1dladm(1M) System Administration Commands dladm(1M)
2
3
4
6 dladm - administer data links
7
9 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
10 dladm rename-link [-R root-dir] link new-link
11
12
13 dladm delete-phys phys-link
14 dladm show-phys [-P] [-m] [[-p] -o field[,...]] [-H] [phys-link]
15
16
17 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
18 [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
19 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
20 [-T time] [-u address] aggr-link
21 dladm delete-aggr [-t] [-R root-dir] aggr-link
22 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
23 aggr-link
24 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
25 aggr-link
26 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
27 [aggr-link]
28
29
30 dladm create-bridge [-P protect] [-R root-dir] [-p priority]
31 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
32 [-l link...] bridge-name
33
34
35 dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
36 [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
37 bridge-name
38
39
40 dladm delete-bridge [-R root-dir] bridge-name
41
42
43 dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name
44
45
46 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
47
48
49 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
50 [bridge-name]
51
52
53 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
54 dladm delete-vlan [-t] [-R root-dir] vlan-link
55 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
56
57
58 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
59 dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
60 [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]
61 [-m a | b | g] [-T time] [wifi-link]
62 dladm disconnect-wifi [-a] [wifi-link]
63 dladm show-wifi [[-p] -o field[,...]] [wifi-link]
64
65
66 dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]
67
68
69 dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
70 dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
71 dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]
72
73
74 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
75 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
76 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
77
78
79 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
80 {factory -n slot-identifier]} | {random [-r prefix]}]
81 [-v vlan-id] [-p prop=value[,...]] vnic-link
82 dladm delete-vnic [-t] [-R root-dir] vnic-link
83 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
84 [-l link] [vnic-link]
85
86
87 dladm create-etherstub [-t] [-R root-dir] etherstub
88 dladm delete-etherstub [-t] [-R root-dir] etherstub
89 dladm show-etherstub [etherstub]
90
91
92 dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
93 iptun-link
94 dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
95 dladm delete-iptun [-t] [-R root-dir] iptun-link
96 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
97
98
99 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
100 [-e time] [link]
101
102
104 The dladm command is used to administer data-links. A data-link is rep‐
105 resented in the system as a STREAMS DLPI (v2) interface which can be
106 plumbed under protocol stacks such as TCP/IP. Each data-link relies on
107 either a single network device or an aggregation of devices to send
108 packets to or receive packets from a network.
109
110
111 Each dladm subcommand operates on one of the following objects:
112
113 link
114
115 A datalink, identified by a name. In general, the name can use any
116 alphanumeric characters (or the underscore, _), but must start with
117 an alphabetic character and end with a number. A datalink name can
118 be at most 31 characters, and the ending number must be between 0
119 and 4294967294 (inclusive). The ending number must not begin with a
120 zero. Datalink names between 3 and 8 characters are recommended.
121
122 Some subcommands operate only on certain types or classes of
123 datalinks. For those cases, the following object names are used:
124
125 phys-link
126
127 A physical datalink.
128
129
130 vlan-link
131
132 A VLAN datalink.
133
134
135 aggr-link
136
137 An aggregation datalink (or a key; see NOTES).
138
139
140 ether-link
141
142 A physical Ethernet datalink.
143
144
145 wifi-link
146
147 A WiFi datalink.
148
149
150 vnic-link
151
152 A virtual network interface created on a link or an etherstub.
153 It is a pseudo device that can be treated as if it were an net‐
154 work interface card on a machine.
155
156
157 iptun-link
158
159 An IP tunnel link.
160
161
162
163 dev
164
165 A network device, identified by concatenation of a driver name and
166 an instance number.
167
168
169 etherstub
170
171 An Ethernet stub can be used instead of a physical NIC to create
172 VNICs. VNICs created on an etherstub will appear to be connected
173 through a virtual switch, allowing complete virtual networks to be
174 built without physical hardware.
175
176
177 bridge
178
179 A bridge instance, identified by an administratively-chosen name.
180 The name may use any alphanumeric characters or the underscore, _,
181 but must start and end with an alphabetic character. A bridge name
182 can be at most 31 characters. The name default is reserved, as are
183 all names starting with SUNW.
184
185 Note that appending a zero (0) to a bridge name produces a valid
186 link name, used for observability.
187
188
189 secobj
190
191 A secure object, identified by an administratively-chosen name. The
192 name can use any alphanumeric characters, as well as underscore
193 (_), period (.), and hyphen (-). A secure object name can be at
194 most 32 characters.
195
196
197 Options
198 Each dladm subcommand has its own set of options. However, many of the
199 subcommands have the following as a common option:
200
201 -R root-dir, --root-dir=root-dir
202
203 Specifies an alternate root directory where the operation-such as
204 creation, deletion, or renaming-should apply.
205
206
207 SUBCOMMANDS
208 The following subcommands are supported:
209
210 dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]][link]
211
212 Show link configuration information (the default) or statistics,
213 either for all datalinks or for the specified link link. By
214 default, the system is configured with one datalink for each known
215 network device.
216
217 -o field[,...], --output=field[,...]
218
219 A case-insensitive, comma-separated list of output fields to
220 display. When not modified by the -s option (described below),
221 the field name must be one of the fields listed below, or the
222 special value all to display all fields. By default (without
223 -o), show-link displays all fields.
224
225 LINK
226
227 The name of the datalink.
228
229
230 CLASS
231
232 The class of the datalink. dladm distinguishes between the
233 following classes:
234
235 phys
236
237 A physical datalink. The show-phys subcommand displays
238 more detail for this class of datalink.
239
240
241 aggr
242
243 An IEEE 802.3ad link aggregation. The show-aggr subcom‐
244 mand displays more detail for this class of datalink.
245
246
247 vlan
248
249 A VLAN datalink. The show-vlan subcommand displays more
250 detail for this class of datalink.
251
252
253 vnic
254
255 A virtual network interface. The show-vnic subcommand
256 displays more detail for this class of datalink.
257
258
259
260 MTU
261
262 The maximum transmission unit size for the datalink being
263 displayed.
