nmcli is a powerful, advanced command-line interface for configuring and managing networks on Ubuntu, but many users do not take full advantage of its more advanced capabilities. As an expert Linux system administrator and full-stack developer, I have found that mastering nmcli can greatly simplify network configuration, automation, and troubleshooting across servers, devices, and programming projects.

In this comprehensive 3,000+ word guide, you will learn how to unlock nmcli‘s full potential for complete Ubuntu network management without ever needing a graphical interface.

An Introduction to Understanding and Using nmcli

The nmcli command allows you to directly access the features of NetworkManager, Ubuntu and Linux‘s default network management service for handling network configuration and connectivity. With nmcli you can manage wired, wireless, VLANs, VPN connections and more purely through terminal rather than GUI tools.

But what specifically does nmcli offer over graphical utilities or alternative command line tools? When and why should developers, administrators and Linux enthusiasts use nmcli?

Key Advatages and Use Cases of nmcli

1. Scripting and Automating Network Management – Because nmcli uses a consistent, documented command structure it works extremely well for scripting and automation. By leveraging nmcli commands you can programmatically configure network connections tailor made for your infrastructure needs across servers, devices and in code.

2. Idempotence and Infrastructure as Code – Related to scripting, a key principle in modern system administration is "Infrastructure as Code" where server infrastructure and networks are defined through code for consistency and reproducibility. nmcli enables you to implement networking Infrastructure as Code. And because its commands are intended to be run repeatedly, it adheres to the principle of idempotence which is crucial for automation.

3. Accessing Networks Pre-Boot and Dealing with Failed X/GUI – nmcli talks directly to NetworkManager using D-Bus without needing any graphical components. This means you can connect to networks early in the Linux boot sequence before a DE like GNOME starts. And if Ubuntu‘s graphical interface fails or crashes, you can still access networking through nmcli.

4. Headless Server and Remote Device Administration – With nmcli you can fully administrate the networks on Ubuntu servers and devices without any GUI installed. This makes it indispensable for remote network management via SSH.

5. Advanced Configuration of Complex Networking Setups – While graphical config has improved, nmcli exposes significantly more advanced networking functionality. This includes setting up 802.1X networks, MACVLANs, bridges, channel bonding, and complex VPN solutions that exceed the capabilities of GUI tools.

Clearly nmcli brings major advantages for programmers, administrators and advanced Linux users in terms of automation, reliability, flexibility and functionality. But before effectively utilizing nmcli for network management, you need an understanding of NetworkManager and how Ubuntu historically handles networking.

An Overview of NetworkManager and its Relationship to Other Network Handlers

NetworkManager was adopted as the default network configuration handler in Ubuntu 14.04 LTS and has gained more advanced capabilities with each release. But Linux veterans will recall that previously network configuration was handled by utilities like ifupdown. So where does ifupdown fit now?

NetworkManager vs ifupdown vs netplan – What Does Each Tool Do?

ifupdown – This collection of utilities like ifconfig along with configuration under /etc/network/interfaces was the traditional way of setting up networking on Debian, Ubuntu and other distros. But it lacked many modern features and was increasingly complex to maintain for complex network topologies. ifupdown is still included but not actively used by default on current Ubuntu versions.

netplan – This utility was introduced to help bridge traditional sysadmins familiar with ifupdown over to NetworkManager. netplan is primarily targeted at server installations and uses YAML to configure interfaces and pass that configuration to NetworkManager or systemd-networkd. So it serves as an optional higher level abstraction but nmcli remains the most full featured CLI to NetworkManager itself.

NetworkManager – Introduced to Linux around 2009 then integrated in Ubuntu 14.04 LTS as the core network management service. All GUI configuration utilities on Ubuntu configure NetworkManager behind the scenes. Advanced distros like RedHat, SUSE and Debian also now utilize NetworkManager as the standard way to handle networking.

nmcli – This command-line tool directly controls and configures NetworkManager. It exposes the most complete access of NetworkManager‘s capabilities from the command line without needing any Linux desktop or display server. nmcli avoids having to interface separately with ifupdown or netplan.

So in summary, NetworkManager replaced the older ifupdown method of network management as the standard in Ubuntu. nmcli provides direct control over NetworkManager, while netplan serves as an intermediate step for administrators use to ifupdown and ifconfig by generating NetworkManager configurations.

But the crucial takeaway is that nmcli delivers the most advanced CLI experience by talking directly with NetworkManager without abstraction. This allows you to harness NetworkManager‘s extensive capabilities like VPNs, 802.1x port security, container networking, etc that previously required messy command sequences or GUI tools.

Now that we understand nmcli‘s place in the landscape of Ubuntu network configuration, let‘s explore nmcli usage in practice.

Using nmcli for Basic Network Status and Control

Most users need only a small subset of nmcli‘s complete functionality for basic tasks like viewing status, turning networking off/on and connecting new WiFi networks. Let‘s walk through these common use cases.

