1 DLADM(1M) Maintenance Commands DLADM(1M)
2
3
4
5 NAME
6 dladm - administer data links
7
8 SYNOPSIS
9 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
10 dladm rename-link [-R root-dir] link new-link
11
12
13 dladm delete-phys phys-link
14 dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]
15
16
17 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
18 [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
19 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
20 [-T time] [-u address] aggr-link
21 dladm delete-aggr [-t] [-R root-dir] aggr-link
22 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
23 aggr-link
24 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
25 aggr-link
26 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
27 [aggr-link]
28
29
30 dladm create-bridge [-P protect] [-R root-dir] [-p priority]
31 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
32 [-l link...] bridge-name
33
34
35 dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
36 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
37 bridge-name
38
39
40 dladm delete-bridge [-R root-dir] bridge-name
41
42
43 dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name
44
45
46 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
47
48
49 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
50 [bridge-name]
51
52
53 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
54 dladm delete-vlan [-t] [-R root-dir] vlan-link
55 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
56
57
58 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
59 dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
60 [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]
61 [-m a | b | g] [-T time] [wifi-link]
62 dladm disconnect-wifi [-a] [wifi-link]
63 dladm show-wifi [[-p] -o field[,...]] [wifi-link]
64
65
66 dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]
67
68
69 dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
70 dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
71 dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]
72
73
74 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
75 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
76 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
77
78
79 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
80 {factory -n slot-identifier]} | {random [-r prefix]}]
81 [-v vlan-id] [-p prop=value[,...]] vnic-link
82 dladm delete-vnic [-t] [-R root-dir] vnic-link
83 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
84 [-l link] [vnic-link]
85
86
87 dladm create-etherstub [-t] [-R root-dir] etherstub
88 dladm delete-etherstub [-t] [-R root-dir] etherstub
89 dladm show-etherstub [etherstub]
90
91
92 dladm create-iptun [-t] [-R root-dir] -T type
93 [-a {local|remote}=<addr>[,...]] iptun-link
94 dladm modify-iptun [-t] [-R root-dir] [-a {local|remote}=<addr>[,...]]
95 iptun-link
96 dladm delete-iptun [-t] [-R root-dir] iptun-link
97 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
98
99
100 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
101 [-e time] [link]
102
103
104 DESCRIPTION
105 The dladm command is used to administer data-links. A data-link is
106 represented in the system as a STREAMS DLPI (v2) interface which can be
107 plumbed under protocol stacks such as TCP/IP. Each data-link relies on
108 either a single network device or an aggregation of devices to send
109 packets to or receive packets from a network.
110
111
112 Each dladm subcommand operates on one of the following objects:
113
114 link
115
116 A datalink, identified by a name. In general, the name can use any
117 alphanumeric characters (or the underscore, _), but must start with
118 an alphabetic character and end with a number. A datalink name can
119 be at most 31 characters, and the ending number must be between 0
120 and 4294967294 (inclusive). The ending number must not begin with a
121 zero. Datalink names between 3 and 8 characters are recommended.
122
123 Some subcommands operate only on certain types or classes of
124 datalinks. For those cases, the following object names are used:
125
126 phys-link
127
128 A physical datalink.
129
130
131 vlan-link
132
133 A VLAN datalink.
134
135
136 aggr-link
137
138 An aggregation datalink (or a key; see NOTES).
139
140
141 ether-link
142
143 A physical Ethernet datalink.
144
145
146 wifi-link
147
148 A WiFi datalink.
149
150
151 vnic-link
152
153 A virtual network interface created on a link or an etherstub.
154 It is a pseudo device that can be treated as if it were an
155 network interface card on a machine.
156
157
158 iptun-link
159
160 An IP tunnel link.
161
162
163
164 dev
165
166 A network device, identified by concatenation of a driver name and
167 an instance number.
168
169
170 etherstub
171
172 An Ethernet stub can be used instead of a physical NIC to create
173 VNICs. VNICs created on an etherstub will appear to be connected
174 through a virtual switch, allowing complete virtual networks to be
175 built without physical hardware.
176
177
178 bridge
179
180 A bridge instance, identified by an administratively-chosen name.
181 The name may use any alphanumeric characters or the underscore, _,
182 but must start and end with an alphabetic character. A bridge name
183 can be at most 31 characters. The name default is reserved, as are
184 all names starting with SUNW.
185
186 Note that appending a zero (0) to a bridge name produces a valid
187 link name, used for observability.
188
189
190 secobj
191
192 A secure object, identified by an administratively-chosen name. The
193 name can use any alphanumeric characters, as well as underscore
194 (_), period (.), and hyphen (-). A secure object name can be at
195 most 32 characters.
196
197
198 Options
199 Each dladm subcommand has its own set of options. However, many of the
200 subcommands have the following as a common option:
201
202 -R root-dir, --root-dir=root-dir
203
204 Specifies an alternate root directory where the operation-such as
205 creation, deletion, or renaming-should apply.
206
207
208 SUBCOMMANDS
209 The following subcommands are supported:
210
211 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]][link]
212
213 Show link configuration information (the default) or statistics,
214 either for all datalinks or for the specified link link. By
215 default, the system is configured with one datalink for each known
216 network device.
217
218 -o field[,...], --output=field[,...]
219
220 A case-insensitive, comma-separated list of output fields to
221 display. When not modified by the -s option (described below),
222 the field name must be one of the fields listed below, or the
223 special value all to display all fields. By default (without
224 -o), show-link displays all fields.
225
226 LINK
227
228 The name of the datalink.
229
230
231 CLASS
232
233 The class of the datalink. dladm distinguishes between the
234 following classes:
235
236 phys
237
238 A physical datalink. The show-phys subcommand displays
239 more detail for this class of datalink.
240
241
242 aggr
243
244 An IEEE 802.3ad link aggregation. The show-aggr
245 subcommand displays more detail for this class of
246 datalink.
247
248
249 vlan
250
251 A VLAN datalink. The show-vlan subcommand displays more
252 detail for this class of datalink.
253
254
255 vnic
256
257 A virtual network interface. The show-vnic subcommand
258 displays more detail for this class of datalink.
259
260
261
262 MTU
263
264 The maximum transmission unit size for the datalink being
265 displayed.
266
267
268 STATE
269
270 The link state of the datalink. The state can be up, down,
271 or unknown.
272
273
274 BRIDGE
275
276 The name of the bridge to which this link is assigned, if
277 any.
278
279
280 OVER
281
282 The physical datalink(s) over which the datalink is
283 operating. This applies to aggr, bridge, and vlan classes
284 of datalinks. A VLAN is created over a single physical
285 datalink, a bridge has multiple attached links, and an
286 aggregation is comprised of one or more physical datalinks.
287
288 When the -o option is used in conjunction with the -s option,
289 used to display link statistics, the field name must be one of
290 the fields listed below, or the special value all to display
291 all fields
292
293 LINK
294
295 The name of the datalink.
296
297
298 IPACKETS
299
300 Number of packets received on this link.
301
302
303 RBYTES
304
305 Number of bytes received on this link.
306
307
308 IERRORS
309
310 Number of input errors.
311
312
313 OPACKETS
314
315 Number of packets sent on this link.
316
317
318 OBYTES
319
320 Number of bytes sent on this link.
321
322
323 OERRORS
324
325 Number of output errors.
326
327
328
329 -p, --parsable
330
331 Display using a stable machine-parsable format. The -o option
332 is required with -p. See "Parsable Output Format", below.
333
334
335 -P, --persistent
336
337 Display the persistent link configuration.
338
339
340 -s, --statistics
341
342 Display link statistics.
343
344
345 -i interval, --interval=interval
346
347 Used with the -s option to specify an interval, in seconds, at
348 which statistics should be displayed. If this option is not
349 specified, statistics will be displayed only once.
350
351
352
353 dladm rename-link [-R root-dir] link new-link
354
355 Rename link to new-link. This is used to give a link a meaningful
356 name, or to associate existing link configuration such as link
357 properties of a removed device with a new device. See the EXAMPLES
358 section for specific examples of how this subcommand is used.
359
360 -R root-dir, --root-dir=root-dir
361
362 See "Options," above.
363
364
365
366 dladm delete-phys phys-link
367
368 This command is used to delete the persistent configuration of a
369 link associated with physical hardware which has been removed from
370 the system. See the EXAMPLES section.
371
372
373 dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]
374
375 Show the physical device and attributes of all physical links, or
376 of the named physical link. Without -P, only physical links that
377 are available on the running system are displayed.
378
379 -H
380
381 Show hardware resource usage, as returned by the NIC driver.
382 Output from -H displays the following elements:
383
384 LINK
385
386 A physical device corresponding to a NIC driver.
387
388
389 GROUP
390
391 A collection of rings.
392
393
394 GROUPTYPE
395
396 RX or TX. All rings in a group are of the same group type.
397
398
399 RINGS
400
401 A hardware resource used by a data link, subject to
402 assignment by a driver to different groups.
403
404
405 CLIENTS
406
407 MAC clients that are using the rings within a group.
408
409
410
411 -m
412
413 Show MAC addresses and related information. Output from -m
414 displays the following elements:
415
416 LINK
417
418 A physical device corresponding to a NIC driver.
419
420 SLOT
421
422 When a given physical device has multiple factory MAC
423 addresses, this indicates the slot of the corresponding MAC
424 address which can be used as part of a call to create-vnic.
425
426 ADDRESS
427
428 Displays the MAC address of the device.
429
430 INUSE
431
432 Displays whether or not a MAC Address is actively being
433 used.
434
435 CLIENT
436
437 MAC clients that are using the address.
438
439 -o field, --output=field
440
441 A case-insensitive, comma-separated list of output fields to
442 display. The field name must be one of the fields listed below,
443 or the special value all, to display all fields. Note that if
444 either -H or -m are specified, then the valid options are those
445 described in their respective sections. For each link, the
446 following fields can be displayed:
447
448 LINK
449
450 The name of the datalink.
451
452
453 MEDIA
454
455 The media type provided by the physical datalink.
456
457
458 STATE
459
460 The state of the link. This can be up, down, or unknown.
461
462
463 SPEED
464
465 The current speed of the link, in megabits per second.
466
467
468 DUPLEX
469
470 For Ethernet links, the full/half duplex status of the link
471 is displayed if the link state is up. The duplex is
472 displayed as unknown in all other cases.
473
474
475 DEVICE
476
477 The name of the physical device under this link.
478
479
480
481 -p, --parsable
482
483 Display using a stable machine-parsable format. The -o option
484 is required with -p. See "Parsable Output Format", below.
485
486
487 -P, --persistent
488
489 This option displays persistent configuration for all links,
490 including those that have been removed from the system. The
491 output provides a FLAGS column in which the r flag indicates
492 that the physical device associated with a physical link has
493 been removed. For such links, delete-phys can be used to purge
494 the link's configuration from the system.
495
496
497
498 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
499 [-u address] -l ether-link1 [-l ether-link2...] aggr-link
500
501 Combine a set of links into a single IEEE 802.3ad link aggregation
502 named aggr-link. The use of an integer key to generate a link name
503 for the aggregation is also supported for backward compatibility.
