1ifconfig(1M) System Administration Commands ifconfig(1M)
2
3
4
6 ifconfig - configure network interface parameters
7
9 ifconfig interface [address_family] [address [/prefix_length]
10 [dest_address]] [addif address [/prefix_length]]
11 [removeif address [/prefix_length]] [arp | -arp]
12 [auth_algs authentication algorithm] [encr_algs encryption algorithm]
13 [encr_auth_algs authentication algorithm] [auto-revarp]
14 [broadcast address] [deprecated | -deprecated]
15 [preferred | -preferred] [destination dest_address]
16 [ether [address]] [failover | -failover] [group
17 [name | ""]] [index if_index] [ipmp] [metric n] [modlist]
18 [modinsert mod_name@pos] [modremove mod_name@pos]
19 [mtu n] [netmask mask] [plumb] [unplumb] [private
20 | -private] [nud | -nud] [set [address] [/netmask]]
21 [standby | -standby] [subnet subnet_address] [tdst
22 tunnel_dest_address] [token address/prefix_length]
23 [tsrc tunnel_src_address] [trailers | -trailers]
24 [up] [down] [usesrc [name | none]] [xmit | -xmit]
25 [encaplimit n | -encaplimit] [thoplimit n] [router
26 | -router] [zone zonename | -zone | -all-zones]
27
28
29 ifconfig [address_family] interface {auto-dhcp | dhcp} [primary]
30 [wait seconds] drop | extend | inform | ping
31 | release | start | status
32
33
35 The command ifconfig is used to assign an address to a network inter‐
36 face and to configure network interface parameters. The ifconfig com‐
37 mand must be used at boot time to define the network address of each
38 interface present on a machine; it may also be used at a later time to
39 redefine an interface's address or other operating parameters. If no
40 option is specified, ifconfig displays the current configuration for a
41 network interface. If an address family is specified, ifconfig reports
42 only the details specific to that address family. Only privileged users
43 may modify the configuration of a network interface. Options appearing
44 within braces ({}) indicate that one of the options must be specified.
45
46 DHCP Configuration
47 The forms of ifconfig that use the auto-dhcp or dhcp arguments are used
48 to control the Dynamic Host Configuration Protocol ("DHCP") configura‐
49 tion of the interface. In this mode, ifconfig is used to control opera‐
50 tion of dhcpagent(1M), the DHCP client daemon. Once an interface is
51 placed under DHCP control by using the start operand, ifconfig should
52 not, in normal operation, be used to modify the address or characteris‐
53 tics of the interface. If the address of an interface under DHCP is
54 changed, dhcpagent will remove the interface from its control.
55
57 The following options are supported:
58
59 addif address
60
61 Create the next unused logical interface on the specified physical
62 interface.
63
64
65 all-zones
66
67 Make the interface available to every shared-IP zone on the system.
68 The appropriate zone to which to deliver data is determined using
69 the tnzonecfg database. This option is available only if the system
70 is configured with the Solaris Trusted Extensions feature.
71
72 The tnzonecfg database is described in the tnzonecfg(4) man page,
73 which is part of the Solaris Trusted Extensions Reference Manual.
74
75
76 anycast
77
78 Marks the logical interface as an anycast address by setting the
79 ANYCAST flag. See "INTERFACE FLAGS," below, for more information on
80 anycast.
81
82
83 -anycast
84
85 Marks the logical interface as not an anycast address by clearing
86 the ANYCAST flag.
87
88
89 arp
90
91 Enable the use of the Address Resolution Protocol ("ARP") in map‐
92 ping between network level addresses and link level addresses
93 (default). This is currently implemented for mapping between IPv4
94 addresses and MAC addresses.
95
96
97 -arp
98
99 Disable the use of the ARP on a physical interface. ARP cannot be
100 disabled on an IPMP IP interface.
101
102
103 auth_algs authentication algorithm
104
105 For a tunnel, enable IPsec AH with the authentication algorithm
106 specified. The algorithm can be either a number or an algorithm
107 name, including any to express no preference in algorithm. All
108 IPsec tunnel properties must be specified on the same command line.
109 To disable tunnel security, specify an auth_alg of none.
110
111 It is now preferable to use the ipsecconf(1M) command when config‐
112 uring a tunnel's security properties. If ipsecconf was used to set
113 a tunnel's security properties, this keyword will not affect the
114 tunnel.
115
116
117 auto-dhcp
118
119 Use DHCP to automatically acquire an address for this interface.
120 This option has a completely equivalent alias called dhcp.
121
122 For IPv6, the interface specified must be the zeroth logical inter‐
123 face (the physical interface name), which has the link-local
124 address.
125
126 primary
127
128 Defines the interface as the primary. The interface is defined
129 as the preferred one for the delivery of client-wide configura‐
130 tion data. Only one interface can be the primary at any given
131 time. If another interface is subsequently selected as the pri‐
132 mary, it replaces the previous one. Nominating an interface as
133 the primary one will not have much significance once the client
134 work station has booted, as many applications will already have
135 started and been configured with data read from the previous
136 primary interface.
137
138
139 wait seconds
140
141 The ifconfig command will wait until the operation either com‐
142 pletes or for the interval specified, whichever is the sooner.
143 If no wait interval is given, and the operation is one that
144 cannot complete immediately, ifconfig will wait 30 seconds for
145 the requested operation to complete. The symbolic value forever
146 may be used as well, with obvious meaning.
147
148
149 drop
150
151 Remove the specified interface from DHCP control without noti‐
152 fying the DHCP server, and record the current lease for later
153 use. Additionally, for IPv4, set the IP address to zero. For
154 IPv6, unplumb all logical interfaces plumbed by dhcpagent.
155
156
157 extend
158
159 Attempt to extend the lease on the interface's IP address. This
160 is not required, as the agent will automatically extend the
161 lease well before it expires.
162
163
164 inform
165
166 Obtain network configuration parameters from DHCP without
167 obtaining a lease on IP addresses. This is useful in situations
168 where an IP address is obtained through mechanisms other than
169 DHCP.
170
171
172 ping
173
174 Check whether the interface given is under DHCP control, which
175 means that the interface is managed by the DHCP agent and is
176 working properly. An exit status of 0 means success.
177
178
179 release
180
181 Relinquish the IP addresses on the interface by notifying the
182 server and discard the current lease. For IPv4, set the IP
183 address to zero. For IPv6, all logical interfaces plumbed by
184 dhcpagent are unplumbed.
185
186
187 start
188
189 Start DHCP on the interface.
190
191
192 status
193
194 Display the DHCP configuration status of the interface.
195
196
197
198 auto-revarp
199
200 Use the Reverse Address Resolution Protocol (RARP) to automatically
201 acquire an address for this interface. This will fail if the inter‐
202 face does not support RARP; for example, IPoIB (IP over Infini‐
203 Band), and on IPv6 interfaces.
204
205
206 broadcast address
207
208 For IPv4 only. Specify the address to use to represent broadcasts
209 to the network. The default broadcast address is the address with a
210 host part of all 1's. A "+" (plus sign) given for the broadcast
211 value causes the broadcast address to be reset to a default appro‐
212 priate for the (possibly new) address and netmask. The arguments of
213 ifconfig are interpreted left to right. Therefore
214
215 example% ifconfig -a netmask + broadcast +
216
217
218 and
219
220 example% ifconfig -a broadcast + netmask +
221
222
223 may result in different values being assigned for the broadcast
224 addresses of the interfaces.
