DLADM(8) Maintenance Commands and Procedures DLADM(8)

NAME

dladm - administer data links

SYNOPSIS

dladm help

dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
dladm rename-link [-R root-dir] [-z zonename] link new-link

dladm delete-phys phys-link
dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]

dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] -l ether-link [-l ether-link]... aggr-link
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] aggr-link
dladm delete-aggr [-t] [-R root-dir] aggr-link
dladm add-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link
dladm remove-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link
dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-link]

dladm create-bridge [-R root-dir] [-P protect] [-p priority] [-m max-age]
[-h hello-time] [-d forward-delay] [-f force-protocol] [-l link]...
bridge-name
dladm modify-bridge [-R root-dir] [-P protect] [-p priority] [-m max-age]
[-h hello-time] [-d forward-delay] [-f force-protocol] bridge-name
dladm delete-bridge [-R root-dir] bridge-name
dladm add-bridge [-R root-dir] -l link [-l link]... bridge-name
dladm remove-bridge [-R root-dir] -l link [-l link]... bridge-name
dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field[,...]]
bridge-name

dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
dladm delete-vlan [-t] [-R root-dir] vlan-link
dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]

dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none|wep|wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g]
[-T time] [wifi-link]
dladm disconnect-wifi [-a] [wifi-link]
dladm show-wifi [[-p] -o field[,...]] [wifi-link]

dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]

dladm set-linkprop [-t] [-R root-dir] [-z zonename] -p prop=value[,...]
link
dladm reset-linkprop [-t] [-R root-dir] [-z zonename] [-p prop[,...]] link
dladm show-linkprop [-P] [-z zonename] [[-c] -o field[,...]]
[-p prop[,...]] [link]

dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
dladm show-secobj [-P] [[-p] -o field[,...]] [secobj[,...]]

dladm create-vnic [-t] [-R root-dir] -l link [-m value | auto |
factory -n slot-identifier | random [-r prefix]] [-v vlan-id]
[-p prop=value[,...]] vnic-link
dladm delete-vnic [-t] [-R root-dir] [-z zonename] vnic-link
dladm show-vnic [-P] [[-p] -o field[,...]] [-s [-i interval]] [-l link]
[vnic-link]

dladm create-etherstub [-t] [-R root-dir] etherstub
dladm delete-etherstub [-t] [-R root-dir] etherstub
dladm show-etherstub [etherstub]

dladm create-iptun [-t] [-R root-dir] -T type
[-a {local|remote}=addr[,...]] iptun-link
dladm modify-iptun [-t] [-R root-dir] [-a {local|remote}=addr[,...]]
iptun-link
dladm delete-iptun [-t] [-R root-dir] iptun-link
dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]

dladm create-overlay [-t] -e encap -s search -v vnetid
[-p prop=value[,...]] overlay
dladm delete-overlay [-t] overlay
dladm modify-overlay -d mac | -f | -s mac=ip:port overlay
dladm show-overlay [-f | -t] [[-p] -o field[,...]] [overlay]

dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
[-e time] [link]

DESCRIPTION

The dladm command is used to administer data-links. A data-link is
represented in the system as a STREAMS DLPI (v2) interface which can be
plumbed under protocol stacks such as TCP/IP. Each data-link relies on
either a single network device or an aggregation of devices to send packets
to or receive packets from a network.

Each dladm subcommand operates on one of the following objects:

link A datalink, identified by a name. In general, the name can use
any alphanumeric characters or underscore (_), but must start
with an alphabetic character and end with a number. A datalink
name can be at most 31 characters, and the ending number must be
between 0 and 4294967294 (inclusive). The ending number must
not begin with a zero. Datalink names between 3 and 8
characters are recommended.

Some subcommands operate only on certain types or classes of
datalinks. For those cases, the following object names are
used:

phys-link A physical datalink.

vlan-link A VLAN datalink.

aggr-link An aggregation datalink (or a key; see NOTES).

ether-link A physical Ethernet datalink.

wifi-link A WiFi datalink.

vnic-link A virtual network interface created on a link, an
etherstub, or an overlay. It is a pseudo device
that can be treated as if it were an network
interface card on a machine.

iptun-link An IP tunnel link.

dev A network device, identified by concatenation of a driver name
and an instance number.

etherstub An Ethernet stub can be used instead of a physical NIC to create
VNICs. VNICs created on an etherstub will appear to be
connected through a virtual switch, allowing complete virtual
networks to be built without physical hardware.

bridge A bridge instance, identified by an administratively-chosen
name. The name may use any alphanumeric characters or the
underscore, (_), but must start and end with an alphabetic
character. A bridge name can be at most 31 characters. The
name `default' is reserved, as are all names starting with
`SUNW'.

Note that appending a zero (0) to a bridge name produces a valid
link name, used for observability.

secobj A secure object, identified by an administratively-chosen name.
The name can use any alphanumeric characters, as well as
underscore (_), dot (.), and hyphen (-). A secure object name
can be at most 32 characters.

overlay An overlay instance, identified by an administratively-chosen
name. An overlay can be used to create or join an existing
software defined network. VNICs created on an overlay will
appear to be connected by a local virtual switch and will also
be connected to interfaces on matching overlays provided by
other hosts. For more information on overlay devices, see
overlay(7).

Options

Each dladm subcommand has its own set of options. However, many of the
subcommands have the following as a common option:

-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where the operation -- such as
creation, deletion, or renaming -- should apply.

SUBCOMMANDS

When invoked with no arguments, dladm shows the link configuration
information, in the same way as dladm show-link.

The following subcommands are supported:

dladm help
Display brief command usage.

dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]

Show link configuration information (the default) or statistics,
either for all datalinks or for the link. By default, the system is
configured with one datalink for each known network device.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. When not modified by the -s option (described below),
the field name must be one of the fields listed below, or the
special value all to display all fields. By default (without
-o), show-link displays all fields.

LINK The name of the datalink.

CLASS The class of the datalink. dladm distinguishes between
the following classes:

phys A physical datalink. The show-phys
subcommand displays more detail for this
class of datalink.

aggr An IEEE 802.3ad link aggregation. The
show-aggr subcommand displays more detail
for this class of datalink.

etherstub An Ethernet stub. The show-etherstub
subcommand displays more detail for this
class of datalink.

overlay An overlay. The show-overlay subcommand
displays more detail for this class of
datalink.

vlan A VLAN datalink. The show-vlan subcommand
displays more detail for this class of
datalink.

vnic A virtual network interface. The show-vnic
subcommand displays more detail for this
class of datalink.

misc A generic datalink without any other class-
specific properties. Generally used to
indicate a pseudo device that doesn't
otherwise correspond to one of the above
classes.

MTU The maximum transmission unit size for the datalink
being displayed.

STATE The link state of the datalink. The state can be `up',
`down', or `unknown'.

BRIDGE The name of the bridge to which this link is assigned,
if any.

OVER The physical datalink(s) over which the datalink is
operating. This applies to aggr, bridge, and vlan
classes ov datalinks. A VLAN is created over a single
physical datalink, a bridge has multiple attached
links, and an aggregation is comprised of one or more
physical datalinks.

When the -o option is used in conjunction with the -s option,
used to display link statistics, the field name must be one of
the fields listed below, or the special value all to display
all fields.

LINK The name of the datalink.

IPACKETS Number of packets received on this link.

RBYTES Number of bytes received on this link.

IERRORS Number of input errors.

OPACKETS Number of packets sent on this link.

OBYTES Number of bytes sent on this link.

OERRORS Number of output errors.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-P, --persistent
Display the persistent link configuration.

-s, --statistics
Display link statistics.

-i interval, -interval= interval
Used with the -s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.

dladm rename-link [-R root-dir] [-z zonename] link new-link

Rename link to new-link. This is used to give a link a meaningful
name, or to associate existing link configuration such as link
properties of a removed device with a new device. See the EXAMPLES
section for specific examples of how this subcommand is used.

-R root-dir, -root-dir=root-dir
See Options, above.

-z zonename
A link assigned to a zone can only be renamed while the zone is
in the ready state.

dladm delete-phys phys-link

This command is used to delete the persistent configuration of a link
associated with physical hardware which has been removed from the
system. See the EXAMPLES section.

dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]

Show the physical device and attributes of all physical links, or of
the named physical link. Without -P, only physical links that are
available on the running system are displayed.

-H Show hardware resource usage, as returned by the NIC driver.
Output from -H displays the following elements:

LINK A physical device corresponding to a NIC driver.

RINGTYPE RX or TX. All rings in a group are of the same
group type.

RINGS A hardware resource used by a data link, subject to
assignment by a driver to different groups.

CLIENTS MAC clients that are using the rings within a group.

-m Show MAC addresses and related information. Output from -m
displays the following elements:

LINK A physical device corresponding to a NIC driver.

SLOT When a given physical device has multiple factory
MAC addresses, this indicates the slot of the
corresponding MAC address which can be used as part
of a call to create-vnic.

ADDRESS Displays the MAC address of the device.

INUSE Displays whether or not a MAC Address is actively
being used.

