Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
WPA_CLI(8)		  BSD System Manager's Manual		    WPA_CLI(8)

     wpa_cli --	text-based frontend program for	interacting with wpa_suppli-

     wpa_cli [commands]

     The wpa_cli utility is a text-based frontend program for interacting with
     wpa_supplicant(8).	 It is used to query current status, change configura-
     tion, trigger events, and request interactive user	input.

     The wpa_cli utility can show the current authentication status, selected
     security mode, dot11 and dot1x MIBs, etc.	In addition, wpa_cli can con-
     figure EAPOL state	machine	parameters and trigger events such as reasso-
     ciation and IEEE 802.1X logoff/logon.

     The wpa_cli utility provides an interface to supply authentication	infor-
     mation such as username and password when it is not provided in the
     wpa_supplicant.conf(5) configuration file.	 This can be used, for exam-
     ple, to implement one-time	passwords or generic token card	authentication
     where the authentication is based on a challenge-response that uses an
     external device for generating the	response.

     The wpa_cli utility supports two modes: interactive and command line.
     Both modes	share the same command set and the main	difference is in in-
     teractive mode providing access to	unsolicited messages (event messages,
     username/password requests).

     Interactive mode is started when wpa_cli is executed without any parame-
     ters on the command line.	Commands are then entered from the controlling
     terminal in response to the wpa_cli prompt.  In command line mode,	the
     same commands are entered as command line arguments.

     The control interface of wpa_supplicant(8)	can be configured to allow
     non-root user access by using the ctrl_interface_group parameter in the
     wpa_supplicant.conf(5) configuration file.	 This makes it possible	to run
     wpa_cli with a normal user	account.

     When wpa_supplicant(8) needs authentication parameters, such as username
     and password, that	are not	present	in the configuration file, it sends a
     request message to	all attached frontend programs,	e.g., wpa_cli in in-
     teractive mode.  The wpa_cli utility shows	these requests with a
     "CTRL-REQ-<type>-<id>:<text>" prefix, where <type>	is IDENTITY, PASSWORD,
     or	OTP (One-Time Password), <id> is a unique identifier for the current
     network, <text> is	a description of the request.  In the case of an OTP
     (One-Time Password) request, it includes the challenge from the authenti-
     cation server.

     A user must supply	wpa_supplicant(8) the needed parameters	in response to
     these requests.

     For example,

	   CTRL-REQ-PASSWORD-1:Password	needed for SSID	foobar
	   > password 1	mysecretpassword

	   Example request for generic token card challenge-response:

	   CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
	   > otp 2 9876

     The following commands may	be supplied on the command line	or at a	prompt
     when operating interactively.

     status  Report the	current	WPA/EAPOL/EAP status for the current inter-

     mib     Report MIB	variables (dot1x, dot11) for the current interface.

     help    Show usage	help.

     interface [ifname]
	     Show available interfaces and/or set the current interface	when
	     multiple are available.

     level debug_level
	     Change the	debugging level	in wpa_supplicant(8).  Larger numbers
	     generate more messages.

	     Display the full license for wpa_cli.

     logoff  Send the IEEE 802.1X EAPOL	state machine into the "logoff"	state.

     logon   Send the IEEE 802.1X EAPOL	state machine into the "logon" state.

     set [settings]
	     Set variables.  When no arguments are supplied, the known vari-
	     ables and their settings are displayed.

     pmksa   Show the contents of the PMKSA cache.

	     Force a reassociation to the current access point.

	     Force wpa_supplicant(8) to	re-read	its configuration file.

     preauthenticate BSSID
	     Force preauthentication of	the specified BSSID.

     identity network_id identity
	     Configure an identity for an SSID.

     password network_id password
	     Configure a password for an SSID.

     otp network_id password
	     Configure a one-time password for an SSID.

	     Force wpa_supplicant(8) to	terminate.

     quit    Exit wpa_cli.

     wpa_supplicant.conf(5), wpa_supplicant(8)

     The wpa_cli utility first appeared	in FreeBSD 6.0.

     The wpa_cli utility was written by	Jouni Malinen <>.  This manual
     page is derived from the README file included in the wpa_supplicant dis-

BSD				 June 16, 2005				   BSD


Want to link to this manual page? Use this URL:

home | help