~/ linuxnetwork.net

iw – A Modern nl80211-Based CLI Tool for Wireless Device Configuration

If you’ve ever used Linux to manage wireless networks, you’ve probably encountered iwconfig—the legacy CLI tool for WiFi setup. But as WiFi standards evolve (think 802.11ac, ax, and WPA3), iwconfig has become obsolete, unable to support modern features like mesh networks, management frame protection, or dynamic channel widths.

Enter iw: the official, feature-rich CLI utility developed by the Linux Wireless Team that uses the nl80211 netlink protocol to communicate with the kernel. nl80211 is designed to keep pace with the latest 802.11 standards, providing a flexible, extensible interface between user-space tools and the Linux kernel.

In this blog, we’ll dive deep into iw, covering installation, core commands, advanced configurations, best practices, and how it compares to iwconfig. Whether you’re a system administrator or a power user, this guide will help you master modern WiFi management on Linux.

Table of Contents#

  1. Introduction to iw and nl80211
  2. Prerequisites: Installing iw
  3. Core Concepts & Key Differences from iwconfig
  4. Essential iw Commands: A Practical Guide 4.1. Scanning for Wireless Networks 4.2. Managing Wireless Interfaces 4.3. Connecting to a Wireless Network 4.4. Configuring Advanced WiFi Features 4.5. Monitoring & Troubleshooting
  5. Best Practices for Using iw
  6. Integrating iw with Network Management Tools
  7. Conclusion
  8. References

1. Introduction to iw and nl80211#

What is nl80211?#

nl80211 is a netlink-based protocol that facilitates communication between user-space applications and the Linux kernel for wireless networking. Unlike the legacy Wireless Extensions (used by iwconfig), which are static and limited to hardcoded features, nl80211 is dynamic and extensible. It supports:

  • Modern 802.11 standards (802.11n/ac/ax/WPA3)
  • Mesh networks and access point (AP) mode
  • Regulatory domain management
  • Management Frame Protection (802.11w)
  • Multi-interface configurations (station, monitor, AP on one device)

What is iw?#

iw is the reference CLI tool for nl80211, maintained by the Linux Wireless Team. It provides direct access to all nl80211 features, making it the go-to tool for advanced wireless configuration and troubleshooting on Linux.

2. Prerequisites: Installing iw#

Before using iw, ensure it’s installed on your system. Most modern Linux distributions include iw by default, but if not, install it using your package manager:

Debian/Ubuntu-based Distros#

sudo apt update && sudo apt install iw

Fedora/RHEL/CentOS#

sudo dnf install iw

Arch Linux#

sudo pacman -S iw

Building from Source#

For the latest features, build iw from the official repository:

git clone https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git
cd iw
make
sudo make install

Verify Installation#

Check if iw is installed correctly:

iw --version

3. Core Concepts & Key Differences from iwconfig#

To use iw effectively, it’s critical to understand its core concepts and how it differs from iwconfig:

Featureiw (nl80211)iwconfig (Wireless Extensions)
ProtocolDynamic netlink-based communicationStatic ioctl-based interface
Supported Standards802.11n/ac/ax, WPA3, mesh, AP modeLimited to legacy 802.11b/g, WPA2
Interface ManagementSupports multiple virtual interfacesStruggles with virtual interfaces
Regulatory SupportDynamic regulatory domain updatesStatic, hardcoded regulatory rules
TroubleshootingDetailed stats (MCS index, retries)Basic signal strength only

Key iw Concepts#

  • Phy: The physical wireless adapter (e.g., phy0). A single phy can host multiple virtual interfaces.
  • Interface: A virtual instance of a phy (e.g., wlan0 for station mode, ap0 for access point mode).
  • Mode: The operational state of an interface (station, AP, monitor, mesh, or ad-hoc).
  • Regulatory Domain: A set of rules defining allowed channels and power levels for your region (e.g., US for the United States).

4. Essential iw Commands: A Practical Guide#

Let’s explore the most common iw commands for daily WiFi management. All commands require root privileges (use sudo or run as root).

4.1. Scanning for Wireless Networks#

Scan for nearby WiFi networks using your primary interface:

sudo iw dev wlan0 scan

This outputs raw, detailed data for each network. To filter for key info (SSID, signal strength, frequency):

sudo iw dev wlan0 scan | grep -E 'SSID|signal:|freq:'

Scan in Monitor Mode#

For more comprehensive scanning (e.g., detecting hidden networks), create a dedicated monitor interface:

# Create a monitor interface
sudo iw phy phy0 interface add mon0 type monitor
# Bring the interface up
sudo ip link set mon0 up
# Scan
sudo iw dev mon0 scan | grep -E 'SSID|signal:|freq:'
# Cleanup
sudo iw dev mon0 del

4.2. Managing Wireless Interfaces#

View Interface Information#

Get detailed stats for a specific interface:

sudo iw dev wlan0 info

This shows the interface mode, MAC address, supported channels, and firmware version.