CLIENT MAC clients that are using the address.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all, to display all fields. Note
that if either -H or -m are specified, then the valid options
are those described in their respective sections. For each
link, the following fields can be displayed:

LINK The name of the datalink.

MEDIA The media type provided by the physical datalink.

STATE The state of the link. This can be `up', `down', or
`unknown'.

SPEED The current speed of the link, in megabits per
second.

DUPLEX For Ethernet links, the full/half duplex status of
the link is displayed if the link state is up. The
duplex is displayed as unknown in all other cases.

DEVICE The name of the physical device under this link.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-P, --persistent
This option displays persistent configuration for all links,
including those that have been removed from the system. The
output provides a FLAGS column in which the r flag indicates
that the physical device associated with a physical link has
been removed. For such links, delete-phys can be used to purge
the link's configuration from the system.

dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] -l ether-link [-l -ether-link]... aggr-link

Combine a set of links into a single IEEE 802.3ad link aggregation
named aggr-link. The use of an integer key to generate a link name
for the aggregation is also supported for backward compatibility.
Many of the -aggr subcommands below also support the use of a key to
refer to a given aggregation, but use of the aggregation link name is
preferred. See the NOTES section for more information on keys.

dladm supports a number of port selection policies for an aggregation
of ports. (See the description of the -P option, below). If you do
not specify a policy, create-aggr uses the L4 policy, described under
the -P option.

-l ether-link, --link=ether-link
Each Ethernet link (or port) in the aggregation is specified
using an -l option followed by the name of the link to be
included in the aggregation. Multiple links are included in
the aggregation by specifying multiple -l options. For
backwards compatibility, the dladm command also supports the
using the -d option (or --dev) with a device name to specify
links by their underlying device name. The other -aggr
subcommands that take -l options also accept -d.

-t, --temporary
Specifies that the aggregation is temporary. Temporary
aggregations last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-P policy, --policy=policy
Specifies the port selection policy to use for load spreading
of outbound traffic. The policy specifies which dev object is
used to send packets. A policy is a list of one or more layers
specifiers separated by commas. A layer specifier is one of
the following:

L2 Select outbound device according to source and
destination MAC addresses of the packet.

L3 Select outbound device according to source and
destination IP addresses of the packet.

L4 Select outbound device according to the upper layer
protocol information contained in the packet. For TCP
and UDP this includes source and destination ports. For
IPsec, this includes the SPI (Security Parameters Index).

For example, to use upper layer protocol information, the
following policy can be used:

-P L4

Note that policy L4 is the default.

To use the source and destination MAC addresses as well as the
source and destination IP addresses, the following policy can
be used:

-P L2,L3

-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used, the mode in
which it should operate. Supported values are off, active or
passive.

-T time, --lacp-timer=mode
Specifies the LACP timer value. The supported values are short
or long.

-u address, --unicast=address
Specifies a fixed unicast hardware address to be used for the
aggregation. If this option is not specified, then an address
is automatically chosen from the set of addresses of the
component devices.

dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] aggr-link

Modify the parameters of the specified aggregation.

-t, --temporary
Specifies that the modification is temporary. Temporary
modifications last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-P policy, --policy=policy
Specifies the port selection policy to use for load spreading
of outbound traffic. See dladm create-aggr for a description
of valid policy values.

-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used, the mode in
which it should operate. Supported values are off, active, or
passive.

-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values are short
or long.

-u address, --unicast=address
Specifies a fixed unicast hardware address to be used for the
aggregation. If this option is not specified, then an address
is automatically chosen from the set of addresses of the
component devices.

dladm delete-aggr [-t] [-R root-dir] aggr-link

Deletes the specified aggregation.

-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm add-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link

Adds links to the specified aggregation.

-l ether-link, --link=ether-link
Specifies an Ethernet link to add to the aggregation. Multiple
links can be added by supplying multiple -l options.

-t, --temporary
Specifies that the additions are temporary. Temporary
additions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm remove-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link

Removes links from the specified aggregation.

-l ether-link, --link=ether-link
Specifies an Ethernet link to remove from the aggregation.
Multiple links can be removed by supplying multiple -l options.

-t, --temporary
Specifies that the removals are temporary. Temporary removals
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-link]

Show aggregation configuration (the default), LACP information, or
statistics, either for all aggregations or for the specified
aggregation.

By default (with no options), the following fields can be displayed:

LINK The name of the aggregation link.

POLICY The LACP policy of the aggregation. See the
create-aggr -P option for a description of the possible
values.

ADDRPOLICY Either `auto', if the aggregation is configured to
automatically configure its unicast MAC address (the
default if the -u option was not used to create or
modify the aggregation), or `fixed', if -u was used to
set a fixed MAC address.

LACPACTIVITY The LACP mode of the aggregation. Possible values are
`off', `active', or `passive', as set by the -l option
to create-aggr or modify-aggr.

LACPTIMER The LACP timer value of the aggregation as set by the
-T option of create-aggr or modify-aggr.

FLAGS A set of state flags associated with the aggregation.
The only possible flag is `f', which is displayed if
the administrator forced the creation the aggregation
using the -f option to create-aggr. Other flags might
be defined in the future.

The show-aggr command accepts the following options:

-L, --lacp
Displays detailed LACP information for the aggregation link and
each underlying port. Most of the state information displayed
by this option is defined by IEEE 802.3. With this option, the
following fields can be displayed:

LINK The name of the aggregation link.

PORT The name of one of the underlying aggregation
ports.

AGGREGATABLE Whether the port can be added to the aggregation.

SYNC If `yes', the system considers the port to be
synchronized and part of the aggregation.

COLL If `yes', collection of incoming frames is
enabled on the associated port.

DIST If `yes', distribution of outgoing frames is
enabled on the associated port.

DEFAULTED If `yes', the port is using defaulted partner
information (that is, has not received LACP data
from the LACP partner).

EXPIRED If `yes', the receive state of the port is in the
EXPIRED state.

-x, --extended
Display additional aggregation information including detailed
information on each underlying port. With -x, the following
fields can be displayed:

LINK The name of the aggregation link.

PORT The name of one of the underlying aggregation
ports.

SPEED The speed of the link or port in megabits per
second.

DUPLEX The full/half duplex status of the link or port
is displayed if the link state is `up'. The
duplex status is displayed as `unknown' in all
other cases.

STATE The link state. This can be `up', `down', or
`unknown'.

ADDRESS The MAC address of the link or port.

PORTSTATE This indicates whether the individual aggregation
port is in the `standby' or `attached' state.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
above, or the special value all, to display all fields. The
fields applicable to the -o option are limited to those listed
under each output mode. For example, if using -L, only the
fields listed under -L, above, can be used with -o.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-p, --persistent
Display the persistent aggregation configuration rather than
the state of the running system.

-s, --statistics
Displays aggregation statistics.

-i interval, --interval=interval
Used with the -s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.

dladm create-bridge [-R root-dir] [-P protect] [-p priority] [-m max-age]
[-h hello-time] [-d forward-delay] [-f force-protocol] [-l link]...
bridge-name

Create an 802.1D bridge instance and optionally assign one or more
network links to the new bridge. By default, no bridge instances are
present on the system.

In order to bridge between links, you must create at least one bridge
instance. Each bridge instance is separate, and there is no
forwarding connection between bridges.

-P protect, --protect=protect
Specifies a protection method. The defined protection methods
are stp for the Spanning Tree Protocol and trill for TRILL,
which is used on RBridges. The default value is stp.

-R root-dir, --root-dir=root-dir
See Options, above.

-p priority, --priority=priority
Specifies the Bridge Priority. This sets the IEEE STP priority
value for determining the root bridge node in the network. The
default value is 32768. Valid values are 0 (highest priority)
to 61440 (lowest priority), in increments of 4096.

If a value not evenly divisible by 4096 is used, the system
silently rounds downwards to the next lower value that is
divisible by 4096.

-m max-age, --max-age=max-age
Specifies the maximum age for configuration information in
seconds. This sets the STP Bridge Max Age parameter. This
value is used for all nodes in the network if this node is the
root bridge. Bridge link information older than this time is
discarded. It defaults to 20 seconds. Valid values are from 6
to 40 seconds. See the -d forward-delay parameter for
additional constraints.

-h hello-time, --hello-time=hello-time
Specifies the STP Bridge Hello Time parameter. When this node
is the root node, it sends Configuration BPDUs at this interval
throughout the network. The default value is 2 seconds. Valid
values are from 1 to 10 seconds. See the -d forward-delay
parameter for additional constraints.

-d forward-delay, --forward-delay=forward-delay
Specifies the STP Bridge Forward Delay parameter. When this
node is the root node, then all bridges in the network use this
timer to sequence the link states when a port is enabled. The
default value is 15 seconds. Valid values are from 4 to 30
seconds.

Bridges must obey the following two constraints:

2 * (forward-delay - 1.0) >= max-age

max-age >= 2 * (hello-time + 1.0)

Any parameter setting that would violate those constraints is
treated as an error and causes the command to fail with a
diagnostic message. The message provides valid alternatives to
the supplied values.

