1 DLADM(1M) Maintenance Commands DLADM(1M)
2
3
4
5 NAME
6 dladm - administer data links
7
8 SYNOPSIS
9 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
10 dladm rename-link [-R root-dir] [-z zonename] link new-link
11
12
13 dladm delete-phys phys-link
14 dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]
15
16
17 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
18 [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
19 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
20 [-T time] [-u address] aggr-link
21 dladm delete-aggr [-t] [-R root-dir] aggr-link
22 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
23 aggr-link
24 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
25 aggr-link
26 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
27 [aggr-link]
28
29
30 dladm create-bridge [-P protect] [-R root-dir] [-p priority]
31 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
32 [-l link...] bridge-name
33
34
35 dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
36 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
37 bridge-name
38
39
40 dladm delete-bridge [-R root-dir] bridge-name
41
42
43 dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name
44
45
46 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
47
48
49 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
50 [bridge-name]
51
52
53 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
54 dladm delete-vlan [-t] [-R root-dir] vlan-link
55 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
56
57
58 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
59 dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
60 [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]
61 [-m a | b | g] [-T time] [wifi-link]
62 dladm disconnect-wifi [-a] [wifi-link]
63 dladm show-wifi [[-p] -o field[,...]] [wifi-link]
64
65
66 dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]
67
68
69 dladm set-linkprop [-t] [-R root-dir] [-z zonename] -p prop=value[,...]
70 link
71 dladm reset-linkprop [-t] [-R root-dir] [-z zonename] [-p prop[,...]] link
72 dladm show-linkprop [-P] [-z zonename] [[-c] -o field[,...]]
73 [-p prop[,...]] [link]
74
75
76 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
77 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
78 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
79
80
81 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
82 {factory -n slot-identifier]} | {random [-r prefix]}]
83 [-v vlan-id] [-p prop=value[,...]] vnic-link
84 dladm delete-vnic [-t] [-R root-dir] [-z zonename] vnic-link
85 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
86 [-l link] [-z zonename] [vnic-link]
87
88
89 dladm create-etherstub [-t] [-R root-dir] etherstub
90 dladm delete-etherstub [-t] [-R root-dir] etherstub
91 dladm show-etherstub [etherstub]
92
93
94 dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
95 iptun-link
96 dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
97 dladm delete-iptun [-t] [-R root-dir] iptun-link
98 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
99
100
101 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
102 [-e time] [link]
103
104
105 DESCRIPTION
106 The dladm command is used to administer data-links. A data-link is
107 represented in the system as a STREAMS DLPI (v2) interface which can be
108 plumbed under protocol stacks such as TCP/IP. Each data-link relies on
109 either a single network device or an aggregation of devices to send
110 packets to or receive packets from a network.
111
112
113 Each dladm subcommand operates on one of the following objects:
114
115 link
116 A datalink, identified by a name. In general, the name can use any
117 alphanumeric characters (or the underscore, _), but must start with
118 an alphabetic character and end with a number. A datalink name can
119 be at most 31 characters, and the ending number must be between 0
120 and 4294967294 (inclusive). The ending number must not begin with a
121 zero. Datalink names between 3 and 8 characters are recommended.
122
123 Some subcommands operate only on certain types or classes of
124 datalinks. For those cases, the following object names are used:
125
126 phys-link
127 A physical datalink.
128
129
130 vlan-link
131 A VLAN datalink.
132
133
134 aggr-link
135 An aggregation datalink (or a key; see NOTES).
136
137
138 ether-link
139 A physical Ethernet datalink.
140
141
142 wifi-link
143 A WiFi datalink.
144
145
146 vnic-link
147 A virtual network interface created on a link or an etherstub.
148 It is a pseudo device that can be treated as if it were an
149 network interface card on a machine.
150
151
152 iptun-link
153 An IP tunnel link.
154
155
156
157 dev
158 A network device, identified by concatenation of a driver name and
159 an instance number.
160
161
162 etherstub
163 An Ethernet stub can be used instead of a physical NIC to create
164 VNICs. VNICs created on an etherstub will appear to be connected
165 through a virtual switch, allowing complete virtual networks to be
166 built without physical hardware.
167
168
169 bridge
170 A bridge instance, identified by an administratively-chosen name.
171 The name may use any alphanumeric characters or the underscore, _,
172 but must start and end with an alphabetic character. A bridge name
173 can be at most 31 characters. The name default is reserved, as are
174 all names starting with SUNW.
175
176 Note that appending a zero (0) to a bridge name produces a valid
177 link name, used for observability.
178
179
180 secobj
181 A secure object, identified by an administratively-chosen name. The
182 name can use any alphanumeric characters, as well as underscore
183 (_), period (.), and hyphen (-). A secure object name can be at
184 most 32 characters.
185
186
187 Options
188 Each dladm subcommand has its own set of options. However, many of the
189 subcommands have the following as a common option:
190
191 -R root-dir, --root-dir=root-dir
192 Specifies an alternate root directory where the operation-such as
193 creation, deletion, or renaming-should apply.
194
195
196 SUBCOMMANDS
197 The following subcommands are supported:
198
199 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]][link]
200 Show link configuration information (the default) or statistics,
201 either for all datalinks or for the specified link link. By
202 default, the system is configured with one datalink for each known
203 network device.
204
205 -o field[,...], --output=field[,...]
206 A case-insensitive, comma-separated list of output fields to
207 display. When not modified by the -s option (described below),
208 the field name must be one of the fields listed below, or the
209 special value all to display all fields. By default (without
210 -o), show-link displays all fields.
211
212 LINK
213 The name of the datalink.
214
215
216 CLASS
217 The class of the datalink. dladm distinguishes between the
218 following classes:
219
220 phys
221 A physical datalink. The show-phys subcommand displays
222 more detail for this class of datalink.
223
224
225 aggr
226 An IEEE 802.3ad link aggregation. The show-aggr
227 subcommand displays more detail for this class of
228 datalink.
229
230
231 vlan
232 A VLAN datalink. The show-vlan subcommand displays more
233 detail for this class of datalink.
234
235
236 vnic
237 A virtual network interface. The show-vnic subcommand
238 displays more detail for this class of datalink.
239
240
241
242 MTU
243 The maximum transmission unit size for the datalink being
244 displayed.
245
246
247 STATE
248 The link state of the datalink. The state can be up, down,
249 or unknown.
250
251
252 BRIDGE
253 The name of the bridge to which this link is assigned, if
254 any.
255
256
257 OVER
258 The physical datalink(s) over which the datalink is
259 operating. This applies to aggr, bridge, and vlan classes
260 of datalinks. A VLAN is created over a single physical
261 datalink, a bridge has multiple attached links, and an
262 aggregation is comprised of one or more physical datalinks.
263
264 When the -o option is used in conjunction with the -s option,
265 used to display link statistics, the field name must be one of
266 the fields listed below, or the special value all to display
267 all fields
268
269 LINK
270 The name of the datalink.
271
272
273 IPACKETS
274 Number of packets received on this link.
275
276
277 RBYTES
278 Number of bytes received on this link.
279
280
281 IERRORS
282 Number of input errors.
283
284
285 OPACKETS
286 Number of packets sent on this link.
287
288
289 OBYTES
290 Number of bytes received on this link.
291
292
293 OERRORS
294 Number of output errors.
295
296
297
298 -p, --parseable
299 Display using a stable machine-parseable format. The -o option is
300 required with -p. See "Parseable Output Format", below.
301
302
303 -P, --persistent
304 Display the persistent link configuration.
305
306
307 -s, --statistics
308 Display link statistics.
309
310
311 -i interval, --interval=interval
312 Used with the -s option to specify an interval, in seconds, at
313 which statistics should be displayed. If this option is not
314 specified, statistics will be displayed only once.
315
316
317
318 dladm rename-link [-R root-dir] [-z zonename] link new-link
319 Rename link to new-link. This is used to give a link a meaningful
320 name, or to associate existing link configuration such as link
321 properties of a removed device with a new device. See the EXAMPLES
322 section for specific examples of how this subcommand is used.
323
324 -R root-dir, --root-dir=root-dir
325 See "Options," above.
326
327
328 -z zonename
329 A link assigned to a zone can only be renamed while the zone is
330 in the ready state.
331
332
333
334 dladm delete-phys phys-link
335 This command is used to delete the persistent configuration of a
336 link associated with physical hardware which has been removed from
337 the system. See the EXAMPLES section.
338
339
340 dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]
341 Show the physical device and attributes of all physical links, or
342 of the named physical link. Without -P, only physical links that are
343 available on the running system are displayed.
344
345 -H
346 Show hardware resource usage, as returned by the NIC driver.
347 Output from -H displays the following elements:
348
349 LINK
350 A physical device corresponding to a NIC driver.
351
352
353 GROUP
354 A collection of rings.
355
356
357 GROUPTYPE
358 RX or TX. All rings in a group are of the same group type.
359
360
361 RINGS
362 A hardware resource used by a data link, subject to
363 assignment by a driver to different groups.
364
365
366 CLIENTS
367 MAC clients that are using the rings within a group.
368
369
370
371 -m
372 Show MAC addresses and related information. Output from -m
373 displays the following elements:
374
375 LINK
376 A physical device corresponding to a NIC driver.
377
378 SLOT
379 When a given physical device has multiple factory MAC
380 addresses, this indicates the slot of the corresponding MAC
381 address which can be used as part of a call to create-vnic.
382
383 ADDRESS
384 Displays the MAC address of the device.
385
386 INUSE
387 Displays whether or not a MAC Address is actively being
388 used.
389
390 CLIENT
391 MAC clients that are using the address.
392
393 -o field, --output=field
394 A case-insensitive, comma-separated list of output fields to
395 display. The field name must be one of the fields listed below,
396 or the special value all, to display all fields. Note that if
397 either -H or -m are specified, then the valid options are those
398 described in their respective sections. For each link, the
399 following fields can be displayed:
400
401 LINK
402 The name of the datalink.
403
404
405 MEDIA
406 The media type provided by the physical datalink.
407
408
409 STATE
410 The state of the link. This can be up, down, or unknown.
411
412
413 SPEED
414 The current speed of the link, in megabits per second.
415
416
417 DUPLEX
418 For Ethernet links, the full/half duplex status of the link
419 is displayed if the link state is up. The duplex is
420 displayed as unknown in all other cases.
421
422
423 DEVICE
424 The name of the physical device under this link.
425
426
427
428 -p, --parseable
429 Display using a stable machine-parseable format. The -o option is
430 required with -p. See "Parseable Output Format", below.
431
432
433 -P, --persistent
434 This option displays persistent configuration for all links,
435 including those that have been removed from the system. The
436 output provides a FLAGS column in which the r flag indicates
437 that the physical device associated with a physical link has
438 been removed. For such links, delete-phys can be used to purge
439 the link's configuration from the system.
