WPA command-line client for interacting with wpa_supplicant
wpa_cli [-p path to ctrl sockets] [-i ifname] [-hvB] [-a action file] [-P pid file] [command ... ]
- -p path
- Change the path where control sockets should be found.
- -i ifname
- Specify the interface that is being configured. By default, choose the first interface found with a control socket in the socket path.
- Help. Show a usage message.
- Show version information.
- Run as a daemon in the background.
- -a file
- Run in daemon mode executing the action file based on events from wpa_supplicant. The specified file will be executed with the first argument set to the interface name, and the second to CONNECT or DISCONNECT, depending on the event.
- -P file
- Set the location of the PID file.
- Run a command; see Supported commands, below.
The wpa_cli utility is a text-based front-end program for interacting with wpa_supplicant. You can use it to query the current status, change the configuration, trigger events, and request interactive user input.
The wpa_cli utility can show the current authentication status, selected security mode, dot11 and dot1x MIBs, etc. In addition, it can configure some variables like EAPOL state machine parameters and trigger events like reassociation and IEEE 802.1X logoff/logon.
The wpa_cli utility provides a user interface to request authentication information, such as user name and password, if these aren't included in the configuration. You can use this to implement, for example, one-time passwords or generic token card authentication where the authentication is based on a challenge-response that uses an external device for generating the response.
You can configure the control interface of wpa_supplicant to allow non-root user access (ctrl_interface_group in the configuration file). This makes it possible to run wpa_cli with a normal user account.
The wpa_cli utilities supports interactive and command-line modes. Both modes share the same command set, and the main difference is in interactive mode providing access to unsolicited messages (event messages, user name/password requests).
If you don't specify a command when you start wpa_cli, the utility goes into interactive mode. You then enter commands at the wpa_cli prompt.
The wpa_cli utility currently supports the following commands:
- Add a network.
- bssid network_id BSSID
- Set the preferred BSSID for an SSID.
- disable_network network_id
- disable a network
- Disconnect and wait for a reassociate command before connecting.
- enable_network network_id
- Enable a network.
- get_capability eap/pairwise/group/key_mgmt/proto/auth_alg
- Get capabilities.
- get_network network_id variable
- Get network variables.
- Display usage information.
- identity network_id identity
- Configure the identity for an SSID.
- interface [ifname]
- Show interfaces or select the specified interface.
- level debug_level
- Change the debugging level.
- Show the full wpa_cli license.
- List the configured networks.
- IEEE 802.1X EAPOL state machine logoff.
- IEEE 802.1X EAPOL state machine logon.
- Get MIB variables (dot1x, dot11)
- new_password network_id password
- Change the password for an SSID.
- otp network_id password
- Configure a one-time password for an SSID.
- passphrase network_id passphrase
- Configure a private key passphrase for an SSID.
- password network_id password
- Configure a password for an SSID.
- pin network_id pin
- Configure a pin for an SSID.
- Show the PMKSA cache.
- preauthenticate BSSID
- Force preauthentication.
- Exit wpa_cli
- Force a reassociation.
- Force wpa_supplicant to reread its configuration file.
- remove_network network_id
- Remove a network.
- Save the current configuration.
- Request a new BSS scan.
- Get the latest scan results.
- select_network network_id
- Select a network (disable others).
- Set variables (shows list of variables when run without arguments).
- set_network network_id variable value
- Set network variables (shows list of variables when run without arguments).
- status [verbose]
- Get the current WPA/EAPOL/EAP status.
- Terminate wpa_supplicant.