DLADM(8) Maintenance Commands and Procedures DLADM(8)
NAME
dladm - administer data links
SYNOPSIS
dladm help dladm show-link [
-P] [
-s [
-i interval]] [[
-p]
-o field[,...]] [
link]
dladm rename-link [
-R root-dir] [
-z zonename]
link new-link dladm delete-phys phys-link dladm show-phys [
-m |
-H |
-P] [[
-p]
-o field[,...]] [
phys-link]
dladm create-aggr [
-t] [
-R root-dir] [
-P policy] [
-L mode]
[
-T time] [
-u address]
-l ether-link1 [
-l ether-link2...]
aggr-link dladm modify-aggr [
-t] [
-R root-dir] [
-P policy] [
-L mode]
[
-T time] [
-u address]
aggr-link dladm delete-aggr [
-t] [
-R root-dir]
aggr-link dladm add-aggr [
-t] [
-R root-dir]
-l ether-link1 [
-l ether-link2...]
aggr-link dladm remove-aggr [
-t] [
-R root-dir]
-l ether-link1 [
-l ether-link2...]
aggr-link dladm show-aggr [
-PLx] [
-s [
-i interval]] [[
-p]
-o field[,...]]
[
aggr-link]
dladm create-bridge [
-P protect] [
-R root-dir] [
-p priority]
[
-m max-age] [
-h hello-time] [
-d forward-delay] [
-f force-protocol]
[
-l link...]
bridge-name dladm modify-bridge [
-P protect] [
-R root-dir] [
-p priority]
[
-m max-age] [
-h hello-time] [
-d forward-delay] [
-f force-protocol]
bridge-name dladm delete-bridge [
-R root-dir]
bridge-name dladm add-bridge [
-R root-dir]
-l link [
-l link...]
bridge-name dladm remove-bridge [
-R root-dir]
-l link [
-l link...]
bridge-name dladm show-bridge [
-flt] [
-s [
-i interval]] [[
-p]
-o field,...]
[
bridge-name]
dladm create-vlan [
-ft] [
-R root-dir]
-l ether-link -v vid [
vlan-link]
dladm delete-vlan [
-t] [
-R root-dir]
vlan-link dladm show-vlan [
-P] [[
-p]
-o field[,...]] [
vlan-link]
dladm scan-wifi [[
-p]
-o field[,...]] [
wifi-link]
dladm connect-wifi [
-e essid] [
-i bssid] [
-k key,...]
[
-s none | wep | wpa ] [
-a open | shared] [
-b bss | ibss] [
-c]
[
-m a | b | g] [
-T time] [
wifi-link]
dladm disconnect-wifi [
-a] [
wifi-link]
dladm show-wifi [[
-p]
-o field[,...]] [
wifi-link]
dladm show-ether [
-x] [[
-p]
-o field[,...]] [
ether-link]
dladm set-linkprop [
-t] [
-R root-dir] [
-z zonename]
-p prop=
value[,...]
link dladm reset-linkprop [
-t] [
-R root-dir] [
-z zonename] [
-p prop[,...]]
link dladm show-linkprop [
-P] [
-z zonename] [[
-c]
-o field[,...]]
[
-p prop[,...]] [
link]
dladm create-secobj [
-t] [
-R root-dir] [
-f file]
-c class secobj dladm delete-secobj [
-t] [
-R root-dir]
secobj[,...]
dladm show-secobj [
-P] [[
-p]
-o field[,...]] [
secobj,...]
dladm create-vnic [
-t]
-l link [
-R root-dir] [
-m value | auto |
{factory
-n slot-identifier]} | {random [
-r prefix]}]
[
-v vlan-id] [
-p prop=
value[,...]]
vnic-link dladm delete-vnic [
-t] [
-R root-dir] [
-z zonename]
vnic-link dladm show-vnic [
-pP] [
-s [
-i interval]] [
-o field[,...]]
[
-l link] [
-z zonename] [
vnic-link]
dladm create-etherstub [
-t] [
-R root-dir]
etherstub dladm delete-etherstub [
-t] [
-R root-dir]
etherstub dladm show-etherstub [
etherstub]
dladm create-iptun [
-t] [
-R root-dir]
-T type [-a {local|remote}=<addr>[,...]]
iptun-link dladm modify-iptun [
-t] [
-R root-dir] [-a {local|remote}=<addr>[,...]]
iptun-link dladm delete-iptun [
-t] [
-R root-dir]
iptun-link dladm show-iptun [
-P] [[
-p]
-o field[,...]] [
iptun-link]
dladm create-overlay [
-t]
-e encap -s search -v vnetid [
-p prop=
value[,...]]
overlay dladm delete-overlay [
-t]
overlay dladm modify-overlay -d mac |
-f |
-s mac=ip:port overlay dladm show-overlay [
-f |
-t ] [[
-p]
-o field[,...]] [
overlay]
dladm show-usage [
-a]
-f filename [
-p plotfile -F format] [
-s time]
[
-e time] [
link]
DESCRIPTION
The
dladm command is used to administer data-links. A data-link is
represented in the system as a
STREAMS DLPI (v2) interface which can be
plumbed under protocol stacks such as
TCP/IP. Each data-link relies on
either a single network device or an aggregation of devices to send
packets to or receive packets from a network.
Each
dladm subcommand operates on one of the following objects:
link A datalink, identified by a name. In general, the name can use any
alphanumeric characters (or the underscore,
_), but must start with
an alphabetic character and end with a number. A datalink name can be
at most 31 characters, and the ending number must be between 0 and
4294967294 (inclusive). The ending number must not begin with a zero.
Datalink names between 3 and 8 characters are recommended.
Some subcommands operate only on certain types or classes of
datalinks. For those cases, the following object names are used:
phys-link A physical datalink.
vlan-link A VLAN datalink.
aggr-link An aggregation datalink (or a key; see NOTES).
ether-link A physical Ethernet datalink.
wifi-link A WiFi datalink.
vnic-link A virtual network interface created on a link, an
etherstub, or
an overlay. It is a pseudo device that can be treated as if it
were an network interface card on a machine.
iptun-link An IP tunnel link.
dev A network device, identified by concatenation of a driver name and an
instance number.
etherstub An Ethernet stub can be used instead of a physical NIC to create
VNICs. VNICs created on an
etherstub will appear to be connected
through a virtual switch, allowing complete virtual networks to be
built without physical hardware.
bridge A bridge instance, identified by an administratively-chosen name. The
name may use any alphanumeric characters or the underscore,
_, but
must start and end with an alphabetic character. A bridge name can be
at most 31 characters. The name
default is reserved, as are all
names starting with
SUNW.
Note that appending a zero (
0) to a bridge name produces a valid link
name, used for observability.
secobj A secure object, identified by an administratively-chosen name. The
name can use any alphanumeric characters, as well as underscore (
_),
period (
.), and hyphen (
-). A secure object name can be at most 32
characters.
overlay An overlay instance, identified by an administratively-chosen name.
An overlay can be used to create or join an existing software defined
network. VNICs created on an overlay will appear to be connected by
a local virtual switch and will also be connected to interfaces on
matching overlays provided by other hosts. For more information on
overlay devices, see
overlay(5).
Options
Each
dladm subcommand has its own set of options. However, many of the
subcommands have the following as a common option:
-R root-dir,
--root-dir=
root-dir Specifies an alternate root directory where the operation-such as
creation, deletion, or renaming-should apply.
SUBCOMMANDS
When invoked with no arguments,
dladm shows the link configuration
information, in the same way as
dladm show-link.
The following subcommands are supported:
dladm help Display brief command usage.
dladm show-link [
-P] [
-s [
-i interval]] [[
-p]
-o field[,...]][
link]
Show link configuration information (the default) or statistics,
either for all datalinks or for the specified link
link. By default,
the system is configured with one datalink for each known network
device.
-o field[,...],
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. When not modified by the
-s option (described below),
the field name must be one of the fields listed below, or the
special value
all to display all fields. By default (without
-o),
show-link displays all fields.
LINK The name of the datalink.
CLASS The class of the datalink.
dladm distinguishes between the
following classes:
phys A physical datalink. The
show-phys subcommand displays
more detail for this class of datalink.
aggr An IEEE 802.3ad link aggregation. The
show-aggr subcommand displays more detail for this class of
datalink.
vlan A VLAN datalink. The
show-vlan subcommand displays more
detail for this class of datalink.
vnic A virtual network interface. The
show-vnic subcommand
displays more detail for this class of datalink.
overlay A virtual device that is used to create or join a
software defined network. The
show-overlay subcommand
displays more detail for this class of datalink.
MTU The maximum transmission unit size for the datalink being
displayed.
STATE The link state of the datalink. The state can be
up,
down, or
unknown.
BRIDGE The name of the bridge to which this link is assigned, if
any.
OVER The physical datalink(s) over which the datalink is
operating. This applies to
aggr,
bridge, and
vlan classes of
datalinks. A VLAN is created over a single physical datalink,
a bridge has multiple attached links, and an aggregation is
comprised of one or more physical datalinks.
When the
-o option is used in conjunction with the
-s option,
used to display link statistics, the field name must be one of
the fields listed below, or the special value
all to display all
fields
LINK The name of the datalink.
IPACKETS Number of packets received on this link.
RBYTES Number of bytes received on this link.
IERRORS Number of input errors.
OPACKETS Number of packets sent on this link.
OBYTES Number of bytes sent on this link.
OERRORS Number of output errors.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-P,
--persistent Display the persistent link configuration.
-s,
--statistics Display link statistics.
