Chapter 11. Managing Wi-Fi connections

This section describes how to configure and manage Wi-Fi connections.

11.1. Configuring a Wi-Fi connection using nmcli

This procedure describes how to configure a Wi-fi connection profile using nmcli.

Prerequisites

  • The nmcli utility to be installed.
  • Make sure that the WiFi radio is on (default):

    ~]$ nmcli radio wifi on

Procedure

  1. To create a Wi-Fi connection profile with static IP configuration:

    ~]$ nmcli con add con-name MyCafe ifname wlan0 type wifi ssid MyCafe ` `ip4 192.168.100.101/24 gw4 192.168.100.1
  2. Set a DNS server. For example, to set 192.160.100.1 as the DNS server:

    ~]$ nmcli con modify con-name MyCafe ipv4.dns "192.160.100.1"
  3. Optionally, set a DNS search domain. For example, to set the search domain to example.com:

    ~]$ nmcli con modify con-name MyCafe ipv4.dns-search "example.com"
  4. To check a specific property, for example mtu:

    ~]$ nmcli connection show id MyCafe | grep mtu
    802-11-wireless.mtu:                     auto
  5. To change the property of a setting:

    ~]$ nmcli connection modify id MyCafe 802-11-wireless.mtu 1350
  6. To verify the change:

    ~]$ nmcli connection show id MyCafe | grep mtu
    802-11-wireless.mtu:                     1350

Verification steps

  1. Use the ping utility to verify that this host can send packets to other hosts.

    • Ping an IP address in the same subnet. For example:

      # ping 192.168.100.103

      If the command fails, verify the IP and subnet settings.

    • Ping an IP address in a remote subnet. For example:

      # ping 198.51.16.3
      • If the command fails, ping the default gateway to verify settings.

        # ping 192.168.100.1
  2. Use the host utility to verify that name resolution works. For example:

    # host client.example.com

    If the command returns any error, such as connection timed out or no servers could be reached, verify your DNS settings.

Additional resources

  • See the nm-settings(5) man page for more information on properties and their settings.
  • If the configuration on the disk does not match the configuration on the device, starting or restarting NetworkManager creates an in-memory connection that reflects the configuration of the device. For further details and how to avoid this problem, see NetworkManager duplicates a connection after restart of NetworkManager service.

11.2. Configuring a Wi-Fi connection using control-center

When you connect to a Wi-Fi, the network settings are prefilled depending on the current network connection. This means that the settings will be detected automatically when the interface connects to a network.

This procedure describes how to use control-center to manually configure the Wi-Fi settings.

Procedure

  1. Press the Super key to enter the Activities Overview, type Wi-Fi and press Enter. In the left-hand-side menu entry you see the list of available networks.
  2. Select the gear wheel icon to the right of the Wi-Fi connection name that you want to edit, and the editing connection dialog appears. The Details menu window shows the connection details where you can make further configuration.

    Options

    1. If you select Connect automatically, NetworkManager auto-connects to this connection whenever NetworkManager detects that it is available. If you do not want NetworkManager to connect automatically, clear the check box. Note that when the check box is clear, you have to select that connection manually in the network connection icon’s menu to cause it to connect.
    2. To make a connection available to other users, select the Make available to other users check box.
    3. You can also control the background data usage. If you leave Restrict background data usage unspecified (default), then NetworkManager tries to download data that you are actively using. Otherwise, select the check box and NetworkManager sets the connection as metered, and applies restriction on the background data usage.

      Note

      To delete a Wi-Fi connection, click the Forget Connection red box.

  3. Select the Identity menu entry to see the basic configuration options.

    SSID — The Service Set Identifier (SSID) of the access point (AP).

    BSSID — The Basic Service Set Identifier (BSSID) is the MAC address, also known as a hardware address, of the specific wireless access point you are connecting to when in Infrastructure mode. This field is blank by default, and you are able to connect to a wireless access point by SSID without having to specify its BSSID. If the BSSID is specified, it will force the system to associate to a specific access point only. For ad-hoc networks, the BSSID is generated randomly by the mac80211 subsystem when the ad-hoc network is created. It is not displayed by NetworkManager.