225
226
227 deprecated
228
229 Marks the logical interface as deprecated. An address associated
230 with a deprecated interface will not be used as source address for
231 outbound packets unless either there are no other addresses avail‐
232 able on the interface or the application has bound to this address
233 explicitly. The status display shows DEPRECATED as part of flags.
234 See for information on the flags supported by ifconfig.
235
236
237 -deprecated
238
239 Marks a logical interface as not deprecated. An address associated
240 with such an interface could be used as a source address for out‐
241 bound packets.
242
243
244 preferred
245
246 Marks the logical interface as preferred. This option is only valid
247 for IPv6 addresses. Addresses assigned to preferred logical inter‐
248 faces are preferred as source addresses over all other addresses
249 configured on the system, unless the address is of an inappropriate
250 scope relative to the destination address. Preferred addresses are
251 used as source addresses regardless of which physical interface
252 they are assigned to. For example, you can configure a preferred
253 source address on the loopback interface and advertise reachability
254 of this address by using a routing protocol.
255
256
257 -preferred
258
259 Marks the logical interface as not preferred.
260
261
262 destination dest_address
263
264 Set the destination address for a point-to point interface.
265
266
267 dhcp
268
269 This option is an alias for option auto-dhcp
270
271
272 down
273
274 Mark a logical interface as "down". (That is, turn off the IFF_UP
275 bit.) When a logical interface is marked "down," the system does
276 not attempt to use the address assigned to that interface as a
277 source address for outbound packets and will not recognize inbound
278 packets destined to that address as being addressed to this host.
279 Additionally, when all logical interfaces on a given physical
280 interface are "down," the physical interface itself is disabled.
281
282 When a logical interface is down, all routes that specify that
283 interface as the output (using the -ifp option in the route(1M)
284 command or RTA_IFP in a route(7P) socket) are removed from the for‐
285 warding table. Routes marked with RTF_STATIC are returned to the
286 table if the interface is brought back up, while routes not marked
287 with RTF_STATIC are simply deleted.
288
289 When all logical interfaces that could possibly be used to reach a
290 particular gateway address are brought down (specified without the
291 interface option as in the previous paragraph), the affected gate‐
292 way routes are treated as though they had the RTF_BLACKHOLE flag
293 set. All matching packets are discarded because the gateway is
294 unreachable.
295
296
297 encaplimit n
298
299 Set the tunnel encapsulation limit for the interface to n. This
300 option applies to IPv4-in-IPv6 and IPv6-in-IPv6 tunnels only, and
301 it simply modifies the encaplimit link property of the underlying
302 IPv6 tunnel link (see dladm(1M)). The tunnel encapsulation limit
303 controls how many more tunnels a packet can enter before it leaves
304 any tunnel, that is, the tunnel nesting level.
305
306 This option is obsolete, superseded by the dladm(1M) encaplimit
307 link property.
308
309
310 -encaplimit
311
312 Disable generation of the tunnel encapsulation limit. This option
313 applies only to IPv4-in-IPv6 and IPv6-in-IPv6 tunnels. This simply
314 sets the encaplimit link property of the underlying IPv6 tunnel
315 link to 0 (see dladm(1M) encaplimit).
316
317 This option is obsolete, superseded by the dladm(1M) encaplimit
318 link property.
319
320
321 encr_auth_algs authentication algorithm
322
323 For a tunnel, enable IPsec ESP with the authentication algorithm
324 specified. It can be either a number or an algorithm name, includ‐
325 ing any or none, to indicate no algorithm preference. If an ESP
326 encryption algorithm is specified but the authentication algorithm
327 is not, the default value for the ESP authentication algorithm will
328 be any.
329
330 It is now preferable to use the ipsecconf(1M) command when config‐
331 uring a tunnel's security properties. If ipsecconf was used to set
332 a tunnel's security properties, this keyword will not affect the
333 tunnel.
334
335
336 encr_algs encryption algorithm
337
338 For a tunnel, enable IPsec ESP with the encryption algorithm speci‐
339 fied. It can be either a number or an algorithm name. Note that all
340 IPsec tunnel properties must be specified on the same command line.
341 To disable tunnel security, specify the value of encr_alg as none.
342 If an ESP authentication algorithm is specified, but the encryption
343 algorithm is not, the default value for the ESP encryption will be
344 null.
345
346 It is now preferable to use the ipsecconf(1M) command when config‐
347 uring a tunnel's security properties. If ipsecconf was used to set
348 a tunnel's security properties, this keyword will not affect the
349 tunnel.
350
351
352 ether [ address ]
353
354 If no address is given and the user is root or has sufficient priv‐
355 ileges to open the underlying datalink, then display the current
356 Ethernet address information.
357
358 Otherwise, if the user is root or has sufficient privileges, set
359 the Ethernet address of the interfaces to address. The address is
360 an Ethernet address represented as x:x:x:x:x:x where x is a hexa‐
361 decimal number between 0 and FF. Similarly, for the IPoIB (IP over
362 InfiniBand) interfaces, the address will be 20 bytes of colon-sepa‐
363 rated hex numbers between 0 and FF.
364
365 Some, though not all, Ethernet interface cards have their own
366 addresses. To use cards that do not have their own addresses, refer
367 to section 3.2.3(4) of the IEEE 802.3 specification for a defini‐
368 tion of the locally administered address space. Note that all IP
369 interfaces in an IPMP group must have unique hardware addresses;
370 see in.mpathd(1M).
371
372
373 -failover
374
375 Set NOFAILOVER on the logical interface. This makes the associated
376 address available for use by in.mpathd to perform probe-based fail‐
377 ure detection for the associated physical IP interface. As a side
378 effect, DEPRECATED will also be set on the logical interface. This
379 operation is not permitted on an IPMP IP interface.
380
381
382 failover
383
384 Clear NOFAILOVER on the logical interface. This is the default.
385 These logical interfaces are subject to migration when brought up
386 (see IP MULTIPATHING GROUPS).
387
388
389 group [ name |""]
390
391 When applied to a physical interface, it places the interface into
392 the named group. If the group does not exist, it will be created,
393 along with one or more IPMP IP interfaces (for IPv4, IPv6, or
394 both). Any UP addresses that are not also marked NOFAILOVER are
395 subject to migration to the IPMP IP interface (see IP MULTIPATHING
396 GROUPS). Specifying a group name of "" removes the physical IP
397 interface from the group.
398
399 When applied to a physical IPMP IP interface, it renames the IPMP
400 group to have the new name. If the name already exists, or a name
401 of "" is specified, it fails. Renaming IPMP groups is discouraged.
402 Instead, the IPMP IP interface should be given a meaningful name
403 when it is created by means of the ipmp subcommand, which the sys‐
404 tem will also use as the IPMP group name.
405
406
407 index n
408
409 Change the interface index for the interface. The value of n must
410 be an interface index (if_index) that is not used on another inter‐
411 face. if_index will be a non-zero positive number that uniquely
412 identifies the network interface on the system.