-i interval,
--interval=
interval Used with the
-s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.
dladm rename-link [
-R root-dir] [
-z zonename]
link new-link Rename
link to
new-link. This is used to give a link a meaningful
name, or to associate existing link configuration such as link
properties of a removed device with a new device. See the
EXAMPLES section for specific examples of how this subcommand is used.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-z zonename A link assigned to a zone can only be renamed while the zone is
in the ready state.
dladm delete-phys phys-link This command is used to delete the persistent configuration of a link
associated with physical hardware which has been removed from the
system. See the
EXAMPLES section.
dladm show-phys [
-m |
-H |
-P] [[
-p]
-o field[,...]] [
phys-link]
Show the physical device and attributes of all physical links, or of
the named physical link. Without
-P, only physical links that are
available on the running system are displayed.
-H Show hardware resource usage, as returned by the NIC driver.
Output from
-H displays the following elements:
LINK A physical device corresponding to a NIC driver.
GROUP A collection of rings.
GROUPTYPE RX or TX. All rings in a group are of the same group type.
RINGS A hardware resource used by a data link, subject to
assignment by a driver to different groups.
CLIENTS MAC clients that are using the rings within a group.
-m Show MAC addresses and related information. Output from
-m displays the following elements:
LINK A physical device corresponding to a NIC driver.
SLOT When a given physical device has multiple factory MAC
addresses, this indicates the slot of the corresponding MAC
address which can be used as part of a call to
create-vnic.
ADDRESS Displays the MAC address of the device.
INUSE Displays whether or not a MAC Address is actively being used.
CLIENT MAC clients that are using the address.
-o field,
--output=
field A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all, to display all fields. Note that if
either
-H or
-m are specified, then the valid options are those
described in their respective sections. For each link, the
following fields can be displayed:
LINK The name of the datalink.
MEDIA The media type provided by the physical datalink.
STATE The state of the link. This can be
up,
down, or
unknown.
SPEED The current speed of the link, in megabits per second.
DUPLEX For Ethernet links, the full/half duplex status of the link
is displayed if the link state is
up. The duplex is displayed
as
unknown in all other cases.
DEVICE The name of the physical device under this link.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-P,
--persistent This option displays persistent configuration for all links,
including those that have been removed from the system. The
output provides a
FLAGS column in which the
r flag indicates that
the physical device associated with a physical link has been
removed. For such links,
delete-phys can be used to purge the
link's configuration from the system.
dladm create-aggr [
-t] [
-R root-dir] [
-P policy] [
-L mode] [
-T time] [
-u address]
-l ether-link1 [
-l ether-link2...]
aggr-link Combine a set of links into a single IEEE 802.3ad link aggregation
named
aggr-link. The use of an integer
key to generate a link name
for the aggregation is also supported for backward compatibility.
Many of the
*-aggr subcommands below also support the use of a
key to
refer to a given aggregation, but use of the aggregation link name is
preferred. See the
NOTES section for more information on keys.
dladm supports a number of port selection policies for an aggregation
of ports. (See the description of the
-P option, below.) If you do
not specify a policy,
create-aggr uses the default, the L4 policy,
described under the
-P option.
-l ether-link,
--link=
ether-link Each Ethernet link (or port) in the aggregation is specified
using an
-l option followed by the name of the link to be
included in the aggregation. Multiple links are included in the
aggregation by specifying multiple
-l options. For backward
compatibility with previous versions of Solaris, the
dladm command also supports the using the
-d option (or
--dev) with a
device name to specify links by their underlying device name. The
other
*-aggr subcommands that take
-l options also accept
-d.
-t,
--temporary Specifies that the aggregation is temporary. Temporary
aggregations last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-P policy,
--policy=
policy Specifies the port selection policy to use for load spreading of
outbound traffic. The policy specifies which
dev object is used
to send packets. A policy is a list of one or more layers
specifiers separated by commas. A layer specifier is one of the
following:
L2 Select outbound device according to source and destination
MAC addresses of the packet.
L3 Select outbound device according to source and destination
IP addresses of the packet.
L4 Select outbound device according to the upper layer protocol
information contained in the packet. For
TCP and
UDP, this
includes source and destination ports. For IPsec, this
includes the
SPI (Security Parameters Index).
For example, to use upper layer protocol information, the
following policy can be used:
-P L4
Note that policy L4 is the default.
To use the source and destination
MAC addresses as well as the
source and destination
IP addresses, the following policy can be
used:
-P L2,L3
-L mode,
--lacp-mode=
mode Specifies whether
LACP should be used and, if used, the mode in
which it should operate. Supported values are
off,
active or
passive.
-T time,
--lacp-timer=
time Specifies the
LACP timer value. The supported values are
short or
long.
-u address,
--unicast=
address Specifies a fixed unicast hardware address to be used for the
aggregation. If this option is not specified, then an address is
automatically chosen from the set of addresses of the component
devices.
dladm modify-aggr [
-t] [
-R root-dir] [
-P policy] [
-L mode] [
-T time] [
-u address]
aggr-link Modify the parameters of the specified aggregation.
-t,
--temporary Specifies that the modification is temporary. Temporary
aggregations last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-P policy,
--policy=
policy Specifies the port selection policy to use for load spreading of
outbound traffic. See
dladm create-aggr for a description of
valid policy values.
-L mode,
--lacp-mode=
mode Specifies whether
LACP should be used and, if used, the mode in
which it should operate. Supported values are
off,
active, or
passive.
-T time,
--lacp-timer=
time Specifies the
LACP timer value. The supported values are
short or
long.
-u address,
--unicast=
address Specifies a fixed unicast hardware address to be used for the
aggregation. If this option is not specified, then an address is
automatically chosen from the set of addresses of the component
devices.
dladm delete-aggr [
-t] [
-R root-dir]
aggr-link Deletes the specified aggregation.
-t,
--temporary Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm add-aggr [
-t] [
-R root-dir]
-l ether-link1 [
--link=
ether-link2...]
aggr-link Adds links to the specified aggregation.
-l ether-link,
--link=
ether-link Specifies an Ethernet link to add to the aggregation. Multiple
links can be added by supplying multiple
-l options.
-t,
--temporary Specifies that the additions are temporary. Temporary additions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm remove-aggr [
-t] [
-R root-dir]
-l ether-link1 [
--l=
ether-link2...]
aggr-link Removes links from the specified aggregation.
-l ether-link,
--link=
ether-link Specifies an Ethernet link to remove from the aggregation.
Multiple links can be added by supplying multiple
-l options.
-t,
--temporary Specifies that the removals are temporary. Temporary removal last
until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm show-aggr [
-PLx] [
-s [
-i interval]] [[
-p]
-o field[,...]] [
aggr- link]
Show aggregation configuration (the default),
LACP information, or
statistics, either for all aggregations or for the specified
aggregation.
By default (with no options), the following fields can be displayed:
LINK The name of the aggregation link.
POLICY The LACP policy of the aggregation. See the
create-aggr -P option
for a description of the possible values.
ADDRPOLICY Either
auto, if the aggregation is configured to automatically
configure its unicast MAC address (the default if the
-u option
was not used to create or modify the aggregation), or
fixed, if
-u was used to set a fixed MAC address.
LACPACTIVITY The LACP mode of the aggregation. Possible values are
off,
active, or
passive, as set by the
-l option to
create-aggr or
modify-aggr.
LACPTIMER The LACP timer value of the aggregation as set by the
-T option
of
create-aggr or
modify-aggr.
FLAGS A set of state flags associated with the aggregation. The only
possible flag is
f, which is displayed if the administrator
forced the creation the aggregation using the
-f option to
create-aggr. Other flags might be defined in the future.
The
show-aggr command accepts the following options:
-L,
--lacp Displays detailed
LACP information for the aggregation link and
each underlying port. Most of the state information displayed by
this option is defined by IEEE 802.3. With this option, the
following fields can be displayed:
LINK The name of the aggregation link.
PORT The name of one of the underlying aggregation ports.
AGGREGATABLE Whether the port can be added to the aggregation.
SYNC If
yes, the system considers the port to be synchronized and
part of the aggregation.
COLL If
yes, collection of incoming frames is enabled on the
associated port.
DIST If
yes, distribution of outgoing frames is enabled on the
associated port.
DEFAULTED If
yes, the port is using defaulted partner information (that
is, has not received LACP data from the LACP partner).
EXPIRED If
yes, the receive state of the port is in the
EXPIRED state.
-x,
--extended Display additional aggregation information including detailed
information on each underlying port. With
-x, the following
fields can be displayed:
LINK The name of the aggregation link.
PORT The name of one of the underlying aggregation ports.
SPEED The speed of the link or port in megabits per second.
DUPLEX The full/half duplex status of the link or port is displayed
if the link state is
up. The duplex status is displayed as
unknown in all other cases.
STATE The link state. This can be
up,
down, or
unknown.
ADDRESS The MAC address of the link or port.
PORTSTATE This indicates whether the individual aggregation port is in
the
standby or
attached state.
-o field[,...],
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed above,
or the special value
all, to display all fields. The fields
applicable to the
-o option are limited to those listed under
each output mode. For example, if using
-L, only the fields
listed under
-L, above, can be used with
-o.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-P,
--persistent Display the persistent aggregation configuration rather than the
state of the running system.
-s,
--statistics Displays aggregation statistics.
-i interval,
--interval=
interval Used with the
-s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.
dladm create-bridge [
-P protect] [
-R root-dir] [
-p priority] [
-m max- age] [
-h hello-time] [
-d forward-delay] [
-f force-protocol] [
-l link...]
bridge-name Create an 802.1D bridge instance and optionally assign one or more
network links to the new bridge. By default, no bridge instances are
present on the system.
In order to bridge between links, you must create at least one bridge
instance. Each bridge instance is separate, and there is no
forwarding connection between bridges.