264
265
266 STATE
267
268 The link state of the datalink. The state can be up, down,
269 or unknown.
270
271
272 BRIDGE
273
274 The name of the bridge to which this link is assigned, if
275 any.
276
277
278 OVER
279
280 The physical datalink(s) over which the datalink is operat‐
281 ing. This applies to aggr, bridge, and vlan classes of
282 datalinks. A VLAN is created over a single physical
283 datalink, a bridge has multiple attached links, and an
284 aggregation is comprised of one or more physical datalinks.
285
286 When the -o option is used in conjunction with the -s option,
287 used to display link statistics, the field name must be one of
288 the fields listed below, or the special value all to display
289 all fields
290
291 LINK
292
293 The name of the datalink.
294
295
296 IPACKETS
297
298 Number of packets received on this link.
299
300
301 RBYTES
302
303 Number of bytes received on this link.
304
305
306 IERRORS
307
308 Number of input errors.
309
310
311 OPACKETS
312
313 Number of packets sent on this link.
314
315
316 OBYTES
317
318 Number of bytes received on this link.
319
320
321 OERRORS
322
323 Number of output errors.
324
325
326
327 -p, --parseable
328
329 Display using a stable machine-parseable format. The -o option
330 is required with -p. See "Parseable Output Format", below.
331
332
333 -P, --persistent
334
335 Display the persistent link configuration.
336
337
338 -s, --statistics
339
340 Display link statistics.
341
342
343 -i interval, --interval=interval
344
345 Used with the -s option to specify an interval, in seconds, at
346 which statistics should be displayed. If this option is not
347 specified, statistics will be displayed only once.
348
349
350
351 dladm rename-link [-R root-dir] link new-link
352
353 Rename link to new-link. This is used to give a link a meaningful
354 name, or to associate existing link configuration such as link
355 properties of a removed device with a new device. See the EXAMPLES
356 section for specific examples of how this subcommand is used.
357
358 -R root-dir, --root-dir=root-dir
359
360 See "Options," above.
361
362
363
364 dladm delete-phys phys-link
365
366 This command is used to delete the persistent configuration of a
367 link associated with physical hardware which has been removed from
368 the system. See the EXAMPLES section.
369
370
371 dladm show-phys [-P] [[-p] -o field[,...]] [-H] [phys-link]
372
373 Show the physical device and attributes of all physical links, or
374 of the named physical link. Without -P, only physical links that
375 are available on the running system are displayed.
376
377 -H
378
379 Show hardware resource usage, as returned by the NIC driver.
380 Output from -H displays the following elements:
381
382 LINK
383
384 A physical device corresponding to a NIC driver.
385
386
387 GROUP
388
389 A collection of rings.
390
391
392 GROUPTYPE
393
394 RX or TX. All rings in a group are of the same group type.
395
396
397 RINGS
398
399 A hardware resource used by a data link, subject to assign‐
400 ment by a driver to different groups.
401
402
403 CLIENTS
404
405 MAC clients that are using the rings within a group.
406
407
408
409 -o field, --output=field
410
411 A case-insensitive, comma-separated list of output fields to
412 display. The field name must be one of the fields listed below,
413 or the special value all, to display all fields. For each link,
414 the following fields can be displayed:
415
416 LINK
417
418 The name of the datalink.
419
420
421 MEDIA
422
423 The media type provided by the physical datalink.
424
425
426 STATE
427
428 The state of the link. This can be up, down, or unknown.
429
430
431 SPEED
432
433 The current speed of the link, in megabits per second.
434
435
436 DUPLEX
437
438 For Ethernet links, the full/half duplex status of the link
439 is displayed if the link state is up. The duplex is dis‐
440 played as unknown in all other cases.
441
442
443 DEVICE
444
445 The name of the physical device under this link.
446
447
448
449 -p, --parseable
450
451 Display using a stable machine-parseable format. The -o option
452 is required with -p. See "Parseable Output Format", below.
453
454
455 -P, --persistent
456
457 This option displays persistent configuration for all links,
458 including those that have been removed from the system. The
459 output provides a FLAGS column in which the r flag indicates
460 that the physical device associated with a physical link has
461 been removed. For such links, delete-phys can be used to purge
462 the link's configuration from the system.
463
464
465
466 dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
467 [-u address] -l ether-link1 [-l ether-link2...] aggr-link
468
469 Combine a set of links into a single IEEE 802.3ad link aggregation
470 named aggr-link. The use of an integer key to generate a link name
471 for the aggregation is also supported for backward compatibility.
472 Many of the *-aggr subcommands below also support the use of a key
473 to refer to a given aggregation, but use of the aggregation link
474 name is preferred. See the NOTES section for more information on
475 keys.
476
477 dladm supports a number of port selection policies for an aggrega‐
478 tion of ports. (See the description of the -P option, below.) If
479 you do not specify a policy, create-aggr uses the default, the L4
480 policy, described under the -P option.
481
482 -l ether-link, --link=ether-link
483
484 Each Ethernet link (or port) in the aggregation is specified
485 using an -l option followed by the name of the link to be
486 included in the aggregation. Multiple links are included in the
487 aggregation by specifying multiple -l options. For backward
488 compatibility with previous versions of Solaris, the dladm com‐
489 mand also supports the using the -d option (or --dev) with a
490 device name to specify links by their underlying device name.
491 The other *-aggr subcommands that take -loptions also accept
492 -d.
493
494
495 -t, --temporary
496
497 Specifies that the aggregation is temporary. Temporary aggrega‐
498 tions last until the next reboot.
499
500
501 -R root-dir, --root-dir=root-dir
502
503 See "Options," above.
504
505
506 -P policy, --policy=policy
507
508
509 Specifies the port selection policy to use for load spreading
510 of outbound traffic. The policy specifies which dev object is
511 used to send packets. A policy is a list of one or more layers
512 specifiers separated by commas. A layer specifier is one of the
513 following:
514
515 L2
516
517 Select outbound device according to source and destination
518 MAC addresses of the packet.
519
520
521 L3
522
523 Select outbound device according to source and destination
524 IP addresses of the packet.
525
526
527 L4
528
529 Select outbound device according to the upper layer proto‐
530 col information contained in the packet. For TCP and UDP,
531 this includes source and destination ports. For IPsec, this
532 includes the SPI (Security Parameters Index).
