Summit Network Manager User Guide Overview This document outlines the added features of the Ezurio version of NetworkManager. Some of these features are only compatible with our Summit software stack and do not work with the Sterling software stack. Unless otherwise specified, these commands work with radios other than the 60 series. Summit Software Stack For more information about the Summit software stack, please contact your local RSM or contact us at https://www.ezurio.com/contact NetworkManager For general information about the parent project on which this work is based, visit the following: https://networkmanager.dev/docs/api/latest/ Basic Connectivity This section provides commands to configure connection profiles for basic usage. This is only meant as a demonstration. We recommend that you follow the link provided in the Overview section and read the man (manual) pages for more information. Getting Started and Useful Commands man Pages # man nmcli # man nmcli-examples Starting up Wi-Fi The following is an example of starting up Wi-Fi and scanning for a list of available connections. # nmcli radio wifi on # nmcli dev wifi rescan # nmcli dev wifi list IN-USE SSID MODE CHAN RATE SIGNAL BARS SECURITY opentest Infra 1 195 Mbit/s 92 **** – 8021xtest Infra 40 195 Mbit/s 59 *** WPA2 802.1X wpa2test Infra 1 195 Mbit/s 70 *** WPA2 adhoctest Ad-Hoc 1 54 Mbit/s 60 *** – testac Infra 52 405 Mbit/s 60 *** – Viewing Available Connection Profiles # nmcli con NAME UUID TYPE DEVICE 8021xtest 0e85c35a-e28e-4da8-a956-7d286c49b4b7 wifi – Wired connection 1 a09d5560-4a54-34f6-b50c-b35d58a62f1f ethernet – hotspot 92b33586-da57-442f-853f-a0e0b2359e83 wifi wlan0 opentest 3e152a5b-942a-4163-b418-9c236d2ec7a6 wifi – wpa2test 41a56cde-57b1-47ac-a9df-fa62115d9da8 wifi – Display Device Status # nmcli device status DEVICE TYPE STATE CONNECTION wlan0 wifi connected hotspot eth0 ethernet unavailable – lo loopback unmanaged – Display the Parameters of a Given Connection The output of this command is very exhaustive. We edited it (…) in this example to show some key parameters. # nmcli -p con show hotspot =============================================================================== Connection profile details (hotspot) =============================================================================== connection.id: hotspot5 connection.uuid: 92b33586-da57-442f-853f-a0e0b2359e83 connection.stable-id: – connection.type: 802-11-wireless connection.interface-name: wlan0 connection.autoconnect: no ... 802-11-wireless.ssid: hotspot 802-11-wireless.mode: ap 802-11-wireless.band: bg 802-11-wireless.channel: 6 ... 802-11-wireless-security.key-mgmt: wpa-psk ... =============================================================================== Activate connection details (92b33586-da57-442f-853f-a0e0b2359e83) =============================================================================== GENERAL.NAME: hotspot GENERAL.UUID: 92b33586-da57-442f-853f-a0e0b2359e83 GENERAL.DEVICES: wlan0 GENERAL.STATE: activated ... ——————————————————————————- IP4.ADDRESS[1]: 10.42.0.1/24 IP4.GATEWAY: – IP4.ROUTE[1]: dst = 10.42.0.0/24, nh = 0.0.0.0, mt = 600 UUID For best practice, give each connection profile a unique name to make managing the profiles an easier task. In situations where connection names are duplicated, there is an alternative method to addressing a profile by its name. The UUID (Universally Unique Identifier) is automatically generated for each profile upon creation and can be substituted for the connection name in any command. # nmcli con NAME UUID TYPE DEVICE 8021xtest bcb6a35b-305d-4ecc-b147-0c57c22884fc wifi – Wired connection 1 a09d5560-4a54-34f6-b50c-b35d58a62f1f ethernet – hotspot 99d9e9d5-d7b5-4217-919d-e4a6c23421fa wifi – hotspot 44d0030f-872f-4684-921e-3077c3b02ea7 wifi – opentest 3e152a5b-942a-4163-b418-9c236d2ec7a6 wifi – wpa2test 41a56cde-57b1-47ac-a9df-fa62115d9da8 wifi – # nmcli con up 