-P protect,
--protect=
protect Specifies a protection method. The defined protection methods are
stp for the Spanning Tree Protocol and trill for
TRILL, which is
used on RBridges. The default value is
stp.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-p priority,
--priority=
priority Specifies the Bridge Priority. This sets the IEEE STP priority
value for determining the root bridge node in the network. The
default value is
32768. Valid values are
0 (highest priority) to
61440 (lowest priority), in increments of 4096.
If a value not evenly divisible by 4096 is used, the system
silently rounds downward to the next lower value that is
divisible by 4096.
-m max-age,
--max-age=
max-age Specifies the maximum age for configuration information in
seconds. This sets the STP Bridge Max Age parameter. This value
is used for all nodes in the network if this node is the root
bridge. Bridge link information older than this time is
discarded. It defaults to 20 seconds. Valid values are from 6 to
40 seconds. See the
-d forward-delay parameter for additional
constraints.
-h hello-time,
--hello-time=
hello-time Specifies the STP Bridge Hello Time parameter. When this node is
the root node, it sends Configuration BPDUs at this interval
throughout the network. The default value is 2 seconds. Valid
values are from 1 to 10 seconds. See the
-d forward-delay parameter for additional constraints.
-d forward-delay,
--forward-delay=
forward-delay Specifies the STP Bridge Forward Delay parameter. When this node
is the root node, then all bridges in the network use this timer
to sequence the link states when a port is enabled. The default
value is 15 seconds. Valid values are from 4 to 30 seconds.
Bridges must obey the following two constraints:
2 * (
forward-delay - 1.0) >=
max-age max-age >= 2 * (
hello-time + 1.0)
Any parameter setting that would violate those constraints is
treated as an error and causes the command to fail with a
diagnostic message. The message provides valid alternatives to
the supplied values.
-f force-protocol,
--force-protocol=
force-protocol Specifies the MSTP forced maximum supported protocol. The default
value is 3. Valid values are non-negative integers. The current
implementation does not support RSTP or MSTP, so this currently
has no effect. However, to prevent MSTP from being used in the
future, the parameter may be set to
0 for STP only or
2 for STP
and RSTP.
-l link,
--link=
link Specifies one or more links to add to the newly-created bridge.
This is similar to creating the bridge and then adding one or
more links, as with the
add-bridge subcommand. However, if any of
the links cannot be added, the entire command fails, and the new
bridge itself is not created. To add multiple links on the same
command line, repeat this option for each link. You are permitted
to create bridges without links. For more information about link
assignments, see the
add-bridge subcommand.
Bridge creation and link assignment require the
PRIV_SYS_DL_CONFIG privilege. Bridge creation might fail if the optional bridging
feature is not installed on the system.
dladm modify-bridge [
-P protect] [
-R root-dir] [
-p priority] [
-m max- age] [
-h hello-time] [
-d forward-delay] [
-f force-protocol] [
-l link...]
bridge-name Modify the operational parameters of an existing bridge. The options
are the same as for the
create-bridge subcommand, except that the
-l option is not permitted. To add links to an existing bridge, use the
add-bridge subcommand.
Bridge parameter modification requires the
PRIV_SYS_DL_CONFIG privilege.
dladm delete-bridge [
-R root-dir]
bridge-name Delete a bridge instance. The bridge being deleted must not have any
attached links. Use the
remove-bridge subcommand to deactivate links
before deleting a bridge.
Bridge deletion requires the
PRIV_SYS_DL_CONFIG privilege.
The
-R (
--root-dir) option is the same as for the
create-bridge subcommand.
dladm add-bridge [
-R root-dir]
-l link [
-l link...]
bridge-name Add one or more links to an existing bridge. If multiple links are
specified, and adding any one of them results in an error, the
command fails and no changes are made to the system.
Link addition to a bridge requires the
PRIV_SYS_DL_CONFIG privilege.
A link may be a member of at most one bridge. An error occurs when
you attempt to add a link that already belongs to another bridge. To
move a link from one bridge instance to another, remove it from the
current bridge before adding it to a new one.
The links assigned to a bridge must not also be VLANs, VNICs, or
tunnels. Only physical Ethernet datalinks, aggregation datalinks,
wireless links, and Ethernet stubs are permitted to be assigned to a
bridge.
Links assigned to a bridge must all have the same MTU. This is
checked when the link is assigned. The link is added to the bridge in
a deactivated form if it is not the first link on the bridge and it
has a differing MTU.
Note that systems using bridging should not set the
eeprom(8) local- mac-address? variable to false.
The options are the same as for the
create-bridge subcommand.
dladm remove-bridge [
-R root-dir]
-l link [
-l link...]
bridge-name Remove one or more links from a bridge instance. If multiple links
are specified, and removing any one of them would result in an error,
the command fails and none are removed.
Link removal from a bridge requires the
PRIV_SYS_DL_CONFIG privilege.
The options are the same as for the
create-bridge subcommand.
dladm show-bridge [
-flt] [
-s [
-i interval]] [[
-p]
-o field,...] [
bridge- name]
Show the running status and configuration of bridges, their attached
links, learned forwarding entries, and
TRILL nickname databases. When
showing overall bridge status and configuration, the bridge name can
be omitted to show all bridges. The other forms require a specified
bridge.
The show-bridge subcommand accepts the following options:
-i interval,
--interval=
interval Used with the
-s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.
-s,
--statistics Display statistics for the specified bridges or for a given
bridge's attached links. This option cannot be used with the
-f and
-t options.
-p,
--parsable Display using a stable machine-parsable format. See "Parsable
Output Format," below.
-o field[,...],
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field names are described below. The special value
all displays all fields. Each set of fields has its own default
set to display when
-o is not specified.
By default, the
show-bridge subcommand shows bridge configuration.
The following fields can be shown:
BRIDGE The name of the bridge.
ADDRESS The Bridge Unique Identifier value (MAC address).
PRIORITY Configured priority value; set by
-p with
create-bridge and
modify-bridge.
BMAXAGE Configured bridge maximum age; set by
-m with
create-bridge and
modify-bridge.
BHELLOTIME Configured bridge hello time; set by
-h with
create-bridge and
modify-bridge.
BFWDDELAY Configured forwarding delay; set by
-d with
create-bridge and
modify-bridge.
FORCEPROTO Configured forced maximum protocol; set by
-f with
create-bridge and
modify-bridge.
TCTIME Time, in seconds, since last topology change.
TCCOUNT Count of the number of topology changes.
TCHANGE This indicates that a topology change was detected.
DESROOT Bridge Identifier of the root node.
ROOTCOST Cost of the path to the root node.
ROOTPORT Port number used to reach the root node.
MAXAGE Maximum age value from the root node.
HELLOTIME Hello time value from the root node.
FWDDELAY Forward delay value from the root node.
HOLDTIME Minimum BPDU interval.
By default, when the
-o option is not specified, only the
BRIDGE,
ADDRESS,
PRIORITY, and
DESROOT fields are shown.
When the
-s option is specified, the
show-bridge subcommand shows
bridge statistics. The following fields can be shown:
BRIDGE Bridge name.
DROPS Number of packets dropped due to resource problems.
FORWARDS Number of packets forwarded from one link to another.
MBCAST Number of multicast and broadcast packets handled by the bridge.
RECV Number of packets received on all attached links.
SENT Number of packets sent on all attached links.
UNKNOWN Number of packets handled that have an unknown destination. Such
packets are sent to all links.
By default, when the
-o option is not specified, only the
BRIDGE,
DROPS, and
FORWARDS fields are shown.
The
show-bridge subcommand also accepts the following options:
-l,
--link Displays link-related status and statistics information for all
links attached to a single bridge instance. By using this option
and without the
-s option, the following fields can be displayed
for each link:
LINK The link name.
INDEX Port (link) index number on the bridge.
STATE State of the link. The state can be
disabled,
discarding,
learning,
forwarding,
non-stp, or
bad-mtu.
UPTIME Number of seconds since the last reset or initialization.
OPERCOST Actual cost in use (1-65535).
OPERP2P This indicates whether point-to-point (
P2P) mode been
detected.
OPEREDGE This indicates whether edge mode has been detected.
DESROOT The Root Bridge Identifier that has been seen on this port.
DESCOST Path cost to the network root node through the designated
port.
DESBRIDGE Bridge Identifier for this port.
DESPORT The ID and priority of the port used to transmit
configuration messages for this port.
TCACK This indicates whether Topology Change Acknowledge has been
seen.
When the
-l option is specified without the
-o option, only the
LINK,
STATE,
UPTIME, and
DESROOT fields are shown.
When the
-l option is specified, the
-s option can be used to
display the following fields for each link:
LINK Link name.
CFGBPDU Number of configuration BPDUs received.
TCNBPDU Number of topology change BPDUs received.
RSTPBPDU Number of Rapid Spanning Tree BPDUs received.
TXBPDU Number of BPDUs transmitted.
DROPS Number of packets dropped due to resource problems.
RECV Number of packets received by the bridge.
XMIT Number of packets sent by the bridge.
When the
-o option is not specified, only the
LINK,
DROPS,
RECV,
and
XMIT fields are shown.
-f,
--forwarding Displays forwarding entries for a single bridge instance. With
this option, the following fields can be shown for each
forwarding entry:
DEST Destination MAC address.
AGE Age of entry in seconds and milliseconds. Omitted for local
entries.
FLAGS The
L (local) flag is shown if the MAC address belongs to an
attached link or to a VNIC on one of the attached links.
OUTPUT For local entries, this is the name of the attached link that
has the MAC address. Otherwise, for bridges that use Spanning
Tree Protocol, this is the output interface name. For
RBridges, this is the output
TRILL nickname.
When the
-o option is not specified, the
DEST,
AGE,
FLAGS, and
OUTPUT fields are shown.