440
441
442
443 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time] [-u
444 address] -l ether-link1 [-l ether-link2...] aggr-link
445 Combine a set of links into a single IEEE 802.3ad link aggregation
446 named aggr-link. The use of an integer key to generate a link name
447 for the aggregation is also supported for backward compatibility.
448 Many of the *-aggr subcommands below also support the use of a key
449 to refer to a given aggregation, but use of the aggregation link
450 name is preferred. See the NOTES section for more information on
451 keys.
452
453 dladm supports a number of port selection policies for an
454 aggregation of ports. (See the description of the -P option, below.)
455 If you do not specify a policy, create-aggr uses the default, the L4
456 policy, described under the -P option.
457
458 -l ether-link, --link=ether-link
459 Each Ethernet link (or port) in the aggregation is specified
460 using an -l option followed by the name of the link to be
461 included in the aggregation. Multiple links are included in
462 the aggregation by specifying multiple -l options. For backward
463 compatibility with previous versions of Solaris, the dladm
464 command also supports the using the -d option (or --dev) with a
465 device name to specify links by their underlying device name.
466 The other *-aggr subcommands that take -loptions also accept -d.
467
468
469 -t, --temporary
470 Specifies that the aggregation is temporary. Temporary
471 aggregations last until the next reboot.
472
473
474 -R root-dir, --root-dir=root-dir
475 See "Options," above.
476
477
478 -P policy, --policy=policy
479 Specifies the port selection policy to use for load spreading
480 of outbound traffic. The policy specifies which dev object is
481 used to send packets. A policy is a list of one or more layers
482 specifiers separated by commas. A layer specifier is one of the
483 following:
484
485 L2
486 Select outbound device according to source and destination
487 MAC addresses of the packet.
488
489
490 L3
491 Select outbound device according to source and destination
492 IP addresses of the packet.
493
494
495 L4
496 Select outbound device according to the upper layer
497 protocol information contained in the packet. For TCP and
498 UDP, this includes source and destination ports. For IPsec,
499 this includes the SPI (Security Parameters Index).
500
501 For example, to use upper layer protocol information, the
502 following policy can be used:
503
504 -P L4
505
506
507 Note that policy L4 is the default.
508
509 To use the source and destination MAC addresses as well as the
510 source and destination IP addresses, the following policy can
511 be used:
512
513 -P L2,L3
514
515
516
517
518 -L mode, --lacp-mode=mode
519 Specifies whether LACP should be used and, if used, the mode in
520 which it should operate. Supported values are off, active or
521 passive.
522
523
524 -T time, --lacp-timer=time
525 Specifies the LACP timer value. The supported values are short
526 or longjjj.
527
528
529 -u address, --unicast=address
530 Specifies a fixed unicast hardware address to be used for the
531 aggregation. If this option is not specified, then an address
532 is automatically chosen from the set of addresses of the
533 component devices.
534
535
536
537 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time] [-u
538 address] aggr-link
539 Modify the parameters of the specified aggregation.
540
541 -t, --temporary
542 Specifies that the modification is temporary. Temporary
543 aggregations last until the next reboot.
544
545
546 -R root-dir, --root-dir=root-dir
547 See "Options," above.
548
549
550 -P policy, --policy=policy
551 Specifies the port selection policy to use for load spreading
552 of outbound traffic. See dladm create-aggr for a description of
553 valid policy values.
554
555
556 -L mode, --lacp-mode=mode
557 Specifies whether LACP should be used and, if used, the mode in
558 which it should operate. Supported values are off, active, or
559 passive.
560
561
562 -T time, --lacp-timer=time
563 Specifies the LACP timer value. The supported values are short
564 or long.
565
566
567 -u address, --unicast=address
568 Specifies a fixed unicast hardware address to be used for the
569 aggregation. If this option is not specified, then an address
570 is automatically chosen from the set of addresses of the
571 component devices.
572
573
574
575 dladm delete-aggr [-t] [-R root-dir] aggr-link
576 Deletes the specified aggregation.
577
578 -t, --temporary
579 Specifies that the deletion is temporary. Temporary deletions
580 last until the next reboot.
581
582
583 -R root-dir, --root-dir=root-dir
584 See "Options," above.
585
586
587
588 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--link=ether-link2...] aggr-
589 link
590 Adds links to the specified aggregation.
591
592 -l ether-link, --link=ether-link
593 Specifies an Ethernet link to add to the aggregation. Multiple
594 links can be added by supplying multiple -l options.
595
596
597 -t, --temporary
598 Specifies that the additions are temporary. Temporary additions
599 last until the next reboot.
600
601
602 -R root-dir, --root-dir=root-dir
603 See "Options," above.
604
605
606
607 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--l=ether-link2...] aggr-
608 link
609 Removes links from the specified aggregation.
610
611 -l ether-link, --link=ether-link
612 Specifies an Ethernet link to remove from the aggregation.
613 Multiple links can be added by supplying multiple -l options.
614
615
616 -t, --temporary
617 Specifies that the removals are temporary. Temporary removal
618 last until the next reboot.
619
620
621 -R root-dir, --root-dir=root-dir
622 See "Options," above.
623
624
625
626 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-link]
627 Show aggregation configuration (the default), LACP information, or
628 statistics, either for all aggregations or for the specified
629 aggregation.
630
631 By default (with no options), the following fields can be
632 displayed:
633
634 LINK
635 The name of the aggregation link.
636
637
638 POLICY
639 The LACP policy of the aggregation. See the create-aggr -P option
640 for a description of the possible values.
641
642
643 ADDRPOLICY
644 Either auto, if the aggregation is configured to automatically
645 configure its unicast MAC address (the default if the -u option
646 was not used to create or modify the aggregation), or fixed, if
647 -u was used to set a fixed MAC address.
648
649
650 LACPACTIVITY
651 The LACP mode of the aggregation. Possible values are off,
652 active, or passive, as set by the -l option to create-aggr or
653 modify-aggr.
654
655
656 LACPTIMER
657 The LACP timer value of the aggregation as set by the -T option
658 of create-aggr or modify-aggr.
659
660
661 FLAGS
662 A set of state flags associated with the aggregation. The only
663 possible flag is f, which is displayed if the administrator
664 forced the creation the aggregation using the -f option to
665 create-aggr. Other flags might be defined in the future.
666
667 The show-aggr command accepts the following options:
668
669 -L, --lacp
670 Displays detailed LACP information for the aggregation link and
671 each underlying port. Most of the state information displayed
672 by this option is defined by IEEE 802.3. With this option, the
673 following fields can be displayed:
674
675 LINK
676 The name of the aggregation link.
677
678
679 PORT
680 The name of one of the underlying aggregation ports.
681
682
683 AGGREGATABLE
684 Whether the port can be added to the aggregation.
685
686
687 SYNC
688 If yes, the system considers the port to be synchronized
689 and part of the aggregation.
690
691
692 COLL
693 If yes, collection of incoming frames is enabled on the
694 associated port.
695
696
697 DIST
698 If yes, distribution of outgoing frames is enabled on the
699 associated port.
700
701
702 DEFAULTED
703 If yes, the port is using defaulted partner information
704 (that is, has not received LACP data from the LACP
705 partner).
706
707
708 EXPIRED
709 If yes, the receive state of the port is in the EXPIRED
710 state.
711
712
713
714 -x, --extended
715 Display additional aggregation information including detailed
716 information on each underlying port. With -x, the following
717 fields can be displayed:
718
719 LINK
720 The name of the aggregation link.
721
722
723 PORT
724 The name of one of the underlying aggregation ports.
725
726
727 SPEED
728 The speed of the link or port in megabits per second.
729
730
731 DUPLEX
732 The full/half duplex status of the link or port is
733 displayed if the link state is up. The duplex status is
734 displayed as unknown in all other cases.
735
736
737 STATE
738 The link state. This can be up, down, or unknown.
739
740
741 ADDRESS
742 The MAC address of the link or port.
743
744
745 PORTSTATE
746 This indicates whether the individual aggregation port is
747 in the standby or attached state.
748
749
750
751 -o field[,...], --output=field[,...]
752 A case-insensitive, comma-separated list of output fields to
753 display. The field name must be one of the fields listed above,
754 or the special value all, to display all fields. The fields
755 applicable to the -o option are limited to those listed under
756 each output mode. For example, if using -L, only the fields
757 listed under -L, above, can be used with -o.
758
759
760 -p, --parseable
761 Display using a stable machine-parseable format. The -o option is
762 required with -p. See "Parseable Output Format", below.
763
764
765 -P, --persistent
766 Display the persistent aggregation configuration rather than
767 the state of the running system.
768
769
770 -s, --statistics
771 Displays aggregation statistics.
772
773
774 -i interval, --interval=interval
775 Used with the -s option to specify an interval, in seconds, at
776 which statistics should be displayed. If this option is not
777 specified, statistics will be displayed only once.
778
779
780
781 dladm create-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m max-age] [
782 -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l link...] bridge-
783 name
784 Create an 802.1D bridge instance and optionally assign one or more
785 network links to the new bridge. By default, no bridge instances
786 are present on the system.
787
788 In order to bridge between links, you must create at least one
789 bridge instance. Each bridge instance is separate, and there is no
790 forwarding connection between bridges.
791
792 -P protect, --protect=protect
793 Specifies a protection method. The defined protection methods
794 are stp for the Spanning Tree Protocol and trill for TRILL,
795 which is used on RBridges. The default value is stp.
796
797
798 -R root-dir, --root-dir=root-dir
799 See "Options," above.
800
801
802 -p priority, --priority=priority
803 Specifies the Bridge Priority. This sets the IEEE STP priority
804 value for determining the root bridge node in the network. The
805 default value is 32768. Valid values are 0 (highest priority)
806 to 61440 (lowest priority), in increments of 4096.
807
808 If a value not evenly divisible by 4096 is used, the system
809 silently rounds downward to the next lower value that is
810 divisible by 4096.
811
812
813 -m max-age, --max-age=max-age
814 Specifies the maximum age for configuration information in
815 seconds. This sets the STP Bridge Max Age parameter. This value
816 is used for all nodes in the network if this node is the root
817 bridge. Bridge link information older than this time is
818 discarded. It defaults to 20 seconds. Valid values are from 6
819 to 40 seconds. See the -d forward-delay parameter for additional
820 constraints.
821
822
823 -h hello-time, --hello-time=hello-time
824 Specifies the STP Bridge Hello Time parameter. When this node
825 is the root node, it sends Configuration BPDUs at this interval
826 throughout the network. The default value is 2 seconds. Valid
827 values are from 1 to 10 seconds. See the -d forward-delay
828 parameter for additional constraints.
