Posted inNetwork

Saving Linux Server Wi-Fi via CLI: Mastering nmcli and wpa_supplicant

Network tutorial - IT technology blog
Network tutorial - IT technology blog

When Ethernet Betrays You at 2 AM

A classic scenario: You are remotely fixing a server at a branch office in the middle of the night. Suddenly, the central switch fails or the only LAN cable is chewed through by a mouse. The Ethernet port is paralyzed. Your only hope is that this server can catch the office’s backup Wi-Fi, but unfortunately, it’s a headless version — no interface, no mouse, only a blinking command prompt.

To be honest, in that situation, if you don’t know the CLI well, you’ll likely start breaking a sweat. Connecting a monitor directly to the server is almost impossible. This is when command-line network management skills step in to save a sleepless night.

Should You Choose nmcli or wpa_supplicant?

To connect to Wi-Fi on Linux without a mouse, we usually have two paths. Depending on the distribution (distro) you are using, the tools included will vary.

1. nmcli (NetworkManager CLI)

This is the default tool on modern distros like Ubuntu 22.04+, CentOS/RHEL, or Fedora. nmcli is powerful, has an intuitive syntax, and handles configuration files perfectly. It’s like a Swiss Army knife for SysAdmins.

2. wpa_supplicant

If nmcli is a versatile SUV, wpa_supplicant is like a rugged old Jeep. It’s a low-level tool specialized in Wi-Fi security protocols (WPA2, WPA3). On ultra-lightweight (minimal) systems or IoT devices like Raspberry Pi OS Lite, this is often the only choice.

Pros and Cons

  • nmcli:
    • Pros: Extremely fast, only 1-2 commands to get online. Automatically reconnects after reboot (persistent).
    • Cons: The network-manager package is relatively heavy (uses about 10-15MB RAM) and pulls in many dependencies like D-Bus.
  • wpa_supplicant:
    • Pros: Available on almost any Linux machine. Very lightweight, suitable for low-resource servers.
    • Cons: Verbose syntax. You have to assign IPs manually with dhclient or edit text config files, where a single missing space can break everything.

Which Method to Choose to “Survive”?

The top priority at 2 AM is speed. If the server already has NetworkManager (check with systemctl status NetworkManager), use nmcli immediately. If not, stick with wpa_supplicant.

Method 1: Using nmcli (Quick & Clean)

First, find your Wi-Fi interface name. Don’t assume it’s wlan0; sometimes it’s wlp2s0 or enp0s20f3.

ip link show

Step 1: Enable Wi-Fi Radio

nmcli radio wifi on

Step 2: Scan for Nearby Networks

This command ensures the server sees the signal and helps you find the exact SSID you need to connect to.

nmcli device wifi list

Step 3: Connect

nmcli device wifi connect "YOUR_SSID" password "WIFI_PASSWORD"

If you see “Device ‘wlan0’ successfully activated”, you’ve succeeded. This profile will be saved permanently.

Method 2: Using wpa_supplicant (Manual & Reliable)

This method is suitable when using Debian Minimal or older servers.

Step 1: Create a Secure Configuration File

Use the wpa_passphrase tool to encrypt your password instead of writing it in plain text, preventing password leaks if you accidentally cat the config file.

wpa_passphrase "YOUR_SSID" "PASSWORD" | sudo tee /etc/wpa_supplicant/wpa_supplicant.conf

Step 2: Run the Service in the Background

sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

Where -B (Background) allows you to keep the terminal for subsequent commands.

Step 3: Request an IP Address

Since wpa_supplicant doesn’t automatically request an IP, you need to call the DHCP client:

sudo dhclient wlan0

Routing Trap: Why Connected but No Internet?

A very common mistake: The server still tries to push traffic through the dead Ethernet port because it has a lower metric (higher priority). You connect to Wi-Fi successfully but still can’t ping Google.

Check the routing table:

ip route show

If the Ethernet gateway is still sitting at the top (default via…), you need to delete it or increase the Wi-Fi metric. At this point, calculating the IP range for static assignment (if needed) is crucial to avoid subnet conflicts.

Quick Tip: If you need to subnet quickly or check backup IP ranges, I often use toolcraft.app/en/tools/developer/ip-subnet-calculator. Just enter the CIDR (e.g., /24 or /26) to get the available IP range and Broadcast address, avoiding gateway IP conflicts that cause network loops — errors that are extremely hard to debug when you’re tired.

Final Verification

Don’t forget the legendary ping command to wrap things up:

ping -c 4 8.8.8.8

If you get a reply with a latency of around 20-50ms, congratulations, you’ve successfully saved the server without a single cable.

Linux administration via CLI requires meticulousness. Hopefully, this “midnight troubleshooting” experience helps you feel more confident when the LAN cable suddenly goes on strike.

Share:
Tags: