r /etc/NetworkManager/system-connections/ ~/network-backup/ Export connection to file nmcli connection clone "original-connection" "backup-connection" ``` Standardized Naming Conventions ```bash Use descriptive connection names nmcli connection add type ethernet con-name "srv-eth-primary" ifname eth0 nmcli connection add type wifi con-name "office-wifi-main" ifname wlan0 Include environment in names nmcli connection add type ethernet con-name "prod-db-eth0" ifname eth0 ``` Security Best Practices WiFi Security ```bash Always use WPA3 when available nmcli connection add type wifi con-name "secure-wifi" \ wifi-sec.key-mgmt sae wifi-sec.psk "strong-password" For WPA2, use strong passwords nmcli connection modify "wifi-connection" \ wifi-sec.psk "ComplexPassword123!" ``` Connection Permissions ```bash Limit connection to specific users nmcli connection modify "connection-name" \ connection.permissions "user:username" Make connection system-wide nmcli connection modify "connection-name" \ connection.permissions "" ``` Automation and Scripting Scripting with nmcli ```bash #!/bin/bash Example script for network setup Function to create ethernet connection create_eth_connection() { local conn_name="$1" local interface="$2" local ip_address="$3" local gateway="$4" nmcli connection add type ethernet \ con-name "$conn_name" \ ifname "$interface" \ ip4 "$ip_address" \ gw4 "$gateway" } Usage create_eth_connection "server-eth" "eth0" "192.168.1.100/24" "192.168.1.1" ``` Parsing nmcli Output ```bash Get connection UUIDs programmatically nmcli -t -f NAME,UUID connection show | while IFS=: read name uuid; do echo "Connection: $name, UUID: $uuid" done Check if connection exists if nmcli connection show "my-connection" &>/dev/null; then echo "Connection exists" else echo "Connection not found" fi ``` Performance Optimization Connection Priorities ```bash Set priorities for automatic connection selection nmcli connection modify "wired-connection" connection.autoconnect-priority 100 nmcli connection modify "wifi-connection" connection.autoconnect-priority 50 nmcli connection modify "mobile-connection" connection.autoconnect-priority 10 ``` Optimizing for Servers ```bash Disable WiFi on servers nmcli radio wifi off Set static configurations for stability nmcli connection modify "server-eth" \ ipv4.method manual \ ipv4.may-fail no \ connection.autoconnect yes \ connection.autoconnect-priority 100 ``` Monitoring and Maintenance Regular Health Checks ```bash #!/bin/bash Network health check script echo "=== Network Status ===" nmcli general status echo -e "\n=== Active Connections ===" nmcli connection show --active echo -e "\n=== Device Status ===" nmcli device status echo -e "\n=== DNS Configuration ===" nmcli device show | grep -E "(GENERAL.DEVICE|IP4.DNS)" ``` Log Analysis ```bash Monitor NetworkManager logs journalctl -u NetworkManager -f --no-pager Filter for specific events journalctl -u NetworkManager | grep -E "(connected|disconnected|failed)" Check for configuration errors journalctl -u NetworkManager | grep -i error ``` Conclusion Mastering nmcli for NetworkManager device and connection management is essential for effective Linux network administration. This comprehensive guide has covered the fundamental concepts, practical commands, and advanced configurations needed to manage network connectivity from the command line. Key takeaways from this guide include: - Understanding the distinction between devices (hardware interfaces) and connections (configuration profiles) is crucial for effective network management - nmcli provides comprehensive control over all aspects of network configuration, from basic IP settings to advanced features like bonding and VLANs - Proper troubleshooting methodology using nmcli's diagnostic commands can quickly resolve network issues - Following best practices for naming, security, and automation ensures maintainable and secure network configurations The command-line approach to network management offers several advantages over graphical tools: scriptability for automation, remote management capabilities, consistency across different Linux distributions, and detailed control over configuration parameters. Next Steps To further develop your nmcli expertise: 1. Practice with lab environments to safely experiment with different configurations 2. Explore advanced features like network namespaces and policy routing 3. Integrate nmcli into automation scripts for infrastructure management 4. Study NetworkManager dispatcher scripts for event-driven network configuration 5. Learn about NetworkManager's D-Bus API for programmatic integration Additional Resources - NetworkManager official documentation: `man nmcli`, `man NetworkManager` - Configuration file references: `man nm-settings` - Advanced networking: `man ip`, `man bridge`, `man teamd` - Troubleshooting tools: `man ss`, `man ethtool`, `man iwconfig` With the knowledge gained from this guide, you're now equipped to effectively manage network devices and connections using nmcli, whether for simple desktop configurations or complex server environments. Remember that network management is an iterative process—start with basic configurations and gradually implement more advanced features as your requirements evolve.