1dladm(1M)               System Administration Commands               dladm(1M)
2
3
4

NAME

6       dladm - administer data links
7

SYNOPSIS

9       dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
10       dladm rename-link [-R root-dir] link new-link
11
12
13       dladm delete-phys phys-link
14       dladm show-phys [-P] [-m] [[-p] -o field[,...]] [-H] [phys-link]
15
16
17       dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
18            [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
19       dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
20            [-T time] [-u address] aggr-link
21       dladm delete-aggr [-t] [-R root-dir] aggr-link
22       dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
23            aggr-link
24       dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
25            aggr-link
26       dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
27            [aggr-link]
28
29
30       dladm create-bridge [-P protect] [-R root-dir] [-p priority]
31            [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
32            [-l link...] bridge-name
33
34
35       dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
36            [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
37            bridge-name
38
39
40       dladm delete-bridge [-R root-dir] bridge-name
41
42
43       dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name
44
45
46       dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
47
48
49       dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
50            [bridge-name]
51
52
53       dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
54       dladm delete-vlan [-t] [-R root-dir] vlan-link
55       dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
56
57
58       dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
59       dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
60            [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]
61            [-m a | b | g] [-T time] [wifi-link]
62       dladm disconnect-wifi [-a] [wifi-link]
63       dladm show-wifi [[-p] -o field[,...]] [wifi-link]
64
65
66       dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]
67
68
69       dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
70       dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
71       dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]
72
73
74       dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
75       dladm delete-secobj [-t] [-R root-dir] secobj[,...]
76       dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
77
78
79       dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
80            {factory -n slot-identifier]} | {random [-r prefix]}]
81            [-v vlan-id] [-p prop=value[,...]] vnic-link
82       dladm delete-vnic [-t] [-R root-dir] vnic-link
83       dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
84            [-l link] [vnic-link]
85
86
87       dladm create-etherstub [-t] [-R root-dir] etherstub
88       dladm delete-etherstub [-t] [-R root-dir] etherstub
89       dladm show-etherstub [etherstub]
90
91
92       dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
93            iptun-link
94       dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
95       dladm delete-iptun [-t] [-R root-dir] iptun-link
96       dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
97
98
99       dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
100            [-e time] [link]
101
102

DESCRIPTION

104       The dladm command is used to administer data-links. A data-link is rep‐
105       resented in the system as a STREAMS DLPI (v2) interface  which  can  be
106       plumbed  under protocol stacks such as TCP/IP. Each data-link relies on
107       either a single network device or an aggregation  of  devices  to  send
108       packets to or receive packets from a network.
109
110
111       Each dladm subcommand operates on one of the following objects:
112
113       link
114
115           A  datalink, identified by a name. In general, the name can use any
116           alphanumeric characters (or the underscore, _), but must start with
117           an  alphabetic character and end with a number. A datalink name can
118           be at most 31 characters, and the ending number must be  between  0
119           and 4294967294 (inclusive). The ending number must not begin with a
120           zero. Datalink names between 3 and 8 characters are recommended.
121
122           Some subcommands operate  only  on  certain  types  or  classes  of
123           datalinks. For those cases, the following object names are used:
124
125           phys-link
126
127               A physical datalink.
128
129
130           vlan-link
131
132               A VLAN datalink.
133
134
135           aggr-link
136
137               An aggregation datalink (or a key; see NOTES).
138
139
140           ether-link
141
142               A physical Ethernet datalink.
143
144
145           wifi-link
146
147               A WiFi datalink.
148
149
150           vnic-link
151
152               A  virtual network interface created on a link or an etherstub.
153               It is a pseudo device that can be treated as if it were an net‐
154               work interface card on a machine.
155
156
157           iptun-link
158
159               An IP tunnel link.
160
161
162
163       dev
164
165           A  network device, identified by concatenation of a driver name and
166           an instance number.
167
168
169       etherstub
170
171           An Ethernet stub can be used instead of a physical  NIC  to  create
172           VNICs.  VNICs  created  on an etherstub will appear to be connected
173           through a virtual switch, allowing complete virtual networks to  be
174           built without physical hardware.
175
176
177       bridge
178
179           A  bridge  instance, identified by an administratively-chosen name.
180           The name may use any alphanumeric characters or the underscore,  _,
181           but  must start and end with an alphabetic character. A bridge name
182           can be at most 31 characters. The name default is reserved, as  are
183           all names starting with SUNW.
184
185           Note  that  appending  a zero (0) to a bridge name produces a valid
186           link name, used for observability.
187
188
189       secobj
190
191           A secure object, identified by an administratively-chosen name. The
192           name  can  use  any  alphanumeric characters, as well as underscore
193           (_), period (.), and hyphen (-). A secure object  name  can  be  at
194           most 32 characters.
195
196
197   Options
198       Each  dladm subcommand has its own set of options. However, many of the
199       subcommands have the following as a common option:
200
201       -R root-dir, --root-dir=root-dir
202
203           Specifies an alternate root directory where the  operation-such  as
204           creation, deletion, or renaming-should apply.
205
206
207   SUBCOMMANDS
208       The following subcommands are supported:
209
210       dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]][link]
211
212           Show  link  configuration  information (the default) or statistics,
213           either for all  datalinks  or  for  the  specified  link  link.  By
214           default,  the system is configured with one datalink for each known
215           network device.
216
217           -o field[,...], --output=field[,...]
218
219               A case-insensitive, comma-separated list of  output  fields  to
220               display.  When not modified by the -s option (described below),
221               the field name must be one of the fields listed below,  or  the
222               special  value  all  to display all fields. By default (without
223               -o), show-link displays all fields.
224
225               LINK
226
227                   The name of the datalink.
228
229
230               CLASS
231
232                   The class of the datalink. dladm distinguishes between  the
233                   following classes:
234
235                   phys
236
237                       A  physical datalink. The show-phys subcommand displays
238                       more detail for this class of datalink.
239
240
241                   aggr
242
243                       An IEEE 802.3ad link aggregation. The show-aggr subcom‐
244                       mand displays more detail for this class of datalink.
245
246
247                   vlan
248
249                       A VLAN datalink. The show-vlan subcommand displays more
250                       detail for this class of datalink.
251
252
253                   vnic
254
255                       A virtual network interface. The  show-vnic  subcommand
256                       displays more detail for this class of datalink.
257
258
259
260               MTU
261
262                   The  maximum  transmission unit size for the datalink being
263                   displayed.
264
265
266               STATE
267
268                   The link state of the datalink. The state can be up,  down,
269                   or unknown.
270
271
272               BRIDGE
273
274                   The  name  of the bridge to which this link is assigned, if
275                   any.
276
277
278               OVER
279
280                   The physical datalink(s) over which the datalink is operat‐
281                   ing.  This  applies  to  aggr,  bridge, and vlan classes of
282                   datalinks.  A  VLAN  is  created  over  a  single  physical
283                   datalink,  a  bridge  has  multiple  attached links, and an
284                   aggregation is comprised of one or more physical datalinks.
285
286               When the -o option is used in conjunction with the  -s  option,
287               used  to display link statistics, the field name must be one of
288               the fields listed below, or the special value  all  to  display
289               all fields
290
291               LINK
292
293                   The name of the datalink.
294
295
296               IPACKETS
297
298                   Number of packets received on this link.
299
300
301               RBYTES
302
303                   Number of bytes received on this link.
304
305
306               IERRORS
307
308                   Number of input errors.
309
310
311               OPACKETS
312
313                   Number of packets sent on this link.
314
315
316               OBYTES
317
318                   Number of bytes received on this link.
319
320
321               OERRORS
322
323                   Number of output errors.
324
325
326
327           -p, --parseable
328
329               Display  using a stable machine-parseable format. The -o option
330               is required with -p. See "Parseable Output Format", below.
331
332
333           -P, --persistent
334
335               Display the persistent link configuration.
336
337
338           -s, --statistics
339
340               Display link statistics.
341
342
343           -i interval, --interval=interval
344
345               Used with the -s option to specify an interval, in seconds,  at
346               which  statistics  should  be  displayed. If this option is not
347               specified, statistics will be displayed only once.
348
349
350
351       dladm rename-link [-R root-dir] link new-link
352
353           Rename link to new-link. This is used to give a link  a  meaningful
354           name,  or  to  associate  existing  link configuration such as link
355           properties of a removed device with a new device. See the  EXAMPLES
356           section for specific examples of how this subcommand is used.
357
358           -R root-dir, --root-dir=root-dir
359
360               See "Options," above.
361
362
363
364       dladm delete-phys phys-link
365
366           This  command  is  used to delete the persistent configuration of a
367           link associated with physical hardware which has been removed  from
368           the system. See the EXAMPLES section.
369
370
371       dladm show-phys [-P] [[-p] -o field[,...]] [-H] [phys-link]
372
373           Show  the  physical device and attributes of all physical links, or
374           of the named physical link. Without -P, only  physical  links  that
375           are available on the running system are displayed.
376
377           -H
378
379               Show  hardware  resource  usage, as returned by the NIC driver.
380               Output from -H displays the following elements:
381
382               LINK
383
384                   A physical device corresponding to a NIC driver.
385
386
387               GROUP
388
389                   A collection of rings.
390
391
392               GROUPTYPE
393
394                   RX or TX. All rings in a group are of the same group type.
395
396
397               RINGS
398
399                   A hardware resource used by a data link, subject to assign‐
400                   ment by a driver to different groups.
401
402
403               CLIENTS
404
405                   MAC clients that are using the rings within a group.
406
407
408
409           -o field, --output=field
410
411               A  case-insensitive,  comma-separated  list of output fields to
412               display. The field name must be one of the fields listed below,
413               or the special value all, to display all fields. For each link,
414               the following fields can be displayed:
415
416               LINK
417
418                   The name of the datalink.
419
420
421               MEDIA
422
423                   The media type provided by the physical datalink.
424
425
426               STATE
427
428                   The state of the link. This can be up, down, or unknown.
429
430
431               SPEED
432
433                   The current speed of the link, in megabits per second.
434
435
436               DUPLEX
437
438                   For Ethernet links, the full/half duplex status of the link
439                   is  displayed  if  the link state is up. The duplex is dis‐
440                   played as unknown in all other cases.
441
442
443               DEVICE
444
445                   The name of the physical device under this link.
446
447
448
449           -p, --parseable
450
451               Display using a stable machine-parseable format. The -o  option
452               is required with -p. See "Parseable Output Format", below.
453
454
455           -P, --persistent
456
457               This  option  displays  persistent configuration for all links,
458               including those that have been removed  from  the  system.  The
459               output  provides  a  FLAGS column in which the r flag indicates
460               that the physical device associated with a  physical  link  has
461               been  removed. For such links, delete-phys can be used to purge
462               the link's configuration from the system.
463
464
465
466       dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
467       [-u address] -l ether-link1 [-l ether-link2...] aggr-link
468
469           Combine  a set of links into a single IEEE 802.3ad link aggregation
470           named aggr-link. The use of an integer key to generate a link  name
471           for  the  aggregation is also supported for backward compatibility.
472           Many of the *-aggr subcommands below also support the use of a  key
473           to  refer  to  a given aggregation, but use of the aggregation link
474           name is preferred. See the NOTES section for  more  information  on
475           keys.
476
477           dladm  supports a number of port selection policies for an aggrega‐
478           tion of ports. (See the description of the -P  option,  below.)  If
479           you  do  not specify a policy, create-aggr uses the default, the L4
480           policy, described under the -P option.
