#格式:wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -D wext -d
按照下面的参考格式填入内容并保存 wpa_supplicant.conf 文件。
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
update_config=1
country=CN
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1 # 是否允许wpa_supplicant更新(覆盖)配置文件
network={
ssid="WiFi-A"
proto=WPA RSN # WPA WPA2(RSN)
key_mgmt=WPA-PSK # NONE WPA-PSK WPS-EAP IEEE8021X
pairwise=CCMP TKIP #CCMP TKIP(包含AES)
group=CCMP TKIP WEP104 WEP40
psk="12345678"
priority=1 # 连接优先级,数字越大优先级越高
}
network={
ssid="WiFi-B"
psk="12345678"
key_mgmt=WPA-PSK #认证密钥管理协议,如果不确定也可以不写这行
priority=2
scan_ssid=1 # 如果你的SSID是隐藏的这个就是必须的
}
如果你的wifi没有密码
network={
ssid="你的无线网络名称(ssid)"
key_mgmt=NONE
}
如果你的 WiFi 使用WEP加密
network={
ssid="你的无线网络名称(ssid)"
key_mgmt=NONE
wep_key0="你的wifi密码"
}
如果你的 WiFi 使用WPA/WPA2加密
network={
ssid="你的无线网络名称(ssid)"
key_mgmt=WPA-PSK
psk="你的wifi密码"
}
#格式:wpa_cli -i wlan0 -p /etc/wpa_supplicant # 控制套接字。
此时会进入交互模式。其中交互模式的命令如下表:
Full command | Short command | Description |
status | stat | displays the current connection status |
disconnect | disc | prevents wpa_supplicant from connecting to any access point |
quit | q | exits wpa_cli |
terminate | term | kills wpa_supplicant |
reconfigure | recon | reloads wpa_supplicant with the configuration file supplied (-c parameter) |
scan | scan | scans for available access points (only scans it, doesn't display anything) |
scan_result | scan_r | displays the results of the last scan |
list_networks | list_n | displays a list of configured networks and their status (active or not, enabled or disabled) |
select_network | select_n | select a network among those defined to initiate a connection (ie select_network 0) |
enable_network | enable_n | makes a configured network available for selection (ie enable_network 0) |
disable_network | disable_n | makes a configured network unavailable for selection (ie disable_network 0) |
remove_network | remove_n | removes a network and its configuration from the list (ie remove_network 0) |
add_network | add_n | adds a new network to the list. Its id will be created automatically |
set_network | set_n | shows a very short list of available options to configure a network when supplied with no parameters. See next section for a list of extremely useful parameters to be used with set_network and get_network. |
get_network | get_n | displays the required parameter for the specified network. See next section for a list of parameters |
save_config | save_c | saves the configuration |
设置网络的基本格式:set_network <network id> <key> <parameter> [<parameter>]
显示网络信息的基本格式:get_network <network id> <key>
相应的参数如下表:
Key | Description | Parameters |
ssid | Access point name | string |
id_str | String identifying the network | string |
priority | Connection priority over other APs | number (0 being the default low priority) |
bssid | Mac address of the access point | mac address |
scan_ssid | Enable/disbale ssid scan | 0, 1, 2 |
key_mgmt | Type of key management | WPA-PSK, WPA_EAP, None |
pairwise | Pairwise ciphers for WPA | CCMP, TKIP |
group=TKIP | Group ciphers for WPA | CCMP, TKIP, WEP104, WEP40 |
psk | Pre-Shared Key (clear or encrypted) | string |
wep_key0 | WEP key (up to 4: wep_key[0123]) | string |
eap | Extensible Authentication Protocol | MD5, MSCHAPV2, OTP, GTC, TLS, PEAP, TTLS |
identity | EAP identity string | string |
password | EAP password | string |
ca_cert | Pathname to CA certificate file | /full/path/to/certificate |
client_cert | Pathname to client certificate | /full/path/to/certificate (PEM/DER) |
private_key | Pathname to a client private key file | /full/path/to/private_key (PEM/DER/PFX) |
连接无加密的AP
>add_network (It will display a network id for you, assume it returns 0)
>set_network 0 ssid "666"
>set_network 0 key_mgmt NONE
>enable_network 0
>quit
连接WEP加密AP
>add_network (assume return 1)
>set_network 1 ssid "666"
>set_network 1 key_mgmt NONE
>set_network 1 wep_key0 "your ap password"
>enable_network 1
连接WPA-PSK/WPA2-PSK加密的AP
>add_network (assume return 2)
>set_network 2 ssid "666"
>set_network 2 psk "your pre-shared key"
>enable_network 2
功能类似wpa_supplicant的配置文件,以上是通过命令行工具wpa_cli来实现wifi网络的连接。。
====================================================================
802.11 Association Status Codes
Code | 802.11 definition | Explanation |
0 | Successful | |
1 | Unspecified failure | For example : when there is no ssid specified in an association request |
10 | Cannot support all requested capabilities in the Capability Information field | Example Test: Reject when privacy bit is set for WLAN not requiring security |
11 | Reassociation denied due to inability to confirm that association exists | NOT SUPPORTED |
12 | Association denied due to reason outside the scope of this standard | Example : When controller receives assoc from an unknown or disabled SSID |
13 | Responding station does not support the specified authentication algorithm | For example, MFP is disabled but was requested by the client. |
14 | Received an Authentication frame with authentication transaction sequence number | If the authentication sequence number is not correct. |
15 | Authentication rejected because of challenge failure | |
16 | Authentication rejected due to timeout waiting for next frame in sequence | |
17 | Association denied because AP is unable to handle additional associated stations | Will happen if you run out of AIDs on the AP; so try associating a large number of stations. |
18 | Association denied due to requesting station not supporting all of the data rates in the | Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon. |
19 | Association denied due to requesting station not supporting the short preamble | NOT SUPPORTED |
20 | Association denied due to requesting station not supporting the PBCC modulation | NOT SUPPORTED |
21 | Association denied due to requesting station not supporting the Channel Agility | NOT SUPPORTED |
