1dladm(1M) System Administration Commands dladm(1M)
2
6 dladm - administer data links
7
9 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
10 dladm rename-link [-R root-dir] link new-link
11 dladm delete-phys phys-link
14 dladm show-phys [-P] [-m] [[-p] -o field[,...]] [-H] [phys-link]
15 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
18 [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
19 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
20 [-T time] [-u address] aggr-link
21 dladm delete-aggr [-t] [-R root-dir] aggr-link
22 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
23 aggr-link
24 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
25 aggr-link
26 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
27 [aggr-link]
28 dladm create-bridge [-P protect] [-R root-dir] [-p priority]
31 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
32 [-l link...] bridge-name
33 dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
36 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
37 bridge-name
38 dladm delete-bridge [-R root-dir] bridge-name
41 dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name
44 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
47 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
50 [bridge-name]
51 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
54 dladm delete-vlan [-t] [-R root-dir] vlan-link
55 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
56 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
59 dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
60 [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]
61 [-m a | b | g] [-T time] [wifi-link]
62 dladm disconnect-wifi [-a] [wifi-link]
63 dladm show-wifi [[-p] -o field[,...]] [wifi-link]
64 dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]
67 dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
70 dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
71 dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]
72 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
75 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
76 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
77 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
80 {factory -n slot-identifier]} | {random [-r prefix]}]
81 [-v vlan-id] [-p prop=value[,...]] vnic-link
82 dladm delete-vnic [-t] [-R root-dir] vnic-link
83 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
84 [-l link] [vnic-link]
85 dladm create-etherstub [-t] [-R root-dir] etherstub
88 dladm delete-etherstub [-t] [-R root-dir] etherstub
89 dladm show-etherstub [etherstub]
90 dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
93 iptun-link
94 dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
95 dladm delete-iptun [-t] [-R root-dir] iptun-link
96 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
97 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
100 [-e time] [link]
101
104 The dladm command is used to administer data-links. A data-link is rep‐
105 resented in the system as a STREAMS DLPI (v2) interface which can be
106 plumbed under protocol stacks such as TCP/IP. Each data-link relies on
107 either a single network device or an aggregation of devices to send
108 packets to or receive packets from a network.
109 Each dladm subcommand operates on one of the following objects:
112 link
114 A datalink, identified by a name. In general, the name can use any
116 alphanumeric characters (or the underscore, _), but must start with
117 an alphabetic character and end with a number. A datalink name can
118 be at most 31 characters, and the ending number must be between 0
119 and 4294967294 (inclusive). The ending number must not begin with a
120 zero. Datalink names between 3 and 8 characters are recommended.
121 Some subcommands operate only on certain types or classes of
123 datalinks. For those cases, the following object names are used:
124 phys-link
126 A physical datalink.
128 vlan-link
131 A VLAN datalink.
133 aggr-link
136 An aggregation datalink (or a key; see NOTES).
138 ether-link
141 A physical Ethernet datalink.
143 wifi-link
146 A WiFi datalink.
148 vnic-link
151 A virtual network interface created on a link or an etherstub.
153 It is a pseudo device that can be treated as if it were an net‐
154 work interface card on a machine.
155 iptun-link
158 An IP tunnel link.
160 dev
164 A network device, identified by concatenation of a driver name and
166 an instance number.
167 etherstub
170 An Ethernet stub can be used instead of a physical NIC to create
172 VNICs. VNICs created on an etherstub will appear to be connected
173 through a virtual switch, allowing complete virtual networks to be
174 built without physical hardware.
175 bridge
178 A bridge instance, identified by an administratively-chosen name.
180 The name may use any alphanumeric characters or the underscore, _,
181 but must start and end with an alphabetic character. A bridge name
182 can be at most 31 characters. The name default is reserved, as are
183 all names starting with SUNW.
184 Note that appending a zero (0) to a bridge name produces a valid
186 link name, used for observability.
187 secobj
190 A secure object, identified by an administratively-chosen name. The
192 name can use any alphanumeric characters, as well as underscore
193 (_), period (.), and hyphen (-). A secure object name can be at
194 most 32 characters.
195 Options
198 Each dladm subcommand has its own set of options. However, many of the
199 subcommands have the following as a common option:
200 -R root-dir, --root-dir=root-dir
202 Specifies an alternate root directory where the operation-such as
204 creation, deletion, or renaming-should apply.
205 SUBCOMMANDS
208 The following subcommands are supported:
209 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]][link]
211 Show link configuration information (the default) or statistics,
213 either for all datalinks or for the specified link link. By
214 default, the system is configured with one datalink for each known
215 network device.
216 -o field[,...], --output=field[,...]
218 A case-insensitive, comma-separated list of output fields to
220 display. When not modified by the -s option (described below),
221 the field name must be one of the fields listed below, or the
222 special value all to display all fields. By default (without
223 -o), show-link displays all fields.
224 LINK
226 The name of the datalink.
228 CLASS
231 The class of the datalink. dladm distinguishes between the
233 following classes:
234 phys
236 A physical datalink. The show-phys subcommand displays
238 more detail for this class of datalink.
239 aggr
242 An IEEE 802.3ad link aggregation. The show-aggr subcom‐
244 mand displays more detail for this class of datalink.
245 vlan
248 A VLAN datalink. The show-vlan subcommand displays more
250 detail for this class of datalink.
251 vnic
254 A virtual network interface. The show-vnic subcommand
256 displays more detail for this class of datalink.
257 MTU
261 The maximum transmission unit size for the datalink being
263 displayed.
264 STATE
267 The link state of the datalink. The state can be up, down,
269 or unknown.
270 BRIDGE
273 The name of the bridge to which this link is assigned, if
275 any.
276 OVER
279 The physical datalink(s) over which the datalink is operat‐
281 ing. This applies to aggr, bridge, and vlan classes of
282 datalinks. A VLAN is created over a single physical
283 datalink, a bridge has multiple attached links, and an
284 aggregation is comprised of one or more physical datalinks.
285 When the -o option is used in conjunction with the -s option,
287 used to display link statistics, the field name must be one of
288 the fields listed below, or the special value all to display
289 all fields
290 LINK
292 The name of the datalink.
294 IPACKETS
297 Number of packets received on this link.
299 RBYTES
302 Number of bytes received on this link.
304 IERRORS
307 Number of input errors.
309 OPACKETS
312 Number of packets sent on this link.
314 OBYTES
317 Number of bytes received on this link.
319 OERRORS
322 Number of output errors.
324 -p, --parseable
328 Display using a stable machine-parseable format. The -o option
330 is required with -p. See "Parseable Output Format", below.
331 -P, --persistent
334 Display the persistent link configuration.
336 -s, --statistics
339 Display link statistics.
341 -i interval, --interval=interval
344 Used with the -s option to specify an interval, in seconds, at
346 which statistics should be displayed. If this option is not
347 specified, statistics will be displayed only once.
348 dladm rename-link [-R root-dir] link new-link
352 Rename link to new-link. This is used to give a link a meaningful
354 name, or to associate existing link configuration such as link
355 properties of a removed device with a new device. See the EXAMPLES
356 section for specific examples of how this subcommand is used.
357 -R root-dir, --root-dir=root-dir
359 See "Options," above.
361 dladm delete-phys phys-link
365 This command is used to delete the persistent configuration of a
367 link associated with physical hardware which has been removed from
368 the system. See the EXAMPLES section.
369 dladm show-phys [-P] [[-p] -o field[,...]] [-H] [phys-link]
372 Show the physical device and attributes of all physical links, or
374 of the named physical link. Without -P, only physical links that
375 are available on the running system are displayed.
376 -H
378 Show hardware resource usage, as returned by the NIC driver.
380 Output from -H displays the following elements:
381 LINK
383 A physical device corresponding to a NIC driver.
385 GROUP
388 A collection of rings.
390 GROUPTYPE
393 RX or TX. All rings in a group are of the same group type.
395 RINGS
398 A hardware resource used by a data link, subject to assign‐
400 ment by a driver to different groups.
401 CLIENTS
404 MAC clients that are using the rings within a group.
406 -o field, --output=field
410 A case-insensitive, comma-separated list of output fields to
412 display. The field name must be one of the fields listed below,
413 or the special value all, to display all fields. For each link,
414 the following fields can be displayed:
415 LINK
417 The name of the datalink.
419 MEDIA
422 The media type provided by the physical datalink.
424 STATE
427 The state of the link. This can be up, down, or unknown.
429 SPEED
432 The current speed of the link, in megabits per second.
434 DUPLEX
437 For Ethernet links, the full/half duplex status of the link
439 is displayed if the link state is up. The duplex is dis‐
440 played as unknown in all other cases.
441 DEVICE
444 The name of the physical device under this link.
446 -p, --parseable
450 Display using a stable machine-parseable format. The -o option
452 is required with -p. See "Parseable Output Format", below.
453 -P, --persistent
456 This option displays persistent configuration for all links,
458 including those that have been removed from the system. The
459 output provides a FLAGS column in which the r flag indicates
460 that the physical device associated with a physical link has
461 been removed. For such links, delete-phys can be used to purge
462 the link's configuration from the system.
463 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
467 [-u address] -l ether-link1 [-l ether-link2...] aggr-link
468 Combine a set of links into a single IEEE 802.3ad link aggregation
470 named aggr-link. The use of an integer key to generate a link name
471 for the aggregation is also supported for backward compatibility.
472 Many of the *-aggr subcommands below also support the use of a key
473 to refer to a given aggregation, but use of the aggregation link
474 name is preferred. See the NOTES section for more information on
475 keys.
476 dladm supports a number of port selection policies for an aggrega‐
478 tion of ports. (See the description of the -P option, below.) If
479 you do not specify a policy, create-aggr uses the default, the L4
480 policy, described under the -P option.
481 -l ether-link, --link=ether-link
483 Each Ethernet link (or port) in the aggregation is specified
485 using an -l option followed by the name of the link to be
486 included in the aggregation. Multiple links are included in the
487 aggregation by specifying multiple -l options. For backward
488 compatibility with previous versions of Solaris, the dladm com‐
489 mand also supports the using the -d option (or --dev) with a
490 device name to specify links by their underlying device name.
491 The other *-aggr subcommands that take -loptions also accept
492 -d.
493 -t, --temporary
496 Specifies that the aggregation is temporary. Temporary aggrega‐
498 tions last until the next reboot.
499 -R root-dir, --root-dir=root-dir
502 See "Options," above.
504 -P policy, --policy=policy
507 Specifies the port selection policy to use for load spreading
510 of outbound traffic. The policy specifies which dev object is
511 used to send packets. A policy is a list of one or more layers
512 specifiers separated by commas. A layer specifier is one of the
513 following:
514 L2
516 Select outbound device according to source and destination
518 MAC addresses of the packet.
519 L3
522 Select outbound device according to source and destination
524 IP addresses of the packet.
525 L4
528 Select outbound device according to the upper layer proto‐
530 col information contained in the packet. For TCP and UDP,
531 this includes source and destination ports. For IPsec, this
532 includes the SPI (Security Parameters Index).
533 For example, to use upper layer protocol information, the fol‐
535 lowing policy can be used:
536 -P L4
538 Note that policy L4 is the default.
541 To use the source and destination MAC addresses as well as the
543 source and destination IP addresses, the following policy can
544 be used:
545 -P L2,L3
547 -L mode, --lacp-mode=mode
552 Specifies whether LACP should be used and, if used, the mode in
554 which it should operate. Supported values are off, active or
555 passive.
556 -T time, --lacp-timer=time
559 Specifies the LACP timer value. The supported values are short
562 or longjjj.
563 -u address, --unicast=address
566 Specifies a fixed unicast hardware address to be used for the
568 aggregation. If this option is not specified, then an address
569 is automatically chosen from the set of addresses of the compo‐
570 nent devices.
571 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
575 [-u address] aggr-link
576 Modify the parameters of the specified aggregation.
578 -t, --temporary
580 Specifies that the modification is temporary. Temporary aggre‐
582 gations last until the next reboot.
583 -R root-dir, --root-dir=root-dir
586 See "Options," above.
588 -P policy, --policy=policy
591 Specifies the port selection policy to use for load spreading
593 of outbound traffic. See dladm create-aggr for a description of
594 valid policy values.
595 -L mode, --lacp-mode=mode
598 Specifies whether LACP should be used and, if used, the mode in
600 which it should operate. Supported values are off, active, or
601 passive.
602 -T time, --lacp-timer=time
605 Specifies the LACP timer value. The supported values are short
608 or long.
609 -u address, --unicast=address
612 Specifies a fixed unicast hardware address to be used for the
614 aggregation. If this option is not specified, then an address
615 is automatically chosen from the set of addresses of the compo‐
616 nent devices.
617 dladm delete-aggr [-t] [-R root-dir] aggr-link
621 Deletes the specified aggregation.
623 -t, --temporary
625 Specifies that the deletion is temporary. Temporary deletions
627 last until the next reboot.
628 -R root-dir, --root-dir=root-dir
631 See "Options," above.
633 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--link=ether-
637 link2...] aggr-link
638 Adds links to the specified aggregation.
640 -l ether-link, --link=ether-link
642 Specifies an Ethernet link to add to the aggregation. Multiple
644 links can be added by supplying multiple -l options.
645 -t, --temporary
648 Specifies that the additions are temporary. Temporary additions
650 last until the next reboot.
651 -R root-dir, --root-dir=root-dir
654 See "Options," above.
656 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--l=ether-
660 link2...] aggr-link
661 Removes links from the specified aggregation.
663 -l ether-link, --link=ether-link
665 Specifies an Ethernet link to remove from the aggregation. Mul‐
667 tiple links can be added by supplying multiple -l options.
668 -t, --temporary
671 Specifies that the removals are temporary. Temporary removal
673 last until the next reboot.
674 -R root-dir, --root-dir=root-dir
677 See "Options," above.
679 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-
683 link]
684 Show aggregation configuration (the default), LACP information, or
686 statistics, either for all aggregations or for the specified aggre‐
687 gation.
688 By default (with no options), the following fields can be dis‐
690 played:
691 LINK
693 The name of the aggregation link.
695 POLICY
698 The LACP policy of the aggregation. See the create-aggr -P
700 option for a description of the possible values.
701 ADDRPOLICY
704 Either auto, if the aggregation is configured to automatically
706 configure its unicast MAC address (the default if the -u option
707 was not used to create or modify the aggregation), or fixed, if
708 -u was used to set a fixed MAC address.
709 LACPACTIVITY
712 The LACP mode of the aggregation. Possible values are off,
714 active, or passive, as set by the -l option to create-aggr or
715 modify-aggr.
716 LACPTIMER
719 The LACP timer value of the aggregation as set by the -T option
721 of create-aggr or modify-aggr.
722 FLAGS
725 A set of state flags associated with the aggregation. The only
727 possible flag is f, which is displayed if the administrator
728 forced the creation the aggregation using the -f option to cre‐
729 ate-aggr. Other flags might be defined in the future.
730 The show-aggr command accepts the following options:
732 -L, --lacp
734 Displays detailed LACP information for the aggregation link and
736 each underlying port. Most of the state information displayed
737 by this option is defined by IEEE 802.3. With this option, the
738 following fields can be displayed:
739 LINK
741 The name of the aggregation link.
743 PORT
746 The name of one of the underlying aggregation ports.
748 AGGREGATABLE
751 Whether the port can be added to the aggregation.
753 SYNC
756 If yes, the system considers the port to be synchronized
758 and part of the aggregation.
759 COLL
762 If yes, collection of incoming frames is enabled on the
764 associated port.
765 DIST
768 If yes, distribution of outgoing frames is enabled on the
770 associated port.
771 DEFAULTED
774 If yes, the port is using defaulted partner information
776 (that is, has not received LACP data from the LACP part‐
777 ner).
778 EXPIRED
781 If yes, the receive state of the port is in the EXPIRED
783 state.
784 -x, --extended
788 Display additional aggregation information including detailed
790 information on each underlying port. With -x, the following
791 fields can be displayed:
792 LINK
794 The name of the aggregation link.
796 PORT
799 The name of one of the underlying aggregation ports.
801 SPEED
804 The speed of the link or port in megabits per second.
806 DUPLEX
809 The full/half duplex status of the link or port is dis‐
811 played if the link state is up. The duplex status is dis‐
812 played as unknown in all other cases.
813 STATE
816 The link state. This can be up, down, or unknown.
818 ADDRESS
821 The MAC address of the link or port.
823 PORTSTATE
826 This indicates whether the individual aggregation port is
828 in the standby or attached state.
829 -o field[,...], --output=field[,...]
833 A case-insensitive, comma-separated list of output fields to
835 display. The field name must be one of the fields listed above,
836 or the special value all, to display all fields. The fields
837 applicable to the -o option are limited to those listed under
838 each output mode. For example, if using -L, only the fields
839 listed under -L, above, can be used with -o.
840 -p, --parseable
843 Display using a stable machine-parseable format. The -o option
845 is required with -p. See "Parseable Output Format", below.
846 -P, --persistent
849 Display the persistent aggregation configuration rather than
851 the state of the running system.
852 -s, --statistics
855 Displays aggregation statistics.
857 -i interval, --interval=interval
860 Used with the -s option to specify an interval, in seconds, at
862 which statistics should be displayed. If this option is not
863 specified, statistics will be displayed only once.
864 dladm create-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
868 max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
869 link...] bridge-name
870 Create an 802.1D bridge instance and optionally assign one or more
872 network links to the new bridge. By default, no bridge instances
873 are present on the system.
874 In order to bridge between links, you must create at least one
876 bridge instance. Each bridge instance is separate, and there is no
877 forwarding connection between bridges.
878 -P protect, --protect=protect
880 Specifies a protection method. The defined protection methods
882 are stp for the Spanning Tree Protocol and trill for TRILL,
883 which is used on RBridges. The default value is stp.
884 -R root-dir, --root-dir=root-dir
887 See "Options," above.
889 -p priority, --priority=priority
892 Specifies the Bridge Priority. This sets the IEEE STP priority
894 value for determining the root bridge node in the network. The
895 default value is 32768. Valid values are 0 (highest priority)
896 to 61440 (lowest priority), in increments of 4096.
897 If a value not evenly divisible by 4096 is used, the system
899 silently rounds downward to the next lower value that is divis‐
900 ible by 4096.
901 -m max-age, --max-age=max-age
904 Specifies the maximum age for configuration information in sec‐
906 onds. This sets the STP Bridge Max Age parameter. This value is
907 used for all nodes in the network if this node is the root
908 bridge. Bridge link information older than this time is dis‐
909 carded. It defaults to 20 seconds. Valid values are from 6 to
910 40 seconds. See the -d forward-delay parameter for additional
911 constraints.
912 -h hello-time, --hello-time=hello-time
915 Specifies the STP Bridge Hello Time parameter. When this node
917 is the root node, it sends Configuration BPDUs at this interval
918 throughout the network. The default value is 2 seconds. Valid
919 values are from 1 to 10 seconds. See the -d forward-delay
920 parameter for additional constraints.
921 -d forward-delay, --forward-delay=forward-delay
924 Specifies the STP Bridge Forward Delay parameter. When this
926 node is the root node, then all bridges in the network use this
927 timer to sequence the link states when a port is enabled. The
928 default value is 15 seconds. Valid values are from 4 to 30 sec‐
929 onds.