533
534 For example, to use upper layer protocol information, the fol‐
535 lowing policy can be used:
536
537 -P L4
538
539
540 Note that policy L4 is the default.
541
542 To use the source and destination MAC addresses as well as the
543 source and destination IP addresses, the following policy can
544 be used:
545
546 -P L2,L3
547
548
549
550
551 -L mode, --lacp-mode=mode
552
553 Specifies whether LACP should be used and, if used, the mode in
554 which it should operate. Supported values are off, active or
555 passive.
556
557
558 -T time, --lacp-timer=time
559
560
561 Specifies the LACP timer value. The supported values are short
562 or longjjj.
563
564
565 -u address, --unicast=address
566
567 Specifies a fixed unicast hardware address to be used for the
568 aggregation. If this option is not specified, then an address
569 is automatically chosen from the set of addresses of the compo‐
570 nent devices.
571
572
573
574 dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
575 [-u address] aggr-link
576
577 Modify the parameters of the specified aggregation.
578
579 -t, --temporary
580
581 Specifies that the modification is temporary. Temporary aggre‐
582 gations last until the next reboot.
583
584
585 -R root-dir, --root-dir=root-dir
586
587 See "Options," above.
588
589
590 -P policy, --policy=policy
591
592 Specifies the port selection policy to use for load spreading
593 of outbound traffic. See dladm create-aggr for a description of
594 valid policy values.
595
596
597 -L mode, --lacp-mode=mode
598
599 Specifies whether LACP should be used and, if used, the mode in
600 which it should operate. Supported values are off, active, or
601 passive.
602
603
604 -T time, --lacp-timer=time
605
606
607 Specifies the LACP timer value. The supported values are short
608 or long.
609
610
611 -u address, --unicast=address
612
613 Specifies a fixed unicast hardware address to be used for the
614 aggregation. If this option is not specified, then an address
615 is automatically chosen from the set of addresses of the compo‐
616 nent devices.
617
618
619
620 dladm delete-aggr [-t] [-R root-dir] aggr-link
621
622 Deletes the specified aggregation.
623
624 -t, --temporary
625
626 Specifies that the deletion is temporary. Temporary deletions
627 last until the next reboot.
628
629
630 -R root-dir, --root-dir=root-dir
631
632 See "Options," above.
633
634
635
636 dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--link=ether-
637 link2...] aggr-link
638
639 Adds links to the specified aggregation.
640
641 -l ether-link, --link=ether-link
642
643 Specifies an Ethernet link to add to the aggregation. Multiple
644 links can be added by supplying multiple -l options.
645
646
647 -t, --temporary
648
649 Specifies that the additions are temporary. Temporary additions
650 last until the next reboot.
651
652
653 -R root-dir, --root-dir=root-dir
654
655 See "Options," above.
656
657
658
659 dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--l=ether-
660 link2...] aggr-link
661
662 Removes links from the specified aggregation.
663
664 -l ether-link, --link=ether-link
665
666 Specifies an Ethernet link to remove from the aggregation. Mul‐
667 tiple links can be added by supplying multiple -l options.
668
669
670 -t, --temporary
671
672 Specifies that the removals are temporary. Temporary removal
673 last until the next reboot.
674
675
676 -R root-dir, --root-dir=root-dir
677
678 See "Options," above.
679
680
681
682 dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]] [aggr-
683 link]
684
685 Show aggregation configuration (the default), LACP information, or
686 statistics, either for all aggregations or for the specified aggre‐
687 gation.
688
689 By default (with no options), the following fields can be dis‐
690 played:
691
692 LINK
693
694 The name of the aggregation link.
695
696
697 POLICY
698
699 The LACP policy of the aggregation. See the create-aggr -P
700 option for a description of the possible values.
701
702
703 ADDRPOLICY
704
705 Either auto, if the aggregation is configured to automatically
706 configure its unicast MAC address (the default if the -u option
707 was not used to create or modify the aggregation), or fixed, if
708 -u was used to set a fixed MAC address.
709
710
711 LACPACTIVITY
712
713 The LACP mode of the aggregation. Possible values are off,
714 active, or passive, as set by the -l option to create-aggr or
715 modify-aggr.
716
717
718 LACPTIMER
719
720 The LACP timer value of the aggregation as set by the -T option
721 of create-aggr or modify-aggr.
722
723
724 FLAGS
725
726 A set of state flags associated with the aggregation. The only
727 possible flag is f, which is displayed if the administrator
728 forced the creation the aggregation using the -f option to cre‐
729 ate-aggr. Other flags might be defined in the future.
730
731 The show-aggr command accepts the following options:
732
733 -L, --lacp
734
735 Displays detailed LACP information for the aggregation link and
736 each underlying port. Most of the state information displayed
737 by this option is defined by IEEE 802.3. With this option, the
738 following fields can be displayed:
739
740 LINK
741
742 The name of the aggregation link.
743
744
745 PORT
746
747 The name of one of the underlying aggregation ports.
748
749
750 AGGREGATABLE
751
752 Whether the port can be added to the aggregation.
753
754
755 SYNC
756
757 If yes, the system considers the port to be synchronized
758 and part of the aggregation.
759
760
761 COLL
762
763 If yes, collection of incoming frames is enabled on the
764 associated port.
765
766
767 DIST
768
769 If yes, distribution of outgoing frames is enabled on the
770 associated port.
771
772
773 DEFAULTED
774
775 If yes, the port is using defaulted partner information
776 (that is, has not received LACP data from the LACP part‐
777 ner).
778
779
780 EXPIRED
781
782 If yes, the receive state of the port is in the EXPIRED
783 state.
