RHCSA Rapid Track
The NetworkManager service monitors and manages a system's network settings. In the GNOME graphical environment, a Notification Area applet displays network configuration and status information that is received from the NetworkManager daemon. You can interact with the NetworkManager service via the command line or with graphical tools. Service configuration files are stored in the /etc/NetworkManager/system-connections/ directory.
The NetworkManager service manages network devices and connections. A device is a physical or virtual network interface that provides for network traffic. A connection has related configuration settings for a single network device. A connection can also be known as a network profile. Each connection must have a unique name or ID, which can match the device name that it configures.
A single device can have multiple connection configurations and switch between them, but only one connection can be active per device. For example, a laptop wireless device might configure a fixed IP address for use at a secure work site in a connection, but might configure a second connection with an automated address and a virtual private network (VPN) to access the same company network from home.
Important
Starting in Red Hat Enterprise Linux 8, ifcfg format configuration files and the /etc/sysconfig/network-scripts/ directory are deprecated. NetworkManager now uses an INI-style key file format, which is a key-value pair structure to organize properties. NetworkManager stores network profiles in the /etc/NetworkManager/system-connections/ directory. For compatibility with earlier versions, ifcfg format connections in the /etc/sysconfig/network-scripts/ directory are still recognized and loaded.
Use the nmcli utility to create and edit connection files from the command line. The nmcli device status command displays the status of all network devices:
[user@host ~]$ nmcli dev status
DEVICE TYPE STATE CONNECTION
eno1 ethernet connected eno1
ens3 ethernet connected static-ens3
eno2 ethernet disconnected --
lo loopback unmanaged --Note
You can abbreviate nmcli objects and actions. For example, you can abbreviate nmcli device disconnect as nmcli dev dis, and abbreviate nmcli connection modify as nmcli con mod. The abbreviation can be as short as a single letter, provided that it uses enough characters to uniquely identify the object to manage.
The nmcli connection show command displays a list of all connections. Use the --active option to list only active connections.
[user@host ~]$nmcli con showNAME UUID TYPE DEVICE eno2 ff9f7d69-db83-4fed-9f32-939f8b5f81cd 802-3-ethernet -- static-ens3 72ca57a2-f780-40da-b146-99f71c431e2b 802-3-ethernet ens3 eno1 87b53c56-1f5d-4a29-a869-8a7bdaf56dfa 802-3-ethernet eno1 [user@host ~]$nmcli con show --activeNAME UUID TYPE DEVICE static-ens3 72ca57a2-f780-40da-b146-99f71c431e2b 802-3-ethernet ens3 eno1 87b53c56-1f5d-4a29-a869-8a7bdaf56dfa 802-3-ethernet eno1
Use the nmcli connection add command to add network connections. The data for the added network connection is stored in the /etc/NetworkManager/system-connections/ directory as a file with a .nmconnection suffix.
The following example adds an eno2 connection of the ethernet type for the eno2 network interface:
[root@host ~]#nmcli con add con-name eno2 \type ethernet ifname eno2Connection 'eno2' (8159b66b-3c36-402f-aa4c-2ea933c7a5ce) successfully added
The next example creates an eno3 connection of the ethernet type for the eno3 network interface with a static IPv4 network setting. This command configures the 192.168.0.5 IP address with a network prefix of /24 and a network gateway of 192.168.0.254. The nmcli connection add command fails if the connection name that you try to add exists.
[root@host ~]#nmcli con add con-name eno3 type ethernet ifname eno3 \ipv4.method manual ipv4.addresses 192.168.0.5/24 ipv4.gateway 192.168.0.254
The next example creates an eno4 connection for the eno4 device with static IPv6 and IPv4 addresses. This command configures the 2001:db8:0:1::c000:207 IPv6 address with the /64 network prefix and the 2001:db8:0:1::1 address as the default gateway. The command also configures the 192.0.2.7 IPv4 address with the /24 network prefix and the 192.0.2.1 address as the default gateway.