-f force-protocol, --force-protocol=force-protocol
Specifies the MSTP forced maximum supported protocol. The
default value is 3. Valid values are non-negative integers.
The current implementation does not support RSTP or MSTP, so
this currently has no effect. However, to prevent MSTP from
being used in the future, the parameter may be set to 0 for STP
only or 2 for STP and RSTP.

-l link, --link=link
Specifies one or more links to add to the newly-created bridge.
This is similar to creating the bridge and then adding one or
more links, as with the add-bridge subcommand. However, if any
of the links cannot be added, the entire command fails, and the
new bridge itself is not created. To add multiple links on the
same command line, repeat this option for each link. You are
permitted to create bridges without links. For more
information about link assignments, see the add-bridge
subcommand.

Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG
privilege. Bridge creation might fail if the optional bridging
feature is not installed on the system.

dladm modify-bridge [-R root-dir] [-P protect] [-p priority] [-m max-age]
[-h hello-time] [-d forward-delay] [-f force-protocol] bridge-name

Modify the operational parameters of an existing bridge. The options
are the same as for the create-bridge subcommand, except that the -l
option is not permitted. To add links to an existing bridge, use the
add-bridge subcommand.

Bridge parameter modification requires the PRIV_SYS_DL_CONFIG
privilege.

dladm delete-bridge [-R root-dir] bridge-name
Delete a bridge instance. The bridge being deleted must not have any
attached links. Use the remove-bridge subcommand to deactivate links
before deleting a bridge.

Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.

The -R (--root-dir) option is the same as for the create-bridge
subcommand.

dladm add-bridge [-R root-dir] -l link [-l link]... bridge-name

Add one or more links to an existing bridge. If multiple links are
specified, and adding any one of them results in an error, the
command fails and no changes are made to the system.

Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privilege.

A link may be a member of at most one bridge. An error occurs when
you attempt to add a link that already belongs to another bridge. To
move a link from one bridge instance to another, remove it from the
current bridge before adding it to a new one.

The links assigned to a bridge must not also be VLANs, VNICs, or
tunnels. Only physical Ethernet datalinks, aggregation datalinks,
wireless links, and Ethernet stubs are permitted to be assigned to a
bridge.

Links assigned to a bridge must all have the same MTU. This is
checked when the link is assigned. The link is added to the bridge
in a deactivated form if it is not the first link on the bridge and
it has a differing MTU.

Note that systems using bridging should not set the eeprom(8)
local-mac-address? variable to false.

The options are the same as for the create-bridge subcommand.

dladm remove-bridge [-R root-dir] -l link [-l link]... bridge-name

Remove one or more links from a bridge instance. If multiple links
are specified, and removing any one of them would result in an error,
the command fails and none are removed.

Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privilege.

The options are the same as for the create-bridge subcommand.

dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field[,...]]
bridge-name

Show the running status and configuration of bridges, their attached
links, learned forwarding entries, and TRILL nickname databases.
When showing overall bridge status and configuration, the bridge name
can be omitted to show all bridges. The other forms require a
specified bridge.

The show-bridge subcommand accepts the following options:

-i interval, --interval=interval
Used with the -s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.

-s, --statistics
Display statistics for the specified bridges or for a given
bridge's attached links. This option cannot be used with the
-f and -t options.

-p, --parsable
Display using a stable machine-parsable format. See Parsable
Output Format, below.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field names are described below. The special
value all displays all fields. Each set of fields has its own
default set to display when -o is not specified.

By default, the show-bridge subcommand shows bridge configuration.
The following fields can be shown:

BRIDGE The name of the bridge.

ADDRESS The Bridge Unique Identifier value (MAC address).

PRIORITY Configured priority value; set by -p with create-bridge
and modify-bridge.

BMAXAGE Configured bridge maximum age; set by -m with
create-bridge and modify-bridge.

BHELLOTIME Configured bridge hello time; set by -h with
create-bridge and modify-bridge.

BFWDDELAY Configured forwarding delay; set by -d with create-bridge
and modify-bridge.

FORCEPROTO Configured forced maximum protocol; set by -f with
create-bridge and modify-bridge.

TCTIME Time, in seconds, since last topology change.

TCCOUNT Count of the number of topology changes.

TCHANGE This indicates that a topology change was detected.

DESROOT Bridge Identifier of the root node.

ROOTCOST Cost of the path to the root node.

ROOTPORT Port number used to reach the root node.

MAXAGE Maximum age value from the root node.

HELLOTIME Hello time value from the root node.

FWDDELAY Forward delay value from the root node.

HOLDTIME Minimum BPDU interval.

By default, when the -o option is not specified, only the BRIDGE,
ADDRESS, PRIORITY, and DESROOT fields are shown.

When the -s option is specified, the show-bridge subcommand shows
bridge statistics. The following fields can be shown:

BRIDGE Bridge name.

DROPS Number of packets dropped due to resource problems.

FORWARDS Number of packets forwarded from one link to another.

MBCAST Number of multicast and broadcast packets handled by the
bridge.

RECV Number of packets received on all attached links.

SENT Number of packets sent on all attached links.

UNKNOWN Number of packets handled that have an unknown
destination. Such packets are sent to all links.

By default, when the -o option is not specified, only the BRIDGE,
DROPS, and FORWARDS fields are shown.

The show-bridge subcommand also accepts the following options:

-l, --link
Displays link-related status and statistics information for all
links attached to a single bridge instance. By using this
option and without the -s option, the following fields can be
displayed for each link:

LINK The link name.

INDEX Port (link) index number on the bridge.

STATE State of the link. The state can be `disabled',
`discarding', `learning', `forwarding', `non-stp',
or `bad-mtu'.

UPTIME Number of seconds since the last reset or
initialization.

OPERCOST Actual cost in use (1-65535).

OPERP2P This indicates whether point-to-point (P2P) mode
been detected.

OPEREDGE This indicates whether edge mode has been detected.

DESROOT The Root Bridge Identifier that has been seen on
this port.

DESCOST Path cost to the network root node through the
designated port.

DESBRIDGE Bridge Identifier for this port.

DESPORT The ID and priority of the port used to transmit
configuration messages for this port.

TCACK This indicates whether Topology Change Acknowledge
has been seen.

When the -l option is specified without the -o option, only the
LINK, STATE, UPTIME, and DESROOT fields are shown.

When the -l option is specified, the -s option can be used to
display the following fields for each link:

LINK Link name.

CFGBPDU Number of configuration BPDUs received.

TCNBPDU Number of topology change BPDUs received.

RSTPBPDU Number of Rapid Spanning Tree BPDUs received.

TXBPDU Number of BPDUs transmitted.

DROPS Number of packets dropped due to resource problems.

RECV Number of packets received by the bridge.

XMIT Number of packets sent by the bridge.

When the -o option is not specified, only the LINK, DROPS,
RECV, and XMIT fields are shown.

-f, --forwarding
Displays forwarding entries for a single bridge instance. With
this option, the following fields can be shown for each
forwarding entry:

DEST Destination MAC address.

AGE Age of entry in seconds and milliseconds. Omitted for
local entries.

FLAGS The L (local) flag is shown if the MAC address belongs
to an attached link or to a VNIC on one of the
attached links.

OUTPUT For local entries, this is the name of the attached
link that has the MAC address. Otherwise, for bridges
that use Spanning Tree Protocol, this is the output
interface name. For RBridges, this is the output
TRILL nickname.

When the -o option is not specified, the DEST, AGE, FLAGS, and
OUTPUT fields are shown.

-t, --trill
Displays TRILL nickname entries for a single bridge instance.
With this option, the following fields can be shown for each
TRILL nickname entry:

NICK TRILL nickname for this RBridge, which is a number
from 1 to 65535.

FLAGS The L flag is shown if the nickname identifies the
local system.

LINK Link name for output when sending messages to this
RBridge.

NEXTHOP MAC address of the next hop RBridge that is used to
reach the RBridge with this nickname.

When the -o option is not specified, the NICK, FLAGS, LINK, and
NEXTHOP fields are shown.

dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]

Create a tagged VLAN link with an ID of vid over Ethernet link
ether-link. The name of the VLAN link can be specified as vlan-
link. If the name is not specified, a name will be automatically
generated (assuming that ether-link is namePPA) as:

<name><1000 * vid + PPA>

For example, if ether-link is bge1 and vid is 2, the name generated
is bge2001.

-f, --force
Force the creation of the VLAN link. Some devices do not allow
frame sizes large enough to include a VLAN header. When
creating a VLAN link over such a device, the -f option is
needed, and the MTU of the IP interfaces on the resulting VLAN
must be set to 1496 instead of 1500.

-l ether-link
Specifies Ethernet link over which VLAN is created.

-t, --temporary
Specifies that the VLAN link is temporary. Temporary VLAN
links last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm delete-vlan [-t] [-R root-dir] vlan-link

Delete the VLAN link specified.

The delete-vlan subcommand accepts the following options:

-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]

Display VLAN configuration for all VLAN links or for the specified
VLAN link.

The show-vlan subcommand accepts the following options:

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all, to display all fields. For
each VLAN link, the following fields can be displayed:

LINK The name of the VLAN link.

VID The ID associated with the VLAN.