-t,
--trill Displays
TRILL nickname entries for a single bridge instance.
With this option, the following fields can be shown for each
TRILL nickname entry:
NICK TRILL nickname for this RBridge, which is a number from 1 to
65535.
FLAGS The
L flag is shown if the nickname identifies the local
system.
LINK Link name for output when sending messages to this RBridge.
NEXTHOP MAC address of the next hop RBridge that is used to reach the
RBridge with this nickname.
When the
-o option is not specified, the
NICK,
FLAGS,
LINK, and
NEXTHOP fields are shown.
dladm create-vlan [
-ft] [
-R root-dir]
-l ether-link -v vid [
vlan-link]
Create a tagged VLAN link with an ID of
vid over Ethernet link
ether- link. The name of the VLAN link can be specified as
vlan-
link. If the
name is not specified, a name will be automatically generated
(assuming that
ether-link is
namePPA) as:
<
name><1000 *
vlan-tag +
PPA>
For example, if
ether-link is
bge1 and
vid is 2, the name generated
is
bge2001.
-f,
--force Force the creation of the VLAN link. Some devices do not allow
frame sizes large enough to include a VLAN header. When creating
a VLAN link over such a device, the
-f option is needed, and the
MTU of the IP interfaces on the resulting VLAN must be set to
1496 instead of 1500.
-l ether-link Specifies Ethernet link over which VLAN is created.
-t,
--temporary Specifies that the VLAN link is temporary. Temporary VLAN links
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm delete-vlan [
-t] [
-R root-dir]
vlan-link Delete the VLAN link specified.
The
delete-vlan subcommand accepts the following options:
-t,
--temporary Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm show-vlan [
-P] [[
-p]
-o field[,...]] [
vlan-link]
Display VLAN configuration for all VLAN links or for the specified
VLAN link.
The
show-vlan subcommand accepts the following options:
-o field[,...],
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all, to display all fields. For each VLAN
link, the following fields can be displayed:
LINK The name of the VLAN link.
VID The ID associated with the VLAN.
OVER The name of the physical link over which this VLAN is
configured.
FLAGS A set of flags associated with the VLAN link. Possible flags
are:
f The VLAN was created using the
-f option to
create-vlan.
i The VLAN was implicitly created when the DLPI link was
opened. These VLAN links are automatically deleted on
last close of the DLPI link (for example, when the IP
interface associated with the VLAN link is unplumbed).
Additional flags might be defined in the future.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-P,
--persistent Display the persistent VLAN configuration rather than the state
of the running system.
dladm scan-wifi [[
-p]
-o field[,...]] [
wifi-link]
Scans for
WiFi networks, either on all
WiFi links, or just on the
specified
wifi-link.
By default, currently all fields but
BSSTYPE are displayed.
-o field[,...],
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all to display all fields. For each
WiFi network found, the following fields can be displayed:
LINK The name of the link the
WiFi network is on.
ESSID The
ESSID (name) of the
WiFi network.
BSSID Either the hardware address of the
WiFi network's Access
Point (for
BSS networks), or the
WiFi network's randomly
generated unique token (for
IBSS networks).
SEC Either
none for a
WiFi network that uses no security,
wep for
a
WiFi network that requires WEP (Wired Equivalent Privacy),
or
wpa for a WiFi network that requires WPA (Wi-Fi Protected
Access).
MODE The supported connection modes: one or more of
a,
b, or
g.
STRENGTH The strength of the signal: one of
excellent,
very good,
good,
weak, or
very weak.
SPEED The maximum speed of the
WiFi network, in megabits per
second.
BSSTYPE Either
bss for
BSS (infrastructure) networks, or
ibss for
IBSS (ad-hoc) networks.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
dladm connect-wifi [
-e essid] [
-i bssid] [
-k key,...] [
-s none |
wep |
wpa] [
-a open|
shared] [
-b bss|
ibss] [
-c] [
-m a|
b|
g] [
-T time] [
wifi-link]
Connects to a
WiFi network. This consists of four steps:
discovery,
filtration,
prioritization, and
association. However, to enable
connections to non-broadcast
WiFi networks and to improve
performance, if a
BSSID or
ESSID is specified using the
-e or
-i options, then the first three steps are skipped and
connect-wifi immediately attempts to associate with a
BSSID or
ESSID that matches
the rest of the provided parameters. If this association fails, but
there is a possibility that other networks matching the specified
criteria exist, then the traditional discovery process begins as
specified below.
The discovery step finds all available
WiFi networks on the specified
WiFi link, which must not yet be connected. For administrative
convenience, if there is only one
WiFi link on the system,
wifi-link can be omitted.
Once discovery is complete, the list of networks is filtered
according to the value of the following options:
-e essid, --essid=
essid Networks that do not have the same
essid are filtered out.
-b bss|
ibss,
--bsstype=
bss|
ibss Networks that do not have the same
bsstype are filtered out.
-m a|
b|
g,
--mode=
a|
b|
g Networks not appropriate for the specified 802.11 mode are
filtered out.
-k key,...,
--key=
key, ... Use the specified
secobj named by the key to connect to the
network. Networks not appropriate for the specified keys are
filtered out.
-s none|
wep|
wpa,
--sec=
none|
wep|
wpa Networks not appropriate for the specified security mode are
filtered out.
Next, the remaining networks are prioritized, first by signal
strength, and then by maximum speed. Finally, an attempt is made to
associate with each network in the list, in order, until one succeeds
or no networks remain.
In addition to the options described above, the following options
also control the behavior of
connect-wifi:
-a open|
shared,
--auth=
open|
shared Connect using the specified authentication mode. By default,
open and
shared are tried in order.
-c,
--create-ibss Used with
-b ibss to create a new ad-hoc network if one matching
the specified
ESSID cannot be found. If no
ESSID is specified,
then
-c -b ibss always triggers the creation of a new ad-hoc
network.
-T time,
--timeout=
time Specifies the number of seconds to wait for association to
succeed. If
time is
forever, then the associate will wait
indefinitely. The current default is ten seconds, but this might
change in the future. Timeouts shorter than the default might not
succeed reliably.
-k key,...,
--key=
key,... In addition to the filtering previously described, the specified
keys will be used to secure the association. The security mode to
use will be based on the key class; if a security mode was
explicitly specified, it must be compatible with the key class.
All keys must be of the same class.
For security modes that support multiple key slots, the slot to
place the key will be specified by a colon followed by an index.
Therefore,
-k mykey:3 places
mykey in slot 3. By default, slot 1
is assumed. For security modes that support multiple keys, a
comma-separated list can be specified, with the first key being
the active key.
dladm disconnect-wifi [
-a] [
wifi-link]
Disconnect from one or more
WiFi networks. If
wifi-link specifies a
connected
WiFi link, then it is disconnected. For administrative
convenience, if only one
WiFi link is connected,
wifi-link can be
omitted.
-a,
--all-links Disconnects from all connected links. This is primarily intended
for use by scripts.
dladm show-wifi [[
-p]
-o field,...] [
wifi-link]
Shows
WiFi configuration information either for all
WiFi links or for
the specified link
wifi-link.
-o field,...,
--output=
field A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all, to display all fields. For each
WiFi link, the following fields can be displayed:
LINK The name of the link being displayed.
STATUS Either
connected if the link is connected, or
disconnected if
it is not connected. If the link is disconnected, all
remaining fields have the value
--.
ESSID The
ESSID (name) of the connected
WiFi network.
BSSID Either the hardware address of the
WiFi network's Access
Point (for
BSS networks), or the
WiFi network's randomly
generated unique token (for
IBSS networks).
SEC Either
none for a
WiFi network that uses no security,
wep for
a
WiFi network that requires WEP, or
wpa for a WiFi network
that requires WPA.
MODE The supported connection modes: one or more of
a,
b, or
g.
STRENGTH The connection strength: one of
excellent,
very good,
good,
weak, or
very weak.
SPEED The connection speed, in megabits per second.
AUTH Either
open or
shared (see
connect-wifi).
BSSTYPE Either
bss for
BSS (infrastructure) networks, or
ibss for
IBSS (ad-hoc) networks.
By default, currently all fields but
AUTH,
BSSID,
BSSTYPE are
displayed.
-p,
--parsable Displays using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
dladm show-ether [
-x] [[
-p]
-o field,...] [
ether-link]
Shows state information either for all physical Ethernet links or for
a specified physical Ethernet link.
The
show-ether subcommand accepts the following options:
-o field,...,
--output=
field A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all to display all fields. For each link,
the following fields can be displayed:
LINK The name of the link being displayed.
PTYPE Parameter type, where
current indicates the negotiated state
of the link,
capable indicates capabilities supported by the
device,
adv indicates the advertised capabilities, and
peeradv indicates the capabilities advertised by the link-
partner.
STATE The state of the link.
AUTO A
yes/
no value indicating whether auto-negotiation is
advertised.
SPEED-DUPLEX Combinations of speed and duplex values available. The units
of speed are encoded with a trailing suffix of
G (Gigabits/s)
or
M (Mb/s). Duplex values are encoded as
f (full-duplex) or
h (half-duplex).
PAUSE Flow control information. Can be
no, indicating no flow
control is available;
tx, indicating that the end-point can
transmit pause frames, but ignores any received pause frames;
rx, indicating that the end-point receives and acts upon
received pause frames; or
bi, indicating bi-directional flow-
control.
REM_FAULT Fault detection information. Valid values are
none or
fault.
By default, all fields except
REM_FAULT are displayed for the
"current"
PTYPE.
-p,
--parsable Displays using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-x,
--extended Extended output is displayed for
PTYPE values of
current,
capable,
adv and
peeradv.
dladm set-linkprop [
-t] [
-R root-dir] [
-z zonename]
-p prop=
value[,...]
link Sets the values of one or more properties on the link specified. The
list of properties and their possible values depend on the link type,
the network device driver, and networking hardware. These properties
can be retrieved using
show-linkprop.
