nmcli Cheatsheet — NetworkManager 43 Workstation

Create, update, analyse and delete network interfaces (physical & virtual). Command boxes scroll internally so they never overflow the page.

Dark mode · nmcli examples

Create network interface (name, ip, subnet, gateway, DNS)

Create a named connection. For physical NICs use type ethernet; for virtual devices use bridge/vlan/etc. Apply changes with connection up.

Physical Ethernet — static IPv4


# Create connection named "office-eth" bound to eth0 with static IPv4
nmcli connection add type ethernet ifname eth0 con-name office-eth \
  ipv4.addresses 192.0.2.10/24 ipv4.gateway 192.0.2.1 \
  ipv4.dns 8.8.8.8 ipv4.method manual

# Bring it up
nmcli connection up office-eth

Physical Ethernet — DHCP


# Use DHCP on eth1, connection named "wan"
nmcli connection add type ethernet ifname eth1 con-name wan \
  ipv4.method auto ipv6.method auto

nmcli connection up wan

Bridge — virtual


# Create a bridge br0
nmcli connection add type bridge con-name br0 ifname br0

# Add physical slave eth0 to bridge
nmcli connection add type bridge-slave ifname eth0 master br0 con-name br0-port-eth0

# Assign IP to the bridge (not to the slave)
nmcli connection modify br0 ipv4.addresses 10.10.10.2/24 ipv4.gateway 10.10.10.1 ipv4.method manual
nmcli connection up br0

VLAN — virtual


# VLAN ID 10 on eth0, connection vlan10
nmcli connection add type vlan con-name vlan10 ifname vlan10 dev eth0 id 10 \
  ipv4.addresses 192.168.10.2/24 ipv4.method manual

nmcli connection up vlan10

Multiple IPv4 / IPv6 addresses on one interface


# Add multiple IPv4 and IPv6 addresses (comma separated)
nmcli connection modify office-eth \
  ipv4.addresses "192.0.2.10/24,192.0.2.11/24" \
  ipv6.addresses "2001:db8:1::10/64,2001:db8:1::11/64" \
  ipv6.method manual

# Apply changes
nmcli connection up office-eth

List addresses with commas. For IPv6 consider privacy and temporary address behavior.

Add routable Address to interface


sudo ip addr add 10.0.10.3 dev routerbr0 scope global metric 10

Add custom docker network


# Create Interface
docker network craete dll

# Add Container
docker run --name container_name -d -p 172.21.0.1:80:80 image_name

Update and edit existing connections

Edits change the NetworkManager connection object. Bring connection down/up to apply, or use nmcli connection reload/ up.

Modify IP, gateway, DNS


# Modify IPv4 address, gateway and DNS on "office-eth"
nmcli connection modify office-eth ipv4.addresses 192.0.2.20/24
nmcli connection modify office-eth ipv4.gateway 192.0.2.1
nmcli connection modify office-eth ipv4.dns "8.8.8.8 1.1.1.1"

# Apply
nmcli connection down office-eth
nmcli connection up office-eth

Add or remove secondary IP


# Add secondary address (preserve existing)
nmcli connection modify office-eth ipv4.addresses "192.0.2.20/24,192.0.2.21/24"
nmcli connection up office-eth

# To remove an address set the list without it
nmcli connection modify office-eth ipv4.addresses "192.0.2.20/24"
nmcli connection up office-eth

Edit virtual device settings


# Change bridge STP or add IP to bridge br0
nmcli connection modify br0 bridge.stp no
nmcli connection modify br0 ipv4.addresses 10.10.10.5/24
nmcli connection up br0

# Replace a VLAN by deleting old and creating new if ID changes
nmcli connection delete vlan10
nmcli connection add type vlan con-name vlan20 ifname vlan20 dev eth0 id 20 ipv4.method manual ipv4.addresses 192.168.20.2/24
nmcli connection up vlan20

Interface settings again to auto


sudo nmcli connection add ethernet enp7s0 ipv4.method auto

sudo systemctl restart NetworkManager

Modify routes


# Add a static IPv4 route via 192.0.2.254
nmcli connection modify office-eth +ipv4.routes "10.0.0.0/8 192.0.2.254"

# Add route with metric
nmcli connection modify office-eth +ipv4.routes "10.1.1.0/24 192.0.2.253 100"

nmcli connection up office-eth

Commands to analyse your network

Combine nmcli with standard Linux networking tools for full diagnostics.

Overview and device state


# List connection profiles
nmcli connection show

# List devices and state
nmcli device status

# Device details (addresses, routes, MAC)
nmcli device show eth0

Runtime and routing


# Kernel view of IPs and routes
ip addr show
ip -4 route show
ip -6 route show

# Monitor NetworkManager events
nmcli monitor

Diagnostics and logs


# NetworkManager logs
journalctl -u NetworkManager -n 200 --no-pager

# Connectivity tests
ping -c 4 8.8.8.8
ping6 -c 4 2001:4860:4860::8888

# Active sockets
ss -tuln

DNS and resolution


# Show DNS servers used by NM
nmcli dev show | grep DNS -i

# Test DNS resolution with system resolver
getent hosts example.com

Docker subnet inspecting


docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q)

Delete interfaces and connections

Differentiate between deleting a NetworkManager connection (profile) and kernel-level interface removal for virtual devices.

Delete connection (recommended)


# Bring connection down then delete by name
nmcli connection down office-eth
nmcli connection delete office-eth

# Delete by UUID
nmcli connection delete uuid 123e4567-89ab-cdef-0123-456789abcdef

Remove virtual device


# Delete bridge/vlan connections
nmcli connection down br0
nmcli connection delete br0

# If kernel-only virtual exists (created with ip link), remove it
sudo ip link delete br0

Safe deletion workflow


# 1. Down connection
nmcli connection down 

# 2. Delete profile
nmcli connection delete 

# 3. If a kernel virtual device persists, remove with ip
sudo ip link delete

Avoid removing physical NICs at kernel level. Test changes locally or via out-of-band access to prevent lockout.