413
414
415 ipmp
416
417 Create an IPMP IP interface with the specified name. An interface
418 must be separately created for use by IPv4 and IPv6. The
419 address_family parameter controls whether the command applies to
420 IPv4 or IPv6 (IPv4 if unspecified). All IPMP IP interfaces have the
421 IPMP flag set.
422
423
424 metric n
425
426 Set the routing metric of the interface to n; if no value is speci‐
427 fied, the default is 0. The routing metric is used by the routing
428 protocol. Higher metrics have the effect of making a route less
429 favorable. Metrics are counted as addition hops to the destination
430 network or host.
431
432
433 modinsert mod_name@pos
434
435 Insert a module with name mod_name to the stream of the device at
436 position pos. The position is relative to the stream head. Position
437 0 means directly under stream head.
438
439 Based upon the example in the modlist option, use the following
440 command to insert a module with name ipqos under the ip module and
441 above the firewall module:
442
443 example% ifconfig eri0 modinsert ipqos@2
444
445
446 A subsequent listing of all the modules in the stream of the device
447 follows:
448
449 example% ifconfig eri0 modlist
450 0 arp
451 1 ip
452 2 ipqos
453 3 firewall
454 4 eri
455
456
457
458
459 modlist
460
461 List all the modules in the stream of the device.
462
463 The following example lists all the modules in the stream of the
464 device:
465
466 example% ifconfig eri0 modlist
467 0 arp
468 1 ip
469 2 firewall
470 4 eri
471
472
473
474
475 modremove mod_name@pos
476
477 Remove a module with name mod_name from the stream of the device at
478 position pos. The position is relative to the stream head.
479
480 Based upon the example in the modinsert option, use the following
481 command to remove the firewall module from the stream after insert‐
482 ing the ipqos module:
483
484 example% ifconfig eri0 modremove firewall@3
485
486
487 A subsequent listing of all the modules in the stream of the device
488 follows:
489
490 example% ifconfig eri0 modlist
491 0 arp
492 1 ip
493 2 ipqos
494 3 eri
495
496
497 Note that the core IP stack modules, for example, ip and tun mod‐
498 ules, cannot be removed.
499
500
501 mtu n
502
503 Set the maximum transmission unit of the interface to n. For many
504 types of networks, the mtu has an upper limit, for example, 1500
505 for Ethernet. This option sets the FIXEDMTU flag on the affected
506 interface.
507
508
509 netmask mask
510
511 For IPv4 only. Specify how much of the address to reserve for sub‐
512 dividing networks into subnetworks. The mask includes the network
513 part of the local address and the subnet part, which is taken from
514 the host field of the address. The mask contains 1's for the bit
515 positions in the 32-bit address which are to be used for the net‐
516 work and subnet parts, and 0's for the host part. The mask should
517 contain at least the standard network portion, and the subnet field
518 should be contiguous with the network portion. The mask can be
519 specified in one of four ways:
520
521 1. with a single hexadecimal number with a leading 0x,
522
523 2. with a dot-notation address,
524
525 3. with a "+" (plus sign) address, or
526
527 4. with a pseudo host name/pseudo network name found in the
528 network database networks(4).
529 If a "+" (plus sign) is given for the netmask value, the mask is
530 looked up in the netmasks(4) database. This lookup finds the long‐
531 est matching netmask in the database by starting with the inter‐
532 face's IPv4 address as the key and iteratively masking off more and
533 more low order bits of the address. This iterative lookup ensures
534 that the netmasks(4) database can be used to specify the netmasks
535 when variable length subnetmasks are used within a network number.
536
537 If a pseudo host name/pseudo network name is supplied as the net‐
538 mask value, netmask data may be located in the hosts or networks
539 database. Names are looked up by first using gethostbyname(3NSL).
540 If not found there, the names are looked up in getnetby‐
541 name(3SOCKET). These interfaces may in turn use nsswitch.conf(4) to
542 determine what data store(s) to use to fetch the actual value.
543
544 For both inet and inet6, the same information conveyed by mask can
545 be specified as a prefix_length attached to the address parameter.
546
547
548 nud
549
550 Enables the neighbor unreachability detection mechanism on a point-
551 to-point physical interface.
552
553
554 -nud
555
556 Disables the neighbor unreachability detection mechanism on a
557 point-to-point physical interface.
558
559
560 plumb
561
562 For a physical IP interface, open the datalink associated with the
563 physical interface name and set up the plumbing needed for IP to
564 use the datalink. When used with a logical interface name, this
565 command is used to create a specific named logical interface on an
566 existing physical IP interface.
567
568 An interface must be separately plumbed for IPv4 and IPv6 according
569 to the address_family parameter (IPv4 if unspecified). Before an
570 interface has been plumbed, it will not be shown by ifconfig -a.
571
572 Note that IPMP IP interfaces are not tied to a specific datalink
573 and are instead created with the ipmp subcommand.
574
575
576 private
577
578 Tells the in.routed routing daemon that a specified logical inter‐
579 face should not be advertised.
580
581
582 -private
583
584 Specify unadvertised interfaces.
585
586
587 removeif address
588
589 Remove the logical interface on the physical interface specified
590 that matches the address specified.
591
592
593 router
594
595 Enable IP forwarding on the interface. When enabled, the interface
596 is marked ROUTER, and IP packets can be forwarded to and from the
597 interface. Enabling ROUTER on any IP interface in an IPMP group
598 enables it on all IP interfaces in that IPMP group.
599
600
601 -router
602
603 Disable IP forwarding on the interface. IP packets are not for‐
604 warded to and from the interface. Disabling ROUTER on any IP inter‐
605 face in an IPMP group disables it on all IP interfaces in that IPMP
606 group.
607
608
609 set
610
611 Set the address, prefix_length or both, for a logical interface.
612
613
614 standby
615
616 Mark the physical IP interface as a STANDBY interface. If an inter‐
617 face is marked STANDBY and is part of an IPMP group, the interface
618 will not be used for data traffic unless another interface in the
619 IPMP group becomes unusable. When a STANDBY interface is functional
620 but not being used for data traffic, it will also be marked INAC‐
621 TIVE. This operation is not permitted on an IPMP IP interface.
622
623
624 -standby
625
626 Clear STANDBY on the interface. This is the default.
627
628
629 subnet
630
631 Set the subnet address for an interface.
632
633
634 tdst tunnel_dest_address
635
636 Set the destination address of a tunnel. The address should not be
637 the same as the dest_address of the tunnel, because no packets
638 leave the system over such a tunnel.
639
640 This option is obsolete, superseded by the dladm(1M) create-iptun
641 and modify-iptun subcommands.
642
643
644 thoplimit n
645
646 Set the hop limit for a tunnel interface. The hop limit value is
647 used as the TTL in the IPv4 header for the IPv6-in-IPv4 and
648 IPv4-in-IPv4 tunnels. For IPv6-in-IPv6 and IPv4-in-IPv6 tunnels,
649 the hop limit value is used as the hop limit in the IPv6 header.
650 This option simply modifies the hoplimit link property of the
651 underlying IP tunnel link (see dladm(1M)).
652
653 This option is obsolete, superseded by the dladm(1M) hoplimit link
654 property.
655
656
657 token address/prefix_length
658
659 Set the IPv6 token of an interface to be used for address autocon‐
660 figuration.