829
830
831 -d forward-delay, --forward-delay=forward-delay
832 Specifies the STP Bridge Forward Delay parameter. When this
833 node is the root node, then all bridges in the network use this
834 timer to sequence the link states when a port is enabled. The
835 default value is 15 seconds. Valid values are from 4 to 30
836 seconds.
837
838 Bridges must obey the following two constraints:
839
840 2 * (forward-delay - 1.0) >= max-age
841
842 max-age >= 2 * (hello-time + 1.0)
843
844
845 Any parameter setting that would violate those constraints is
846 treated as an error and causes the command to fail with a
847 diagnostic message. The message provides valid alternatives to
848 the supplied values.
849
850
851 -f force-protocol, --force-protocol=force-protocol
852 Specifies the MSTP forced maximum supported protocol. The
853 default value is 3. Valid values are non-negative integers. The
854 current implementation does not support RSTP or MSTP, so this
855 currently has no effect. However, to prevent MSTP from being
856 used in the future, the parameter may be set to 0 for STP only
857 or 2 for STP and RSTP.
858
859
860 -l link, --link=link
861 Specifies one or more links to add to the newly-created bridge.
862 This is similar to creating the bridge and then adding one or
863 more links, as with the add-bridge subcommand. However, if any
864 of the links cannot be added, the entire command fails, and the
865 new bridge itself is not created. To add multiple links on the
866 same command line, repeat this option for each link. You are
867 permitted to create bridges without links. For more information
868 about link assignments, see the add-bridge subcommand.
869
870 Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG
871 privilege. Bridge creation might fail if the optional bridging
872 feature is not installed on the system.
873
874
875 dladm modify-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m max-age] [
876 -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l link...] bridge-
877 name
878 Modify the operational parameters of an existing bridge. The
879 options are the same as for the create-bridge subcommand, except
880 that the -l option is not permitted. To add links to an existing
881 bridge, use the add-bridge subcommand.
882
883 Bridge parameter modification requires the PRIV_SYS_DL_CONFIG
884 privilege.
885
886
887 dladm delete-bridge [-R root-dir] bridge-name
888 Delete a bridge instance. The bridge being deleted must not have
889 any attached links. Use the remove-bridge subcommand to deactivate
890 links before deleting a bridge.
891
892 Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
893
894 The -R (--root-dir) option is the same as for the create-bridge
895 subcommand.
896
897
898 dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
899 Add one or more links to an existing bridge. If multiple links are
900 specified, and adding any one of them results in an error, the
901 command fails and no changes are made to the system.
902
903 Link addition to a bridge requires the PRIV_SYS_DL_CONFIG
904 privilege.
905
906 A link may be a member of at most one bridge. An error occurs when
907 you attempt to add a link that already belongs to another bridge.
908 To move a link from one bridge instance to another, remove it from
909 the current bridge before adding it to a new one.
910
911 The links assigned to a bridge must not also be VLANs, VNICs, or
912 tunnels. Only physical Ethernet datalinks, aggregation datalinks,
913 wireless links, and Ethernet stubs are permitted to be assigned to
914 a bridge.
915
916 Links assigned to a bridge must all have the same MTU. This is
917 checked when the link is assigned. The link is added to the bridge
918 in a deactivated form if it is not the first link on the bridge and
919 it has a differing MTU.
920
921 Note that systems using bridging should not set the eeprom(1M)
922 local-mac-address? variable to false.
923
924 The options are the same as for the create-bridge subcommand.
925
926
927 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
928 Remove one or more links from a bridge instance. If multiple links
929 are specified, and removing any one of them would result in an
930 error, the command fails and none are removed.
931
932 Link removal from a bridge requires the PRIV_SYS_DL_CONFIG
933 privilege.
934
935 The options are the same as for the create-bridge subcommand.
936
937
938 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...] [bridge-name]
939 Show the running status and configuration of bridges, their
940 attached links, learned forwarding entries, and TRILL nickname
941 databases. When showing overall bridge status and configuration,
942 the bridge name can be omitted to show all bridges. The other forms
943 require a specified bridge.
944
945 The show-bridge subcommand accepts the following options:
946
947 -i interval, --interval=interval
948 Used with the -s option to specify an interval, in seconds, at
949 which statistics should be displayed. If this option is not
950 specified, statistics will be displayed only once.
951
952
953 -s, --statistics
954 Display statistics for the specified bridges or for a given
955 bridge's attached links. This option cannot be used with the -f
956 and -t options.
957
958
959 -p, --parseable
960 Display using a stable machine-parsable format. See "Parsable
961 Output Format," below.
962
963
964 -o field[,...], --output=field[,...]
965 A case-insensitive, comma-separated list of output fields to
966 display. The field names are described below. The special value
967 all displays all fields. Each set of fields has its own default
968 set to display when -o is not specified.
969
970 By default, the show-bridge subcommand shows bridge configuration.
971 The following fields can be shown:
972
973 BRIDGE
974 The name of the bridge.
975
976
977 ADDRESS
978 The Bridge Unique Identifier value (MAC address).
979
980
981 PRIORITY
982 Configured priority value; set by -p with create-bridge and
983 modify-bridge.
984
985
986 BMAXAGE
987 Configured bridge maximum age; set by -m with create-bridge and
988 modify-bridge.
989
990
991 BHELLOTIME
992 Configured bridge hello time; set by -h with create-bridge and
993 modify-bridge.
994
995
996 BFWDDELAY
997 Configured forwarding delay; set by -d with create-bridge and
998 modify-bridge.
999
1000
1001 FORCEPROTO
1002 Configured forced maximum protocol; set by -f with create-bridge
1003 and modify-bridge.
1004
1005
1006 TCTIME
1007 Time, in seconds, since last topology change.
1008
1009
1010 TCCOUNT
1011 Count of the number of topology changes.
1012
1013
1014 TCHANGE
1015 This indicates that a topology change was detected.
1016
1017
1018 DESROOT
1019 Bridge Identifier of the root node.
1020
1021
1022 ROOTCOST
1023 Cost of the path to the root node.
1024
1025
1026 ROOTPORT
1027 Port number used to reach the root node.
1028
1029
1030 MAXAGE
1031 Maximum age value from the root node.
1032
1033
1034 HELLOTIME
1035 Hello time value from the root node.
1036
1037
1038 FWDDELAY
1039 Forward delay value from the root node.
1040
1041
1042 HOLDTIME
1043 Minimum BPDU interval.
1044
1045 By default, when the -o option is not specified, only the BRIDGE,
1046 ADDRESS, PRIORITY, and DESROOT fields are shown.
1047
1048 When the -s option is specified, the show-bridge subcommand shows
1049 bridge statistics. The following fields can be shown:
1050
1051 BRIDGE
1052 Bridge name.
1053
1054
1055 DROPS
1056 Number of packets dropped due to resource problems.
1057
1058
1059 FORWARDS
1060 Number of packets forwarded from one link to another.
1061
1062
1063 MBCAST
1064 Number of multicast and broadcast packets handled by the
1065 bridge.
1066
1067
1068 RECV
1069 Number of packets received on all attached links.
1070
1071
1072 SENT
1073 Number of packets sent on all attached links.
1074
1075
1076 UNKNOWN
1077 Number of packets handled that have an unknown destination.
1078 Such packets are sent to all links.
1079
1080 By default, when the -o option is not specified, only the BRIDGE,
1081 DROPS, and FORWARDS fields are shown.
1082
1083 The show-bridge subcommand also accepts the following options:
1084
1085 -l, --link
1086 Displays link-related status and statistics information for all
1087 links attached to a single bridge instance. By using this
1088 option and without the -s option, the following fields can be
1089 displayed for each link:
1090
1091 LINK
1092 The link name.
1093
1094
1095 INDEX
1096 Port (link) index number on the bridge.
1097
1098
1099 STATE
1100 State of the link. The state can be disabled, discarding,
1101 learning, forwarding, non-stp, or bad-mtu.
1102
1103
1104 UPTIME
1105 Number of seconds since the last reset or initialization.
1106
1107
1108 OPERCOST
1109 Actual cost in use (1-65535).
1110
1111
1112 OPERP2P
1113 This indicates whether point-to-point (P2P) mode been
1114 detected.
1115
1116
1117 OPEREDGE
1118 This indicates whether edge mode has been detected.
1119
1120
1121 DESROOT
1122 The Root Bridge Identifier that has been seen on this port.
1123
1124
1125 DESCOST
1126 Path cost to the network root node through the designated
1127 port.
1128
1129
1130 DESBRIDGE
1131 Bridge Identifier for this port.
1132
1133
1134 DESPORT
1135 The ID and priority of the port used to transmit
1136 configuration messages for this port.
1137
1138
1139 TCACK
1140 This indicates whether Topology Change Acknowledge has been
1141 seen.
1142
1143 When the -l option is specified without the -o option, only the
1144 LINK, STATE, UPTIME, and DESROOT fields are shown.
1145
1146 When the -l option is specified, the -s option can be used to
1147 display the following fields for each link:
1148
1149 LINK
1150 Link name.
1151
1152
1153 CFGBPDU
1154 Number of configuration BPDUs received.
1155
1156
1157 TCNBPDU
1158 Number of topology change BPDUs received.
1159
1160
1161 RSTPBPDU
1162 Number of Rapid Spanning Tree BPDUs received.
1163
1164
1165 TXBPDU
1166 Number of BPDUs transmitted.
1167
1168
1169 DROPS
1170 Number of packets dropped due to resource problems.
1171
1172
1173 RECV
1174 Number of packets received by the bridge.
1175
1176
1177 XMIT
1178 Number of packets sent by the bridge.
1179
1180 When the -o option is not specified, only the LINK, DROPS, RECV,
1181 and XMIT fields are shown.
1182
1183
1184 -f, --forwarding
1185 Displays forwarding entries for a single bridge instance. With
1186 this option, the following fields can be shown for each
1187 forwarding entry:
1188
1189 DEST
1190 Destination MAC address.
1191
1192
1193 AGE
1194 Age of entry in seconds and milliseconds. Omitted for local
1195 entries.
1196
1197
1198 FLAGS
1199 The L (local) flag is shown if the MAC address belongs to
1200 an attached link or to a VNIC on one of the attached links.
1201
1202
1203 OUTPUT
1204 For local entries, this is the name of the attached link
1205 that has the MAC address. Otherwise, for bridges that use
1206 Spanning Tree Protocol, this is the output interface name.
1207 For RBridges, this is the output TRILL nickname.
1208
1209 When the -o option is not specified, the DEST, AGE, FLAGS, and
1210 OUTPUT fields are shown.
1211
1212
1213 -t, --trill
1214 Displays TRILL nickname entries for a single bridge instance.
1215 With this option, the following fields can be shown for each
1216 TRILL nickname entry:
1217
1218 NICK
1219 TRILL nickname for this RBridge, which is a number from 1
1220 to 65535.
1221
1222
1223 FLAGS
1224 The L flag is shown if the nickname identifies the local
1225 system.
