How to Configure Network IP Connections Using ‘nmcli’ in Linux

Sarvesh -

Introduction

Before we discuss how to configure network IP connections using nmcli in Linux, let's first understand-What is "nmcli"?

nmcli (Network Manager Command-line Interface) is a powerful command-line tool to manage network connections in Linux-based systems. It allows you to configure and control network settings such as IP addresses, DNS, Wi-Fi connections, and more.

This tutorial will provide an overview of configuring network IP connections using nmcli, along with its advantages, FAQs, and a conclusion.

Advantages

  1. Command-line Control: nmcli provides a command-line interface for managing network connections, making it ideal for automation and scripting. It allows you to configure network settings directly from the terminal, provide quick solutions, and automate network-related tasks.
  2. Flexibility: nmcli offers a wide range of options and functions to configure network connections. It supports various network connection types, including wired, wireless, VLAN, and VPN connections. This provides flexibility to adapt to different networking scenarios and requirements.
  3. Powerful Network Configuration: nmcli allows you to configure advanced network settings, including IP addresses, DNS servers, routing tables, bond interfaces, firewalls, and more. It provides a comprehensive set of tools to fine-tune network connections as per your needs.
  4. Scriptability: With nmcli, you can easily create bash scripts or use other scripting languages to automate network configuration tasks. This is particularly useful for setting up network connections on multiple systems or deploying network configurations across a network.
  5. Compatibility: nmcli is a part of Network Manager, which is a widely used network management tool in Linux distributions. As a result, nmcli is available on most Linux distributions, ensuring broad compatibility for configuring network IP connections.

nmcli Command Syntax

The syntax of nmcli is:

nmcli [OPTIONS] OBJECT {COMMAND | help}

Where OBJECT is one of general, networking, radio, connection, device, and agent.

Check Network Device Status in Linux

A good starting point would be to check our devices:

nmcli dev status

DEVICE      TYPE      STATE         CONNECTION 
docker0     bridge    connected     docker0    
virbr0      bridge    connected     virbr0     
enp0s3      ethernet  connected     enp0s3     
virbr0-nic  ethernet  disconnected  --         
lo          loopback  unmanaged     --

As we can see in the first column, there is a list of our network devices. We have one network card with the name enp0s3. On your machine, you may see different names.

The naming depends on the type of the network card (whether it is onboard, a PCI card, etc.). In the last column, we see our configuration files, which are used by our devices to connect to the network.

It is simple to understand that our devices, by themselves, can do nothing. They need us to create a configuration file to instruct them on how to achieve network connectivity. These files are also called ‘connection profiles‘ and we find them in the /etc/sysconfig/network-scripts directory.

cd /etc/sysconfig/network-scripts/
ls
Sample Output
ifcfg-enp0s3  ifdown-isdn      ifup          ifup-plip      ifup-tunnel
ifcfg-lo      ifdown-post      ifup-aliases  ifup-plusb     ifup-wireless
ifdown        ifdown-ppp       ifup-bnep     ifup-post      init.ipv6-global
ifdown-bnep   ifdown-routes    ifup-eth      ifup-ppp       network-functions
ifdown-eth    ifdown-sit       ifup-ib       ifup-routes    network-functions-ipv6
ifdown-ib     ifdown-Team      ifup-ippp     ifup-sit
ifdown-ippp   ifdown-TeamPort  ifup-ipv6     ifup-Team
ifdown-ipv6   ifdown-tunnel    ifup-isdn     ifup-TeamPort

As you can see here, the files with names starting with 'ifcfg-' (interface configuration) are connection profiles. When we create a new connection or modify an existing one with nmcli or nmtui, the results are saved here as connection profiles.

We'll show you two of them from my machine, one with a dhcp configuration and one with static ip.

cat ifcfg-static1 
cat ifcfg-Myoffice1

We realize that some properties have different values, and some others don’t exist if they aren’t necessary.

Let’s take a quick look at the most important ones.

  • TYPE – we have the Ethernet type here. We could also have WiFi, team, bond, and others.
  • DEVICE – the name of the network device associated with this profile.
  • BOOTPROTO – if it has the value dhcp, then our connection profile obtains a dynamic IP from the DHCP server. If it has the value “none”, then it does not use a dynamic IP, and we likely assign a static IP.
  • IPADDR – is the static IP we assign to our profile.
  • PREFIX – the subnet mask. A value of 24 means 255.255.255.0. You can better understand the subnet mask by writing down its binary format. For example, values of 16, 24, and 26 mean that the first 16, 24, or 26 bits, respectively, are set to 1, and the rest are 0. This defines the network address and the range of IP addresses that can be assigned.
  • GATEWAY – the gateway IP.
  • DNS1, DNS2 – two DNS servers we want to use.
  • ONBOOT – if it has the value “yes” it means, that on boot our computer will read this profile and try to assign it to its device.

Check Network Connection in Linux

Now, let’s move on and check our connections:

nmcli con show

The last column of devices helps us understand which connection is UP and running and which is not. In the above image, you can see the two active connections: Myoffice1 and enp0s8.