481
482           -l ether-link, --link=ether-link
483
484               Each Ethernet link (or port) in the  aggregation  is  specified
485               using  an  -l  option  followed  by  the name of the link to be
486               included in the aggregation. Multiple links are included in the
487               aggregation  by  specifying  multiple  -l options. For backward
488               compatibility with previous versions of Solaris, the dladm com‐
489               mand  also  supports  the using the -d option (or --dev) with a
490               device name to specify links by their underlying  device  name.
491               The  other  *-aggr  subcommands that take -loptions also accept
492               -d.
493
494
495           -t, --temporary
496
497               Specifies that the aggregation is temporary. Temporary aggrega‐
498               tions last until the next reboot.
499
500
501           -R root-dir, --root-dir=root-dir
502
503               See "Options," above.
504
505
506           -P policy, --policy=policy
507
508
509               Specifies  the  port selection policy to use for load spreading
510               of outbound traffic. The policy specifies which dev  object  is
511               used  to send packets. A policy is a list of one or more layers
512               specifiers separated by commas. A layer specifier is one of the
513               following:
514
515               L2
516
517                   Select  outbound device according to source and destination
518                   MAC addresses of the packet.
519
520
521               L3
522
523                   Select outbound device according to source and  destination
524                   IP addresses of the packet.
525
526
527               L4
528
529                   Select  outbound device according to the upper layer proto‐
530                   col information contained in the packet. For TCP  and  UDP,
531                   this includes source and destination ports. For IPsec, this
532                   includes the SPI (Security Parameters Index).
533
534               For example, to use upper layer protocol information, the  fol‐
535               lowing policy can be used:
536
537                 -P L4
538
539
540               Note that policy L4 is the default.
541
542               To  use the source and destination MAC addresses as well as the
543               source and destination IP addresses, the following  policy  can
544               be used:
545
546                 -P L2,L3
547
548
549
550
551           -L mode, --lacp-mode=mode
552
553               Specifies whether LACP should be used and, if used, the mode in
554               which it should operate. Supported values are  off,  active  or
555               passive.
556
557
558           -T time, --lacp-timer=time
559
560
561               Specifies  the LACP timer value. The supported values are short
562               or longjjj.
563
564
565           -u address, --unicast=address
566
567               Specifies a fixed unicast hardware address to be used  for  the
568               aggregation.  If  this option is not specified, then an address
569               is automatically chosen from the set of addresses of the compo‐
570               nent devices.
571
572
573
574       dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
575       [-u address] aggr-link
576
577           Modify the parameters of the specified aggregation.
578
579           -t, --temporary
580
581               Specifies that the modification is temporary. Temporary  aggre‐
582               gations last until the next reboot.
583
584
585           -R root-dir, --root-dir=root-dir
586
587               See "Options," above.
588
589
590           -P policy, --policy=policy
591
592               Specifies  the  port selection policy to use for load spreading
593               of outbound traffic. See dladm create-aggr for a description of
594               valid policy values.
595
596
597           -L mode, --lacp-mode=mode
598
599               Specifies whether LACP should be used and, if used, the mode in
600               which it should operate. Supported values are off,  active,  or
601               passive.
602
603
604           -T time, --lacp-timer=time
605
606
607               Specifies  the LACP timer value. The supported values are short
608               or long.
609
610
611           -u address, --unicast=address
612
613               Specifies a fixed unicast hardware address to be used  for  the
614               aggregation.  If  this option is not specified, then an address
615               is automatically chosen from the set of addresses of the compo‐
616               nent devices.
617
618
619
620       dladm delete-aggr [-t] [-R root-dir] aggr-link
621
622           Deletes the specified aggregation.
623
624           -t, --temporary
625
626               Specifies  that  the deletion is temporary. Temporary deletions
627               last until the next reboot.
628
629
630           -R root-dir, --root-dir=root-dir
631
632               See "Options," above.
633
634
635
636       dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--link=ether-
637       link2...] aggr-link
638
639           Adds links to the specified aggregation.
640
641           -l ether-link, --link=ether-link
642
643               Specifies  an Ethernet link to add to the aggregation. Multiple
644               links can be added by supplying multiple -l options.
645
646
647           -t, --temporary
648
649               Specifies that the additions are temporary. Temporary additions
650               last until the next reboot.
651
652
653           -R root-dir, --root-dir=root-dir
654
655               See "Options," above.
656
657
658
659       dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--l=ether-
660       link2...] aggr-link
661
662           Removes links from the specified aggregation.
663
664           -l ether-link, --link=ether-link
665
666               Specifies an Ethernet link to remove from the aggregation. Mul‐
667               tiple links can be added by supplying multiple -l options.
668
669
670           -t, --temporary
671
672               Specifies  that  the  removals are temporary. Temporary removal
673               last until the next reboot.
674
675
676           -R root-dir, --root-dir=root-dir
677
678               See "Options," above.
679
680
681
682       dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-
683       link]
684
685           Show  aggregation configuration (the default), LACP information, or
686           statistics, either for all aggregations or for the specified aggre‐
687           gation.
688
689           By  default  (with  no  options),  the following fields can be dis‐
690           played:
691
692           LINK
693
694               The name of the aggregation link.
695
696
697           POLICY
698
699               The LACP policy of the  aggregation.  See  the  create-aggr  -P
700               option for a description of the possible values.
701
702
703           ADDRPOLICY
704
705               Either  auto, if the aggregation is configured to automatically
706               configure its unicast MAC address (the default if the -u option
707               was not used to create or modify the aggregation), or fixed, if
708               -u was used to set a fixed MAC address.
709
710
711           LACPACTIVITY
712
713               The LACP mode of the  aggregation.  Possible  values  are  off,
714               active,  or  passive, as set by the -l option to create-aggr or
715               modify-aggr.
716
717
718           LACPTIMER
719
720               The LACP timer value of the aggregation as set by the -T option
721               of create-aggr or modify-aggr.
722
723
724           FLAGS
725
726               A  set of state flags associated with the aggregation. The only
727               possible flag is f, which is  displayed  if  the  administrator
728               forced the creation the aggregation using the -f option to cre‐
729               ate-aggr. Other flags might be defined in the future.
730
731           The show-aggr command accepts the following options:
732
733           -L, --lacp
734
735               Displays detailed LACP information for the aggregation link and
736               each  underlying  port. Most of the state information displayed
737               by this option is defined by IEEE 802.3. With this option,  the
738               following fields can be displayed:
739
740               LINK
741
742                   The name of the aggregation link.
743
744
745               PORT
746
747                   The name of one of the underlying aggregation ports.
748
749
750               AGGREGATABLE
751
752                   Whether the port can be added to the aggregation.
753
754
755               SYNC
756
757                   If  yes,  the  system considers the port to be synchronized
758                   and part of the aggregation.
759
760
761               COLL
762
763                   If yes, collection of incoming frames  is  enabled  on  the
764                   associated port.
765
766
767               DIST
768
769                   If  yes,  distribution of outgoing frames is enabled on the
770                   associated port.
771
772
773               DEFAULTED
774
775                   If yes, the port is  using  defaulted  partner  information
776                   (that  is,  has  not received LACP data from the LACP part‐
777                   ner).
778
779
780               EXPIRED
781
782                   If yes, the receive state of the port  is  in  the  EXPIRED
783                   state.
784
785
786
787           -x, --extended
788
789               Display  additional  aggregation information including detailed
790               information on each underlying port.  With  -x,  the  following
791               fields can be displayed:
792
793               LINK
794
795                   The name of the aggregation link.
796
797
798               PORT
799
800                   The name of one of the underlying aggregation ports.
801
802
803               SPEED
804
805                   The speed of the link or port in megabits per second.
806
807
808               DUPLEX
809
810                   The  full/half  duplex  status  of the link or port is dis‐
811                   played if the link state is up. The duplex status  is  dis‐
812                   played as unknown in all other cases.
813
814
815               STATE
816
817                   The link state. This can be up, down, or unknown.
818
819
820               ADDRESS
821
822                   The MAC address of the link or port.
823
824
825               PORTSTATE
826
827                   This  indicates  whether the individual aggregation port is
828                   in the standby or attached state.
829
830
831
832           -o field[,...], --output=field[,...]
833
834               A case-insensitive, comma-separated list of  output  fields  to
835               display. The field name must be one of the fields listed above,
836               or the special value all, to display  all  fields.  The  fields
837               applicable  to  the -o option are limited to those listed under
838               each output mode. For example, if using  -L,  only  the  fields
839               listed under -L, above, can be used with -o.
840
841
842           -p, --parseable
843
844               Display  using a stable machine-parseable format. The -o option
845               is required with -p. See "Parseable Output Format", below.
846
847
848           -P, --persistent
849
850               Display the persistent aggregation  configuration  rather  than
851               the state of the running system.
852
853
854           -s, --statistics
855
856               Displays aggregation statistics.
857
858
859           -i interval, --interval=interval
860
861               Used  with the -s option to specify an interval, in seconds, at
862               which statistics should be displayed. If  this  option  is  not
863               specified, statistics will be displayed only once.
864
865
866
867       dladm create-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
868       max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
869       link...] bridge-name
870
871           Create  an 802.1D bridge instance and optionally assign one or more
872           network links to the new bridge. By default,  no  bridge  instances
873           are present on the system.
874
875           In  order  to  bridge  between  links, you must create at least one
876           bridge instance. Each bridge instance is separate, and there is  no
877           forwarding connection between bridges.
878
879           -P protect, --protect=protect
880
881               Specifies  a  protection method. The defined protection methods
882               are stp for the Spanning Tree Protocol  and  trill  for  TRILL,
883               which is used on RBridges. The default value is stp.
884
885
886           -R root-dir, --root-dir=root-dir
887
888               See "Options," above.
889
890
891           -p priority, --priority=priority
892
893               Specifies  the Bridge Priority. This sets the IEEE STP priority
894               value for determining the root bridge node in the network.  The
895               default  value  is 32768. Valid values are 0 (highest priority)
896               to 61440 (lowest priority), in increments of 4096.
897
898               If a value not evenly divisible by 4096  is  used,  the  system
899               silently rounds downward to the next lower value that is divis‐
900               ible by 4096.
901
902
903           -m max-age, --max-age=max-age
904
905               Specifies the maximum age for configuration information in sec‐
906               onds. This sets the STP Bridge Max Age parameter. This value is
907               used for all nodes in the network if  this  node  is  the  root
908               bridge.  Bridge  link  information older than this time is dis‐
909               carded. It defaults to 20 seconds. Valid values are from  6  to
910               40  seconds.  See the -d forward-delay parameter for additional
911               constraints.
912
913
914           -h hello-time, --hello-time=hello-time
915
916               Specifies the STP Bridge Hello Time parameter. When  this  node
917               is the root node, it sends Configuration BPDUs at this interval
918               throughout the network. The default value is 2  seconds.  Valid
919               values  are  from  1  to  10  seconds. See the -d forward-delay
920               parameter for additional constraints.
921
922
923           -d forward-delay, --forward-delay=forward-delay
924
925               Specifies the STP Bridge Forward  Delay  parameter.  When  this
926               node is the root node, then all bridges in the network use this
927               timer to sequence the link states when a port is  enabled.  The
928               default value is 15 seconds. Valid values are from 4 to 30 sec‐
929               onds.
930
931               Bridges must obey the following two constraints:
932
933                 2 * (forward-delay - 1.0) >= max-age
934
935                 max-age >= 2 * (hello-time + 1.0)
936
937
938               Any parameter setting that would violate those  constraints  is
939               treated as an error and causes the command to fail with a diag‐
940               nostic message. The message provides valid alternatives to  the
941               supplied values.