1226
1227
1228 LINK
1229 Link name for output when sending messages to this RBridge.
1230
1231
1232 NEXTHOP
1233 MAC address of the next hop RBridge that is used to reach
1234 the RBridge with this nickname.
1235
1236 When the -o option is not specified, the NICK, FLAGS, LINK, and
1237 NEXTHOP fields are shown.
1238
1239
1240
1241 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
1242 Create a tagged VLAN link with an ID of vid over Ethernet link
1243 ether-link. The name of the VLAN link can be specified as vlan-link.
1244 If the name is not specified, a name will be automatically
1245 generated (assuming that ether-link is namePPA) as:
1246
1247 <name><1000 * vlan-tag + PPA>
1248
1249
1250 For example, if ether-link is bge1 and vid is 2, the name generated
1251 is bge2001.
1252
1253 -f, --force
1254 Force the creation of the VLAN link. Some devices do not allow
1255 frame sizes large enough to include a VLAN header. When
1256 creating a VLAN link over such a device, the -f option is
1257 needed, and the MTU of the IP interfaces on the resulting VLAN
1258 must be set to 1496 instead of 1500.
1259
1260
1261 -l ether-link
1262 Specifies Ethernet link over which VLAN is created.
1263
1264
1265 -t, --temporary
1266 Specifies that the VLAN link is temporary. Temporary VLAN links
1267 last until the next reboot.
1268
1269
1270 -R root-dir, --root-dir=root-dir
1271 See "Options," above.
1272
1273
1274
1275 dladm delete-vlan [-t] [-R root-dir] vlan-link
1276 Delete the VLAN link specified.
1277
1278 The delete-vlansubcommand accepts the following options:
1279
1280 -t, --temporary
1281 Specifies that the deletion is temporary. Temporary deletions
1282 last until the next reboot.
1283
1284
1285 -R root-dir, --root-dir=root-dir
1286 See "Options," above.
1287
1288
1289
1290 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
1291 Display VLAN configuration for all VLAN links or for the specified
1292 VLAN link.
1293
1294 The show-vlansubcommand accepts the following options:
1295
1296 -o field[,...], --output=field[,...]
1297 A case-insensitive, comma-separated list of output fields to
1298 display. The field name must be one of the fields listed below,
1299 or the special value all, to display all fields. For each VLAN
1300 link, the following fields can be displayed:
1301
1302 LINK
1303 The name of the VLAN link.
1304
1305
1306 VID
1307 The ID associated with the VLAN.
1308
1309
1310 OVER
1311 The name of the physical link over which this VLAN is
1312 configured.
1313
1314
1315 FLAGS
1316 A set of flags associated with the VLAN link. Possible
1317 flags are:
1318
1319 f
1320 The VLAN was created using the -f option to create-vlan.
1321
1322
1323 i
1324 The VLAN was implicitly created when the DLPI link was
1325 opened. These VLAN links are automatically deleted on
1326 last close of the DLPI link (for example, when the IP
1327 interface associated with the VLAN link is unplumbed).
1328
1329 Additional flags might be defined in the future.
1330
1331
1332
1333 -p, --parseable
1334 Display using a stable machine-parseable format. The -o option is
1335 required with -p. See "Parseable Output Format", below.
1336
1337
1338 -P, --persistent
1339 Display the persistent VLAN configuration rather than the state
1340 of the running system.
1341
1342
1343
1344 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
1345 Scans for WiFi networks, either on all WiFi links, or just on the
1346 specified wifi-link.
1347
1348 By default, currently all fields but BSSTYPE are displayed.
1349
1350 -o field[,...], --output=field[,...]
1351 A case-insensitive, comma-separated list of output fields to
1352 display. The field name must be one of the fields listed below,
1353 or the special value all to display all fields. For each WiFi
1354 network found, the following fields can be displayed:
1355
1356 LINK
1357 The name of the link the WiFi network is on.
1358
1359
1360 ESSID
1361 The ESSID (name) of the WiFi network.
1362
1363
1364 BSSID
1365 Either the hardware address of the WiFi network's Access
1366 Point (for BSS networks), or the WiFi network's randomly
1367 generated unique token (for IBSS networks).
1368
1369
1370 SEC
1371 Either none for a WiFi network that uses no security, wep
1372 for a WiFi network that requires WEP (Wired Equivalent
1373 Privacy), or wpa for a WiFi network that requires WPA (Wi-Fi
1374 Protected Access).
1375
1376
1377 MODE
1378 The supported connection modes: one or more of a, b, or g.
1379
1380
1381 STRENGTH
1382 The strength of the signal: one of excellent, very good,
1383 good, weak, or very weak.
1384
1385
1386 SPEED
1387 The maximum speed of the WiFi network, in megabits per
1388 second.
1389
1390
1391 BSSTYPE
1392 Either bss for BSS (infrastructure) networks, or ibss for
1393 IBSS (ad-hoc) networks.
1394
1395
1396
1397 -p, --parseable
1398 Display using a stable machine-parseable format. The -o option is
1399 required with -p. See "Parseable Output Format", below.
1400
1401
1402
1403 dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s none | wep | wpa]
1404 [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T time] [wifi-link]
1405 Connects to a WiFi network. This consists of four steps: discovery,
1406 filtration, prioritization, and association. However, to enable
1407 connections to non-broadcast WiFi networks and to improve
1408 performance, if a BSSID or ESSID is specified using the -e or -i
1409 options, then the first three steps are skipped and connect-wifi
1410 immediately attempts to associate with a BSSID or ESSID that
1411 matches the rest of the provided parameters. If this association
1412 fails, but there is a possibility that other networks matching the
1413 specified criteria exist, then the traditional discovery process
1414 begins as specified below.
1415
1416 The discovery step finds all available WiFi networks on the
1417 specified WiFi link, which must not yet be connected. For
1418 administrative convenience, if there is only one WiFi link on the
1419 system, wifi-link can be omitted.
1420
1421 Once discovery is complete, the list of networks is filtered
1422 according to the value of the following options:
1423
1424 -e essid, --essid=essid
1425 Networks that do not have the same essid are filtered out.
1426
1427
1428 -b bss|ibss, --bsstype=bss|ibss
1429 Networks that do not have the same bsstype are filtered out.
1430
1431
1432 -m a|b|g, --mode=a|b|g
1433 Networks not appropriate for the specified 802.11 mode are
1434 filtered out.
1435
1436
1437 -k key,..., --key=key, ...
1438 Use the specified secobj named by the key to connect to the
1439 network. Networks not appropriate for the specified keys are
1440 filtered out.
1441
1442
1443 -s none|wep|wpa, --sec=none|wep|wpa
1444 Networks not appropriate for the specified security mode are
1445 filtered out.
1446
1447 Next, the remaining networks are prioritized, first by signal
1448 strength, and then by maximum speed. Finally, an attempt is made to
1449 associate with each network in the list, in order, until one
1450 succeeds or no networks remain.
1451
1452 In addition to the options described above, the following options
1453 also control the behavior of connect-wifi:
1454
1455 -a open|shared, --auth=open|shared
1456 Connect using the specified authentication mode. By default,
1457 open and shared are tried in order.
1458
1459
1460 -c, --create-ibss
1461 Used with -b ibss to create a new ad-hoc network if one matching
1462 the specified ESSID cannot be found. If no ESSID is specified,
1463 then -c -b ibss always triggers the creation of a new ad-hoc
1464 network.
1465
1466
1467 -T time, --timeout=time
1468 Specifies the number of seconds to wait for association to
1469 succeed. If time is forever, then the associate will wait
1470 indefinitely. The current default is ten seconds, but this
1471 might change in the future. Timeouts shorter than the default
1472 might not succeed reliably.
1473
1474
1475 -k key,..., --key=key,...
1476 In addition to the filtering previously described, the
1477 specified keys will be used to secure the association. The
1478 security mode to use will be based on the key class; if a
1479 security mode was explicitly specified, it must be compatible
1480 with the key class. All keys must be of the same class.
1481
1482 For security modes that support multiple key slots, the slot to
1483 place the key will be specified by a colon followed by an
1484 index. Therefore, -k mykey:3 places mykey in slot 3. By default,
1485 slot 1 is assumed. For security modes that support multiple
1486 keys, a comma-separated list can be specified, with the first
1487 key being the active key.
1488
1489
1490
1491 dladm disconnect-wifi [-a] [wifi-link]
1492 Disconnect from one or more WiFi networks. If wifi-link specifies a
1493 connected WiFi link, then it is disconnected. For administrative
1494 convenience, if only one WiFi link is connected, wifi-link can be
1495 omitted.
1496
1497 -a, --all-links
1498 Disconnects from all connected links. This is primarily
1499 intended for use by scripts.
1500
1501
1502
1503 dladm show-wifi [[-p] -o field,...] [wifi-link]
1504 Shows WiFi configuration information either for all WiFi links or
1505 for the specified link wifi-link.
1506
1507 -o field,..., --output=field
1508 A case-insensitive, comma-separated list of output fields to
1509 display. The field name must be one of the fields listed below,
1510 or the special value all, to display all fields. For each WiFi
1511 link, the following fields can be displayed:
1512
1513 LINK
1514 The name of the link being displayed.
1515
1516
1517 STATUS
1518 Either connected if the link is connected, or disconnected
1519 if it is not connected. If the link is disconnected, all
1520 remaining fields have the value --.
1521
1522
1523 ESSID
1524 The ESSID (name) of the connected WiFi network.
1525
1526
1527 BSSID
1528 Either the hardware address of the WiFi network's Access
1529 Point (for BSS networks), or the WiFi network's randomly
1530 generated unique token (for IBSS networks).
1531
1532
1533 SEC
1534 Either none for a WiFi network that uses no security, wep
1535 for a WiFi network that requires WEP, or wpa for a WiFi
1536 network that requires WPA.
1537
1538
1539 MODE
1540 The supported connection modes: one or more of a, b, or g.
1541
1542
1543 STRENGTH
1544 The connection strength: one of excellent, very good, good,
1545 weak, or very weak.
1546
1547
1548 SPEED
1549 The connection speed, in megabits per second.
1550
1551
1552 AUTH
1553 Either open or shared (see connect-wifi).
1554
1555
1556 BSSTYPE
1557 Either bss for BSS (infrastructure) networks, or ibss for
1558 IBSS (ad-hoc) networks.
1559
1560 By default, currently all fields but AUTH, BSSID, BSSTYPE are
1561 displayed.
1562
1563
1564 -p, --parseable
1565 Displays using a stable machine-parseable format. The -o option
1566 is required with -p. See "Parseable Output Format", below.
1567
1568
1569
1570 dladm show-ether [-x] [[-p] -o field,...] [ether-link]
1571 Shows state information either for all physical Ethernet links or
1572 for a specified physical Ethernet link.
