WPA_CLI(8) | System Manager's Manual | WPA_CLI(8) |
wpa_cli
—
wpa_cli |
[commands] |
wpa_cli
utility is a text-based frontend program for
interacting with
wpa_supplicant(8). It is
used to query current status, change configuration, trigger events, and
request interactive user input.
The wpa_cli
utility can show the current
authentication status, selected security mode, dot11 and dot1x MIBs, etc. In
addition, wpa_cli
can configure EAPOL state machine
parameters and trigger events such as reassociation and IEEE 802.1X
logoff/logon.
The wpa_cli
utility provides an interface
to supply authentication information such as username and password when it
is not provided in the
wpa_supplicant.conf(5)
configuration file. This can be used, for example, to implement one-time
passwords or generic token card authentication where the authentication is
based on a challenge-response that uses an external device for generating
the response.
The wpa_cli
utility supports two modes:
interactive and command line. Both modes share the same command set and the
main difference is that in interactive mode, wpa_cli
provides access to unsolicited messages (event messages, username/password
requests).
Interactive mode is started when wpa_cli
is executed without any parameters on the command line. Commands are then
entered from the controlling terminal in response to the
wpa_cli
prompt. In command line mode, the same
commands are entered as command line arguments.
The control interface of
wpa_supplicant(8) can
be configured to allow non-root user access by using the
ctrl_interface_group parameter in the
wpa_supplicant.conf(5)
configuration file. This makes it possible to run
wpa_cli
with a normal user account.
wpa_cli
in interactive mode.
The wpa_cli
utility shows these requests with a
“CTRL-REQ-
⟨type⟩-
⟨id⟩:⟨text⟩”
prefix, where ⟨type⟩ is
IDENTITY
, PASSWORD
, or
OTP
(one-time password),
⟨id⟩ is a unique identifier for the
current network, and ⟨text⟩ is description
of the request. In the case of a OTP
(One Time
Password) request, it includes the challenge from the authentication server.
A user must supply wpa_supplicant(8) the needed parameters in response to these requests.
For example,
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar > password 1 mysecretpassword Example request for generic token card challenge-response: CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar > otp 2 9876
status
mib
help
status
add_network
set_network
network_id ssid
my_ssid_nameset_network
network_id psk
my_ssid_passwordenable_network
network_idlist_network
scan
scan_results
.interface
[ifname]level
debug_levellicense
wpa_cli
.logoff
logon
set
[settings]pmksa
reassociate
reconfigure
preauthenticate
BSSIDidentity
network_id identitypassword
network_id passwordotp
network_id passwordterminate
quit
wpa_cli
.If wpa_supplicant isn't already running, start it with the command
service wpa_supplicant onestart
.
Find the network
scan
scan_results
17:07:08.868: bssid / frequency / signal level / flags / ssid 14:aa:ff:ee:aa:cc 2437 187 [WPA-PSK-CCMP+TKIP][ESS] MyWifiNetwork 44:ee:ff:bb:33:33 2452 168 [WPA2-PSK-CCMP][ESS] SomeOtherNetwork
Now, let's create a network and configure it.
add_network
17:08:13.047: 1
That means the new network_id we should use is 1.
set_network 1 ssid "MyWifiNetwork"
set_network 1 psk "MyWifiPassword"
enable_network 1
After this point, you should be connected, but no IP address is configured. You will likely want to configure the address using dhcpcd(8).
wpa_cli
utility first appeared in
NetBSD 4.0.
wpa_cli
utility was written by
Jouni Malinen
<jkmaline@cc.hut.fi>.
This manual page is derived from the README file
included in the wpa_supplicant
distribution.
June 19, 2019 | NetBSD 9.4 |