661
662 example% ifconfig eri0 inet6 token ::1/64
663
664
665
666
667 trailers
668
669 This flag previously caused a nonstandard encapsulation of IPv4
670 packets on certain link levels. Drivers supplied with this release
671 no longer use this flag. It is provided for compatibility, but is
672 ignored.
673
674
675 -trailers
676
677 Disable the use of a "trailer" link level encapsulation.
678
679
680 tsrc tunnel_src_address
681
682 Set the source address of a tunnel. This is the source address on
683 an outer encapsulating IP header. It must be an address of another
684 interface already configured using ifconfig.
685
686 This option is obsolete, superseded by the dladm(1M) create-iptun
687 and modify-iptun subcommands.
688
689
690 unplumb
691
692 For a physical or IPMP interface, remove all associated logical IP
693 interfaces and tear down any plumbing needed for IP to use the
694 interface. For an IPMP IP interface, this command will fail if the
695 group is not empty. For a logical interface, the logical interface
696 is removed.
697
698 An interface must be separately unplumbed for IPv4 and IPv6 accord‐
699 ing to the address_family parameter (IPv4 if unspecified). Upon
700 success, the interface name will no longer appear in the output of
701 ifconfig -a.
702
703
704 up
705
706 Mark a logical interface UP. As a result, the IP module will accept
707 packets destined to the associated address (unless the address is
708 zero), along with any associated multicast and broadcast IP
709 addresses. Similarly, the IP module will allow packets to be sent
710 with the associated address as a source address. At least one logi‐
711 cal interface must be UP for the associated physical interface to
712 send or receive packets
713
714
715 usesrc [ name | none ]
716
717 Specify a physical interface to be used for source address selec‐
718 tion. If the keyword none is used, then any previous selection is
719 cleared.
720
721 When an application does not choose a non-zero source address using
722 bind(3SOCKET), the system will select an appropriate source address
723 based on the outbound interface and the address selection rules
724 (see ipaddrsel(1M)).
725
726 When usesrc is specified and the specified interface is selected in
727 the forwarding table for output, the system looks first to the
728 specified physical interface and its associated logical interfaces
729 when selecting a source address. If no usable address is listed in
730 the forwarding table, the ordinary selection rules apply. For exam‐
731 ple, if you enter:
732
733 # ifconfig eri0 usesrc vni0
734
735
736 ...and vni0 has address 10.0.0.1 assigned to it, the system will
737 prefer 10.0.0.1 as the source address for any packets originated by
738 local connections that are sent through eri0. Further examples are
739 provided in the EXAMPLES section.
740
741 While you can specify any physical interface (or even loopback), be
742 aware that you can also specify the virtual IP interface (see
743 vni(7D)). The virtual IP interface is not associated with any phys‐
744 ical hardware and is thus immune to hardware failures. You can
745 specify any number of physical interfaces to use the source address
746 hosted on a single virtual interface. This simplifies the configu‐
747 ration of routing-based multipathing. If one of the physical inter‐
748 faces were to fail, communication would continue through one of the
749 remaining, functioning physical interfaces. This scenario assumes
750 that the reachability of the address hosted on the virtual inter‐
751 face is advertised in some manner, for example, through a routing
752 protocol.
753
754 Because the ifconfig preferred option is applied to all interfaces,
755 it is coarser-grained than the usesrc option. It will be overridden
756 by usesrc and setsrc (route subcommand), in that order.
757
758 IPMP and the usesrc option are mutually exclusive. That is, if an
759 interface is part of an IPMP group or marked STANDBY, then it can‐
760 not be specified by means of usesrc, and vice-versa.
761
762
763 xmit
764
765 Enable a logical interface to transmit packets. This is the default
766 behavior when the logical interface is up.
767
768
769 -xmit
770
771 Disable transmission of packets on an interface. The interface will
772 continue to receive packets.
773
774
775 zone zonename
776
777 Place the logical interface in zone zonename. The named zone must
778 be active in the kernel in the ready or running state. The inter‐
779 face is unplumbed when the zone is halted or rebooted. The zone
780 must be configure to be an shared-IP zone. zonecfg(1M) is used to
781 assign network interface names to exclusive-IP zones.
782
783
784 -zone
785
786 Place IP interface in the global zone. This is the default.
787
788
790 The interface operand, as well as address parameters that affect it,
791 are described below.
792
793 interface
794
795 A string of one of the following forms:
796
797 o name physical-unit, for example, eri0 or ce1
798
799 o name physical-unit:logical-unit, for example, eri0:1
800
801 o ip.tunN, ip6.tunN, or ip6to4.tunN for implicit IP tunnel
802 links
803 If the interface name starts with a dash (-), it is interpreted as
804 a set of options which specify a set of interfaces. In such a case,
805 -a must be part of the options and any of the additional options
806 below can be added in any order. If one of these interface names is
807 given, the commands following it are applied to all of the inter‐
808 faces that match.
809
810 -a
811
812 Apply the command to all interfaces of the specified address
813 family. If no address family is supplied, either on the command
814 line or by means of /etc/default/inet_type, then all address
815 families will be selected.
816
817
818 -d
819
820 Apply the commands to all "down" interfaces in the system.
821
822
823 -D
824
825 Apply the commands to all interfaces not under DHCP (Dynamic
826 Host Configuration Protocol) control.
827
828
829 -u
830
831 Apply the commands to all "up" interfaces in the system.
832
833
834 -Z
835
836 Apply the commands to all interfaces in the user's zone.
837
838
839 -4
840
841 Apply the commands to all IPv4 interfaces.
842
843
844 -6
845
846 Apply the commands to all IPv6 interfaces.
847
848
849
850 address_family
851
852 The address family is specified by the address_family parameter.
853 The ifconfig command currently supports the following families:
854 inet and inet6. If no address family is specified, the default is
855 inet.
856
857 ifconfig honors the DEFAULT_IP setting in the
858 /etc/default/inet_type file when it displays interface information
859 . If DEFAULT_IP is set to IP_VERSION4, then ifconfig will omit
860 information that relates to IPv6 interfaces. However, when you
861 explicitly specify an address family (inet or inet6) on the ifcon‐
862 fig command line, the command line overrides the DEFAULT_IP set‐
863 tings.
864
865
866 address
867
868 For the IPv4 family (inet), the address is either a host name
869 present in the host name data base (see hosts(4)) or in the Network
870 Information Service (NIS) map hosts, or an IPv4 address expressed
871 in the Internet standard "dot notation".
872
873 For the IPv6 family (inet6), the address is either a host name
874 present in the host name data base (see hosts(4)) or in the Network
875 Information Service (NIS) map ipnode, or an IPv6 address expressed
876 in the Internet standard colon-separated hexadecimal format repre‐
877 sented as x:x:x:x:x:x:x:x where x is a hexadecimal number between 0
878 and FFFF.
879
880
881 prefix_length
882
883 For the IPv4 and IPv6 families (inet and inet6), the prefix_length
884 is a number between 0 and the number of bits in the address. For
885 inet, the number of bits in the address is 32; for inet6, the num‐
886 ber of bits in the address is 128. The prefix_length denotes the
887 number of leading set bits in the netmask.
888
889
890 dest_address
891
892 If the dest_address parameter is supplied in addition to the
893 address parameter, it specifies the address of the correspondent on
894 the other end of a point-to-point link.