1573
1574 The show-ether subcommand accepts the following options:
1575
1576 -o field,..., --output=field
1577 A case-insensitive, comma-separated list of output fields to
1578 display. The field name must be one of the fields listed below,
1579 or the special value all to display all fields. For each link,
1580 the following fields can be displayed:
1581
1582 LINK
1583 The name of the link being displayed.
1584
1585
1586 PTYPE
1587 Parameter type, where current indicates the negotiated
1588 state of the link, capable indicates capabilities supported
1589 by the device, adv indicates the advertised capabilities,
1590 and peeradv indicates the capabilities advertised by the
1591 link-partner.
1592
1593
1594 STATE
1595 The state of the link.
1596
1597
1598 AUTO
1599 A yes/no value indicating whether auto-negotiation is
1600 advertised.
1601
1602
1603 SPEED-DUPLEX
1604 Combinations of speed and duplex values available. The
1605 units of speed are encoded with a trailing suffix of G
1606 (Gigabits/s) or M (Mb/s). Duplex values are encoded as f
1607 (full-duplex) or h (half-duplex).
1608
1609
1610 PAUSE
1611 Flow control information. Can be no, indicating no flow
1612 control is available; tx, indicating that the end-point can
1613 transmit pause frames, but ignores any received pause
1614 frames; rx, indicating that the end-point receives and acts
1615 upon received pause frames; or bi, indicating bi-directional
1616 flow-control.
1617
1618
1619 REM_FAULT
1620 Fault detection information. Valid values are none or
1621 fault.
1622
1623 By default, all fields except REM_FAULT are displayed for the
1624 "current" PTYPE.
1625
1626
1627 -p, --parseable
1628 Displays using a stable machine-parseable format. The -o option
1629 is required with -p. See "Parseable Output Format", below.
1630
1631
1632 -x, --extended
1633 Extended output is displayed for PTYPE values of current,
1634 capable, adv and peeradv.
1635
1636
1637
1638 dladm set-linkprop [-t] [-R root-dir] [-z zonename] -p prop=value[,...] link
1639 Sets the values of one or more properties on the link specified.
1640 The list of properties and their possible values depend on the link
1641 type, the network device driver, and networking hardware. These
1642 properties can be retrieved using show-linkprop.
1643
1644 -t, --temporary
1645 Specifies that the changes are temporary. Temporary changes
1646 last until the next reboot.
1647
1648
1649 -R root-dir, --root-dir=root-dir
1650 See "Options," above.
1651
1652
1653 -z zonenme
1654 Operate on a link that has been delegated to the specified
1655 zone.
1656
1657
1658 -p prop=value[,...], --prop prop=value[,...]
1659 A comma-separated list of properties to set to the specified
1660 values.
1661
1662 Note that when the persistent value is set, the temporary value
1663 changes to the same value.
1664
1665
1666 dladm reset-linkprop [-t] [-R root-dir] [-z zonename] [-p prop,...] link
1667 Resets one or more properties to their values on the link
1668 specified. Properties are reset to the values they had at startup.
1669 If no properties are specified, all properties are reset. See show-
1670 linkprop for a description of properties.
1671
1672 -t, --temporary
1673 Specifies that the resets are temporary. Values are reset to
1674 default values. Temporary resets last until the next reboot.
1675
1676
1677 -R root-dir, --root-dir=root-dir
1678 See "Options," above.
1679
1680
1681 -z zonenme
1682 Operate on a link that has been delegated to the specified
1683 zone.
1684
1685
1686 -p prop, ..., --prop=prop, ...
1687 A comma-separated list of properties to reset.
1688
1689 Note that when the persistent value is reset, the temporary value
1690 changes to the same value.
1691
1692
1693 dladm show-linkprop [-P] [-z zonename] [[-c] -o field[,...]][-p prop[,...]]
1694 [link]
1695 Show the current or persistent values of one or more properties,
1696 either for all datalinks or for the specified link. By default,
1697 current values are shown. If no properties are specified, all
1698 available link properties are displayed. For each property, the
1699 following fields are displayed:
1700
1701 -o field[,...], --output=field
1702 A case-insensitive, comma-separated list of output fields to
1703 display. The field name must be one of the fields listed below,
1704 or the special value all to display all fields. For each link,
1705 the following fields can be displayed:
1706
1707 LINK
1708 The name of the datalink.
1709
1710
1711 PROPERTY
1712 The name of the property.
1713
1714
1715 PERM
1716 The read/write permissions of the property. The value shown
1717 is one of ro or rw.
1718
1719
1720 VALUE
1721 The current (or persistent) property value. If the value is
1722 not set, it is shown as --. If it is unknown, the value is
1723 shown as ?. Persistent values that are not set or have been
1724 reset will be shown as -- and will use the system DEFAULT
1725 value (if any).
1726
1727
1728 DEFAULT
1729 The default value of the property. If the property has no
1730 default value, -- is shown.
1731
1732
1733 POSSIBLE
1734 A comma-separated list of the values the property can have.
1735 If the values span a numeric range, min - max might be
1736 shown as shorthand. If the possible values are unknown or
1737 unbounded, -- is shown.
1738
1739 The list of properties depends on the link type and network
1740 device driver, and the available values for a given property
1741 further depends on the underlying network hardware and its
1742 state. General link properties are documented in the LINK
1743 PROPERTIES section. However, link properties that begin with
1744 "_" (underbar) are specific to a given link or its underlying
1745 network device and subject to change or removal. See the
1746 appropriate network device driver man page for details.
1747
1748
1749 -c, --parseable
1750 Display using a stable machine-parseable format. The -o option is
1751 required with this option. See "Parseable Output Format",
1752 below.
1753
1754
1755 -P, --persistent
1756 Display persistent link property information
1757
1758
1759 -z zonenme
1760 Operate on a link that has been delegated to the specified
1761 zone.
1762
1763
1764 -p prop, ..., --prop=prop, ...
1765 A comma-separated list of properties to show. See the sections
1766 on link properties following subcommand descriptions.
1767
1768
1769
1770 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
1771 Create a secure object named secobj in the specified class to be
1772 later used as a WEP or WPA key in connecting to an encrypted
1773 network. The value of the secure object can either be provided
1774 interactively or read from a file. The sequence of interactive
1775 prompts and the file format depends on the class of the secure
1776 object.
1777
1778 Currently, the classes wep and wpa are supported. The WEP (Wired
1779 Equivalent Privacy) key can be either 5 or 13 bytes long. It can be
1780 provided either as an ASCII or hexadecimal string -- thus, 12345
1781 and 0x3132333435 are equivalent 5-byte keys (the 0x prefix can be
1782 omitted). A file containing a WEP key must consist of a single line
1783 using either WEP key format. The WPA (Wi-Fi Protected Access) key
1784 must be provided as an ASCII string with a length between 8 and 63
1785 bytes.
1786
1787 This subcommand is only usable by users or roles that belong to the
1788 "Network Link Security" RBAC profile.
1789
1790 -c class, --class=class
1791 class can be wep or wpa. See preceding discussion.
1792
1793
1794 -t, --temporary
1795 Specifies that the creation is temporary. Temporary creation
1796 last until the next reboot.
1797
1798
1799 -R root-dir, --root-dir=root-dir
1800 See "Options," above.
1801
1802
1803 -f file, --file=file
1804 Specifies a file that should be used to obtain the secure
1805 object's value. The format of this file depends on the secure
1806 object class. See the EXAMPLES section for an example of using
1807 this option to set a WEP key.
1808
1809
1810
1811 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
1812 Delete one or more specified secure objects. This subcommand is
1813 only usable by users or roles that belong to the "Network Link
1814 Security" RBAC profile.
1815
1816 -t, --temporary
1817 Specifies that the deletions are temporary. Temporary deletions
1818 last until the next reboot.
1819
1820
1821 -R root-dir, --root-dir=root-dir
1822 See "Options," above.
1823
1824
1825
1826 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
1827 Show current or persistent secure object information. If one or
1828 more secure objects are specified, then information for each is
1829 displayed. Otherwise, all current or persistent secure objects are
1830 displayed.
1831
1832 By default, current secure objects are displayed, which are all
1833 secure objects that have either been persistently created and not
1834 temporarily deleted, or temporarily created.
1835
1836 For security reasons, it is not possible to show the value of a
1837 secure object.
1838
1839 -o field[,...] , --output=field[,...]
1840 A case-insensitive, comma-separated list of output fields to
1841 display. The field name must be one of the fields listed below.
1842 For displayed secure object, the following fields can be shown:
1843
1844 OBJECT
1845 The name of the secure object.
1846
1847
1848 CLASS
1849 The class of the secure object.
1850
1851
1852
1853 -p, --parseable
1854 Display using a stable machine-parseable format. The -o option is
1855 required with -p. See "Parseable Output Format", below.
1856
1857
1858 -P, --persistent
1859 Display persistent secure object information
1860
1861
1862
1863 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto | {factory [-n
1864 slot-identifier]} | {random [-r prefix]}] [-v vlan-id] [-p prop=value[,...]]
1865 vnic-link
1866 Create a VNIC with name vnic-link over the specified link.
1867
1868 -t, --temporary
1869 Specifies that the VNIC is temporary. Temporary VNICs last
1870 until the next reboot.
1871
1872
1873 -R root-dir, --root-dir=root-dir
1874 See "Options," above.
1875
1876
1877 -l link, --link=link
1878 link can be a physical link or an etherstub.
1879
1880
1881 -m value | keyword, --mac-address=value | keyword
1882 Sets the VNIC's MAC address based on the specified value or
1883 keyword. If value is not a keyword, it is interpreted as a
1884 unicast MAC address, which must be valid for the underlying
1885 NIC. The following special keywords can be used:
1886
1887 factory [-n slot-identifier],
1888 factory [--slot=slot-identifier]
1889 Assign a factory MAC address to the VNIC. When a factory
1890 MAC address is requested, -m can be combined with the -n
1891 option to specify a MAC address slot to be used. If -n is
1892 not specified, the system will choose the next available
1893 factory MAC address. The -m option of the show-phys
1894 subcommand can be used to display the list of factory MAC
1895 addresses, their slot identifiers, and their availability.
1896
1897
1898 random [-r prefix],
1899 random [--mac-prefix=prefix]
1900 Assign a random MAC address to the VNIC. A default prefix
1901 consisting of a valid IEEE OUI with the local bit set will
1902 be used. That prefix can be overridden with the -r option.
1903
1904
1905 auto
1906 Try and use a factory MAC address first. If none is
1907 available, assign a random MAC address. auto is the default
1908 action if the -m option is not specified.
1909
1910
1911 -v vlan-id
1912 Enable VLAN tagging for this VNIC. The VLAN tag will have
1913 id vlan-id.
1914
1915
1916
1917 -p prop=value,..., --prop prop=value,...
