Configuring the Driver in Wi-Fi Station Mode#

This section provides the steps to configure Wi-Fi station mode in different security modes (WPA3 & Enterprise mode), Selective scan using wpa_supplicant, and Configure station using the Network Manager CLI. See the Configure in Wi-Fi Station Mode section for open and WPA2-PSK security modes.

For WPA3 security mode:
To connect in WPA3, compile the latest supplicant with below flags enabled in wpa_supplicant .config file.
```
 CONFIG_SAE=y
 CONFIG_IEEE80211W=y 
```
Use the following network block in sta_settings.conf file for WPA3 configuration
```
 pmf=2
 network={
 ssid="<SSID of Access Point>"
 key_mgmt=SAE
 psk=<passphrase specified in the Access Point>
 ieee80211w=2
 }
```
Note: WPA3 Enterprise security mode is not supported in this release.

For WPA2-EAP TLS (Enterprise mode) mode:

 network={
        ssid="<SSID of Access Point>"
        key_mgmt=WPA-EAP
        eap=TLS
        anonymous_identity="tlsuser"
        identity="test"
        password=<passphrase specified in the Access Point>
        ca_cert="/etc/certs/wifiuser.pem"
        client_cert="/etc/certs/wifiuser.pem"
        private_key_passwd=<private key password>
        private_key="/etc/certs/wifiuser.key"
        pairwise=CCMP TKIP
        group=CCMP TKIP
        proto=WPA2 WPA
        priority=20
        }

In EAP-TLS, copy the client certificates in a path and configure the path in network block, as shown above. See the Wi-Fi Enterprise Security section for Radius Server configuration.

For WPA2-EAP PEAP (Enterprise mode) mode:

 network={
        ssid="<SSID of Access Point>"
        key_mgmt=WPA-EAP
        eap=PEAP
        anonymous_identity="peapuser"
        identity="test"
        password=<passphrase specified in the Access Point>
        pairwise=CCMP TKIP
        group=CCMP TKIP
        proto=WPA2 WPA
        priority=20
        }

For WPA2-EAP TTLS (Enterprise mode) mode:

 network={
        ssid="<SSID of Access Point>"
        key_mgmt=WPA-EAP
        eap=TTLS
        anonymous_identity="ttlsuser"
        identity="test"
        password=<passphrase specified in the Access Point>
        pairwise=CCMP TKIP
        group=CCMP TKIP
        proto=WPA2 WPA
        priority=20
        }

For Hidden / Stealth SSID:

To connect to an Access Point whose SSID is not broadcast (Hidden), add the following line to the network block.

scan_ssid=1

For example :

   network={
          ssid="<SSID of Access Point>"
          scan_ssid=1
          key_mgmt=NONE
          }

For Selective Scan:

To enable the selective scan, add freq_list parameter outside the network block. freq_list is a space-separated list of frequencies in MHz which limits the frequencies that will be scanned.

   freq_list=2412 2437 2462

Example config file that will only scan on channel 1 and 36.

   freq_list=2412 5180
   network={
          ssid="<SSID of Access Point>"
          key_mgmt=NONE
          }

Configure Station Using the Network Manager#

Below are the specific commands that can be used for connection using the Network Manager CLI(nmcli):

To check the network manager status (started or stopped), run the following command:
For fedora,
```
# service NetworkManager status
```
For ubuntu,
```
# service network-manager status 
```
If the network manager is inactive or not started, start it with the following command:
For fedora,
```
# service NetworkManager start  
```
For ubuntu,
```
# service network-manager start
```

To view the currently available network connections, run the following command:

# nmcli con show

sample output:

NAME        UUID                                       TYPE                    DEVICE 
eth0        96a5deb0-5eb0-41e1-a7ed-38fea413f9c8       802-3-ethernet          eth0
wlan0       91451385-4eb8-4080-8b82                    802-11-wireless         wlan0

To view the list of access points, run the following command:

# nmcli dev wifi list

Sample output is shown below.

   SSID            MODE   CHAN  RATE       SIGNAL  BARS     SECURITY     
   ASUS            Infra     11    54 Mbit/s  100     ▂▄▆█   WPA2   
   test123         Infra     8     54 Mbit/s  32      ▂▄__    WPA1 WPA2 
   cisco           Infra     1     54 Mbit/s  30      ▂___    WPA1 WPA2 
   test            Infra     13    54 Mbit/s  25      ▂___    ---      
   Dlink           Infra     1     54 Mbit/s  0       ____     WPA2      
   TP-LINK_E11946  Infra     7     54 Mbit/s  83      ▂▄▆█   WPA1 WPA2

To connect to an AP with WPA/WPA2 security, run the following command:
```
# nmcli dev wifi connect ASUS password 12345678 <interface_name> 
```
In this case, ASUS is the AP’s SSID and password is 12345678.
To connect to an AP without security, run the following command:
```
# nmcli dev wifi connect test <interface_name> 
```
'test' is the SSID .
To retrieve the status of devices and connections, run the following command:
```
# nmcli dev status
```
Sample output:
```
DEVICE    TYPE       STATE           CONNECTION
wlan0     wifi       connected       my-ssid
eth0      ethernet   unavailable       --  
```
As can be seen, the STATE corresponding to wlan0 interface shows connected.
To enable a connection on interface (i.e., to make it active), using nmcli, run the following command. connection_name can be obtained from the command above.
```
# nmcli con up id <connection_name>
```
To disable an interface using nmcli, run the following command:
```
# nmcli dev disconnect <interface_name>
```