930 Bridges must obey the following two constraints:
932 2 * (forward-delay - 1.0) >= max-age
934 max-age >= 2 * (hello-time + 1.0)
936 Any parameter setting that would violate those constraints is
939 treated as an error and causes the command to fail with a diag‐
940 nostic message. The message provides valid alternatives to the
941 supplied values.
942 -f force-protocol, --force-protocol=force-protocol
945 Specifies the MSTP forced maximum supported protocol. The
947 default value is 3. Valid values are non-negative integers. The
948 current implementation does not support RSTP or MSTP, so this
949 currently has no effect. However, to prevent MSTP from being
950 used in the future, the parameter may be set to 0 for STP only
951 or 2 for STP and RSTP.
952 -l link, --link=link
955 Specifies one or more links to add to the newly-created bridge.
957 This is similar to creating the bridge and then adding one or
958 more links, as with the add-bridge subcommand. However, if any
959 of the links cannot be added, the entire command fails, and the
960 new bridge itself is not created. To add multiple links on the
961 same command line, repeat this option for each link. You are
962 permitted to create bridges without links. For more information
963 about link assignments, see the add-bridge subcommand.
964 Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG
966 privilege. Bridge creation might fail if the optional bridging fea‐
967 ture is not installed on the system.
968 dladm modify-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
971 max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
972 link...] bridge-name
973 Modify the operational parameters of an existing bridge. The
975 options are the same as for the create-bridge subcommand, except
976 that the -l option is not permitted. To add links to an existing
977 bridge, use the add-bridge subcommand.
978 Bridge parameter modification requires the PRIV_SYS_DL_CONFIG priv‐
980 ilege.
981 dladm delete-bridge [-R root-dir] bridge-name
984 Delete a bridge instance. The bridge being deleted must not have
986 any attached links. Use the remove-bridge subcommand to deactivate
987 links before deleting a bridge.
988 Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
990 The -R (--root-dir) option is the same as for the create-bridge
992 subcommand.
993 dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
996 Add one or more links to an existing bridge. If multiple links are
998 specified, and adding any one of them results in an error, the com‐
999 mand fails and no changes are made to the system.
1000 Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privi‐
1002 lege.
1003 A link may be a member of at most one bridge. An error occurs when
1005 you attempt to add a link that already belongs to another bridge.
1006 To move a link from one bridge instance to another, remove it from
1007 the current bridge before adding it to a new one.
1008 The links assigned to a bridge must not also be VLANs, VNICs, or
1010 tunnels. Only physical Ethernet datalinks, aggregation datalinks,
1011 wireless links, and Ethernet stubs are permitted to be assigned to
1012 a bridge.
1013 Links assigned to a bridge must all have the same MTU. This is
1015 checked when the link is assigned. The link is added to the bridge
1016 in a deactivated form if it is not the first link on the bridge and
1017 it has a differing MTU.
1018 Note that systems using bridging should not set the eeprom(1M)
1020 local-mac-address? variable to false.
1021 The options are the same as for the create-bridge subcommand.
1023 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
1026 Remove one or more links from a bridge instance. If multiple links
1028 are specified, and removing any one of them would result in an
1029 error, the command fails and none are removed.
1030 Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privi‐
1032 lege.
1033 The options are the same as for the create-bridge subcommand.
1035 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
1038 [bridge-name]
1039 Show the running status and configuration of bridges, their
1041 attached links, learned forwarding entries, and TRILL nickname
1042 databases. When showing overall bridge status and configuration,
1043 the bridge name can be omitted to show all bridges. The other forms
1044 require a specified bridge.
1045 The show-bridge subcommand accepts the following options:
1047 -i interval, --interval=interval
1049 Used with the -s option to specify an interval, in seconds, at
1051 which statistics should be displayed. If this option is not
1052 specified, statistics will be displayed only once.
1053 -s, --statistics
1056 Display statistics for the specified bridges or for a given
1058 bridge's attached links. This option cannot be used with the -f
1059 and -t options.
1060 -p, --parseable
1063 Display using a stable machine-parsable format. See "Parsable
1065 Output Format," below.
1066 -o field[,...], --output=field[,...]
1069 A case-insensitive, comma-separated list of output fields to
1071 display. The field names are described below. The special value
1072 all displays all fields. Each set of fields has its own default
1073 set to display when -o is not specified.
1074 By default, the show-bridge subcommand shows bridge configuration.
1076 The following fields can be shown:
1077 BRIDGE
1079 The name of the bridge.
1081 ADDRESS
1084 The Bridge Unique Identifier value (MAC address).
1086 PRIORITY
1089 Configured priority value; set by -p with create-bridge and
1091 modify-bridge.
1092 BMAXAGE
1095 Configured bridge maximum age; set by -m with create-bridge and
1097 modify-bridge.
1098 BHELLOTIME
1101 Configured bridge hello time; set by -h with create-bridge and
1103 modify-bridge.
1104 BFWDDELAY
1107 Configured forwarding delay; set by -d with create-bridge and
1109 modify-bridge.
1110 FORCEPROTO
1113 Configured forced maximum protocol; set by -f with create-
1115 bridge and modify-bridge.
1116 TCTIME
1119 Time, in seconds, since last topology change.
1121 TCCOUNT
1124 Count of the number of topology changes.
1126 TCHANGE
1129 This indicates that a topology change was detected.
1131 DESROOT
1134 Bridge Identifier of the root node.
1136 ROOTCOST
1139 Cost of the path to the root node.
1141 ROOTPORT
1144 Port number used to reach the root node.
1146 MAXAGE
1149 Maximum age value from the root node.
1151 HELLOTIME
1154 Hello time value from the root node.
1156 FWDDELAY
1159 Forward delay value from the root node.
1161 HOLDTIME
1164 Minimum BPDU interval.
1166 By default, when the -o option is not specified, only the BRIDGE,
1168 ADDRESS, PRIORITY, and DESROOT fields are shown.
1169 When the -s option is specified, the show-bridge subcommand shows
1171 bridge statistics. The following fields can be shown:
1172 BRIDGE
1174 Bridge name.
1176 DROPS
1179 Number of packets dropped due to resource problems.
1181 FORWARDS
1184 Number of packets forwarded from one link to another.
1186 MBCAST
1189 Number of multicast and broadcast packets handled by the
1191 bridge.
1192 RECV
1195 Number of packets received on all attached links.
1197 SENT
1200 Number of packets sent on all attached links.
1202 UNKNOWN
1205 Number of packets handled that have an unknown destination.
1207 Such packets are sent to all links.
1208 By default, when the -o option is not specified, only the BRIDGE,
1210 DROPS, and FORWARDS fields are shown.
1211 The show-bridge subcommand also accepts the following options:
1213 -l, --link
1215 Displays link-related status and statistics information for all
1217 links attached to a single bridge instance. By using this
1218 option and without the -s option, the following fields can be
1219 displayed for each link:
1220 LINK
1222 The link name.
1224 INDEX
1227 Port (link) index number on the bridge.
1229 STATE
1232 State of the link. The state can be disabled, discarding,
1234 learning, forwarding, non-stp, or bad-mtu.
1235 UPTIME
1238 Number of seconds since the last reset or initialization.
1240 OPERCOST
1243 Actual cost in use (1-65535).
1245 OPERP2P
1248 This indicates whether point-to-point (P2P) mode been
1250 detected.
1251 OPEREDGE
1254 This indicates whether edge mode has been detected.
1256 DESROOT
1259 The Root Bridge Identifier that has been seen on this port.
1261 DESCOST
1264 Path cost to the network root node through the designated
1266 port.
1267 DESBRIDGE
1270 Bridge Identifier for this port.
1272 DESPORT
1275 The ID and priority of the port used to transmit configura‐
1277 tion messages for this port.
1278 TCACK
1281 This indicates whether Topology Change Acknowledge has been
1283 seen.
1284 When the -l option is specified without the -o option, only the
1286 LINK, STATE, UPTIME, and DESROOT fields are shown.
1287 When the -l option is specified, the -s option can be used to
1289 display the following fields for each link:
1290 LINK
1292 Link name.
1294 CFGBPDU
1297 Number of configuration BPDUs received.
1299 TCNBPDU
1302 Number of topology change BPDUs received.
1304 RSTPBPDU
1307 Number of Rapid Spanning Tree BPDUs received.
1309 TXBPDU
1312 Number of BPDUs transmitted.
1314 DROPS
1317 Number of packets dropped due to resource problems.
1319 RECV
1322 Number of packets received by the bridge.
1324 XMIT
1327 Number of packets sent by the bridge.
1329 When the -o option is not specified, only the LINK, DROPS,
1331 RECV, and XMIT fields are shown.
1332 -f, --forwarding
1335 Displays forwarding entries for a single bridge instance. With
1337 this option, the following fields can be shown for each for‐
1338 warding entry:
1339 DEST
1341 Destination MAC address.
1343 AGE
1346 Age of entry in seconds and milliseconds. Omitted for local
1348 entries.
1349 FLAGS
1352 The L (local) flag is shown if the MAC address belongs to
1354 an attached link or to a VNIC on one of the attached links.
1355 OUTPUT
1358 For local entries, this is the name of the attached link
1360 that has the MAC address. Otherwise, for bridges that use
1361 Spanning Tree Protocol, this is the output interface name.
1362 For RBridges, this is the output TRILL nickname.
1363 When the -o option is not specified, the DEST, AGE, FLAGS, and
1365 OUTPUT fields are shown.
1366 -t, --trill
1369 Displays TRILL nickname entries for a single bridge instance.
1371 With this option, the following fields can be shown for each
1372 TRILL nickname entry:
1373 NICK
1375 TRILL nickname for this RBridge, which is a number from 1
1377 to 65535.
1378 FLAGS
1381 The L flag is shown if the nickname identifies the local
1383 system.