504 Many of the *-aggr subcommands below also support the use of a key
505 to refer to a given aggregation, but use of the aggregation link
506 name is preferred. See the NOTES section for more information on
507 keys.
508
509 dladm supports a number of port selection policies for an
510 aggregation of ports. (See the description of the -P option,
511 below.) If you do not specify a policy, create-aggr uses the
512 default, the L4 policy, described under the -P option.
513
514 -l ether-link, --link=ether-link
515
516 Each Ethernet link (or port) in the aggregation is specified
517 using an -l option followed by the name of the link to be
518 included in the aggregation. Multiple links are included in
519 the aggregation by specifying multiple -l options. For backward
520 compatibility with previous versions of Solaris, the dladm
521 command also supports the using the -d option (or --dev) with a
522 device name to specify links by their underlying device name.
523 The other *-aggr subcommands that take -loptions also accept
524 -d.
525
526
527 -t, --temporary
528
529 Specifies that the aggregation is temporary. Temporary
530 aggregations last until the next reboot.
531
532
533 -R root-dir, --root-dir=root-dir
534
535 See "Options," above.
536
537
538 -P policy, --policy=policy
539
540 Specifies the port selection policy to use for load spreading
541 of outbound traffic. The policy specifies which dev object is
542 used to send packets. A policy is a list of one or more layers
543 specifiers separated by commas. A layer specifier is one of the
544 following:
545
546 L2
547
548 Select outbound device according to source and destination
549 MAC addresses of the packet.
550
551
552 L3
553
554 Select outbound device according to source and destination
555 IP addresses of the packet.
556
557
558 L4
559
560 Select outbound device according to the upper layer
561 protocol information contained in the packet. For TCP and
562 UDP, this includes source and destination ports. For IPsec,
563 this includes the SPI (Security Parameters Index).
564
565 For example, to use upper layer protocol information, the
566 following policy can be used:
567
568 -P L4
569
570
571 Note that policy L4 is the default.
572
573 To use the source and destination MAC addresses as well as the
574 source and destination IP addresses, the following policy can
575 be used:
576
577 -P L2,L3
578
579
580
581
582 -L mode, --lacp-mode=mode
583
584 Specifies whether LACP should be used and, if used, the mode in
585 which it should operate. Supported values are off, active or
586 passive.
587
588
589 -T time, --lacp-timer=time
590
591 Specifies the LACP timer value. The supported values are short
592 or long.
593
594
595 -u address, --unicast=address
596
597 Specifies a fixed unicast hardware address to be used for the
598 aggregation. If this option is not specified, then an address
599 is automatically chosen from the set of addresses of the
600 component devices.
601
602
603
604 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
605 [-u address] aggr-link
606
607 Modify the parameters of the specified aggregation.
608
609 -t, --temporary
610
611 Specifies that the modification is temporary. Temporary
612 aggregations last until the next reboot.
613
614
615 -R root-dir, --root-dir=root-dir
616
617 See "Options," above.
618
619
620 -P policy, --policy=policy
621
622 Specifies the port selection policy to use for load spreading
623 of outbound traffic. See dladm create-aggr for a description of
624 valid policy values.
625
626
627 -L mode, --lacp-mode=mode
628
629 Specifies whether LACP should be used and, if used, the mode in
630 which it should operate. Supported values are off, active, or
631 passive.
632
633
634 -T time, --lacp-timer=time
635
636 Specifies the LACP timer value. The supported values are short
637 or long.
638
639
640 -u address, --unicast=address
641
642 Specifies a fixed unicast hardware address to be used for the
643 aggregation. If this option is not specified, then an address
644 is automatically chosen from the set of addresses of the
645 component devices.
646
647
648
649 dladm delete-aggr [-t] [-R root-dir] aggr-link
650
651 Deletes the specified aggregation.
652
653 -t, --temporary
654
655 Specifies that the deletion is temporary. Temporary deletions
656 last until the next reboot.
657
658
659 -R root-dir, --root-dir=root-dir
660
661 See "Options," above.
662
663
664
665 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--link=ether-
666 link2...] aggr-link
667
668 Adds links to the specified aggregation.
669
670 -l ether-link, --link=ether-link
671
672 Specifies an Ethernet link to add to the aggregation. Multiple
673 links can be added by supplying multiple -l options.
674
675
676 -t, --temporary
677
678 Specifies that the additions are temporary. Temporary additions
679 last until the next reboot.
680
681
682 -R root-dir, --root-dir=root-dir
683
684 See "Options," above.
685
686
687
688 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--l=ether-
689 link2...] aggr-link
690
691 Removes links from the specified aggregation.
692
693 -l ether-link, --link=ether-link
694
695 Specifies an Ethernet link to remove from the aggregation.
696 Multiple links can be added by supplying multiple -l options.
697
698
699 -t, --temporary
700
701 Specifies that the removals are temporary. Temporary removal
702 last until the next reboot.
703
704
705 -R root-dir, --root-dir=root-dir
706
707 See "Options," above.
708
709
710
711 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-
712 link]
713
714 Show aggregation configuration (the default), LACP information, or
715 statistics, either for all aggregations or for the specified
716 aggregation.
717
718 By default (with no options), the following fields can be
719 displayed:
720
721 LINK
722
723 The name of the aggregation link.
724
725
726 POLICY
727
728 The LACP policy of the aggregation. See the create-aggr -P
729 option for a description of the possible values.
730
731
732 ADDRPOLICY
733
734 Either auto, if the aggregation is configured to automatically
735 configure its unicast MAC address (the default if the -u option
736 was not used to create or modify the aggregation), or fixed, if
737 -u was used to set a fixed MAC address.
738
739
740 LACPACTIVITY
741
742 The LACP mode of the aggregation. Possible values are off,
743 active, or passive, as set by the -l option to create-aggr or
744 modify-aggr.
745
746
747 LACPTIMER
748
749 The LACP timer value of the aggregation as set by the -T option
750 of create-aggr or modify-aggr.
751
752
753 FLAGS
754
755 A set of state flags associated with the aggregation. The only
756 possible flag is f, which is displayed if the administrator
757 forced the creation the aggregation using the -f option to
758 create-aggr. Other flags might be defined in the future.
759
760 The show-aggr command accepts the following options:
761
762 -L, --lacp
763
764 Displays detailed LACP information for the aggregation link and
765 each underlying port. Most of the state information displayed
766 by this option is defined by IEEE 802.3. With this option, the
767 following fields can be displayed:
768
769 LINK
770
771 The name of the aggregation link.
772
773
774 PORT
775
776 The name of one of the underlying aggregation ports.
777
778
779 AGGREGATABLE
780
781 Whether the port can be added to the aggregation.
782
783
784 SYNC
785
786 If yes, the system considers the port to be synchronized
787 and part of the aggregation.
788
789
790 COLL
791
792 If yes, collection of incoming frames is enabled on the
793 associated port.
794
795
796 DIST
797
798 If yes, distribution of outgoing frames is enabled on the
799 associated port.
800
801
802 DEFAULTED
803
804 If yes, the port is using defaulted partner information
805 (that is, has not received LACP data from the LACP
806 partner).
807
808
809 EXPIRED
810
811 If yes, the receive state of the port is in the EXPIRED
812 state.
813
814
815
816 -x, --extended
817
818 Display additional aggregation information including detailed
819 information on each underlying port. With -x, the following
820 fields can be displayed:
821
822 LINK
823
824 The name of the aggregation link.
825
826
827 PORT
828
829 The name of one of the underlying aggregation ports.
830
831
832 SPEED
833
834 The speed of the link or port in megabits per second.
835
836
837 DUPLEX
838
839 The full/half duplex status of the link or port is
840 displayed if the link state is up. The duplex status is
841 displayed as unknown in all other cases.
842
843
844 STATE
845
846 The link state. This can be up, down, or unknown.
847
848
849 ADDRESS
850
851 The MAC address of the link or port.
852
853
854 PORTSTATE
855
856 This indicates whether the individual aggregation port is
857 in the standby or attached state.
858
859
860
861 -o field[,...], --output=field[,...]
862
863 A case-insensitive, comma-separated list of output fields to
864 display. The field name must be one of the fields listed above,
865 or the special value all, to display all fields. The fields
866 applicable to the -o option are limited to those listed under
867 each output mode. For example, if using -L, only the fields
868 listed under -L, above, can be used with -o.
869
870
871 -p, --parsable
872
873 Display using a stable machine-parsable format. The -o option
874 is required with -p. See "Parsable Output Format", below.
875
876
877 -P, --persistent
878
879 Display the persistent aggregation configuration rather than
880 the state of the running system.
881
882
883 -s, --statistics
884
885 Displays aggregation statistics.
886
887
888 -i interval, --interval=interval
889
890 Used with the -s option to specify an interval, in seconds, at
891 which statistics should be displayed. If this option is not
892 specified, statistics will be displayed only once.
893
894
895
896 dladm create-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
897 max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
898 link...] bridge-name
899
900 Create an 802.1D bridge instance and optionally assign one or more
901 network links to the new bridge. By default, no bridge instances
902 are present on the system.
903
904 In order to bridge between links, you must create at least one
905 bridge instance. Each bridge instance is separate, and there is no
906 forwarding connection between bridges.
907
908 -P protect, --protect=protect
909
910 Specifies a protection method. The defined protection methods
911 are stp for the Spanning Tree Protocol and trill for TRILL,
912 which is used on RBridges. The default value is stp.
913
914
915 -R root-dir, --root-dir=root-dir
916
917 See "Options," above.
918
919
920 -p priority, --priority=priority
921
922 Specifies the Bridge Priority. This sets the IEEE STP priority
923 value for determining the root bridge node in the network. The
924 default value is 32768. Valid values are 0 (highest priority)
925 to 61440 (lowest priority), in increments of 4096.
926
927 If a value not evenly divisible by 4096 is used, the system
928 silently rounds downward to the next lower value that is
929 divisible by 4096.
930
931
932 -m max-age, --max-age=max-age
933
934 Specifies the maximum age for configuration information in
935 seconds. This sets the STP Bridge Max Age parameter. This value
936 is used for all nodes in the network if this node is the root
937 bridge. Bridge link information older than this time is
938 discarded. It defaults to 20 seconds. Valid values are from 6
939 to 40 seconds. See the -d forward-delay parameter for
940 additional constraints.
941
942
943 -h hello-time, --hello-time=hello-time
944
945 Specifies the STP Bridge Hello Time parameter. When this node
946 is the root node, it sends Configuration BPDUs at this interval
947 throughout the network. The default value is 2 seconds. Valid
948 values are from 1 to 10 seconds. See the -d forward-delay
949 parameter for additional constraints.
950
951
952 -d forward-delay, --forward-delay=forward-delay
953
954 Specifies the STP Bridge Forward Delay parameter. When this
955 node is the root node, then all bridges in the network use this
956 timer to sequence the link states when a port is enabled. The
957 default value is 15 seconds. Valid values are from 4 to 30
958 seconds.