895
896
897 tunnel_dest_address
898
899 An address that is or will be reachable through an interface other
900 than the tunnel being configured. This tells the tunnel where to
901 send the tunneled packets. This address must not be the same as the
902 interface destination address being configured.
903
904
905 tunnel_src_address
906
907 An address that is attached to an already configured interface that
908 has been configured "up" with ifconfig.
909
910
912 The ifconfig command supports the following interface flags. The term
913 "address" in this context refers to a logical interface, for example,
914 eri0:0, while "interface" refers to the physical interface, for exam‐
915 ple, eri0.
916
917 ADDRCONF
918
919 The address is from stateless addrconf. The stateless mechanism
920 allows a host to generate its own address using a combination of
921 information advertised by routers and locally available informa‐
922 tion. Routers advertise prefixes that identify the subnet associ‐
923 ated with the link, while the host generates an "interface identi‐
924 fier" that uniquely identifies an interface in a subnet. In the
925 absence of information from routers, a host can generate link-local
926 addresses. This flag is specific to IPv6.
927
928
929 ANYCAST
930
931 Indicates an anycast address. An anycast address identifies the
932 nearest member of a group of systems that provides a particular
933 type of service. An anycast address is assigned to a group of sys‐
934 tems. Packets are delivered to the nearest group member identified
935 by the anycast address instead of being delivered to all members of
936 the group.
937
938
939 BROADCAST
940
941 This broadcast address is valid. This flag and POINTTOPOINT are
942 mutually exclusive
943
944
945 CoS
946
947 This interface supports some form of Class of Service (CoS) mark‐
948 ing. An example is the 802.1D user priority marking supported on
949 VLAN interfaces. For IPMP IP interfaces, this will only be set if
950 all interfaces in the group have CoS set.
951
952 Note that this flag is only set on interfaces over VLAN links and
953 over Ethernet links that have their dladm(1M) tagmode link property
954 set to normal.
955
956
957 DEPRECATED
958
959 This address is deprecated. This address will not be used as a
960 source address for outbound packets unless there are no other
961 addresses on this interface or an application has explicitly bound
962 to this address. An IPv6 deprecated address is part of the standard
963 mechanism for renumbering in IPv6 and will eventually be deleted
964 when not used. For both IPv4 and IPv6, DEPRECATED is also set on
965 all NOFAILOVER addresses, though this may change in a future
966 release.
967
968
969 DHCPRUNNING
970
971 The logical interface is managed by dhcpagent(1M).
972
973
974 DUPLICATE
975
976 The logical interface has been disabled because the IP address con‐
977 figured on the interface is a duplicate. Some other node on the
978 network is using this address. If the address was configured by
979 DHCP or is temporary, the system will choose another automatically,
980 if possible. Otherwise, the system will attempt to recover this
981 address periodically and the interface will recover when the con‐
982 flict has been removed from the network. Changing the address or
983 netmask, or setting the logical interface to up will restart dupli‐
984 cate detection. Setting the interface to down terminates recovery
985 and removes the DUPLICATE flag.
986
987
988 FAILED
989
990 The in.mpathd daemon has determined that the interface has failed.
991 FAILED interfaces will not be used to send or receive IP data traf‐
992 fic. If this is set on a physical IP interface in an IPMP group, IP
993 data traffic will continue to flow over other usable IP interfaces
994 in the IPMP group. If this is set on an IPMP IP interface, the
995 entire group has failed and no data traffic can be sent or received
996 over any interfaces in that group.
997
998
999 FIXEDMTU
1000
1001 The MTU has been set using the -mtu option. This flag is read-only.
1002 Interfaces that have this flag set have a fixed MTU value that is
1003 unaffected by dynamic MTU changes that can occur when drivers
1004 notify IP of link MTU changes.
1005
1006
1007 INACTIVE
1008
1009 The physical interface is functioning but is not used to send or
1010 receive data traffic according to administrative policy. This flag
1011 is initially set by the standby subcommand and is subsequently con‐
1012 trolled by in.mpathd. It also set when FAILBACK=no mode is enabled
1013 (see in.mpathd(1M)) to indicate that the IP interface has repaired
1014 but is not being used.
1015
1016
1017 IPMP
1018
1019 Indicates that this is an IPMP IP interface.
1020
1021
1022 LOOPBACK
1023
1024 Indicates that this is the loopback interface.
1025
1026
1027 MULTI_BCAST
1028
1029 Indicates that the broadcast address is used for multicast on this
1030 interface.
1031
1032
1033 MULTICAST
1034
1035 The interface supports multicast. IP assumes that any interface
1036 that supports hardware broadcast, or that is a point-to-point link,
1037 will support multicast.
1038
1039
1040 NOARP
1041
1042 There is no address resolution protocol (ARP) for this interface
1043 that corresponds to all interfaces for a device without a broadcast
1044 address. This flag is specific to IPv4.
1045
1046
1047 NOFAILOVER
1048
1049 The address associated with this logical interface is available to
1050 in.mpathd for probe-based failure detection of the associated phys‐
1051 ical IP interface.
1052
1053
1054 NOLOCAL
1055
1056 The interface has no address , just an on-link subnet.
1057
1058
1059 NONUD
1060
1061 NUD is disabled on this interface. NUD (neighbor unreachability
1062 detection) is used by a node to track the reachability state of its
1063 neighbors, to which the node actively sends packets, and to perform
1064 any recovery if a neighbor is detected to be unreachable. This flag
1065 is specific to IPv6.
1066
1067
1068 NORTEXCH
1069
1070 The interface does not exchange routing information. For RIP-2,
1071 routing packets are not sent over this interface. Additionally,
1072 messages that appear to come over this interface receive no
1073 response. The subnet or address of this interface is not included
1074 in advertisements over other interfaces to other routers.
1075
1076
1077 NOXMIT
1078
1079 Indicates that the address does not transmit packets. RIP-2 also
1080 does not advertise this address.
1081
1082
1083 OFFLINE
1084
1085 The interface is offline and thus cannot send or receive IP data
1086 traffic. This is only set on IP interfaces in an IPMP group. See
1087 if_mpadm(1M) and cfgadm(1M).
1088
1089
1090 POINTOPOINT
1091
1092 Indicates that the address is a point-to-point link. This flag and
1093 BROADCAST are mutually exclusive
1094
1095
1096 PREFERRED
1097
1098 This address is a preferred IPv6 source address. This address will
1099 be used as a source address for IPv6 communication with all IPv6
1100 destinations, unless another address on the system is of more
1101 appropriate scope. The DEPRECATED flag takes precedence over the
1102 PREFERRED flag.
1103
1104
1105 PRIVATE
1106
1107 Indicates that this address is not advertised. For RIP-2, this
1108 interface is used to send advertisements. However, neither the sub‐
1109 net nor this address are included in advertisements to other
1110 routers.
1111
1112
1113 PROMISC
1114
1115 A read-only flag indicating that an interface is in promiscuous
1116 mode. All addresses associated with an interface in promiscuous
1117 mode will display (in response to ifconfig -a, for example) the
1118 PROMISC flag.
1119
1120
1121 ROUTER
1122
1123 Indicates that IP packets can be forwarded to and from the inter‐
1124 face.
1125
1126
1127 RUNNING
1128
1129 Indicates that the required resources for an interface are allo‐
1130 cated. For some interfaces this also indicates that the link is up.
