nmcli

NetworkManager command-line interface. Connection management, bridge VLAN persistence, and manual IP assignment for emergency access.

Connection Management

List all connections with device binding
nmcli connection show
List active connections only — terse format for scripting
nmcli -t -f NAME,DEVICE connection show --active
Show full details for a specific connection
nmcli connection show br-mgmt
Filter to specific fields — grep or awk
nmcli connection show br-mgmt | grep bridge.vlan
nmcli connection show Domus-Wired-MGMT-Static | awk '/ipv4.addresses|ipv4.gateway/'

Bring Connections Up/Down

Activate a connection
nmcli connection up Domus-Wired-EAP-TLS
Deactivate a connection
nmcli connection down Domus-Wired-EAP-TLS
Reapply changes without full down/up — less disruptive
sudo nmcli device reapply br-mgmt
device reapply on a bridge with VLAN changes can break connectivity. Always have IPMI/console access ready when modifying bridge config.

Modify Connections

Set static IP
nmcli connection modify br-mgmt ipv4.addresses 10.50.1.111/24
nmcli connection modify br-mgmt ipv4.gateway 10.50.1.3
nmcli connection modify br-mgmt ipv4.method manual
Set DNS
nmcli connection modify br-mgmt ipv4.dns "10.50.1.90,10.50.1.91"

Bridge Configuration

Create a bridge
sudo nmcli connection add type bridge con-name br-mgmt ifname br-mgmt
Add physical NIC as bridge port
sudo nmcli connection add type bridge-slave con-name br-mgmt-port ifname eno8 master br-mgmt
Configure bridge properties — disable STP for direct connections
sudo nmcli connection modify br-mgmt bridge.stp no bridge.forward-delay 0

Bridge VLAN Configuration (Persistent)

Check current VLAN settings — always verify before modifying
nmcli c s br-mgmt | grep bridge.vlan
# bridge.vlan-filtering:   yes
# bridge.vlan-default-pvid: 0
# bridge.vlans:            100 pvid untagged, 10, 20, 30, 40, 110, 120
Set bridge VLAN filtering with PVID 100 — production config
sudo nmcli connection modify br-mgmt \
  bridge.vlan-filtering yes \
  bridge.vlan-default-pvid 0 \
  bridge.vlans "100 pvid untagged, 10, 20, 30, 40, 110, 120"

This is the persistent config — survives reboots. Contrast with bridge vlan add which is ephemeral.

Table 1. Relationship between nmcli and bridge vlan commands
Tool Persistence Use Case

nmcli connection modify

Persistent (survives reboot)

Set bridge VLAN config once

bridge vlan add/del

Ephemeral (lost on reboot)

Runtime fixes, vnet VLAN assignment

Libvirt hook

Runs on VM start

Assigns VLANs to vnets per VM

Manual IP Assignment (Bypass NM)

When NetworkManager won’t cooperate — assign IP directly
sudo ip addr add 10.50.1.106/24 dev enp130s0
sudo ip route add default via 10.50.1.1 dev enp130s0
This bypasses NetworkManager entirely. Changes are ephemeral — lost on reboot or when NM takes over the interface. Use as emergency fallback only.

Troubleshooting

Check interface link state
ip link show enp130s0
# Look for: state UP and <LOWER_UP> (carrier detected)
Check if NM manages an interface
nmcli device status
Reload all connection files from disk
nmcli connection reload
Where NM stores connection files
ls /etc/NetworkManager/system-connections/

See Also