NAME
wpa_cli —
text-based frontend program
for interacting with wpa_supplicant
SYNOPSIS
DESCRIPTION
The
wpa_cli utility is a text-based frontend program for
interacting with
wpa_supplicant(8). It is
used to query current status, change configuration, trigger events, and
request interactive user input.
The
wpa_cli utility can show the current authentication
status, selected security mode, dot11 and dot1x MIBs, etc. In addition,
wpa_cli can configure EAPOL state machine parameters and
trigger events such as reassociation and IEEE 802.1X logoff/logon.
The
wpa_cli utility provides an interface to supply
authentication information such as username and password when it is not
provided in the
wpa_supplicant.conf(5)
configuration file. This can be used, for example, to implement one-time
passwords or generic token card authentication where the authentication is
based on a challenge-response that uses an external device for generating the
response.
The
wpa_cli utility supports two modes: interactive and
command line. Both modes share the same command set and the main difference is
that in interactive mode,
wpa_cli provides access to
unsolicited messages (event messages, username/password requests).
Interactive mode is started when
wpa_cli is executed without
any parameters on the command line. Commands are then entered from the
controlling terminal in response to the
wpa_cli prompt. In
command line mode, the same commands are entered as command line arguments.
The control interface of
wpa_supplicant(8) can be
configured to allow non-root user access by using the
ctrl_interface_group parameter in the
wpa_supplicant.conf(5)
configuration file. This makes it possible to run
wpa_cli
with a normal user account.
AUTHENTICATION PARAMETERS
When
wpa_supplicant(8)
needs authentication parameters, such as username and password, that are not
present in the configuration file, it sends a request message to all attached
frontend programs, e.g.,
wpa_cli in interactive mode. The
wpa_cli utility shows these requests with a
“
CTRL-REQ-
⟨
type⟩
-
⟨
id⟩:⟨
text⟩”
prefix, where ⟨
type⟩ is
IDENTITY
,
PASSWORD
, or
OTP
(one-time password),
⟨
id⟩ is a unique identifier for the
current network, and ⟨
text⟩ is description
of the request. In the case of a
OTP
(One Time
Password) request, it includes the challenge from the authentication server.
A user must supply
wpa_supplicant(8) the
needed parameters in response to these requests.
For example,
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
> password 1 mysecretpassword
Example request for generic token card challenge-response:
CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
> otp 2 9876
COMMANDS
The following commands may be supplied on the command line or at a prompt when
operating interactively.
-
-
- status
- Report the current WPA/EAPOL/EAP status for the current
interface.
-
-
- mib
- Report MIB variables (dot1x, dot11) for the current
interface.
-
-
- help
- Show usage help.
-
-
- interface
[ifname]
- Show available interfaces and/or set the current interface
when multiple are available.
-
-
- level
debug_level
- Change the debugging level in
wpa_supplicant(8).
Larger numbers generate more messages.
-
-
- license
- Display the full license for
wpa_cli.
-
-
- logoff
- Send the IEEE 802.1X EAPOL state machine into the
“logoff” state.
-
-
- logon
- Send the IEEE 802.1X EAPOL state machine into the
“logon” state.
-
-
- set
[settings]
- Set variables. When no arguments are supplied, the known
variables and their settings are displayed.
-
-
- pmksa
- Show the contents of the PMKSA cache.
-
-
- reassociate
- Force a reassociation to the current access point.
-
-
- reconfigure
- Force
wpa_supplicant(8) to
re-read its configuration file.
-
-
- preauthenticate
BSSID
- Force preauthentication of the specified
BSSID.
-
-
- identity
network_id identity
- Configure an identity for an SSID.
-
-
- password
network_id password
- Configure a password for an SSID.
-
-
- otp
network_id password
- Configure a one-time password for an SSID.
-
-
- terminate
- Force
wpa_supplicant(8) to
terminate.
-
-
- quit
- Exit wpa_cli.
SEE ALSO
wpa_supplicant.conf(5),
wpa_supplicant(8)
HISTORY
The
wpa_cli utility first appeared in
NetBSD
4.0.
AUTHORS
The
wpa_cli utility was written by
Jouni
Malinen
<
jkmaline@cc.hut.fi>.
This manual page is derived from the
README file included in
the
wpa_supplicant distribution.