强曰为道

与天地相似,故不违。知周乎万物,而道济天下,故不过。旁行而不流,乐天知命,故不忧.
文档目录

第 3 章:nmcli 命令行详解

第 3 章:nmcli 命令行详解

3.1 nmcli 基础

nmcli 是 NetworkManager 的官方命令行客户端,支持交互式和非交互式两种使用模式。

命令语法

nmcli [OPTIONS] OBJECT { COMMAND | help }

OBJECT(对象类型)

对象缩写说明
generalgNM 总体状态和操作
networkingn网络连接开关
radiorWiFi/WWAN 射频开关
connectionc连接配置管理
deviced网络设备管理
agentaNetworkManager Secret Agent
monitorm实时监控状态变化

全局选项

# 颜色输出
nmcli --colors yes device status

# 禁用颜色(脚本中推荐)
nmcli --colors no device status

# 输出为表格(默认)
nmcli -t device status     # terse 模式(适合 grep)

# 输出为紧凑表格
nmcli -f device status     # fields 指定输出字段

# 输出为多行(每个字段一行)
nmcli -m multiline device status

# 指定输出字段
nmcli -f DEVICE,TYPE,STATE device status

# 查看所有字段
nmcli -f all device status

# 显示字段名(适合脚本解析)
nmcli -t -f DEVICE,TYPE,STATE device status

# 版本信息
nmcli --version

获取帮助

# 总体帮助
nmcli help

# 对象级帮助
nmcli device help
nmcli connection help

# 命令级帮助
nmcli connection add help
nmcli connection modify help

3.2 general — 总体状态管理

# 查看 NM 总体状态
nmcli general status
# STATE      CONNECTIVITY  WIFI-HW  WIFI    WWAN-HW  WWAN
# connected  full          enabled  enabled enabled  enabled

# 状态值说明:
# disconnected / connecting / connected (local) / connected (site) / connected (global)

# 查看主机名
nmcli general hostname

# 设置主机名
sudo nmcli general hostname myserver

# 查看日志级别
nmcli general logging

# 修改日志级别
sudo nmcli general logging level DEBUG domains WIFI

# 重载配置
nmcli general reload conf        # 重载所有配置
nmcli connection reload          # 重载连接配置
nmcli general reload dns         # 重载 DNS

连接性检查

# NM 通过向预设的 URL 发送 HTTP 请求来检查网络连通性
# 默认检查以下地址(可配置):
# - http://ping.archlinux.org/nm-check
# - http://connectivity.fedoraproject.org
# - ...

# 查看连通性状态
nmcli networking connectivity
# full / limited / portal / none / unknown

# 详细检查
nmcli networking connectivity check

# 禁用连通性检查(服务器场景推荐)
sudo tee /etc/NetworkManager/conf.d/connectivity.conf << 'EOF'
[connectivity]
uri=
interval=0
EOF
sudo nmcli general reload conf

3.3 device — 设备管理

查看设备状态

# 列出所有网络设备
nmcli device status
# DEVICE   TYPE      STATE        CONNECTION
# eth0     ethernet  connected    Wired connection 1
# wlan0    wifi      disconnected --
# lo       loopback  unmanaged    --

# 输出字段说明:
# DEVICE    - 设备名称
# TYPE      - 设备类型(ethernet, wifi, bridge, bond 等)
# STATE     - 状态(connected, disconnected, unavailable, unmanaged)
# CONNECTION - 当前绑定的连接名

# 过滤特定字段
nmcli -t -f DEVICE,TYPE,STATE device status

# 只看已连接的设备
nmcli -t -f DEVICE,TYPE,STATE device status | grep connected

# 查看设备详细信息
nmcli device show eth0
# 示例输出:
# GENERAL.DEVICE:                         eth0
# GENERAL.TYPE:                           ethernet
# GENERAL.HWADDR:                         AA:BB:CC:DD:EE:FF
# GENERAL.MTU:                            1500
# GENERAL.STATE:                          100 (connected)
# GENERAL.CONNECTION:                     Wired connection 1
# IP4.ADDRESS[1]:                         192.168.1.100/24
# IP4.GATEWAY:                            192.168.1.1
# IP4.DNS[1]:                             8.8.8.8
# IP6.ADDRESS[1]:                         fe80::a8bb:ccff:fedd:eeff/64