959
960 Bridges must obey the following two constraints:
961
962 2 * (forward-delay - 1.0) >= max-age
963
964 max-age >= 2 * (hello-time + 1.0)
965
966
967 Any parameter setting that would violate those constraints is
968 treated as an error and causes the command to fail with a
969 diagnostic message. The message provides valid alternatives to
970 the supplied values.
971
972
973 -f force-protocol, --force-protocol=force-protocol
974
975 Specifies the MSTP forced maximum supported protocol. The
976 default value is 3. Valid values are non-negative integers.
977 The current implementation does not support RSTP or MSTP, so
978 this currently has no effect. However, to prevent MSTP from
979 being used in the future, the parameter may be set to 0 for STP
980 only or 2 for STP and RSTP.
981
982
983 -l link, --link=link
984
985 Specifies one or more links to add to the newly-created bridge.
986 This is similar to creating the bridge and then adding one or
987 more links, as with the add-bridge subcommand. However, if any
988 of the links cannot be added, the entire command fails, and the
989 new bridge itself is not created. To add multiple links on the
990 same command line, repeat this option for each link. You are
991 permitted to create bridges without links. For more information
992 about link assignments, see the add-bridge subcommand.
993
994 Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG
995 privilege. Bridge creation might fail if the optional bridging
996 feature is not installed on the system.
997
998
999 dladm modify-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
1000 max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
1001 link...] bridge-name
1002
1003 Modify the operational parameters of an existing bridge. The
1004 options are the same as for the create-bridge subcommand, except
1005 that the -l option is not permitted. To add links to an existing
1006 bridge, use the add-bridge subcommand.
1007
1008 Bridge parameter modification requires the PRIV_SYS_DL_CONFIG
1009 privilege.
1010
1011
1012 dladm delete-bridge [-R root-dir] bridge-name
1013
1014 Delete a bridge instance. The bridge being deleted must not have
1015 any attached links. Use the remove-bridge subcommand to deactivate
1016 links before deleting a bridge.
1017
1018 Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
1019
1020 The -R (--root-dir) option is the same as for the create-bridge
1021 subcommand.
1022
1023
1024 dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
1025
1026 Add one or more links to an existing bridge. If multiple links are
1027 specified, and adding any one of them results in an error, the
1028 command fails and no changes are made to the system.
1029
1030 Link addition to a bridge requires the PRIV_SYS_DL_CONFIG
1031 privilege.
1032
1033 A link may be a member of at most one bridge. An error occurs when
1034 you attempt to add a link that already belongs to another bridge.
1035 To move a link from one bridge instance to another, remove it from
1036 the current bridge before adding it to a new one.
1037
1038 The links assigned to a bridge must not also be VLANs, VNICs, or
1039 tunnels. Only physical Ethernet datalinks, aggregation datalinks,
1040 wireless links, and Ethernet stubs are permitted to be assigned to
1041 a bridge.
1042
1043 Links assigned to a bridge must all have the same MTU. This is
1044 checked when the link is assigned. The link is added to the bridge
1045 in a deactivated form if it is not the first link on the bridge and
1046 it has a differing MTU.
1047
1048 Note that systems using bridging should not set the eeprom(1M)
1049 local-mac-address? variable to false.
1050
1051 The options are the same as for the create-bridge subcommand.
1052
1053
1054 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
1055
1056 Remove one or more links from a bridge instance. If multiple links
1057 are specified, and removing any one of them would result in an
1058 error, the command fails and none are removed.
1059
1060 Link removal from a bridge requires the PRIV_SYS_DL_CONFIG
1061 privilege.
1062
1063 The options are the same as for the create-bridge subcommand.
1064
1065
1066 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
1067 [bridge-name]
1068
1069 Show the running status and configuration of bridges, their
1070 attached links, learned forwarding entries, and TRILL nickname
1071 databases. When showing overall bridge status and configuration,
1072 the bridge name can be omitted to show all bridges. The other forms
1073 require a specified bridge.
1074
1075 The show-bridge subcommand accepts the following options:
1076
1077 -i interval, --interval=interval
1078
1079 Used with the -s option to specify an interval, in seconds, at
1080 which statistics should be displayed. If this option is not
1081 specified, statistics will be displayed only once.
1082
1083
1084 -s, --statistics
1085
1086 Display statistics for the specified bridges or for a given
1087 bridge's attached links. This option cannot be used with the -f
1088 and -t options.
1089
1090
1091 -p, --parsable
1092
1093 Display using a stable machine-parsable format. See "Parsable
1094 Output Format," below.
1095
1096
1097 -o field[,...], --output=field[,...]
1098
1099 A case-insensitive, comma-separated list of output fields to
1100 display. The field names are described below. The special value
1101 all displays all fields. Each set of fields has its own default
1102 set to display when -o is not specified.
1103
1104 By default, the show-bridge subcommand shows bridge configuration.
1105 The following fields can be shown:
1106
1107 BRIDGE
1108
1109 The name of the bridge.
1110
1111
1112 ADDRESS
1113
1114 The Bridge Unique Identifier value (MAC address).
1115
1116
1117 PRIORITY
1118
1119 Configured priority value; set by -p with create-bridge and
1120 modify-bridge.
1121
1122
1123 BMAXAGE
1124
1125 Configured bridge maximum age; set by -m with create-bridge and
1126 modify-bridge.
1127
1128
1129 BHELLOTIME
1130
1131 Configured bridge hello time; set by -h with create-bridge and
1132 modify-bridge.
1133
1134
1135 BFWDDELAY
1136
1137 Configured forwarding delay; set by -d with create-bridge and
1138 modify-bridge.
1139
1140
1141 FORCEPROTO
1142
1143 Configured forced maximum protocol; set by -f with create-
1144 bridge and modify-bridge.
1145
1146
1147 TCTIME
1148
1149 Time, in seconds, since last topology change.
1150
1151
1152 TCCOUNT
1153
1154 Count of the number of topology changes.
1155
1156
1157 TCHANGE
1158
1159 This indicates that a topology change was detected.
1160
1161
1162 DESROOT
1163
1164 Bridge Identifier of the root node.
1165
1166
1167 ROOTCOST
1168
1169 Cost of the path to the root node.
1170
1171
1172 ROOTPORT
1173
1174 Port number used to reach the root node.
1175
1176
1177 MAXAGE
1178
1179 Maximum age value from the root node.
1180
1181
1182 HELLOTIME
1183
1184 Hello time value from the root node.
1185
1186
1187 FWDDELAY
1188
1189 Forward delay value from the root node.
1190
1191
1192 HOLDTIME
1193
1194 Minimum BPDU interval.
1195
1196 By default, when the -o option is not specified, only the BRIDGE,
1197 ADDRESS, PRIORITY, and DESROOT fields are shown.
1198
1199 When the -s option is specified, the show-bridge subcommand shows
1200 bridge statistics. The following fields can be shown:
1201
1202 BRIDGE
1203
1204 Bridge name.
1205
1206
1207 DROPS
1208
1209 Number of packets dropped due to resource problems.
1210
1211
1212 FORWARDS
1213
1214 Number of packets forwarded from one link to another.
1215
1216
1217 MBCAST
1218
1219 Number of multicast and broadcast packets handled by the
1220 bridge.
1221
1222
1223 RECV
1224
1225 Number of packets received on all attached links.
1226
1227
1228 SENT
1229
1230 Number of packets sent on all attached links.
1231
1232
1233 UNKNOWN
1234
1235 Number of packets handled that have an unknown destination.
1236 Such packets are sent to all links.
1237
1238 By default, when the -o option is not specified, only the BRIDGE,
1239 DROPS, and FORWARDS fields are shown.
1240
1241 The show-bridge subcommand also accepts the following options:
1242
1243 -l, --link
1244
1245 Displays link-related status and statistics information for all
1246 links attached to a single bridge instance. By using this
1247 option and without the -s option, the following fields can be
1248 displayed for each link:
1249
1250 LINK
1251
1252 The link name.
1253
1254
1255 INDEX
1256
1257 Port (link) index number on the bridge.
1258
1259
1260 STATE
1261
1262 State of the link. The state can be disabled, discarding,
1263 learning, forwarding, non-stp, or bad-mtu.
1264
1265
1266 UPTIME
1267
1268 Number of seconds since the last reset or initialization.
1269
1270
1271 OPERCOST
1272
1273 Actual cost in use (1-65535).
1274
1275
1276 OPERP2P
1277
1278 This indicates whether point-to-point (P2P) mode been
1279 detected.
1280
1281
1282 OPEREDGE
1283
1284 This indicates whether edge mode has been detected.
1285
1286
1287 DESROOT
1288
1289 The Root Bridge Identifier that has been seen on this port.
1290
1291
1292 DESCOST
1293
1294 Path cost to the network root node through the designated
1295 port.
1296
1297
1298 DESBRIDGE
1299
1300 Bridge Identifier for this port.
1301
1302
1303 DESPORT
1304
1305 The ID and priority of the port used to transmit
1306 configuration messages for this port.
1307
1308
1309 TCACK
1310
1311 This indicates whether Topology Change Acknowledge has been
1312 seen.
1313
1314 When the -l option is specified without the -o option, only the
1315 LINK, STATE, UPTIME, and DESROOT fields are shown.
1316
1317 When the -l option is specified, the -s option can be used to
1318 display the following fields for each link:
1319
1320 LINK
1321
1322 Link name.
1323
1324
1325 CFGBPDU
1326
1327 Number of configuration BPDUs received.
1328
1329
1330 TCNBPDU
1331
1332 Number of topology change BPDUs received.
1333
1334
1335 RSTPBPDU
1336
1337 Number of Rapid Spanning Tree BPDUs received.
1338
1339
1340 TXBPDU
1341
1342 Number of BPDUs transmitted.
1343
1344
1345 DROPS
1346
1347 Number of packets dropped due to resource problems.
1348
1349
1350 RECV
1351
1352 Number of packets received by the bridge.
1353
1354
1355 XMIT
1356
1357 Number of packets sent by the bridge.
1358
1359 When the -o option is not specified, only the LINK, DROPS,
1360 RECV, and XMIT fields are shown.
1361
1362
1363 -f, --forwarding
1364
1365 Displays forwarding entries for a single bridge instance. With
1366 this option, the following fields can be shown for each
1367 forwarding entry:
1368
1369 DEST
1370
1371 Destination MAC address.
1372
1373
1374 AGE
1375
1376 Age of entry in seconds and milliseconds. Omitted for local
1377 entries.
1378
1379
1380 FLAGS
1381
1382 The L (local) flag is shown if the MAC address belongs to
1383 an attached link or to a VNIC on one of the attached links.
1384
1385
1386 OUTPUT
1387
1388 For local entries, this is the name of the attached link
1389 that has the MAC address. Otherwise, for bridges that use
1390 Spanning Tree Protocol, this is the output interface name.
1391 For RBridges, this is the output TRILL nickname.
1392
1393 When the -o option is not specified, the DEST, AGE, FLAGS, and
1394 OUTPUT fields are shown.
1395
1396
1397 -t, --trill
1398
1399 Displays TRILL nickname entries for a single bridge instance.
1400 With this option, the following fields can be shown for each
1401 TRILL nickname entry:
1402
1403 NICK
1404
1405 TRILL nickname for this RBridge, which is a number from 1
1406 to 65535.