1384 LINK
1387 Link name for output when sending messages to this RBridge.
1389 NEXTHOP
1392 MAC address of the next hop RBridge that is used to reach
1394 the RBridge with this nickname.
1395 When the -o option is not specified, the NICK, FLAGS, LINK, and
1397 NEXTHOP fields are shown.
1398 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
1402 Create a tagged VLAN link with an ID of vid over Ethernet link
1404 ether-link. The name of the VLAN link can be specified as vlan-
1405 link. If the name is not specified, a name will be automatically
1406 generated (assuming that ether-link is namePPA) as:
1407 <name><1000 * vlan-tag + PPA>
1409 For example, if ether-link is bge1 and vid is 2, the name generated
1412 is bge2001.
1413 -f, --force
1415 Force the creation of the VLAN link. Some devices do not allow
1417 frame sizes large enough to include a VLAN header. When creat‐
1418 ing a VLAN link over such a device, the -f option is needed,
1419 and the MTU of the IP interfaces on the resulting VLAN must be
1420 set to 1496 instead of 1500.
1421 -l ether-link
1424 Specifies Ethernet link over which VLAN is created.
1426 -t, --temporary
1429 Specifies that the VLAN link is temporary. Temporary VLAN links
1431 last until the next reboot.
1432 -R root-dir, --root-dir=root-dir
1435 See "Options," above.
1437 dladm delete-vlan [-t] [-R root-dir] vlan-link
1441 Delete the VLAN link specified.
1443 The delete-vlansubcommand accepts the following options:
1445 -t, --temporary
1447 Specifies that the deletion is temporary. Temporary deletions
1449 last until the next reboot.
1450 -R root-dir, --root-dir=root-dir
1453 See "Options," above.
1455 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
1459 Display VLAN configuration for all VLAN links or for the specified
1461 VLAN link.
1462 The show-vlansubcommand accepts the following options:
1464 -o field[,...], --output=field[,...]
1466 A case-insensitive, comma-separated list of output fields to
1468 display. The field name must be one of the fields listed below,
1469 or the special value all, to display all fields. For each VLAN
1470 link, the following fields can be displayed:
1471 LINK
1473 The name of the VLAN link.
1475 VID
1478 The ID associated with the VLAN.
1480 OVER
1483 The name of the physical link over which this VLAN is con‐
1485 figured.
1486 FLAGS
1489 A set of flags associated with the VLAN link. Possible
1491 flags are:
1492 f
1494 The VLAN was created using the -f option to create-
1496 vlan.
1497 i
1500 The VLAN was implicitly created when the DLPI link was
1502 opened. These VLAN links are automatically deleted on
1503 last close of the DLPI link (for example, when the IP
1504 interface associated with the VLAN link is unplumbed).
1505 Additional flags might be defined in the future.
1507 -p, --parseable
1511 Display using a stable machine-parseable format. The -o option
1513 is required with -p. See "Parseable Output Format", below.
1514 -P, --persistent
1517 Display the persistent VLAN configuration rather than the state
1519 of the running system.
1520 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
1524 Scans for WiFi networks, either on all WiFi links, or just on the
1526 specified wifi-link.
1527 By default, currently all fields but BSSTYPE are displayed.
1529 -o field[,...], --output=field[,...]
1531 A case-insensitive, comma-separated list of output fields to
1533 display. The field name must be one of the fields listed below,
1534 or the special value all to display all fields. For each WiFi
1535 network found, the following fields can be displayed:
1536 LINK
1538 The name of the link the WiFi network is on.
1540 ESSID
1543 The ESSID (name) of the WiFi network.
1545 BSSID
1548 Either the hardware address of the WiFi network's Access
1550 Point (for BSS networks), or the WiFi network's randomly
1551 generated unique token (for IBSS networks).
1552 SEC
1555 Either none for a WiFi network that uses no security, wep
1557 for a WiFi network that requires WEP (Wired Equivalent Pri‐
1558 vacy), or wpa for a WiFi network that requires WPA (Wi-Fi
1559 Protected Access).
1560 MODE
1563 The supported connection modes: one or more of a, b, or g.
1565 STRENGTH
1568 The strength of the signal: one of excellent, very good,
1570 good, weak, or very weak.
1571 SPEED
1574 The maximum speed of the WiFi network, in megabits per sec‐
1576 ond.
1577 BSSTYPE
1580 Either bss for BSS (infrastructure) networks, or ibss for
1582 IBSS (ad-hoc) networks.
1583 -p, --parseable
1587 Display using a stable machine-parseable format. The -o option
1589 is required with -p. See "Parseable Output Format", below.
1590 dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s none | wep |
1594 wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T time] [wifi-
1595 link]
1596 Connects to a WiFi network. This consists of four steps: discovery,
1598 filtration, prioritization, and association. However, to enable
1599 connections to non-broadcast WiFi networks and to improve perfor‐
1600 mance, if a BSSID or ESSID is specified using the -e or -i options,
1601 then the first three steps are skipped and connect-wifi immediately
1602 attempts to associate with a BSSID or ESSID that matches the rest
1603 of the provided parameters. If this association fails, but there is
1604 a possibility that other networks matching the specified criteria
1605 exist, then the traditional discovery process begins as specified
1606 below.
1607 The discovery step finds all available WiFi networks on the speci‐
1609 fied WiFi link, which must not yet be connected. For administrative
1610 convenience, if there is only one WiFi link on the system, wifi-
1611 link can be omitted.
1612 Once discovery is complete, the list of networks is filtered
1614 according to the value of the following options:
1615 -e essid, --essid=essid
1617 Networks that do not have the same essid are filtered out.
1619 -b bss|ibss, --bsstype=bss|ibss
1622 Networks that do not have the same bsstype are filtered out.
1624 -m a|b|g, --mode=a|b|g
1627 Networks not appropriate for the specified 802.11 mode are fil‐
1629 tered out.
1630 -k key,..., --key=key, ...
1633 Use the specified secobj named by the key to connect to the
1635 network. Networks not appropriate for the specified keys are
1636 filtered out.
1637 -s none|wep|wpa, --sec=none|wep|wpa
1640 Networks not appropriate for the specified security mode are
1642 filtered out.
1643 Next, the remaining networks are prioritized, first by signal
1645 strength, and then by maximum speed. Finally, an attempt is made to
1646 associate with each network in the list, in order, until one suc‐
1647 ceeds or no networks remain.
1648 In addition to the options described above, the following options
1650 also control the behavior of connect-wifi:
1651 -a open|shared, --auth=open|shared
1653 Connect using the specified authentication mode. By default,
1655 open and shared are tried in order.
1656 -c, --create-ibss
1659 Used with -b ibss to create a new ad-hoc network if one match‐
1661 ing the specified ESSID cannot be found. If no ESSID is speci‐
1662 fied, then -c -b ibss always triggers the creation of a new ad-
1663 hoc network.
1664 -T time, --timeout=time
1667 Specifies the number of seconds to wait for association to suc‐
1669 ceed. If time is forever, then the associate will wait indefi‐
1670 nitely. The current default is ten seconds, but this might
1671 change in the future. Timeouts shorter than the default might
1672 not succeed reliably.
1673 -k key,..., --key=key,...
1676 In addition to the filtering previously described, the speci‐
1678 fied keys will be used to secure the association. The security
1679 mode to use will be based on the key class; if a security mode
1680 was explicitly specified, it must be compatible with the key
1681 class. All keys must be of the same class.
1682 For security modes that support multiple key slots, the slot to
1684 place the key will be specified by a colon followed by an
1685 index. Therefore, -k mykey:3 places mykey in slot 3. By
1686 default, slot 1 is assumed. For security modes that support
1687 multiple keys, a comma-separated list can be specified, with
1688 the first key being the active key.
1689 dladm disconnect-wifi [-a] [wifi-link]
1693 Disconnect from one or more WiFi networks. If wifi-link specifies a
1695 connected WiFi link, then it is disconnected. For administrative
1696 convenience, if only one WiFi link is connected, wifi-link can be
1697 omitted.
1698 -a, --all-links
1700 Disconnects from all connected links. This is primarily
1702 intended for use by scripts.
1703 dladm show-wifi [[-p] -o field,...] [wifi-link]
1707 Shows WiFi configuration information either for all WiFi links or
1709 for the specified link wifi-link.
1710 -o field,..., --output=field
1712 A case-insensitive, comma-separated list of output fields to
1714 display. The field name must be one of the fields listed below,
1715 or the special value all, to display all fields. For each WiFi
1716 link, the following fields can be displayed:
1717 LINK
1719 The name of the link being displayed.
1721 STATUS
1724 Either connected if the link is connected, or disconnected
1726 if it is not connected. If the link is disconnected, all
1727 remaining fields have the value --.
1728 ESSID
1731 The ESSID (name) of the connected WiFi network.
1733 BSSID
1736 Either the hardware address of the WiFi network's Access
1738 Point (for BSS networks), or the WiFi network's randomly
1739 generated unique token (for IBSS networks).
1740 SEC
1743 Either none for a WiFi network that uses no security, wep
1745 for a WiFi network that requires WEP, or wpa for a WiFi
1746 network that requires WPA.
1747 MODE
1750 The supported connection modes: one or more of a, b, or g.
1752 STRENGTH
1755 The connection strength: one of excellent, very good, good,
1757 weak, or very weak.
1758 SPEED
1761 The connection speed, in megabits per second.
1763 AUTH
1766 Either open or shared (see connect-wifi).
1768 BSSTYPE
1771 Either bss for BSS (infrastructure) networks, or ibss for
1773 IBSS (ad-hoc) networks.
1774 By default, currently all fields but AUTH, BSSID, BSSTYPE are
1776 displayed.
