Digi Embedded Yocto uses the NetworkManager software package to manage any kind of Wi-Fi configuration on a Wi-Fi network. When the Wi-Fi interface is brought up NetworkManager will read the /etc/NetworkManager/system-connections/nm-wlan0 configuration file and will apply the corresponding actions for the Wi-Fi interface. The NetworkManager configuration is kept in /etc/NetworkManager/NetworkManager.conf, and the interface configuration is kept at /etc/NetworkManager/system-connections.

By default Digi Embedded Yocto configures NetworkManager to use the Wi-Fi interface in client infrastructure mode without open authentication, no encryption and no SSID. In this mode NetworkManager will not connect to any access point (AP).

Digi Embedded Yocto provides a default nm-wlan0 file which is part of the networkmanager package. This file can be customized and overridden on a custom Yocto layer or during system run time.

Configuring the NetworkManager

The nmcli is a command line tool which allows the user to interact with NetworkManager. You can use the nmcli tool to establish a manual connection for different authentication and encryption configurations.

To show information on the command line tool parameters, call nmcli without a parameter.

You can use nmcli edit or modify sub-commands to do any configuration or else change the configuration file itself and then restart the interface to use the new setup. The following examples show different configurations of the Wi-Fi interface using either the configuration file or the command line interface.

Open authentication and no encryption

Via configuration file

[connection]
...

[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=

[ipv4]
dns-search=
method=auto
...

Via command line interface

# nmcli con edit wlan0

===| nmcli interactive connection editor |===

Editing existing '802-11-wireless' connection: 'wlan0'

Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.ssid <AP_name>
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
# nmcli dev disconnect wlan0
# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.

WPA2-PSK authentication with AES-CCMP encryption

Via configuration file

[connection]
...

[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=

[wifi-security]
key-mgmt=wpa-psk
group=
pairwise=
proto=
psk=<AP_passphrase>
...

Via command line interface

# nmcli con edit wlan0

===| nmcli interactive connection editor |===

Editing existing '802-11-wireless' connection: 'wlan0'

Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.ssid <AP_name>
nmcli> set wifi-sec.key-mgmt wpa-psk
nmcli> set wifi-sec.psk <AP_passphrase>
nmcli> remove wifi-sec.group
nmcli> remove wifi-sec.proto
nmcli> remove wifi-sec.pairwise
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
# nmcli dev disconnect wlan0
# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.

By keeping the proto and the pairwise parameters empty, NetworkManager is able to resolve the authentication and encryption combination used by the access point. This way, you can use the same configuration to connect to an access point with any of the following encryption combinations:

  • WPA-PSK authentication with TKIP encryption

  • WPA-PSK authentication with CCMP/AES encryption

  • WPA2-PSK authentication with TKIP encryption

WPA3-Personal

Via configuration file

[connection]
...

[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=

[wifi-security]
key-mgmt=sae
group=
pairwise=
proto=
psk=<AP_passphrase>
...

Via command line interface

# nmcli con edit wlan0

===| nmcli interactive connection editor |===

Editing existing '802-11-wireless' connection: 'wlan0'

Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.mode infrastructure
nmcli> set wifi.ssid <AP_name>
nmcli> set wifi-sec.key-mgmt sae
nmcli> set wifi-sec.psk <AP_passphrase>
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
# nmcli dev disconnect wlan0
# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.

By keeping the proto and the pairwise parameters empty, NetworkManager is able to resolve the authentication and encryption combination used by the access point.