784
785
786
787 -x, --extended
788
789 Display additional aggregation information including detailed
790 information on each underlying port. With -x, the following
791 fields can be displayed:
792
793 LINK
794
795 The name of the aggregation link.
796
797
798 PORT
799
800 The name of one of the underlying aggregation ports.
801
802
803 SPEED
804
805 The speed of the link or port in megabits per second.
806
807
808 DUPLEX
809
810 The full/half duplex status of the link or port is dis‐
811 played if the link state is up. The duplex status is dis‐
812 played as unknown in all other cases.
813
814
815 STATE
816
817 The link state. This can be up, down, or unknown.
818
819
820 ADDRESS
821
822 The MAC address of the link or port.
823
824
825 PORTSTATE
826
827 This indicates whether the individual aggregation port is
828 in the standby or attached state.
829
830
831
832 -o field[,...], --output=field[,...]
833
834 A case-insensitive, comma-separated list of output fields to
835 display. The field name must be one of the fields listed above,
836 or the special value all, to display all fields. The fields
837 applicable to the -o option are limited to those listed under
838 each output mode. For example, if using -L, only the fields
839 listed under -L, above, can be used with -o.
840
841
842 -p, --parseable
843
844 Display using a stable machine-parseable format. The -o option
845 is required with -p. See "Parseable Output Format", below.
846
847
848 -P, --persistent
849
850 Display the persistent aggregation configuration rather than
851 the state of the running system.
852
853
854 -s, --statistics
855
856 Displays aggregation statistics.
857
858
859 -i interval, --interval=interval
860
861 Used with the -s option to specify an interval, in seconds, at
862 which statistics should be displayed. If this option is not
863 specified, statistics will be displayed only once.
864
865
866
867 dladm create-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
868 max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
869 link...] bridge-name
870
871 Create an 802.1D bridge instance and optionally assign one or more
872 network links to the new bridge. By default, no bridge instances
873 are present on the system.
874
875 In order to bridge between links, you must create at least one
876 bridge instance. Each bridge instance is separate, and there is no
877 forwarding connection between bridges.
878
879 -P protect, --protect=protect
880
881 Specifies a protection method. The defined protection methods
882 are stp for the Spanning Tree Protocol and trill for TRILL,
883 which is used on RBridges. The default value is stp.
884
885
886 -R root-dir, --root-dir=root-dir
887
888 See "Options," above.
889
890
891 -p priority, --priority=priority
892
893 Specifies the Bridge Priority. This sets the IEEE STP priority
894 value for determining the root bridge node in the network. The
895 default value is 32768. Valid values are 0 (highest priority)
896 to 61440 (lowest priority), in increments of 4096.
897
898 If a value not evenly divisible by 4096 is used, the system
899 silently rounds downward to the next lower value that is divis‐
900 ible by 4096.
901
902
903 -m max-age, --max-age=max-age
904
905 Specifies the maximum age for configuration information in sec‐
906 onds. This sets the STP Bridge Max Age parameter. This value is
907 used for all nodes in the network if this node is the root
908 bridge. Bridge link information older than this time is dis‐
909 carded. It defaults to 20 seconds. Valid values are from 6 to
910 40 seconds. See the -d forward-delay parameter for additional
911 constraints.
912
913
914 -h hello-time, --hello-time=hello-time
915
916 Specifies the STP Bridge Hello Time parameter. When this node
917 is the root node, it sends Configuration BPDUs at this interval
918 throughout the network. The default value is 2 seconds. Valid
919 values are from 1 to 10 seconds. See the -d forward-delay
920 parameter for additional constraints.
921
922
923 -d forward-delay, --forward-delay=forward-delay
924
925 Specifies the STP Bridge Forward Delay parameter. When this
926 node is the root node, then all bridges in the network use this
927 timer to sequence the link states when a port is enabled. The
928 default value is 15 seconds. Valid values are from 4 to 30 sec‐
929 onds.
930
931 Bridges must obey the following two constraints:
932
933 2 * (forward-delay - 1.0) >= max-age
934
935 max-age >= 2 * (hello-time + 1.0)
936
937
938 Any parameter setting that would violate those constraints is
939 treated as an error and causes the command to fail with a diag‐
940 nostic message. The message provides valid alternatives to the
941 supplied values.
942
943
944 -f force-protocol, --force-protocol=force-protocol
945
946 Specifies the MSTP forced maximum supported protocol. The
947 default value is 3. Valid values are non-negative integers. The
948 current implementation does not support RSTP or MSTP, so this
949 currently has no effect. However, to prevent MSTP from being
950 used in the future, the parameter may be set to 0 for STP only
951 or 2 for STP and RSTP.
952
953
954 -l link, --link=link
955
956 Specifies one or more links to add to the newly-created bridge.
957 This is similar to creating the bridge and then adding one or
958 more links, as with the add-bridge subcommand. However, if any
959 of the links cannot be added, the entire command fails, and the
960 new bridge itself is not created. To add multiple links on the
961 same command line, repeat this option for each link. You are
962 permitted to create bridges without links. For more information
963 about link assignments, see the add-bridge subcommand.
964
965 Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG
966 privilege. Bridge creation might fail if the optional bridging fea‐
967 ture is not installed on the system.
968
969
970 dladm modify-bridge [ -P protect] [-R root-dir] [ -p priority] [ -m
971 max-age] [ -h hello-time] [ -d forward-delay] [ -f force-protocol] [-l
972 link...] bridge-name
973
974 Modify the operational parameters of an existing bridge. The
975 options are the same as for the create-bridge subcommand, except
976 that the -l option is not permitted. To add links to an existing
977 bridge, use the add-bridge subcommand.
978
979 Bridge parameter modification requires the PRIV_SYS_DL_CONFIG priv‐
980 ilege.
981
982
983 dladm delete-bridge [-R root-dir] bridge-name
984
985 Delete a bridge instance. The bridge being deleted must not have
986 any attached links. Use the remove-bridge subcommand to deactivate
987 links before deleting a bridge.
988
989 Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
990
991 The -R (--root-dir) option is the same as for the create-bridge
992 subcommand.
993
994
995 dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
996
997 Add one or more links to an existing bridge. If multiple links are
998 specified, and adding any one of them results in an error, the com‐
999 mand fails and no changes are made to the system.
1000
1001 Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privi‐
1002 lege.
