ap-isolation |
NMTernary (int32) |
|
Configures AP isolation, which prevents communication between wireless devices connected to this AP. This property can be set to a value different from -1 (default) only when the interface is configured in AP mode.
If set to 1 (true), devices are not able to communicate with each other. This increases security because it protects devices against attacks from other clients in the network. At the same time, it prevents devices to access resources on the same wireless networks as file shares, printers, etc.
If set to 0 (false), devices can talk to each other.
When set to -1 (default), the global default is used; in case the global default is unspecified it is assumed to be 0 (false). |
assigned-mac-address |
string |
|
The new field for the cloned MAC address. It can be either a hardware address in ASCII representation, or one of the special values "preserve", "permanent", "random" or "stable". This field replaces the deprecated "cloned-mac-address" on D-Bus, which can only contain explicit hardware addresses. Note that this property only exists in D-Bus API. libnm and nmcli continue to call this property "cloned-mac-address". |
band |
string |
|
802.11 frequency band of the network. One of "a" for 5GHz 802.11a or "bg" for 2.4GHz 802.11. This will lock associations to the Wi-Fi network to the specific band, i.e. if "a" is specified, the device will not associate with the same network in the 2.4GHz band even if the network's settings are compatible. This setting depends on specific driver capability and may not work with all drivers. |
bssid |
byte array |
|
If specified, directs the device to only associate with the given access point. This capability is highly driver dependent and not supported by all devices. Note: this property does not control the BSSID used when creating an Ad-Hoc network and is unlikely to in the future.
Locking a client profile to a certain BSSID will prevent roaming and also disable background scanning. That can be useful, if there is only one access point for the SSID. |
channel |
uint32 |
0 |
Wireless channel to use for the Wi-Fi connection. The device will only join (or create for Ad-Hoc networks) a Wi-Fi network on the specified channel. Because channel numbers overlap between bands, this property also requires the "band" property to be set. |
cloned-mac-address |
byte array |
|
This D-Bus field is deprecated in favor of "assigned-mac-address" which is more flexible and allows specifying special variants like "random". For libnm and nmcli, this field is called "cloned-mac-address". |
generate-mac-address-mask |
string |
|
With "cloned-mac-address" setting "random" or "stable", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address.
If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address.
If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting "FE:FF:FF:00:00:00" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the "random" or "stable" algorithm.
If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of "FE:FF:FF:00:00:00 68:F7:28:00:00:00" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of "02:00:00:00:00:00 00:00:00:00:00:00" will create a fully scrambled globally-administered, burned-in MAC address.
If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, "02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00" will create a fully scrambled MAC address, randomly locally or globally administered. |
hidden |
boolean |
FALSE |
If TRUE, indicates that the network is a non-broadcasting network that hides its SSID. This works both in infrastructure and AP mode.
In infrastructure mode, various workarounds are used for a more reliable discovery of hidden networks, such as probe-scanning the SSID. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution.
In AP mode, the created network does not broadcast its SSID.
Note that marking the network as hidden may be a privacy issue for you (in infrastructure mode) or client stations (in AP mode), as the explicit probe-scans are distinctly recognizable on the air. |
mac-address |
byte array |
|
If specified, this connection will only apply to the Wi-Fi device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing). |
mac-address-blacklist |
array of string |
|
A list of permanent MAC addresses of Wi-Fi devices to which this connection should never apply. Each MAC address should be given in the standard hex-digits-and-colons notation (eg "00:11:22:33:44:55"). |
mac-address-randomization |
uint32 |
0 |
One of 0 (default) (never randomize unless the user has set a global default to randomize and the supplicant supports randomization), 1 (never) (never randomize the MAC address), or 2 (always) (always randomize the MAC address). |
mode |
string |
|
Wi-Fi network mode; one of "infrastructure", "mesh", "adhoc" or "ap". If blank, infrastructure is assumed. |
mtu |
uint32 |
0 |
If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames. |
powersave |
uint32 |
0 |
One of 2 (disable) (disable Wi-Fi power saving), 3 (enable) (enable Wi-Fi power saving), 1 (ignore) (don't touch currently configure setting) or 0 (default) (use the globally configured value). All other values are reserved. |
rate |
uint32 |
0 |
This property is not implemented and has no effect. |
security |
|
|
This property is deprecated and has no effect. For backwards compatibility, it can be set to "802-11-wireless-security" if the profile has a wireless security setting. |
seen-bssids |
array of string |
|
A list of BSSIDs (each BSSID formatted as a MAC address like "00:11:22:33:44:55") that have been detected as part of the Wi-Fi network. NetworkManager internally tracks previously seen BSSIDs. The property is only meant for reading and reflects the BSSID list of NetworkManager. The changes you make to this property will not be preserved.
This is not a regular property that the user would configure. Instead, NetworkManager automatically sets the seen BSSIDs and tracks them internally in "/var/lib/NetworkManager/seen-bssids" file. |
ssid |
byte array |
|
SSID of the Wi-Fi network. Must be specified. |
tx-power |
uint32 |
0 |
This property is not implemented and has no effect. |
wake-on-wlan |
uint32 |
1 |
The NMSettingWirelessWakeOnWLan options to enable. Not all devices support all options. May be any combination of 0x2 (any), 0x4 (disconnect), 0x8 (magic), 0x10 (gtk-rekey-failure), 0x20 (eap-identity-request), 0x40 (4way-handshake), 0x80 (rfkill-release), 0x100 (tcp) or the special values 0x1 (default) (to use global settings) and 0x8000 (ignore) (to disable management of Wake-on-LAN in NetworkManager). |
