Wi-Fi: Shell
The Shell sample allows you to test Nordic Semiconductor’s Wi-Fi® chipsets.
Requirements
The sample supports the following development kits:
Hardware platforms |
PCA |
Board name |
Shields |
|
|---|---|---|---|---|
PCA20065 |
|
|||
PCA20053 |
|
|
||
PCA10153 |
|
|
||
PCA10090 |
|
|
||
PCA10171 |
|
|
||
nRF7120 DK |
nrf7120dk |
|
||
PCA10143 |
|
|||
PCA10143 |
|
|||
PCA10184 |
|
|
||
PCA10156 |
|
|
||
PCA10175 |
|
|
||
PCA10095 |
|
|
||
PCA10056 |
|
|
Overview
The sample can perform all Wi-Fi operations in the 2.4GHz and 5GHz bands depending on the capabilities supported in the underlying chipset.
Using this sample, the development kit can associate with, and ping to, any Wi-Fi capable access point in STA mode.
Building and running
This sample can be found under samples/wifi/shell in the nRF Connect SDK folder structure.
For more security, it is recommended to use the */ns variant of the board target (see the Requirements section above.)
When built for this variant, the sample is configured to compile and run as a non-secure application using security by separation.
Therefore, it automatically includes Trusted Firmware-M that prepares the required peripherals and secure services to be available for the application.
To build the sample, follow the instructions in Building an application for your preferred building environment. See also Programming an application for programming steps and Testing and optimization for general information about testing and debugging in the nRF Connect SDK.
Note
When building repository applications in the SDK repositories, building with sysbuild is enabled by default.
If you work with out-of-tree freestanding applications, you need to manually pass the --sysbuild parameter to every build command or configure west to always use it.
Currently, the following configurations are supported:
nRF7002 DK + QSPI
nRF7002 EK + SPIM
nRF91 Series DK + SPIM
To build for the nRF7002 DK, use the nrf7002dk/nrf5340/cpuapp board target.
The following is an example of the CLI command:
west build -b nrf7002dk/nrf5340/cpuapp
To build for the nRF7002 EK with nRF5340 DK, use the nrf5340dk/nrf5340/cpuapp board target with the SHIELD CMake option set to nrf7002ek.
The following is an example of the CLI command:
west build -b nrf5340dk/nrf5340/cpuapp -- -DSHIELD=nrf7002ek
To build with raw_tx shell support for the nRF7002 DK, use the nrf7002dk/nrf5340/cpuapp board target and raw TX overlay configuration.
The following is an example of the CLI command:
west build -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-raw-tx.conf
To build for the nRF9151 DK, use the nrf9151dk/nrf9151/ns board target with the SHIELD CMake option set to nrf7002ek and a scan-only overlay configuration.
The following is an example of the CLI command:
west build -p -b nrf9151dk/nrf9151/ns -- -DEXTRA_CONF_FILE=overlay-scan-only.conf -DSHIELD=nrf7002ek -DSB_CONFIG_WIFI_NRF70_SCAN_ONLY=y
To build for the nRF9161 DK, use the nrf9161dk/nrf9161/ns board target with the SHIELD CMake option set to nrf7002ek and a scan-only overlay configuration.
The following is an example of the CLI command:
west build -p -b nrf9161dk/nrf9161/ns -- -DEXTRA_CONF_FILE=overlay-scan-only.conf -DSHIELD=nrf7002ek -DSB_CONFIG_WIFI_NRF70_SCAN_ONLY=y
To build for the nRF9160 DK, use the
nrf9160dk/nrf9160/nsboard target with theSHIELDCMake option set tonrf7002ekand a scan-only overlay configuration. The following is an example of the CLI command:
west build -b nrf9160dk/nrf9160/ns -- -DEXTRA_CONF_FILE=overlay-scan-only.conf -DSHIELD=nrf7002ek -DSB_CONFIG_WIFI_NRF70_SCAN_ONLY=y
Note
The nRF91 Series supports Wi-Fi through nR70 Series shields but is limited to scan-only operation to enhance location accuracy. However, it does not support full Wi-Fi operations.
To build for the Thingy:91 X using the nRF5340 as the host chip, use the thingy91x/nrf5340/cpuapp board target with the SB_CONFIG_THINGY91X_STATIC_PARTITIONS_NRF53_EXTERNAL_FLASH Kconfig option set to y.
This requires an external debugger since the nRF9151 normally owns the buses.
This special configuration is not compatible with nRF9151 firmware compiled for the default configuration.
You need to erase the nRF9151 first to avoid conflicts.
The following is an example of the CLI commands:
west build -b thingy91x/nrf5340/cpuapp -- -DSB_CONFIG_THINGY91X_STATIC_PARTITIONS_NRF53_EXTERNAL_FLASH=y
# Set SWD switch to nRF91 and check if you are connected to an nRF91:
nrfutil device device-info
# If you see deviceVersion as NRF9120_xxAA_REV3 in the above output, proceed with erasing:
nrfutil device --recover
# Flip the SWD switch back to nRF53.
nrfutil device device-info
# If you see deviceVersion as NRF5340_xxAA_REV1 in the above output, proceed with flashing:
west flash --erase
See also Providing CMake options for instructions on how to provide CMake options.
Refer to the sample.yaml file for a complete list of supported boards and their corresponding build command options.
Supported CLI commands
wifi is the Wi-Fi command line and supports the following UART CLI subcommands:
Subcommands |
Description |
|---|---|
scan |
Scan for Wi-Fi APs
OPTIONAL PARAMETERS:
[-t, –type <active/passive>] : Preferred mode of scan. The actual mode
of scan can depend on factors such as the Wi-Fi chip implementation,
regulatory domain restrictions. Default type is active.
[-b, –bands <Comma separated list of band values (2/5/6)>] : Bands to be
scanned where 2: 2.4 GHz, 5: 5 GHz, 6: 6 GHz.
[-a, –dwell_time_active <val_in_ms>] : Active scan dwell time (in ms) on
a channel. Range 5 ms to 1000 ms.
[-p, –dwell_time_passive <val_in_ms>] : Passive scan dwell time (in ms)
on a channel. Range 10 ms to 1000 ms.
[-s, –ssids <Comma separate list of SSIDs>] : SSID list to scan for.
[-m, –max_bss <val>] : Maximum BSSes to scan for. Range 1 - 65535.
[-c, –chans <Comma separated list of channel ranges>] : Channels to be
scanned. The channels must be specified in the form
band1:chan1,chan2_band2:chan3,..etc. band1, band2 must be valid band
values and chan1, chan2, chan3 must be specified as a list of comma
separated values where each value is either a single channel or a channel
range specified as chan_start-chan_end. Each band channel set has to be
separated by a _. For example, a valid channel specification can be
2:1,6-11,14_5:36,149-165,44
[-h, –help] : Print out the help for the scan command.
|
connect |
Connect to a Wi-Fi AP
<-s –ssid “<SSID>”>: SSID to connect.
[-c –channel]: Channel that needs to be scanned for connection.
Value 0 indicates any channel.
[-b, –band] 0: any band (2:2.4GHz, 5:5GHz, 6:6GHz)
[-p, –passphrase]: Passphrase (valid only for secure SSIDs)
[-k, –key-mgmt]: Key Management type (valid only for secure SSIDs)
0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E,
5:SAE-AUTO, 6:WAPI, 7:EAP-TLS, 8:WEP, 9:WPA-PSK,
10:WPA-Auto-Personal, 11:DPP, 12:EAP-PEAP-MSCHAPv2,
13:EAP-PEAP-GTC, 14:EAP-TTLS-MSCHAPv2, 15:EAP-PEAP-TLS,
20:SAE-EXT-KEY, 21:WEP-OPEN, 22:WEP-SHARED
[-w, –ieee-80211w]: MFP (optional: needs security type to be
specified): 0:Disable, 1:Optional, 2:Required.
[-m, –bssid]: MAC address of the AP (BSSID).
[-t, –timeout]: Timeout for the connection attempt (in seconds).
[-a, –anon-id]: Anonymous identity for enterprise mode.
[-K, –key1-pwd for eap phase1 or –key2-pwd for eap phase2]:
Private key passwd for enterprise mode. Default is no password
for private key.
[-S, –wpa3-enterprise]: WPA3 enterprise mode:
Default is 0. 0:No WPA3 enterprise mode, 1:Suite-b mode,
2:Suite-b-192-bit mode, 3:WPA3-enterprise-only mode.
[-T, –TLS-cipher]: 0:TLS-NONE, 1:TLS-ECC-P384, 2:TLS-RSA-3K.