942
943
944           -f force-protocol, --force-protocol=force-protocol
945
946               Specifies  the  MSTP  forced  maximum  supported  protocol. The
947               default value is 3. Valid values are non-negative integers. The
948               current  implementation  does not support RSTP or MSTP, so this
949               currently has no effect. However, to prevent  MSTP  from  being
950               used  in the future, the parameter may be set to 0 for STP only
951               or 2 for STP and RSTP.
952
953
954           -l link, --link=link
955
956               Specifies one or more links to add to the newly-created bridge.
957               This  is  similar to creating the bridge and then adding one or
958               more links, as with the add-bridge subcommand. However, if  any
959               of the links cannot be added, the entire command fails, and the
960               new bridge itself is not created. To add multiple links on  the
961               same  command  line,  repeat this option for each link. You are
962               permitted to create bridges without links. For more information
963               about link assignments, see the add-bridge subcommand.
964
965           Bridge  creation and link assignment require the PRIV_SYS_DL_CONFIG
966           privilege. Bridge creation might fail if the optional bridging fea‐
967           ture is not installed on the system.
968
969
970       dladm modify-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
971       max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
972       link...] bridge-name
973
974           Modify  the  operational  parameters  of  an  existing  bridge. The
975           options are the same as for the  create-bridge  subcommand,  except
976           that  the  -l  option is not permitted. To add links to an existing
977           bridge, use the add-bridge subcommand.
978
979           Bridge parameter modification requires the PRIV_SYS_DL_CONFIG priv‐
980           ilege.
981
982
983       dladm delete-bridge [-R root-dir] bridge-name
984
985           Delete  a  bridge  instance. The bridge being deleted must not have
986           any attached links. Use the remove-bridge subcommand to  deactivate
987           links before deleting a bridge.
988
989           Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
990
991           The  -R  (--root-dir)  option  is the same as for the create-bridge
992           subcommand.
993
994
995       dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
996
997           Add one or more links to an existing bridge. If multiple links  are
998           specified, and adding any one of them results in an error, the com‐
999           mand fails and no changes are made to the system.
1000
1001           Link addition to a bridge requires  the  PRIV_SYS_DL_CONFIG  privi‐
1002           lege.
1003
1004           A  link may be a member of at most one bridge. An error occurs when
1005           you attempt to add a link that already belongs to  another  bridge.
1006           To  move a link from one bridge instance to another, remove it from
1007           the current bridge before adding it to a new one.
1008
1009           The links assigned to a bridge must not also be  VLANs,  VNICs,  or
1010           tunnels.  Only  physical Ethernet datalinks, aggregation datalinks,
1011           wireless links, and Ethernet stubs are permitted to be assigned  to
1012           a bridge.
1013
1014           Links  assigned  to  a  bridge  must all have the same MTU. This is
1015           checked when the link is assigned. The link is added to the  bridge
1016           in a deactivated form if it is not the first link on the bridge and
1017           it has a differing MTU.
1018
1019           Note that systems using bridging  should  not  set  the  eeprom(1M)
1020           local-mac-address? variable to false.
1021
1022           The options are the same as for the create-bridge subcommand.
1023
1024
1025       dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
1026
1027           Remove  one or more links from a bridge instance. If multiple links
1028           are specified, and removing any one of  them  would  result  in  an
1029           error, the command fails and none are removed.
1030
1031           Link  removal  from a bridge requires the PRIV_SYS_DL_CONFIG privi‐
1032           lege.
1033
1034           The options are the same as for the create-bridge subcommand.
1035
1036
1037       dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
1038       [bridge-name]
1039
1040           Show  the  running  status  and  configuration  of  bridges,  their
1041           attached links, learned  forwarding  entries,  and  TRILL  nickname
1042           databases.  When  showing  overall bridge status and configuration,
1043           the bridge name can be omitted to show all bridges. The other forms
1044           require a specified bridge.
1045
1046           The show-bridge subcommand accepts the following options:
1047
1048           -i interval, --interval=interval
1049
1050               Used  with the -s option to specify an interval, in seconds, at
1051               which statistics should be displayed. If  this  option  is  not
1052               specified, statistics will be displayed only once.
1053
1054
1055           -s, --statistics
1056
1057               Display  statistics  for  the  specified bridges or for a given
1058               bridge's attached links. This option cannot be used with the -f
1059               and -t options.
1060
1061
1062           -p, --parseable
1063
1064               Display  using  a stable machine-parsable format. See "Parsable
1065               Output Format," below.
1066
1067
1068           -o field[,...], --output=field[,...]
1069
1070               A case-insensitive, comma-separated list of  output  fields  to
1071               display. The field names are described below. The special value
1072               all displays all fields. Each set of fields has its own default
1073               set to display when -o is not specified.
1074
1075           By  default, the show-bridge subcommand shows bridge configuration.
1076           The following fields can be shown:
1077
1078           BRIDGE
1079
1080               The name of the bridge.
1081
1082
1083           ADDRESS
1084
1085               The Bridge Unique Identifier value (MAC address).
1086
1087
1088           PRIORITY
1089
1090               Configured priority value; set by  -p  with  create-bridge  and
1091               modify-bridge.
1092
1093
1094           BMAXAGE
1095
1096               Configured bridge maximum age; set by -m with create-bridge and
1097               modify-bridge.
1098
1099
1100           BHELLOTIME
1101
1102               Configured bridge hello time; set by -h with create-bridge  and
1103               modify-bridge.
1104
1105
1106           BFWDDELAY
1107
1108               Configured  forwarding  delay; set by -d with create-bridge and
1109               modify-bridge.
1110
1111
1112           FORCEPROTO
1113
1114               Configured forced maximum protocol;  set  by  -f  with  create-
1115               bridge and modify-bridge.
1116
1117
1118           TCTIME
1119
1120               Time, in seconds, since last topology change.
1121
1122
1123           TCCOUNT
1124
1125               Count of the number of topology changes.
1126
1127
1128           TCHANGE
1129
1130               This indicates that a topology change was detected.
1131
1132
1133           DESROOT
1134
1135               Bridge Identifier of the root node.
1136
1137
1138           ROOTCOST
1139
1140               Cost of the path to the root node.
1141
1142
1143           ROOTPORT
1144
1145               Port number used to reach the root node.
1146
1147
1148           MAXAGE
1149
1150               Maximum age value from the root node.
1151
1152
1153           HELLOTIME
1154
1155               Hello time value from the root node.
1156
1157
1158           FWDDELAY
1159
1160               Forward delay value from the root node.
1161
1162
1163           HOLDTIME
1164
1165               Minimum BPDU interval.
1166
1167           By  default,  when the -o option is not specified, only the BRIDGE,
1168           ADDRESS, PRIORITY, and DESROOT fields are shown.
1169
1170           When the -s option is specified, the show-bridge  subcommand  shows
1171           bridge statistics. The following fields can be shown:
1172
1173           BRIDGE
1174
1175               Bridge name.
1176
1177
1178           DROPS
1179
1180               Number of packets dropped due to resource problems.
1181
1182
1183           FORWARDS
1184
1185               Number of packets forwarded from one link to another.
1186
1187
1188           MBCAST
1189
1190               Number  of  multicast  and  broadcast  packets  handled  by the
1191               bridge.
1192
1193
1194           RECV
1195
1196               Number of packets received on all attached links.
1197
1198
1199           SENT
1200
1201               Number of packets sent on all attached links.
1202
1203
1204           UNKNOWN
1205
1206               Number of packets handled that  have  an  unknown  destination.
1207               Such packets are sent to all links.
1208
1209           By  default,  when the -o option is not specified, only the BRIDGE,
1210           DROPS, and FORWARDS fields are shown.
1211
1212           The show-bridge subcommand also accepts the following options:
1213
1214           -l, --link
1215
1216               Displays link-related status and statistics information for all
1217               links  attached  to  a  single  bridge  instance. By using this
1218               option and without the -s option, the following fields  can  be
1219               displayed for each link:
1220
1221               LINK
1222
1223                   The link name.
1224
1225
1226               INDEX
1227
1228                   Port (link) index number on the bridge.
1229
1230
1231               STATE
1232
1233                   State  of  the link. The state can be disabled, discarding,
1234                   learning, forwarding, non-stp, or bad-mtu.
1235
1236
1237               UPTIME
1238
1239                   Number of seconds since the last reset or initialization.
1240
1241
1242               OPERCOST
1243
1244                   Actual cost in use (1-65535).
1245
1246
1247               OPERP2P
1248
1249                   This  indicates  whether  point-to-point  (P2P)  mode  been
1250                   detected.
1251
1252
1253               OPEREDGE
1254
1255                   This indicates whether edge mode has been detected.
1256
1257
1258               DESROOT
1259
1260                   The Root Bridge Identifier that has been seen on this port.
1261
1262
1263               DESCOST
1264
1265                   Path  cost  to the network root node through the designated
1266                   port.
1267
1268
1269               DESBRIDGE
1270
1271                   Bridge Identifier for this port.
1272
1273
1274               DESPORT
1275
1276                   The ID and priority of the port used to transmit configura‐
1277                   tion messages for this port.
1278
1279
1280               TCACK
1281
1282                   This indicates whether Topology Change Acknowledge has been
1283                   seen.
1284
1285               When the -l option is specified without the -o option, only the
1286               LINK, STATE, UPTIME, and DESROOT fields are shown.
1287
1288               When  the  -l option is specified, the -s option can be used to
1289               display the following fields for each link:
1290
1291               LINK
1292
1293                   Link name.
1294
1295
1296               CFGBPDU
1297
1298                   Number of configuration BPDUs received.
1299
1300
1301               TCNBPDU
1302
1303                   Number of topology change BPDUs received.
1304
1305
1306               RSTPBPDU
1307
1308                   Number of Rapid Spanning Tree BPDUs received.
1309
1310
1311               TXBPDU
1312
1313                   Number of BPDUs transmitted.
1314
1315
1316               DROPS
1317
1318                   Number of packets dropped due to resource problems.
1319
1320
1321               RECV
1322
1323                   Number of packets received by the bridge.
1324
1325
1326               XMIT
1327
1328                   Number of packets sent by the bridge.
1329
1330               When the -o option is not  specified,  only  the  LINK,  DROPS,
1331               RECV, and XMIT fields are shown.
1332
1333
1334           -f, --forwarding
1335
1336               Displays  forwarding entries for a single bridge instance. With
1337               this option, the following fields can be shown  for  each  for‐
1338               warding entry:
1339
1340               DEST
1341
1342                   Destination MAC address.
1343
1344
1345               AGE
1346
1347                   Age of entry in seconds and milliseconds. Omitted for local
1348                   entries.
1349
1350
1351               FLAGS
1352
1353                   The L (local) flag is shown if the MAC address  belongs  to
1354                   an attached link or to a VNIC on one of the attached links.
1355
1356
1357               OUTPUT
1358
1359                   For  local  entries,  this is the name of the attached link
1360                   that has the MAC address. Otherwise, for bridges  that  use
1361                   Spanning  Tree Protocol, this is the output interface name.
1362                   For RBridges, this is the output TRILL nickname.
1363
1364               When the -o option is not specified, the DEST, AGE, FLAGS,  and
1365               OUTPUT fields are shown.
1366
1367
1368           -t, --trill
1369
1370               Displays  TRILL  nickname entries for a single bridge instance.
1371               With this option, the following fields can be  shown  for  each
1372               TRILL nickname entry:
1373
1374               NICK
1375
1376                   TRILL  nickname  for this RBridge, which is a number from 1
1377                   to 65535.
1378
1379
1380               FLAGS
1381
1382                   The L flag is shown if the nickname  identifies  the  local
1383                   system.
1384
1385
1386               LINK
1387
1388                   Link name for output when sending messages to this RBridge.
1389
1390
1391               NEXTHOP
1392
1393                   MAC  address  of the next hop RBridge that is used to reach
1394                   the RBridge with this nickname.