1003
1004 A link may be a member of at most one bridge. An error occurs when
1005 you attempt to add a link that already belongs to another bridge.
1006 To move a link from one bridge instance to another, remove it from
1007 the current bridge before adding it to a new one.
1008
1009 The links assigned to a bridge must not also be VLANs, VNICs, or
1010 tunnels. Only physical Ethernet datalinks, aggregation datalinks,
1011 wireless links, and Ethernet stubs are permitted to be assigned to
1012 a bridge.
1013
1014 Links assigned to a bridge must all have the same MTU. This is
1015 checked when the link is assigned. The link is added to the bridge
1016 in a deactivated form if it is not the first link on the bridge and
1017 it has a differing MTU.
1018
1019 Note that systems using bridging should not set the eeprom(1M)
1020 local-mac-address? variable to false.
1021
1022 The options are the same as for the create-bridge subcommand.
1023
1024
1025 dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
1026
1027 Remove one or more links from a bridge instance. If multiple links
1028 are specified, and removing any one of them would result in an
1029 error, the command fails and none are removed.
1030
1031 Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privi‐
1032 lege.
1033
1034 The options are the same as for the create-bridge subcommand.
1035
1036
1037 dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
1038 [bridge-name]
1039
1040 Show the running status and configuration of bridges, their
1041 attached links, learned forwarding entries, and TRILL nickname
1042 databases. When showing overall bridge status and configuration,
1043 the bridge name can be omitted to show all bridges. The other forms
1044 require a specified bridge.
1045
1046 The show-bridge subcommand accepts the following options:
1047
1048 -i interval, --interval=interval
1049
1050 Used with the -s option to specify an interval, in seconds, at
1051 which statistics should be displayed. If this option is not
1052 specified, statistics will be displayed only once.
1053
1054
1055 -s, --statistics
1056
1057 Display statistics for the specified bridges or for a given
1058 bridge's attached links. This option cannot be used with the -f
1059 and -t options.
1060
1061
1062 -p, --parseable
1063
1064 Display using a stable machine-parsable format. See "Parsable
1065 Output Format," below.
1066
1067
1068 -o field[,...], --output=field[,...]
1069
1070 A case-insensitive, comma-separated list of output fields to
1071 display. The field names are described below. The special value
1072 all displays all fields. Each set of fields has its own default
1073 set to display when -o is not specified.
1074
1075 By default, the show-bridge subcommand shows bridge configuration.
1076 The following fields can be shown:
1077
1078 BRIDGE
1079
1080 The name of the bridge.
1081
1082
1083 ADDRESS
1084
1085 The Bridge Unique Identifier value (MAC address).
1086
1087
1088 PRIORITY
1089
1090 Configured priority value; set by -p with create-bridge and
1091 modify-bridge.
1092
1093
1094 BMAXAGE
1095
1096 Configured bridge maximum age; set by -m with create-bridge and
1097 modify-bridge.
1098
1099
1100 BHELLOTIME
1101
1102 Configured bridge hello time; set by -h with create-bridge and
1103 modify-bridge.
1104
1105
1106 BFWDDELAY
1107
1108 Configured forwarding delay; set by -d with create-bridge and
1109 modify-bridge.
1110
1111
1112 FORCEPROTO
1113
1114 Configured forced maximum protocol; set by -f with create-
1115 bridge and modify-bridge.
1116
1117
1118 TCTIME
1119
1120 Time, in seconds, since last topology change.
1121
1122
1123 TCCOUNT
1124
1125 Count of the number of topology changes.
1126
1127
1128 TCHANGE
1129
1130 This indicates that a topology change was detected.
1131
1132
1133 DESROOT
1134
1135 Bridge Identifier of the root node.
1136
1137
1138 ROOTCOST
1139
1140 Cost of the path to the root node.
1141
1142
1143 ROOTPORT
1144
1145 Port number used to reach the root node.
1146
1147
1148 MAXAGE
1149
1150 Maximum age value from the root node.
1151
1152
1153 HELLOTIME
1154
1155 Hello time value from the root node.
1156
1157
1158 FWDDELAY
1159
1160 Forward delay value from the root node.
1161
1162
1163 HOLDTIME
1164
1165 Minimum BPDU interval.
1166
1167 By default, when the -o option is not specified, only the BRIDGE,
1168 ADDRESS, PRIORITY, and DESROOT fields are shown.
1169
1170 When the -s option is specified, the show-bridge subcommand shows
1171 bridge statistics. The following fields can be shown:
1172
1173 BRIDGE
1174
1175 Bridge name.
1176
1177
1178 DROPS
1179
1180 Number of packets dropped due to resource problems.
1181
1182
1183 FORWARDS
1184
1185 Number of packets forwarded from one link to another.
1186
1187
1188 MBCAST
1189
1190 Number of multicast and broadcast packets handled by the
1191 bridge.
1192
1193
1194 RECV
1195
1196 Number of packets received on all attached links.
1197
1198
1199 SENT
1200
1201 Number of packets sent on all attached links.
1202
1203
1204 UNKNOWN
1205
1206 Number of packets handled that have an unknown destination.
1207 Such packets are sent to all links.
1208
1209 By default, when the -o option is not specified, only the BRIDGE,
1210 DROPS, and FORWARDS fields are shown.
1211
1212 The show-bridge subcommand also accepts the following options:
1213
1214 -l, --link
1215
1216 Displays link-related status and statistics information for all
1217 links attached to a single bridge instance. By using this
1218 option and without the -s option, the following fields can be
1219 displayed for each link:
1220
1221 LINK
1222
1223 The link name.
1224
1225
1226 INDEX
1227
1228 Port (link) index number on the bridge.
1229
1230
1231 STATE
1232
1233 State of the link. The state can be disabled, discarding,
1234 learning, forwarding, non-stp, or bad-mtu.
1235
1236
1237 UPTIME
1238
1239 Number of seconds since the last reset or initialization.
1240
1241
1242 OPERCOST
1243
1244 Actual cost in use (1-65535).
1245
1246
1247 OPERP2P
1248
1249 This indicates whether point-to-point (P2P) mode been
1250 detected.