1918 A comma-separated list of properties to set to the specified
1919 values.
1920
1921
1922
1923 dladm delete-vnic [-t] [-R root-dir] [-z zonename] vnic-link
1924 Deletes the specified VNIC.
1925
1926 -t, --temporary
1927 Specifies that the deletion is temporary. Temporary deletions
1928 last until the next reboot.
1929
1930
1931 -R root-dir, --root-dir=root-dir
1932 See "Options," above.
1933
1934
1935 -z zonenme
1936 Operate on a link that has been delegated to the specified
1937 zone.
1938
1939
1940
1941 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]] [-l link] [-z
1942 zonename] [vnic-link]
1943 Show VNIC configuration information (the default) or statistics,
1944 for all VNICs, all VNICs on a link, or only the specified vnic-link.
1945
1946 -o field[,...] , --output=field[,...]
1947 A case-insensitive, comma-separated list of output fields to
1948 display. The field name must be one of the fields listed below.
1949 The field name must be one of the fields listed below, or the
1950 special value all to display all fields. By default (without
1951 -o), show-vnic displays all fields.
1952
1953 LINK
1954 The name of the VNIC.
1955
1956
1957 OVER
1958 The name of the physical link over which this VNIC is
1959 configured.
1960
1961
1962 SPEED
1963 The maximum speed of the VNIC, in megabits per second.
1964
1965
1966 MACADDRESS
1967 MAC address of the VNIC.
1968
1969
1970 MACADDRTYPE
1971 MAC address type of the VNIC. dladm distinguishes among the
1972 following MAC address types:
1973
1974 random
1975 A random address assigned to the VNIC.
1976
1977
1978 factory
1979 A factory MAC address used by the VNIC.
1980
1981
1982
1983
1984 -p, --parseable
1985 Display using a stable machine-parseable format. The -o option is
1986 required with -p. See "Parseable Output Format", below.
1987
1988
1989 -P, --persistent
1990 Display the persistent VNIC configuration.
1991
1992
1993 -s, --statistics
1994 Displays VNIC statistics.
1995
1996
1997 -i interval, --interval=interval
1998 Used with the -s option to specify an interval, in seconds, at
1999 which statistics should be displayed. If this option is not
2000 specified, statistics will be displayed only once.
2001
2002
2003 -l link, --link=link
2004 Display information for all VNICs on the named link.
2005
2006
2007 -z zonenme
2008 Operate on a link that has been delegated to the specified
2009 zone.
2010
2011
2012
2013 dladm create-etherstub [-t] [-R root-dir] etherstub
2014 Create an etherstub with the specified name.
2015
2016 -t, --temporary
2017 Specifies that the etherstub is temporary. Temporary etherstubs
2018 do not persist across reboots.
2019
2020
2021 -R root-dir, --root-dir=root-dir
2022 See "Options," above.
2023
2024 VNICs can be created on top of etherstubs instead of physical NICs.
2025 As with physical NICs, such a creation causes the stack to
2026 implicitly create a virtual switch between the VNICs created on top
2027 of the same etherstub.
2028
2029
2030 dladm delete-etherstub [-t] [-R root-dir] etherstub
2031 Delete the specified etherstub.
2032
2033 -t, --temporary
2034 Specifies that the deletion is temporary. Temporary deletions
2035 last until the next reboot.
2036
2037
2038 -R root-dir, --root-dir=root-dir
2039 See "Options," above.
2040
2041
2042
2043 dladm show-etherstub [etherstub]
2044 Show all configured etherstubs by default, or the specified
2045 etherstub if etherstub is specified.
2046
2047
2048 dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst] iptun-link
2049 Create an IP tunnel link named iptun-link. Such links can
2050 additionally be protected with IPsec using ipsecconf(1M).
2051
2052 An IP tunnel is conceptually comprised of two parts: a virtual link
2053 between two or more IP nodes, and an IP interface above this link
2054 that allows the system to transmit and receive IP packets
2055 encapsulated by the underlying link. This subcommand creates a
2056 virtual link. The ifconfig(1M) command is used to configure IP
2057 interfaces above the link.
2058
2059 -t, --temporary
2060 Specifies that the IP tunnel link is temporary. Temporary
2061 tunnels last until the next reboot.
2062
2063
2064 -R root-dir, --root-dir=root-dir
2065 See "Options," above.
2066
2067
2068 -T type, --tunnel-type=type
2069 Specifies the type of tunnel to be created. The type must be
2070 one of the following:
2071
2072 ipv4
2073 A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
2074 This type of tunnel requires IPv4 source and destination
2075 addresses to function. IPv4 and IPv6 interfaces can be
2076 plumbed above such a tunnel to create IPv4-over-IPv4 and
2077 IPv6-over-IPv4 tunneling configurations.
2078
2079
2080 ipv6
2081 A point-to-point, IP-over-IP tunnel between two IPv6 nodes as
2082 defined in IETF RFC 2473. This type of tunnel requires IPv6
2083 source and destination addresses to function. IPv4 and IPv6
2084 interfaces can be plumbed above such a tunnel to create
2085 IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configurations.
2086
2087
2088 6to4
2089 A 6to4, point-to-multipoint tunnel as defined in IETF RFC
2090 3056. This type of tunnel requires an IPv4 source address
2091 to function. An IPv6 interface is plumbed on such a tunnel
2092 link to configure a 6to4 router.
2093
2094
2095
2096 -s tsrc, --tunnel-src=tsrc
2097 Literal IP address or hostname corresponding to the tunnel
2098 source. If a hostname is specified, it will be resolved to IP
2099 addresses, and one of those IP addresses will be used as the
2100 tunnel source. Because IP tunnels are created before naming
2101 services have been brought online during the boot process, it
2102 is important that any hostname used be included in /etc/hosts.
2103
2104
2105 -d tdst, --tunnel-dst=tdst
2106 Literal IP address or hostname corresponding to the tunnel
2107 destination.
2108
2109
2110
2111 dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
2112 Modify the parameters of the specified IP tunnel.
2113
2114 -t, --temporary
2115 Specifies that the modification is temporary. Temporary
2116 modifications last until the next reboot.
2117
2118
2119 -R root-dir, --root-dir=root-dir
2120 See "Options," above.
2121
2122
2123 -s tsrc, --tunnel-src=tsrc
2124 Specifies a new tunnel source address. See create-iptun for a
2125 description.
2126
2127
2128 -d tdst, --tunnel-dst=tdst
2129 Specifies a new tunnel destination address. See create-iptun for
2130 a description.
2131
2132
2133
2134 dladm delete-iptun [-t] [-R root-dir] iptun-link
2135 Delete the specified IP tunnel link.
2136
2137 -t, --temporary
2138 Specifies that the deletion is temporary. Temporary deletions
2139 last until the next reboot.
2140
2141
2142 -R root-dir, --root-dir=root-dir
2143 See "Options," above.
2144
2145
2146
2147 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
2148 Show IP tunnel link configuration for a single IP tunnel or all IP
2149 tunnels.
2150
2151 -P, --persistent
2152 Display the persistent IP tunnel configuration.
2153
2154
2155 -p, --parseable
2156 Display using a stable machine-parseable format. The -o option
2157 is required with -p. See "Parseable Output Format", below.
2158
2159
2160 -o field[,...], --output=field[,...]
2161 A case-insensitive, comma-separated list of output fields to
2162 display. The field name must be one of the fields listed below,
2163 or the special value all, to display all fields. By default
2164 (without -o), show-iptun displays all fields.
2165
2166 LINK
2167 The name of the IP tunnel link.
2168
2169
2170 TYPE
2171 Type of tunnel as specified by the -T option of create-iptun.
2172
2173
2174 FLAGS
2175 A set of flags associated with the IP tunnel link. Possible
2176 flags are:
2177
2178 s
2179 The IP tunnel link is protected by IPsec policy. To
2180 display the IPsec policy associated with the tunnel
2181 link, enter:
2182
2183 # ipsecconf -ln -i tunnel-link
2184
2185
2186 See ipsecconf(1M) for more details on how to configure
2187 IPsec policy.
2188
2189
2190 i
2191 The IP tunnel link was implicitly created with
2192 ifconfig(1M), and will be automatically deleted when it
2193 is no longer referenced (that is, when the last IP
2194 interface over the tunnel is unplumbed). See
2195 ifconfig(1M) for details on implicit tunnel creation.
2196
2197
2198
2199 SOURCE
2200 The tunnel source address.
2201
2202
2203 DESTINATION
2204 The tunnel destination address.
2205
2206
2207
2208
2209 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e time]
2210 [link]
2211 Show the historical network usage from a stored extended accounting
2212 file. Configuration and enabling of network accounting through
2213 acctadm(1M) is required. The default output will be the summary of
2214 network usage for the entire period of time in which extended
2215 accounting was enabled.
2216
2217 -a
2218 Display all historical network usage for the specified period
2219 of time during which extended accounting is enabled. This
2220 includes the usage information for the links that have already
2221 been deleted.
2222
2223
2224 -f filename, --file=filename
2225 Read extended accounting records of network usage from
2226 filename.
2227
2228
2229 -F format, --format=format
2230 Specifies the format of plotfile that is specified by the -p
2231 option. As of this release, gnuplot is the only supported
2232 format.
2233
2234
2235 -p plotfile, --plot=plotfile
2236 Write network usage data to a file of the format specified by
2237 the -F option, which is required.
2238
2239
2240 -s time, --start=time
2241 -e time, --stop=time
2242 Start and stop times for data display. Time is in the format
2243 MM/DD/YYYY,hh:mm:ss.
2244
2245
2246 link
2247 If specified, display the network usage only for the named
2248 link. Otherwise, display network usage for all links.
2249
2250
2251
2252 Parseable Output Format
2253 Many dladm subcommands have an option that displays output in a
2254 machine-parseable format. The output format is one or more lines of
2255 colon (:) delimited fields. The fields displayed are specific to the
2256 subcommand used and are listed under the entry for the -o option for a
2257 given subcommand. Output includes only those fields requested by means
2258 of the -o option, in the order requested.
2259
2260
2261 When you request multiple fields, any literal colon characters are
2262 escaped by a backslash (\) before being output. Similarly, literal
2263 backslash characters will also be escaped (\\). This escape format is
2264 parseable by using shell read(1) functions with the environment
2265 variable IFS=: (see EXAMPLES, below). Note that escaping is not done
2266 when you request only a single field.
2267
2268 General Link Properties
2269 The following general link properties are supported:
2270
2271 allowed-ips
2272 A comma-seperated list of IP addresses that are allowed on the
2273 interface.
2274
2275 An address in CIDR format with no host address specified is used to
2276 indicate that any address on that subnet is allowed (e.g.
2277 192.168.10.0/24 means any address in the range 192.168.10.0 -
2278 192.168.10.255 is allowed).