1131 For IPMP IP interfaces, RUNNING is set as long as one IP interface
1132 in the group is active.
1133
1134
1135 STANDBY
1136
1137 Indicates that this physical interface will not be used for data
1138 traffic unless another interface in the IPMP group becomes unus‐
1139 able. The INACTIVE and FAILED flags indicate whether it is actively
1140 being used.
1141
1142
1143 TEMPORARY
1144
1145 Indicates that this is a temporary IPv6 address as defined in RFC
1146 3041.
1147
1148
1149 UNNUMBERED
1150
1151 This flag is set when the local IP address on the link matches the
1152 local address of some other link in the system
1153
1154
1155 UP
1156
1157 Indicates that the logical interface (and the associated physical
1158 interface) is up. The IP module will accept packets destined to UP
1159 addresses (unless the address is zero), along with any associated
1160 multicast and broadcast IP addresses. Similarly, the IP module will
1161 allow packets to be sent with an UP address as a source address.
1162
1163
1164 VIRTUAL
1165
1166 Indicates that the physical interface has no underlying hardware.
1167 It is not possible to transmit or receive packets through a virtual
1168 interface. These interfaces are useful for configuring local
1169 addresses that can be used on multiple interfaces. (See also the
1170 usesrc option.)
1171
1172
1173 XRESOLV
1174
1175 Indicates that the interface uses an IPv6 external resolver.
1176
1177
1179 Solaris TCP/IP allows multiple logical interfaces to be associated with
1180 a physical network interface. This allows a single machine to be
1181 assigned multiple IP addresses, even though it may have only one net‐
1182 work interface. Physical network interfaces have names of the form
1183 driver-name physical-unit-number, while logical interfaces have names
1184 of the form driver-name physical-unit-number:logical-unit-number. A
1185 physical interface is configured into the system using the plumb com‐
1186 mand. For example:
1187
1188 example% ifconfig eri0 plumb
1189
1190
1191
1192
1193 Once a physical interface has been "plumbed", logical interfaces asso‐
1194 ciated with the physical interface can be configured by separate -plumb
1195 or -addif options to the ifconfig command.
1196
1197 example% ifconfig eri0:1 plumb
1198
1199
1200
1201
1202 allocates a specific logical interface associated with the physical
1203 interface eri0. The command
1204
1205 example% ifconfig eri0 addif 192.168.200.1/24 up
1206
1207
1208
1209
1210 allocates the next available logical unit number on the eri0 physical
1211 interface and assigns an address and prefix_length.
1212
1213
1214 A logical interface can be configured with parameters ( address,pre‐
1215 fix_length, and so on) different from the physical interface with which
1216 it is associated. Logical interfaces that are associated with the same
1217 physical interface can be given different parameters as well. Each log‐
1218 ical interface must be associated with an existing and "up" physical
1219 interface. So, for example, the logical interface eri0:1 can only be
1220 configured after the physical interface eri0 has been plumbed.
1221
1222
1223 To delete a logical interface, use the unplumb or removeif options. For
1224 example,
1225
1226 example% ifconfig eri0:1 down unplumb
1227
1228
1229
1230
1231 will delete the logical interface eri0:1.
1232
1234 Physical interfaces that share the same link-layer broadcast domain
1235 must be collected into a single IP Multipathing (IPMP) group using the
1236 group subcommand. Each IPMP group has an associated IPMP IP interface,
1237 which can either be explicitly created (the preferred method) by using
1238 the ipmp subcommand or implicitly created by ifconfig in response to
1239 placing an IP interface into a new IPMP group. Implicitly-created IPMP
1240 interfaces will be named ipmpN where N is the lowest integer that does
1241 not conflict with an existing IP interface name or IPMP group name.
1242
1243
1244 Each IPMP IP interface is created with a matching IPMP group name,
1245 though it can be changed using the group subcommand. Each IPMP IP
1246 interface hosts a set of highly-available IP addresses. These addresses
1247 will remain reachable so long as at least one interface in the group is
1248 active, where "active" is defined as having at least one UP address and
1249 having INACTIVE, FAILED, and OFFLINE clear. IP addresses hosted on the
1250 IPMP IP interface may either be configured statically or configured
1251 through DHCP by means of the dhcp subcommand.
1252
1253
1254 Interfaces assigned to the same IPMP group are treated as equivalent
1255 and monitored for failure by in.mpathd. Provided that active interfaces
1256 in the group remain, IP interface failures (and any subsequent repairs)
1257 are handled transparently to sockets-based applications. IPMP is also
1258 integrated with the Dynamic Reconfiguration framework (see cfgadm(1M)),
1259 which enables network adapters to be replaced in a way that is invisi‐
1260 ble to sockets-based applications.
1261
1262
1263 The IP module automatically load-spreads all outbound traffic across
1264 all active interfaces in an IPMP group. Similarly, all UP addresses
1265 hosted on the IPMP IP interface will be distributed across the active
1266 interfaces to promote inbound load-spreading. The ipmpstat(1M) utility
1267 allows many aspects of the IPMP subsystem to be observed, including the
1268 current binding of IP data addresses to IP interfaces.
1269
1270
1271 When an interface is placed into an IPMP group, any UP logical inter‐
1272 faces are "migrated" to the IPMP IP interface for use by the group,
1273 unless:
1274
1275 o the logical interface is marked NOFAILOVER;
1276
1277 o the logical interface hosts an IPv6 link-local address;
1278
1279 o the logical interface hosts an IPv4 0.0.0.0 address.
1280
1281
1282 Likewise, once an interface is in a group, if changes are made to a
1283 logical interface such that it is UP and not exempted by one of the
1284 conditions above, it will also migrate to the associated IPMP IP inter‐
1285 face. Logical interfaces never migrate back, even if the physical
1286 interface that contributed the address is removed from the group.
1287
1288
1289 Each interface placed into an IPMP group may be optionally configured
1290 with a "test" address that in.mpathd will use for probe-based failure
1291 detection; see in.mpathd(1M). These addresses must be marked NOFAILOVER
1292 (using the -failover subcommand) prior to being marked UP. Test
1293 addresses may also be acquired through DHCP by means of the dhcp sub‐
1294 command.
1295
1296
1297 For more background on IPMP, please see the IPMP-related chapters of
1298 the System Administration Guide: Network Interfaces and Network Virtu‐
1299 alization.
1300
1302 When an IPv6 physical interface is plumbed and configured "up" with
1303 ifconfig, it is automatically assigned an IPv6 link-local address for
1304 which the last 64 bits are calculated from the MAC address of the
1305 interface.
1306
1307 example% ifconfig eri0 inet6 plumb up
1308
1309
1310
1311
1312 The following example shows that the link-local address has a prefix of
1313 fe80::/10.
1314
1315 example% ifconfig eri0 inet6
1316 ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6>
1317 mtu 1500 index 2
1318 inet6 fe80::a00:20ff:fe8e:f3ad/10
1319
1320
1321
1322
1323 Link-local addresses are only used for communication on the local sub‐
1324 net and are not visible to other subnets.