-t,
--temporary Specifies that the changes are temporary. Temporary changes last
until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-z zonename Operate on a link that has been delegated to the specified zone.
-p prop=
value[,...],
--prop prop=
value[,...]
A comma-separated list of properties to set to the specified
values.
Note that when the persistent value is set, the temporary value
changes to the same value.
dladm reset-linkprop [
-t] [
-R root-dir] [
-z zonename] [
-p prop,...]
link Resets one or more properties to their values on the link specified.
Properties are reset to the values they had at startup. If no
properties are specified, all properties are reset. See
show-linkprop for a description of properties.
-t,
--temporary Specifies that the resets are temporary. Values are reset to
default values. Temporary resets last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-z zonename Operate on a link that has been delegated to the specified zone.
-p prop, ...,
--prop=
prop, ... A comma-separated list of properties to reset.
Note that when the persistent value is reset, the temporary value
changes to the same value.
dladm show-linkprop [
-P] [
-z zonename] [[
-c]
-o field[,...]][
-p prop[,...]] [
link]
Show the current or persistent values of one or more properties,
either for all datalinks or for the specified link. By default,
current values are shown. If no properties are specified, all
available link properties are displayed. For each property, the
following fields are displayed:
-o field[,...],
--output=
field A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all to display all fields. For each link,
the following fields can be displayed:
LINK The name of the datalink.
PROPERTY The name of the property.
PERM The read/write permissions of the property. The value shown
is one of
ro or
rw.
VALUE The current (or persistent) property value. If the value is
not set, it is shown as
--. If it is unknown, the value is
shown as
?. Persistent values that are not set or have been
reset will be shown as
-- and will use the system
DEFAULT value (if any).
DEFAULT The default value of the property. If the property has no
default value,
-- is shown.
POSSIBLE A comma-separated list of the values the property can have.
If the values span a numeric range,
min -
max might be shown
as shorthand. If the possible values are unknown or
unbounded,
-- is shown.
The list of properties depends on the link type and network
device driver, and the available values for a given property
further depends on the underlying network hardware and its state.
General link properties are documented in the
LINK PROPERTIES section. However, link properties that begin with "
_" (underbar)
are specific to a given link or its underlying network device and
subject to change or removal. See the appropriate network device
driver man page for details.
-c,
--parsable Display using a stable machine-parsable format. The
-o option is
required with this option. See "Parsable Output Format", below.
-P,
--persistent Display persistent link property information
-z zonename Operate on a link that has been delegated to the specified zone.
-p prop, ...,
--prop=
prop, ... A comma-separated list of properties to show. See the sections on
link properties following subcommand descriptions.
dladm create-secobj [
-t] [
-R root-dir] [
-f file]
-c class secobj Create a secure object named
secobj in the specified
class to be
later used as a WEP or WPA key in connecting to an encrypted network.
The value of the secure object can either be provided interactively
or read from a file. The sequence of interactive prompts and the
file format depends on the class of the secure object.
Currently, the classes
wep and
wpa are supported. The
WEP (Wired
Equivalent Privacy) key can be either 5 or 13 bytes long. It can be
provided either as an
ASCII or hexadecimal string -- thus,
12345 and
0x3132333435 are equivalent 5-byte keys (the
0x prefix can be
omitted). A file containing a
WEP key must consist of a single line
using either
WEP key format. The WPA (Wi-Fi Protected Access) key
must be provided as an ASCII string with a length between 8 and 63
bytes.
This subcommand is only usable by users or roles that belong to the
"Network Link Security"
RBAC profile.
-c class,
--class=
class class can be
wep or
wpa. See preceding discussion.
-t,
--temporary Specifies that the creation is temporary. Temporary creation last
until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-f file,
--file=
file Specifies a file that should be used to obtain the secure
object's value. The format of this file depends on the secure
object class. See the
EXAMPLES section for an example of using
this option to set a
WEP key.
dladm delete-secobj [
-t] [
-R root-dir]
secobj[,...]
Delete one or more specified secure objects. This subcommand is only
usable by users or roles that belong to the "Network Link Security"
RBAC profile.
-t,
--temporary Specifies that the deletions are temporary. Temporary deletions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm show-secobj [
-P] [[
-p]
-o field[,...]] [
secobj,...]
Show current or persistent secure object information. If one or more
secure objects are specified, then information for each is displayed.
Otherwise, all current or persistent secure objects are displayed.
By default, current secure objects are displayed, which are all
secure objects that have either been persistently created and not
temporarily deleted, or temporarily created.
For security reasons, it is not possible to show the value of a
secure object.
-o field[,...] ,
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below.
For displayed secure object, the following fields can be shown:
OBJECT The name of the secure object.
CLASS The class of the secure object.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-P,
--persistent Display persistent secure object information
dladm create-vnic [
-t]
-l link [
-R root-dir] [
-m value | auto | {factory
[
-n slot-identifier]} | {random [
-r prefix]}] [
-v vlan-id] [
-p prop=
value[,...]]
vnic-link Create a VNIC with name
vnic-link over the specified link.
-t,
--temporary Specifies that the VNIC is temporary. Temporary VNICs last until
the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-l link,
--link=
link link can be a physical link or an
etherstub.
-m value |
keyword,
--mac-address=
value |
keyword Sets the VNIC's MAC address based on the specified value or
keyword. If
value is not a keyword, it is interpreted as a
unicast MAC address, which must be valid for the underlying NIC.
The following special keywords can be used:
factory [-n slot-identifier],
factory [--slot=
slot-identifier]
Assign a factory MAC address to the VNIC. When a factory MAC
address is requested,
-m can be combined with the
-n option
to specify a MAC address slot to be used. If
-n is not
specified, the system will choose the next available factory
MAC address. The
-m option of the
show-phys subcommand can be
used to display the list of factory MAC addresses, their slot
identifiers, and their availability.
random [-r prefix],
random [--mac-prefix=
prefix]
Assign a random MAC address to the VNIC. A default prefix
consisting of a valid IEEE OUI with the local bit set will be
used. That prefix can be overridden with the
-r option.
auto Try and use a factory MAC address first. If none is
available, assign a random MAC address.
auto is the default
action if the
-m option is not specified.
-v vlan-id Enable VLAN tagging for this VNIC. The VLAN tag will have id
vlan-id.
-p prop=
value,...,
--prop prop=
value,...
A comma-separated list of properties to set to the specified
values.
dladm delete-vnic [
-t] [
-R root-dir] [
-z zonename]
vnic-link Deletes the specified VNIC.
-t,
--temporary Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-z zonename Operate on a link that has been delegated to the specified zone.
dladm show-vnic [
-pP] [
-s [
-i interval]] [
-o field[,...]] [
-l link] [
-z zonename] [
vnic-link]
Show VNIC configuration information (the default) or statistics, for
all VNICs, all VNICs on a link, or only the specified
vnic-link.
-o field[,...] ,
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below.
The field name must be one of the fields listed below, or the
special value
all to display all fields. By default (without
-o),
show-vnic displays all fields.
LINK The name of the VNIC.
OVER The name of the physical link over which this VNIC is
configured.
SPEED The maximum speed of the VNIC, in megabits per second.
MACADDRESS MAC address of the VNIC.
MACADDRTYPE MAC address type of the VNIC.
dladm distinguishes among the
following MAC address types:
random A random address assigned to the VNIC.
factory A factory MAC address used by the VNIC.
-p,
--parsable Display using a stable machine-parsable format. The
-o option is
required with
-p. See "Parsable Output Format", below.
-P,
--persistent Display the persistent VNIC configuration.
-s,
--statistics Displays VNIC statistics.
-i interval,
--interval=
interval Used with the
-s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.
-l link,
--link=
link Display information for all VNICs on the named link.
-z zonename Operate on a link that has been delegated to the specified zone.
dladm create-etherstub [
-t] [
-R root-dir]
etherstub Create an etherstub with the specified name.
-t,
--temporary Specifies that the etherstub is temporary. Temporary etherstubs
do not persist across reboots.
-R root-dir,
--root-dir=
root-dir See "Options," above.
VNICs can be created on top of etherstubs instead of physical NICs.
As with physical NICs, such a creation causes the stack to implicitly
create a virtual switch between the VNICs created on top of the same
etherstub.
dladm delete-etherstub [
-t] [
-R root-dir]
etherstub Delete the specified etherstub.
-t,
--temporary Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm show-etherstub [
etherstub]
Show all configured etherstubs by default, or the specified etherstub
if
etherstub is specified.
dladm create-iptun [
-t] [
-R root-dir]
-T type [-a
{local|remote}=<addr>[,...]]
iptun-link Create an IP tunnel link named
iptun-link. Such links can
additionally be protected with IPsec using
ipsecconf(8).
An IP tunnel is conceptually comprised of two parts: a virtual link
between two or more IP nodes, and an IP interface above this link
that allows the system to transmit and receive IP packets
encapsulated by the underlying link. This subcommand creates a
virtual link. The
ifconfig(8) command is used to configure IP
interfaces above the link.
-t,
--temporary Specifies that the IP tunnel link is temporary. Temporary tunnels
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-T type,
--tunnel-type=
type Specifies the type of tunnel to be created. The type must be one
of the following:
ipv4 A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
This type of tunnel requires IPv4 source and destination
addresses to function. IPv4 and IPv6 interfaces can be
plumbed above such a tunnel to create IPv4-over-IPv4 and
IPv6-over-IPv4 tunneling configurations.
ipv6 A point-to-point, IP-over-IP tunnel between two IPv6 nodes as
defined in IETF RFC 2473. This type of tunnel requires IPv6
source and destination addresses to function. IPv4 and IPv6
interfaces can be plumbed above such a tunnel to create
IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configurations.
