Provided by: wpasupplicant_0.4.8-3ubuntu1_i386 bug


       wpa_cli - WPA command line client


       wpa_cli  [ -p path to ctrl sockets ] [ -i ifname ] [ -hvB ] [ -a action
       file ] [ -P pid file ] [ command ... ]


       wpa_cli  is  a  text-based  frontend  program  for   interacting   with
       wpa_supplicant.   It   is   used   to   query  current  status,  change
       configuration, trigger events, and request interactive user input.

       wpa_cli can show the current authentication status,  selected  security
       mode,  dot11  and  dot1x  MIBs, etc. In addition, it can configure some
       variables like EAPOL state machine parameters and trigger  events  like
       reassociation  and  IEEE  802.1X  logoff/logon. wpa_cli provides a user
       interface to request  authentication  information,  like  username  and
       password,  if  these are not included in the configuration. This can be
       used to implement,  e.g.,  one-time-passwords  or  generic  token  card
       authentication  where  the  authentication  is  based  on  a challenge-
       response that uses an external device for generating the response.

       The control interface of wpa_supplicant can be configured to allow non-
       root user access (ctrl_interface_group in the configuration file). This
       makes it possible to run wpa_cli with a normal user account.

       wpa_cli supports two modes: interactive and command  line.  Both  modes
       share  the  same  command set and the main difference is in interactive
       mode  providing  access  to  unsolicited  messages   (event   messages,
       username/password requests).

       Interactive  mode is started when wpa_cli is executed without including
       the command as a command line parameter. Commands are then  entered  on
       the wpa_cli prompt. In command line mode, the same commands are entered
       as command line arguments for wpa_cli.


       When wpa_supplicant need authentication parameters, like  username  and
       password,  which  are not present in the configuration file, it sends a
       request message to all attached frontend  programs,  e.g.,  wpa_cli  in
       interactive   mode.   wpa_cli   shows   these   requests   with  "CTRL-
       REQ-<type>-<id>:<text>" prefix. <type> is IDENTITY,  PASSWORD,  or  OTP
       (one-time-password).  <id>  is  a  unique  identifier  for  the current
       network. <text> is description of the request. In case of OTP  request,
       it includes the challenge from the authentication server.

       The  reply to these requests can be given with ’identity’, the matching
       request. ’password’ and  ’otp’  commands  can  be  used  regardless  of
       whether  the  request  was  for  PASSWORD  or  OTP. The main difference
       between these two commands is that values  given  with  ’password’  are
       remembered  as  long  as wpa_supplicant is running whereas values given
       with ’otp’ are used only once and then forgotten, i.e.,  wpa_supplicant
       will  ask  frontend  for a new value for every use. This can be used to
       implement  one-time-password  lists  and  generic  token  card   -based

       Example request for password and a matching reply:

              CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
              > password 1 mysecretpassword

       Example request for generic token card challenge-response:

              CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
              > otp 2 9876


       -p path
              Change the path where control sockets should be found.

       -i ifname
              Specify  the  interface  that  is being configured.  By default,
              choose the first interface found with a control  socket  in  the
              socket path.

       -h     Help.  Show a usage message.

       -v     Show version information.

       -B     Run as a daemon in the background.

       -a file
              Run  in  daemon  mode  executing the action file based on events
              from wpa_supplicant.  The specified file will be  executed  with
              the first argument set to interface name and second to "CONNECT"
              or "DISCONNECT" depending on the event.  This can be used

       -P file
              Set the location of the PID file.

              Run a command.  The available commands are listed  in  the  next


       The following commands are available:

       status get current WPA/EAPOL/EAP status

       mib    get MIB variables (dot1x, dot11)

       help   show this usage help

       interface [ifname]
              show interfaces/select interface

       level <debug level>
              change debug level

              show full wpa_cli license

       logoff IEEE 802.1X EAPOL state machine logoff

       logon  IEEE 802.1X EAPOL state machine logon

       set    set   variables  (shows  list  of  variables  when  run  without

       pmksa  show PMKSA cache

              force reassociation

              force wpa_supplicant to re-read its configuration file

       preauthenticate <BSSID>
              force preauthentication

       identity <network id> <identity>
              configure identity for an SSID

       password <network id> <password>
              configure password for an SSID

       pin <network id> <pin>
              configure pin for an SSID

       otp <network id> <password>
              configure one-time-password for an SSID

       bssid *lt;network id> <BSSID>
              set preferred BSSID for an SSID

              list configured networks

              terminate wpa_supplicant

       quit   exit wpa_cli




       wpa_supplicant   is   copyright   (c)    2003-2005,    Jouni    Malinen
       <> and contributors.  All Rights Reserved.

       This  program  is  dual-licensed  under  both the GPL version 2 and BSD
       license. Either license may be used at your option.

                               08 February 2006                     WPA_CLI(8)