22 | Association request rejected because Spectrum Management capability is required | NOT SUPPORTED |
23 | Association request rejected because the information in the Power Capability | NOT SUPPORTED |
24 | Association request rejected because the information in the Supported Channels | NOT SUPPORTED |
25 | Association denied due to requesting station not supporting the Short Slot Time | NOT SUPPORTED |
26 | Association denied due to requesting station not supporting the DSSS-OFDM option | NOT SUPPORTED |
27-31 | Reserved | NOT SUPPORTED |
32 | Unspecified, QoS-related failure | NOT SUPPORTED |
33 | Association denied because QAP has insufficient bandwidth to handle another | NOT SUPPORTED |
34 | Association denied due to excessive frame loss rates and/or poor conditions on current | NOT SUPPORTED |
35 | Association (with QBSS) denied because the requesting STA does not support the | If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected. |
36 | Reserved in 802.11 | This is used in our code ! There is no blackbox test for this status code. |
37 | The request has been declined | This is not used in assoc response; ignore |
38 | The request has not been successful as one or more parameters have invalid values | NOT SUPPORTED |
39 | The TS has not been created because the request cannot be honored; however, a suggested | NOT SUPPORTED |
40 | Invalid information element, i.e., an information element defined in this standard for | Sent when Aironet IE is not present for a CKIP WLAN |
41 | Invalid group cipher | Used when received unsupported Multicast 802.11i OUI Code |
42 | Invalid pairwise cipher | |
43 | Invalid AKMP | |
44 | Unsupported RSN information element version | If you put anything but version value of 1, you will see this code. |
45 | Invalid RSN information element capabilities | If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code. |
46 | Cipher suite rejected because of security policy | NOT SUPPORTED |
47 | The TS has not been created; however, the HC may be capable of creating a TS, in | NOT SUPPORTED |
48 | Direct link is not allowed in the BSS by policy | NOT SUPPORTED |
49 | Destination STA is not present within this QBSS | NOT SUPPORTED |
50 | The Destination STA is not a QSTA | NOT SUPPORTED |
51 | Association denied because the ListenInterval is too large | NOT SUPPORTED |
200 | Unspecified, QoS-related failure. | Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC. |
201 | TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code. | This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients. |
202 | Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only. | |
203 | Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion. Not defined in IEEE, defined in CCXv4 | This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC. |
802.11 Deauth Reason Codes
When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"
Code | 802.11 definition | Explanation |
0 | Reserved | NOT SUPPORTED |
1 | Unspecified reason | TBD |
2 | Previous authentication no longer valid | NOT SUPPORTED |
3 | station is leaving (or has left) IBSS or ESS | NOT SUPPORTED |
4 | Disassociated due to inactivity | Do not send any data after association; |
5 | Disassociated because AP is unable to handle all currently associated stations | TBD |
6 | Class 2 frame received from nonauthenticated station | NOT SUPPORTED |
7 | Class 3 frame received from nonassociated station | NOT SUPPORTED |
8 | Disassociated because sending station is leaving (or has left) BSS | TBD |
9 | Station requesting (re)association is not authenticated with responding station | NOT SUPPORTED |
10 | Disassociated because the information in the Power Capability element is unacceptable | NOT SUPPORTED |
11 | Disassociated because the information in the Supported Channels element is unacceptable | NOT SUPPORTED |
12 | Reserved | NOT SUPPORTED |
13 | Invalid information element, i.e., an information element defined in this standard for which the content does not meet the specifications in Clause 7 | NOT SUPPORTED |
14 | Message integrity code (MIC) failure | NOT SUPPORTED |
15 | 4-Way Handshake timeout | NOT SUPPORTED |
16 | Group Key Handshake timeout | NOT SUPPORTED |
17 | Information element in 4-Way Handshake different from (Re)Association Request/Probe Response/Beacon frame | NOT SUPPORTED |
18 | Invalid group cipher | NOT SUPPORTED |
19 | Invalid pairwise cipher | NOT SUPPORTED |
20 | Invalid AKMP | NOT SUPPORTED |
21 | Unsupported RSN information element version | NOT SUPPORTED |
22 | Invalid RSN information element capabilities | NOT SUPPORTED |
23 | IEEE 802.1X authentication failed | NOT SUPPORTED |
24 | Cipher suite rejected because of the security policy | NOT SUPPORTED |
25-31 | Reserved | NOT SUPPORTED |
32 | Disassociated for unspecified, QoS-related reason | NOT SUPPORTED |
33 | Disassociated because QAP lacks sufficient bandwidth for this QSTA | NOT SUPPORTED |
34 | Disassociated because excessive number of frames need to be acknowledged, but are not acknowledged due to AP transmissions and/or poor channel conditions | NOT SUPPORTED |
35 | Disassociated because QSTA is transmitting outside the limits of its TXOPs | NOT SUPPORTED |
36 | Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting) | NOT SUPPORTED |
37 | Requested from peer QSTA as it does not want to use the mechanism | NOT SUPPORTED |
38 | Requested from peer QSTA as the QSTA received frames using the mechanism for which a setup is required | NOT SUPPORTED |
39 | Requested from peer QSTA due to timeout | NOT SUPPORTED |
40 | Peer QSTA does not support the requested cipher suite | NOT SUPPORTED |
46-65535 | 46--65 535 Reserved | NOT SUPPORTED |
98 | Cisco defined | TBD |
99 | Cisco defined Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc | Example: Send a Deauth to the AP with the reason code to be invalid, say zero |