6to4 A 6to4, point-to-multipoint tunnel as defined in IETF RFC
3056. This type of tunnel requires an IPv4 source address to
function. An IPv6 interface is plumbed on such a tunnel link
to configure a 6to4 router.
-a local=addr Literal IP address or hostname corresponding to the tunnel
source. If a hostname is specified, it will be resolved to IP
addresses, and one of those IP addresses will be used as the
tunnel source. Because IP tunnels are created before naming
services have been brought online during the boot process, it is
important that any hostname used be included in
/etc/hosts.
-a remote=addr Literal IP address or hostname corresponding to the tunnel
destination.
dladm modify-iptun [
-t] [
-R root-dir] [-a {local|remote}=<addr>[,...]]
iptun-link Modify the parameters of the specified IP tunnel.
-t,
--temporary Specifies that the modification is temporary. Temporary
modifications last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
-a local=addr Specifies a new tunnel source address. See
create-iptun for a
description.
-a remote=addr Specifies a new tunnel destination address. See
create-iptun for
a description.
dladm delete-iptun [
-t] [
-R root-dir]
iptun-link Delete the specified IP tunnel link.
-t,
--temporary Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir,
--root-dir=
root-dir See "Options," above.
dladm show-iptun [
-P] [[
-p]
-o field[,...]] [
iptun-link]
Show IP tunnel link configuration for a single IP tunnel or all IP
tunnels.
-P,
--persistent Display the persistent IP tunnel configuration.
-p,
--parsable Display using a stable machine-parsable format. The -o option is
required with -p. See "Parsable Output Format", below.
-o field[,...],
--output=
field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value
all, to display all fields. By default
(without
-o),
show-iptun displays all fields.
LINK The name of the IP tunnel link.
TYPE Type of tunnel as specified by the
-T option of
create-iptun.
FLAGS A set of flags associated with the IP tunnel link. Possible
flags are:
s The IP tunnel link is protected by IPsec policy. To
display the IPsec policy associated with the tunnel link,
enter:
#
ipsecconf -ln -i tunnel-link See
ipsecconf(8) for more details on how to configure
IPsec policy.
i The IP tunnel link was implicitly created with
ifconfig(8), and will be automatically deleted when it is
no longer referenced (that is, when the last IP interface
over the tunnel is unplumbed). See
ifconfig(8) for
details on implicit tunnel creation.
SOURCE The tunnel source address.
DESTINATION The tunnel destination address.
dladm create-overlay [
-t]
-e encap -s search -v vnetid [
-p prop=
value[,...]]
overlay Create an overlay device named
overlay.
Overlay devices are similar to etherstubs. VNICs can be created on
top of them. However, unlike an etherstub which is local to the
system, an overlay device can be configured to communicate to remote
hosts, providing a means for network virtualization. The way in which
it does this is described by the encapsulation module and the search
plugin. For more information on these, see
overlay(5).
An overlay device has a series of required and optional properties.
These properties vary based upon the search and encapsulation modules
and are fully specified in
overlay(5). Not every property needs to be
specified - some have default values which will be used if nothing
specific is specified. For example, the default port for VXLAN comes
from its IANA standard. If a required property is missing, the
command will fail and inform you of the missing properties.
-t,
--temporary Specifies that the overlay is temporary. Temporary overlays last
until the next reboot.
-e encap,
--encap=
encap Use
encap as the encapsulation plugin for the overlay device
overlay. The encapsulation plugin determines how packets are
transformed before being put on the wire.
-s search,
--search=
search Use
search as the search plugin for
overlay. The search plugin
determines how non-local targets are found and where packets are
directed to.
-p prop=
value,...,
--prop prop=
value,...
A comma-separated list of properties to set to the specified
values.
-v vnetid,
--vnetid=
vnetid Sets the virtual networking identifier to
vnetid. A virtual
network identifier determines is similar to a VLAN identifier, in
that it identifies a unique virtual network. All overlay devices
on the system share the same space for the virtual network
identifier. However, the valid range of identifiers is determined
by the encapsulation plugin specified by
-e.
dladm delete-overlay [
-t]
overlay Delete the specified overlay. This will fail if there are VNICs on
top of the device.
-t,
--temporary Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
dladm modify-overlay -d mac |
-f |
-s mac=ip:port overlay Modifies the target tables for the specified overlay.
The different options allow for different ways of modifying the
target table. One of
-d,
-f, and
-s is required. This is not
applicable for all kinds of overlay devices. For more
information, see
overlay(5).
-d mac,
--delete-entry=
mac Deletes the entry for
mac from the target table for
overlay.
Note, if a lookup is pending or outstanding, this does not
cancel it or stop it from updating the value.
-f,
--flush-table Flushes all values in the target table for
overlay.
-s mac=
value,
--set-entry=
mac=
value Sets the value of
overlay's target table entry for
mac to the
specified value. The specified value varies upon the
encapsulation plugin. The value may be a combination of a MAC
address, IP address, and port. Generally, this looks like
[
mac,][
IP:][
port]. If a component is the last one, then there
is no need for a separator. eg. if just the MAC address or IP
is needed, it would look like
mac and
IP respectively.
dladm show-overlay [
-f |
-t ] [[
-p]
-o field[,...]] [
overlay]
Shows overlay configuration (the default), internal target tables
(
-t), or the FMA state (
-f), either for all overlays or the
specified overlay.
By default (with neither
-f or
-t specified), the following
fields will be displayed:
LINK The name of the overlay.
PROPERTY The name of the property.
PERM The read/write permissions of the property. The value shown
is one of
r- or
rw.
VALUE The current property value. If the value is not set, it is
shown as
--. If it is unknown, the value is shown as
?.
DEFAULT The default value of the property. If the property has no
default value,
-- is shown.
POSSIBLE A comma-separated list of the values the property can have.
If the values span a numeric range,
min -
max might be shown
as shorthand. If the possible values are unknown or
unbounded,
-- is shown.
When the
-f option is displayed, the following fields will be
displayed:
LINK The name of the overlay.
STATUS Either
ONLINE or
DEGRADED.
DETAILS When the
overlay's status is
ONLINE, then this has the value
--. Otherwise, when it is
DEGRADED, this field provides a
more detailed explanation as to why it's degraded.
When the
-t option is displayed, the following fields will be
displayed:
LINK The name of the overlay.
TARGET The target MAC address of a table entry.
DESTINATION The address that an encapsulated packet will be sent to when
a packet has the address specified by
TARGET.
The
show-overlay command supports the following options:
-f,
--fma Displays information about an overlay device's FMA state. For
more information on the target table, see
overlay(5).
-o field[,...],
--output=
field A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
above, or the special value
all, to display all fields. The
fields applicable to the
-o option are limited to those
listed under each output mode. For example, if using
-L, only
the fields listed under
-L, above, can be used with
-o.
-p,
--parsable Display using a stable machine-parsable format. The
-o option
is required with
-p. See "Parsable Output Format", below.
-t,
--target Displays information about an overlay device's target table.
For more information on the target table, see
overlay(5).
dladm show-usage [
-a]
-f filename [
-p plotfile -F format] [
-s time]
[
-e time] [
link]
Show the historical network usage from a stored extended
accounting file. Configuration and enabling of network
accounting through
acctadm(8) is required. The default output
will be the summary of network usage for the entire period of
time in which extended accounting was enabled.
-a Display all historical network usage for the specified period
of time during which extended accounting is enabled. This
includes the usage information for the links that have
already been deleted.
-f filename,
--file=
filename Read extended accounting records of network usage from
filename.
-F format,
--format=
format Specifies the format of
plotfile that is specified by the
-p option. As of this release,
gnuplot is the only supported
format.
-p plotfile,
--plot=
plotfile Write network usage data to a file of the format specified by
the
-F option, which is required.
-s time,
--start=
time -e time,
--stop=
time Start and stop times for data display. Time is in the format
MM/
DD/
YYYY,
hh:
mm:
ss.
link If specified, display the network usage only for the named
link. Otherwise, display network usage for all links.
Parsable Output Format
Many
dladm subcommands have an option that displays output in a machine-
parsable format. The output format is one or more lines of colon (
:)
delimited fields. The fields displayed are specific to the subcommand
used and are listed under the entry for the
-o option for a given
subcommand. Output includes only those fields requested by means of the
-o option, in the order requested.
When you request multiple fields, any literal colon characters are
escaped by a backslash (
\) before being output. Similarly, literal
backslash characters will also be escaped (
\\). This escape format is
parsable by using shell
read(1) functions with the environment variable
IFS=: (see
EXAMPLES, below). Note that escaping is not done when you
request only a single field.
General Link Properties
The following general link properties are supported:
allow-all-dhcp-cids One of
true or
false, to indicate whether or not all DHCP Client
Identifiers should be permitted on this interface when DHCP spoofing
protection is being used. This can be useful in cases where a DHCP
client is using RFC 4361-style Client Identifiers, which are based on
a value that is opaque to the Global Zone, but enforcement of MAC
addresses in DHCP packets is still desired.
allowed-dhcp-cids A comma-separated list of DHCP Client Identifiers that are allowed on
the interface.
Client identifiers can be written in three different formats: a
string of hexadecimal characters prefixed by
0x, indicating the exact
bytes used in the Client Identifier; an RFC 3315 DUID of the form
"1.<hardware type>.<time>.<link-layer address>" (DUID-LLT),
"2.<enterprise number>.<hex string>" (DUID-EN), or
"3.<hardware type>.<link-layer address>" (DUID-LL); or a string of
characters whose byte values should be used as the Client Identifier.