[-A, –verify-peer-cert]: apply for EAP-PEAP-MSCHAPv2 and
EAP-TTLS-MSCHAPv2.
Default is 0. 0:do not use CA to verify peer, 1:use CA to
verify peer.
[-V, –eap-version]: 0 or 1. Default is 1: use eap version 1.
[-I, –eap-id1]: Client Identity. Default is no eap identity.
[-P, –eap-pwd1]: Client Password. Default is no password for
eap user.
[-R, –ieee-80211r]: Use IEEE80211R fast BSS transition connect.
[-e, –server-cert-domain-exact]: Full domain names for server
certificate match.
[-x, –server-cert-domain-suffix]: Domain name suffixes for
server certificate match.
[-h, –help]: Print out the help for the connect command.
|
disconnect |
Disconnect from the Wi-Fi AP |
status |
Status of the Wi-Fi interface |
statistics |
Wi-Fi interface statistics |
ap |
Access Point mode commands
enable - Enable Access Point mode, with the following parameters:
<SSID>
<SSID length>
<channel> [optional]
<psk> [optional]
disable - Disable Access Point mode
(Note that the Access Point mode is presently not supported.)
stations : List stations connected to the AP
disconnect - Disconnect a station from the AP
<MAC address of the station>
|
ps |
Configure power save
No argument - Prints current configuration
on - Turns on power save feature
off - Turns off power save feature
|
ps_mode |
Configure Wi-Fi power save mode
0 - Legacy
1 - WMM
|
twt |
Manage Target Wake Time (TWT) flows with below subcommands:
quick_setup : Start a TWT flow with defaults:
<twt_wake_interval: 1-262144us> <twt_interval: 1us-2^31us>.
setup : Start a TWT flow:
<negotiation_type, 0: Individual, 1: Broadcast, 2: Wake TBTT>
<setup_cmd: 0: Request, 1: Suggest, 2: Demand>
<dialog_token: 1-255> <flow_id: 0-7> <responder: 0/1> <trigger:
0/1> <implicit:0/1> <announce: 0/1> <twt_wake_interval:
1-262144us> <twt_interval: 1us-2^31us>.
teardown : Teardown a TWT flow:
<negotiation_type, 0: Individual, 1: Broadcast, 2: Wake TBTT>
<setup_cmd: 0: Request, 1: Suggest, 2: Demand>
<dialog_token: 1-255> <flow_id: 0-7>.
teardown_all : Teardown all TWT flows.
|
reg_domain |
Set or get Wi-Fi regulatory domain
Usage: wifi reg_domain [ISO/IEC 3166-1 alpha2] [-f]
-f: Force to use this regulatory hint over any other regulatory hints.
(Note that this may cause regulatory compliance issues.)
|
ps_timeout |
Configure Wi-Fi power save inactivity timer (in ms)
|
ps_listen_interval |
Configure Wi-Fi power save for the Listen interval
<0-65535>
|
ps_wakeup_mode |
Configure Wi-Fi power save for wakeup mode
dtim - Wakeup mode for the DTIM interval
listen_interval - Wakeup mode for the Listen interval
|
mode |
This command may be used to set the Wi-Fi device into a specific mode of operation
parameters:
[-i : –if-index <idx>] : Interface index.
[-s : –sta] : Station mode.
[-m : –monitor] : Monitor mode.
[-p : –promiscuous] : Promiscuous mode.
[-t : –tx-injection] : TX-Injection mode.
[-a : –ap] : AP mode.
[-k : –softap] : Softap mode.
[-h : –help] : Help.
[-g : –get] : Get current mode for a specific interface index
Usage: Get operation example for interface index 1
wifi mode -g -i1
Set operation example for interface index 1 - set station+promiscuous
wifi mode -i1 -sp
|
packet_filter |
This command is used to set packet filter setting when
monitor, TX-Injection and promiscuous mode is enabled
The different packet filter modes are control,
management, data and enable all filters
[-i, –if-index <idx>] : Interface index
[-a, –all] : Enable all packet filter modes
[-m, –mgmt] : Enable management packets to be allowed up
the stack
[-c, –ctrl] : Enable control packets to be allowed up
the stack
[-d, –data] : Enable Data packets to be allowed up the
stack
[-g, –get] : Get current filter settings for a specific
interface index
[-b, –capture-len <len>] : Capture length buffer size
for each packet to be captured
[-h, –help] : Help
Usage: Get operation example for interface index 1
wifi packet_filter -g -i1
Set operation example for interface index 1 - set
data+management frame filter
wifi packet_filter -i1 -md
|
channel |
This command is used to set the channel when monitor or TX-Injection mode is enabled
Currently 20 MHz is only supported and no BW parameter is provided
parameters:
[-i : –if-index <idx>] : Interface index.