[root@host ~]#nmcli con add con-name eno4 type ethernet ifname eno4 \ipv6.addresses 2001:db8:0:1::c000:207/64 ipv6.gateway 2001:db8:0:1::1 \ipv6.method manual ipv4.addresses 192.0.2.7/24 ipv4.gateway 192.0.2.1 \ipv4.method manual
The nmcli connection up command activates a network connection on the device that it is bound to. Activating a network connection requires the connection name, not the device name.
[user@host ~]$nmcli con showNAME UUID TYPE DEVICE static-ens3 72ca57a2-f780-40da-b146-99f71c431e2b 802-3-ethernet -- static-ens5 87b53c56-1f5d-4a29-a869-8a7bdaf56dfa 802-3-ethernet -- [root@host ~]#nmcli con up static-ens3Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
The nmcli device disconnect command disconnects the network device and brings down the connection.
[root@host ~]# nmcli dev disconnect ens3Important
Use nmcli device disconnect to stop traffic on a network interface and deactivate the connection.
Because most connections enable the autoconnect parameter, the nmcli connection down command is ineffective for stopping traffic. Although the connection deactivates, autoconnect immediately reactivates the connection if the device is up and available. Autoconnect is a desired behavior, because it maintains connections through temporary network outages.
By disconnecting the device under the connection, the connection is forced to be down until the device is connected again.
NetworkManager service connections have two setting types. Static connection properties are configured by the administrator and stored in the /etc/NetworkManager/system-connections/*.nmconnection configuration files. Dynamic connection properties are requested from a DHCP server and are not stored persistently.
To list the current settings for a connection, use the nmcli connection show command. Settings in lowercase are static properties that the administrator can change. Settings in uppercase are active settings in temporary use for this connection instance.
[root@host ~]# nmcli con show static-ens3
connection.id: static-ens3
connection.uuid: 87b53c56-1f5d-4a29-a869-8a7bdaf56dfa
connection.interface-name: --
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.timestamp: 1401803453
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: CA:9D:E9:2A:CE:F0
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options:
ipv4.method: manual
ipv4.dns: 192.168.0.254
ipv4.dns-search: example.com
ipv4.addresses: { ip = 192.168.0.2/24,
gw = 192.168.0.254 }
ipv4.routes:
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: manual
ipv6.dns: 2001:4860:4860::8888
ipv6.dns-search: example.com
ipv6.addresses: { ip = 2001:db8:0:1::7/64,
gw = 2001:db8:0:1::1 }
ipv6.routes:
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-hostname: --
...output omitted...Use the nmcli connection modify command to update connection settings. These changes are saved in the /etc/NetworkManager/system-connections/ file. Consult the name.nmconnectionnm-settings(5) man page for the available settings.
Use the following command to update the static-ens3 connection to set the 192.0.2.2/24 IPv4 address and the 192.0.2.254 default gateway. Use the nmcli command connection.autoconnect parameter to automatically enable or disable the connection at system boot.
[root@host ~]#nmcli con mod static-ens3 ipv4.addresses 192.0.2.2/24 \ipv4.gateway 192.0.2.254 connection.autoconnect yes
Use the following command to update the static-ens3 connection to set the 2001:db8:0:1::a00:1/64 IPv6 address and the 2001:db8:0:1::1 default gateway.
[root@host ~]#nmcli con mod static-ens3 ipv6.addresses 2001:db8:0:1::a00:1/64 \ipv6.gateway 2001:db8:0:1::1
Important
To change a DHCP connection configuration to be static, update the ipv4.method setting from auto or dhcp to manual. For an IPv6 connection, update the ipv6.method setting. If the method is not set correctly, then the connection might hang or be incomplete when activated, or it might obtain an address from DHCP or SLAAC in addition to the configured static address.
