Wi-Fi: Shell

This sample allows you to test Nordic Semiconductor’s Wi-Fi® chipsets.


The sample supports the following development kits:

Hardware platforms


Board name

Build target





nRF9160 DK




nRF7002 DK (emulating nRF7001)




nRF7002 DK



nrf7002dk_nrf5340_cpuapp_ns nrf7002dk_nrf5340_cpuapp

nRF5340 DK




nRF52840 DK





This sample can perform all Wi-Fi operations in the 2.4GHz and 5GHz bands depending on the capabilities supported in the underlying chipset.

Using this sample, the development kit can associate with, and ping to, any Wi-Fi capable access point in STA mode.

Building and running

This sample can be found under samples/wifi/shell in the nRF Connect SDK folder structure.

When built as firmware image for the _ns build target, the sample has Cortex-M Security Extensions (CMSE) enabled and separates the firmware between Non-Secure Processing Environment (NSPE) and Secure Processing Environment (SPE). Because of this, it automatically includes the Trusted Firmware-M (TF-M). To read more about CMSE, see Processing environments.

To build the sample with Visual Studio Code, follow the steps listed on the How to build an application page in the nRF Connect for VS Code extension documentation. See Building and programming an application for other building and programming scenarios and Testing and debugging an application for general information about testing and debugging in the nRF Connect SDK.

Currently, the following configurations are supported:

  • 7002 DK + QSPI

  • 7002 EK + SPIM

  • 9160 DK + SPIM

To build for the nRF7002 DK, use the nrf7002dk_nrf5340_cpuapp build target. The following is an example of the CLI command:

west build -b nrf7002dk_nrf5340_cpuapp

To build for the nRF7002 EK with nRF5340 DK, use the nrf5340dk_nrf5340_cpuapp build target with the SHIELD CMake option set to nrf7002ek. The following is an example of the CLI command:

west build -b nrf5340dk_nrf5340_cpuapp -- -DSHIELD=nrf7002ek

To build for the nRF9160 DK, use the nrf9160dk_nrf9160_ns build target with the SHIELD CMake option set to nrf7002ek and scan-only overlay configuration. The following is an example of the CLI command:

west build -b nrf9160dk_nrf9160_ns -- -DOVERLAY_CONFIG=overlay-scan-only.conf -DSHIELD=nrf7002ek

See also Providing CMake options for instructions on how to provide CMake options.

Supported CLI commands

wifi is the Wi-Fi command line and supports the following UART CLI subcommands:

Wi-Fi shell subcommands




Scan for access points in the vicinity


Connect to an access point with below parameters:
<Channel number> (optional: 0 means all)
<PSK> (optional: valid only for secured SSIDs)
<Security type> (optional: 0-None, 1-PSK, 2-PSK-256, 3-SAE)
<MFP> (optional: 0-Disable, 1-Optional, 2-Required)


Disconnect from the current access point


Get the status of the Wi-Fi interface


Get the statistics of the Wi-Fi interface


Configure the Wi-Fi interface as access point mode


Configure the Wi-Fi interface as station mode


Configure power save
No argument - Prints current configuration
on - Turns on power save feature
off - Turns off power save feature


Configure Wi-Fi power save mode
0 - Legacy
1 - WMM


Manage Target Wake Time (TWT) flows with below subcommands:

setup - Start a TWT flow:
<negotiation_type: 0 - Individual, 1 - Broadcast, 2 - Wake TBTT>
<setup_cmd: 0 - Request, 1 - Suggest, 2 - Demand>
<dialog_token> <flow_id> <responder> <trigger> <implicit>
<announce> <twt_wake_interval> <twt_interval>

teardown - Teardown a TWT flow:
<negotiation_type: 0 - Individual, 1 - Broadcast, 2 - Wake TBTT>
<setup_cmd: 0 - Request, 1 - Suggest, 2 - Demand>
<dialog_token> <flow_id>

teardown_all - Teardown all TWT flows


Set or get Wi-Fi regulatory domain

Usage: wifi reg_domain [ISO/IEC 3166-1 alpha2] [-f]

-f: Force to use this regulatory hint over any other regulatory hints.
(Note that this may cause regulatory compliance issues.)


Configure Wi-Fi power save inactivity timer (in ms)


Configure Wi-Fi power save for the Listen interval


Configure Wi-Fi power save for wakeup mode
dtim - Wakeup mode for the DTIM interval
listen_interval - Wakeup mode for the Listen interval

wifi_cred is an extension to the Wi-Fi command line. It adds the following commands to interact with the Wi-Fi credentials library:

Wi-Fi credentials shell subcommands




Add a network to the credentials storage with following parameters:
<Passphrase> (optional: valid only for secured SSIDs)
<BSSID> (optional)
<Band> (optional: 2.4GHz, 5GHz)
favorite (optional, makes the network higher priority in automatic connection)

delete <SSID>

Removes network from credentials storage.


Lists networks in credential storage.


Automatically connects to any stored network.


After programming the sample to your development kit, complete the following steps to test it:

  1. Connect the kit to the computer using a USB cable. The kit is assigned a COM port (Windows) or ttyACM device (Linux), which is visible in the Device Manager.

  2. Connect to the kit with a terminal emulator (for example, PuTTY). See How to connect with PuTTY for the required settings.

  3. Scan for the Wi-Fi networks in range using the following command:

    wifi scan

    The output should be similar to the following:

    Scan requested
    Num  | SSID                             (len) | Chan (Band)    | RSSI | Security        | BSSID
    1    | xyza                             4     | 1    (2.4GHz)  | -27  | WPA2-PSK        | xx:xx:xx:xx:xx:xx
    2    | abcd                             4     | 149  (5GHz  )  | -28  | WPA2-PSK        | yy:yy:yy:yy:yy:yy
  4. Connect to your preferred network using the following command:

    wifi connect <SSID> <passphrase>

    <SSID> is the SSID of the network you want to connect to, and <passphrase> is its passphrase.

  5. Check the connection status after a while, using the following command:

    wifi status

    If the connection is established, you should see an output similar to the following:

    Status: successful
    State: COMPLETED
    Interface Mode: STATION
    Link Mode: WIFI 6 (802.11ax/HE)
    SSID: OpenWrt
    BSSID: C0:06:C3:1D:CF:9E
    Band: 5GHz
    Channel: 157
    Security: WPA2-PSK
    PMF: Optional
    RSSI: 0
  6. Initiate a ping and verify data connectivity using the following commands:

    net dns <hostname>
    net ping <resolved hostname>

    See the following example:

    net dns google.com
     Query for 'google.com' sent.
     dns: All results received
    net ping 10
     28 bytes from to icmp_seq=0 ttl=113 time=191 ms
     28 bytes from to icmp_seq=1 ttl=113 time=190 ms
     28 bytes from to icmp_seq=2 ttl=113 time=190 ms


This sample uses the following sdk-nrfxlib library:

This sample also uses modules found in the following locations in the nRF Connect SDK folder structure:

  • modules/lib/hostap

  • modules/mbedtls