2279
2280
2281 autopush
2282 Specifies the set of STREAMS modules to push on the stream
2283 associated with a link when its DLPI device is opened. It is a
2284 space-delimited list of modules.
2285
2286 The optional special character sequence [anchor] indicates that a
2287 STREAMS anchor should be placed on the stream at the module
2288 previously specified in the list. It is an error to specify more
2289 than one anchor or to have an anchor first in the list.
2290
2291 The autopush property is preferred over the more general
2292 autopush(1M) command.
2293
2294
2295 cpus
2296 Bind the processing of packets for a given data link to a processor
2297 or a set of processors. The value can be a comma-separated list of
2298 one or more processor ids. If the list consists of more than one
2299 processor, the processing will spread out to all the processors.
2300 Connection to processor affinity and packet ordering for any
2301 individual connection will be maintained.
2302
2303 The processor or set of processors are not exclusively reserved for
2304 the link. Only the kernel threads and interrupts associated with
2305 processing of the link are bound to the processor or the set of
2306 processors specified. In case it is desired that processors be
2307 dedicated to the link, psrset(1M) can be used to create a processor
2308 set and then specifying the processors from the processor set to
2309 bind the link to.
2310
2311 If the link was already bound to processor or set of processors due
2312 to a previous operation, the binding will be removed and the new
2313 set of processors will be used instead.
2314
2315 The default is no CPU binding, which is to say that the processing
2316 of packets is not bound to any specific processor or processor set.
2317
2318
2319 learn_limit
2320 Limits the number of new or changed MAC sources to be learned over
2321 a bridge link. When the number exceeds this value, learning on that
2322 link is temporarily disabled. Only non-VLAN, non-VNIC type links have
2323 this property.
2324
2325 The default value is 1000. Valid values are greater or equal to 0.
2326
2327
2328 learn_decay
2329 Specifies the decay rate for source changes limited by learn_limit.
2330 This number is subtracted from the counter for a bridge link every
2331 5 seconds. Only non-VLAN, non-VNIC type links have this property.
2332
2333 The default value is 200. Valid values are greater or equal to 0.
2334
2335
2336 maxbw
2337 Sets the full duplex bandwidth for the link. The bandwidth is
2338 specified as an integer with one of the scale suffixes (K, M, or G
2339 for Kbps, Mbps, and Gbps). If no units are specified, the input
2340 value will be read as Mbps. The default is no bandwidth limit.
2341
2342
2343 priority
2344 Sets the relative priority for the link. The value can be given as
2345 one of the tokens high, medium, or low. The default is high.
2346
2347
2348 stp
2349 Enables or disables Spanning Tree Protocol on a bridge link.
2350 Setting this value to 0 disables Spanning Tree, and puts the link
2351 into forwarding mode with BPDU guarding enabled. This mode is
2352 appropriate for point-to-point links connected only to end nodes.
2353 Only non-VLAN, non-VNIC type links have this property. The default
2354 value is 1, to enable STP.
2355
2356
2357 forward
2358 Enables or disables forwarding for a VLAN. Setting this value to 0
2359 disables bridge forwarding for a VLAN link. Disabling bridge
2360 forwarding removes that VLAN from the "allowed set" for the bridge.
2361 The default value is 1, to enable bridge forwarding for configured
2362 VLANs.
2363
2364
2365 default_tag
2366 Sets the default VLAN ID that is assumed for untagged packets sent
2367 to and received from this link. Only non-VLAN, non-VNIC type links
2368 have this property. Setting this value to 0 disables the bridge
2369 forwarding of untagged packets to and from the port. The default
2370 value is VLAN ID 1. Valid values values are from 0 to 4094.
2371
2372
2373 stp_priority
2374 Sets the STP and RSTP Port Priority value, which is used to
2375 determine the preferred root port on a bridge. Lower numerical
2376 values are higher priority. The default value is 128. Valid values
2377 range from 0 to 255.
2378
2379
2380 stp_cost
2381 Sets the STP and RSTP cost for using the link. The default value is
2382 auto, which sets the cost based on link speed, using 100 for
2383 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
2384 range from 1 to 65535.
2385
2386
2387 stp_edge
2388 Enables or disables bridge edge port detection. If set to 0
2389 (false), the system assumes that the port is connected to other
2390 bridges even if no bridge PDUs of any type are seen. The default
2391 value is 1, which detects edge ports automatically.
2392
2393
2394 stp_p2p
2395 Sets bridge point-to-point operation mode. Possible values are true,
2396 false, and auto. When set to auto, point-to-point connections are
2397 automatically discovered. When set to true, the port mode is forced
2398 to use point-to-point. When set to false, the port mode is forced to
2399 use normal multipoint mode. The default value is auto.
2400
2401
2402 stp_mcheck
2403 Triggers the system to run the RSTP Force BPDU Migration Check
2404 procedure on this link. The procedure is triggered by setting the
2405 property value to 1. The property is automatically reset back to 0.
2406 This value cannot be set unless the following are true:
2407
2408 o The link is bridged
2409
2410 o The bridge is protected by Spanning Tree
2411
2412 o The bridge force-protocol value is at least 2 (RSTP)
2413 The default value is 0.
2414
2415
2416 zone
2417 Specifies the zone to which the link belongs. This property can be
2418 modified only temporarily through dladm, and thus the -t option must
2419 be specified. To modify the zone assignment such that it persists
2420 across reboots, please use zonecfg(1M). Possible values consist of
2421 any exclusive-IP zone currently running on the system. By default,
2422 the zone binding is as per zonecfg(1M).
2423
2424
2425 Wifi Link Properties
2426 The following WiFi link properties are supported. Note that the ability
2427 to set a given property to a given value depends on the driver and
2428 hardware.
2429
2430 channel
2431 Specifies the channel to use. This property can be modified only by
2432 certain WiFi links when in IBSS mode. The default value and allowed
2433 range of values varies by regulatory domain.
2434
2435
2436 powermode
2437 Specifies the power management mode of the WiFi link. Possible
2438 values are off (disable power management), max (maximum power
2439 savings), and fast (performance-sensitive power management). Default
2440 is off.
2441
2442
2443 radio
2444 Specifies the radio mode of the WiFi link. Possible values are on
2445 or off. Default is on.
2446
2447
2448 speed
2449 Specifies a fixed speed for the WiFi link, in megabits per second.
2450 The set of possible values depends on the driver and hardware (but
2451 is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
2452 By default, there is no fixed speed.
2453
2454
2455 Ethernet Link Properties
2456 The following MII Properties, as documented in ieee802.3(5), are
2457 supported in read-only mode:
2458
2459 o duplex
2460
2461 o state
2462
2463 o adv_autoneg_cap
2464
2465 o adv_10gfdx_cap
2466
2467 o adv_1000fdx_cap
2468
2469 o adv_1000hdx_cap
2470
2471 o adv_100fdx_cap
2472
2473 o adv_100hdx_cap
2474
2475 o adv_10fdx_cap
2476
2477 o adv_10hdx_cap
2478
2479
2480 Each adv_ property (for example, adv_10fdx_cap) also has a read/write
2481 counterpart en_ property (for example, en_10fdx_cap) controlling
2482 parameters used at auto-negotiation. In the absence of Power Management,
2483 the adv* speed/duplex parameters provide the values that are both
2484 negotiated and currently effective in hardware. However, with Power
2485 Management enabled, the speed/duplex capabilities currently exposed in
2486 hardware might be a subset of the set of bits that were used in initial
2487 link parameter negotiation. Thus the MII adv_* parameters are marked
2488 read-only, with an additional set of en_* parameters for configuring
2489 speed and duplex properties at initial negotiation.
2490
2491
2492 Note that the adv_autoneg_cap does not have an en_autoneg_cap
2493 counterpart: the adv_autoneg_cap is a 0/1 switch that turns off/on
2494 autonegotiation itself, and therefore cannot be impacted by Power
2495 Management.
2496
2497
2498 In addition, the following Ethernet properties are reported:
2499
2500 speed
2501 (read-only) The operating speed of the device, in Mbps.
2502
2503
2504 mtu
2505 The maximum client SDU (Send Data Unit) supported by the device.
2506 Valid range is 68-65536.
2507
2508
2509 flowctrl
2510 Establishes flow-control modes that will be advertised by the
2511 device. Valid input is one of:
2512
2513 no
2514 No flow control enabled.
2515
2516
2517 rx
2518 Receive, and act upon incoming pause frames.
2519
2520
2521 tx
2522 Transmit pause frames to the peer when congestion occurs, but
2523 ignore received pause frames.
2524
2525
2526 bi
2527 Bidirectional flow control.
2528
2529 Note that the actual settings for this value are constrained by the
2530 capabilities allowed by the device and the link partner.
2531
2532
2533 secondary-macs
2534 A comma-seperated list of additional MAC addresses that are allowed
2535 on the interface.
2536
2537
2538 tagmode
2539 This link property controls the conditions in which 802.1Q VLAN
2540 tags will be inserted in packets being transmitted on the link. Two
2541 mode values can be assigned to this property:
2542
2543 normal
2544 Insert a VLAN tag in outgoing packets under the
2545 following conditions:
2546
2547 o The packet belongs to a VLAN.
2548
2549 o The user requested priority tagging.
2550
2551
2552 vlanonly
2553 Insert a VLAN tag only when the outgoing packet belongs
2554 to a VLAN. If a tag is being inserted in this mode and
2555 the user has also requested a non-zero priority, the
2556 priority is honored and included in the VLAN tag.
2557
2558 The default value is vlanonly.
2559
2560
2561 IP Tunnel Link Properties
2562 The following IP tunnel link properties are supported.
2563
2564 hoplimit
2565 Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating
2566 outer IP header of a tunnel link. This property exists for all
2567 tunnel types. The default value is 64.
2568
2569
2570 encaplimit
2571 Specifies the IPv6 encapsulation limit for an IPv6 tunnel as
2572 defined in RFC 2473. This value is the tunnel nesting limit for a
2573 given tunneled packet. The default value is 4. A value of 0
2574 disables the encapsulation limit.
