DragonFly On-Line Manual Pages
WPA_CLI(8) DragonFly System Manager's Manual WPA_CLI(8)
wpa_cli -- text-based frontend program for interacting with wpa_suppli-
The wpa_cli utility is a text-based frontend program for interacting with
wpa_supplicant(8). It is used to query current status, change configura-
tion, trigger events, and request interactive user input.
The wpa_cli utility can show the current authentication status, selected
security mode, dot11 and dot1x MIBs, etc. In addition, wpa_cli can con-
figure EAPOL state machine parameters and trigger events such as reasso-
ciation and IEEE 802.1X logoff/logon.
The wpa_cli utility provides an interface to supply authentication infor-
mation such as username and password when it is not provided in the
wpa_supplicant.conf(5) configuration file. This can be used, for exam-
ple, to implement one-time passwords or generic token card authentication
where the authentication is based on a challenge-response that uses an
external device for generating the response.
The wpa_cli utility supports two modes: interactive and command line.
Both modes share the same command set and the main difference is in
interactive mode providing access to unsolicited messages (event mes-
sages, username/password requests).
Interactive mode is started when wpa_cli is executed without any parame-
ters on the command line. Commands are then entered from the controlling
terminal in response to the wpa_cli prompt. In command line mode, the
same commands are entered as command line arguments.
The control interface of wpa_supplicant(8) can be configured to allow
non-root user access by using the ctrl_interface_group parameter in the
wpa_supplicant.conf(5) configuration file. This makes it possible to run
wpa_cli with a normal user account.
When wpa_supplicant(8) needs authentication parameters, such as username
and password, that are not present in the configuration file, it sends a
request message to all attached frontend programs, e.g., wpa_cli in
interactive mode. The wpa_cli utility shows these requests with a
``CTRL-REQ-<type>-<id>:<text>'' prefix, where <type> is IDENTITY,
PASSWORD, or OTP (One-Time Password), <id> is a unique identifier for the
current network, <text> is a description of the request. In the case of
an OTP (One-Time Password) request, it includes the challenge from the
A user must supply wpa_supplicant(8) the needed parameters in response to
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
> password 1 mysecretpassword
Example request for generic token card challenge-response:
CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
> otp 2 9876
The following commands may be supplied on the command line or at a prompt
when operating interactively.
status Report the current WPA/EAPOL/EAP status for the current inter-
mib Report MIB variables (dot1x, dot11) for the current interface.
help Show usage help.
Show available interfaces and/or set the current interface when
multiple are available.
Change the debugging level in wpa_supplicant(8). Larger numbers
generate more messages.
Display the full license for wpa_cli.
logoff Send the IEEE 802.1X EAPOL state machine into the ``logoff''
logon Send the IEEE 802.1X EAPOL state machine into the ``logon''
Set variables. When no arguments are supplied, the known vari-
ables and their settings are displayed.
pmksa Show the contents of the PMKSA cache.
Force a reassociation to the current access point.
Force wpa_supplicant(8) to re-read its configuration file.
Force preauthentication of the specified BSSID.
identity network_id identity
Configure an identity for an SSID.
password network_id password
Configure a password for an SSID.
otp network_id password
Configure a one-time password for an SSID.
Force wpa_supplicant(8) to terminate.
quit Exit wpa_cli.
The wpa_cli utility first appeared in FreeBSD 6.0.
The wpa_cli utility was written by Jouni Malinen <firstname.lastname@example.org>.
This manual page is derived from the README file included in the
DragonFly 5.3 May 28, 2014 DragonFly 5.3