1325
1326
1327 If an advertising IPv6 router exists on the link advertising prefixes,
1328 then the newly plumbed IPv6 interface will autoconfigure logical inter‐
1329 face(s) depending on the prefix advertisements. For example, for the
1330 prefix advertisement 2001:0db8:3c4d:0:55::/64, the autoconfigured
1331 interface will look like:
1332
1333 eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6>
1334 mtu 1500 index 2
1335 inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64
1336
1337
1338
1339
1340 Even if there are no prefix advertisements on the link, you can still
1341 assign global addresses manually, for example:
1342
1343 example% ifconfig eri0 inet6 addif \
1344 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
1345
1346
1347
1348
1349 To configure boot-time defaults for the interface eri0, place the fol‐
1350 lowing entry in the /etc/hostname6.eri0 file:
1351
1352 addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
1353
1354
1355 Configuring IP-over-IP Tunnel Interfaces
1356 An IP tunnel is conceptually comprised of two parts: a virtual link
1357 between two or more IP nodes, and an IP interface above this link which
1358 allows the system to transmit and receive IP packets encapsulated by
1359 the underlying link.
1360
1361
1362 The dladm(1M) command is used to configure tunnel links, and ifconfig
1363 is used to configure IP interfaces over those tunnel links. An
1364 IPv4-over-IPv4 tunnel is created by plumbing an IPv4 interface over an
1365 IPv4 tunnel link. An IPv6-over-IPv4 tunnel is created by plumbing an
1366 IPv6 interface over an IPv6 tunnel link, and so forth.
1367
1368
1369 When IPv6 interfaces are plumbed over IP tunnel links, their IPv6
1370 addresses are automatically set. For IPv4 and IPv6 tunnels, source and
1371 destination link-local addresses of the form fe80::interface-id are
1372 configured. For IPv4 tunnels, the interface-id is the IPv4 tunnel
1373 source or destination address. For IPv6 tunnels, the interface-id is
1374 the last 64 bits of the IPv6 tunnel source or destination address. For
1375 example, for an IPv4 tunnel between 10.1.2.3 and 10.4.5.6, the IPv6
1376 link-local source and destination addresses of the IPv6 interface would
1377 be fe80::a01:203 and fe80::a04:506. For an IPv6 tunnel between
1378 2000::1234:abcd and 3000::5678:abcd, the IPv6 link-local source and
1379 destination addresses of the interface would be fe80::1234:abcd and
1380 fe80::5678:abcd. These default link-local addresses can be overridden
1381 by specifying the addresses explicitly, as with any other point-to-
1382 point interface.
1383
1384
1385 For 6to4 tunnels, a 6to4 global address of the form 2002:tsrc::1/16 is
1386 configured. The tsrc portion is the tunnel source IPv4 address. The
1387 prefix length of the 6to4 interface is automatically set to 16, as all
1388 6to4 packets (destinations in the 2002::/16 range) are forwarded to the
1389 6to4 tunnel interface. For example, for a 6to4 link with a tunnel
1390 source of 75.1.2.3, the IPv6 interface would have an address of
1391 2002:4b01:203::1/16.
1392
1393
1394 Additional IPv6 addresses can be added using the addif option or by
1395 plumbing additional logical interfaces.
1396
1397
1398 For backward compatibility, the plumbing of tunnel IP interfaces with
1399 special names will implicitly result in the creation of tunnel links
1400 without invoking dladm create-iptun. These tunnel names are:
1401
1402 ip.tunN An IPv4 tunnel
1403
1404
1405 ip6.tunN An IPv6 tunnel
1406
1407
1408 ip.6to4tunN A 6to4 tunnel
1409
1410
1411
1412 These tunnels are "implicit tunnels", denoted with the i flag in dladm
1413 show-iptun output. The tunnel links over which these special IP inter‐
1414 faces are plumbed are automatically created, and they are automatically
1415 deleted when the last reference is released (that is, when the last IP
1416 interface is unplumbed).
1417
1418
1419 The tsrc, tdst, encaplim, and hoplimit options to ifconfig are obsolete
1420 and maintained only for backward compatibility. They are equivalent to
1421 their dladm(1M) counterparts.
1422
1423 Display of Tunnel Security Settings
1424 The ifconfig output for IP tunnel interfaces indicates whether IPsec
1425 policy is configured for the underlying IP tunnel link. For example, a
1426 line of the following form will be displayed if IPsec policy is
1427 present:
1428
1429 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1430
1431
1432
1433
1434 If you do net set security policy, using either ifconfig or ipsec‐
1435 conf(1M), there is no tunnel security setting displayed.
1436
1438 Example 1 Using the ifconfig Command
1439
1440
1441 If your workstation is not attached to an Ethernet, the network inter‐
1442 face, for example, eri0, should be marked "down" as follows:
1443
1444
1445 example% ifconfig eri0 down
1446
1447
1448
1449 Example 2 Printing Addressing Information
1450
1451
1452 To print out the addressing information for each interface, use the
1453 following command:
1454
1455
1456 example% ifconfig -a
1457
1458
1459
1460 Example 3 Resetting the Broadcast Address
1461
1462
1463 To reset each interface's broadcast address after the netmasks have
1464 been correctly set, use the next command:
1465
1466
1467 example% ifconfig -a broadcast +
1468
1469
1470
1471 Example 4 Changing the Ethernet Address
1472
1473
1474 To change the Ethernet address for interface ce0, use the following
1475 command:
1476
1477
1478 example% ifconfig ce0 ether aa:1:2:3:4:5
1479
1480
1481
1482 Example 5 Configuring an IP-in-IP Tunnel
1483
1484
1485 To configure an IP-in-IP tunnel, first create an IP tunnel link (tunsrc
1486 and tundst are hostnames with corresponding IPv4 entries in
1487 /etc/hosts):
1488
1489
1490 example% dladm create-iptun -T ipv4 -s tunsrc -d tundst tun0
1491
1492
1493
1494
1495 Then plumb a point-to-point interface, supplying the source and desti‐
1496 nation addresses (mysrc and thedst are hostnames with corresponding
1497 IPv4 entries in /etc/hosts):
1498
1499
1500 example% ifconfig tun0 plumb mysrc thedst up
1501
1502
1503
1504
1505 Use ipsecconf(1M), as described above, to configure tunnel security
1506 properties.
1507
1508
1509
1510 Configuring IPv6 tunnels is done by using a tunnel type of ipv6 with
1511 create-iptun. IPv6 interfaces can also be plumbed over either type of
1512 tunnel.
1513
1514
1515 Example 6 Configuring 6to4 Tunnels
1516
1517
1518 To configure 6to4 tunnels, first create a 6to4 tunnel link (myv4addr is
1519 a hostname with a corresponding IPv4 entry in /etc/hosts):
1520
1521
1522 example% dladm create-iptun -T 6to4 -s myv4addr my6to4tun0
1523
1524
1525
1526
1527 Then an IPv6 interface is plumbed over this link:
1528
1529
1530 example% ifconfig my6to4tun0 inet6 plumb up
1531
1532
1533
1534
1535 The IPv6 address of the interface is automatically set as described
1536 above.