[-c : –channel] : Set a specific channel number to the lower layer.
[-g : –get] : Get current set channel number from the lower layer.
[-h : –help] : Help.
Usage: Get operation example for interface index 1
wifi channel -i1 -g
Set operation example for interface index 1 (setting channel 5)
wifi -i1 -c5
|
wifi cred is an extension to the Wi-Fi command line.
It adds the following subcommands to interact with the Wi-Fi credentials library:
Subcommands |
Description |
|---|---|
add |
Add a network to the credentials storage with following parameters:
<-s –ssid "<SSID>">: SSID.
[-c –channel]: Channel that needs to be scanned for connection. 0:any channel
[-b, –band] 0: any band (2:2.4GHz, 5:5GHz, 6:6GHz)
[-p, –passphrase]: Passphrase (valid only for secure SSIDs)
[-k, –key-mgmt]: Key management type.
0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI,”
“ 7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal, 11: DPP
[-w, –ieee-80211w]: MFP (optional: needs security type to be specified)
: 0:Disable, 1:Optional, 2:Required.
[-m, –bssid]: MAC address of the AP (BSSID).
[-t, –timeout]: Duration after which connection attempt needs to fail.
[-a, –identity]: Identity for enterprise mode.
[-K, –key-passwd]: Private key passwd for enterprise mode.
[-h, –help]: Print out the help for the connect command.
|
delete <SSID> |
Removes network from credentials storage. |
list |
Lists networks in credential storage. |
auto_connect |
Automatically connects to any stored network. |
raw_tx is an extension to the Wi-Fi command line.
It adds the following subcommands to configure and send raw TX packets:
Subcommands |
Description |
Valid values |
|---|---|---|
mode |
Enable or Disable TX injection mode
[-h, –help]: Print out the help for the mode command
|
Valid values:
1 - Enable
0 - Disable
|
configure |
Configure the raw TX packet header with the following parameters:
[-f, –rate-flags]: Rate flag value
[-d, –data-rate]: Data rate value
[-q, –queue-number]: Queue number
[-h, –help]: Print out the help for the configure command
|
Valid Rate flag values:
0 - Legacy
1 - HT mode
2 - VHT mode
3 - HE (SU) mode
4 - HE (ERSU) mode
Valid Data rate values:
Legacy: 1, 2, 55, 11, 6, 9, 12, 18, 24, 36, 48, 54
Non-Legacy: MCS index need to be used (0 - 7)
Valid Queue numbers:
0 - Background
1 - Best effort
2 - Video
3 - Voice
4 - Beacon
|
send |
Send raw TX packets
parameters:
[-m, –mode]: Mode of transmission (either continuous or fixed)
[-n, –number-of-pkts]: Number of packets to be transmitted
[-t, –inter-frame-delay]: Delay between frames or packets in milliseconds
[-h, –help]: Print out the help for the send command
|
N/A
|
For more information, see Raw IEEE 802.11 packet transmission.
promiscuous_set is an extension to the Wi-Fi command line.
It adds the following subcommand to configure Promiscuous mode:
Subcommand |
Description |
Valid values |
|---|---|---|
mode |
Enable or Disable Promiscuous mode
[-h, –help]: Print out the help for the mode command
|
Valid values:
1 - Enable
0 - Disable
|
For more information, see Raw IEEE 802.11 packet reception using Promiscuous mode.
Testing STA mode
After programming the sample to your development kit, complete the following steps to test it:
Connect the kit to the computer using a USB cable. The kit is assigned a serial port. Serial ports are referred to as COM ports on Windows, /dev/ttyACM devices on Linux, and /dev/tty devices on macOS. To list Nordic Semiconductor devices connected to your computer together with their serial ports, open a terminal and run the
nrfutil device listcommand. Alternatively, check your operating system’s device manager or its equivalent.Connect to the kit with a terminal emulator (for example, the Serial Terminal app). See Testing and optimization for the required settings and steps.