When specifying a string of hexadecimal characters prefixed by
0x or
as part of a DUID-EN string, an even number of hexadecimal characters
must be provided in order to fully specify each byte.
allowed-ips A comma-separated list of IP addresses that are allowed on the
interface.
An address in CIDR format with no host address specified is used to
indicate that any address on that subnet is allowed (e.g.
192.168.10.0/24 means any address in the range 192.168.10.0 -
192.168.10.255 is allowed).
autopush Specifies the set of STREAMS modules to push on the stream associated
with a link when its DLPI device is opened. It is a space-delimited
list of modules.
The optional special character sequence
[anchor] indicates that a
STREAMS anchor should be placed on the stream at the module
previously specified in the list. It is an error to specify more than
one anchor or to have an anchor first in the list.
The
autopush property is preferred over the more general
autopush(8) command.
cpus Bind the processing of packets for a given data link to a processor
or a set of processors. The value can be a comma-separated list of
one or more processor ids. If the list consists of more than one
processor, the processing will spread out to all the processors.
Connection to processor affinity and packet ordering for any
individual connection will be maintained.
The processor or set of processors are not exclusively reserved for
the link. Only the kernel threads and interrupts associated with
processing of the link are bound to the processor or the set of
processors specified. In case it is desired that processors be
dedicated to the link,
psrset(8) can be used to create a processor
set and then specifying the processors from the processor set to bind
the link to.
If the link was already bound to processor or set of processors due
to a previous operation, the binding will be removed and the new set
of processors will be used instead.
The default is no CPU binding, which is to say that the processing of
packets is not bound to any specific processor or processor set.
dynamic-methods When using IP spoofing protection (see
protection), addresses can be
learned dynamically by monitoring certain network traffic, like DHCP
transactions or IPv6 Stateless Address Autoconfiguration (SLAAC). By
default, all learning methods are permitted, but if
allowed-ips contains any addresses, then all methods are disabled, and any
packets sent from addresses previously learned will be dropped. This
property allows selecting which ones are re-enabled, where valid
options are
dhcpv4,
dhcpv6, and
slaac.
addrconf is available as an
alias for enabling both
dhcpv6 and
slaac.
learn_limit Limits the number of new or changed MAC sources to be learned over a
bridge link. When the number exceeds this value, learning on that
link is temporarily disabled. Only non-VLAN, non-VNIC type links have
this property.
The default value is
1000. Valid values are greater or equal to 0.
learn_decay Specifies the decay rate for source changes limited by
learn_limit.
This number is subtracted from the counter for a bridge link every 5
seconds. Only non-VLAN, non-VNIC type links have this property.
The default value is
200. Valid values are greater or equal to 0.
maxbw Sets the full duplex bandwidth for the link. The bandwidth is
specified as an integer with one of the scale suffixes (
K,
M, or
G for Kbps, Mbps, and Gbps). If no units are specified, the input value
will be read as Mbps. The default is no bandwidth limit.
priority Sets the relative priority for the link. The value can be given as
one of the tokens
high,
medium, or
low. The default is
high.
protection This property enables various forms of link protections, which
prevent sending applicable traffic out of this link. Note that since
this enforcement happens late in the networking stack, some
observability tools like
snoop(1M) may still see dropped outbound
packets.
This property should be set to a comma-separated list of protections
to enable on this link, where available protections are:
ip-nospoof Prevents sending from IPv4 and IPv6 addresses that have not been
permitted over the NIC. Addresses can be learned dynamically (see
dynamic-methods) or specified explicitly (see
allowed-ips).
dhcp-nospoof Prevents sending DHCP packets whose client hardware address
(CHADDR) field differs from the link-layer address, or from using
a Client Identifier whose value cannot be confirmed to be derived
from the link-layer address. Additional Client Identifiers can be
permitted through the
allowed-dhcp-cids and
allow-all-dhcp-cids link properties.
mac-nospoof Prevents sending packets with a link-layer address that differs
from the one associated with the NIC. Additional addresses to
allow can be added using the
seconday-macs property.
restricted Prevents using a VLAN ID not associated with the NIC and sending
packets that are not IPv4, IPv6 or ARP.
stp Enables or disables Spanning Tree Protocol on a bridge link. Setting
this value to
0 disables Spanning Tree, and puts the link into
forwarding mode with BPDU guarding enabled. This mode is appropriate
for point-to-point links connected only to end nodes. Only non-VLAN,
non-VNIC type links have this property. The default value is
1, to
enable STP.
forward Enables or disables forwarding for a VLAN. Setting this value to
0 disables bridge forwarding for a VLAN link. Disabling bridge
forwarding removes that VLAN from the "allowed set" for the bridge.
The default value is
1, to enable bridge forwarding for configured
VLANs.
default_tag Sets the default VLAN ID that is assumed for untagged packets sent to
and received from this link. Only non-VLAN, non-VNIC type links have
this property. Setting this value to
0 disables the bridge
forwarding of untagged packets to and from the port. The default
value is
VLAN ID 1. Valid values values are from 0 to 4094.
promisc-filtered Enables or disables the default filtering of promiscuous mode for
certain classes of links. By default, VNICs will only see unicast
traffic destined for it in promiscuous mode. Not all the unicast
traffic from the underlying device makes it to the VNIC. Disabling
this would cause a VNIC, for example, to be able to see all unicast
traffic from the device it is created over. The default value is on.
stp_priority Sets the STP and RSTP Port Priority value, which is used to determine
the preferred root port on a bridge. Lower numerical values are
higher priority. The default value is
128. Valid values range from 0
to 255.
stp_cost Sets the STP and RSTP cost for using the link. The default value is
auto, which sets the cost based on link speed, using
100 for 10Mbps,
19 for 100Mbps,
4 for 1Gbps, and
2 for 10Gbps. Valid values range
from 1 to 65535.
stp_edge Enables or disables bridge edge port detection. If set to
0 (false),
the system assumes that the port is connected to other bridges even
if no bridge PDUs of any type are seen. The default value is
1, which
detects edge ports automatically.
stp_p2p Sets bridge point-to-point operation mode. Possible values are
true,
false, and
auto. When set to
auto, point-to-point connections are
automatically discovered. When set to
true, the port mode is forced
to use point-to-point. When set to
false, the port mode is forced to
use normal multipoint mode. The default value is
auto.
stp_mcheck Triggers the system to run the RSTP
Force BPDU Migration Check procedure on this link. The procedure is triggered by setting the
property value to
1. The property is automatically reset back to
0.
This value cannot be set unless the following are true:
o The link is bridged
o The bridge is protected by Spanning Tree
o The bridge
force-protocol value is at least 2 (RSTP)
The default value is 0.
zone Specifies the zone to which the link belongs. This property can be
modified only temporarily through
dladm, and thus the
-t option must
be specified. To modify the zone assignment such that it persists
across reboots, please use
zonecfg(8). Possible values consist of any
exclusive-IP zone currently running on the system. By default, the
zone binding is as per
zonecfg(8).
Wifi Link Properties
The following
WiFi link properties are supported. Note that the ability
to set a given property to a given value depends on the driver and
hardware.
channel Specifies the channel to use. This property can be modified only by
certain
WiFi links when in
IBSS mode. The default value and allowed
range of values varies by regulatory domain.
powermode Specifies the power management mode of the
WiFi link. Possible values
are
off (disable power management),
max (maximum power savings), and
fast (performance-sensitive power management). Default is
off.
radio Specifies the radio mode of the
WiFi link. Possible values are
on or
off. Default is
on.
speed Specifies a fixed speed for the
WiFi link, in megabits per second.
The set of possible values depends on the driver and hardware (but is
shown by
show-linkprop); common speeds include 1, 2, 11, and 54. By
default, there is no fixed speed.
Ethernet Link Properties
The following MII Properties, as documented in
ieee802.3(7), are
supported in read-only mode:
o
duplex o
state o
adv_autoneg_cap o
adv_10gfdx_cap o
adv_1000fdx_cap o
adv_1000hdx_cap o
adv_100fdx_cap o
adv_100hdx_cap o
adv_10fdx_cap o
adv_10hdx_cap Each
adv_ property (for example,
adv_10fdx_cap) also has a read/write
counterpart
en_ property (for example,
en_10fdx_cap) controlling
parameters used at auto-negotiation. In the absence of Power Management,
the
adv* speed/duplex parameters provide the values that are both
negotiated and currently effective in hardware. However, with Power
Management enabled, the speed/duplex capabilities currently exposed in
hardware might be a subset of the set of bits that were used in initial
link parameter negotiation. Thus the MII
adv_* parameters are marked
read-only, with an additional set of
en_* parameters for configuring
speed and duplex properties at initial negotiation.
Note that the
adv_autoneg_cap does not have an
en_autoneg_cap counterpart: the
adv_autoneg_cap is a 0/1 switch that turns off/on auto-
negotiation itself, and therefore cannot be impacted by Power Management.
In addition, the following Ethernet properties are reported:
speed (read-only) The operating speed of the device, in Mbps.
mtu The maximum client SDU (Send Data Unit) supported by the device.
Valid range is 68-65536.
flowctrl Establishes flow-control modes that will be advertised by the device.
Valid input is one of:
no No flow control enabled.
rx Receive, and act upon incoming pause frames.
tx Transmit pause frames to the peer when congestion occurs, but
ignore received pause frames.
bi Bidirectional flow control.
Note that the actual settings for this value are constrained by the
capabilities allowed by the device and the link partner.
en_fec_cap Sets the Forward Error Correct (FEC) code(s) to be advertised by the
device. Valid values are:
none Allow the device not to use FEC.
auto The device will automatically decide which FEC code to use.
rs Allow Reed-Solomon FEC code.
base-r Allow Base-R (also known as FireCode) code.