1407
1408
1409 FLAGS
1410
1411 The L flag is shown if the nickname identifies the local
1412 system.
1413
1414
1415 LINK
1416
1417 Link name for output when sending messages to this RBridge.
1418
1419
1420 NEXTHOP
1421
1422 MAC address of the next hop RBridge that is used to reach
1423 the RBridge with this nickname.
1424
1425 When the -o option is not specified, the NICK, FLAGS, LINK, and
1426 NEXTHOP fields are shown.
1427
1428
1429
1430 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
1431
1432 Create a tagged VLAN link with an ID of vid over Ethernet link
1433 ether-link. The name of the VLAN link can be specified as
1434 vlan-link. If the name is not specified, a name will be
1435 automatically generated (assuming that ether-link is namePPA) as:
1436
1437 <name><1000 * vlan-tag + PPA>
1438
1439
1440 For example, if ether-link is bge1 and vid is 2, the name generated
1441 is bge2001.
1442
1443 -f, --force
1444
1445 Force the creation of the VLAN link. Some devices do not allow
1446 frame sizes large enough to include a VLAN header. When
1447 creating a VLAN link over such a device, the -f option is
1448 needed, and the MTU of the IP interfaces on the resulting VLAN
1449 must be set to 1496 instead of 1500.
1450
1451
1452 -l ether-link
1453
1454 Specifies Ethernet link over which VLAN is created.
1455
1456
1457 -t, --temporary
1458
1459 Specifies that the VLAN link is temporary. Temporary VLAN links
1460 last until the next reboot.
1461
1462
1463 -R root-dir, --root-dir=root-dir
1464
1465 See "Options," above.
1466
1467
1468
1469 dladm delete-vlan [-t] [-R root-dir] vlan-link
1470
1471 Delete the VLAN link specified.
1472
1473 The delete-vlan subcommand accepts the following options:
1474
1475 -t, --temporary
1476
1477 Specifies that the deletion is temporary. Temporary deletions
1478 last until the next reboot.
1479
1480
1481 -R root-dir, --root-dir=root-dir
1482
1483 See "Options," above.
1484
1485
1486
1487 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
1488
1489 Display VLAN configuration for all VLAN links or for the specified
1490 VLAN link.
1491
1492 The show-vlan subcommand accepts the following options:
1493
1494 -o field[,...], --output=field[,...]
1495
1496 A case-insensitive, comma-separated list of output fields to
1497 display. The field name must be one of the fields listed below,
1498 or the special value all, to display all fields. For each VLAN
1499 link, the following fields can be displayed:
1500
1501 LINK
1502
1503 The name of the VLAN link.
1504
1505
1506 VID
1507
1508 The ID associated with the VLAN.
1509
1510
1511 OVER
1512
1513 The name of the physical link over which this VLAN is
1514 configured.
1515
1516
1517 FLAGS
1518
1519 A set of flags associated with the VLAN link. Possible
1520 flags are:
1521
1522 f
1523
1524 The VLAN was created using the -f option to create-
1525 vlan.
1526
1527
1528 i
1529
1530 The VLAN was implicitly created when the DLPI link was
1531 opened. These VLAN links are automatically deleted on
1532 last close of the DLPI link (for example, when the IP
1533 interface associated with the VLAN link is unplumbed).
1534
1535 Additional flags might be defined in the future.
1536
1537
1538
1539 -p, --parsable
1540
1541 Display using a stable machine-parsable format. The -o option
1542 is required with -p. See "Parsable Output Format", below.
1543
1544
1545 -P, --persistent
1546
1547 Display the persistent VLAN configuration rather than the state
1548 of the running system.
1549
1550
1551
1552 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
1553
1554 Scans for WiFi networks, either on all WiFi links, or just on the
1555 specified wifi-link.
1556
1557 By default, currently all fields but BSSTYPE are displayed.
1558
1559 -o field[,...], --output=field[,...]
1560
1561 A case-insensitive, comma-separated list of output fields to
1562 display. The field name must be one of the fields listed below,
1563 or the special value all to display all fields. For each WiFi
1564 network found, the following fields can be displayed:
1565
1566 LINK
1567
1568 The name of the link the WiFi network is on.
1569
1570
1571 ESSID
1572
1573 The ESSID (name) of the WiFi network.
1574
1575
1576 BSSID
1577
1578 Either the hardware address of the WiFi network's Access
1579 Point (for BSS networks), or the WiFi network's randomly
1580 generated unique token (for IBSS networks).
1581
1582
1583 SEC
1584
1585 Either none for a WiFi network that uses no security, wep
1586 for a WiFi network that requires WEP (Wired Equivalent
1587 Privacy), or wpa for a WiFi network that requires WPA (Wi-
1588 Fi Protected Access).
1589
1590
1591 MODE
1592
1593 The supported connection modes: one or more of a, b, or g.
1594
1595
1596 STRENGTH
1597
1598 The strength of the signal: one of excellent, very good,
1599 good, weak, or very weak.
1600
1601
1602 SPEED
1603
1604 The maximum speed of the WiFi network, in megabits per
1605 second.
1606
1607
1608 BSSTYPE
1609
1610 Either bss for BSS (infrastructure) networks, or ibss for
1611 IBSS (ad-hoc) networks.
1612
1613
1614
1615 -p, --parsable
1616
1617 Display using a stable machine-parsable format. The -o option
1618 is required with -p. See "Parsable Output Format", below.
1619
1620
1621
1622 dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s none | wep |
1623 wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T time] [wifi-
1624 link]
1625
1626 Connects to a WiFi network. This consists of four steps: discovery,
1627 filtration, prioritization, and association. However, to enable
1628 connections to non-broadcast WiFi networks and to improve
1629 performance, if a BSSID or ESSID is specified using the -e or -i
1630 options, then the first three steps are skipped and connect-wifi
1631 immediately attempts to associate with a BSSID or ESSID that
1632 matches the rest of the provided parameters. If this association
1633 fails, but there is a possibility that other networks matching the
1634 specified criteria exist, then the traditional discovery process
1635 begins as specified below.
1636
1637 The discovery step finds all available WiFi networks on the
1638 specified WiFi link, which must not yet be connected. For
1639 administrative convenience, if there is only one WiFi link on the
1640 system, wifi-link can be omitted.
1641
1642 Once discovery is complete, the list of networks is filtered
1643 according to the value of the following options:
1644
1645 -e essid, --essid=essid
1646
1647 Networks that do not have the same essid are filtered out.
1648
1649
1650 -b bss|ibss, --bsstype=bss|ibss
1651
1652 Networks that do not have the same bsstype are filtered out.
1653
1654
1655 -m a|b|g, --mode=a|b|g
1656
1657 Networks not appropriate for the specified 802.11 mode are
1658 filtered out.
1659
1660
1661 -k key,..., --key=key, ...
1662
1663 Use the specified secobj named by the key to connect to the
1664 network. Networks not appropriate for the specified keys are
1665 filtered out.
1666
1667
1668 -s none|wep|wpa, --sec=none|wep|wpa
1669
1670 Networks not appropriate for the specified security mode are
1671 filtered out.
1672
1673 Next, the remaining networks are prioritized, first by signal
1674 strength, and then by maximum speed. Finally, an attempt is made to
1675 associate with each network in the list, in order, until one
1676 succeeds or no networks remain.
1677
1678 In addition to the options described above, the following options
1679 also control the behavior of connect-wifi:
1680
1681 -a open|shared, --auth=open|shared
1682
1683 Connect using the specified authentication mode. By default,
1684 open and shared are tried in order.
1685
1686
1687 -c, --create-ibss
1688
1689 Used with -b ibss to create a new ad-hoc network if one
1690 matching the specified ESSID cannot be found. If no ESSID is
1691 specified, then -c -b ibss always triggers the creation of a
1692 new ad-hoc network.
1693
1694
1695 -T time, --timeout=time
1696
1697 Specifies the number of seconds to wait for association to
1698 succeed. If time is forever, then the associate will wait
1699 indefinitely. The current default is ten seconds, but this
1700 might change in the future. Timeouts shorter than the default
1701 might not succeed reliably.
1702
1703
1704 -k key,..., --key=key,...
1705
1706 In addition to the filtering previously described, the
1707 specified keys will be used to secure the association. The
1708 security mode to use will be based on the key class; if a
1709 security mode was explicitly specified, it must be compatible
1710 with the key class. All keys must be of the same class.
1711
1712 For security modes that support multiple key slots, the slot to
1713 place the key will be specified by a colon followed by an
1714 index. Therefore, -k mykey:3 places mykey in slot 3. By
1715 default, slot 1 is assumed. For security modes that support
1716 multiple keys, a comma-separated list can be specified, with
1717 the first key being the active key.
1718
1719
1720
1721 dladm disconnect-wifi [-a] [wifi-link]
1722
1723 Disconnect from one or more WiFi networks. If wifi-link specifies a
1724 connected WiFi link, then it is disconnected. For administrative
1725 convenience, if only one WiFi link is connected, wifi-link can be
1726 omitted.
1727
1728 -a, --all-links
1729
1730 Disconnects from all connected links. This is primarily
1731 intended for use by scripts.
1732
1733
1734
1735 dladm show-wifi [[-p] -o field,...] [wifi-link]
1736
1737 Shows WiFi configuration information either for all WiFi links or
1738 for the specified link wifi-link.
1739
1740 -o field,..., --output=field
1741
1742 A case-insensitive, comma-separated list of output fields to
1743 display. The field name must be one of the fields listed below,
1744 or the special value all, to display all fields. For each WiFi
1745 link, the following fields can be displayed:
1746
1747 LINK
1748
1749 The name of the link being displayed.
1750
1751
1752 STATUS
1753
1754 Either connected if the link is connected, or disconnected
1755 if it is not connected. If the link is disconnected, all
1756 remaining fields have the value --.
1757
1758
1759 ESSID
1760
1761 The ESSID (name) of the connected WiFi network.
1762
1763
1764 BSSID
1765
1766 Either the hardware address of the WiFi network's Access
1767 Point (for BSS networks), or the WiFi network's randomly
1768 generated unique token (for IBSS networks).
1769
1770
1771 SEC
1772
1773 Either none for a WiFi network that uses no security, wep
1774 for a WiFi network that requires WEP, or wpa for a WiFi
1775 network that requires WPA.
1776
1777
1778 MODE
1779
1780 The supported connection modes: one or more of a, b, or g.
1781
1782
1783 STRENGTH
1784
1785 The connection strength: one of excellent, very good, good,
1786 weak, or very weak.
1787
1788
1789 SPEED
1790
1791 The connection speed, in megabits per second.
1792
1793
1794 AUTH
1795
1796 Either open or shared (see connect-wifi).
1797
1798
1799 BSSTYPE
1800
1801 Either bss for BSS (infrastructure) networks, or ibss for
1802 IBSS (ad-hoc) networks.
1803
1804 By default, currently all fields but AUTH, BSSID, BSSTYPE are
1805 displayed.