99d9e9d5-d7b5-4217-919d-e4a6c23421fa Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/Ac... Connecting as a Client The following are examples that demonstrate connection profiles for different security types. Unsecured Network # nmcli con NAME UUID TYPE DEVICE Wired connection 1 bd88ab65-cad4-3012-b31d-b73ce7dc9de7 ethernet – # nmcli con add con-name opentest ifname wlan0 type wifi ssid opentest Connection ’opentest’ (3e152a5b-942a-4163-b418-9c236d2ec7a6) successfully added. # nmcli con NAME UUID TYPE DEVICE opentest 3e152a5b-942a-4163-b418-9c236d2ec7a6 wifi wlan0 Wired connection 1bd88ab65-cad4-3012-b31d-b73ce7dc9de7 ethernet – # nmcli con up opentest Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/Ac... WPA2-PSK Secured Network # nmcli conn add con-name wpa2test ifname wlan0 type wifi ssid "wpa2test" # nmcli conn modify id wpa2test 802-11-wireless-security.key-mgmt wpa-psk # nmcli conn modify id wpa2test 802-11-wireless-security.psk "test1234" # nmcli conn up wpa2test Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/Ac... WPA2-AES-802.1X + CCKM Secured Network Using EAP-TLS and Certificate # nmcli con add con-name 8021xtest ifname wlan0 type wifi ssid "8021xtest" Connection ’8021xtest’ (0e85c35a-e28e-4da8-a956-7d286c49b4b7) successfully added. # nmcli con mod id 8021xtest 802-1x.eap tls 802-1x.identity user1 802-1x.private-key \ /etc/ssl/certs/user1.pem 802-1x.password user1 802-1x.client-cert /etc/ssl/certs/user1.pem # nmcli con mod id 8021xtest 802-11-wireless-security.key-mgmt wpa-eap # nmcli --ask con up 8021xtest Passwords or encryption keys are required to access the wireless network ’8021xtest’. Identity (802-1x.identity): user1 Passwords or encryption keys are required to access the wireless network ’8021xtest’. Private key password (802-1x.private-key-password): ***** Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/Ac... SoftAP Mode SoftAP 2.4GHz b/g Band This connection profile configures the host to broadcast a WPA2-PSK secured network on channel 6 (2437 MHz) with the SSID named hotspot and to share the wired ethernet connection to connected clients. # nmcli conn add type wifi ifname wlan0 con-name hotspot autoconnect no ssid "hotspot" # nmcli con mod hotspot 802-11-wireless.mode ap ipv4.method shared # nmcli con mod hotspot 802-11-wireless.band bg 802-11-wireless.channel 6 # nmcli con mod hotspot wifi-sec.key-mgmt wpa-psk wifi-sec.psk "test1234" # nmcli con mod hotspot wifi-sec.pairwise CCMP wifi-sec.proto RSN # nmcli con up hotspot Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/Ac... Ezurio Commands 802-1x Properties Key Name: 802-1x.phase2-auth Value Type: List of authentication methods Default Value: Value Description: This field has been modified to accept multiple authentication methods. # nmcli con modify test 802-1x.phase2-auth mschapv2 +802-1x.phase2-auth gtc Key Name: 802-1x.phase2-autheap Value Type: List of authentication methods Default Value: Value Description: This field was modified to accept multiple authentication methods. # nmcli con modify test 802-1x.phase2-autheap mschapv2 +802-1x.phase2-autheap gtc Key Name: 802-1x.tls-disable-time-checks Value Type: 0 or 1 Default Value: 0 Value Description: If set to 1, it disables time/date checking of server/CA certificates. # nmcli con modify test 802-1x.tls-disable-time-checks 1 Key Name: 802-1x.pac-file-password Value Type: string Default Value: Not set Value Description: Used to decrypt manually provisioned EAP-FAST PAC files. Requires Summit supplicant. # nmcli con modify test 802-1x.pac-file-password password 802-11-wireless Properties Key Name: 802-11-wireless.auth-timeout Value Type: uint32 (3-60) Default Value: Value Description: Restarts 802.11 authentication if a connection is not established in the specified time. Requires Summit supplicant. # nmcli con modify test 802-11-wireless.auth-timeout 8 Key Name: 802-11-wireless.frequency-list Value Type: string – A list of frequencies separated by spaces Default Value: Not set – Use all frequencies Value Description: Limits scanning to the listed frequencies. While in the disconnected state, this feature requires the Summit supplicant. # nmcli con modify test 802-11-wireless.frequency-list "2412 2462" Key Name: 802-11-wireless.rts-thresh Value Type: uint32 Default Value: 2437 Value Description: Indicates the packet size at which RTS or CTS is required on the link. A value between 0-2347. Units are in bytes. # nmcli con modify test 802-11-wireless.rts-thresh 2347 Key Name: 802-11-wireless.ccx Value Type: 0 (disabled), 1 (optimized) or 2 (full) Default Value: 0 (disabled) Value Description: Used to enable CCX features. Requires Summit supplicant. # nmcli con modify test 802-11-wireless.ccx 1 Key Name: 802-11-wireless.client-name Value Type: string (up to 16 character name - ascii) Default Value: Not set Value Description: If CCX is enabled, the client-name will be sent to a CCX capable AP to identify the device. Requires Summit supplicant. # nmcli con modify test 802-11-wireless.client-name "device22" 802-11-wireless-security Properties Key Name: 802-11-wireless-security.key-mgmt Value Type: key management method Default Value: Value Description: This field has been modified to add ’CCKM’. Requires Summit supplicant. # nmcli con modify test 802-11-wireless-security.key-mgmt cckm Key Name: 802-11-wireless-security.procactive-key-caching ValueType: uint32 (0 or 1) Default Value: 0 Value Description: Selects PMK usage normal/SPMK (0) or OPMK (1). # nmcli con modify test 802-11-wireless-security.proactive-key-caching 1 Scanning Key Name: 802-11-wireless.hidden Value Type: uint32 (0 or 1) Default Value: 0 Value Description: Scanning behavior is modified. If all profiles are marked as hidden, broadcast probe requests are suppressed. Requires Summit supplicant. # nmcli con modify test 802-11-wireless.hidden 1 Key Name: 802-11-wireless.max-scan-interval Value Type: uint32 (seconds) Default Value: 0 (uses NetworkManager limits) Value Description: Limits the NetworkManager interval between scans while disconnected. While scanning, the NetworkManager pauses for a time period between scans. This time period keeps increasing when a suitable network is not found (max 120s). This field can be used to limit that maximum. # nmcli con modify test 802-11-wireless.max-scan-interval 30 Key Name: 802-11-wireless.bgscan Value Type: string DefaultValue: Not set (uses default from NetworkManager) Value Description: Controls the supplicant background scanning while connected to a network. Refer to the supplicant wpa_supplicant.conf bgscan for more details. simple:<short interval seconds>:<threshold dbm>:<long interval seconds> – above the threshold uses the long interval (seconds) for scanning and below uses the short interval (seconds). # nmcli con modify test 802-11-wireless.bgscan "simple:30:-45:60" Scanning Parameters - 60 Series radio and Summit supplicant required Key Name: 802-11-wireless.scan-delay Value Type: uint32 (0-250) Default Value: 0 (use linux mac80211 default) Value Description: Time (msec) to wait on channel before transmitting a probe request. # nmcli con modify test 802-11-wireless.scan-delay 0 Key Name: 802-11-wireless.scan-dwell Value Type: uint32 (0-250) Default Value: 0 (use linux mac80211 default) Value Description: Time (msec) to remain on channel after transmitting a probe request. # nmcli con modify test 802-11-wireless.scan-dwell 0 Key Name: 802-11-wireless.scan-passive-dwell Value Type: uint32 (0-250) Default Value: 0 (use linux mac80211 default) Value Description: Time (msec) to remain on a passive/DFS/Radar channel. # nmcli con modify test 802-11-wireless.scan-passive-dwell 0 Key Name: 802-11-wireless.scan-suspend-time Value Type: uint32 (0-250) Default Value: 0 (use linux mac80211 default) Value Description: Time (msec) to suspend scanning if there