Wireless

WiFi management — iw, wpa_supplicant, iwctl, and wireless interface diagnostics.

Interface Discovery

List all wireless interfaces and their current state
iw dev
Show wireless interface capabilities — supported bands, modes, HT/VHT
iw phy phy0 info
Check if the wireless card is hard or soft blocked
rfkill list wifi
Unblock a soft-blocked wireless interface
sudo rfkill unblock wifi
Show the regulatory domain — affects available channels and tx power
iw reg get
Set the regulatory domain to US (affects legal channels and power limits)
sudo iw reg set US

Scanning & Signal Analysis

Scan for available networks — shows SSID, channel, signal, security
sudo iw dev wlan0 scan | awk '/SSID:|signal:|freq:|capability:|RSN/'
Quick scan using NetworkManager — cleaner output for interactive use
nmcli device wifi list
Rescan and refresh the network list
nmcli device wifi rescan && nmcli device wifi list
Show signal strength for connected network — RSSI in dBm
iw dev wlan0 link
Interpreting signal strength (RSSI reference)
-30 dBm = Excellent (right next to AP)
-50 dBm = Very good
-60 dBm = Good (reliable for most uses)
-67 dBm = Minimum for VoIP/video
-70 dBm = Weak (web browsing OK)
-80 dBm = Very weak (connection drops likely)
-90 dBm = Unusable
Monitor signal strength continuously — one line per second
watch -n1 'iw dev wlan0 link | grep signal'

Connecting with NetworkManager

Connect to an open network
nmcli device wifi connect "SSID_NAME"
Connect to WPA2-Personal with password
nmcli device wifi connect "SSID_NAME" password "passphrase"
Connect to a hidden SSID
nmcli device wifi connect "HIDDEN_SSID" password "passphrase" hidden yes
Show saved connection profiles
nmcli connection show
Disconnect from the current network
nmcli device disconnect wlan0
Delete a saved connection profile
nmcli connection delete "SSID_NAME"
Show full details of a connection profile — useful for debugging 802.1X
nmcli connection show "SSID_NAME" | grep -E '802-1x|wifi-sec|ssid'

WPA Supplicant (Manual / 802.1X)

Generate a wpa_supplicant config for WPA2-Personal
wpa_passphrase "SSID_NAME" "passphrase" > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
Connect using wpa_supplicant directly — foreground for debugging
sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0.conf -D nl80211
EAP-TLS config block for 802.1X wireless (Cisco C9130AX / WLC)
network={
    ssid="Corporate_SSID"
    key_mgmt=WPA-EAP
    eap=TLS
    identity="user@domain"
    ca_cert="/etc/ssl/certs/ca-chain.pem"
    client_cert="/etc/ssl/certs/client.pem"
    private_key="/etc/ssl/private/client.key"
    private_key_passwd="<REDACTED>"
}
Check wpa_supplicant status — shows EAP state and authentication progress
wpa_cli -i wlan0 status

Debugging Wireless Issues

Monitor wireless events in real time — association, disassociation, auth
sudo iw event -t
Watch kernel and NetworkManager logs for wifi issues
journalctl -u NetworkManager --since "5 minutes ago" --no-pager | grep -i wifi
Check for firmware loading errors on the wireless driver
dmesg | grep -iE 'iwlwifi|ath|firmware|wlan'
Show the wireless driver in use and its module parameters
ethtool -i wlan0
Show wireless statistics — retries, failures, beacon loss
iw dev wlan0 station dump

Channel Selection Reference

Show which channels your card supports and their current status
iw phy phy0 channels
Channel planning reference — non-overlapping 2.4 GHz channels
2.4 GHz non-overlapping: 1, 6, 11
5 GHz DFS-free (U-NII-1): 36, 40, 44, 48
5 GHz DFS (U-NII-2): 52-144 (radar detection required)
5 GHz high (U-NII-3): 149, 153, 157, 161, 165

Legacy Tools

Show interface status with iwconfig — deprecated but still common
iwconfig wlan0
Set tx power (if regulatory domain allows) — iwconfig legacy syntax
sudo iwconfig wlan0 txpower 20

hostapd (Access Point Mode)

Minimal hostapd config for a software AP — testing/lab use
interface=wlan0
driver=nl80211
ssid=LabAP
hw_mode=g
channel=6
wmm_enabled=0
auth_algs=1
wpa=2
wpa_passphrase=testpassword
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
Start hostapd in foreground for debugging
sudo hostapd /etc/hostapd/hostapd.conf
Start hostapd as a daemon
sudo hostapd -B /etc/hostapd/hostapd.conf

See Also

  • 802.1X — EAP-TLS authentication

  • Bluetooth — Bluetooth device management