| WPA_CLI(8) | System Manager's Manual | WPA_CLI(8) | 
wpa_cli —
| wpa_cli | [commands] | 
wpa_cli utility is a text-based frontend program for
  interacting with
  wpa_supplicant(8). It is
  used to query current status, change configuration, trigger events, and
  request interactive user input.
The wpa_cli utility can show the current
    authentication status, selected security mode, dot11 and dot1x MIBs, etc. In
    addition, wpa_cli can configure EAPOL state machine
    parameters and trigger events such as reassociation and IEEE 802.1X
    logoff/logon.
The wpa_cli utility provides an interface
    to supply authentication information such as username and password when it
    is not provided in the
    wpa_supplicant.conf(5)
    configuration file. This can be used, for example, to implement one-time
    passwords or generic token card authentication where the authentication is
    based on a challenge-response that uses an external device for generating
    the response.
The wpa_cli utility supports two modes:
    interactive and command line. Both modes share the same command set and the
    main difference is that in interactive mode, wpa_cli
    provides access to unsolicited messages (event messages, username/password
    requests).
Interactive mode is started when wpa_cli
    is executed without any parameters on the command line. Commands are then
    entered from the controlling terminal in response to the
    wpa_cli prompt. In command line mode, the same
    commands are entered as command line arguments.
The control interface of
    wpa_supplicant(8) can
    be configured to allow non-root user access by using the
    ctrl_interface_group parameter in the
    wpa_supplicant.conf(5)
    configuration file. This makes it possible to run
    wpa_cli with a normal user account.
wpa_cli in interactive mode.
  The wpa_cli utility shows these requests with a
  “CTRL-REQ-⟨type⟩-⟨id⟩:⟨text⟩”
  prefix, where ⟨type⟩ is
  IDENTITY, PASSWORD, or
  OTP (one-time password),
  ⟨id⟩ is a unique identifier for the
  current network, and ⟨text⟩ is description
  of the request. In the case of a OTP (One Time
  Password) request, it includes the challenge from the authentication server.
A user must supply wpa_supplicant(8) the needed parameters in response to these requests.
For example,
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar > password 1 mysecretpassword Example request for generic token card challenge-response: CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar > otp 2 9876
statusmibhelpstatusadd_networkset_network
    network_id ssid
    my_ssid_nameset_network
    network_id psk
    my_ssid_passwordenable_network
    network_idlist_networkscanscan_results.interface
    [ifname]level
    debug_levellicensewpa_cli.logofflogonset
    [settings]pmksareassociatereconfigurepreauthenticate
    BSSIDidentity
    network_id identitypassword
    network_id passwordotp
    network_id passwordterminatequitwpa_cli.If wpa_supplicant isn't already running, start it with the command
    service wpa_supplicant onestart.
Find the network
scanscan_results17:07:08.868: bssid / frequency / signal level / flags / ssid 14:aa:ff:ee:aa:cc 2437 187 [WPA-PSK-CCMP+TKIP][ESS] MyWifiNetwork 44:ee:ff:bb:33:33 2452 168 [WPA2-PSK-CCMP][ESS] SomeOtherNetwork
Now, let's create a network and configure it.
add_network
17:08:13.047: 1
That means the new network_id we should use is 1.
set_network 1 ssid "MyWifiNetwork"set_network 1 psk "MyWifiPassword"enable_network 1
After this point, you should be connected, but no IP address is configured. You will likely want to configure the address using dhcpcd(8).
wpa_cli utility first appeared in
  NetBSD 4.0.
wpa_cli utility was written by
  Jouni Malinen
  <jkmaline@cc.hut.fi>.
  This manual page is derived from the README file
  included in the wpa_supplicant distribution.
| June 19, 2019 | NetBSD 10.1 |