1806
1807
1808 -p, --parsable
1809
1810 Displays using a stable machine-parsable format. The -o option
1811 is required with -p. See "Parsable Output Format", below.
1812
1813
1814
1815 dladm show-ether [-x] [[-p] -o field,...] [ether-link]
1816
1817 Shows state information either for all physical Ethernet links or
1818 for a specified physical Ethernet link.
1819
1820 The show-ether subcommand accepts the following options:
1821
1822 -o field,..., --output=field
1823
1824 A case-insensitive, comma-separated list of output fields to
1825 display. The field name must be one of the fields listed below,
1826 or the special value all to display all fields. For each link,
1827 the following fields can be displayed:
1828
1829 LINK
1830
1831 The name of the link being displayed.
1832
1833
1834 PTYPE
1835
1836 Parameter type, where current indicates the negotiated
1837 state of the link, capable indicates capabilities supported
1838 by the device, adv indicates the advertised capabilities,
1839 and peeradv indicates the capabilities advertised by the
1840 link-partner.
1841
1842
1843 STATE
1844
1845 The state of the link.
1846
1847
1848 AUTO
1849
1850 A yes/no value indicating whether auto-negotiation is
1851 advertised.
1852
1853
1854 SPEED-DUPLEX
1855
1856 Combinations of speed and duplex values available. The
1857 units of speed are encoded with a trailing suffix of G
1858 (Gigabits/s) or M (Mb/s). Duplex values are encoded as f
1859 (full-duplex) or h (half-duplex).
1860
1861
1862 PAUSE
1863
1864 Flow control information. Can be no, indicating no flow
1865 control is available; tx, indicating that the end-point can
1866 transmit pause frames, but ignores any received pause
1867 frames; rx, indicating that the end-point receives and acts
1868 upon received pause frames; or bi, indicating bi-
1869 directional flow-control.
1870
1871
1872 REM_FAULT
1873
1874 Fault detection information. Valid values are none or
1875 fault.
1876
1877 By default, all fields except REM_FAULT are displayed for the
1878 "current" PTYPE.
1879
1880
1881 -p, --parsable
1882
1883 Displays using a stable machine-parsable format. The -o option
1884 is required with -p. See "Parsable Output Format", below.
1885
1886
1887 -x, --extended
1888
1889 Extended output is displayed for PTYPE values of current,
1890 capable, adv and peeradv.
1891
1892
1893
1894 dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
1895
1896 Sets the values of one or more properties on the link specified.
1897 The list of properties and their possible values depend on the link
1898 type, the network device driver, and networking hardware. These
1899 properties can be retrieved using show-linkprop.
1900
1901 -t, --temporary
1902
1903 Specifies that the changes are temporary. Temporary changes
1904 last until the next reboot.
1905
1906
1907 -R root-dir, --root-dir=root-dir
1908
1909 See "Options," above.
1910
1911
1912 -p prop=value[,...], --prop prop=value[,...]
1913
1914 A comma-separated list of properties to set to the specified
1915 values.
1916
1917 Note that when the persistent value is set, the temporary value
1918 changes to the same value.
1919
1920
1921 dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
1922
1923 Resets one or more properties to their values on the link
1924 specified. Properties are reset to the values they had at startup.
1925 If no properties are specified, all properties are reset. See show-
1926 linkprop for a description of properties.
1927
1928 -t, --temporary
1929
1930 Specifies that the resets are temporary. Values are reset to
1931 default values. Temporary resets last until the next reboot.
1932
1933
1934 -R root-dir, --root-dir=root-dir
1935
1936 See "Options," above.
1937
1938
1939 -p prop, ..., --prop=prop, ...
1940
1941 A comma-separated list of properties to reset.
1942
1943 Note that when the persistent value is reset, the temporary value
1944 changes to the same value.
1945
1946
1947 dladm show-linkprop [-P] [[-c] -o field[,...]][-p prop[,...]] [link]
1948
1949 Show the current or persistent values of one or more properties,
1950 either for all datalinks or for the specified link. By default,
1951 current values are shown. If no properties are specified, all
1952 available link properties are displayed. For each property, the
1953 following fields are displayed:
1954
1955 -o field[,...], --output=field
1956
1957 A case-insensitive, comma-separated list of output fields to
1958 display. The field name must be one of the fields listed below,
1959 or the special value all to display all fields. For each link,
1960 the following fields can be displayed:
1961
1962 LINK
1963
1964 The name of the datalink.
1965
1966
1967 PROPERTY
1968
1969 The name of the property.
1970
1971
1972 PERM
1973
1974 The read/write permissions of the property. The value shown
1975 is one of ro or rw.
1976
1977
1978 VALUE
1979
1980 The current (or persistent) property value. If the value is
1981 not set, it is shown as --. If it is unknown, the value is
1982 shown as ?. Persistent values that are not set or have been
1983 reset will be shown as -- and will use the system DEFAULT
1984 value (if any).
1985
1986
1987 DEFAULT
1988
1989 The default value of the property. If the property has no
1990 default value, -- is shown.
1991
1992
1993 POSSIBLE
1994
1995 A comma-separated list of the values the property can have.
1996 If the values span a numeric range, min - max might be
1997 shown as shorthand. If the possible values are unknown or
1998 unbounded, -- is shown.
1999
2000 The list of properties depends on the link type and network
2001 device driver, and the available values for a given property
2002 further depends on the underlying network hardware and its
2003 state. General link properties are documented in the LINK
2004 PROPERTIES section. However, link properties that begin with
2005 "_" (underbar) are specific to a given link or its underlying
2006 network device and subject to change or removal. See the
2007 appropriate network device driver man page for details.
2008
2009
2010 -c, --parsable
2011
2012 Display using a stable machine-parsable format. The -o option
2013 is required with this option. See "Parsable Output Format",
2014 below.
2015
2016
2017 -P, --persistent
2018
2019 Display persistent link property information
2020
2021
2022 -p prop, ..., --prop=prop, ...
2023
2024 A comma-separated list of properties to show. See the sections
2025 on link properties following subcommand descriptions.
2026
2027
2028
2029 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
2030
2031 Create a secure object named secobj in the specified class to be
2032 later used as a WEP or WPA key in connecting to an encrypted
2033 network. The value of the secure object can either be provided
2034 interactively or read from a file. The sequence of interactive
2035 prompts and the file format depends on the class of the secure
2036 object.
2037
2038 Currently, the classes wep and wpa are supported. The WEP (Wired
2039 Equivalent Privacy) key can be either 5 or 13 bytes long. It can be
2040 provided either as an ASCII or hexadecimal string -- thus, 12345
2041 and 0x3132333435 are equivalent 5-byte keys (the 0x prefix can be
2042 omitted). A file containing a WEP key must consist of a single line
2043 using either WEP key format. The WPA (Wi-Fi Protected Access) key
2044 must be provided as an ASCII string with a length between 8 and 63
2045 bytes.
2046
2047 This subcommand is only usable by users or roles that belong to the
2048 "Network Link Security" RBAC profile.
2049
2050 -c class, --class=class
2051
2052 class can be wep or wpa. See preceding discussion.
2053
2054
2055 -t, --temporary
2056
2057 Specifies that the creation is temporary. Temporary creation
2058 last until the next reboot.
2059
2060
2061 -R root-dir, --root-dir=root-dir
2062
2063 See "Options," above.
2064
2065
2066 -f file, --file=file
2067
2068 Specifies a file that should be used to obtain the secure
2069 object's value. The format of this file depends on the secure
2070 object class. See the EXAMPLES section for an example of using
2071 this option to set a WEP key.
2072
2073
2074
2075 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
2076
2077 Delete one or more specified secure objects. This subcommand is
2078 only usable by users or roles that belong to the "Network Link
2079 Security" RBAC profile.
2080
2081 -t, --temporary
2082
2083 Specifies that the deletions are temporary. Temporary deletions
2084 last until the next reboot.
2085
2086
2087 -R root-dir, --root-dir=root-dir
2088
2089 See "Options," above.
2090
2091
2092
2093 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
2094
2095 Show current or persistent secure object information. If one or
2096 more secure objects are specified, then information for each is
2097 displayed. Otherwise, all current or persistent secure objects are
2098 displayed.
2099
2100 By default, current secure objects are displayed, which are all
2101 secure objects that have either been persistently created and not
2102 temporarily deleted, or temporarily created.
2103
2104 For security reasons, it is not possible to show the value of a
2105 secure object.
2106
2107 -o field[,...] , --output=field[,...]
2108
2109 A case-insensitive, comma-separated list of output fields to
2110 display. The field name must be one of the fields listed below.
2111 For displayed secure object, the following fields can be shown:
2112
2113 OBJECT
2114
2115 The name of the secure object.
2116
2117
2118 CLASS
2119
2120 The class of the secure object.
2121
2122
2123
2124 -p, --parsable
2125
2126 Display using a stable machine-parsable format. The -o option
2127 is required with -p. See "Parsable Output Format", below.
2128
2129
2130 -P, --persistent
2131
2132 Display persistent secure object information
2133
2134
2135
2136 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
2137 {factory [-n slot-identifier]} | {random [-r prefix]}] [-v vlan-id] [-p
2138 prop=value[,...]] vnic-link
2139
2140 Create a VNIC with name vnic-link over the specified link.
2141
2142 -t, --temporary
2143
2144 Specifies that the VNIC is temporary. Temporary VNICs last
2145 until the next reboot.
2146
2147
2148 -R root-dir, --root-dir=root-dir
2149
2150 See "Options," above.
2151
2152
2153 -l link, --link=link
2154
2155 link can be a physical link or an etherstub.
2156
2157
2158 -m value | keyword, --mac-address=value | keyword
2159
2160 Sets the VNIC's MAC address based on the specified value or
2161 keyword. If value is not a keyword, it is interpreted as a
2162 unicast MAC address, which must be valid for the underlying
2163 NIC. The following special keywords can be used:
2164
2165 factory [-n slot-identifier],
2166 factory [--slot=slot-identifier]
2167
2168 Assign a factory MAC address to the VNIC. When a factory
2169 MAC address is requested, -m can be combined with the -n
2170 option to specify a MAC address slot to be used. If -n is
2171 not specified, the system will choose the next available
2172 factory MAC address. The -m option of the show-phys
2173 subcommand can be used to display the list of factory MAC
2174 addresses, their slot identifiers, and their availability.
2175
2176
2177 random [-r prefix],
2178 random [--mac-prefix=prefix]
2179
2180 Assign a random MAC address to the VNIC. A default prefix
2181 consisting of a valid IEEE OUI with the local bit set will
2182 be used. That prefix can be overridden with the -r option.
2183
2184
2185 auto
2186
2187 Try and use a factory MAC address first. If none is
2188 available, assign a random MAC address. auto is the default
2189 action if the -m option is not specified.
2190
2191
2192 -v vlan-id
2193
2194 Enable VLAN tagging for this VNIC. The VLAN tag will have
2195 id vlan-id.
2196
2197
2198
2199 -p prop=value,..., --prop prop=value,...
2200
2201 A comma-separated list of properties to set to the specified
2202 values.