Show overall networking state:

nmcli general status

Toggle networking completely off/on:

sudo nmcli networking off
sudo nmcli networking on

Connect to a new WiFi ssid:

nmcli device wifi connect MY_WIFI_SSID password wifi_password

This covers 80% of what typical desktop users utilize NetworkManager and nmcli for. But let‘s dig into the more advanced capabilities starting with managing network connection profiles.

Mastering Network Connections with nmcli

NetworkManager refers to a saved configuration for a network (whether WiFI, Ethernet, VPN tunnels etc) as a "connection profile". nmcli exposes extensive control over connection profiles.

List saved connection profiles:

nmcli connection show

Edit an existing connection:

nmcli connection edit <name>

Delete a connection:

nmcli connection delete uuid <uuid>

Add a new connection:

nmcli connection add con-name my-vlan0 type vlan dev enps0.100 id 100

Bring a connection up (activate):

nmcli connection up my-vlan0

And disconnect/deactivate:

nmcli connection down my-vlan0

This gives you an idea of how flexible nmcli‘s management of connections is. You can configure wired, wireless, VLANs, teams, bridges, bonds, VPNs and more purely through mncli commands that get directly applied by NetworkManager.

Implementing Infrastructure as Code with nmcli Connection Profiles

A major advantage of working with nmcli connection profiles instead of using GUI tools is it enables you to implement Infrastructure as Code for networking. Rather than manually clicking together WiFi networks or Ethernet config, you can automate it.

By scripting nmcli commands to define connections, then utilizing nmcli con load /path/to/script to load those connections into NetworkManager, you gain reproducible networking. This is hugely powerful for on-boarding new Linux devices, scaling to large server deployments, and combining nmcli with configuration management tools like Ansible, Salt, Chef and Puppet.

The connection profile related capabilities of nmcli are a gateway to this automated, self-documenting networking nirvana. So while the GUI makes simple WiFi connections easy, nmcli makes complex and scalable infrastructure easy.

Advanced nmcli Connection Profile Examples

Let‘s look at some more intricate examples of nmcli connection profiles:

# Team connection for link aggregation 
nmcli con add type team con-name myteam0 ifname myteam0 config ‘{"runner": {"name": "activebackup"}}‘

# 802.1X connection for secure wifi 
nmcli con add con-name office-wifi ifname wlan0 type 802-11-wireless ssid company-x security 802-1x eap peap;pkcs12

# VPN tunnel over existing eth0 
nmcli con add type vpn ifname eth0 con-name office-vpn vpn-type openvpn

As you can see nmcli opens up vastly more flexibility. You can leverage channel bonding for performance, enterprise authentication protocols for security, VPNs for networking extensions and more.

Utilizing nmcli for Advanced Configuration

In addition to connection profiles, nmcli provides control over general network settings and parameters:

View current DHCP leases:

nmcli dhcp show

Set static IPv4 address:

nmcli con mod eth0 ipv4.addresses 192.168.100.5/24

Configure VLAN interface:

nmcli con add type vlan con-name myvlan0 dev eth2 id 55

Changing default gateway:

nmcli dev set eth0 ipv4.gateway "192.168.8.1"

Monitor syslog for NetworkManager notices:

journalctl -f -u NetworkManager

This gives you an idea of how flexible nmcli‘s management capabilities are. From addressing to routes, SNMP to DNS, tunnels to bridges virtually every aspect of Ubuntu‘s networks are configurable through nmcli.

Infrastructure as Code – Automation and Idempotence

Like with connection profiles, an immense advantage of nmcli is it lends itself to Infrastructure as Code and automation. The effects of nmcli commands are intended to be run repetitively without negative effects. And NetworkManager itself is designed to maintain desired state of networks.

This means tools like Ansible, Salt, Chef, Puppet etc can utilize nmcli as an automation framework to ensure servers and devices conform to predefined networking policies. Combining nmcli for networking with configuration management for systems and applications is potent.

And even without external tools, you can script nmcli commands to tailor Ubuntu networking precisely to your needs without fragile clicking through GUIs.

Advanced Debugging and Troubleshooting with nmcli

When networks inevitably have problems, nmcli provides invaluable debugging:

Continuously monitor connectivity:

nmcli monitor

View detailed interface statistics:

nmcli dev show wlp0s20f3 | less

Restart networking entirely:

sudo nmcli networking off; sudo nmcli networking on

And because NetworkManager integrates tightly with Linux logging infrastructure through systemd, you can quickly access logs:

journalctl -b -u NetworkManager

nmcli combines simple status checking with advanced monitoring and debugging capabilities.

Scripting and Automating with nmcli Commands

While nmcli provides interactive terminal access to NetworkManager, one of its most compelling features is scripting and automation. The tool is designed to be predictable, repetitive and ideal for automating everything from WiFi and addressing configuration to advanced policies and technology like 802.1X authentication, channel bonding, container networking bridges and VPN deployments.