1395
1396               When the -o option is not specified, the NICK, FLAGS, LINK, and
1397               NEXTHOP fields are shown.
1398
1399
1400
1401       dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
1402
1403           Create  a  tagged  VLAN  link  with an ID of vid over Ethernet link
1404           ether-link. The name of the VLAN link can  be  specified  as  vlan-
1405           link.  If  the  name is not specified, a name will be automatically
1406           generated (assuming that ether-link is namePPA) as:
1407
1408             <name><1000 * vlan-tag + PPA>
1409
1410
1411           For example, if ether-link is bge1 and vid is 2, the name generated
1412           is bge2001.
1413
1414           -f, --force
1415
1416               Force  the creation of the VLAN link. Some devices do not allow
1417               frame sizes large enough to include a VLAN header. When  creat‐
1418               ing  a  VLAN  link over such a device, the -f option is needed,
1419               and the MTU of the IP interfaces on the resulting VLAN must  be
1420               set to 1496 instead of 1500.
1421
1422
1423           -l ether-link
1424
1425               Specifies Ethernet link over which VLAN is created.
1426
1427
1428           -t, --temporary
1429
1430               Specifies that the VLAN link is temporary. Temporary VLAN links
1431               last until the next reboot.
1432
1433
1434           -R root-dir, --root-dir=root-dir
1435
1436               See "Options," above.
1437
1438
1439
1440       dladm delete-vlan [-t] [-R root-dir] vlan-link
1441
1442           Delete the VLAN link specified.
1443
1444           The delete-vlansubcommand accepts the following options:
1445
1446           -t, --temporary
1447
1448               Specifies that the deletion is temporary.  Temporary  deletions
1449               last until the next reboot.
1450
1451
1452           -R root-dir, --root-dir=root-dir
1453
1454               See "Options," above.
1455
1456
1457
1458       dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
1459
1460           Display  VLAN configuration for all VLAN links or for the specified
1461           VLAN link.
1462
1463           The show-vlansubcommand accepts the following options:
1464
1465           -o field[,...], --output=field[,...]
1466
1467               A case-insensitive, comma-separated list of  output  fields  to
1468               display. The field name must be one of the fields listed below,
1469               or the special value all, to display all fields. For each  VLAN
1470               link, the following fields can be displayed:
1471
1472               LINK
1473
1474                   The name of the VLAN link.
1475
1476
1477               VID
1478
1479                   The ID associated with the VLAN.
1480
1481
1482               OVER
1483
1484                   The  name of the physical link over which this VLAN is con‐
1485                   figured.
1486
1487
1488               FLAGS
1489
1490                   A set of flags associated  with  the  VLAN  link.  Possible
1491                   flags are:
1492
1493                   f
1494
1495                       The  VLAN  was  created  using the -f option to create-
1496                       vlan.
1497
1498
1499                   i
1500
1501                       The VLAN was implicitly created when the DLPI link  was
1502                       opened.  These  VLAN links are automatically deleted on
1503                       last close of the DLPI link (for example, when  the  IP
1504                       interface associated with the VLAN link is unplumbed).
1505
1506                   Additional flags might be defined in the future.
1507
1508
1509
1510           -p, --parseable
1511
1512               Display  using a stable machine-parseable format. The -o option
1513               is required with -p. See "Parseable Output Format", below.
1514
1515
1516           -P, --persistent
1517
1518               Display the persistent VLAN configuration rather than the state
1519               of the running system.
1520
1521
1522
1523       dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
1524
1525           Scans  for  WiFi networks, either on all WiFi links, or just on the
1526           specified wifi-link.
1527
1528           By default, currently all fields but BSSTYPE are displayed.
1529
1530           -o field[,...], --output=field[,...]
1531
1532               A case-insensitive, comma-separated list of  output  fields  to
1533               display. The field name must be one of the fields listed below,
1534               or the special value all to display all fields. For  each  WiFi
1535               network found, the following fields can be displayed:
1536
1537               LINK
1538
1539                   The name of the link the WiFi network is on.
1540
1541
1542               ESSID
1543
1544                   The ESSID (name) of the WiFi network.
1545
1546
1547               BSSID
1548
1549                   Either  the  hardware  address of the WiFi network's Access
1550                   Point (for BSS networks), or the  WiFi  network's  randomly
1551                   generated unique token (for IBSS networks).
1552
1553
1554               SEC
1555
1556                   Either  none  for a WiFi network that uses no security, wep
1557                   for a WiFi network that requires WEP (Wired Equivalent Pri‐
1558                   vacy),  or  wpa for a WiFi network that requires WPA (Wi-Fi
1559                   Protected Access).
1560
1561
1562               MODE
1563
1564                   The supported connection modes: one or more of a, b, or g.
1565
1566
1567               STRENGTH
1568
1569                   The strength of the signal: one of  excellent,  very  good,
1570                   good, weak, or very weak.
1571
1572
1573               SPEED
1574
1575                   The maximum speed of the WiFi network, in megabits per sec‐
1576                   ond.
1577
1578
1579               BSSTYPE
1580
1581                   Either bss for BSS (infrastructure) networks, or  ibss  for
1582                   IBSS (ad-hoc) networks.
1583
1584
1585
1586           -p, --parseable
1587
1588               Display  using a stable machine-parseable format. The -o option
1589               is required with -p. See "Parseable Output Format", below.
1590
1591
1592
1593       dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s none | wep |
1594       wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T time] [wifi-
1595       link]
1596
1597           Connects to a WiFi network. This consists of four steps: discovery,
1598           filtration,  prioritization,  and  association.  However, to enable
1599           connections to non-broadcast WiFi networks and to  improve  perfor‐
1600           mance, if a BSSID or ESSID is specified using the -e or -i options,
1601           then the first three steps are skipped and connect-wifi immediately
1602           attempts  to  associate with a BSSID or ESSID that matches the rest
1603           of the provided parameters. If this association fails, but there is
1604           a  possibility  that other networks matching the specified criteria
1605           exist, then the traditional discovery process begins  as  specified
1606           below.
1607
1608           The  discovery step finds all available WiFi networks on the speci‐
1609           fied WiFi link, which must not yet be connected. For administrative
1610           convenience,  if  there  is only one WiFi link on the system, wifi-
1611           link can be omitted.
1612
1613           Once discovery is  complete,  the  list  of  networks  is  filtered
1614           according to the value of the following options:
1615
1616           -e essid, --essid=essid
1617
1618               Networks that do not have the same essid are filtered out.
1619
1620
1621           -b bss|ibss, --bsstype=bss|ibss
1622
1623               Networks that do not have the same bsstype are filtered out.
1624
1625
1626           -m a|b|g, --mode=a|b|g
1627
1628               Networks not appropriate for the specified 802.11 mode are fil‐
1629               tered out.
1630
1631
1632           -k key,..., --key=key, ...
1633
1634               Use the specified secobj named by the key  to  connect  to  the
1635               network.  Networks  not  appropriate for the specified keys are
1636               filtered out.
1637
1638
1639           -s none|wep|wpa, --sec=none|wep|wpa
1640
1641               Networks not appropriate for the specified  security  mode  are
1642               filtered out.
1643
1644           Next,  the  remaining  networks  are  prioritized,  first by signal
1645           strength, and then by maximum speed. Finally, an attempt is made to
1646           associate  with  each network in the list, in order, until one suc‐
1647           ceeds or no networks remain.
1648
1649           In addition to the options described above, the  following  options
1650           also control the behavior of connect-wifi:
1651
1652           -a open|shared, --auth=open|shared
1653
1654               Connect  using  the  specified authentication mode. By default,
1655               open and shared are tried in order.
1656
1657
1658           -c, --create-ibss
1659
1660               Used with -b ibss to create a new ad-hoc network if one  match‐
1661               ing  the specified ESSID cannot be found. If no ESSID is speci‐
1662               fied, then -c -b ibss always triggers the creation of a new ad-
1663               hoc network.
1664
1665
1666           -T time, --timeout=time
1667
1668               Specifies the number of seconds to wait for association to suc‐
1669               ceed. If time is forever, then the associate will wait  indefi‐
1670               nitely.  The  current  default  is  ten seconds, but this might
1671               change in the future. Timeouts shorter than the  default  might
1672               not succeed reliably.
1673
1674
1675           -k key,..., --key=key,...
1676
1677               In  addition  to the filtering previously described, the speci‐
1678               fied keys will be used to secure the association. The  security
1679               mode  to use will be based on the key class; if a security mode
1680               was explicitly specified, it must be compatible  with  the  key
1681               class. All keys must be of the same class.
1682
1683               For security modes that support multiple key slots, the slot to
1684               place the key will be specified  by  a  colon  followed  by  an
1685               index.  Therefore,  -k  mykey:3  places  mykey  in  slot  3. By
1686               default, slot 1 is assumed. For  security  modes  that  support
1687               multiple  keys,  a  comma-separated list can be specified, with
1688               the first key being the active key.
1689
1690
1691
1692       dladm disconnect-wifi [-a] [wifi-link]
1693
1694           Disconnect from one or more WiFi networks. If wifi-link specifies a
1695           connected  WiFi  link,  then it is disconnected. For administrative
1696           convenience, if only one WiFi link is connected, wifi-link  can  be
1697           omitted.
1698
1699           -a, --all-links
1700
1701               Disconnects   from  all  connected  links.  This  is  primarily
1702               intended for use by scripts.
1703
1704
1705
1706       dladm show-wifi [[-p] -o field,...] [wifi-link]
1707
1708           Shows WiFi configuration information either for all WiFi  links  or
1709           for the specified link wifi-link.
1710
1711           -o field,..., --output=field
1712
1713               A  case-insensitive,  comma-separated  list of output fields to
1714               display. The field name must be one of the fields listed below,
1715               or  the special value all, to display all fields. For each WiFi
1716               link, the following fields can be displayed:
1717
1718               LINK
1719
1720                   The name of the link being displayed.
1721
1722
1723               STATUS
1724
1725                   Either connected if the link is connected, or  disconnected
1726                   if  it  is  not connected. If the link is disconnected, all
1727                   remaining fields have the value --.
1728
1729
1730               ESSID
1731
1732                   The ESSID (name) of the connected WiFi network.
1733
1734
1735               BSSID
1736
1737                   Either the hardware address of the  WiFi  network's  Access
1738                   Point  (for  BSS  networks), or the WiFi network's randomly
1739                   generated unique token (for IBSS networks).
1740
1741
1742               SEC
1743
1744                   Either none for a WiFi network that uses no  security,  wep
1745                   for  a  WiFi  network  that requires WEP, or wpa for a WiFi
1746                   network that requires WPA.
1747
1748
1749               MODE
1750
1751                   The supported connection modes: one or more of a, b, or g.
1752
1753
1754               STRENGTH
1755
1756                   The connection strength: one of excellent, very good, good,
1757                   weak, or very weak.
1758
1759
1760               SPEED
1761
1762                   The connection speed, in megabits per second.
1763
1764
1765               AUTH
1766
1767                   Either open or shared (see connect-wifi).
1768
1769
1770               BSSTYPE
1771
1772                   Either  bss  for BSS (infrastructure) networks, or ibss for
1773                   IBSS (ad-hoc) networks.
1774
1775               By default, currently all fields but AUTH, BSSID,  BSSTYPE  are
1776               displayed.
1777
1778
1779           -p, --parseable
1780
1781               Displays using a stable machine-parseable format. The -o option
1782               is required with -p. See "Parseable Output Format", below.
1783
1784
1785
1786       dladm show-ether [-x] [[-p] -o field,...] [ether-link]
1787
1788           Shows state information either for all physical Ethernet  links  or
1789           for a specified physical Ethernet link.