OVER The name of the physical link over which this VLAN is
configured.

FLAGS A set of flags associated with the VLAN link. Possible
flags are:

-f The VLAN was created using the -f option to
create-vlan.

-i The VLAN was implicitly created when the DLPI link
was opened. These VLAN links are automatically
deleted on last close of the DLPI link (for
example, when the IP interface associated with the
VLAN link is unplumbed).

Additional flags may be defined in the future.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-P, --persistent
Display the persistent VLAN configuration rather than the state
of the running system.

dladm scan-wifi [[-p] -o field[,...]] [wifi-link]

Scans for WiFi networks, either on all WiFi links, or just on the
specified wifi-link.

By default, currently all fields but BSSTYPE are displayed.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all to display all fields. For
each WiFi network found, the following fields can be displayed:

LINK The name of the link the WiFi network is on.

ESSID The ESSID (name) of the WiFi network.

BSSID Either the hardware address of the WiFi network's
Access Point (for BSS networks), or the WiFi
network's randomly generated unique token (for IBSS
networks).

SEC Either `none' for a WiFi network that uses no
security, `wep' for a WiFi network that requires WEP
(Wired Equivalent Privacy), or `wpa' for a WiFi
network that requires WPA (Wi-Fi Protected Access).

MODE The supported connection modes: one or more of `a',
`b', or `g'.

STRENGTH The strength of the signal: one of `excellent', `very
good', `good', `weak', or `very weak'.

SPEED The maximum speed of the WiFi network, in megabits
per second.

BSSTYPE Either `bss' for `BSS' (infrastructure) networks, or
`ibss' for `IBSS' (ad-hoc) networks.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none|wep|wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T
time] [wifi-link]

Connects to a WiFi network. This consists of four steps: discovery,
filtration, prioritization, and association. However, to enable
connections to non-broadcast WiFi networks and to improve
performance, if a BSSID or ESSID is specified using the -e or -i
options, then the first three steps are skipped and connect-wifi
immediately attempts to associate with a BSSID or ESSID that matches
the rest of the provided parameters. If this association fails, but
there is a possibility that other networks matching the specified
criteria exist, then the traditional discovery process begins as
specified below.

The discovery step finds all available WiFi networks on the specified
WiFi link, which must not yet be connected. For administrative
convenience, if there is only one WiFi link on the system, wifi-link
can be omitted.

Once discovery is complete, the list of networks is filtered
according to the value of the following options:

-e essid, --essid=essid
Networks that do not have the same essid are filtered out.

-b bss|ibss, --bsstype=bss|ibss
Networks that do not have the same bsstype are filtered out.

-m a|b|g, --mode=a|b|g
Networks not appropriate for the specified 802.11 mode are
filtered out.

-k key[,...], --key=key[,...]
Use the specified secobj named by the key to connect to the
network. Networks not appropriate for the specified keys are
filtered out.

-s none|wep|wpa, --sec=none|wep|wpa
Networks not appropriate for the specified security mode are
filtered out.

Next, the remaining networks are prioritized, first by signal
strength, and then by maximum speed. Finally, an attempt is made to
associate with each network in the list, in order, until one succeeds
or no networks remain.

In addition to the options described above, the following options
also control the behavior of connect-wifi:

-a open|shared, --auth=open|shared
Connect using the specified authentication mode. By default,
open and shared are tried in order.

-c, --create-ibss
Used with -b ibss to create a new ad-hoc network if one
matching the specified ESSID cannot be found. If no ESSID is
specified, then -c -b ibss always triggers the creation of a
new ad-hoc network.

-T time, --timeout=time
Specifies the number of seconds to wait for association to
succeed. If time is forever, then the associate will wait
indefinitely. The current default is ten seconds, but this
might change in the future. Timeouts shorter than the default
might not succeed reliably.

-k key[,...], --key=key[,...]
In addition to the filtering previously described, the
specified keys will be used to secure the association. The
security mode to use will be based on the key class; if a
security mode was explicitly specified, it must be compatible
with the key class. All keys must be of the same class.

For security modes that support multiple key slots, the slot to
place the key will be specified by a colon followed by an
index. Therefore, -k mykey:3 places mykey in slot 3. By
default, slot 1 is assumed. For security modes that support
multiple keys, a comma-separated list can be specified, with
the first key being the active key.

dladm disconnect-wifi [-a] [wifi-link]

Disconnect from one or more WiFi networks. If wifi-link specifies a
connected WiFi link, then it is disconnected. For administrative
convenience, if only one WiFi link is connected, wifi-link can be
omitted.

-a, --all-links
Disconnects from all connected links. This is primarily
intended for use by scripts.

dladm show-wifi [[-p] -o field[,...]] [wifi-link]

Shows WiFi configuration information either for all WiFi links or for
the specified wifi-link.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all, to display all fields. For
each WiFi link, the following fields can be displayed:

LINK The name of the link being displayed.

STATUS Either `connected' if the link is connected, or
`disconnected' if it is not connected. If the link
is disconnected, all remaining fields have the value
`--'.

ESSID The ESSID (name) of the connected WiFi network.

BSSID Either the hardware address of the WiFi network's
Access Point (for BSS networks), or the WiFi
network's randomly generated unique token (for IBSS
networks).

SEC Either `none' for a WiFi network that uses no
security, `wep' for a WiFi network that requires WEP,
or `wpa' for a WiFi network that requires WPA.

MODE The supported connection modes: one or more of `a',
`b', or `g'.

STRENGTH The connection strength: one of `excellent', `very
good', `good', `weak', or `very weak'.

SPEED The connection speed, in megabits per second.

AUTH Either `open' or `shared' (see connect-wifi).

BSSTYPE Either `bss' for `BSS' (infrastructure) networks, or
`ibss' for `IBSS' (ad-hoc) networks.

By default, currently all fields but AUTH, BSSID, and BSSTYPE
are displayed.

-p, --parsable
Displays using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]

Shows state information either for all physical Ethernet links or for
a specified physical Ethernet link.

The show-ether subcommand accepts the following options:

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all to display all fields. For
each link, the following fields can be displayed:

LINK The name of the link being displayed.

PTYPE Parameter type, where `current' indicates the negotiated
state of the link, `capable' indicates capabilities
supported by the device, `adv' indicates the advertised
capabilities, and `peeradv' indicates the capabilities
advertised by the link-partner.

STATE The state of the link.

AUTO A yes/no value indicating whether auto-negotiation is
advertised.

SPEED-DUPLEX
Combinations of speed and duplex values available. The
units of speed are encoded with a trailing suffix of `G'
(Gigabits/s) or `M' (Mb/s). Duplex values are encoded
as `f' (full-duplex) or `h' (half-duplex).

PAUSE Flow control information. Can be `no', indicating no
flow control is available; `tx', indicating that the
end-point can transmit pause frames, but ignores any
received pause frames; `rx', indicating that the end-
point receives and acts upon received pause frames; or
`bi', indicating bi-directional flow-control.

REM_FAULT
Fault detection information. Valid values are `none' or
`fault'.

By default, all fields except REM_FAULT are displayed for the
"current" PTYPE.

-p, --parsable
Displays using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-x, --extended
Extended output is displayed for PTYPE values of `current',
`capable', `adv' and `peeradv'.

dladm set-linkprop [-t] [-R root-dir] [-z zonename] -p prop=value[,...]
link

Sets the values of one or more properties on the link specified. The
list of properties and their possible values depend on the link type,
the network device driver, and networking hardware. These properties
can be retrieved using show-linkprop.

-t, --temporary
Specifies that the changes are temporary. Temporary changes
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-z zonename
Operate on a link that has been delegated to the specified
zone.

-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the specified
values.

Note that when the persistent value is set, the temporary value
changes to the same value.

dladm reset-linkprop [-t] [-R root-dir] [-z zonename] [-p prop[,...]] link

Resets one or more properties to their values on the link specified.
Properties are reset to the values they had at startup. If no
properties are specified, all properties are reset. See
show-linkprop for a description of properties.

-t, --temporary
Specifies that the resets are temporary. Values are reset to
default values. Temporary resets last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-z zonename
Operate on a link that has been delegated to the specified
zone.

-p prop[,...], --prop=prop[,...]
A comma-separated list of properties to reset.

Note that when the persistent value is reset, the temporary value
changes to the same value.

dladm show-linkprop [-P] [-z zonename] [[-c] -o field[,...]] [-p
prop[,...]] [link]

Show the current or persistent values of one or more properties,
either for all datalinks or for the specified link. By default,
current values are shown. If no properties are specified, all
available link properties are displayed. For each property, the
following fields are displayed:

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all to display all fields. For
each link, the following fields can be displayed:

LINK The name of the datalink.

PROPERTY The name of the property.

PERM The read/write permissions of the property. The
value shown is one of `ro' or `rw'.

VALUE The current (or persistent) property value. If the
value is not set, it is shown as `--'. If it is
unknown, the value is shown as `'?. Persistent
values that are not set or have been reset will be
shown as `--' and will use the system DEFAULT value
(if any).

DEFAULT The default value of the property. If the property
has no default value, `--' is shown.