2203
2204
2205
2206 dladm delete-vnic [-t] [-R root-dir] vnic-link
2207
2208 Deletes the specified VNIC.
2209
2210 -t, --temporary
2211
2212 Specifies that the deletion is temporary. Temporary deletions
2213 last until the next reboot.
2214
2215
2216 -R root-dir, --root-dir=root-dir
2217
2218 See "Options," above.
2219
2220
2221
2222 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]] [-l link]
2223 [vnic-link]
2224
2225 Show VNIC configuration information (the default) or statistics,
2226 for all VNICs, all VNICs on a link, or only the specified vnic-
2227 link.
2228
2229 -o field[,...] , --output=field[,...]
2230
2231 A case-insensitive, comma-separated list of output fields to
2232 display. The field name must be one of the fields listed below.
2233 The field name must be one of the fields listed below, or the
2234 special value all to display all fields. By default (without
2235 -o), show-vnic displays all fields.
2236
2237 LINK
2238
2239 The name of the VNIC.
2240
2241
2242 OVER
2243
2244 The name of the physical link over which this VNIC is
2245 configured.
2246
2247
2248 SPEED
2249
2250 The maximum speed of the VNIC, in megabits per second.
2251
2252
2253 MACADDRESS
2254
2255 MAC address of the VNIC.
2256
2257
2258 MACADDRTYPE
2259
2260 MAC address type of the VNIC. dladm distinguishes among the
2261 following MAC address types:
2262
2263 random
2264
2265 A random address assigned to the VNIC.
2266
2267
2268 factory
2269
2270 A factory MAC address used by the VNIC.
2271
2272
2273
2274
2275 -p, --parsable
2276
2277 Display using a stable machine-parsable format. The -o option
2278 is required with -p. See "Parsable Output Format", below.
2279
2280
2281 -P, --persistent
2282
2283 Display the persistent VNIC configuration.
2284
2285
2286 -s, --statistics
2287
2288 Displays VNIC statistics.
2289
2290
2291 -i interval, --interval=interval
2292
2293 Used with the -s option to specify an interval, in seconds, at
2294 which statistics should be displayed. If this option is not
2295 specified, statistics will be displayed only once.
2296
2297
2298 -l link, --link=link
2299
2300 Display information for all VNICs on the named link.
2301
2302
2303
2304 dladm create-etherstub [-t] [-R root-dir] etherstub
2305
2306 Create an etherstub with the specified name.
2307
2308 -t, --temporary
2309
2310 Specifies that the etherstub is temporary. Temporary etherstubs
2311 do not persist across reboots.
2312
2313
2314 -R root-dir, --root-dir=root-dir
2315
2316 See "Options," above.
2317
2318 VNICs can be created on top of etherstubs instead of physical NICs.
2319 As with physical NICs, such a creation causes the stack to
2320 implicitly create a virtual switch between the VNICs created on top
2321 of the same etherstub.
2322
2323
2324 dladm delete-etherstub [-t] [-R root-dir] etherstub
2325
2326 Delete the specified etherstub.
2327
2328 -t, --temporary
2329
2330 Specifies that the deletion is temporary. Temporary deletions
2331 last until the next reboot.
2332
2333
2334 -R root-dir, --root-dir=root-dir
2335
2336 See "Options," above.
2337
2338
2339
2340 dladm show-etherstub [etherstub]
2341
2342 Show all configured etherstubs by default, or the specified
2343 etherstub if etherstub is specified.
2344
2345
2346 dladm create-iptun [-t] [-R root-dir] -T type [-a
2347 {local|remote}=<addr>[,...]] iptun-link
2348
2349 Create an IP tunnel link named iptun-link. Such links can
2350 additionally be protected with IPsec using ipsecconf(1M).
2351
2352 An IP tunnel is conceptually comprised of two parts: a virtual link
2353 between two or more IP nodes, and an IP interface above this link
2354 that allows the system to transmit and receive IP packets
2355 encapsulated by the underlying link. This subcommand creates a
2356 virtual link. The ifconfig(1M) command is used to configure IP
2357 interfaces above the link.
2358
2359 -t, --temporary
2360
2361 Specifies that the IP tunnel link is temporary. Temporary
2362 tunnels last until the next reboot.
2363
2364
2365 -R root-dir, --root-dir=root-dir
2366
2367 See "Options," above.
2368
2369
2370 -T type, --tunnel-type=type
2371
2372 Specifies the type of tunnel to be created. The type must be
2373 one of the following:
2374
2375 ipv4
2376
2377 A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
2378 This type of tunnel requires IPv4 source and destination
2379 addresses to function. IPv4 and IPv6 interfaces can be
2380 plumbed above such a tunnel to create IPv4-over-IPv4 and
2381 IPv6-over-IPv4 tunneling configurations.
2382
2383
2384 ipv6
2385
2386 A point-to-point, IP-over-IP tunnel between two IPv6 nodes
2387 as defined in IETF RFC 2473. This type of tunnel requires
2388 IPv6 source and destination addresses to function. IPv4 and
2389 IPv6 interfaces can be plumbed above such a tunnel to
2390 create IPv4-over-IPv6 and IPv6-over-IPv6 tunneling
2391 configurations.
2392
2393
2394 6to4
2395
2396 A 6to4, point-to-multipoint tunnel as defined in IETF RFC
2397 3056. This type of tunnel requires an IPv4 source address
2398 to function. An IPv6 interface is plumbed on such a tunnel
2399 link to configure a 6to4 router.
2400
2401
2402
2403 -a local=addr
2404
2405 Literal IP address or hostname corresponding to the tunnel
2406 source. If a hostname is specified, it will be resolved to IP
2407 addresses, and one of those IP addresses will be used as the
2408 tunnel source. Because IP tunnels are created before naming
2409 services have been brought online during the boot process, it
2410 is important that any hostname used be included in /etc/hosts.
2411
2412
2413 -a remote=addr
2414
2415 Literal IP address or hostname corresponding to the tunnel
2416 destination.
2417
2418
2419
2420 dladm modify-iptun [-t] [-R root-dir] [-a {local|remote}=<addr>[,...]]
2421 iptun-link
2422
2423 Modify the parameters of the specified IP tunnel.
2424
2425 -t, --temporary
2426
2427 Specifies that the modification is temporary. Temporary
2428 modifications last until the next reboot.
2429
2430
2431 -R root-dir, --root-dir=root-dir
2432
2433 See "Options," above.
2434
2435
2436 -a local=addr
2437
2438 Specifies a new tunnel source address. See create-iptun for a
2439 description.
2440
2441
2442 -a remote=addr
2443
2444 Specifies a new tunnel destination address. See create-iptun
2445 for a description.
2446
2447
2448
2449 dladm delete-iptun [-t] [-R root-dir] iptun-link
2450
2451 Delete the specified IP tunnel link.
2452
2453 -t, --temporary
2454
2455 Specifies that the deletion is temporary. Temporary deletions
2456 last until the next reboot.
2457
2458
2459 -R root-dir, --root-dir=root-dir
2460
2461 See "Options," above.
2462
2463
2464
2465 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
2466
2467 Show IP tunnel link configuration for a single IP tunnel or all IP
2468 tunnels.
2469
2470 -P, --persistent
2471
2472 Display the persistent IP tunnel configuration.
2473
2474
2475 -p, --parsable
2476
2477 Display using a stable machine-parsable format. The -o option
2478 is required with -p. See "Parsable Output Format", below.
2479
2480
2481 -o field[,...], --output=field[,...]
2482
2483 A case-insensitive, comma-separated list of output fields to
2484 display. The field name must be one of the fields listed below,
2485 or the special value all, to display all fields. By default
2486 (without -o), show-iptun displays all fields.
2487
2488 LINK
2489
2490 The name of the IP tunnel link.
2491
2492
2493 TYPE
2494
2495 Type of tunnel as specified by the -T option of create-
2496 iptun.
2497
2498
2499 FLAGS
2500
2501 A set of flags associated with the IP tunnel link. Possible
2502 flags are:
2503
2504 s
2505
2506 The IP tunnel link is protected by IPsec policy. To
2507 display the IPsec policy associated with the tunnel
2508 link, enter:
2509
2510 # ipsecconf -ln -i tunnel-link
2511
2512
2513 See ipsecconf(1M) for more details on how to configure
2514 IPsec policy.
2515
2516
2517 i
2518
2519 The IP tunnel link was implicitly created with
2520 ifconfig(1M), and will be automatically deleted when it
2521 is no longer referenced (that is, when the last IP
2522 interface over the tunnel is unplumbed). See
2523 ifconfig(1M) for details on implicit tunnel creation.
2524
2525
2526
2527 SOURCE
2528
2529 The tunnel source address.
2530
2531
2532 DESTINATION
2533
2534 The tunnel destination address.
2535
2536
2537
2538
2539 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e
2540 time] [link]
2541
2542 Show the historical network usage from a stored extended accounting
2543 file. Configuration and enabling of network accounting through
2544 acctadm(1M) is required. The default output will be the summary of
2545 network usage for the entire period of time in which extended
2546 accounting was enabled.
2547
2548 -a
2549
2550 Display all historical network usage for the specified period
2551 of time during which extended accounting is enabled. This
2552 includes the usage information for the links that have already
2553 been deleted.
2554
2555
2556 -f filename, --file=filename
2557
2558 Read extended accounting records of network usage from
2559 filename.
2560
2561
2562 -F format, --format=format
2563
2564 Specifies the format of plotfile that is specified by the -p
2565 option. As of this release, gnuplot is the only supported
2566 format.
2567
2568
2569 -p plotfile, --plot=plotfile
2570
2571 Write network usage data to a file of the format specified by
2572 the -F option, which is required.
2573
2574
2575 -s time, --start=time
2576 -e time, --stop=time
2577
2578 Start and stop times for data display. Time is in the format
2579 MM/DD/YYYY,hh:mm:ss.
2580
2581
2582 link
2583
2584 If specified, display the network usage only for the named
2585 link. Otherwise, display network usage for all links.
2586
2587
2588
2589 Parsable Output Format
2590 Many dladm subcommands have an option that displays output in a
2591 machine-parsable format. The output format is one or more lines of
2592 colon (:) delimited fields. The fields displayed are specific to the
2593 subcommand used and are listed under the entry for the -o option for a
2594 given subcommand. Output includes only those fields requested by means
2595 of the -o option, in the order requested.
2596
2597
2598 When you request multiple fields, any literal colon characters are
2599 escaped by a backslash (\) before being output. Similarly, literal
2600 backslash characters will also be escaped (\\). This escape format is
2601 parsable by using shell read(1) functions with the environment variable
2602 IFS=: (see EXAMPLES, below). Note that escaping is not done when you
2603 request only a single field.
2604
2605 General Link Properties
2606 The following general link properties are supported:
2607
2608 allowed-ips
2609
2610 A comma-separated list of IP addresses that are allowed on the
2611 interface.
2612
2613 An address in CIDR format with no host address specified is used to
2614 indicate that any address on that subnet is allowed (e.g.
2615 192.168.10.0/24 means any address in the range 192.168.10.0 -
2616 192.168.10.255 is allowed).