1790
1791           The show-ether subcommand accepts the following options:
1792
1793           -o field,..., --output=field
1794
1795               A  case-insensitive,  comma-separated  list of output fields to
1796               display. The field name must be one of the fields listed below,
1797               or  the special value all to display all fields. For each link,
1798               the following fields can be displayed:
1799
1800               LINK
1801
1802                   The name of the link being displayed.
1803
1804
1805               PTYPE
1806
1807                   Parameter type,  where  current  indicates  the  negotiated
1808                   state of the link, capable indicates capabilities supported
1809                   by the device, adv indicates the  advertised  capabilities,
1810                   and  peeradv  indicates  the capabilities advertised by the
1811                   link-partner.
1812
1813
1814               STATE
1815
1816                   The state of the link.
1817
1818
1819               AUTO
1820
1821                   A  yes/no  value  indicating  whether  auto-negotiation  is
1822                   advertised.
1823
1824
1825               SPEED-DUPLEX
1826
1827                   Combinations  of  speed  and  duplex  values available. The
1828                   units of speed are encoded with  a  trailing  suffix  of  G
1829                   (Gigabits/s)  or  M  (Mb/s). Duplex values are encoded as f
1830                   (full-duplex) or h (half-duplex).
1831
1832
1833               PAUSE
1834
1835                   Flow control information. Can be  no,  indicating  no  flow
1836                   control is available; tx, indicating that the end-point can
1837                   transmit pause  frames,  but  ignores  any  received  pause
1838                   frames; rx, indicating that the end-point receives and acts
1839                   upon received pause frames;  or  bi,  indicating  bi-direc‐
1840                   tional flow-control.
1841
1842
1843               REM_FAULT
1844
1845                   Fault  detection  information.  Valid  values  are  none or
1846                   fault.
1847
1848               By default, all fields except REM_FAULT are displayed  for  the
1849               "current" PTYPE.
1850
1851
1852           -p, --parseable
1853
1854               Displays using a stable machine-parseable format. The -o option
1855               is required with -p. See "Parseable Output Format", below.
1856
1857
1858           -x, --extended
1859
1860               Extended output is displayed for PTYPE values of current, capa‐
1861               ble, adv and peeradv.
1862
1863
1864
1865       dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
1866
1867           Sets  the  values  of one or more properties on the link specified.
1868           The list of properties and their possible values depend on the link
1869           type,  the  network  device  driver, and networking hardware. These
1870           properties can be retrieved using show-linkprop.
1871
1872           -t, --temporary
1873
1874               Specifies that the changes  are  temporary.  Temporary  changes
1875               last until the next reboot.
1876
1877
1878           -R root-dir, --root-dir=root-dir
1879
1880               See "Options," above.
1881
1882
1883           -p prop=value[,...], --prop prop=value[,...]
1884
1885
1886               A  comma-separated  list  of properties to set to the specified
1887               values.
1888
1889           Note that when the persistent value is  set,  the  temporary  value
1890           changes to the same value.
1891
1892
1893       dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
1894
1895           Resets  one  or  more properties to their values on the link speci‐
1896           fied. Properties are reset to the values they had at startup. If no
1897           properties  are  specified,  all  properties  are  reset. See show-
1898           linkprop for a description of properties.
1899
1900           -t, --temporary
1901
1902               Specifies that the resets are temporary. Values  are  reset  to
1903               default values. Temporary resets last until the next reboot.
1904
1905
1906           -R root-dir, --root-dir=root-dir
1907
1908               See "Options," above.
1909
1910
1911           -p prop, ..., --prop=prop, ...
1912
1913               A comma-separated list of properties to reset.
1914
1915           Note  that  when the persistent value is reset, the temporary value
1916           changes to the same value.
1917
1918
1919       dladm show-linkprop [-P] [[-c] -o field[,...]][-p prop[,...]] [link]
1920
1921           Show the current or persistent values of one  or  more  properties,
1922           either  for  all  datalinks  or for the specified link. By default,
1923           current values are shown.  If  no  properties  are  specified,  all
1924           available  link  properties  are  displayed. For each property, the
1925           following fields are displayed:
1926
1927           -o field[,...], --output=field
1928
1929               A case-insensitive, comma-separated list of  output  fields  to
1930               display. The field name must be one of the fields listed below,
1931               or the special value all to display all fields. For each  link,
1932               the following fields can be displayed:
1933
1934               LINK
1935
1936                   The name of the datalink.
1937
1938
1939               PROPERTY
1940
1941                   The name of the property.
1942
1943
1944               PERM
1945
1946                   The read/write permissions of the property. The value shown
1947                   is one of ro or rw.
1948
1949
1950               VALUE
1951
1952                   The current (or persistent) property value. If the value is
1953                   not  set, it is shown as --. If it is unknown, the value is
1954                   shown as ?. Persistent values that are not set or have been
1955                   reset  will  be shown as -- and will use the system DEFAULT
1956                   value (if any).
1957
1958
1959               DEFAULT
1960
1961                   The default value of the property. If the property  has  no
1962                   default value, -- is shown.
1963
1964
1965               POSSIBLE
1966
1967                   A comma-separated list of the values the property can have.
1968                   If the values span a numeric range,  min  -  max  might  be
1969                   shown  as  shorthand. If the possible values are unknown or
1970                   unbounded, -- is shown.
1971
1972               The list of properties depends on the  link  type  and  network
1973               device  driver,  and  the available values for a given property
1974               further depends on the  underlying  network  hardware  and  its
1975               state. General link properties are documented in the LINK PROP‐
1976               ERTIES section. However, link properties that  begin  with  "_"
1977               (underbar)  are specific to a given link or its underlying net‐
1978               work device and subject to change or removal. See the appropri‐
1979               ate network device driver man page for details.
1980
1981
1982           -c, --parseable
1983
1984               Display  using a stable machine-parseable format. The -o option
1985               is required with this option. See  "Parseable  Output  Format",
1986               below.
1987
1988
1989           -P, --persistent
1990
1991               Display persistent link property information
1992
1993
1994           -p prop, ..., --prop=prop, ...
1995
1996               A  comma-separated list of properties to show. See the sections
1997               on link properties following subcommand descriptions.
1998
1999
2000
2001       dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
2002
2003           Create a secure object named secobj in the specified  class  to  be
2004           later  used  as a WEP or WPA key in connecting to an encrypted net‐
2005           work. The value of the secure object can either be provided  inter‐
2006           actively  or  read from a file. The sequence of interactive prompts
2007           and the file format depends on the class of the secure object.
2008
2009           Currently, the classes wep and wpa are supported.  The  WEP  (Wired
2010           Equivalent Privacy) key can be either 5 or 13 bytes long. It can be
2011           provided either as an ASCII or hexadecimal string  --  thus,  12345
2012           and  0x3132333435  are equivalent 5-byte keys (the 0x prefix can be
2013           omitted). A file containing a WEP key must consist of a single line
2014           using  either  WEP key format. The WPA (Wi-Fi Protected Access) key
2015           must be provided as an ASCII string with a length between 8 and  63
2016           bytes.
2017
2018           This subcommand is only usable by users or roles that belong to the
2019           "Network Link Security" RBAC profile.
2020
2021           -c class, --class=class
2022
2023               class can be wep or wpa. See preceding discussion.
2024
2025
2026           -t, --temporary
2027
2028               Specifies that the creation is  temporary.  Temporary  creation
2029               last until the next reboot.
2030
2031
2032           -R root-dir, --root-dir=root-dir
2033
2034               See "Options," above.
2035
2036
2037           -f file, --file=file
2038
2039               Specifies  a  file  that  should  be  used to obtain the secure
2040               object's value. The format of this file depends on  the  secure
2041               object  class. See the EXAMPLES section for an example of using
2042               this option to set a WEP key.
2043
2044
2045
2046       dladm delete-secobj [-t] [-R root-dir] secobj[,...]
2047
2048           Delete one or more specified secure  objects.  This  subcommand  is
2049           only  usable  by  users  or  roles that belong to the "Network Link
2050           Security" RBAC profile.
2051
2052           -t, --temporary
2053
2054               Specifies that the deletions are temporary. Temporary deletions
2055               last until the next reboot.
2056
2057
2058           -R root-dir, --root-dir=root-dir
2059
2060               See "Options," above.
2061
2062
2063
2064       dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
2065
2066           Show  current  or  persistent  secure object information. If one or
2067           more secure objects are specified, then  information  for  each  is
2068           displayed.  Otherwise, all current or persistent secure objects are
2069           displayed.
2070
2071           By default, current secure objects are  displayed,  which  are  all
2072           secure  objects  that have either been persistently created and not
2073           temporarily deleted, or temporarily created.
2074
2075           For security reasons, it is not possible to show  the  value  of  a
2076           secure object.
2077
2078           -o field[,...] , --output=field[,...]
2079
2080               A  case-insensitive,  comma-separated  list of output fields to
2081               display. The field name must be one of the fields listed below.
2082               For displayed secure object, the following fields can be shown:
2083
2084               OBJECT
2085
2086                   The name of the secure object.
2087
2088
2089               CLASS
2090
2091                   The class of the secure object.
2092
2093
2094
2095           -p, --parseable
2096
2097               Display  using a stable machine-parseable format. The -o option
2098               is required with -p. See "Parseable Output Format", below.
2099
2100
2101           -P, --persistent
2102
2103               Display persistent secure object information
2104
2105
2106
2107       dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto | {fac‐
2108       tory [-n slot-identifier]} | {random [-r prefix]}] [-v vlan-id] [-p
2109       prop=value[,...]] vnic-link
2110
2111           Create a VNIC with name vnic-link over the specified link.
2112
2113           -t, --temporary
2114
2115               Specifies that the VNIC  is  temporary.  Temporary  VNICs  last
2116               until the next reboot.
2117
2118
2119           -R root-dir, --root-dir=root-dir
2120
2121               See "Options," above.
2122
2123
2124           -l link, --link=link
2125
2126               link can be a physical link or an etherstub.
2127
2128
2129           -m value | keyword, --mac-address=value | keyword
2130
2131               Sets  the  VNIC's  MAC  address based on the specified value or
2132               keyword. If value is not a keyword, it is interpreted as a uni‐
2133               cast  MAC  address, which must be valid for the underlying NIC.
2134               The following special keywords can be used:
2135
2136               factory [-n slot-identifier],
2137               factory [--slot=slot-identifier]
2138
2139                   Assign a factory MAC address to the VNIC.  When  a  factory
2140                   MAC  address  is  requested, -m can be combined with the -n
2141                   option to specify a MAC address slot to be used. If  -n  is
2142                   not  specified,  the  system will choose the next available
2143                   factory MAC address. The -m option of the show-phys subcom‐
2144                   mand  can  be  used  to  display  the  list  of factory MAC
2145                   addresses, their slot identifiers, and their availability.
2146
2147
2148
2149               random [-r prefix],
2150               random [--mac-prefix=prefix]
2151
2152                   Assign a random MAC address to the VNIC. A  default  prefix
2153                   consisting  of a valid IEEE OUI with the local bit set will
2154                   be used. That prefix can be overridden with the -r option.
2155
2156
2157               auto
2158
2159                   Try and use a factory MAC address first. If none is  avail‐
2160                   able,  assign  a  random  MAC  address. auto is the default
2161                   action if the -m option is not specified.
2162
2163
2164               -v vlan-id
2165
2166                   Enable VLAN tagging for this VNIC. The VLAN tag  will  have
2167                   id vlan-id.
2168
2169
2170
2171           -p prop=value,..., --prop prop=value,...
2172
2173               A  comma-separated  list  of properties to set to the specified
2174               values.