POSSIBLE A comma-separated list of the values the property can
have. If the values span a numeric range, `min-max'
might be shown as shorthand. If the possible values
are unknown or unbounded, `--' is shown.

The list of properties depends on the link type and network
device driver, and the available values for a given property
further depends on the underlying network hardware and its
state. General link properties are documented in the LINK
PROPERTIES section. However, link properties that begin with
underscore (_) are specific to a given link or its underlying
network device and subject to change or removal. See the
appropriate network device driver man page for details.

-c, --parsable
Display using a stable machine-parsable format. The -o option
is required with this option. See Parsable Output Format,
below.

-P, --persistent
Display persistent link property information.

-z zonename
Operate on a link that has been delegated to the specified
zone.

-p prop[,...], --prop=prop[,...]
A comma-separated list of properties to show. See the sections
on link properties following subcommand descriptions.

dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj

Create a secure object named secobj in the specified class to be
later used as a WEP or WPA key in connecting to an encrypted network.
The value of the secure object can either be provided interactively
or read from a file. The sequence of interactive prompts and the
file format depends on the class of the secure object.

Currently, the classes `wep' and `wpa' are supported. The `WEP'
(Wired Equivalent Privacy) key can be either 5 or 13 bytes long. It
can be provided either as an ASCII or hexadecimal string -- thus,
12345 and 0x3132333435 are equivalent 5-byte keys (the 0x prefix can
be omitted). A file containing a `WEP' key must consist of a single
line using either `WEP' key format. The WPA (Wi-Fi Protected Access)
key must be provided as an ASCII string with a length between 8 and
63 bytes.

This subcommand is only usable by users or roles that belong to the
"Network Link Security" RBAC profile.

-c class, --class=class
class can be `wep' or `wpa'. See preceding discussion.

-t, --temporary
Specifies that the creation is temporary. Temporary creation
lasts until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-f file, --file=file
Specifies a file that should be used to obtain the secure
object's value. The format of this file depends on the secure
object class. See the EXAMPLES section for an example of using
this option to set a WEP key.

dladm delete-secobj [-t] [-R root-dir] secobj[,...]

Delete one or more specified secure objects. This subcommand is only
usable by users or roles that belong to the "Network Link Security"
RBAC profile.

-t, --temporary
Specifies that the deletions are temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-secobj [-P] [[-p] -o field[,...]] [secobj[,...]]

Show current or persistent secure object information. If one or more
secure objects are specified, then information for each is displayed.
Otherwise, all current or persistent secure objects are displayed.

By default, current secure objects are displayed, which are all
secure objects that have either been persistently created and not
temporarily deleted, or temporarily created.

For security reasons, it is not possible to show the value of a
secure object.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below. For displayed secure object, the following fields can
be shown:

OBJECT The name of the secure object.

CLASS The class of the secure object.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-P, --persistent
Display persistent secure object information

dladm create-vnic [-t] [-R root-dir] -l link [-m value | auto | factory -n
slot-identifier | random [-r prefix]] [-v vlan-id] [-p
prop=value[,...]] vnic-link

Create a VNIC with name vnic-link over the specified link.

-t, --temporary
Specifies that the VNIC is temporary. Temporary VNICs last
until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-l link, --link=link
link can be a physical link, an etherstub or an overlay.

-m value|keyword, --mac-address=value|keyword
Sets the VNIC's MAC address based on the specified value or
keyword. If value is not a keyword, it is interpreted as a
unicast MAC address, which must be valid for the underlying
NIC. The following special keywords can be used:

factory [-n slot-identifier]
factory [--slot=slot-identifier]
Assign a factory MAC address to the VNIC. When a factory
MAC address is requested, -m can be combined with the -n
option to specify a MAC address slot to be used. If -n
is not specified, the system will choose the next
available factory MAC address. The -m option of the
show-phys subcommand can be used to display the list of
factory MAC addresses, their slot identifiers, and their
availability.
random [-r prefix]
random [--mac-prefix=prefix]
Assign a random MAC address to the VNIC. A default
prefix consisting of a valid IEEE OUI with the local bit
set will be used. That prefix can be overridden with the
-r option.
auto Try and use a factory MAC address first. If none is
available, assign a random MAC address. auto is the
default action if the -m option is not specified.
-v vlan-id
Enable VLAN tagging for this VNIC. The VLAN tag will
have id vlan-id.

-p prop[,...], --prop=prop[,...]
A comma-separated list of properties to set to the specified
values.

dladm delete-vnic [-t] [-R root-dir] [-z zonename] vnic-link

Deletes the specified VNIC.

-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-z zonename
Operate on a link that has been delegated to the specified
zone.

dladm show-vnic [-P] [[-p] -o field[,...]] [-s [-i interval]] [-l link] [-z
zonename] [vnic-link]

Show VNIC configuration information (the default) or statistics, for
all VNICs, all VNICs on a link, or only the specified vnic-link.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below. The field name must be one of the fields listed below,
or the special value all to display all fields. By default
(without -o), show-vnic displays all fields.

LINK The name of the VNIC.

OVER The name of the physical link over which this VNIC
is configured.

SPEED The maximum speed of the VNIC, in megabits per
second.

MACADDRESS MAC address of the VNIC.

MACADDRTYPE MAC address type of the VNIC. dladm distinguishes
among the following MAC address types:

random A random address assigned to the VNIC.

factory A factory MAC address used by the VNIC.

VID The VLAN ID for the VNIC.

ZONE The zone to which the VNIC is currently assigned.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-P, --persistent
Display the persistent VNIC configuration.

-s, --statistics
Displays VNIC statistics.

-i interval, --interval=interval
Used with the -s option to specify an interval, in seconds, at
which statistics should be displayed. If this option is not
specified, statistics will be displayed only once.

-l link, --link=link
Display information for all VNICs on the named link.

-z zonename
Operate on a link that has been delegated to the specified
zone.

dladm create-etherstub [-t] [-R root-dir] etherstub

Create an etherstub with the specified name.

-t, --temporary
Specifies that the etherstub is temporary. Temporary
etherstubs do not persist across reboots.

-R root-dir, --root-dir=root-dir
See Options, above.

VNICs can be created on top of etherstubs instead of physical NICs.
As with physical NICs, such a creation causes the stack to implicitly
create a virtual switch between the VNICs created on top of the same
etherstub.

dladm delete-etherstub [-t] [-R root-dir] etherstub

Delete the specified etherstub.

-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-etherstub [etherstub]

Show all configured etherstubs by default, or the specified etherstub
if etherstub is specified.

dladm create-iptun [-t] [-R root-dir] -T type
[-a {local|remote}=addr[,...]] iptun-link

Create an IP tunnel link named iptun-link. Such links can
additionally be protected with IPsec using ipsecconf(8).

An IP tunnel is conceptually comprised of two parts: a virtual link
between two or more IP nodes, and an IP interface above this link
that allows the system to transmit and receive IP packets
encapsulated by the underlying link. This subcommand creates a
virtual link. The ifconfig(8) command is used to configure IP
interfaces above the link.

-t, --temporary
Specifies that the IP tunnel link is temporary. Temporary
tunnels last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-T type, --tunnel-type=type
Specifies the type of tunnel to be created. The type must be
one of the following:

ipv4 A point-to-point, IP-over-IP tunnel between two IPv4
nodes. This type of tunnel requires IPv4 source and
destination addresses to function. IPv4 and IPv6
interfaces can be plumbed above such a tunnel to create
IPv4-over-IPv4 and IPv6-over-IPv4 tunneling
configurations.

ipv6 A point-to-point, IP-over-IP tunnel between two IPv6
nodes as defined in IETF RFC 2473. This type of tunnel
requires IPv6 source and destination addresses to
function. IPv4 and IPv6 interfaces can be plumbed above
such a tunnel to create IPv4-over-IPv6 and IPv6-over-IPv6
tunneling configurations.

6to4 A 6to4, point-to-multipoint tunnel as defined in IETF RFC
3056. This type of tunnel requires an IPv4 source
address to function. An IPv6 interface is plumbed on
such a tunnel link to configure a 6to4 router.

-a local=addr
Literal IP address or hostname corresponding to the tunnel
source. If a hostname is specified, it will be resolved to IP
addresses, and one of those IP addresses will be used as the
tunnel source. As IP tunnels are created before naming
services have been brought online during the boot process, it
is important that any hostname used be included in
/etc/inet/hosts. -a remote=addr Literal IP address or hostname
corresponding to the tunnel destination.

dladm modify-iptun [-t] [-R root-dir] [-a {local|remote}=addr[,...]]
iptun-link

Modify the parameters of the specified IP tunnel.

-t, --temporary
Specifies that the modification is temporary. Temporary
modifications last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-a local=addr
Specifies a new tunnel source address. See create-iptun for a
description.

-a remote=addr
Specifies a new tunnel destination address. See create-iptun
for a description.

delete-iptun [-t] [-R root-dir] iptun-link

Delete the specified IP tunnel link.

-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]

Show IP tunnel link configuration for a single IP tunnel or all IP
tunnels.