1251
1252
1253 OPEREDGE
1254
1255 This indicates whether edge mode has been detected.
1256
1257
1258 DESROOT
1259
1260 The Root Bridge Identifier that has been seen on this port.
1261
1262
1263 DESCOST
1264
1265 Path cost to the network root node through the designated
1266 port.
1267
1268
1269 DESBRIDGE
1270
1271 Bridge Identifier for this port.
1272
1273
1274 DESPORT
1275
1276 The ID and priority of the port used to transmit configura‐
1277 tion messages for this port.
1278
1279
1280 TCACK
1281
1282 This indicates whether Topology Change Acknowledge has been
1283 seen.
1284
1285 When the -l option is specified without the -o option, only the
1286 LINK, STATE, UPTIME, and DESROOT fields are shown.
1287
1288 When the -l option is specified, the -s option can be used to
1289 display the following fields for each link:
1290
1291 LINK
1292
1293 Link name.
1294
1295
1296 CFGBPDU
1297
1298 Number of configuration BPDUs received.
1299
1300
1301 TCNBPDU
1302
1303 Number of topology change BPDUs received.
1304
1305
1306 RSTPBPDU
1307
1308 Number of Rapid Spanning Tree BPDUs received.
1309
1310
1311 TXBPDU
1312
1313 Number of BPDUs transmitted.
1314
1315
1316 DROPS
1317
1318 Number of packets dropped due to resource problems.
1319
1320
1321 RECV
1322
1323 Number of packets received by the bridge.
1324
1325
1326 XMIT
1327
1328 Number of packets sent by the bridge.
1329
1330 When the -o option is not specified, only the LINK, DROPS,
1331 RECV, and XMIT fields are shown.
1332
1333
1334 -f, --forwarding
1335
1336 Displays forwarding entries for a single bridge instance. With
1337 this option, the following fields can be shown for each for‐
1338 warding entry:
1339
1340 DEST
1341
1342 Destination MAC address.
1343
1344
1345 AGE
1346
1347 Age of entry in seconds and milliseconds. Omitted for local
1348 entries.
1349
1350
1351 FLAGS
1352
1353 The L (local) flag is shown if the MAC address belongs to
1354 an attached link or to a VNIC on one of the attached links.
1355
1356
1357 OUTPUT
1358
1359 For local entries, this is the name of the attached link
1360 that has the MAC address. Otherwise, for bridges that use
1361 Spanning Tree Protocol, this is the output interface name.
1362 For RBridges, this is the output TRILL nickname.
1363
1364 When the -o option is not specified, the DEST, AGE, FLAGS, and
1365 OUTPUT fields are shown.
1366
1367
1368 -t, --trill
1369
1370 Displays TRILL nickname entries for a single bridge instance.
1371 With this option, the following fields can be shown for each
1372 TRILL nickname entry:
1373
1374 NICK
1375
1376 TRILL nickname for this RBridge, which is a number from 1
1377 to 65535.
1378
1379
1380 FLAGS
1381
1382 The L flag is shown if the nickname identifies the local
1383 system.
1384
1385
1386 LINK
1387
1388 Link name for output when sending messages to this RBridge.
1389
1390
1391 NEXTHOP
1392
1393 MAC address of the next hop RBridge that is used to reach
1394 the RBridge with this nickname.
1395
1396 When the -o option is not specified, the NICK, FLAGS, LINK, and
1397 NEXTHOP fields are shown.
1398
1399
1400
1401 dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
1402
1403 Create a tagged VLAN link with an ID of vid over Ethernet link
1404 ether-link. The name of the VLAN link can be specified as vlan-
1405 link. If the name is not specified, a name will be automatically
1406 generated (assuming that ether-link is namePPA) as:
1407
1408 <name><1000 * vlan-tag + PPA>
1409
1410
1411 For example, if ether-link is bge1 and vid is 2, the name generated
1412 is bge2001.
1413
1414 -f, --force
1415
1416 Force the creation of the VLAN link. Some devices do not allow
1417 frame sizes large enough to include a VLAN header. When creat‐
1418 ing a VLAN link over such a device, the -f option is needed,
1419 and the MTU of the IP interfaces on the resulting VLAN must be
1420 set to 1496 instead of 1500.
1421
1422
1423 -l ether-link
1424
1425 Specifies Ethernet link over which VLAN is created.
1426
1427
1428 -t, --temporary
1429
1430 Specifies that the VLAN link is temporary. Temporary VLAN links
1431 last until the next reboot.
1432
1433
1434 -R root-dir, --root-dir=root-dir
1435
1436 See "Options," above.
1437
1438
1439
1440 dladm delete-vlan [-t] [-R root-dir] vlan-link
1441
1442 Delete the VLAN link specified.
1443
1444 The delete-vlansubcommand accepts the following options:
1445
1446 -t, --temporary
1447
1448 Specifies that the deletion is temporary. Temporary deletions
1449 last until the next reboot.
1450
1451
1452 -R root-dir, --root-dir=root-dir
1453
1454 See "Options," above.
1455
1456
1457
1458 dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
1459
1460 Display VLAN configuration for all VLAN links or for the specified
1461 VLAN link.
1462
1463 The show-vlansubcommand accepts the following options:
1464
1465 -o field[,...], --output=field[,...]
1466
1467 A case-insensitive, comma-separated list of output fields to
1468 display. The field name must be one of the fields listed below,
1469 or the special value all, to display all fields. For each VLAN
1470 link, the following fields can be displayed:
1471
1472 LINK
1473
1474 The name of the VLAN link.
1475
1476
1477 VID
1478
1479 The ID associated with the VLAN.
1480
1481
1482 OVER
1483
1484 The name of the physical link over which this VLAN is con‐
1485 figured.
1486
1487
1488 FLAGS
1489
1490 A set of flags associated with the VLAN link. Possible
1491 flags are:
1492
1493 f
1494
1495 The VLAN was created using the -f option to create-
1496 vlan.