# 查看所有设备详细信息
nmcli -f all device show

设备操作

# 连接设备(使用已有的自动连接配置)
sudo nmcli device connect eth0

# 断开设备
sudo nmcli device disconnect eth0

# 重新应用连接配置(修改后不重启连接直接生效)
sudo nmcli device reapply eth0

# 修改设备的 managed 状态
sudo nmcli device set eth0 managed yes
sudo nmcli device set eth0 managed no

# WiFi 特有:扫描
sudo nmcli device wifi rescan

# WiFi:列出可用网络
nmcli device wifi list
# 示例输出:
# IN-USE  BSSID              SSID            MODE   CHAN  RATE        SIGNAL  BARS  SECURITY
# *       AA:BB:CC:DD:EE:FF  MyNetwork       Infra  6     270 Mbit/s  85      ▂▄▆█  WPA2
#         11:22:33:44:55:66  GuestNetwork    Infra  11    130 Mbit/s  60      ▂▄▆_  WPA2

设备状态机

理解设备状态对于排障非常重要:

┌──────────────┐
│  unmanaged   │  ← NM 不管理此设备(udev 规则或配置)
└──────┬───────┘
       │ set managed=yes
       ▼
┌──────────────┐
│ unavailable  │  ← 设备未就绪(网线未插、WiFi 硬件关闭等)
└──────┬───────┘
       │ 硬件就绪
       ▼
┌──────────────┐
│ disconnected │  ← 设备就绪但未连接
└──────┬───────┘
       │ 激活连接
       ▼
┌──────────────┐
│ connected    │  ← 已连接
└──────────────┘

3.4 connection — 连接管理

查看连接

# 列出所有连接
nmcli connection show
# NAME                UUID                                  TYPE      DEVICE
# Wired connection 1  a1b2c3d4-e5f6-7890-abcd-ef1234567890  ethernet  eth0
# MyWiFi              b2c3d4e5-f6a7-8901-bcde-f12345678901  wifi      wlan0
# VPN-Work            c3d4e5f6-a7b8-9012-cdef-123456789012  openvpn   --

# 只看活跃连接
nmcli connection show --active

# 查看连接详细信息
nmcli connection show "Wired connection 1"

# 查看连接的特定属性
nmcli connection show "Wired connection 1" | grep -i ipv4

# 按 UUID 查看
nmcli connection show a1b2c3d4-e5f6-7890-abcd-ef1234567890

# 过滤特定字段
nmcli -f connection.id,connection.type,ipv4.method connection show "Wired connection 1"

创建连接

# 创建 DHCP 以太网连接
nmcli connection add \
    type ethernet \
    con-name "Office-LAN" \
    ifname eth0 \
    ipv4.method auto \
    ipv6.method auto

# 创建静态 IP 以太网连接
nmcli connection add \
    type ethernet \
    con-name "Server-LAN" \
    ifname eth0 \
    ipv4.method manual \
    ipv4.addresses "192.168.1.100/24" \
    ipv4.gateway "192.168.1.1" \
    ipv4.dns "8.8.8.8,8.8.4.4" \
    ipv6.method disabled

# 创建 WiFi 连接
nmcli connection add \
    type wifi \
    con-name "MyHomeWiFi" \
    ifname wlan0 \
    ssid "MyHomeNetwork" \
    wifi-sec.key-mgmt wpa-psk \
    wifi-sec.psk "MyPassword123" \
    ipv4.method auto

# 创建桥接连接
nmcli connection add \
    type bridge \
    con-name "br0" \
    ifname br0 \
    ipv4.method manual \
    ipv4.addresses "10.0.0.1/24"

# 创建 VLAN 连接
nmcli connection add \
    type vlan \
    con-name "vlan100" \
    ifname eth0.100 \
    vlan.parent eth0 \
    vlan.id 100 \
    ipv4.method manual \
    ipv4.addresses "10.100.0.1/24"