-P, --persistent
Display the persistent IP tunnel configuration.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
below, or the special value all, to display all fields. By
default (without -o), show-iptun displays all fields.

LINK The name of the IP tunnel link.

TYPE Type of tunnel as specified by the -T option of
create-iptun.

FLAGS A set of flags associated with the IP tunnel link.
Possible flags are:

s The IP tunnel link is protected by IPsec policy.
To display the IPsec policy associated with the
tunnel link, enter:

ipsecconf -ln -i tunnel-link

See ipsecconf(8) for more details on how to
configure IPsec policy.

i The IP tunnel link was implicitly created with
ifconfig(8), and will be automatically deleted
when it is no longer referenced (that is, when
the last IP interface over the tunnel is
unplumbed). See ifconfig(8) for details on
implicit tunnel creation.

SOURCE The tunnel source address.

DESTINATION
The tunnel destination address.

dladm create-overlay [-t] -e encap -s search -v vnetid
[-p prop=value[,...]] overlay

Create an overlay device named overlay.

Overlay devices are similar to etherstubs. VNICs can be created on
top of them. However, unlike an etherstub which is local to the
system, an overlay device can be configured to communicate to remote
hosts, providing a means for network virtualization. The way in
which it does this is described by the encapsulation module and the
search plugin. For more information on these, see overlay(7).

An overlay device has a series of required and optional properties.
These properties vary based upon the search and encapsulation modules
and are fully specified in overlay(7). Not every property needs to
be specified -- some have default values which will be used if
nothing specific is specified. For example, the default port for
VXLAN comes from its IANA standard. If a required property is
missing, the command will fail and inform you of the missing
properties.

-t, --temporary
Specifies that the overlay is temporary. Temporary overlays
last until the next reboot.

-e encap, --encap=encap
Use encap as the encapsulation plugin for the overlay device
overlay. The encapsulation plugin determines how packets are
transformed before being put on the wire.

-s search, --search=search
Use search as the search plugin for overlay. The search plugin
determines how non-local targets are found and where packets
are directed to.

-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the specified
values.

-v vnetid, --vnetid=vnetid
Sets the virtual networking identifier to vnetid. A virtual
network identifier determines is similar to a VLAN identifier,
in that it identifies a unique virtual network. All overlay
devices on the system share the same space for the virtual
network identifier. However, the valid range of identifiers is
determined by the encapsulation plugin specified by -e.

dladm delete-overlay [-t] overlay

Delete the specified overlay. This will fail if there are VNICs on
top of the device.

-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.

dladm modify-overlay -d mac | -f | -s mac=ip:port overlay

Modifies the target tables for the specified overlay.

The different options allow for different ways of modifying the
target table. One of -d, -f, and -s is required. This is not
applicable for all kinds of overlay devices. For more information,
see overlay(7).

-d mac, --delete-entry=mac
Deletes the entry for mac from the target table for overlay.
Note, if a lookup is pending or outstanding, this does not
cancel it or stop it from updating the value.

-f, --flush-table
Flushes all values in the target table for overlay.

-s mac=value, --set-entry=mac=value
Sets the value of overlay's target table entry for mac to the
specified value. The specified value varies upon the
encapsulation plugin. The value may be a combination of a MAC
address, IP address, and port. Generally, this looks like
[mac,][IP:][port]. If a component is the last one, then there
is no need for a separator. eg. if just the MAC address or IP
is needed, it would look like mac and IP respectively.

dladm show-overlay [-f | -t] [[-p] -o field[,...]] [overlay]

Shows overlay configuration (the default), internal target tables
(-t), or the FMA state (-f), either for all overlays or the specified
overlay.

By default (with neither -f or -t specified), the following fields
will be displayed:

LINK The name of the overlay.

PROPERTY The name of the property.

PERM The read/write permissions of the property. The value
shown is one of `r-' or `rw'.

VALUE The current property value. If the value is not set, it is
shown as `--'. If it is unknown, the value is shown as
`?'.

DEFAULT The default value of the property. If the property has no
default value, `--' is shown.

POSSIBLE A comma-separated list of the values the property can have.
If the values span a numeric range, `min-max' If the
possible values are unknown or unbounded, `--' is shown.

When the -f option is used, the following fields will be displayed:

LINK The name of the overlay.

STATUS Either `ONLINE' or `DEGRADED'.

DETAILS When the overlay's status is `ONLINE', then this has the
value `--'. Otherwise, when it is `DEGRADED', this field
provides a more detailed explanation as to why it's
degraded.

When the -t option is used, the following fields will be displayed:

LINK The name of the overlay.

TARGET The target MAC address of a table entry.

DESTINATION
The address that an encapsulated packet will be sent to
when a packet has the address specified by `TARGET'.

The show-overlay command supports the following options:

-f, --fma
Displays information about an overlay device's FMA state.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed
above, or the special value all, to display all fields. The
fields applicable to the -o option are limited to those listed
under each output mode. For example, if using -L, only the
fields listed under -L, above, can be used with -o.

-p, --parsable
Display using a stable machine-parsable format. The -o option
is required with -p. See Parsable Output Format, below.

-t, --target
Displays information about an overlay device's target table.
For more information on the target table, see overlay(7).

dladm show-usage [-a] -f filename [-p plotfile -F format]
[-s time ][-e time] [link]

Show the historical network usage from a stored extended accounting
file. Configuration and enabling of network accounting through
acctadm(8) is required. The default output will be the summary of
network usage for the entire period of time in which extended
accounting was enabled.
-a Display all historical network usage for the specified period
of time during which extended accounting is enabled. This
includes the usage information for the links that have already
been deleted.

-f filename, --file=filename
Read extended accounting records of network usage from
filename.

-F format, --format=format
Specifies the format of plotfile that is specified by the -p
option. gnuplot is the only currently supported format.

-p plotfile, --plot=plotfile
Write network usage data to a file of the format specified by
the -F option, which is required.

-s time, --start=time
-e time, --stop=time
Start and stop times for data display. Time is in the format
MM/DD/YYYY,hh:mm:ss

link If specified, display the network usage only for the named
link. Otherwise, display network usage for all links.

Parsable Output Format

Many dladm subcommands have an option that displays output in a machine-
parsable format. The output format is one or more lines of colon (:)
delimited fields. The fields displayed are specific to the subcommand used
and are listed under the entry for the -o option for a given subcommand.
Output includes only those fields requested by means of the -o option, in
the order requested.

When you request multiple fields, any literal colon characters are escaped
by a backslash (\) before being output. Similarly, literal backslash
characters will also be escaped (\\). This escape format is parsable by
using shell read(1) functions with the environment variable IFS=: (see
EXAMPLES, below). Note that escaping is not done when you request only a
single field.

General Link Properties

The following general link properties are supported:

allow-all-dhcp-cids

One of true or false, to indicate whether or not all DHCP Client
Identifiers should be permitted on this interface when DHCP spoofing
protection is being used. This can be useful in cases where a DHCP
client is using RFC 4361-style Client Identifiers, which are based on
a value that is opaque to the Global Zone, but enforcement of MAC
addresses in DHCP packets is still desired.

allowed-dhcp-cids
A comma-separated list of DHCP Client Identifiers that are allowed on
the interface.

Client identifiers can be written in three different formats: a
string of hexadecimal characters prefixed by 0x, indicating the exact
bytes used in the Client Identifier; an RFC 3315 DUID of the form
"1.<hardware type>.<time>.<link-layer address>" (DUID-LLT),
"2.<enterprise number>.<hex string>" (DUID-EN), or "3.<hardware
type>.<link-layer address>" (DUID-LL); or a string of characters
whose byte values should be used as the Client Identifier.

When specifying a string of hexadecimal characters prefixed by 0x or
as part of a DUID-EN string, an even number of hexadecimal characters
must be provided in order to fully specify each byte.

allowed-ips
A comma-separated list of IP addresses that are allowed on the
interface.

An address in CIDR format with no host address specified is used to
indicate that any address on that subnet is allowed (e.g.
192.168.10.0/24 means any address in the range 192.168.10.0 -
192.168.10.255 is allowed).

autopush
Specifies the set of STREAMS modules to push on the stream associated
with a link when its DLPI device is opened. It is a space-delimited
list of modules.

The optional special character sequence `[anchor]' indicates that a
STREAMS anchor should be placed on the stream at the module
previously specified in the list. It is an error to specify more
than one anchor or to have an anchor first in the list.

The autopush property is preferred over the more general autopush(8)
command.

cpus Bind the processing of packets for a given data link to a processor
or a set of processors. The value can be a comma-separated list of
one or more processor ids. If the list consists of more than one
processor, the processing will spread out to all the processors.
Connection to processor affinity and packet ordering for any
individual connection will be maintained.

The processor or set of processors are not exclusively reserved for
the link. Only the kernel threads and interrupts associated with
processing of the link are bound to the processor or the set of
processors specified. In case it is desired that processors be
dedicated to the link, psrset(8) can be used to create a processor
set and then specifying the processors from the processor set to bind
the link to.

If the link was already bound to processor or set of processors due
to a previous operation, the binding will be removed and the new set
of processors will be used instead.