2575
2576
2577 EXAMPLES
2578 Example 1 Configuring an Aggregation
2579
2580
2581 To configure a data-link over an aggregation of devices bge0 and bge1
2582 with key 1, enter the following command:
2583
2584
2585 # dladm create-aggr -d bge0 -d bge1 1
2586
2587
2588
2589 Example 2 Connecting to a WiFi Link
2590
2591
2592 To connect to the most optimal available unsecured network on a system
2593 with a single WiFi link (as per the prioritization rules specified for
2594 connect-wifi), enter the following command:
2595
2596
2597 # dladm connect-wifi
2598
2599
2600
2601 Example 3 Creating a WiFi Key
2602
2603
2604 To interactively create the WEP key mykey, enter the following command:
2605
2606
2607 # dladm create-secobj -c wep mykey
2608
2609
2610
2611
2612 Alternatively, to non-interactively create the WEP key mykey using the
2613 contents of a file:
2614
2615
2616 # umask 077
2617 # cat >/tmp/mykey.$$ <<EOF
2618 12345
2619 EOF
2620 # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
2621 # rm /tmp/mykey.$$
2622
2623
2624
2625 Example 4 Connecting to a Specified Encrypted WiFi Link
2626
2627
2628 To use key mykey to connect to ESSID wlan on link ath0, enter the
2629 following command:
2630
2631
2632 # dladm connect-wifi -k mykey -e wlan ath0
2633
2634
2635
2636 Example 5 Changing a Link Property
2637
2638
2639 To set powermode to the value fast on link pcwl0, enter the following
2640 command:
2641
2642
2643 # dladm set-linkprop -p powermode=fast pcwl0
2644
2645
2646
2647 Example 6 Connecting to a WPA-Protected WiFi Link
2648
2649
2650 Create a WPA key psk and enter the following command:
2651
2652
2653 # dladm create-secobj -c wpa psk
2654
2655
2656
2657
2658 To then use key psk to connect to ESSID wlan on link ath0, enter the
2659 following command:
2660
2661
2662 # dladm connect-wifi -k psk -e wlan ath0
2663
2664
2665
2666 Example 7 Renaming a Link
2667
2668
2669 To rename the bge0 link to mgmt0, enter the following command:
2670
2671
2672 # dladm rename-link bge0 mgmt0
2673
2674
2675
2676 Example 8 Replacing a Network Card
2677
2678
2679 Consider that the bge0 device, whose link was named mgmt0 as shown in
2680 the previous example, needs to be replaced with a ce0 device because of
2681 a hardware failure. The bge0 NIC is physically removed, and replaced
2682 with a new ce0 NIC. To associate the newly added ce0 device with the
2683 mgmt0 configuration previously associated with bge0, enter the
2684 following command:
2685
2686
2687 # dladm rename-link ce0 mgmt0
2688
2689
2690
2691 Example 9 Removing a Network Card
2692
2693
2694 Suppose that in the previous example, the intent is not to replace the
2695 bge0 NIC with another NIC, but rather to remove and not replace the
2696 hardware. In that case, the mgmt0 datalink configuration is not slated
2697 to be associated with a different physical device as shown in the
2698 previous example, but needs to be deleted. Enter the following command
2699 to delete the datalink configuration associated with the mgmt0
2700 datalink, whose physical hardware (bge0 in this case) has been removed:
2701
2702
2703 # dladm delete-phys mgmt0
2704
2705
2706
2707 Example 10 Using Parseable Output to Capture a Single Field
2708
2709
2710 The following assignment saves the MTU of link net0 to a variable named
2711 mtu.
2712
2713
2714 # mtu=`dladm show-link -p -o mtu net0`
2715
2716
2717
2718 Example 11 Using Parseable Output to Iterate over Links
2719
2720
2721 The following script displays the state of each link on the system.
2722
2723
2724 # dladm show-link -p -o link,state | while IFS=: read link state; do
2725 print "Link $link is in state $state"
2726 done
2727
2728
2729
2730 Example 12 Configuring VNICs
2731
2732
2733 Create two VNICs with names hello0 and test1 over a single physical
2734 link bge0:
2735
2736
2737 # dladm create-vnic -l bge0 hello0
2738 # dladm create-vnic -l bge0 test1
2739
2740
2741
2742 Example 13 Configuring VNICs and Allocating Bandwidth and Priority
2743
2744
2745 Create two VNICs with names hello0 and test1 over a single physical
2746 link bge0 and make hello0 a high priority VNIC with a factory-assigned
2747 MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low
2748 priority VNIC with a random MAC address and a maximum bandwidth of
2749 100Mbps.
2750
2751
2752 # dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0
2753 # dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1
2754
2755
2756
2757 Example 14 Configuring a VNIC with a Factory MAC Address
2758
2759
2760 First, list the available factory MAC addresses and choose one of them:
2761
2762
2763 # dladm show-phys -m bge0
2764 LINK SLOT ADDRESS INUSE CLIENT
2765 bge0 primary 0:e0:81:27:d4:47 yes bge0
2766 bge0 1 8:0:20:fe:4e:a5 no
2767 bge0 2 8:0:20:fe:4e:a6 no
2768 bge0 3 8:0:20:fe:4e:a7 no
2769
2770
2771
2772
2773 Create a VNIC named hello0 and use slot 1's address:
2774
2775
2776 # dladm create-vnic -l bge0 -m factory -n 1 hello0
2777 # dladm show-phys -m bge0
2778 LINK SLOT ADDRESS INUSE CLIENT
2779 bge0 primary 0:e0:81:27:d4:47 yes bge0
2780 bge0 1 8:0:20:fe:4e:a5 yes hello0
2781 bge0 2 8:0:20:fe:4e:a6 no
2782 bge0 3 8:0:20:fe:4e:a7 no
2783
2784
2785
2786 Example 15 Creating a VNIC with User-Specified MAC Address, Binding it
2787 to Set of Processors
2788
2789
2790 Create a VNIC with name hello0, with a user specified MAC address, and
2791 a processor binding 0, 1, 2, 3.
2792
2793
2794 # dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,1,2,3 hello0
2795
2796
2797
2798 Example 16 Creating a Virtual Network Without a Physical NIC
2799
2800
2801 First, create an etherstub with name stub1:
2802
2803
2804 # dladm create-etherstub stub1
2805
2806
2807
2808
2809 Create two VNICs with names hello0 and test1 on the etherstub. This
2810 operation implicitly creates a virtual switch connecting hello0 and
2811 test1.
2812
2813
2814 # dladm create-vnic -l stub1 hello0
2815 # dladm create-vnic -l stub1 test1
2816
2817
2818
2819 Example 17 Showing Network Usage
2820
2821
2822 Network usage statistics can be stored using the extended accounting
2823 facility, acctadm(1M).
2824
2825
2826 # acctadm -e basic -f /var/log/net.log net
2827 # acctadm net
2828 Network accounting: active
2829 Network accounting file: /var/log/net.log
2830 Tracked Network resources: basic
2831 Untracked Network resources: src_ip,dst_ip,src_port,dst_port,protocol,
2832 dsfield
2833
2834
2835
2836
2837 The saved historical data can be retrieved in summary form using the
2838 show-usage subcommand:
2839
2840
2841 # dladm show-usage -f /var/log/net.log
2842 LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
2843 e1000g0 80 1031 546908 0 0 2.44 Kbps
2844
2845
2846
2847 Example 18 Displaying Bridge Information
2848
2849
2850 The following commands use the show-bridge subcommand with no and
2851 various options.
2852
2853
2854 # dladm show-bridge
2855 BRIDGE PROTECT ADDRESS PRIORITY DESROOT
2856 foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
2857 bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
2858
2859 # dladm show-bridge -l foo
2860 LINK STATE UPTIME DESROOT
2861 hme0 forwarding 117 8192/0:d0:0:76:14:38
2862 qfe1 forwarding 117 8192/0:d0:0:76:14:38
2863
2864 # dladm show-bridge -s foo
2865 BRIDGE DROPS FORWARDS
2866 foo 0 302
2867
2868 # dladm show-bridge -ls foo
2869 LINK DROPS RECV XMIT
2870 hme0 0 360832 31797
2871 qfe1 0 322311 356852
2872
2873 # dladm show-bridge -f foo
2874 DEST AGE FLAGS OUTPUT
2875 8:0:20:bc:a7:dc 10.860 -- hme0
2876 8:0:20:bf:f9:69 -- L hme0
2877 8:0:20:c0:20:26 17.420 -- hme0
2878 8:0:20:e5:86:11 -- L qfe1
2879
2880
2881
2882 Example 19 Creating an IPv4 Tunnel
2883
2884
2885 The following sequence of commands creates and then displays a
2886 persistent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and
2887 192.4.5.6:
2888
2889
2890 # dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
2891 # dladm show-iptun mytunnel0
2892 LINK TYPE FLAGS SOURCE DESTINATION
2893 mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
2894
2895
2896
2897
2898 A point-to-point IP interface can then be created over this tunnel link:
2899
2900
2901 # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
2902
2903
2904
2905
2906 As with any other IP interface, configuration persistence for this IP
2907 interface is achieved by placing the desired ifconfig commands (in this
2908 case, the command for "10.1.0.1 10.1.0.2") into
2909 /etc/hostname.mytunnel0.
2910
2911
2912 Example 20 Creating a 6to4 Tunnel
2913
2914
2915 The following command creates a 6to4 tunnel link. The IPv4 address of
2916 the 6to4 router is 75.10.11.12.
2917
2918
2919 # dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
2920 # dladm show-iptun sitetunnel0
2921 LINK TYPE FLAGS SOURCE DESTINATION
2922 sitetunnel0 6to4 -- 75.10.11.12 --
2923
2924
2925
2926
2927 The following command plumbs an IPv6 interface on this tunnel:
2928
2929
2930 # ifconfig sitetunnel0 inet6 plumb up
2931 # ifconfig sitetunnel0 inet6
2932 sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
2933 inet tunnel src 75.10.11.12
2934 tunnel hop limit 64
2935 inet6 2002:4b0a:b0c::1/16
2936
2937
2938
2939
2940 Note that the system automatically configures the IPv6 address on the
2941 6to4 IP interface. See ifconfig(1M) for a description of how IPv6
2942 addresses are configured on 6to4 tunnel links.
2943
2944
2945 ATTRIBUTES
2946 See attributes(5) for descriptions of the following attributes:
2947
2948
2949 /usr/sbin
2950
2951
2952
2953
2954 +--------------------+-----------------+
2955 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
2956 +--------------------+-----------------+
2957 |Interface Stability | Committed |
2958 +--------------------+-----------------+
2959
2960
2961 /sbin
2962
2963
2964
2965
2966 +--------------------+-----------------+
2967 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
2968 +--------------------+-----------------+
2969 |Interface Stability | Committed |
2970 +--------------------+-----------------+
2971
2972 SEE ALSO
2973 acctadm(1M), autopush(1M), ifconfig(1M), ipsecconf(1M), ndd(1M),
2974 psrset(1M), wpad(1M), zonecfg(1M), attributes(5), ieee802.3(5),
2975 dlpi(7P)
2976
2977 NOTES
2978 The preferred method of referring to an aggregation in the aggregation
2979 subcommands is by its link name. Referring to an aggregation by its
2980 integer key is supported for backward compatibility, but is not
2981 necessary. When creating an aggregation, if a key is specified instead
2982 of a link name, the aggregation's link name will be automatically
2983 generated by dladm as aggrkey.
2984
2985
2986
2987 December 3, 2014 DLADM(1M)