1497
1498
1499 i
1500
1501 The VLAN was implicitly created when the DLPI link was
1502 opened. These VLAN links are automatically deleted on
1503 last close of the DLPI link (for example, when the IP
1504 interface associated with the VLAN link is unplumbed).
1505
1506 Additional flags might be defined in the future.
1507
1508
1509
1510 -p, --parseable
1511
1512 Display using a stable machine-parseable format. The -o option
1513 is required with -p. See "Parseable Output Format", below.
1514
1515
1516 -P, --persistent
1517
1518 Display the persistent VLAN configuration rather than the state
1519 of the running system.
1520
1521
1522
1523 dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
1524
1525 Scans for WiFi networks, either on all WiFi links, or just on the
1526 specified wifi-link.
1527
1528 By default, currently all fields but BSSTYPE are displayed.
1529
1530 -o field[,...], --output=field[,...]
1531
1532 A case-insensitive, comma-separated list of output fields to
1533 display. The field name must be one of the fields listed below,
1534 or the special value all to display all fields. For each WiFi
1535 network found, the following fields can be displayed:
1536
1537 LINK
1538
1539 The name of the link the WiFi network is on.
1540
1541
1542 ESSID
1543
1544 The ESSID (name) of the WiFi network.
1545
1546
1547 BSSID
1548
1549 Either the hardware address of the WiFi network's Access
1550 Point (for BSS networks), or the WiFi network's randomly
1551 generated unique token (for IBSS networks).
1552
1553
1554 SEC
1555
1556 Either none for a WiFi network that uses no security, wep
1557 for a WiFi network that requires WEP (Wired Equivalent Pri‐
1558 vacy), or wpa for a WiFi network that requires WPA (Wi-Fi
1559 Protected Access).
1560
1561
1562 MODE
1563
1564 The supported connection modes: one or more of a, b, or g.
1565
1566
1567 STRENGTH
1568
1569 The strength of the signal: one of excellent, very good,
1570 good, weak, or very weak.
1571
1572
1573 SPEED
1574
1575 The maximum speed of the WiFi network, in megabits per sec‐
1576 ond.
1577
1578
1579 BSSTYPE
1580
1581 Either bss for BSS (infrastructure) networks, or ibss for
1582 IBSS (ad-hoc) networks.
1583
1584
1585
1586 -p, --parseable
1587
1588 Display using a stable machine-parseable format. The -o option
1589 is required with -p. See "Parseable Output Format", below.
1590
1591
1592
1593 dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s none | wep |
1594 wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T time] [wifi-
1595 link]
1596
1597 Connects to a WiFi network. This consists of four steps: discovery,
1598 filtration, prioritization, and association. However, to enable
1599 connections to non-broadcast WiFi networks and to improve perfor‐
1600 mance, if a BSSID or ESSID is specified using the -e or -i options,
1601 then the first three steps are skipped and connect-wifi immediately
1602 attempts to associate with a BSSID or ESSID that matches the rest
1603 of the provided parameters. If this association fails, but there is
1604 a possibility that other networks matching the specified criteria
1605 exist, then the traditional discovery process begins as specified
1606 below.
1607
1608 The discovery step finds all available WiFi networks on the speci‐
1609 fied WiFi link, which must not yet be connected. For administrative
1610 convenience, if there is only one WiFi link on the system, wifi-
1611 link can be omitted.
1612
1613 Once discovery is complete, the list of networks is filtered
1614 according to the value of the following options:
1615
1616 -e essid, --essid=essid
1617
1618 Networks that do not have the same essid are filtered out.
1619
1620
1621 -b bss|ibss, --bsstype=bss|ibss
1622
1623 Networks that do not have the same bsstype are filtered out.
1624
1625
1626 -m a|b|g, --mode=a|b|g
1627
1628 Networks not appropriate for the specified 802.11 mode are fil‐
1629 tered out.
1630
1631
1632 -k key,..., --key=key, ...
1633
1634 Use the specified secobj named by the key to connect to the
1635 network. Networks not appropriate for the specified keys are
1636 filtered out.
1637
1638
1639 -s none|wep|wpa, --sec=none|wep|wpa
1640
1641 Networks not appropriate for the specified security mode are
1642 filtered out.
1643
1644 Next, the remaining networks are prioritized, first by signal
1645 strength, and then by maximum speed. Finally, an attempt is made to
1646 associate with each network in the list, in order, until one suc‐
1647 ceeds or no networks remain.
1648
1649 In addition to the options described above, the following options
1650 also control the behavior of connect-wifi:
1651
1652 -a open|shared, --auth=open|shared
1653
1654 Connect using the specified authentication mode. By default,
1655 open and shared are tried in order.
1656
1657
1658 -c, --create-ibss
1659
1660 Used with -b ibss to create a new ad-hoc network if one match‐
1661 ing the specified ESSID cannot be found. If no ESSID is speci‐
1662 fied, then -c -b ibss always triggers the creation of a new ad-
1663 hoc network.
1664
1665
1666 -T time, --timeout=time
1667
1668 Specifies the number of seconds to wait for association to suc‐
1669 ceed. If time is forever, then the associate will wait indefi‐
1670 nitely. The current default is ten seconds, but this might
1671 change in the future. Timeouts shorter than the default might
1672 not succeed reliably.
1673
1674
1675 -k key,..., --key=key,...
1676
1677 In addition to the filtering previously described, the speci‐
1678 fied keys will be used to secure the association. The security
1679 mode to use will be based on the key class; if a security mode
1680 was explicitly specified, it must be compatible with the key
1681 class. All keys must be of the same class.
1682
1683 For security modes that support multiple key slots, the slot to
1684 place the key will be specified by a colon followed by an
1685 index. Therefore, -k mykey:3 places mykey in slot 3. By
1686 default, slot 1 is assumed. For security modes that support
1687 multiple keys, a comma-separated list can be specified, with
1688 the first key being the active key.
1689
1690
1691
1692 dladm disconnect-wifi [-a] [wifi-link]
1693
1694 Disconnect from one or more WiFi networks. If wifi-link specifies a
1695 connected WiFi link, then it is disconnected. For administrative
1696 convenience, if only one WiFi link is connected, wifi-link can be
1697 omitted.