The default is no CPU binding, which is to say that the processing of
packets is not bound to any specific processor or processor set.

dynamic-methods

When using IP spoofing protection (see protection ), addresses can be
learned dynamically by monitoring certain network traffic, like DHCP
transactions or IPv6 Stateless Address Autoconfiguration (SLAAC). By
default, all learning methods are permitted, but if allowed-ips
contains any addresses, then all methods are disabled, and any
packets sent from addresses previously learned will be dropped. This
property allows selecting which ones are re-enabled, where valid
options are dhcpv4, dhcpv6, and slaac. addrconf is available as an
alias for enabling both dhcpv6 and slaac.

learn_limit
Limits the number of new or changed MAC sources to be learned over a
bridge link. When the number exceeds this value, learning on that
link is temporarily disabled. Only non-VLAN, non-VNIC type links
have this property.

The default value is 1000. Valid values are greater or equal to 0.

learn_decay
Specifies the decay rate for source changes limited by learn_limit.
This number is subtracted from the counter for a bridge link every 5
seconds. Only non-VLAN, non-VNIC type links have this property.

The default value is 200. Valid values are greater or equal to 0.

maxbw
Sets the full duplex bandwidth for the link. The bandwidth is
specified as an integer with one of the scale suffixes (K, M, or G
for Kbps, Mbps, and Gbps). If no units are specified, the input
value will be read as Mbps. The default is no bandwidth limit.

priority
Sets the relative priority for the link. The value can be given as
one of the tokens high, medium, or low. The default is high.

protection
This property enabled various forms of link protections, which
prevent sending applicable traffic out of this link. Note that since
this enforcement happens late in the networking stack, some
observability tools like snoop(8) may still see dropped outbound
packets.

This property should be set to a comma-separated list of protections
to enable on this link, where available protections are:

ip-nospoof
Prevents sending from IPv4 and IPv6 addresses that have not
been permitted over the NIC. Addresses can be learned
dynamically (see dynamic-methods ) or specified explicitly (see
allowed-ips ).

dhcp-nospoof
Prevents sending DHCP packets whose client hardware address
(CHADDR) field differs from the link-layer address, or from
using a Client Identifier whose value cannot be confirmed to be
derived from the link-layer address. Additional Client
Identifiers can be permitted through the allowed-dhcp-cids and
allow-all-dhcp-cids link properties.

mac-nospoof
Prevents sending packets with a link-layer address that differs
from the one associated with the NIC. Additional addresses to
allow can be added using the seconday-macs property.

restricted
Prevents using a VLAN ID not associated with the NIC and
sending packets that are not IPv4, IPv6 or ARP.

stp Enables or disables Spanning Tree Protocol on a bridge link. Setting
this value to `0' disables Spanning Tree, and puts the link into
forwarding mode with BPDU guarding enabled. This mode is appropriate
for point-to-point links connected only to end nodes. Only non-VLAN,
non-VNIC type links have this property. The default value is `1', to
enable STP.

forward
Enables or disables forwarding for a VLAN. Setting this value to `0'
disables bridge forwarding for a VLAN link. Disabling bridge
forwarding removes that VLAN from the "allowed set" for the bridge.
The default value is `1', to enable bridge forwarding for configured
VLANs.

default_tag
Sets the default VLAN ID that is assumed for untagged packets sent to
and received from this link. Only non-VLAN, non-VNIC type links have
this property. Setting this value to `0' disables the bridge
forwarding of untagged packets to and from the port. The default
value is `1'. Valid values values are from 0 to 4094.

promisc-filtered
Enables or disables the default filtering of promiscuous mode for
certain classes of links. By default, VNICs will only see unicast
traffic destined for it in promiscuous mode. Not all the unicast
traffic from the underlying device makes it to the VNIC. Disabling
this would cause a VNIC, for example, to be able to see all unicast
traffic from the device it is created over. The default value is on.

stp_priority
Sets the STP and RSTP Port Priority value, which is used to determine
the preferred root port on a bridge. Lower numerical values are
higher priority. The default value is 128. Valid values range from
0 to 255.

stp_cost
Sets the STP and RSTP cost for using the link. The default value is
auto, which sets the cost based on link speed, using `100' for
10Mbps, `19' for 100Mbps, `4' for 1Gbps, and `2' for 10Gbps. Valid
values range from 1 to 65535.

stp_edge
Enables or disables bridge edge port detection. If set to `0'
(false), the system assumes that the port is connected to other
bridges even if no bridge PDUs of any type are seen. The default
value is `1', which detects edge ports automatically.

stp_p2p
Sets bridge point-to-point operation mode. Possible values are true,
false, and auto. When set to auto, point-to-point connections are
automatically discovered. When set to true, the port mode is forced
to use point-to-point. When set to false, the port mode is forced to
use normal multipoint mode. The default value is auto.

stp_mcheck
Triggers the system to run the RSTP Force BPDU Migration Check
procedure on this link. The procedure is triggered by setting the
property value to `1'. The property is automatically reset back to
`0'. This value cannot be set unless the following are true:

+o The link is bridged

+o The bridge is protected by Spanning Tree

+o The bridge force-protocol value is at least 2 (RSTP)

The default value is 0.

zone Specifies the zone to which the link belongs. This property can be
modified only temporarily through dladm, and thus the -t option must
be specified. To modify the zone assignment such that it persists
across reboots, use zonecfg(8). Possible values consist of any
exclusive-IP zone currently running on the system. By default, the
zone binding is as per zonecfg(8).

Wifi Link Properties

The following WiFi link properties are supported. Note that the ability to
set a given property to a given value depends on the driver and hardware.

channel
Specifies the channel to use. This property can be modified only by
certain WiFi links when in IBSS mode. The default value and allowed
range of values varies by regulatory domain.

powermode
Specifies the power management mode of the WiFi link. Possible
values are off disable power management, max maximum power savings,
and fast (performance-sensitive power management). Default is off.

radio
Specifies the radio mode of the WiFi link. Possible values are on or
off. Default is on.

speed
Specifies a fixed speed for the WiFi link, in megabits per second.
The set of possible values depends on the driver and hardware (but is
shown by show-linkprop); common speeds include 1, 2, 11, and 54. By
default, there is no fixed speed.

Ethernet Link Properties

The following MII Properties, as documented in ieee802.3(7), are supported
in read-only mode:

+o duplex
+o state
+o adv_autoneg_cap
+o adv_10gfdx_cap
+o adv_1000fdx_cap
+o adv_1000hdx_cap
+o adv_100fdx_cap
+o adv_100hdx_cap
+o adv_10fdx_cap
+o adv_10hdx_cap

Each `adv_' property (for example, `adv_10fdx_cap') also has a read/write
counterpart `en_' property (for example, `en_10fdx_cap') controlling
parameters used at auto-negotiation. In the absence of Power Management,
the `adv_*' speed/duplex parameters provide the values that are both
negotiated and currently effective in hardware. However, with Power
Management enabled, the speed/duplex capabilities currently exposed in
hardware might be a subset of the set of bits that were used in initial
link parameter negotiation. Thus the MII `adv_*' parameters are marked
read-only, with an additional set of `en_*' parameters for configuring
speed and duplex properties at initial negotiation.

Note that the `adv_autoneg_cap' does not have an `en_autoneg_cap'
counterpart: the `adv_autoneg_cap' is a 0/1 switch that turns off/on auto-
negotiation itself, and therefore cannot be impacted by Power Management.

In addition, the following Ethernet properties are reported:

speed
(read-only) The operating speed of the device, in Mbps.

mtu The maximum client SDU (Send Data Unit) supported by the device.
Valid range is 68-65536.

flowctrl
Establishes flow-control modes that will be advertised by the device.
Valid input is one of:

no No flow control enabled.

rx Receive, and act upon incoming pause frames.

tx Transmit pause frames to the peer when congestion occurs, but
ignore received pause frames.

bi Bidirectional flow control.

Note that the actual settings for this value are constrained by the
capabilities allowed by the device and the link partner.

en_fec_cap
Sets the Forward Error Correct (FEC) code(s) to be advertised by the
device. Valid values are:

none Allow the device not to use FEC.

auto The device will automatically decide which FEC code to use.

rs Allow Reed-Solomon FEC code.

base-r
Allow Base-R (also known as FireCode) code.

Valid input is either auto as a single value, or a comma separated
combination of none, rs and base-r. The default value is auto.

Note the actual FEC settings and combinations are constrained by the
capabilities allowed by the device and the link partner.

adv_fec_cap
(read-only) The current negotiated Forward Error Correction code.

secondary-macs
A comma-separated list of additional MAC addresses that are allowed
on the interface.

tagmode
This link property controls the conditions in which 802.1Q VLAN tags
will be inserted in packets being transmitted on the link. Two mode
values can be assigned to this property:

normal
Insert a VLAN tag in outgoing packets under the following
conditions:

+o The packet belongs to a VLAN.

+o The user requested priority tagging.

vlanonly
Insert a VLAN tag only when the outgoing packet belongs to a
VLAN. If a tag is being inserted in this mode and the user has
also requested a non-zero priority, the priority is honored and
included in the VLAN tag.