Some settings can have multiple values. A specific value can be added to the list or deleted from the connection settings by adding a plus (+) or minus (-) symbol to the start of the setting name. If a plus or minus is not included, then the specified value replaces the setting's current list. The following example adds the 2.2.2.2 DNS server to the static-ens3 connection.
[root@host ~]# nmcli con mod static-ens3 +ipv4.dns 2.2.2.2You can also modify network profiles by editing the connection's configuration file in /etc/NetworkManager/system-connections/. Whereas nmcli commands communicate directly with NetworkManager to implement modifications immediately, connection file edits are not implemented until NetworkManager is asked to reload the configuration file. With manual editing, you can create complex configurations in steps, and then load the final configuration when ready. The following example loads all connection profiles.
[root@host ~]# nmcli con reloadThe next example loads only the eno2 connection profile at /etc/NetworkManager/system-connections/eno2.nmconnection.
[root@host ~]# nmcli con reload eno2The nmcli connection delete command deletes a connection from the system. This command disconnects the device and removes the connection configuration file.
[root@host ~]# nmcli con del static-ens3The root user can use the nmcli command to change the network configuration.
Non-privileged users that are logged in on the physical or virtual console can also make most network configuration changes. If a person is on the system's console, then the system is likely being used as a workstation or laptop where the user needs to configure, activate, and deactivate connections. Non-privileged users that log in with ssh must switch to the root user to change network settings.
Use the nmcli general permissions command to view your current permissions. The following example lists the root user's NetworkManager permissions.
[root@host ~]# nmcli gen permissions
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback yes
org.freedesktop.NetworkManager.enable-disable-connectivity-check yes
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-statistics yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.reload yes
org.freedesktop.NetworkManager.settings.modify.global-dns yes
org.freedesktop.NetworkManager.settings.modify.hostname yes
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.sleep-wake yes
org.freedesktop.NetworkManager.wifi.scan yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.wifi.share.protected yesThe following example lists the user's NetworkManager permissions.
[user@host ~]$ nmcli gen permissions
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback auth
org.freedesktop.NetworkManager.enable-disable-connectivity-check no
org.freedesktop.NetworkManager.enable-disable-network no
org.freedesktop.NetworkManager.enable-disable-statistics no
org.freedesktop.NetworkManager.enable-disable-wifi no
org.freedesktop.NetworkManager.enable-disable-wimax no
org.freedesktop.NetworkManager.enable-disable-wwan no
org.freedesktop.NetworkManager.network-control auth
org.freedesktop.NetworkManager.reload auth
org.freedesktop.NetworkManager.settings.modify.global-dns auth
org.freedesktop.NetworkManager.settings.modify.hostname auth
org.freedesktop.NetworkManager.settings.modify.own auth
org.freedesktop.NetworkManager.settings.modify.system auth
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.wifi.scan auth
org.freedesktop.NetworkManager.wifi.share.open no
org.freedesktop.NetworkManager.wifi.share.protected noThe following table lists the key nmcli commands that are discussed in this section:
| Command | Purpose |
|---|---|
nmcli dev status
| Show the NetworkManager status of all network interfaces. |
nmcli con show
| List all connections. |
nmcli con show
| List the current settings for the connection name. |
nmcli con add con-name
| Add and name a new connection profile. |
nmcli con mod
| Modify the connection name. |
nmcli con reload
| Reload the configuration files, after manual file editing. |
nmcli con up
| Activate the connection name. |
nmcli dev dis
| Disconnect the interface, which also deactivates the current connection. |
nmcli con del
| Delete the specified connection and its configuration file. |
References
For more information, refer to the Getting Started with nmcli chapter at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/configuring_and_managing_networking/index#getting-started-with-nmcli_configuring-and-managing-networking
NetworkManager(8), nmcli(1), nmcli-examples(5), nm-settings(5), hostnamectl(1), resolv.conf(5), hostname(5), ip(8), and ip-address(8) man pages