1777 -p, --parseable
1780 Displays using a stable machine-parseable format. The -o option
1782 is required with -p. See "Parseable Output Format", below.
1783 dladm show-ether [-x] [[-p] -o field,...] [ether-link]
1787 Shows state information either for all physical Ethernet links or
1789 for a specified physical Ethernet link.
1790 The show-ether subcommand accepts the following options:
1792 -o field,..., --output=field
1794 A case-insensitive, comma-separated list of output fields to
1796 display. The field name must be one of the fields listed below,
1797 or the special value all to display all fields. For each link,
1798 the following fields can be displayed:
1799 LINK
1801 The name of the link being displayed.
1803 PTYPE
1806 Parameter type, where current indicates the negotiated
1808 state of the link, capable indicates capabilities supported
1809 by the device, adv indicates the advertised capabilities,
1810 and peeradv indicates the capabilities advertised by the
1811 link-partner.
1812 STATE
1815 The state of the link.
1817 AUTO
1820 A yes/no value indicating whether auto-negotiation is
1822 advertised.
1823 SPEED-DUPLEX
1826 Combinations of speed and duplex values available. The
1828 units of speed are encoded with a trailing suffix of G
1829 (Gigabits/s) or M (Mb/s). Duplex values are encoded as f
1830 (full-duplex) or h (half-duplex).
1831 PAUSE
1834 Flow control information. Can be no, indicating no flow
1836 control is available; tx, indicating that the end-point can
1837 transmit pause frames, but ignores any received pause
1838 frames; rx, indicating that the end-point receives and acts
1839 upon received pause frames; or bi, indicating bi-direc‐
1840 tional flow-control.
1841 REM_FAULT
1844 Fault detection information. Valid values are none or
1846 fault.
1847 By default, all fields except REM_FAULT are displayed for the
1849 "current" PTYPE.
1850 -p, --parseable
1853 Displays using a stable machine-parseable format. The -o option
1855 is required with -p. See "Parseable Output Format", below.
1856 -x, --extended
1859 Extended output is displayed for PTYPE values of current, capa‐
1861 ble, adv and peeradv.
1862 dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
1866 Sets the values of one or more properties on the link specified.
1868 The list of properties and their possible values depend on the link
1869 type, the network device driver, and networking hardware. These
1870 properties can be retrieved using show-linkprop.
1871 -t, --temporary
1873 Specifies that the changes are temporary. Temporary changes
1875 last until the next reboot.
1876 -R root-dir, --root-dir=root-dir
1879 See "Options," above.
1881 -p prop=value[,...], --prop prop=value[,...]
1884 A comma-separated list of properties to set to the specified
1887 values.
1888 Note that when the persistent value is set, the temporary value
1890 changes to the same value.
1891 dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
1894 Resets one or more properties to their values on the link speci‐
1896 fied. Properties are reset to the values they had at startup. If no
1897 properties are specified, all properties are reset. See show-
1898 linkprop for a description of properties.
1899 -t, --temporary
1901 Specifies that the resets are temporary. Values are reset to
1903 default values. Temporary resets last until the next reboot.
1904 -R root-dir, --root-dir=root-dir
1907 See "Options," above.
1909 -p prop, ..., --prop=prop, ...
1912 A comma-separated list of properties to reset.
1914 Note that when the persistent value is reset, the temporary value
1916 changes to the same value.
1917 dladm show-linkprop [-P] [[-c] -o field[,...]][-p prop[,...]] [link]
1920 Show the current or persistent values of one or more properties,
1922 either for all datalinks or for the specified link. By default,
1923 current values are shown. If no properties are specified, all
1924 available link properties are displayed. For each property, the
1925 following fields are displayed:
1926 -o field[,...], --output=field
1928 A case-insensitive, comma-separated list of output fields to
1930 display. The field name must be one of the fields listed below,
1931 or the special value all to display all fields. For each link,
1932 the following fields can be displayed:
1933 LINK
1935 The name of the datalink.
1937 PROPERTY
1940 The name of the property.
1942 PERM
1945 The read/write permissions of the property. The value shown
1947 is one of ro or rw.
1948 VALUE
1951 The current (or persistent) property value. If the value is
1953 not set, it is shown as --. If it is unknown, the value is
1954 shown as ?. Persistent values that are not set or have been
1955 reset will be shown as -- and will use the system DEFAULT
1956 value (if any).
1957 DEFAULT
1960 The default value of the property. If the property has no
1962 default value, -- is shown.
1963 POSSIBLE
1966 A comma-separated list of the values the property can have.
1968 If the values span a numeric range, min - max might be
1969 shown as shorthand. If the possible values are unknown or
1970 unbounded, -- is shown.
1971 The list of properties depends on the link type and network
1973 device driver, and the available values for a given property
1974 further depends on the underlying network hardware and its
1975 state. General link properties are documented in the LINK PROP‐
1976 ERTIES section. However, link properties that begin with "_"
1977 (underbar) are specific to a given link or its underlying net‐
1978 work device and subject to change or removal. See the appropri‐
1979 ate network device driver man page for details.
1980 -c, --parseable
1983 Display using a stable machine-parseable format. The -o option
1985 is required with this option. See "Parseable Output Format",
1986 below.
1987 -P, --persistent
1990 Display persistent link property information
1992 -p prop, ..., --prop=prop, ...
1995 A comma-separated list of properties to show. See the sections
1997 on link properties following subcommand descriptions.
1998 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
2002 Create a secure object named secobj in the specified class to be
2004 later used as a WEP or WPA key in connecting to an encrypted net‐
2005 work. The value of the secure object can either be provided inter‐
2006 actively or read from a file. The sequence of interactive prompts
2007 and the file format depends on the class of the secure object.
2008 Currently, the classes wep and wpa are supported. The WEP (Wired
2010 Equivalent Privacy) key can be either 5 or 13 bytes long. It can be
2011 provided either as an ASCII or hexadecimal string -- thus, 12345
2012 and 0x3132333435 are equivalent 5-byte keys (the 0x prefix can be
2013 omitted). A file containing a WEP key must consist of a single line
2014 using either WEP key format. The WPA (Wi-Fi Protected Access) key
2015 must be provided as an ASCII string with a length between 8 and 63
2016 bytes.
2017 This subcommand is only usable by users or roles that belong to the
2019 "Network Link Security" RBAC profile.
2020 -c class, --class=class
2022 class can be wep or wpa. See preceding discussion.
2024 -t, --temporary
2027 Specifies that the creation is temporary. Temporary creation
2029 last until the next reboot.
2030 -R root-dir, --root-dir=root-dir
2033 See "Options," above.
2035 -f file, --file=file
2038 Specifies a file that should be used to obtain the secure
2040 object's value. The format of this file depends on the secure
2041 object class. See the EXAMPLES section for an example of using
2042 this option to set a WEP key.
2043 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
2047 Delete one or more specified secure objects. This subcommand is
2049 only usable by users or roles that belong to the "Network Link
2050 Security" RBAC profile.
2051 -t, --temporary
2053 Specifies that the deletions are temporary. Temporary deletions
2055 last until the next reboot.
2056 -R root-dir, --root-dir=root-dir
2059 See "Options," above.
2061 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
2065 Show current or persistent secure object information. If one or
2067 more secure objects are specified, then information for each is
2068 displayed. Otherwise, all current or persistent secure objects are
2069 displayed.
2070 By default, current secure objects are displayed, which are all
2072 secure objects that have either been persistently created and not
2073 temporarily deleted, or temporarily created.
2074 For security reasons, it is not possible to show the value of a
2076 secure object.
2077 -o field[,...] , --output=field[,...]
2079 A case-insensitive, comma-separated list of output fields to
2081 display. The field name must be one of the fields listed below.
2082 For displayed secure object, the following fields can be shown:
2083 OBJECT
2085 The name of the secure object.
2087 CLASS
2090 The class of the secure object.
2092 -p, --parseable
2096 Display using a stable machine-parseable format. The -o option
2098 is required with -p. See "Parseable Output Format", below.
2099 -P, --persistent
2102 Display persistent secure object information
2104 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto | {fac‐
2108 tory [-n slot-identifier]} | {random [-r prefix]}] [-v vlan-id] [-p
2109 prop=value[,...]] vnic-link
2110 Create a VNIC with name vnic-link over the specified link.
2112 -t, --temporary
2114 Specifies that the VNIC is temporary. Temporary VNICs last
2116 until the next reboot.
2117 -R root-dir, --root-dir=root-dir
2120 See "Options," above.
2122 -l link, --link=link
2125 link can be a physical link or an etherstub.
2127 -m value | keyword, --mac-address=value | keyword
2130 Sets the VNIC's MAC address based on the specified value or
2132 keyword. If value is not a keyword, it is interpreted as a uni‐
2133 cast MAC address, which must be valid for the underlying NIC.
2134 The following special keywords can be used:
2135 factory [-n slot-identifier],
2137 factory [--slot=slot-identifier]
2138 Assign a factory MAC address to the VNIC. When a factory
2140 MAC address is requested, -m can be combined with the -n
2141 option to specify a MAC address slot to be used. If -n is
2142 not specified, the system will choose the next available
2143 factory MAC address. The -m option of the show-phys subcom‐
2144 mand can be used to display the list of factory MAC
2145 addresses, their slot identifiers, and their availability.
2146 random [-r prefix],
2150 random [--mac-prefix=prefix]
2151 Assign a random MAC address to the VNIC. A default prefix
2153 consisting of a valid IEEE OUI with the local bit set will
2154 be used. That prefix can be overridden with the -r option.
2155 auto
2158 Try and use a factory MAC address first. If none is avail‐
2160 able, assign a random MAC address. auto is the default
2161 action if the -m option is not specified.
2162 -v vlan-id
2165 Enable VLAN tagging for this VNIC. The VLAN tag will have
2167 id vlan-id.