The default value is vlanonly.

media
(read-only) The current type of media that the Ethernet link is
using, if known. For example, this would be something like 1000BASE-
T, 25GBASE-CR, 100GBASE-KR4, etc.

IP Tunnel Link Properties

The following IP tunnel link properties are supported.

hoplimit
Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating outer
IP header of a tunnel link. This property exists for all tunnel
types. The default value is 64.

encaplimit
Specifies the IPv6 encapsulation limit for an IPv6 tunnel as defined
in RFC 2473. This value is the tunnel nesting limit for a given
tunneled packet. The default value is 4. A value of 0 disables the
encapsulation limit.

EXAMPLES

Example 1 Configuring an Aggregation

To configure a data-link over an aggregation of devices bge0 and bge1 with
key 1, enter the following command:

# dladm create-aggr -d bge0 -d bge1 1

Example 2 Connecting to a WiFi Link

To connect to the most optimal available unsecured network on a system with
a single WiFi link (as per the prioritization rules specified for
connect-wifi), enter the following command:

# dladm connect-wifi

Example 3 Creating a WiFi Key

To interactively create the WEP key `mykey', enter the following command:

# dladm create-secobj -c wep mykey

Alternatively, to non-interactively create the WEP key `mykey' using the
contents of a file:

# umask 077
# cat >/tmp/mykey.$$ <<EOF
12345
EOF
# dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
# rm /tmp/mykey.$$

Example 4 Connecting to a Specified Encrypted WiFi Link

To use key `mykey' to connect to ESSID `wlan' on link `ath0', enter the
following command:

# dladm connect-wifi -k mykey -e wlan ath0

Example 5 Changing a Link Property

To set powermode to the value `fast' on link `pcwl0', enter the following
command:

# dladm set-linkprop -p powermode=fast pcwl0

Example 6 Connecting to a WPA-Protected WiFi Link

Create a WPA key `psk' and enter the following command:

# dladm create-secobj -c wpa psk

To then use key `psk' to connect to ESSID `wlan' on link `ath0', enter the
following command:

# dladm connect-wifi -k psk -e wlan ath0

Example 7 Renaming a Link

To rename the `bge0' link to `mgmt0', enter the following command:

# dladm rename-link bge0 mgmt0

Example 8 Replacing a Network Card

Consider that the bge0 device, whose link was named mgmt0 as shown in the
previous example, needs to be replaced with a ce0 device because of a
hardware failure. The bge0 NIC is physically removed, and replaced with a
new ce0 NIC. To associate the newly added ce0 device with the mgmt0
configuration previously associated with bge0, enter the following command:

# dladm rename-link ce0 mgmt0

Example 9 Removing a Network Card

Suppose that in the previous example, the intent is not to replace the bge0
NIC with another NIC, but rather to remove and not replace the hardware.
In that case, the mgmt0 datalink configuration is not slated to be
associated with a different physical device as shown in the previous
example, but needs to be deleted. Enter the following command to delete
the datalink configuration associated with the mgmt0 datalink, whose
physical hardware (bge0 in this case) has been removed:

# dladm delete-phys mgmt0

Example 10 Using Parsable Output to Capture a Single Field

The following assignment saves the MTU of link net0 to a variable named
`mtu'.

# mtu=`dladm show-link -p -o mtu net0`

Example 11 Using Parsable Output to Iterate over Links

The following script displays the state of each link on the system.

# dladm show-link -p -o link,state | \
while IFS=: read link state; do
print "Link $link is in state $state"
done

Example 12 Configuring VNICs

Create two VNICs with names `hello0' and `test1' over a single physical
link `bge0':

# dladm create-vnic -l bge0 hello0
# dladm create-vnic -l bge0 test1

Example 13 Configuring VNICs and Allocating Bandwidth and Priority

Create two VNICs with names `hello0' and `test1' over a single physical
link `bge0' and make `hello0' a high priority VNIC with a factory-assigned
MAC address with a maximum bandwidth of 50 Mbps. Make `test1' a low
priority VNIC with a random MAC address and a maximum bandwidth of 100Mbps.

# dladm create-vnic -l bge0 -m factory \
-p maxbw=50,priority=high hello0
# dladm create-vnic -l bge0 -m random \
-p maxbw=100M,priority=low test1

Example 14 Configuring a VNIC with a Factory MAC Address

First, list the available factory MAC addresses and choose one of them:

# dladm show-phys -m bge0
LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 no
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no

Create a VNIC named `hello0' and use slot 1's address:

# dladm create-vnic -l bge0 -m factory -n 1 hello0
# dladm show-phys -m bge0
LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 yes hello0
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no

Example 15 Creating a VNIC with User-Specified MAC Address, Binding it to
Set of Processors

Create a VNIC with name `hello0', with a user specified MAC address, and a
processor binding 0, 1, 2, 3.

# dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 \
-p cpus=0,1,2,3 hello0

Example 16 Creating a Virtual Network Without a Physical NIC

First, create an etherstub with name `stub1':

# dladm create-etherstub stub1

Create two VNICs with names `hello0' and `test1' on the etherstub. This
operation implicitly creates a virtual switch connecting `hello0' and
`test1'.

# dladm create-vnic -l stub1 hello0
# dladm create-vnic -l stub1 test1

Example 17 Showing Network Usage

Network usage statistics can be stored using the extended accounting
facility, acctadm(8).

# acctadm -e basic -f /var/log/net.log net
# acctadm net
Network accounting: active
Network accounting file: /var/log/net.log
Tracked Network resources: basic
Untracked Network resources: src_ip,dst_ip,src_port,dst_port,...

The saved historical data can be retrieved in summary form using the
show-usage subcommand:

# dladm show-usage -f /var/log/net.log
LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
e1000g0 80 1031 546908 0 0 2.44 Kbps

Example 18 Displaying Bridge Information

The following commands use the show-bridge subcommand with no and various
options.

# dladm show-bridge
BRIDGE PROTECT ADDRESS PRIORITY DESROOT
foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38

# dladm show-bridge -l foo
LINK STATE UPTIME DESROOT
hme0 forwarding 117 8192/0:d0:0:76:14:38
qfe1 forwarding 117 8192/0:d0:0:76:14:38

# dladm show-bridge -s foo
BRIDGE DROPS FORWARDS
foo 0 302

# dladm show-bridge -ls foo
LINK DROPS RECV XMIT
hme0 0 360832 31797
qfe1 0 322311 356852

# dladm show-bridge -f foo
DEST AGE FLAGS OUTPUT
8:0:20:bc:a7:dc 10.860 -- hme0
8:0:20:bf:f9:69 -- L hme0
8:0:20:c0:20:26 17.420 -- hme0
8:0:20:e5:86:11 -- L qfe1

Example 19 Creating an IPv4 Tunnel

The following sequence of commands creates and then displays a persistent
IPv4 tunnel link named `mytunnel0' between 66.1.2.3 and 192.4.5.6:

# dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
# dladm show-iptun mytunnel0
LINK TYPE FLAGS SOURCE DESTINATION
mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6

A point-to-point IP interface can then be created over this tunnel link:

# ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up

As with any other IP interface, configuration persistence for this IP
interface is achieved by placing the desired ifconfig(8) commands (in this
case, the command for 10.1.0.1 10.1.0.2) into /etc/hostname.mytunnel0.

Example 20 Creating a 6to4 Tunnel

The following command creates a 6to4 tunnel link. The IPv4 address of the
6to4 router is 75.10.11.12.

# dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
# dladm show-iptun sitetunnel0
LINK TYPE FLAGS SOURCE DESTINATION
sitetunnel0 6to4 -- 75.10.11.12 --

The following command plumbs an IPv6 interface on this tunnel:

# ifconfig sitetunnel0 inet6 plumb up
# ifconfig sitetunnel0 inet6
sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
inet tunnel src 75.10.11.12
tunnel hop limit 64
inet6 2002:4b0a:b0c::1/16

Note that the system automatically configures the IPv6 address on the 6to4
IP interface. See ifconfig(8) for a description of how IPv6 addresses are
configured on 6to4 tunnel links.

INTERFACE STABILITY

The command line interface of dladm is Committed. The output of dladm is
Committed

SEE ALSO

read(1), attributes(7), ieee802.3(7), overlay(7), dlpi(7P), acctadm(8),
autopush(8), eeprom(8), ifconfig(8), ipadm(8), ipsecconf(8), ndd(8),
psrset(8), wpad(8), zonecfg(8)

R. Droms, Ed., J. Bound, B. Volz, T. Lemon, C. Perkins, M. Carney. RFC
3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6). The Internet
Society. July 2003.

T. Lemon, B. Sommerfeld. RFC 4361: Node-specific Client Identifiers for
Dynamic Host Configuration Protocol Version Four (DHCPv4). The Internet
Society. February 2006.

NOTES

The preferred method of referring to an aggregation in the aggregation
subcommands is by its link name. Referring to an aggregation by its
integer key is supported for backward compatibility, but is not necessary.
When creating an aggregation, if a key is specified instead of a link name,
the aggregation's link name will be automatically generated by dladm as
aggrkey.

illumos January 14, 2024 illumos