Scan for the Wi-Fi networks in range using the following command:
wifi scanThe output should be similar to the following:
Scan requested Num | SSID (len) | Chan (Band) | RSSI | Security | BSSID 1 | xyza 4 | 1 (2.4GHz) | -27 | WPA2-PSK | xx:xx:xx:xx:xx:xx 2 | abcd 4 | 149 (5GHz ) | -28 | WPA2-PSK | yy:yy:yy:yy:yy:yy
Connect to your preferred network using the following command:
wifi connect -s <SSID> -k <key_management> -p <passphrase><SSID>is the SSID of the network you want to connect to,<passphrase>is its passphrase, and the<key_management>is the security type used by the network.Check the connection status after a while, using the following command:
wifi statusIf the connection is established, you should see an output similar to the following:
Status: successful ================== State: COMPLETED Interface Mode: STATION Link Mode: WIFI 6 (802.11ax/HE) SSID: OpenWrt BSSID: C0:06:C3:1D:CF:9E Band: 5GHz Channel: 157 Security: WPA2-PSK PMF: Optional RSSI: 0
Initiate a ping and verify data connectivity using the following commands:
net dns <hostname> net ping <resolved hostname>
See the following example:
net dns google.com Query for 'google.com' sent. dns: 142.250.74.46 dns: All results received net ping 10 142.250.74.46 PING 142.250.74.46 28 bytes from 142.250.74.46 to 192.168.50.199: icmp_seq=0 ttl=113 time=191 ms 28 bytes from 142.250.74.46 to 192.168.50.199: icmp_seq=1 ttl=113 time=190 ms 28 bytes from 142.250.74.46 to 192.168.50.199: icmp_seq=2 ttl=113 time=190 ms
Testing SAP mode
To test the SAP mode, the sample must be built using the configuration overlay overlay-sap.conf file.
After programming the sample to your development kit, complete the following steps to test it:
Connect the kit to the computer using a USB cable. The kit is assigned a serial port. Serial ports are referred to as COM ports on Windows, /dev/ttyACM devices on Linux, and /dev/tty devices on macOS. To list Nordic Semiconductor devices connected to your computer together with their serial ports, open a terminal and run the
nrfutil device listcommand. Alternatively, check your operating system’s device manager or its equivalent.Connect to the kit with a terminal emulator (for example, the Serial Terminal app). See Testing and optimization for the required settings and steps.
Set the appropriate regulatory domain using the following command:
wifi reg_domain <ISO/IEC 3166-1 alpha2>For example, to set the regulatory domain to IN, use the following command:
wifi reg_domain INSet an IP address for the SAP interface using the following command:
net ipv4 add 1 192.168.1.1 255.255.255.0Enable the Access Point mode using the following command:
wifi ap enable -s <SSID> -c <channel> -k <key_management> -p <psk><SSID>is the SSID of the network you want to connect to,<psk>is its passphrase, and the<key_management>is the security type used by the network.Check the SAP status after a while, using the following command:
wifi statusIf the SAP is established, you should see an output similar to the following:
Status: successful ================== State: COMPLETED Interface Mode: ACCESS POINT Link Mode: UNKNOWN SSID: testing BSSID: F4:CE:36:00:22:C6 Band: 2.4GHz Channel: 1 Security: OPEN MFP: Disable Beacon Interval: 0 DTIM: 2 TWT: Not supported
Connect a station to the SAP using a static IP address and verify the connection using the following command:
wifi ap stationsIf the station is connected, you should see an output similar to the following:
AP stations: ============ Station 1: ========== MAC: 62:26:54:D9:1C:6E Link mode: WIFI 4 (802.11n/HT) TWT: Not supported
Verify connectivity by pinging the Station from the SAP using the following command:
net ping <station IP address>See the following example:
net ping 192.168.1.88 PING 192.168.1.88 28 bytes from 192.168.1.88 to 192.168.1.1: icmp_seq=1 ttl=64 time=5 ms 28 bytes from 192.168.1.88 to 192.168.1.1: icmp_seq=2 ttl=64 time=5 ms 28 bytes from 192.168.1.88 to 192.168.1.1: icmp_seq=3 ttl=64 time=5 ms
Disable the Access Point mode using the following command:
wifi ap disable
Dependencies
This sample uses the following library:
This sample also uses modules found in the following locations in the nRF Connect SDK folder structure:
modules/lib/hostapmodules/mbedtls