ℹ️
NOTE: You can use the auto-complete hitting Tab when you use nmcli, but is better to use minimal format of the command.

Thus, the following commands are equal:

nmcli connection show, nmcli con show, nmcli c s

Check IP Address in Linux

If I check the IP addresses of your devices:

ip a

We can see that the device enp0s3 took the 192.168.1.6 IP from the dhcp server because the connection profile Myoffice1 which is up has a dhcp configuration.

If we bring up the connection profile with name static1 then the device will take the static IP 192.168.1.40 as it is defined in the connection profile.

nmcli con down Myoffice1 ; nmcli con up static1
nmcli con show

Let’s see the IP address again:

ip a

We can make our first connection profile. The minimum properties we must define are type, ifname, and con-name:

  • type – for the type of connection.
  • ifname – for the device name that is assigned to our connection.
  • con-name – for the connection name.

Creating a New Ethernet Connection in Linux

Let’s make a new ethernet connection with the name Myhome1, assigned to a device enp0s3:

sudo nmcli con add type ethernet con-name Myhome1 ifname enp0s3

Check its configuration:

cat ifcfg-Myhome1

As you can see it has BOOTPROTO=dhcp, because we didn’t give any static IP address.

ℹ️
NOTE: We can modify any connection with the “nmcli con mod“ command. However, if you modify a dhcp connection and change it to static don’t forget to change it “ipv4.method” from “auto” to “manual”. Otherwise, you will end up with two IP addresses: one from the dhcp server and the static one.

Let’s make a new Ethernet connection profile with a name static2, which will be assigned to a device enp0s3, with static IP 192.168.1.50, subnet mask 255.255.255.0=24, and gateway 192.168.1.1.

sudo nmcli con add type ethernet con-name static2 ifname enp0s3 ip4 192.168.1.50/24 gw4 192.168.1.1

Check its configuration:

cat ifcfg-static2

Modify DNS Servers in Linux

Let’s modify the last connection profile and add two dns servers.

sudo nmcli con mod static2 ipv4.dns “8.8.8.8 8.8.4.4”
ℹ️
Hint: There is something here you must pay attention to: the properties for IP address and gateway have different names when you add and when you modify a connection. When you add connections you use ip4 and gw4, while when you modify them you use ipv4 and gwv4.

Bring Up Ethernet Connection in Linux

Now let’s bring up this connection profile:

As you can see, the device enp0s3 now has an IP address of 192.168.1.50.

sudo nmcli con down static1 ; nmcli con up static2
ip a
💡
NOTE: There are a lot of properties you can modify. If you don’t remember them by heart you can help yourself by typing nmcli con show and after that the connection name:nmcli con show static2

You can modify all these properties written in lowercase.

For example: when you bring down a connection profile, the NetworkManager searches for another connection profile and brings it up automatically. If you don’t want your connection profile to auto-connect:

sudo nmcli con mod static2 connection.autoconnect no

Set Ethernet Connection Permissions to User in Linux

We let only user stella use this profile:

sudo nmcli con mod static2 connection.permissions stella
💡
NOTE: If you want to give permissions to more than one user, you must type user:user1,user2 without blank space between them: nmcli con mod static2 connection.permissions user:stella,john

If you log in as another user you can’t bring up this connection profile:

nmcli con show nmcli con up static2 ls /etc/sysconfig/network-scripts

An error message says that connection ‘static2’ does not exist, even if we see that it exists. That’s because a current user has no permission to bring up this connection.

FAQs on How to Configure Network IP Connections in Linux

How can I view the current network configuration using nmcli? 

Run nmcli connection show to list the available network connections and their configurations. You can also use nmcli device show to view detailed information about the network devices.

How do I configure a static IP address using nmcli?

Use the command nmcli connection modify <connection-name> ipv4.method manual ipv4.addresses <ip-address>/<subnet> ipv4.gateway <gateway> ipv4.dns <dns-server> to set a static IP address, subnet mask, default gateway, and DNS servers.

How do I configure a DHCP-based IP address using nmcli? 

Run nmcli connection modify <connection-name> ipv4.method auto to configure DHCP-based IP address assignment.

Can I set a hostname using nmcli? 

Yes, you can set the hostname with nmcli general hostname <new-hostname>. This change will take effect after a network restart or system reboot.

How can I connect to a Wi-Fi network using nmcli? 

Run nmcli device wifi connect <SSID> password <password> to connect to a specific Wi-Fi network. Replace <SSID> with the network name and <password> with the Wi-Fi password.

How do I delete a network connection using nmcli?

Use the command nmcli connection delete <connection-name> to delete a specific network connection. Replace <connection-name> with the name of the connection you want to remove.

How do I configure a VPN connection using nmcli?

Use the command nmcli connection import type vpn file <vpn-config-file> to import a VPN connection from a configuration file. Replace <vpn-config-file> with the path to the VPN configuration file.

Conclusion

We showed you how to configure network IP connections in Linux, and also we have answered some FAQs.

If you have any queries, feel free to ask them in the comments section and, we will be happy to respond to them...