2175
2176
2177
2178       dladm delete-vnic [-t] [-R root-dir] vnic-link
2179
2180           Deletes the specified VNIC.
2181
2182           -t, --temporary
2183
2184               Specifies that the deletion is temporary.  Temporary  deletions
2185               last until the next reboot.
2186
2187
2188           -R root-dir, --root-dir=root-dir
2189
2190               See "Options," above.
2191
2192
2193
2194       dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]] [-l link]
2195       [vnic-link]
2196
2197           Show VNIC configuration information (the  default)  or  statistics,
2198           for  all  VNICs,  all  VNICs on a link, or only the specified vnic-
2199           link.
2200
2201           -o field[,...] , --output=field[,...]
2202
2203               A case-insensitive, comma-separated list of  output  fields  to
2204               display. The field name must be one of the fields listed below.
2205               The field name must be one of the fields listed below,  or  the
2206               special  value  all  to display all fields. By default (without
2207               -o), show-vnic displays all fields.
2208
2209               LINK
2210
2211                   The name of the VNIC.
2212
2213
2214               OVER
2215
2216                   The name of the physical link over which this VNIC is  con‐
2217                   figured.
2218
2219
2220               SPEED
2221
2222                   The maximum speed of the VNIC, in megabits per second.
2223
2224
2225               MACADDRESS
2226
2227                   MAC address of the VNIC.
2228
2229
2230               MACADDRTYPE
2231
2232                   MAC address type of the VNIC. dladm distinguishes among the
2233                   following MAC address types:
2234
2235                   random
2236
2237                       A random address assigned to the VNIC.
2238
2239
2240                   factory
2241
2242                       A factory MAC address used by the VNIC.
2243
2244
2245
2246
2247           -p, --parseable
2248
2249               Display using a stable machine-parseable format. The -o  option
2250               is required with -p. See "Parseable Output Format", below.
2251
2252
2253           -P, --persistent
2254
2255               Display the persistent VNIC configuration.
2256
2257
2258           -s, --statistics
2259
2260               Displays VNIC statistics.
2261
2262
2263           -i interval, --interval=interval
2264
2265               Used  with the -s option to specify an interval, in seconds, at
2266               which statistics should be displayed. If  this  option  is  not
2267               specified, statistics will be displayed only once.
2268
2269
2270           -l link, --link=link
2271
2272               Display information for all VNICs on the named link.
2273
2274
2275
2276
2277       dladm create-etherstub [-t] [-R root-dir] etherstub
2278
2279           Create an etherstub with the specified name.
2280
2281           -t, --temporary
2282
2283               Specifies that the etherstub is temporary. Temporary etherstubs
2284               do not persist across reboots.
2285
2286
2287           -R root-dir, --root-dir=root-dir
2288
2289               See "Options," above.
2290
2291           VNICs can be created on top of etherstubs instead of physical NICs.
2292           As  with physical NICs, such a creation causes the stack to implic‐
2293           itly create a virtual switch between the VNICs created  on  top  of
2294           the same etherstub.
2295
2296
2297
2298       dladm delete-etherstub [-t] [-R root-dir] etherstub
2299
2300           Delete the specified etherstub.
2301
2302           -t, --temporary
2303
2304               Specifies  that  the deletion is temporary. Temporary deletions
2305               last until the next reboot.
2306
2307
2308           -R root-dir, --root-dir=root-dir
2309
2310               See "Options," above.
2311
2312
2313
2314       dladm show-etherstub [etherstub]
2315
2316           Show all configured etherstubs by default, or the specified  ether‐
2317           stub if etherstub is specified.
2318
2319
2320       dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
2321       iptun-link
2322
2323           Create an IP tunnel link named iptun-link. Such links can addition‐
2324           ally be protected with IPsec using ipsecconf(1M).
2325
2326           An IP tunnel is conceptually comprised of two parts: a virtual link
2327           between two or more IP nodes, and an IP interface above  this  link
2328           that  allows the system to transmit and receive IP packets encapsu‐
2329           lated by the underlying link. This  subcommand  creates  a  virtual
2330           link.  The  ifconfig(1M) command is used to configure IP interfaces
2331           above the link.
2332
2333           -t, --temporary
2334
2335               Specifies that the IP tunnel link is temporary. Temporary  tun‐
2336               nels last until the next reboot.
2337
2338
2339           -R root-dir, --root-dir=root-dir
2340
2341               See "Options," above.
2342
2343
2344           -T type, --tunnel-type=type
2345
2346               Specifies  the  type  of tunnel to be created. The type must be
2347               one of the following:
2348
2349               ipv4
2350
2351                   A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
2352                   This  type  of  tunnel requires IPv4 source and destination
2353                   addresses to function. IPv4  and  IPv6  interfaces  can  be
2354                   plumbed  above  such  a tunnel to create IPv4-over-IPv4 and
2355                   IPv6-over-IPv4 tunneling configurations.
2356
2357
2358               ipv6
2359
2360                   A point-to-point, IP-over-IP tunnel between two IPv6  nodes
2361                   as  defined  in IETF RFC 2473. This type of tunnel requires
2362                   IPv6 source and destination addresses to function. IPv4 and
2363                   IPv6  interfaces can be plumbed above such a tunnel to cre‐
2364                   ate IPv4-over-IPv6 and IPv6-over-IPv6 tunneling  configura‐
2365                   tions.
2366
2367
2368               6to4
2369
2370                   A  6to4,  point-to-multipoint tunnel as defined in IETF RFC
2371                   3056. This type of tunnel requires an IPv4  source  address
2372                   to  function. An IPv6 interface is plumbed on such a tunnel
2373                   link to configure a 6to4 router.
2374
2375
2376
2377           -s tsrc, --tunnel-src=tsrc
2378
2379               Literal IP address or  hostname  corresponding  to  the  tunnel
2380               source.  If  a hostname is specified, it will be resolved to IP
2381               addresses, and one of those IP addresses will be  used  as  the
2382               tunnel  source.  Because  IP  tunnels are created before naming
2383               services have been brought online during the boot  process,  it
2384               is important that any hostname used be included in /etc/hosts.
2385
2386
2387           -d tdst, --tunnel-dst=tdst
2388
2389               Literal IP address or hostname corresponding to the tunnel des‐
2390               tination.
2391
2392
2393
2394       dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
2395
2396           Modify the parameters of the specified IP tunnel.
2397
2398           -t, --temporary
2399
2400               Specifies that the modification is temporary. Temporary modifi‐
2401               cations last until the next reboot.
2402
2403
2404           -R root-dir, --root-dir=root-dir
2405
2406               See "Options," above.
2407
2408
2409           -s tsrc, --tunnel-src=tsrc
2410
2411               Specifies  a  new tunnel source address. See create-iptun for a
2412               description.
2413
2414
2415           -d tdst, --tunnel-dst=tdst
2416
2417               Specifies a new tunnel destination  address.  See  create-iptun
2418               for a description.
2419
2420
2421
2422       dladm delete-iptun [-t] [-R root-dir] iptun-link
2423
2424           Delete the specified IP tunnel link.
2425
2426           -t, --temporary
2427
2428               Specifies  that  the deletion is temporary. Temporary deletions
2429               last until the next reboot.
2430
2431
2432           -R root-dir, --root-dir=root-dir
2433
2434               See "Options," above.
2435
2436
2437
2438       dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
2439
2440           Show IP tunnel link configuration for a single IP tunnel or all  IP
2441           tunnels.
2442
2443           -P, --persistent
2444
2445               Display the persistent IP tunnel configuration.
2446
2447
2448           -p, --parseable
2449
2450               Display  using a stable machine-parseable format. The -o option
2451               is required with -p. See "Parseable Output Format", below.
2452
2453
2454           -o field[,...], --output=field[,...]
2455
2456               A case-insensitive, comma-separated list of  output  fields  to
2457               display. The field name must be one of the fields listed below,
2458               or the special value all, to display  all  fields.  By  default
2459               (without -o), show-iptun displays all fields.
2460
2461               LINK
2462
2463                   The name of the IP tunnel link.
2464
2465
2466               TYPE
2467
2468                   Type  of  tunnel  as  specified by the -T option of create-
2469                   iptun.
2470
2471
2472               FLAGS
2473
2474                   A set of flags associated with the IP tunnel link. Possible
2475                   flags are:
2476
2477                   s
2478
2479                       The  IP  tunnel  link  is protected by IPsec policy. To
2480                       display the IPsec policy  associated  with  the  tunnel
2481                       link, enter:
2482
2483                         # ipsecconf -ln -i tunnel-link
2484
2485
2486                       See  ipsecconf(1M) for more details on how to configure
2487                       IPsec policy.
2488
2489
2490                   i
2491
2492                       The IP tunnel link was implicitly created  with  ifcon‐
2493                       fig(1M),  and  will be automatically deleted when it is
2494                       no longer referenced (that is, when the last IP  inter‐
2495                       face  over  the  tunnel is unplumbed). See ifconfig(1M)
2496                       for details on implicit tunnel creation.
2497
2498
2499
2500               SOURCE
2501
2502                   The tunnel source address.
2503
2504
2505               DESTINATION
2506
2507                   The tunnel destination address.
2508
2509
2510
2511
2512       dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e
2513       time] [link]
2514
2515           Show the historical network usage from a stored extended accounting
2516           file. Configuration and enabling of network accounting through acc‐
2517           tadm(1M)  is  required.  The  default output will be the summary of
2518           network usage for the entire  period  of  time  in  which  extended
2519           accounting was enabled.
2520
2521           -a
2522
2523               Display  all  historical network usage for the specified period
2524               of time during  which  extended  accounting  is  enabled.  This
2525               includes  the usage information for the links that have already
2526               been deleted.
2527
2528
2529           -f filename, --file=filename
2530
2531               Read extended accounting records of network  usage  from  file‐
2532               name.
2533
2534
2535           -F format, --format=format
2536
2537               Specifies  the  format  of plotfile that is specified by the -p
2538               option. As of this release, gnuplot is the only supported  for‐
2539               mat.
2540
2541
2542           -p plotfile, --plot=plotfile
2543
2544               Write  network  usage data to a file of the format specified by
2545               the -F option, which is required.
2546
2547
2548           -s time, --start=time
2549           -e time, --stop=time
2550
2551               Start and stop times for data display. Time is  in  the  format
2552               MM/DD/YYYY,hh:mm:ss.
2553
2554
2555           link
2556
2557               If  specified,  display  the  network  usage only for the named
2558               link. Otherwise, display network usage for all links.
2559
2560
2561
2562   Parseable Output Format
2563       Many dladm subcommands  have  an  option  that  displays  output  in  a
2564       machine-parseable  format.  The  output  format is one or more lines of
2565       colon (:) delimited fields. The fields displayed are  specific  to  the
2566       subcommand  used and are listed under the entry for the -o option for a
2567       given subcommand. Output includes only those fields requested by  means
2568       of the -o option, in the order requested.
2569
2570
2571       When  you  request  multiple  fields,  any literal colon characters are
2572       escaped by a backslash (\)  before  being  output.  Similarly,  literal
2573       backslash  characters  will also be escaped (\\). This escape format is
2574       parseable by using shell read(1) functions with the  environment  vari‐
2575       able  IFS=:  (see EXAMPLES, below). Note that escaping is not done when
2576       you request only a single field.
2577
2578   General Link Properties
2579       The following general link properties are supported:
2580
2581       autopush
2582
2583           Specifies the set of STREAMS modules to push on the stream  associ‐
2584           ated  with  a  link  when its DLPI device is opened. It is a space-
2585           delimited list of modules.