Let‘s look at some examples combining nmcli commands for automated system administration without GUIs.

On-Board New Linux Device to Company Network

#!/bin/bash

# Configures company network settings on new device via nmcli 

# Interface names - replace with machine‘s names 
wlp_int="wlp2s0"
eth_int="eno1"

# Ensure NetworkManager service active
systemctl enable --now NetworkManager

# WiFi Settings
nmcli con add con-name office-ssid ifname $wlp_int type wifi ssid "Company AP"
nmcli con modify office-ssid wifi-sec.key-mgmt wpa-psk
nmcli con modify office-ssid wifi-sec.psk "wifi123abc"
nmcli con up office-ssid

# Ethernet corporate LAN addressing 
nmcli con modify $eth_int ipv4.addresses "10.0.15.9/24 10.0.15.1"
nmcli con modify $eth_int ipv4.gateway "10.0.15.1"
nmcli con modify $eth_int ipv4.dns "10.0.10.5"
nmcli con modify $eth_int ipv4.method manual
nmcli con up $eth_int

# All done!

What this script demonstrates:

  • Enabling NetworkManager service
  • Adding a new wireless connection profile
  • Connecting WiFi with credentials
  • Assigning static IP on corporate ethernet LAN
  • Configuring DNS and default gateway

You could run this on any Ubuntu machine that joins my company network to instantly apply networking policies and settings exactly according to our guidelines. No clicking around in GUIs. All automated idempotently.

Bridge Corporate and Guest Networks

Here is an example leveraging nmcli to bridge multiple network interfaces and VLANs:

#!/bin/bash
# Create bridged corp and guest network

br="br0"
nmcli con add ifname $br type bridge con-name corp-guest-bridge

eth="eno1" 
nmcli con add type ethernet ifname $eth master $br

# Tagged VLAN 
vlanid=100
vlan="vlan$vlanid"
nmcli con add type vlan dev $eth master $br id $vlanid ifname $vlan

# Bring up bridge
nmcli con up corp-guest-bridge

Rather than manually creating bridges between interfaces via GUI dialogs, this script allows you to templatize the bridging of (for example) corporate and guest networks. Keeping these configurations as code makes it replicable and prevents configuration drift.

Automating VPN Deployments Across Infrastructure

Here is an example leveraging nmcli to configure and deploy VPN connectivity across an infrastructure:

#!/bin/bash 

# Define VPN parameters 
vpn_name="site2site_vpn"
gateway_ip="172.25.30.1"
subnet="192.168.50.0/24"
domain="mycompany.internal"

# Add new VPN connection of type IPsec
nmcli con add con-name $vpn_name vpn-type ipsec ifname eth0

# Configure tunnel and authentication parameters 
nmcli con modify $vpn_name connection.autoconnect yes
nmcli con modify $vpn_name vpn.data utm-firewall=yes
nmcli con modify $vpn_name vpn.secrets password="384password"

# Route site B subnets over VPN 
nmcli con modify $vpn_name +ipv4.routes $subnet
nmcli con modify $vpn_name +ipv6.routes "2001:db8:cafe::/64"

# Bring the connection up 
nmcli con up $vpn_name

Rather than hunting down both GUI and terminal options to script VPN connectivity across subnets and data centers, nmcli simplifies the networking side down to simple, predictable commands that can augment existing automation.

The key takeaway with these examples is that the automation and idempotency of nmcli profoundly empowers system administration at scale. Let your imagination run wild with the possibilities!

Conclusion – Start Mastering nmcli for Robust Ubuntu Networking

While basic WiFi and IP configuration graphical utilities may meet some users‘ needs, nmcli unlocks the full suite of advanced networking capabilities on Ubuntu ranging from link aggregation to container networking and beyond.

Leverage connection profiles to implement networking Infrastructure as Code. Script automation of everything from addressing schemes to 802.1x auth policies across devices with nmcli. Debug complex issues quickly through nmcli‘s extensive monitoring and logging integration.

The nmcli command pairs perfectly with the underlying power of NetworkManager to provide resilient, reproducible and automatically managed networks. So step beyond the GUI and begin mastering nmcli for use cases from remote server administration to programming contexts.

Let us know in the comments your experiences or questions in adopting nmcli to enhance Ubuntu networking!

Related posts:

  1. How to Install KVM on Ubuntu 22.04: An In-Depth Guide
  2. How to install google chrome on Ubuntu 20.04
  3. How to Install Protobuf on Ubuntu: An In-Depth Guide for Developers
  4. Getting the Most from tar.gz: Best Practices for Linux Pros
  5. How to Restart Ubuntu Server – A Comprehensive 2600+ Word Guide
  6. A Comprehensive Expert Guide on Configuring the DHCP Client on Ubuntu
  7. A Complete Guide to Uninstalling Packages on Ubuntu 22.04
  8. How to Install and Customize Budgie Desktop on Ubuntu: An Expert Guide

Similar Posts