1537
1538
1539 Example 7 Configuring IP Forwarding on an Interface
1540
1541
1542 To enable IP forwarding on a single interface, use the following com‐
1543 mand:
1544
1545
1546 example% ifconfig eri0 router
1547
1548
1549
1550
1551 To disable IP forwarding on a single interface, use the following com‐
1552 mand:
1553
1554
1555 example% ifconfig eri0 -router
1556
1557
1558
1559 Example 8 Configuring Source Address Selection Using a Virtual Inter‐
1560 face
1561
1562
1563 The following command configures source address selection such that
1564 every packet that is locally generated with no bound source address and
1565 going out on qfe2 prefers a source address hosted on vni0.
1566
1567
1568 example% ifconfig qfe2 usesrc vni0
1569
1570
1571
1572
1573 The ifconfig -a output for the qfe2 and vni0 interfaces displays as
1574 follows:
1575
1576
1577 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
1578 1500 index 4
1579 usesrc vni0
1580 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
1581 ether 0:3:ba:17:4b:e1
1582 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
1583 mtu 0 index 5
1584 srcof qfe2
1585 inet 3.4.5.6 netmask ffffffff
1586
1587
1588
1589 Observe, above, the usesrc and srcof keywords in the ifconfig output.
1590 These keywords also appear on the logical instances of the physical
1591 interface, even though this is a per-physical interface parameter.
1592 There is no srcof keyword in ifconfig for configuring interfaces. This
1593 information is determined automatically from the set of interfaces that
1594 have usesrc set on them.
1595
1596
1597
1598 The following command, using the none keyword, undoes the effect of the
1599 preceding ifconfig usesrc command.
1600
1601
1602 example% ifconfig qfe2 usesrc none
1603
1604
1605
1606
1607 Following this command, ifconfig -a output displays as follows:
1608
1609
1610 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
1611 1500 index 4
1612 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
1613 ether 0:3:ba:17:4b:e1
1614 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
1615 mtu 0 index 5
1616 inet 3.4.5.6 netmask ffffffff
1617
1618
1619
1620 Note the absence of the usesrc and srcof keywords in the output above.
1621
1622
1623 Example 9 Configuring Source Address Selection for an IPv6 Address
1624
1625
1626 The following command configures source address selection for an IPv6
1627 address, selecting a source address hosted on vni0.
1628
1629
1630 example% ifconfig qfe1 inet6 usesrc vni0
1631
1632
1633
1634
1635 Following this command, ifconfig -a output displays as follows:
1636
1637
1638 qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
1639 usesrc vni0
1640 inet6 fe80::203:baff:fe17:4be0/10
1641 ether 0:3:ba:17:4b:e0
1642 vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
1643 index 5
1644 srcof qfe1
1645 inet6 fe80::203:baff:fe17:4444/128
1646 vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
1647 index 5
1648 srcof qfe1
1649 inet6 fec0::203:baff:fe17:4444/128
1650 vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
1651 index 5
1652 srcof qfe1
1653 inet6 2000::203:baff:fe17:4444/128
1654
1655
1656
1657 Depending on the scope of the destination of the packet going out on
1658 qfe1, the appropriately scoped source address is selected from vni0 and
1659 its aliases.
1660
1661
1662 Example 10 Using Source Address Selection with Shared-IP Zones
1663
1664
1665 The following is an example of how the usesrc feature can be used with
1666 the zones(5) facility in Solaris. The following commands are invoked in
1667 the global zone:
1668
1669
1670 example% ifconfig hme0 usesrc vni0
1671 example% ifconfig eri0 usesrc vni0
1672 example% ifconfig qfe0 usesrc vni0
1673
1674
1675
1676
1677 Following the preceding commands, the ifconfig -a output for the vir‐
1678 tual interfaces would display as:
1679
1680
1681 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
1682 mtu 0 index 23
1683 srcof hme0 eri0 qfe0
1684 inet 10.0.0.1 netmask ffffffff
1685 vni0:1:
1686 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
1687 index 23
1688 zone test1
1689 srcof hme0 eri0 qfe0
1690 inet 10.0.0.2 netmask ffffffff
1691 vni0:2:
1692 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
1693 index 23
1694 zone test2
1695 srcof hme0 eri0 qfe0
1696 inet 10.0.0.3 netmask ffffffff
1697 vni0:3:
1698 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
1699 index 23
1700 zone test3
1701 srcof hme0 eri0 qfe0
1702 inet 10.0.0.4 netmask ffffffff
1703
1704
1705
1706 There is one virtual interface alias per zone (test1, test2, and
1707 test3). A source address from the virtual interface alias in the same
1708 zone is selected. The virtual interface aliases were created using
1709 zonecfg(1M) as follows:
1710
1711
1712 example% zonecfg -z test1
1713 zonecfg:test1> add net
1714 zonecfg:test1:net> set physical=vni0
1715 zonecfg:test1:net> set address=10.0.0.2
1716
1717
1718
1719
1720 The test2 and test3 zone interfaces and addresses are created in the
1721 same way.
1722
1723
1724 Example 11 Turning Off DHCPv6
1725
1726
1727 The following example shows how to disable automatic use of DHCPv6 on
1728 all interfaces, and immediately shut down DHCPv6 on the interface named
1729 hme0. See in.ndpd(1M) and ndpd.conf(4) for more information on the
1730 automatic DHCPv6 configuration mechanism.
1731
1732
1733 example% echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf
1734 example% pkill -HUP -x in.ndpd
1735 example% ifconfig hme0 dhcp release
1736
1737
1738
1740 /etc/netmasks
1741
1742 Netmask data.
1743
1744
1745 /etc/default/inet_type
1746
1747 Default Internet protocol type.
1748
1749
1751 See attributes(5) for descriptions of the following attributes:
1752
1753
1754
1755
1756 ┌───────────────────────────────────────┬──────────────────────────────┐
1757 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
1758 ├───────────────────────────────────────┼──────────────────────────────┤
1759 │Availability │ SUNWcsu │
1760 ├───────────────────────────────────────┼──────────────────────────────┤
1761 │Interface Stability for command-line │ Committed │
1762 │options │ │
1763 ├───────────────────────────────────────┼──────────────────────────────┤
1764 │Interface Stability for command output │ Uncommitted │
1765 └───────────────────────────────────────┴──────────────────────────────┘
1766
1768 dhcpinfo(1), cfgadm(1M), dhcpagent(1M), dladm(1M), if_mpadm(1M),
1769 in.mpathd(1M), in.ndpd(1M), in.routed(1M), ipmpstat(1M), ipsecconf(1M),
1770 ndd(1M), netstat(1M), zoneadm(1M), zonecfg(1M), ethers(3SOCKET), geth‐
1771 ostbyname(3NSL), getnetbyname(3SOCKET), hosts(4), inet_type(4),
1772 ndpd.conf(4), netmasks(4), networks(4), nsswitch.conf(4),
1773 attributes(5), privileges(5), zones(5), arp(7P), ipsecah(7P), ipse‐
1774 cesp(7P)
1775
1776
1777 System Administration Guide: IP Services
1778
1780 ifconfig sends messages that indicate if:
1781
1782 o the specified interface does not exist
1783
1784 o the requested address is unknown
1785
1786 o the user is not privileged and tried to alter an interface's
1787 configuration
1788
1790 Do not select the names broadcast, down, private, trailers, up or other
1791 possible option names when you choose host names. If you choose any one
1792 of these names as host names, it can cause unusual problems that are
1793 extremely difficult to diagnose.
1794
1795
1796
1797SunOS 5.11 13 Aug 2009 ifconfig(1M)