    MAC address — The MAC address allows you to associate a specific wireless adapter with a specific connection (or connections).

    Cloned Address — A cloned MAC address to use in place of the real hardware address. Leave blank unless required.

  4. For further IP address configuration , select the IPv4 and IPv6 menu entries.

    By default, both IPv4 and IPv6 are set to automatic configuration depending on current network settings. This means that addresses such as the local IP address, DNS address, and other settings will be detected automatically when the interface connects to a network. If a DHCP server assigns the IP configuration in this network, this is sufficient, but you can also provide static configuration in the IPv4 and IPv6 Settings. In the IPv4 and IPv6 menu entries, you can see the following settings:

    • IPv4 Method

      • Automatic (DHCP) — Choose this option if the network you are connecting to uses Router Advertisements (RA) or a DHCP server to assign dynamic IP addresses. You can see the assigned IP address in the Details menu entry.
      • Link-Local Only — Choose this option if the network you are connecting to does not have a DHCP server and you do not want to assign IP addresses manually. Random addresses will be assigned as per RFC 3927 with prefix 169.254/16.
      • Manual — Choose this option if you want to assign IP addresses manually.
      • DisableIPv4 is disabled for this connection.
    • DNS

      If Automatic is ON, and no DHCP server is available that assigns DNS servers to this connection, switch it to OFF to enter the IP address of a DNS server separating the IPs by comma.

    • Routes

      Note that in the Routes section, when Automatic is ON, routes from Router Advertisements (RA) or DHCP are used, but you can also add additional static routes. When OFF, only static routes are used.

      • Address — Enter the IP address of a remote network, sub-net, or host.
      • Netmask — The netmask or prefix length of the IP address entered above.
      • Gateway — The IP address of the gateway leading to the remote network, sub-net, or host entered above.
      • Metric — A network cost, a preference value to give to this route. Lower values will be preferred over higher values.
    • Use this connection only for resources on its network

      Select this check box to prevent the connection from becoming the default route.

      Alternatively, to configure IPv6 settings in a Wi-Fi connection, select the IPv6 menu entry:

    • IPv6 Method

      • Automatic — Choose this option to use IPv6 Stateless Address AutoConfiguration (SLAAC) to create an automatic, stateless configuration based on the hardware address and Router Advertisements (RA).
      • Automatic, DHCP only — Choose this option to not use RA, but request information from DHCPv6 directly to create a stateful configuration.
      • Link-Local Only — Choose this option if the network you are connecting to does not have a DHCP server and you do not want to assign IP addresses manually. Random addresses will be assigned as per RFC 4862 with prefix FE80::0.
      • Manual — Choose this option if you want to assign IP addresses manually.
      • DisableIPv6 is disabled for this connection.
    • The DNS, Routes, Use this connection only for resources on its network fields are common to IPv4 settings.
  5. To configure Security settings in a Wi-Fi connection, select the Security menu entry. The following configuration options are available:

    • Security

      • None — Do not encrypt the Wi-Fi connection.
      • WEP 40/128-bit Key — Wired Equivalent Privacy (WEP), from the IEEE 802.11 standard. Uses a single pre-shared key (PSK).
      • WEP 128-bit Passphrase — An MD5 hash of the passphrase to derive a WEP key.

        Warning

        If the Wi-Fi use no encryption, WEP, or WPA, do not use the network because it is insecure and everyone can read the data you send over this network.

      • LEAP — Lightweight Extensible Authentication Protocol, from Cisco Systems.
      • Dynamic WEP (802.1X) — WEP keys are changed dynamically.
      • WPA & WPA2 Personal — Wi-Fi Protected Access (WPA), from the draft IEEE 802.11i standard. A replacement for WEP. Wi-Fi Protected Access II (WPA2), from the 802.11i-2004 standard. Personal mode uses a pre-shared key (WPA-PSK).
      • WPA & WPA2 Enterprise — WPA for use with a RADIUS authentication server to provide IEEE 802.1X network access control.
    • Password — Enter the password to be used in the authentication process.
  6. Once you have finished the configuration, click the Apply button to save it.
Note

When you add a new connection by clicking the plus button, NetworkManager creates a new configuration file for that connection and then opens the same dialog that is used for editing an existing connection. The difference between these dialogs is that an existing connection profile has a Details menu entry.