Valid input is either
auto as a single value, or a comma separated
combination of
none,
rs and
base-r. The default value is
auto.
Note the actual FEC settings and combinations are constrained by the
capabilities allowed by the device and the link partner.
adv_fec_cap (read only) The current negotiated Forward Error Correction code.
secondary-macs A comma-separated list of additional MAC addresses that are allowed
on the interface.
tagmode This link property controls the conditions in which 802.1Q VLAN tags
will be inserted in packets being transmitted on the link. Two mode
values can be assigned to this property:
normal Insert a VLAN tag in outgoing packets under the following
conditions:
o The packet belongs to a VLAN.
o The user requested priority tagging.
vlanonly Insert a VLAN tag only when the outgoing packet belongs
to a VLAN. If a tag is being inserted in this mode and
the user has also requested a non-zero priority, the
priority is honored and included in the VLAN tag.
The default value is
vlanonly.
IP Tunnel Link Properties
The following IP tunnel link properties are supported.
hoplimit Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating outer
IP header of a tunnel link. This property exists for all tunnel
types. The default value is 64.
encaplimit Specifies the IPv6 encapsulation limit for an IPv6 tunnel as defined
in RFC 2473. This value is the tunnel nesting limit for a given
tunneled packet. The default value is 4. A value of 0 disables the
encapsulation limit.
EXAMPLES
Example 1: Configuring an Aggregation
To configure a data-link over an aggregation of devices
bge0 and
bge1 with key 1, enter the following command:
#
dladm create-aggr -d bge0 -d bge1 1 Example 2: Connecting to a WiFi Link
To connect to the most optimal available unsecured network on a system
with a single
WiFi link (as per the prioritization rules specified for
connect-wifi), enter the following command:
#
dladm connect-wifi Example 3: Creating a WiFi Key
To interactively create the
WEP key
mykey, enter the following command:
#
dladm create-secobj -c wep mykey Alternatively, to non-interactively create the
WEP key
mykey using the
contents of a file:
#
umask 077 #
cat >/tmp/mykey.$$ <<EOF 12345 EOF #
dladm create-secobj -c wep -f /tmp/mykey.$$ mykey #
rm /tmp/mykey.$$ Example 4: Connecting to a Specified Encrypted WiFi Link
To use key
mykey to connect to
ESSID wlan on link
ath0, enter the
following command:
#
dladm connect-wifi -k mykey -e wlan ath0 Example 5: Changing a Link Property
To set
powermode to the value
fast on link
pcwl0, enter the following
command:
#
dladm set-linkprop -p powermode=fast pcwl0 Example 6: Connecting to a WPA-Protected WiFi Link
Create a WPA key
psk and enter the following command:
#
dladm create-secobj -c wpa psk To then use key
psk to connect to ESSID
wlan on link
ath0, enter the
following command:
#
dladm connect-wifi -k psk -e wlan ath0 Example 7: Renaming a Link
To rename the
bge0 link to
mgmt0, enter the following command:
#
dladm rename-link bge0 mgmt0 Example 8: Replacing a Network Card
Consider that the
bge0 device, whose link was named
mgmt0 as shown in the
previous example, needs to be replaced with a
ce0 device because of a
hardware failure. The
bge0 NIC is physically removed, and replaced with a
new
ce0 NIC. To associate the newly added
ce0 device with the
mgmt0 configuration previously associated with
bge0, enter the following
command:
#
dladm rename-link ce0 mgmt0 Example 9: Removing a Network Card
Suppose that in the previous example, the intent is not to replace the
bge0 NIC with another NIC, but rather to remove and not replace the
hardware. In that case, the
mgmt0 datalink configuration is not slated to
be associated with a different physical device as shown in the previous
example, but needs to be deleted. Enter the following command to delete
the datalink configuration associated with the
mgmt0 datalink, whose
physical hardware (
bge0 in this case) has been removed:
#
dladm delete-phys mgmt0 Example 10: Using Parsable Output to Capture a Single Field
The following assignment saves the MTU of link
net0 to a variable named
mtu.
#
mtu=`dladm show-link -p -o mtu net0` Example 11: Using Parsable Output to Iterate over Links
The following script displays the state of each link on the system.
#
dladm show-link -p -o link,state | while IFS=: read link state; do print "Link $link is in state $state" done Example 12: Configuring VNICs
Create two VNICs with names
hello0 and
test1 over a single physical link
bge0:
#
dladm create-vnic -l bge0 hello0 #
dladm create-vnic -l bge0 test1 Example 13: Configuring VNICs and Allocating Bandwidth and Priority
Create two VNICs with names
hello0 and
test1 over a single physical link
bge0 and make
hello0 a high priority VNIC with a factory-assigned MAC
address with a maximum bandwidth of 50 Mbps. Make
test1 a low priority
VNIC with a random MAC address and a maximum bandwidth of 100Mbps.
#
dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0 #
dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1 Example 14: Configuring a VNIC with a Factory MAC Address
First, list the available factory MAC addresses and choose one of them:
#
dladm show-phys -m bge0 LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 no
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no
Create a VNIC named
hello0 and use slot 1's address:
#
dladm create-vnic -l bge0 -m factory -n 1 hello0 #
dladm show-phys -m bge0 LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 yes hello0
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no
Example 15: Creating a VNIC with User-Specified MAC Address, Binding it to
Set of Processors
Create a VNIC with name
hello0, with a user specified MAC address, and a
processor binding
0, 1, 2, 3.
#
dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,1,2,3 hello0 Example 16: Creating a Virtual Network Without a Physical NIC
First, create an etherstub with name
stub1:
#
dladm create-etherstub stub1 Create two VNICs with names
hello0 and
test1 on the etherstub. This
operation implicitly creates a virtual switch connecting
hello0 and
test1.
#
dladm create-vnic -l stub1 hello0 #
dladm create-vnic -l stub1 test1 Example 17: Showing Network Usage
Network usage statistics can be stored using the extended accounting
facility,
acctadm(8).
#
acctadm -e basic -f /var/log/net.log net #
acctadm net Network accounting: active
Network accounting file: /var/log/net.log
Tracked Network resources: basic
Untracked Network resources: src_ip,dst_ip,src_port,dst_port,protocol,
dsfield
The saved historical data can be retrieved in summary form using the
show-usage subcommand:
#
dladm show-usage -f /var/log/net.log LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
e1000g0 80 1031 546908 0 0 2.44 Kbps
Example 18: Displaying Bridge Information
The following commands use the
show-bridge subcommand with no and various
options.
#
dladm show-bridge BRIDGE PROTECT ADDRESS PRIORITY DESROOT
foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
#
dladm show-bridge -l foo LINK STATE UPTIME DESROOT
hme0 forwarding 117 8192/0:d0:0:76:14:38
qfe1 forwarding 117 8192/0:d0:0:76:14:38
#
dladm show-bridge -s foo BRIDGE DROPS FORWARDS
foo 0 302
#
dladm show-bridge -ls foo LINK DROPS RECV XMIT
hme0 0 360832 31797
qfe1 0 322311 356852
#
dladm show-bridge -f foo DEST AGE FLAGS OUTPUT
8:0:20:bc:a7:dc 10.860 -- hme0
8:0:20:bf:f9:69 -- L hme0
8:0:20:c0:20:26 17.420 -- hme0
8:0:20:e5:86:11 -- L qfe1
Example 19: Creating an IPv4 Tunnel
The following sequence of commands creates and then displays a persistent
IPv4 tunnel link named
mytunnel0 between 66.1.2.3 and 192.4.5.6:
#
dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0 #
dladm show-iptun mytunnel0 LINK TYPE FLAGS SOURCE DESTINATION
mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
A point-to-point IP interface can then be created over this tunnel link:
#
ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up As with any other IP interface, configuration persistence for this IP
interface is achieved by placing the desired
ifconfig commands (in this
case, the command for "
10.1.0.1 10.1.0.2") into
/etc/hostname.mytunnel0.
Example 20: Creating a 6to4 Tunnel
The following command creates a 6to4 tunnel link. The IPv4 address of the
6to4 router is 75.10.11.12.
#
dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0 #
dladm show-iptun sitetunnel0 LINK TYPE FLAGS SOURCE DESTINATION
sitetunnel0 6to4 -- 75.10.11.12 --
The following command plumbs an IPv6 interface on this tunnel:
#
ifconfig sitetunnel0 inet6 plumb up #
ifconfig sitetunnel0 inet6 sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
inet tunnel src 75.10.11.12
tunnel hop limit 64
inet6 2002:4b0a:b0c::1/16
Note that the system automatically configures the IPv6 address on the
6to4 IP interface. See
ifconfig(8) for a description of how IPv6
addresses are configured on 6to4 tunnel links.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
/usr/sbin +--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
/sbin +--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
SEE ALSO
dlpi(4P),
attributes(7),
ieee802.3(7),
overlay(7),
acctadm(8),
autopush(8),
ifconfig(8),
ipsecconf(8),
ndd(8),
psrset(8),
wpad(8),
zonecfg(8) R. Droms, Ed., J. Bound, B. Volz, T. Lemon, C. Perkins, M. Carney.
RFC 3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6). The Internet
Society. July 2003.
T. Lemon, B. Sommerfeld. February 2006.
RFC 4361: Node-specific Client Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4). The Internet Society. January 2006.
NOTES
The preferred method of referring to an aggregation in the aggregation
subcommands is by its link name. Referring to an aggregation by its
integer
key is supported for backward compatibility, but is not
necessary. When creating an aggregation, if a
key is specified instead of
a link name, the aggregation's link name will be automatically generated
by
dladm as
aggrkey.
February 1, 2022
DLADM(8)