2168 -p prop=value,..., --prop prop=value,...
2172 A comma-separated list of properties to set to the specified
2174 values.
2175 dladm delete-vnic [-t] [-R root-dir] vnic-link
2179 Deletes the specified VNIC.
2181 -t, --temporary
2183 Specifies that the deletion is temporary. Temporary deletions
2185 last until the next reboot.
2186 -R root-dir, --root-dir=root-dir
2189 See "Options," above.
2191 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]] [-l link]
2195 [vnic-link]
2196 Show VNIC configuration information (the default) or statistics,
2198 for all VNICs, all VNICs on a link, or only the specified vnic-
2199 link.
2200 -o field[,...] , --output=field[,...]
2202 A case-insensitive, comma-separated list of output fields to
2204 display. The field name must be one of the fields listed below.
2205 The field name must be one of the fields listed below, or the
2206 special value all to display all fields. By default (without
2207 -o), show-vnic displays all fields.
2208 LINK
2210 The name of the VNIC.
2212 OVER
2215 The name of the physical link over which this VNIC is con‐
2217 figured.
2218 SPEED
2221 The maximum speed of the VNIC, in megabits per second.
2223 MACADDRESS
2226 MAC address of the VNIC.
2228 MACADDRTYPE
2231 MAC address type of the VNIC. dladm distinguishes among the
2233 following MAC address types:
2234 random
2236 A random address assigned to the VNIC.
2238 factory
2241 A factory MAC address used by the VNIC.
2243 -p, --parseable
2248 Display using a stable machine-parseable format. The -o option
2250 is required with -p. See "Parseable Output Format", below.
2251 -P, --persistent
2254 Display the persistent VNIC configuration.
2256 -s, --statistics
2259 Displays VNIC statistics.
2261 -i interval, --interval=interval
2264 Used with the -s option to specify an interval, in seconds, at
2266 which statistics should be displayed. If this option is not
2267 specified, statistics will be displayed only once.
2268 -l link, --link=link
2271 Display information for all VNICs on the named link.
2273 dladm create-etherstub [-t] [-R root-dir] etherstub
2278 Create an etherstub with the specified name.
2280 -t, --temporary
2282 Specifies that the etherstub is temporary. Temporary etherstubs
2284 do not persist across reboots.
2285 -R root-dir, --root-dir=root-dir
2288 See "Options," above.
2290 VNICs can be created on top of etherstubs instead of physical NICs.
2292 As with physical NICs, such a creation causes the stack to implic‐
2293 itly create a virtual switch between the VNICs created on top of
2294 the same etherstub.
2295 dladm delete-etherstub [-t] [-R root-dir] etherstub
2299 Delete the specified etherstub.
2301 -t, --temporary
2303 Specifies that the deletion is temporary. Temporary deletions
2305 last until the next reboot.
2306 -R root-dir, --root-dir=root-dir
2309 See "Options," above.
2311 dladm show-etherstub [etherstub]
2315 Show all configured etherstubs by default, or the specified ether‐
2317 stub if etherstub is specified.
2318 dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
2321 iptun-link
2322 Create an IP tunnel link named iptun-link. Such links can addition‐
2324 ally be protected with IPsec using ipsecconf(1M).
2325 An IP tunnel is conceptually comprised of two parts: a virtual link
2327 between two or more IP nodes, and an IP interface above this link
2328 that allows the system to transmit and receive IP packets encapsu‐
2329 lated by the underlying link. This subcommand creates a virtual
2330 link. The ifconfig(1M) command is used to configure IP interfaces
2331 above the link.
2332 -t, --temporary
2334 Specifies that the IP tunnel link is temporary. Temporary tun‐
2336 nels last until the next reboot.
2337 -R root-dir, --root-dir=root-dir
2340 See "Options," above.
2342 -T type, --tunnel-type=type
2345 Specifies the type of tunnel to be created. The type must be
2347 one of the following:
2348 ipv4
2350 A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
2352 This type of tunnel requires IPv4 source and destination
2353 addresses to function. IPv4 and IPv6 interfaces can be
2354 plumbed above such a tunnel to create IPv4-over-IPv4 and
2355 IPv6-over-IPv4 tunneling configurations.
2356 ipv6
2359 A point-to-point, IP-over-IP tunnel between two IPv6 nodes
2361 as defined in IETF RFC 2473. This type of tunnel requires
2362 IPv6 source and destination addresses to function. IPv4 and
2363 IPv6 interfaces can be plumbed above such a tunnel to cre‐
2364 ate IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configura‐
2365 tions.
2366 6to4
2369 A 6to4, point-to-multipoint tunnel as defined in IETF RFC
2371 3056. This type of tunnel requires an IPv4 source address
2372 to function. An IPv6 interface is plumbed on such a tunnel
2373 link to configure a 6to4 router.
2374 -s tsrc, --tunnel-src=tsrc
2378 Literal IP address or hostname corresponding to the tunnel
2380 source. If a hostname is specified, it will be resolved to IP
2381 addresses, and one of those IP addresses will be used as the
2382 tunnel source. Because IP tunnels are created before naming
2383 services have been brought online during the boot process, it
2384 is important that any hostname used be included in /etc/hosts.
2385 -d tdst, --tunnel-dst=tdst
2388 Literal IP address or hostname corresponding to the tunnel des‐
2390 tination.
2391 dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
2395 Modify the parameters of the specified IP tunnel.
2397 -t, --temporary
2399 Specifies that the modification is temporary. Temporary modifi‐
2401 cations last until the next reboot.
2402 -R root-dir, --root-dir=root-dir
2405 See "Options," above.
2407 -s tsrc, --tunnel-src=tsrc
2410 Specifies a new tunnel source address. See create-iptun for a
2412 description.
2413 -d tdst, --tunnel-dst=tdst
2416 Specifies a new tunnel destination address. See create-iptun
2418 for a description.
2419 dladm delete-iptun [-t] [-R root-dir] iptun-link
2423 Delete the specified IP tunnel link.
2425 -t, --temporary
2427 Specifies that the deletion is temporary. Temporary deletions
2429 last until the next reboot.
2430 -R root-dir, --root-dir=root-dir
2433 See "Options," above.
2435 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
2439 Show IP tunnel link configuration for a single IP tunnel or all IP
2441 tunnels.
2442 -P, --persistent
2444 Display the persistent IP tunnel configuration.
2446 -p, --parseable
2449 Display using a stable machine-parseable format. The -o option
2451 is required with -p. See "Parseable Output Format", below.
2452 -o field[,...], --output=field[,...]
2455 A case-insensitive, comma-separated list of output fields to
2457 display. The field name must be one of the fields listed below,
2458 or the special value all, to display all fields. By default
2459 (without -o), show-iptun displays all fields.
2460 LINK
2462 The name of the IP tunnel link.
2464 TYPE
2467 Type of tunnel as specified by the -T option of create-
2469 iptun.
2470 FLAGS
2473 A set of flags associated with the IP tunnel link. Possible
2475 flags are:
2476 s
2478 The IP tunnel link is protected by IPsec policy. To
2480 display the IPsec policy associated with the tunnel
2481 link, enter:
2482 # ipsecconf -ln -i tunnel-link
2484 See ipsecconf(1M) for more details on how to configure
2487 IPsec policy.
2488 i
2491 The IP tunnel link was implicitly created with ifcon‐
2493 fig(1M), and will be automatically deleted when it is
2494 no longer referenced (that is, when the last IP inter‐
2495 face over the tunnel is unplumbed). See ifconfig(1M)
2496 for details on implicit tunnel creation.
2497 SOURCE
2501 The tunnel source address.
2503 DESTINATION
2506 The tunnel destination address.
2508 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e
2513 time] [link]
2514 Show the historical network usage from a stored extended accounting
2516 file. Configuration and enabling of network accounting through acc‐
2517 tadm(1M) is required. The default output will be the summary of
2518 network usage for the entire period of time in which extended
2519 accounting was enabled.
2520 -a
2522 Display all historical network usage for the specified period
2524 of time during which extended accounting is enabled. This
2525 includes the usage information for the links that have already
2526 been deleted.
2527 -f filename, --file=filename
2530 Read extended accounting records of network usage from file‐
2532 name.
2533 -F format, --format=format
2536 Specifies the format of plotfile that is specified by the -p
2538 option. As of this release, gnuplot is the only supported for‐
2539 mat.
2540 -p plotfile, --plot=plotfile
2543 Write network usage data to a file of the format specified by
2545 the -F option, which is required.
2546 -s time, --start=time
2549 -e time, --stop=time
2550 Start and stop times for data display. Time is in the format
2552 MM/DD/YYYY,hh:mm:ss.
2553 link
2556 If specified, display the network usage only for the named
2558 link. Otherwise, display network usage for all links.
2559 Parseable Output Format
2563 Many dladm subcommands have an option that displays output in a
2564 machine-parseable format. The output format is one or more lines of
2565 colon (:) delimited fields. The fields displayed are specific to the
2566 subcommand used and are listed under the entry for the -o option for a
2567 given subcommand. Output includes only those fields requested by means
2568 of the -o option, in the order requested.
2569 When you request multiple fields, any literal colon characters are
2572 escaped by a backslash (\) before being output. Similarly, literal
2573 backslash characters will also be escaped (\\). This escape format is
2574 parseable by using shell read(1) functions with the environment vari‐
2575 able IFS=: (see EXAMPLES, below). Note that escaping is not done when
2576 you request only a single field.
2577 General Link Properties
2579 The following general link properties are supported:
2580 autopush
2582 Specifies the set of STREAMS modules to push on the stream associ‐
2584 ated with a link when its DLPI device is opened. It is a space-
2585 delimited list of modules.
2586 The optional special character sequence [anchor] indicates that a
2588 STREAMS anchor should be placed on the stream at the module previ‐
2589 ously specified in the list. It is an error to specify more than
2590 one anchor or to have an anchor first in the list.
2591 The autopush property is preferred over the more general auto‐
2593 push(1M) command.
2594 cpus
2597 Bind the processing of packets for a given data link to a processor
2599 or a set of processors. The value can be a comma-separated list of
2600 one or more processor ids. If the list consists of more than one
2601 processor, the processing will spread out to all the processors.
2602 Connection to processor affinity and packet ordering for any indi‐
2603 vidual connection will be maintained.
2604 The processor or set of processors are not exclusively reserved for
2606 the link. Only the kernel threads and interrupts associated with
2607 processing of the link are bound to the processor or the set of
2608 processors specified. In case it is desired that processors be ded‐
2609 icated to the link, psrset(1M) can be used to create a processor
2610 set and then specifying the processors from the processor set to
2611 bind the link to.
2612 If the link was already bound to processor or set of processors due
2614 to a previous operation, the binding will be removed and the new
2615 set of processors will be used instead.
2616 The default is no CPU binding, which is to say that the processing
2618 of packets is not bound to any specific processor or processor set.
2619 learn_limit
2622 Limits the number of new or changed MAC sources to be learned over
2624 a bridge link. When the number exceeds this value, learning on that
2625 link is temporarily disabled. Only non-VLAN, non-VNIC type links
2626 have this property.
2627 The default value is 1000. Valid values are greater or equal to 0.
2629 learn_decay
2632 Specifies the decay rate for source changes limited by learn_limit.
2634 This number is subtracted from the counter for a bridge link every
2635 5 seconds. Only non-VLAN, non-VNIC type links have this property.
2636 The default value is 200. Valid values are greater or equal to 0.
2638 maxbw
2641 Sets the full duplex bandwidth for the link. The bandwidth is spec‐
2643 ified as an integer with one of the scale suffixes (K, M, or G for
2644 Kbps, Mbps, and Gbps). If no units are specified, the input value
2645 will be read as Mbps. The default is no bandwidth limit.
2646 priority
2649 Sets the relative priority for the link. The value can be given as
2651 one of the tokens high, medium, or low. The default is high.
2652 stp
2655 Enables or disables Spanning Tree Protocol on a bridge link. Set‐
2657 ting this value to 0 disables Spanning Tree, and puts the link into
2658 forwarding mode with BPDU guarding enabled. This mode is appropri‐
2659 ate for point-to-point links connected only to end nodes. Only non-
2660 VLAN, non-VNIC type links have this property. The default value is
2661 1, to enable STP.
2662 forward
2665 Enables or disables forwarding for a VLAN. Setting this value to 0
2667 disables bridge forwarding for a VLAN link. Disabling bridge for‐
2668 warding removes that VLAN from the "allowed set" for the bridge.
2669 The default value is 1, to enable bridge forwarding for configured
2670 VLANs.
2671 default_tag
2674 Sets the default VLAN ID that is assumed for untagged packets sent
2676 to and received from this link. Only non-VLAN, non-VNIC type links
2677 have this property. Setting this value to 0 disables the bridge
2678 forwarding of untagged packets to and from the port. The default
2679 value is VLAN ID 1. Valid values values are from 0 to 4094.
2680 stp_priority
2683 Sets the STP and RSTP Port Priority value, which is used to deter‐
2685 mine the preferred root port on a bridge. Lower numerical values
2686 are higher priority. The default value is 128. Valid values range
2687 from 0 to 255.
2688 stp_cost
2691 Sets the STP and RSTP cost for using the link. The default value is
2693 auto, which sets the cost based on link speed, using 100 for
2694 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
2695 range from 1 to 65535.
2696 stp_edge
2699 Enables or disables bridge edge port detection. If set to 0
2701 (false), the system assumes that the port is connected to other
2702 bridges even if no bridge PDUs of any type are seen. The default
2703 value is 1, which detects edge ports automatically.
2704 stp_p2p
2707 Sets bridge point-to-point operation mode. Possible values are
2709 true, false, and auto. When set to auto, point-to-point connections
2710 are automatically discovered. When set to true, the port mode is
2711 forced to use point-to-point. When set to false, the port mode is
2712 forced to use normal multipoint mode. The default value is auto.
2713 stp_mcheck
2716 Triggers the system to run the RSTP Force BPDU Migration Check pro‐
2718 cedure on this link. The procedure is triggered by setting the
2719 property value to 1. The property is automatically reset back to 0.
2720 This value cannot be set unless the following are true:
2721 o The link is bridged
2723 o The bridge is protected by Spanning Tree
2725 o The bridge force-protocol value is at least 2 (RSTP)
2727 The default value is 0.
2728 zone
2731 Specifies the zone to which the link belongs. This property can be
2733 modified only temporarily through dladm, and thus the -t option
2734 must be specified. To modify the zone assignment such that it per‐
2735 sists across reboots, please use zonecfg(1M). Possible values con‐
2736 sist of any exclusive-IP zone currently running on the system. By
2737 default, the zone binding is as per zonecfg(1M).
2738 Wifi Link Properties
2741 The following WiFi link properties are supported. Note that the ability
2742 to set a given property to a given value depends on the driver and
2743 hardware.
2744 channel
2746 Specifies the channel to use. This property can be modified only by
2748 certain WiFi links when in IBSS mode. The default value and allowed
2749 range of values varies by regulatory domain.
2750 powermode
2753 Specifies the power management mode of the WiFi link. Possible val‐
2755 ues are off (disable power management), max (maximum power sav‐
2756 ings), and fast (performance-sensitive power management). Default
2757 is off.
2758 radio
2761 Specifies the radio mode of the WiFi link. Possible values are on
2763 or off. Default is on.
2764 speed
2767 Specifies a fixed speed for the WiFi link, in megabits per second.
2769 The set of possible values depends on the driver and hardware (but
2770 is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
2771 By default, there is no fixed speed.
2772 Ethernet Link Properties
2775 The following MII Properties, as documented in ieee802.3(5), are sup‐
2776 ported in read-only mode:
2777 o duplex
2779 o state
2781 o adv_autoneg_cap
2783 o adv_10gfdx_cap
2785 o adv_1000fdx_cap
2787 o adv_1000hdx_cap
2789 o adv_100fdx_cap
2791 o adv_100hdx_cap
2793 o adv_10fdx_cap
2795 o adv_10hdx_cap
2797 Each adv_ property (for example, adv_10fdx_cap) also has a read/write
2800 counterpart en_ property (for example, en_10fdx_cap) controlling param‐
2801 eters used at auto-negotiation. In the absence of Power Management, the
2802 adv* speed/duplex parameters provide the values that are both negoti‐
2803 ated and currently effective in hardware. However, with Power Manage‐
2804 ment enabled, the speed/duplex capabilities currently exposed in hard‐
2805 ware might be a subset of the set of bits that were used in initial
2806 link parameter negotiation. Thus the MII adv_* parameters are marked
2807 read-only, with an additional set of en_* parameters for configuring
2808 speed and duplex properties at initial negotiation.
2809 Note that the adv_autoneg_cap does not have an en_autoneg_cap counter‐
2812 part: the adv_autoneg_cap is a 0/1 switch that turns off/on autonegoti‐
2813 ation itself, and therefore cannot be impacted by Power Management.
2814 In addition, the following Ethernet properties are reported:
2817 speed
2819 (read-only) The operating speed of the device, in Mbps.
2821 mtu
2824 The maximum client SDU (Send Data Unit) supported by the device.
2826 Valid range is 68-65536.
2827 flowctrl
2830 Establishes flow-control modes that will be advertised by the
2832 device. Valid input is one of:
2833 no
2835 No flow control enabled.
2837 rx
2840 Receive, and act upon incoming pause frames.
2842 tx
2845 Transmit pause frames to the peer when congestion occurs, but
2847 ignore received pause frames.
2848 bi
2851 Bidirectional flow control.
2853 Note that the actual settings for this value are constrained by the
2855 capabilities allowed by the device and the link partner.
2856 tagmode
2859 This link property controls the conditions in which 802.1Q VLAN
2861 tags will be inserted in packets being transmitted on the link. Two
2862 mode values can be assigned to this property:
2863 normal Insert a VLAN tag in outgoing packets under the follow‐
2865 ing conditions:
2866 o The packet belongs to a VLAN.
2868 o The user requested priority tagging.
2870 vlanonly Insert a VLAN tag only when the outgoing packet belongs
2873 to a VLAN. If a tag is being inserted in this mode and
2874 the user has also requested a non-zero priority, the
2875 priority is honored and included in the VLAN tag.
2876 The default value is vlanonly.
2878 IP Tunnel Link Properties
2881 The following IP tunnel link properties are supported.
2882 hoplimit
2884 Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating
2886 outer IP header of a tunnel link. This property exists for all tun‐
2887 nel types. The default value is 64.
2888 encaplimit
2891 Specifies the IPv6 encapsulation limit for an IPv6 tunnel as
2893 defined in RFC 2473. This value is the tunnel nesting limit for a
2894 given tunneled packet. The default value is 4. A value of 0 dis‐
2895 ables the encapsulation limit.