修改连接

# 修改 IP 地址
nmcli connection modify "Server-LAN" \
    ipv4.addresses "192.168.1.200/24"

# 修改 DNS
nmcli connection modify "Server-LAN" \
    ipv4.dns "1.1.1.1,8.8.8.8"

# 添加额外的 DNS
nmcli connection modify "Server-LAN" \
    +ipv4.dns "8.8.4.4"

# 移除 DNS
nmcli connection modify "Server-LAN" \
    -ipv4.dns "8.8.4.4"

# 修改网关
nmcli connection modify "Server-LAN" \
    ipv4.gateway "192.168.1.254"

# 切换为 DHCP
nmcli connection modify "Server-LAN" \
    ipv4.method auto \
    ipv4.addresses "" \
    ipv4.gateway ""

# 修改连接名称
nmcli connection modify "Old Name" \
    connection.id "New Name"

# 设置自动连接
nmcli connection modify "Server-LAN" \
    connection.autoconnect yes

# 设置自动连接优先级(数值越大越优先)
nmcli connection modify "Wired connection 1" \
    connection.autoconnect-priority 10

# 设置连接的接口名
nmcli connection modify "Server-LAN" \
    connection.interface-name eth0

# 设置 MTU
nmcli connection modify "Server-LAN" \
    ethernet.mtu 9000

# 修改路由
nmcli connection modify "Server-LAN" \
    +ipv4.routes "10.0.0.0/8 192.168.1.254"

# 禁用 IPv6
nmcli connection modify "Server-LAN" \
    ipv6.method disabled

激活与断开连接

# 激活连接
nmcli connection up "Server-LAN"

# 按 UUID 激活
nmcli connection up a1b2c3d4-e5f6-7890-abcd-ef1234567890

# 断开连接
nmcli connection down "Server-LAN"

# 重新激活(先断开再连接,等同于 up + down)
nmcli connection reload
nmcli connection up "Server-LAN"

# 删除连接
nmcli connection delete "Old-Connection"

# 按 UUID 删除
nmcli connection delete a1b2c3d4-e5f6-7890-abcd-ef1234567890

# 导出连接为文件(备份)
nmcli connection export "Server-LAN" > /tmp/server-lan.nmconnection

# 从文件导入连接
nmcli connection load /tmp/server-lan.nmconnection

# 克隆连接
nmcli connection clone "Server-LAN" "Server-LAN-Backup"

3.5 实用操作示例

快速切换网络环境

# 场景:在公司和家庭之间切换
# 创建公司连接(静态 IP)
nmcli connection add \
    type ethernet \
    con-name "Office" \
    ifname eth0 \
    ipv4.method manual \
    ipv4.addresses "10.0.1.50/24" \
    ipv4.gateway "10.0.1.1" \
    ipv4.dns "10.0.1.1" \
    connection.autoconnect-priority 10

# 创建家庭连接(DHCP)
nmcli connection add \
    type ethernet \
    con-name "Home" \
    ifname eth0 \
    ipv4.method auto \
    connection.autoconnect-priority 5

# 切换到家庭网络
nmcli connection up "Home"

# 切换到公司网络
nmcli connection up "Office"

查看连接速率和统计

# 查看设备统计信息
nmcli device show eth0 | grep -i speed
nmcli device show eth0 | grep -i bitrate

# 实时监控设备状态
nmcli device monitor eth0

# 监控所有设备
nmcli monitor

批量操作脚本

#!/bin/bash
# 列出所有非活跃连接并输出信息
for conn in $(nmcli -t -f NAME connection show); do
    active=$(nmcli -t -f NAME connection show --active | grep -c "^${conn}$")
    if [ "$active" -eq 0 ]; then
        echo "非活跃: $conn"
    fi
done

# 获取所有连接的 DNS 配置
nmcli -t -f NAME connection show | while IFS= read -r name; do
    echo "=== $name ==="
    nmcli connection show "$name" | grep ipv4.dns:
done

3.6 nmcli 常用命令速查表

操作命令
查看 NM 状态nmcli general status
查看设备列表nmcli device status
查看设备详情nmcli device show eth0
查看连接列表nmcli connection show
查看活跃连接nmcli connection show --active
创建 DHCP 连接nmcli connection add type ethernet con-name NAME ifname eth0
创建静态连接nmcli connection add type ethernet con-name NAME ifname eth0 ipv4.method manual ipv4.addresses IP
修改 IPnmcli connection modify NAME ipv4.addresses IP
激活连接nmcli connection up NAME
断开连接nmcli connection down NAME
删除连接nmcli connection delete NAME
重载配置nmcli connection reload
查看 WiFinmcli device wifi list
连接 WiFinmcli device wifi connect SSID password PASS
网络开关nmcli networking on/off

3.7 本章小结

要点说明
nmcli 对象general, networking, radio, connection, device, agent, monitor
设备管理nmcli device status/show/connect/disconnect
连接管理nmcli connection show/add/modify/delete/up/down
输出控制-t terse, -f fields, -m multiline, --colors
脚本友好推荐使用 -t -f 组合获取结构化输出
修改生效modify 只改配置文件,up 重新激活才生效

扩展阅读