2586
2587           The optional special character sequence [anchor] indicates  that  a
2588           STREAMS  anchor should be placed on the stream at the module previ‐
2589           ously specified in the list. It is an error to  specify  more  than
2590           one anchor or to have an anchor first in the list.
2591
2592           The  autopush  property  is  preferred  over the more general auto‐
2593           push(1M) command.
2594
2595
2596       cpus
2597
2598           Bind the processing of packets for a given data link to a processor
2599           or  a set of processors. The value can be a comma-separated list of
2600           one or more processor ids. If the list consists of  more  than  one
2601           processor,  the  processing  will spread out to all the processors.
2602           Connection to processor affinity and packet ordering for any  indi‐
2603           vidual connection will be maintained.
2604
2605           The processor or set of processors are not exclusively reserved for
2606           the link. Only the kernel threads and  interrupts  associated  with
2607           processing  of  the  link  are bound to the processor or the set of
2608           processors specified. In case it is desired that processors be ded‐
2609           icated  to  the  link, psrset(1M) can be used to create a processor
2610           set and then specifying the processors from the  processor  set  to
2611           bind the link to.
2612
2613           If the link was already bound to processor or set of processors due
2614           to a previous operation, the binding will be removed  and  the  new
2615           set of processors will be used instead.
2616
2617           The  default is no CPU binding, which is to say that the processing
2618           of packets is not bound to any specific processor or processor set.
2619
2620
2621       learn_limit
2622
2623           Limits the number of new or changed MAC sources to be learned  over
2624           a bridge link. When the number exceeds this value, learning on that
2625           link is temporarily disabled. Only non-VLAN,  non-VNIC  type  links
2626           have this property.
2627
2628           The default value is 1000. Valid values are greater or equal to 0.
2629
2630
2631       learn_decay
2632
2633           Specifies the decay rate for source changes limited by learn_limit.
2634           This number is subtracted from the counter for a bridge link  every
2635           5 seconds. Only non-VLAN, non-VNIC type links have this property.
2636
2637           The default value is 200. Valid values are greater or equal to 0.
2638
2639
2640       maxbw
2641
2642           Sets the full duplex bandwidth for the link. The bandwidth is spec‐
2643           ified as an integer with one of the scale suffixes (K, M, or G  for
2644           Kbps,  Mbps,  and Gbps). If no units are specified, the input value
2645           will be read as Mbps. The default is no bandwidth limit.
2646
2647
2648       priority
2649
2650           Sets the relative priority for the link. The value can be given  as
2651           one of the tokens high, medium, or low. The default is high.
2652
2653
2654       stp
2655
2656           Enables  or  disables Spanning Tree Protocol on a bridge link. Set‐
2657           ting this value to 0 disables Spanning Tree, and puts the link into
2658           forwarding  mode with BPDU guarding enabled. This mode is appropri‐
2659           ate for point-to-point links connected only to end nodes. Only non-
2660           VLAN,  non-VNIC type links have this property. The default value is
2661           1, to enable STP.
2662
2663
2664       forward
2665
2666           Enables or disables forwarding for a VLAN. Setting this value to  0
2667           disables  bridge  forwarding for a VLAN link. Disabling bridge for‐
2668           warding removes that VLAN from the "allowed set"  for  the  bridge.
2669           The  default value is 1, to enable bridge forwarding for configured
2670           VLANs.
2671
2672
2673       default_tag
2674
2675           Sets the default VLAN ID that is assumed for untagged packets  sent
2676           to  and received from this link. Only non-VLAN, non-VNIC type links
2677           have this property. Setting this value to  0  disables  the  bridge
2678           forwarding  of  untagged  packets to and from the port. The default
2679           value is VLAN ID 1. Valid values values are from 0 to 4094.
2680
2681
2682       stp_priority
2683
2684           Sets the STP and RSTP Port Priority value, which is used to  deter‐
2685           mine  the  preferred  root port on a bridge. Lower numerical values
2686           are higher priority. The default value is 128. Valid  values  range
2687           from 0 to 255.
2688
2689
2690       stp_cost
2691
2692           Sets the STP and RSTP cost for using the link. The default value is
2693           auto, which sets the cost  based  on  link  speed,  using  100  for
2694           10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
2695           range from 1 to 65535.
2696
2697
2698       stp_edge
2699
2700           Enables or disables  bridge  edge  port  detection.  If  set  to  0
2701           (false),  the  system  assumes  that the port is connected to other
2702           bridges even if no bridge PDUs of any type are  seen.  The  default
2703           value is 1, which detects edge ports automatically.
2704
2705
2706       stp_p2p
2707
2708           Sets  bridge  point-to-point  operation  mode.  Possible values are
2709           true, false, and auto. When set to auto, point-to-point connections
2710           are  automatically  discovered.  When set to true, the port mode is
2711           forced to use point-to-point. When set to false, the port  mode  is
2712           forced to use normal multipoint mode. The default value is auto.
2713
2714
2715       stp_mcheck
2716
2717           Triggers the system to run the RSTP Force BPDU Migration Check pro‐
2718           cedure on this link. The procedure  is  triggered  by  setting  the
2719           property value to 1. The property is automatically reset back to 0.
2720           This value cannot be set unless the following are true:
2721
2722               o      The link is bridged
2723
2724               o      The bridge is protected by Spanning Tree
2725
2726               o      The bridge force-protocol value is at least 2 (RSTP)
2727           The default value is 0.
2728
2729
2730       zone
2731
2732           Specifies the zone to which the link belongs. This property can  be
2733           modified  only  temporarily  through  dladm, and thus the -t option
2734           must be specified. To modify the zone assignment such that it  per‐
2735           sists  across reboots, please use zonecfg(1M). Possible values con‐
2736           sist of any exclusive-IP zone currently running on the  system.  By
2737           default, the zone binding is as per zonecfg(1M).
2738
2739
2740   Wifi Link Properties
2741       The following WiFi link properties are supported. Note that the ability
2742       to set a given property to a given value  depends  on  the  driver  and
2743       hardware.
2744
2745       channel
2746
2747           Specifies the channel to use. This property can be modified only by
2748           certain WiFi links when in IBSS mode. The default value and allowed
2749           range of values varies by regulatory domain.
2750
2751
2752       powermode
2753
2754           Specifies the power management mode of the WiFi link. Possible val‐
2755           ues are off (disable power management),  max  (maximum  power  sav‐
2756           ings),  and  fast (performance-sensitive power management). Default
2757           is off.
2758
2759
2760       radio
2761
2762           Specifies the radio mode of the WiFi link. Possible values  are  on
2763           or off. Default is on.
2764
2765
2766       speed
2767
2768           Specifies  a fixed speed for the WiFi link, in megabits per second.
2769           The set of possible values depends on the driver and hardware  (but
2770           is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
2771           By default, there is no fixed speed.
2772
2773
2774   Ethernet Link Properties
2775       The following MII Properties, as documented in ieee802.3(5),  are  sup‐
2776       ported in read-only mode:
2777
2778           o      duplex
2779
2780           o      state
2781
2782           o      adv_autoneg_cap
2783
2784           o      adv_10gfdx_cap
2785
2786           o      adv_1000fdx_cap
2787
2788           o      adv_1000hdx_cap
2789
2790           o      adv_100fdx_cap
2791
2792           o      adv_100hdx_cap
2793
2794           o      adv_10fdx_cap
2795
2796           o      adv_10hdx_cap
2797
2798
2799       Each  adv_  property (for example, adv_10fdx_cap) also has a read/write
2800       counterpart en_ property (for example, en_10fdx_cap) controlling param‐
2801       eters used at auto-negotiation. In the absence of Power Management, the
2802       adv* speed/duplex parameters provide the values that are  both  negoti‐
2803       ated  and  currently effective in hardware. However, with Power Manage‐
2804       ment enabled, the speed/duplex capabilities currently exposed in  hard‐
2805       ware  might  be  a  subset of the set of bits that were used in initial
2806       link parameter negotiation. Thus the MII adv_*  parameters  are  marked
2807       read-only,  with  an  additional set of en_* parameters for configuring
2808       speed and duplex properties at initial negotiation.
2809
2810
2811       Note that the adv_autoneg_cap does not have an en_autoneg_cap  counter‐
2812       part: the adv_autoneg_cap is a 0/1 switch that turns off/on autonegoti‐
2813       ation itself, and therefore cannot be impacted by Power Management.
2814
2815
2816       In addition, the following Ethernet properties are reported:
2817
2818       speed
2819
2820           (read-only) The operating speed of the device, in Mbps.
2821
2822
2823       mtu
2824
2825           The maximum client SDU (Send Data Unit) supported  by  the  device.
2826           Valid range is 68-65536.
2827
2828
2829       flowctrl
2830
2831           Establishes  flow-control  modes  that  will  be  advertised by the
2832           device. Valid input is one of:
2833
2834           no
2835
2836               No flow control enabled.
2837
2838
2839           rx
2840
2841               Receive, and act upon incoming pause frames.
2842
2843
2844           tx
2845
2846               Transmit pause frames to the peer when congestion  occurs,  but
2847               ignore received pause frames.
2848
2849
2850           bi
2851
2852               Bidirectional flow control.
2853
2854           Note that the actual settings for this value are constrained by the
2855           capabilities allowed by the device and the link partner.
2856
2857
2858       tagmode
2859
2860           This link property controls the conditions  in  which  802.1Q  VLAN
2861           tags will be inserted in packets being transmitted on the link. Two
2862           mode values can be assigned to this property:
2863
2864           normal      Insert a VLAN tag in outgoing packets under the follow‐
2865                       ing conditions:
2866
2867                           o      The packet belongs to a VLAN.
2868
2869                           o      The user requested priority tagging.
2870
2871
2872           vlanonly    Insert a VLAN tag only when the outgoing packet belongs
2873                       to a VLAN. If a tag is being inserted in this mode  and
2874                       the  user  has  also requested a non-zero priority, the
2875                       priority is honored and included in the VLAN tag.
2876
2877           The default value is vlanonly.
2878
2879
2880   IP Tunnel Link Properties
2881       The following IP tunnel link properties are supported.
2882
2883       hoplimit
2884
2885           Specifies the IPv4 TTL or IPv6  hop  limit  for  the  encapsulating
2886           outer IP header of a tunnel link. This property exists for all tun‐
2887           nel types. The default value is 64.
2888
2889
2890       encaplimit
2891
2892           Specifies the IPv6  encapsulation  limit  for  an  IPv6  tunnel  as
2893           defined  in  RFC 2473. This value is the tunnel nesting limit for a
2894           given tunneled packet. The default value is 4. A value  of  0  dis‐
2895           ables the encapsulation limit.