List All Physical Adapters#

View all wireless adapters (phys) on your system:

iw phy

Change Interface Mode#

Switch an interface to access point mode:

sudo ip link set wlan0 down
sudo iw dev wlan0 set type ap
sudo ip link set wlan0 up

Create a Virtual Interface#

Add a new station-mode interface to phy0:

sudo iw phy phy0 interface add wlan1 type station
sudo ip link set wlan1 up

Delete an Interface#

Remove a virtual interface:

sudo iw dev wlan1 del

4.3. Connecting to a Wireless Network#

iw does not handle encryption negotiation directly. For encrypted networks, use wpa_supplicant with iw under the hood.

Connect to an Open Network#

# Bring the interface up
sudo ip link set wlan0 up
# Connect to the open network
sudo iw dev wlan0 connect "OpenNetworkSSID"
# Assign an IP address
sudo dhclient wlan0

Connect to a WPA2/WPA3 Network#

  1. Create a wpa_supplicant configuration file:

    wpa_passphrase "MyWPA3Network" "StrongPassword123" > /etc/wpa_supplicant/wpa.conf

    For WPA3, edit the file to add:

    network={
    ssid="MyWPA3Network"
    psk="StrongPassword123"
    proto=RSN
    key_mgmt=SAE
    pairwise=CCMP
    group=CCMP
}

  2. Start wpa_supplicant:

    sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa.conf -B

  3. Assign an IP address:

    sudo dhclient wlan0

4.4. Configuring Advanced WiFi Features#

Set Regulatory Domain#

Ensure your device uses allowed channels and power levels for your region:

# View current regulatory domain
iw reg get
# Set to United States (replace with your region code)
sudo iw reg set US

Note: You need the crda package installed for this to work (sudo apt install crda on Debian/Ubuntu).

Configure Channel Width#

Set a 20MHz channel width for better range:

sudo iw dev wlan0 set channel 1 HT20

For 802.11ac (VHT), use:

sudo iw dev wlan0 set channel 36 VHT40

Enable Management Frame Protection (802.11w)#

Protect against deauthentication attacks:

sudo iw dev wlan0 set mfp required

This requires the network you’re connecting to also support 802.11w.

Create a Mesh Network#

  1. Switch to mesh mode:

    sudo ip link set wlan0 down
sudo iw dev wlan0 set type mesh
sudo ip link set wlan0 up

  2. Join a mesh network:

    sudo iw dev wlan0 mesh join "MyMeshSSID"

  3. Assign an IP address:

    sudo ip addr add 192.168.50.1/24 dev wlan0

4.5. Monitoring & Troubleshooting#

Check Connection Status#

View real-time stats for a connected interface:

sudo iw dev wlan0 link

This shows signal strength, bitrate, encryption type, and retransmission counts.

View Station Statistics#

Get detailed performance metrics:

sudo iw dev wlan0 station dump

Use this to troubleshoot packet loss, retries, or low signal issues.

Check Firmware Version#

Verify your wireless adapter’s firmware:

iw phy phy0 info | grep firmware

5. Best Practices for Using iw#

  1. Use Sudo: Most iw commands require root privileges to modify system settings.
  2. Avoid Legacy Commands: Replace iwconfig, iwlist, and iwpriv with iw for all new configurations.
  3. Update Regularly: Keep your kernel, iw, and wireless firmware up to date to access the latest features and bug fixes.
  4. Respect Regulatory Rules: Only set regulatory domains allowed in your region to comply with local laws.
  5. Use Monitor Mode Sparingly: Monitor mode can interfere with normal WiFi operation—use dedicated virtual interfaces for scanning.
  6. Leverage wpa_supplicant: For encrypted networks, always use wpa_supplicant instead of direct iw commands, as iw doesn’t handle encryption negotiation.

6. Integrating iw with Network Management Tools#

While iw is powerful for manual configuration, most users rely on network managers like NetworkManager or systemd-networkd for daily use. iw is used under the hood by these tools to communicate with the kernel.

Using iw with NetworkManager#

To override NetworkManager’s settings for a specific interface:

  1. Disable NetworkManager for the interface: 
    sudo nmcli dev set wlan0 managed no
  2. Use iw to configure the interface manually.
  3. Re-enable NetworkManager when done: 
    sudo nmcli dev set wlan0 managed yes

7. Conclusion#

iw is the future of Linux wireless management, replacing the deprecated iwconfig with support for modern WiFi standards and advanced features. Whether you’re scanning for networks, configuring mesh setups, or troubleshooting connection issues, iw provides the flexibility and control you need.

By mastering iw and the nl80211 protocol, you’ll be able to manage wireless networks efficiently and take advantage of the latest WiFi technologies on Linux.

8. References#

  1. Linux Wireless Wiki: iw Documentation
  2. nl80211 Protocol Specification
  3. iw Official Repository
  4. iw Man Page: man iw
  5. wpa_supplicant Documentation: https://w1.fi/wpa_supplicant/
2026-03