2896
2899 Example 1 Configuring an Aggregation
2900 To configure a data-link over an aggregation of devices bge0 and bge1
2903 with key 1, enter the following command:
2904 # dladm create-aggr -d bge0 -d bge1 1
2907 Example 2 Connecting to a WiFi Link
2911 To connect to the most optimal available unsecured network on a system
2914 with a single WiFi link (as per the prioritization rules specified for
2915 connect-wifi), enter the following command:
2916 # dladm connect-wifi
2919 Example 3 Creating a WiFi Key
2923 To interactively create the WEP key mykey, enter the following command:
2926 # dladm create-secobj -c wep mykey
2929 Alternatively, to non-interactively create the WEP key mykey using the
2934 contents of a file:
2935 # umask 077
2938 # cat >/tmp/mykey.$$ <<EOF
2939 12345
2940 EOF
2941 # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
2942 # rm /tmp/mykey.$$
2943 Example 4 Connecting to a Specified Encrypted WiFi Link
2947 To use key mykey to connect to ESSID wlan on link ath0, enter the fol‐
2950 lowing command:
2951 # dladm connect-wifi -k mykey -e wlan ath0
2954 Example 5 Changing a Link Property
2958 To set powermode to the value fast on link pcwl0, enter the following
2961 command:
2962 # dladm set-linkprop -p powermode=fast pcwl0
2965 Example 6 Connecting to a WPA-Protected WiFi Link
2969 Create a WPA key psk and enter the following command:
2972 # dladm create-secobj -c wpa psk
2975 To then use key psk to connect to ESSID wlan on link ath0, enter the
2980 following command:
2981 # dladm connect-wifi -k psk -e wlan ath0
2984 Example 7 Renaming a Link
2988 To rename the bge0 link to mgmt0, enter the following command:
2991 # dladm rename-link bge0 mgmt0
2994 Example 8 Replacing a Network Card
2998 Consider that the bge0 device, whose link was named mgmt0 as shown in
3001 the previous example, needs to be replaced with a ce0 device because of
3002 a hardware failure. The bge0 NIC is physically removed, and replaced
3003 with a new ce0 NIC. To associate the newly added ce0 device with the
3004 mgmt0 configuration previously associated with bge0, enter the follow‐
3005 ing command:
3006 # dladm rename-link ce0 mgmt0
3009 Example 9 Removing a Network Card
3013 Suppose that in the previous example, the intent is not to replace the
3016 bge0 NIC with another NIC, but rather to remove and not replace the
3017 hardware. In that case, the mgmt0 datalink configuration is not slated
3018 to be associated with a different physical device as shown in the pre‐
3019 vious example, but needs to be deleted. Enter the following command to
3020 delete the datalink configuration associated with the mgmt0 datalink,
3021 whose physical hardware (bge0 in this case) has been removed:
3022 # dladm delete-phys mgmt0
3025 Example 10 Using Parseable Output to Capture a Single Field
3029 The following assignment saves the MTU of link net0 to a variable named
3032 mtu.
3033 # mtu=`dladm show-link -p -o mtu net0`
3036 Example 11 Using Parseable Output to Iterate over Links
3040 The following script displays the state of each link on the system.
3043 # dladm show-link -p -o link,state | while IFS=: read link state; do
3046 print "Link $link is in state $state"
3047 done
3048 Example 12 Configuring VNICs
3052 Create two VNICs with names hello0 and test1 over a single physical
3055 link bge0:
3056 # dladm create-vnic -l bge0 hello0
3059 # dladm create-vnic -l bge0 test1
3060 Example 13 Configuring VNICs and Allocating Bandwidth and Priority
3064 Create two VNICs with names hello0 and test1 over a single physical
3067 link bge0 and make hello0 a high priority VNIC with a factory-assigned
3068 MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low pri‐
3069 ority VNIC with a random MAC address and a maximum bandwidth of
3070 100Mbps.
3071 # dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0
3074 # dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1
3075 Example 14 Configuring a VNIC with a Factory MAC Address
3079 First, list the available factory MAC addresses and choose one of them:
3082 # dladm show-phys -m bge0
3085 LINK SLOT ADDRESS INUSE CLIENT
3086 bge0 primary 0:e0:81:27:d4:47 yes bge0
3087 bge0 1 8:0:20:fe:4e:a5 no
3088 bge0 2 8:0:20:fe:4e:a6 no
3089 bge0 3 8:0:20:fe:4e:a7 no
3090 Create a VNIC named hello0 and use slot 1's address:
3095 # dladm create-vnic -l bge0 -m factory -n 1 hello0
3098 # dladm show-phys -m bge0
3099 LINK SLOT ADDRESS INUSE CLIENT
3100 bge0 primary 0:e0:81:27:d4:47 yes bge0
3101 bge0 1 8:0:20:fe:4e:a5 yes hello0
3102 bge0 2 8:0:20:fe:4e:a6 no
3103 bge0 3 8:0:20:fe:4e:a7 no
3104 Example 15 Creating a VNIC with User-Specified MAC Address, Binding it
3108 to Set of Processors
3109 Create a VNIC with name hello0, with a user specified MAC address, and
3112 a processor binding 0, 1, 2, 3.
3113 # dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,1,2,3 hello0
3116 Example 16 Creating a Virtual Network Without a Physical NIC
3120 First, create an etherstub with name stub1:
3123 # dladm create-etherstub stub1
3126 Create two VNICs with names hello0 and test1 on the etherstub. This
3131 operation implicitly creates a virtual switch connecting hello0 and
3132 test1.
3133 # dladm create-vnic -l stub1 hello0
3136 # dladm create-vnic -l stub1 test1
3137 Example 17 Showing Network Usage
3141 Network usage statistics can be stored using the extended accounting
3144 facility, acctadm(1M).
3145 # acctadm -e basic -f /var/log/net.log net
3148 # acctadm net
3149 Network accounting: active
3150 Network accounting file: /var/log/net.log
3151 Tracked Network resources: basic
3152 Untracked Network resources: src_ip,dst_ip,src_port,dst_port,protocol,
3153 dsfield
3154 The saved historical data can be retrieved in summary form using the
3159 show-usage subcommand:
3160 # dladm show-usage -f /var/log/net.log
3163 LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
3164 e1000g0 80 1031 546908 0 0 2.44 Kbps
3165 Example 18 Displaying Bridge Information
3169 The following commands use the show-bridge subcommand with no and vari‐
3172 ous options.
3173 # dladm show-bridge
3176 BRIDGE PROTECT ADDRESS PRIORITY DESROOT
3177 foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
3178 bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
3179 # dladm show-bridge -l foo
3181 LINK STATE UPTIME DESROOT
3182 hme0 forwarding 117 8192/0:d0:0:76:14:38
3183 qfe1 forwarding 117 8192/0:d0:0:76:14:38
3184 # dladm show-bridge -s foo
3186 BRIDGE DROPS FORWARDS
3187 foo 0 302
3188 # dladm show-bridge -ls foo
3190 LINK DROPS RECV XMIT
3191 hme0 0 360832 31797
3192 qfe1 0 322311 356852
3193 # dladm show-bridge -f foo
3195 DEST AGE FLAGS OUTPUT
3196 8:0:20:bc:a7:dc 10.860 -- hme0
3197 8:0:20:bf:f9:69 -- L hme0
3198 8:0:20:c0:20:26 17.420 -- hme0
3199 8:0:20:e5:86:11 -- L qfe1
3200 Example 19 Creating an IPv4 Tunnel
3204 The following sequence of commands creates and then displays a persis‐
3207 tent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:
3208 # dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
3211 # dladm show-iptun mytunnel0
3212 LINK TYPE FLAGS SOURCE DESTINATION
3213 mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
3214 A point-to-point IP interface can then be created over this tunnel
3219 link:
3220 # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
3223 As with any other IP interface, configuration persistence for this IP
3228 interface is achieved by placing the desired ifconfig commands (in this
3229 case, the command for "10.1.0.1 10.1.0.2") into /etc/hostname.mytun‐
3230 nel0.
3231 Example 20 Creating a 6to4 Tunnel
3234 The following command creates a 6to4 tunnel link. The IPv4 address of
3237 the 6to4 router is 75.10.11.12.
3238 # dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
3241 # dladm show-iptun sitetunnel0
3242 LINK TYPE FLAGS SOURCE DESTINATION
3243 sitetunnel0 6to4 -- 75.10.11.12 --
3244 The following command plumbs an IPv6 interface on this tunnel:
3249 # ifconfig sitetunnel0 inet6 plumb up
3252 # ifconfig sitetunnel0 inet6
3253 sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
3254 inet tunnel src 75.10.11.12
3255 tunnel hop limit 64
3256 inet6 2002:4b0a:b0c::1/16
3257 Note that the system automatically configures the IPv6 address on the
3262 6to4 IP interface. See ifconfig(1M) for a description of how IPv6
3263 addresses are configured on 6to4 tunnel links.
3264
3267 See attributes(5) for descriptions of the following attributes:
3268 /usr/sbin
3271 ┌─────────────────────────────┬─────────────────────────────┐
3276 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
3277 ├─────────────────────────────┼─────────────────────────────┤
3278 │Availability │SUNWcsu │
3279 ├─────────────────────────────┼─────────────────────────────┤
3280 │Interface Stability │Committed │
3281 └─────────────────────────────┴─────────────────────────────┘
3282 /sbin
3285 ┌─────────────────────────────┬─────────────────────────────┐
3290 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
3291 ├─────────────────────────────┼─────────────────────────────┤
3292 │Availability │SUNWcsr │
3293 ├─────────────────────────────┼─────────────────────────────┤
3294 │Interface Stability │Committed │
3295 └─────────────────────────────┴─────────────────────────────┘
3296
3298 acctadm(1M), autopush(1M), ifconfig(1M), ipsecconf(1M), ndd(1M),
3299 psrset(1M), wpad(1M), zonecfg(1M), attributes(5), ieee802.3(5),
3300 dlpi(7P)
3301
3303 The preferred method of referring to an aggregation in the aggregation
3304 subcommands is by its link name. Referring to an aggregation by its
3305 integer key is supported for backward compatibility, but is not neces‐
3306 sary. When creating an aggregation, if a key is specified instead of a
3307 link name, the aggregation's link name will be automatically generated
3308 by dladm as aggrkey.
3309SunOS 5.11 23 Sep 2009 dladm(1M)