11.3. Connecting to a Wi-Fi network with nmcli

This procedure describes how to connect to a wireless connection using the nmcli utility.

Prerequisites

  • The nmcli utility to be installed.
  • Make sure that the WiFi radio is on (default):

    ~]$ nmcli radio wifi on

Procedure

  1. To refresh the available Wi-Fi connection list:

    ~]$ nmcli device wifi rescan
  2. To view the available Wi-Fi access points:

    ~]$ nmcli dev wifi list
    
    IN-USE  SSID      MODE   CHAN  RATE        SIGNAL  BARS  SECURITY
    ...
            MyCafe    Infra  3     405 Mbit/s  85      ▂▄▆█  WPA1 WPA2
  3. To connect to a Wi-Fi connection using nmcli:

    ~]$ nmcli dev wifi connect SSID-Name password wireless-password

    For example:

    ~]$ nmcli dev wifi connect MyCafe password wireless-password

    Note that if you want to disable the Wi-Fi state:

    ~]$ nmcli radio wifi off

11.4. Connecting to a hidden Wi-Fi network using nmcli

All access points have a Service Set Identifier (SSID) to identify them. However, an access point may be configured not to broadcast its SSID, in which case it is hidden, and will not show up in NetworkManager’s list of Available networks.

This procedure shows how you can connect to a hidden network using the nmcli tool.

Prerequisites

  • The nmcli utility to be installed. *
  • To know the SSID, and password of the Wi-Fi connection.
  • Make sure that the WiFi radio is on (default):
~]$ nmcli radio wifi on

Procedure

Connect to the SSID that is hidden:

~]$ nmcli dev wifi connect SSID_Name password wireless_password hidden yes

11.5. Connecting to a Wi-Fi network using the GNOME GUI

This procedure describes how you can connect to a wireless network to get access to the internet.

Procedure

  1. Open the GNOME Shell network connection icon menu from the top right-hand corner of the screen.
  2. Select Wi-Fi Not Connected.
  3. Click the Select Network option.
  4. Click the name of the network to which you want to connect, and then click Connect.

    Note that if you do not see the network, the network might be hidden.

  5. If the network is protected by a password or encryption keys are required, enter the password and click Connect.

    Note that if you do not know the password, contact the administrator of the Wi-Fi network.

  6. If the connection is successful, the name of the network is visible in the connection icon menu and the wireless indicator is on the top right-hand corner of the screen.

11.6. Configuring 802.1X security for Wi-Fi with nmcli

This procedure describes how to set the network security settings in a wireless or a Wired connection using the nmcli utility.

Prerequisites

  • The nmcli utility is installed.

Procedure

  1. For a wireless connection, set the authenticated key-mgmt (key management) protocol. It configures the keying mechanism for a secure wifi connection.
  2. Configure the 802-1x authentication settings.

Table 11.1. The 802-1x authentication settings

802-1x authentication settingName

802-1x.identity

Identity

802-1x.ca-cert

CA certificate

802-1x.client-cert

User certificate

802-1x.private-key

Private key

802-1x.private-key-password

Private key password

For example, to configure WPA2 Enterprise using the EAP-TLS authentication method, apply the following settings:

~]$ nmcli c add type wifi ifname wlan0 con-name 'My Wifi Network' \
      802-11-wireless.ssid 'My Wifi' \
      802-11-wireless-security.key-mgmt wpa-eap \
      802-1x.eap tls \
      802-1x.identity identity@example.com \
      802-1x.ca-cert /etc/pki/my-wifi/ca.crt \
      802-1x.client-cert /etc/pki/my-wifi/client.crt \
      802-1x.private-key /etc/pki/my-wifi/client.key \
      802-1x.private-key-password s3cr3t
Note

To configure a wired connection using the nmcli tool, follow the same procedure as for a wireless connection, except the 802-11-wireless.ssid and 802-11-wireless-security key-mgmt settings.