2896
2897

EXAMPLES

2899       Example 1 Configuring an Aggregation
2900
2901
2902       To  configure  a data-link over an aggregation of devices bge0 and bge1
2903       with key 1, enter the following command:
2904
2905
2906         # dladm create-aggr -d bge0 -d bge1 1
2907
2908
2909
2910       Example 2 Connecting to a WiFi Link
2911
2912
2913       To connect to the most optimal available unsecured network on a  system
2914       with  a single WiFi link (as per the prioritization rules specified for
2915       connect-wifi), enter the following command:
2916
2917
2918         # dladm connect-wifi
2919
2920
2921
2922       Example 3 Creating a WiFi Key
2923
2924
2925       To interactively create the WEP key mykey, enter the following command:
2926
2927
2928         # dladm create-secobj -c wep mykey
2929
2930
2931
2932
2933       Alternatively, to non-interactively create the WEP key mykey using  the
2934       contents of a file:
2935
2936
2937         # umask 077
2938          # cat >/tmp/mykey.$$ <<EOF
2939          12345
2940          EOF
2941          # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
2942          # rm /tmp/mykey.$$
2943
2944
2945
2946       Example 4 Connecting to a Specified Encrypted WiFi Link
2947
2948
2949       To  use key mykey to connect to ESSID wlan on link ath0, enter the fol‐
2950       lowing command:
2951
2952
2953         # dladm connect-wifi -k mykey -e wlan ath0
2954
2955
2956
2957       Example 5 Changing a Link Property
2958
2959
2960       To set powermode to the value fast on link pcwl0, enter  the  following
2961       command:
2962
2963
2964         # dladm set-linkprop -p powermode=fast pcwl0
2965
2966
2967
2968       Example 6 Connecting to a WPA-Protected WiFi Link
2969
2970
2971       Create a WPA key psk and enter the following command:
2972
2973
2974         # dladm create-secobj -c wpa psk
2975
2976
2977
2978
2979       To  then  use  key psk to connect to ESSID wlan on link ath0, enter the
2980       following command:
2981
2982
2983         # dladm connect-wifi -k psk -e wlan ath0
2984
2985
2986
2987       Example 7 Renaming a Link
2988
2989
2990       To rename the bge0 link to mgmt0, enter the following command:
2991
2992
2993         # dladm rename-link bge0 mgmt0
2994
2995
2996
2997       Example 8 Replacing a Network Card
2998
2999
3000       Consider that the bge0 device, whose link was named mgmt0 as  shown  in
3001       the previous example, needs to be replaced with a ce0 device because of
3002       a hardware failure. The bge0 NIC is physically  removed,  and  replaced
3003       with  a  new  ce0 NIC. To associate the newly added ce0 device with the
3004       mgmt0 configuration previously associated with bge0, enter the  follow‐
3005       ing command:
3006
3007
3008         # dladm rename-link ce0 mgmt0
3009
3010
3011
3012       Example 9 Removing a Network Card
3013
3014
3015       Suppose  that in the previous example, the intent is not to replace the
3016       bge0 NIC with another NIC, but rather to remove  and  not  replace  the
3017       hardware.  In that case, the mgmt0 datalink configuration is not slated
3018       to be associated with a different physical device as shown in the  pre‐
3019       vious  example, but needs to be deleted. Enter the following command to
3020       delete the datalink configuration associated with the  mgmt0  datalink,
3021       whose physical hardware (bge0 in this case) has been removed:
3022
3023
3024         # dladm delete-phys mgmt0
3025
3026
3027
3028       Example 10 Using Parseable Output to Capture a Single Field
3029
3030
3031       The following assignment saves the MTU of link net0 to a variable named
3032       mtu.
3033
3034
3035         # mtu=`dladm show-link -p -o mtu net0`
3036
3037
3038
3039       Example 11 Using Parseable Output to Iterate over Links
3040
3041
3042       The following script displays the state of each link on the system.
3043
3044
3045         # dladm show-link -p -o link,state | while IFS=: read link state; do
3046                     print "Link $link is in state $state"
3047                 done
3048
3049
3050
3051       Example 12 Configuring VNICs
3052
3053
3054       Create two VNICs with names hello0 and test1  over  a  single  physical
3055       link bge0:
3056
3057
3058         # dladm create-vnic -l bge0 hello0
3059         # dladm create-vnic -l bge0 test1
3060
3061
3062
3063       Example 13 Configuring VNICs and Allocating Bandwidth and Priority
3064
3065
3066       Create  two  VNICs  with  names hello0 and test1 over a single physical
3067       link bge0 and make hello0 a high priority VNIC with a  factory-assigned
3068       MAC  address with a maximum bandwidth of 50 Mbps. Make test1 a low pri‐
3069       ority VNIC with a  random  MAC  address  and  a  maximum  bandwidth  of
3070       100Mbps.
3071
3072
3073         # dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0
3074         # dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1
3075
3076
3077
3078       Example 14 Configuring a VNIC with a Factory MAC Address
3079
3080
3081       First, list the available factory MAC addresses and choose one of them:
3082
3083
3084         # dladm show-phys -m bge0
3085         LINK            SLOT         ADDRESS              INUSE    CLIENT
3086         bge0            primary      0:e0:81:27:d4:47     yes      bge0
3087         bge0            1            8:0:20:fe:4e:a5      no
3088         bge0            2            8:0:20:fe:4e:a6      no
3089         bge0            3            8:0:20:fe:4e:a7      no
3090
3091
3092
3093
3094       Create a VNIC named hello0 and use slot 1's address:
3095
3096
3097         # dladm create-vnic -l bge0 -m factory -n 1 hello0
3098         # dladm show-phys -m bge0
3099         LINK            SLOT         ADDRESS              INUSE    CLIENT
3100         bge0            primary      0:e0:81:27:d4:47     yes      bge0
3101         bge0            1            8:0:20:fe:4e:a5      yes      hello0
3102         bge0            2            8:0:20:fe:4e:a6      no
3103         bge0            3            8:0:20:fe:4e:a7      no
3104
3105
3106
3107       Example  15 Creating a VNIC with User-Specified MAC Address, Binding it
3108       to Set of Processors
3109
3110
3111       Create a VNIC with name hello0, with a user specified MAC address,  and
3112       a processor binding 0, 1, 2, 3.
3113
3114
3115         # dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,1,2,3 hello0
3116
3117
3118
3119       Example 16 Creating a Virtual Network Without a Physical NIC
3120
3121
3122       First, create an etherstub with name stub1:
3123
3124
3125         # dladm create-etherstub stub1
3126
3127
3128
3129
3130       Create  two  VNICs  with  names hello0 and test1 on the etherstub. This
3131       operation implicitly creates a virtual  switch  connecting  hello0  and
3132       test1.
3133
3134
3135         # dladm create-vnic -l stub1 hello0
3136         # dladm create-vnic -l stub1 test1
3137
3138
3139
3140       Example 17 Showing Network Usage
3141
3142
3143       Network  usage  statistics  can be stored using the extended accounting
3144       facility, acctadm(1M).
3145
3146
3147         # acctadm -e basic -f /var/log/net.log net
3148         # acctadm net
3149                   Network accounting: active
3150              Network accounting file: /var/log/net.log
3151            Tracked Network resources: basic
3152          Untracked Network resources: src_ip,dst_ip,src_port,dst_port,protocol,
3153                                       dsfield
3154
3155
3156
3157
3158       The saved historical data can be retrieved in summary  form  using  the
3159       show-usage subcommand:
3160
3161
3162         # dladm show-usage -f /var/log/net.log
3163         LINK      DURATION  IPACKETS RBYTES      OPACKETS OBYTES      BANDWIDTH
3164         e1000g0   80        1031     546908      0        0           2.44 Kbps
3165
3166
3167
3168       Example 18 Displaying Bridge Information
3169
3170
3171       The following commands use the show-bridge subcommand with no and vari‐
3172       ous options.
3173
3174
3175         # dladm show-bridge
3176         BRIDGE       PROTECT ADDRESS           PRIORITY DESROOT
3177         foo          stp     32768/8:0:20:bf:f 32768    8192/0:d0:0:76:14:38
3178         bar          stp     32768/8:0:20:e5:8 32768    8192/0:d0:0:76:14:38
3179
3180         # dladm show-bridge -l foo
3181         LINK         STATE        UPTIME   DESROOT
3182         hme0         forwarding   117      8192/0:d0:0:76:14:38
3183         qfe1         forwarding   117      8192/0:d0:0:76:14:38
3184
3185         # dladm show-bridge -s foo
3186         BRIDGE       DROPS        FORWARDS
3187         foo          0            302
3188
3189         # dladm show-bridge -ls foo
3190         LINK         DROPS     RECV      XMIT
3191         hme0         0         360832    31797
3192         qfe1         0         322311    356852
3193
3194         # dladm show-bridge -f foo
3195         DEST              AGE     FLAGS  OUTPUT
3196         8:0:20:bc:a7:dc   10.860  --     hme0
3197         8:0:20:bf:f9:69   --      L      hme0
3198         8:0:20:c0:20:26   17.420  --     hme0
3199         8:0:20:e5:86:11   --      L      qfe1
3200
3201
3202
3203       Example 19 Creating an IPv4 Tunnel
3204
3205
3206       The following sequence of commands creates and then displays a  persis‐
3207       tent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:
3208
3209
3210         # dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
3211         # dladm show-iptun mytunnel0
3212         LINK            TYPE  FLAGS  SOURCE              DESTINATION
3213         mytunnel0       ipv4  --     66.1.2.3            192.4.5.6
3214
3215
3216
3217
3218       A  point-to-point  IP  interface  can  then be created over this tunnel
3219       link:
3220
3221
3222         # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
3223
3224
3225
3226
3227       As with any other IP interface, configuration persistence for  this  IP
3228       interface is achieved by placing the desired ifconfig commands (in this
3229       case, the command for "10.1.0.1  10.1.0.2")  into  /etc/hostname.mytun‐
3230       nel0.
3231
3232
3233       Example 20 Creating a 6to4 Tunnel
3234
3235
3236       The  following  command creates a 6to4 tunnel link. The IPv4 address of
3237       the 6to4 router is 75.10.11.12.
3238
3239
3240         # dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
3241         # dladm show-iptun sitetunnel0
3242         LINK            TYPE  FLAGS  SOURCE              DESTINATION
3243         sitetunnel0     6to4  --     75.10.11.12         --
3244
3245
3246
3247
3248       The following command plumbs an IPv6 interface on this tunnel:
3249
3250
3251         # ifconfig sitetunnel0 inet6 plumb up
3252         # ifconfig sitetunnel0 inet6
3253         sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
3254                 inet tunnel src 75.10.11.12
3255                 tunnel hop limit 64
3256                 inet6 2002:4b0a:b0c::1/16
3257
3258
3259
3260
3261       Note that the system automatically configures the IPv6 address  on  the
3262       6to4  IP  interface.  See  ifconfig(1M)  for  a description of how IPv6
3263       addresses are configured on 6to4 tunnel links.
3264
3265

ATTRIBUTES

3267       See attributes(5) for descriptions of the following attributes:
3268
3269
3270       /usr/sbin
3271
3272
3273
3274
3275       ┌─────────────────────────────┬─────────────────────────────┐
3276       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
3277       ├─────────────────────────────┼─────────────────────────────┤
3278       │Availability                 │SUNWcsu                      │
3279       ├─────────────────────────────┼─────────────────────────────┤
3280       │Interface Stability          │Committed                    │
3281       └─────────────────────────────┴─────────────────────────────┘
3282
3283
3284       /sbin
3285
3286
3287
3288
3289       ┌─────────────────────────────┬─────────────────────────────┐
3290       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
3291       ├─────────────────────────────┼─────────────────────────────┤
3292       │Availability                 │SUNWcsr                      │
3293       ├─────────────────────────────┼─────────────────────────────┤
3294       │Interface Stability          │Committed                    │
3295       └─────────────────────────────┴─────────────────────────────┘
3296

SEE ALSO

3298       acctadm(1M),  autopush(1M),   ifconfig(1M),   ipsecconf(1M),   ndd(1M),
3299       psrset(1M),   wpad(1M),   zonecfg(1M),   attributes(5),   ieee802.3(5),
3300       dlpi(7P)
3301

NOTES

3303       The preferred method of referring to an aggregation in the  aggregation
3304       subcommands  is  by  its  link name. Referring to an aggregation by its
3305       integer key is supported for backward compatibility, but is not  neces‐
3306       sary.  When creating an aggregation, if a key is specified instead of a
3307       link name, the aggregation's link name will be automatically  generated
3308       by dladm as aggrkey.
3309
3310
3311
3312SunOS 5.11                        23 Sep 2009                        dladm(1M)
Impressum