2617
2618
2619 autopush
2620
2621 Specifies the set of STREAMS modules to push on the stream
2622 associated with a link when its DLPI device is opened. It is a
2623 space-delimited list of modules.
2624
2625 The optional special character sequence [anchor] indicates that a
2626 STREAMS anchor should be placed on the stream at the module
2627 previously specified in the list. It is an error to specify more
2628 than one anchor or to have an anchor first in the list.
2629
2630 The autopush property is preferred over the more general
2631 autopush(1M) command.
2632
2633
2634 cpus
2635
2636 Bind the processing of packets for a given data link to a processor
2637 or a set of processors. The value can be a comma-separated list of
2638 one or more processor ids. If the list consists of more than one
2639 processor, the processing will spread out to all the processors.
2640 Connection to processor affinity and packet ordering for any
2641 individual connection will be maintained.
2642
2643 The processor or set of processors are not exclusively reserved for
2644 the link. Only the kernel threads and interrupts associated with
2645 processing of the link are bound to the processor or the set of
2646 processors specified. In case it is desired that processors be
2647 dedicated to the link, psrset(1M) can be used to create a processor
2648 set and then specifying the processors from the processor set to
2649 bind the link to.
2650
2651 If the link was already bound to processor or set of processors due
2652 to a previous operation, the binding will be removed and the new
2653 set of processors will be used instead.
2654
2655 The default is no CPU binding, which is to say that the processing
2656 of packets is not bound to any specific processor or processor set.
2657
2658
2659 learn_limit
2660
2661 Limits the number of new or changed MAC sources to be learned over
2662 a bridge link. When the number exceeds this value, learning on that
2663 link is temporarily disabled. Only non-VLAN, non-VNIC type links
2664 have this property.
2665
2666 The default value is 1000. Valid values are greater or equal to 0.
2667
2668
2669 learn_decay
2670
2671 Specifies the decay rate for source changes limited by learn_limit.
2672 This number is subtracted from the counter for a bridge link every
2673 5 seconds. Only non-VLAN, non-VNIC type links have this property.
2674
2675 The default value is 200. Valid values are greater or equal to 0.
2676
2677
2678 maxbw
2679
2680 Sets the full duplex bandwidth for the link. The bandwidth is
2681 specified as an integer with one of the scale suffixes (K, M, or G
2682 for Kbps, Mbps, and Gbps). If no units are specified, the input
2683 value will be read as Mbps. The default is no bandwidth limit.
2684
2685
2686 priority
2687
2688 Sets the relative priority for the link. The value can be given as
2689 one of the tokens high, medium, or low. The default is high.
2690
2691
2692 stp
2693
2694 Enables or disables Spanning Tree Protocol on a bridge link.
2695 Setting this value to 0 disables Spanning Tree, and puts the link
2696 into forwarding mode with BPDU guarding enabled. This mode is
2697 appropriate for point-to-point links connected only to end nodes.
2698 Only non-VLAN, non-VNIC type links have this property. The default
2699 value is 1, to enable STP.
2700
2701
2702 forward
2703
2704 Enables or disables forwarding for a VLAN. Setting this value to 0
2705 disables bridge forwarding for a VLAN link. Disabling bridge
2706 forwarding removes that VLAN from the "allowed set" for the bridge.
2707 The default value is 1, to enable bridge forwarding for configured
2708 VLANs.
2709
2710
2711 default_tag
2712
2713 Sets the default VLAN ID that is assumed for untagged packets sent
2714 to and received from this link. Only non-VLAN, non-VNIC type links
2715 have this property. Setting this value to 0 disables the bridge
2716 forwarding of untagged packets to and from the port. The default
2717 value is VLAN ID 1. Valid values values are from 0 to 4094.
2718
2719
2720 promisc-filtered
2721
2722 Enables or disables the default filtering of promiscuous mode for
2723 certain classes of links. By default, VNICs will only see unicast
2724 traffic destined for it in promiscuous mode. Not all the unicast
2725 traffic from the underlying device makes it to the VNIC. Disabling
2726 this would cause a VNIC, for example, to be able to see all unicast
2727 traffic from the device it is created over. The default value is
2728 on.
2729
2730
2731 stp_priority
2732
2733 Sets the STP and RSTP Port Priority value, which is used to
2734 determine the preferred root port on a bridge. Lower numerical
2735 values are higher priority. The default value is 128. Valid values
2736 range from 0 to 255.
2737
2738
2739 stp_cost
2740
2741 Sets the STP and RSTP cost for using the link. The default value is
2742 auto, which sets the cost based on link speed, using 100 for
2743 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
2744 range from 1 to 65535.
2745
2746
2747 stp_edge
2748
2749 Enables or disables bridge edge port detection. If set to 0
2750 (false), the system assumes that the port is connected to other
2751 bridges even if no bridge PDUs of any type are seen. The default
2752 value is 1, which detects edge ports automatically.
2753
2754
2755 stp_p2p
2756
2757 Sets bridge point-to-point operation mode. Possible values are
2758 true, false, and auto. When set to auto, point-to-point connections
2759 are automatically discovered. When set to true, the port mode is
2760 forced to use point-to-point. When set to false, the port mode is
2761 forced to use normal multipoint mode. The default value is auto.
2762
2763
2764 stp_mcheck
2765
2766 Triggers the system to run the RSTP Force BPDU Migration Check
2767 procedure on this link. The procedure is triggered by setting the
2768 property value to 1. The property is automatically reset back to 0.
2769 This value cannot be set unless the following are true:
2770
2771 o The link is bridged
2772
2773 o The bridge is protected by Spanning Tree
2774
2775 o The bridge force-protocol value is at least 2 (RSTP)
2776 The default value is 0.
2777
2778
2779 zone
2780
2781 Specifies the zone to which the link belongs. This property can be
2782 modified only temporarily through dladm, and thus the -t option
2783 must be specified. To modify the zone assignment such that it
2784 persists across reboots, please use zonecfg(1M). Possible values
2785 consist of any exclusive-IP zone currently running on the system.
2786 By default, the zone binding is as per zonecfg(1M).
2787
2788
2789 Wifi Link Properties
2790 The following WiFi link properties are supported. Note that the ability
2791 to set a given property to a given value depends on the driver and
2792 hardware.
2793
2794 channel
2795
2796 Specifies the channel to use. This property can be modified only by
2797 certain WiFi links when in IBSS mode. The default value and allowed
2798 range of values varies by regulatory domain.
2799
2800
2801 powermode
2802
2803 Specifies the power management mode of the WiFi link. Possible
2804 values are off (disable power management), max (maximum power
2805 savings), and fast (performance-sensitive power management).
2806 Default is off.
2807
2808
2809 radio
2810
2811 Specifies the radio mode of the WiFi link. Possible values are on
2812 or off. Default is on.
2813
2814
2815 speed
2816
2817 Specifies a fixed speed for the WiFi link, in megabits per second.
2818 The set of possible values depends on the driver and hardware (but
2819 is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
2820 By default, there is no fixed speed.
2821
2822
2823 Ethernet Link Properties
2824 The following MII Properties, as documented in ieee802.3(5), are
2825 supported in read-only mode:
2826
2827 o duplex
2828
2829 o state
2830
2831 o adv_autoneg_cap
2832
2833 o adv_10gfdx_cap
2834
2835 o adv_1000fdx_cap
2836
2837 o adv_1000hdx_cap
2838
2839 o adv_100fdx_cap
2840
2841 o adv_100hdx_cap
2842
2843 o adv_10fdx_cap
2844
2845 o adv_10hdx_cap
2846
2847
2848 Each adv_ property (for example, adv_10fdx_cap) also has a read/write
2849 counterpart en_ property (for example, en_10fdx_cap) controlling
2850 parameters used at auto-negotiation. In the absence of Power
2851 Management, the adv* speed/duplex parameters provide the values that
2852 are both negotiated and currently effective in hardware. However, with
2853 Power Management enabled, the speed/duplex capabilities currently
2854 exposed in hardware might be a subset of the set of bits that were used
2855 in initial link parameter negotiation. Thus the MII adv_* parameters
2856 are marked read-only, with an additional set of en_* parameters for
2857 configuring speed and duplex properties at initial negotiation.
2858
2859
2860 Note that the adv_autoneg_cap does not have an en_autoneg_cap
2861 counterpart: the adv_autoneg_cap is a 0/1 switch that turns off/on
2862 auto-negotiation itself, and therefore cannot be impacted by Power
2863 Management.
2864
2865
2866 In addition, the following Ethernet properties are reported:
2867
2868 speed
2869
2870 (read-only) The operating speed of the device, in Mbps.
2871
2872
2873 mtu
2874
2875 The maximum client SDU (Send Data Unit) supported by the device.
2876 Valid range is 68-65536.
2877
2878
2879 flowctrl
2880
2881 Establishes flow-control modes that will be advertised by the
2882 device. Valid input is one of:
2883
2884 no
2885
2886 No flow control enabled.
2887
2888
2889 rx
2890
2891 Receive, and act upon incoming pause frames.
2892
2893
2894 tx
2895
2896 Transmit pause frames to the peer when congestion occurs, but
2897 ignore received pause frames.
2898
2899
2900 bi
2901
2902 Bidirectional flow control.
2903
2904 Note that the actual settings for this value are constrained by the
2905 capabilities allowed by the device and the link partner.
2906
2907
2908 secondary-macs
2909
2910 A comma-separated list of additional MAC addresses that are allowed
2911 on the interface.
2912
2913
2914 tagmode
2915
2916 This link property controls the conditions in which 802.1Q VLAN
2917 tags will be inserted in packets being transmitted on the link. Two
2918 mode values can be assigned to this property:
2919
2920 normal
2921 Insert a VLAN tag in outgoing packets under the
2922 following conditions:
2923
2924 o The packet belongs to a VLAN.
2925
2926 o The user requested priority tagging.
2927
2928
2929 vlanonly
2930 Insert a VLAN tag only when the outgoing packet belongs
2931 to a VLAN. If a tag is being inserted in this mode and
2932 the user has also requested a non-zero priority, the
2933 priority is honored and included in the VLAN tag.
2934
2935 The default value is vlanonly.
2936
2937
2938 IP Tunnel Link Properties
2939 The following IP tunnel link properties are supported.
2940
2941 hoplimit
2942
2943 Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating
2944 outer IP header of a tunnel link. This property exists for all
2945 tunnel types. The default value is 64.
2946
2947
2948 encaplimit
2949
2950 Specifies the IPv6 encapsulation limit for an IPv6 tunnel as
2951 defined in RFC 2473. This value is the tunnel nesting limit for a
2952 given tunneled packet. The default value is 4. A value of 0
2953 disables the encapsulation limit.