is an active connection to service packets. Scanning resumes after this time period. Scanning may again be suspended after a period determined by mac80211. # nmcli con modify test 802-11-wireless.scan-suspend-time 0 Key Name: 802-11-wireless.scan-dfs-timer Value Type: uint32 Default Value: 120 Value Description: The dwell time while passively scanning a DFS channel. A value between 20-500. Units are in msec. # nmcli con modify test 802-11-wireless.scan-dfs-timer 60 Key Name: 802-11-wireless.probe-delay Value Type: uint32 Default Value: 120 Value Description: A value between 20-120. Units are in msec. # nmcli con modify test 802-11-wireless.probe-delay 20 Key Name: 802-11-wireless.ignore-null-ssid Value Type: uint32 Default Value: 0 Value Description: If set to 1, it ignores AP with null SSID in the scan list. # nmcli con modify test 802-11-wireless.ignore-null-ssid on Key Name: 802-11-wireless.frequency-dfs Value Type: uint32 (0 or 1) Default Value: 1 (enabled) Value Description: Set to zero to disable DFS/Radar frequencies. # nmcli con modify test 802-11-wireless.frequency-dfs 1 Key Name: 802-11-wireless.scan-roam-delta Value Type: uint32 (dbm) Default Value: 0 (do not limit) Value Description: This field limits the threshold used to select a better AP for roaming. # nmcli con modify test 802-11-wireless.scan-roam-delta 5 Scanning Notes While connected, the settings for that profile apply to all scans, including NetworkManager scans (both automatic and manual). While disconnected, NetworkManager automatic scanning uses the following: The union of the frequency-list from all profiles DFS/Radar channels are only disabled if disabled in all profiles The largest scan timing parameter value from all profiles While disconnected, NetworkManager manual scans do the following: # nmcli device wifi rescan ifname wlan0 ssid "abcd" # nmcli device wifi rescan ifname wlan0 ssid "" scan all-frequencies scan DFS/Radar channels use default scan timing Roaming Features - Summit supplicant required Key Name: 802-11-wireless.roam-trigger Value Type: uint32 (50|55|60|65|70|75|80|85|90) Default Value: 70 Value Description: Indicates the signal strength at which the radio scans for an access point with a better signal strength. <50|55|60|65|70|75|80|85|90>. Units are in dBm. # nmcli con modify test 802-11-wireless.roam-trigger 65 Key Name: 802-11-wireless.roam-period Value Type: uint32 (5|10|15|20|25|30|35|40|45|50|55|60) Default Value: 10 Value Description: Indicates the amount of time a radio collects RSSI can data before it considers roaming to a different access point. <5|10|15|20|25|30|35|40|45|50|55|60>. Units are in sec. # nmcli con modify test 802-11-wireless.roam-period 15 Key Name: 802-11-wireless.roam-period Value Type: uint32 (5|10|15|20|25|30|35|40|45|50|55|60) Default Value: 10 Value Description: Indicates the amount of time a radio collects RSSI can data before it considers roaming to a different access point. <5|10|15|20|25|30|35|40|45|50|55|60>. Units are in sec. # nmcli con modify test 802-11-wireless.roam-period 15 Powersave Features Key Name: 802-11-wireless.powersave-mode Value Type: uint32 Default Value: 0 Value Description: One of the NM_SETTING_WIRELESS_POWERSAVE_MODE_FAST (2) (enable FAST power save mode). NM_SETTING_WIRELESS_POWERSAVE_MODE_MAX (3) (enable MAX power save mode), or NM_SETTING_WIRELESS_POWERSAVE_MODE_DEFAULT (0) (user neither power save mode). # nmcli con modify test 802-11-wireless.powersave-mode fast Key Name: 802-11-wireless.psp-delay Value Type: uint32 Default Value: 200 Value Description: Value between 10 and 500. Units are in msec. # nmcli con modify test 802-11-wireless.psp-delay 100 Key Name: 802-11-wireless.uapsd Value Type: uint32 Default Value: 0 Value Description: One of the NM_SETTING_WIRELESS_UAPSD_ON (1) (enable uapsd), or NM_SETTING_WIRELESS_UAPSD_OFF (0) (disable uapsd). # nmcli con modify test 802-11-wireless.uapsd on