2954
2955
2956 EXAMPLES
2957 Example 1 Configuring an Aggregation
2958
2959
2960 To configure a data-link over an aggregation of devices bge0 and bge1
2961 with key 1, enter the following command:
2962
2963
2964 # dladm create-aggr -d bge0 -d bge1 1
2965
2966
2967
2968 Example 2 Connecting to a WiFi Link
2969
2970
2971 To connect to the most optimal available unsecured network on a system
2972 with a single WiFi link (as per the prioritization rules specified for
2973 connect-wifi), enter the following command:
2974
2975
2976 # dladm connect-wifi
2977
2978
2979
2980 Example 3 Creating a WiFi Key
2981
2982
2983 To interactively create the WEP key mykey, enter the following command:
2984
2985
2986 # dladm create-secobj -c wep mykey
2987
2988
2989
2990
2991 Alternatively, to non-interactively create the WEP key mykey using the
2992 contents of a file:
2993
2994
2995 # umask 077
2996 # cat >/tmp/mykey.$$ <<EOF
2997 12345
2998 EOF
2999 # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
3000 # rm /tmp/mykey.$$
3001
3002
3003
3004 Example 4 Connecting to a Specified Encrypted WiFi Link
3005
3006
3007 To use key mykey to connect to ESSID wlan on link ath0, enter the
3008 following command:
3009
3010
3011 # dladm connect-wifi -k mykey -e wlan ath0
3012
3013
3014
3015 Example 5 Changing a Link Property
3016
3017
3018 To set powermode to the value fast on link pcwl0, enter the following
3019 command:
3020
3021
3022 # dladm set-linkprop -p powermode=fast pcwl0
3023
3024
3025
3026 Example 6 Connecting to a WPA-Protected WiFi Link
3027
3028
3029 Create a WPA key psk and enter the following command:
3030
3031
3032 # dladm create-secobj -c wpa psk
3033
3034
3035
3036
3037 To then use key psk to connect to ESSID wlan on link ath0, enter the
3038 following command:
3039
3040
3041 # dladm connect-wifi -k psk -e wlan ath0
3042
3043
3044
3045 Example 7 Renaming a Link
3046
3047
3048 To rename the bge0 link to mgmt0, enter the following command:
3049
3050
3051 # dladm rename-link bge0 mgmt0
3052
3053
3054
3055 Example 8 Replacing a Network Card
3056
3057
3058 Consider that the bge0 device, whose link was named mgmt0 as shown in
3059 the previous example, needs to be replaced with a ce0 device because of
3060 a hardware failure. The bge0 NIC is physically removed, and replaced
3061 with a new ce0 NIC. To associate the newly added ce0 device with the
3062 mgmt0 configuration previously associated with bge0, enter the
3063 following command:
3064
3065
3066 # dladm rename-link ce0 mgmt0
3067
3068
3069
3070 Example 9 Removing a Network Card
3071
3072
3073 Suppose that in the previous example, the intent is not to replace the
3074 bge0 NIC with another NIC, but rather to remove and not replace the
3075 hardware. In that case, the mgmt0 datalink configuration is not slated
3076 to be associated with a different physical device as shown in the
3077 previous example, but needs to be deleted. Enter the following command
3078 to delete the datalink configuration associated with the mgmt0
3079 datalink, whose physical hardware (bge0 in this case) has been removed:
3080
3081
3082 # dladm delete-phys mgmt0
3083
3084
3085
3086 Example 10 Using Parsable Output to Capture a Single Field
3087
3088
3089 The following assignment saves the MTU of link net0 to a variable named
3090 mtu.
3091
3092
3093 # mtu=`dladm show-link -p -o mtu net0`
3094
3095
3096
3097 Example 11 Using Parsable Output to Iterate over Links
3098
3099
3100 The following script displays the state of each link on the system.
3101
3102
3103 # dladm show-link -p -o link,state | while IFS=: read link state; do
3104 print "Link $link is in state $state"
3105 done
3106
3107
3108
3109 Example 12 Configuring VNICs
3110
3111
3112 Create two VNICs with names hello0 and test1 over a single physical
3113 link bge0:
3114
3115
3116 # dladm create-vnic -l bge0 hello0
3117 # dladm create-vnic -l bge0 test1
3118
3119
3120
3121 Example 13 Configuring VNICs and Allocating Bandwidth and Priority
3122
3123
3124 Create two VNICs with names hello0 and test1 over a single physical
3125 link bge0 and make hello0 a high priority VNIC with a factory-assigned
3126 MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low
3127 priority VNIC with a random MAC address and a maximum bandwidth of
3128 100Mbps.
3129
3130
3131 # dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0
3132 # dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1
3133
3134
3135
3136 Example 14 Configuring a VNIC with a Factory MAC Address
3137
3138
3139 First, list the available factory MAC addresses and choose one of them:
3140
3141
3142 # dladm show-phys -m bge0
3143 LINK SLOT ADDRESS INUSE CLIENT
3144 bge0 primary 0:e0:81:27:d4:47 yes bge0
3145 bge0 1 8:0:20:fe:4e:a5 no
3146 bge0 2 8:0:20:fe:4e:a6 no
3147 bge0 3 8:0:20:fe:4e:a7 no
3148
3149
3150
3151
3152 Create a VNIC named hello0 and use slot 1's address:
3153
3154
3155 # dladm create-vnic -l bge0 -m factory -n 1 hello0
3156 # dladm show-phys -m bge0
3157 LINK SLOT ADDRESS INUSE CLIENT
3158 bge0 primary 0:e0:81:27:d4:47 yes bge0
3159 bge0 1 8:0:20:fe:4e:a5 yes hello0
3160 bge0 2 8:0:20:fe:4e:a6 no
3161 bge0 3 8:0:20:fe:4e:a7 no
3162
3163
3164
3165 Example 15 Creating a VNIC with User-Specified MAC Address, Binding it
3166 to Set of Processors
3167
3168
3169 Create a VNIC with name hello0, with a user specified MAC address, and
3170 a processor binding 0, 1, 2, 3.
3171
3172
3173 # dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,1,2,3 hello0
3174
3175
3176
3177 Example 16 Creating a Virtual Network Without a Physical NIC
3178
3179
3180 First, create an etherstub with name stub1:
3181
3182
3183 # dladm create-etherstub stub1
3184
3185
3186
3187
3188 Create two VNICs with names hello0 and test1 on the etherstub. This
3189 operation implicitly creates a virtual switch connecting hello0 and
3190 test1.
3191
3192
3193 # dladm create-vnic -l stub1 hello0
3194 # dladm create-vnic -l stub1 test1
3195
3196
3197
3198 Example 17 Showing Network Usage
3199
3200
3201 Network usage statistics can be stored using the extended accounting
3202 facility, acctadm(1M).
3203
3204
3205 # acctadm -e basic -f /var/log/net.log net
3206 # acctadm net
3207 Network accounting: active
3208 Network accounting file: /var/log/net.log
3209 Tracked Network resources: basic
3210 Untracked Network resources: src_ip,dst_ip,src_port,dst_port,protocol,
3211 dsfield
3212
3213
3214
3215
3216 The saved historical data can be retrieved in summary form using the
3217 show-usage subcommand:
3218
3219
3220 # dladm show-usage -f /var/log/net.log
3221 LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
3222 e1000g0 80 1031 546908 0 0 2.44 Kbps
3223
3224
3225
3226 Example 18 Displaying Bridge Information
3227
3228
3229 The following commands use the show-bridge subcommand with no and
3230 various options.
3231
3232
3233 # dladm show-bridge
3234 BRIDGE PROTECT ADDRESS PRIORITY DESROOT
3235 foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
3236 bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
3237
3238 # dladm show-bridge -l foo
3239 LINK STATE UPTIME DESROOT
3240 hme0 forwarding 117 8192/0:d0:0:76:14:38
3241 qfe1 forwarding 117 8192/0:d0:0:76:14:38
3242
3243 # dladm show-bridge -s foo
3244 BRIDGE DROPS FORWARDS
3245 foo 0 302
3246
3247 # dladm show-bridge -ls foo
3248 LINK DROPS RECV XMIT
3249 hme0 0 360832 31797
3250 qfe1 0 322311 356852
3251
3252 # dladm show-bridge -f foo
3253 DEST AGE FLAGS OUTPUT
3254 8:0:20:bc:a7:dc 10.860 -- hme0
3255 8:0:20:bf:f9:69 -- L hme0
3256 8:0:20:c0:20:26 17.420 -- hme0
3257 8:0:20:e5:86:11 -- L qfe1
3258
3259
3260
3261 Example 19 Creating an IPv4 Tunnel
3262
3263
3264 The following sequence of commands creates and then displays a
3265 persistent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and
3266 192.4.5.6:
3267
3268
3269 # dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
3270 # dladm show-iptun mytunnel0
3271 LINK TYPE FLAGS SOURCE DESTINATION
3272 mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
3273
3274
3275
3276
3277 A point-to-point IP interface can then be created over this tunnel
3278 link:
3279
3280
3281 # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
3282
3283
3284
3285
3286 As with any other IP interface, configuration persistence for this IP
3287 interface is achieved by placing the desired ifconfig commands (in this
3288 case, the command for "10.1.0.1 10.1.0.2") into
3289 /etc/hostname.mytunnel0.
3290
3291
3292 Example 20 Creating a 6to4 Tunnel
3293
3294
3295 The following command creates a 6to4 tunnel link. The IPv4 address of
3296 the 6to4 router is 75.10.11.12.
3297
3298
3299 # dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
3300 # dladm show-iptun sitetunnel0
3301 LINK TYPE FLAGS SOURCE DESTINATION
3302 sitetunnel0 6to4 -- 75.10.11.12 --
3303
3304
3305
3306
3307 The following command plumbs an IPv6 interface on this tunnel:
3308
3309
3310 # ifconfig sitetunnel0 inet6 plumb up
3311 # ifconfig sitetunnel0 inet6
3312 sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
3313 inet tunnel src 75.10.11.12
3314 tunnel hop limit 64
3315 inet6 2002:4b0a:b0c::1/16
3316
3317
3318
3319
3320 Note that the system automatically configures the IPv6 address on the
3321 6to4 IP interface. See ifconfig(1M) for a description of how IPv6
3322 addresses are configured on 6to4 tunnel links.
3323
3324
3325 ATTRIBUTES
3326 See attributes(5) for descriptions of the following attributes:
3327
3328
3329 /usr/sbin
3330
3331
3332
3333
3334 +--------------------+-----------------+
3335 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
3336 +--------------------+-----------------+
3337 |Interface Stability | Committed |
3338 +--------------------+-----------------+
3339
3340
3341 /sbin
3342
3343
3344
3345
3346 +--------------------+-----------------+
3347 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
3348 +--------------------+-----------------+
3349 |Interface Stability | Committed |
3350 +--------------------+-----------------+
3351
3352 SEE ALSO
3353 acctadm(1M), autopush(1M), ifconfig(1M), ipsecconf(1M), ndd(1M),
3354 psrset(1M), wpad(1M), zonecfg(1M), attributes(5), ieee802.3(5),
3355 dlpi(7P)
3356
3357 NOTES
3358 The preferred method of referring to an aggregation in the aggregation
3359 subcommands is by its link name. Referring to an aggregation by its
3360 integer key is supported for backward compatibility, but is not
3361 necessary. When creating an aggregation, if a key is specified instead
3362 of a link name, the aggregation's link name will be automatically
3363 generated by dladm as aggrkey.
3364
3365
3366
3367 December 16, 2016 DLADM(1M)