1698
1699 -a, --all-links
1700
1701 Disconnects from all connected links. This is primarily
1702 intended for use by scripts.
1703
1704
1705
1706 dladm show-wifi [[-p] -o field,...] [wifi-link]
1707
1708 Shows WiFi configuration information either for all WiFi links or
1709 for the specified link wifi-link.
1710
1711 -o field,..., --output=field
1712
1713 A case-insensitive, comma-separated list of output fields to
1714 display. The field name must be one of the fields listed below,
1715 or the special value all, to display all fields. For each WiFi
1716 link, the following fields can be displayed:
1717
1718 LINK
1719
1720 The name of the link being displayed.
1721
1722
1723 STATUS
1724
1725 Either connected if the link is connected, or disconnected
1726 if it is not connected. If the link is disconnected, all
1727 remaining fields have the value --.
1728
1729
1730 ESSID
1731
1732 The ESSID (name) of the connected WiFi network.
1733
1734
1735 BSSID
1736
1737 Either the hardware address of the WiFi network's Access
1738 Point (for BSS networks), or the WiFi network's randomly
1739 generated unique token (for IBSS networks).
1740
1741
1742 SEC
1743
1744 Either none for a WiFi network that uses no security, wep
1745 for a WiFi network that requires WEP, or wpa for a WiFi
1746 network that requires WPA.
1747
1748
1749 MODE
1750
1751 The supported connection modes: one or more of a, b, or g.
1752
1753
1754 STRENGTH
1755
1756 The connection strength: one of excellent, very good, good,
1757 weak, or very weak.
1758
1759
1760 SPEED
1761
1762 The connection speed, in megabits per second.
1763
1764
1765 AUTH
1766
1767 Either open or shared (see connect-wifi).
1768
1769
1770 BSSTYPE
1771
1772 Either bss for BSS (infrastructure) networks, or ibss for
1773 IBSS (ad-hoc) networks.
1774
1775 By default, currently all fields but AUTH, BSSID, BSSTYPE are
1776 displayed.
1777
1778
1779 -p, --parseable
1780
1781 Displays using a stable machine-parseable format. The -o option
1782 is required with -p. See "Parseable Output Format", below.
1783
1784
1785
1786 dladm show-ether [-x] [[-p] -o field,...] [ether-link]
1787
1788 Shows state information either for all physical Ethernet links or
1789 for a specified physical Ethernet link.
1790
1791 The show-ether subcommand accepts the following options:
1792
1793 -o field,..., --output=field
1794
1795 A case-insensitive, comma-separated list of output fields to
1796 display. The field name must be one of the fields listed below,
1797 or the special value all to display all fields. For each link,
1798 the following fields can be displayed:
1799
1800 LINK
1801
1802 The name of the link being displayed.
1803
1804
1805 PTYPE
1806
1807 Parameter type, where current indicates the negotiated
1808 state of the link, capable indicates capabilities supported
1809 by the device, adv indicates the advertised capabilities,
1810 and peeradv indicates the capabilities advertised by the
1811 link-partner.
1812
1813
1814 STATE
1815
1816 The state of the link.
1817
1818
1819 AUTO
1820
1821 A yes/no value indicating whether auto-negotiation is
1822 advertised.
1823
1824
1825 SPEED-DUPLEX
1826
1827 Combinations of speed and duplex values available. The
1828 units of speed are encoded with a trailing suffix of G
1829 (Gigabits/s) or M (Mb/s). Duplex values are encoded as f
1830 (full-duplex) or h (half-duplex).
1831
1832
1833 PAUSE
1834
1835 Flow control information. Can be no, indicating no flow
1836 control is available; tx, indicating that the end-point can
1837 transmit pause frames, but ignores any received pause
1838 frames; rx, indicating that the end-point receives and acts
1839 upon received pause frames; or bi, indicating bi-direc‐
1840 tional flow-control.
1841
1842
1843 REM_FAULT
1844
1845 Fault detection information. Valid values are none or
1846 fault.
1847
1848 By default, all fields except REM_FAULT are displayed for the
1849 "current" PTYPE.
1850
1851
1852 -p, --parseable
1853
1854 Displays using a stable machine-parseable format. The -o option
1855 is required with -p. See "Parseable Output Format", below.
1856
1857
1858 -x, --extended
1859
1860 Extended output is displayed for PTYPE values of current, capa‐
1861 ble, adv and peeradv.
1862
1863
1864
1865 dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
1866
1867 Sets the values of one or more properties on the link specified.
1868 The list of properties and their possible values depend on the link
1869 type, the network device driver, and networking hardware. These
1870 properties can be retrieved using show-linkprop.
1871
1872 -t, --temporary
1873
1874 Specifies that the changes are temporary. Temporary changes
1875 last until the next reboot.
1876
1877
1878 -R root-dir, --root-dir=root-dir
1879
1880 See "Options," above.
1881
1882
1883 -p prop=value[,...], --prop prop=value[,...]
1884
1885
1886 A comma-separated list of properties to set to the specified
1887 values.
1888
1889 Note that when the persistent value is set, the temporary value
1890 changes to the same value.
1891
1892
1893 dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
1894
1895 Resets one or more properties to their values on the link speci‐
1896 fied. Properties are reset to the values they had at startup. If no
1897 properties are specified, all properties are reset. See show-
1898 linkprop for a description of properties.
1899
1900 -t, --temporary
1901
1902 Specifies that the resets are temporary. Values are reset to
1903 default values. Temporary resets last until the next reboot.
1904
1905
1906 -R root-dir, --root-dir=root-dir
1907
1908 See "Options," above.
1909
1910
1911 -p prop, ..., --prop=prop, ...
1912
1913 A comma-separated list of properties to reset.
1914
1915 Note that when the persistent value is reset, the temporary value
1916 changes to the same value.
1917
1918
1919 dladm show-linkprop [-P] [[-c] -o field[,...]][-p prop[,...]] [link]
1920
1921 Show the current or persistent values of one or more properties,
1922 either for all datalinks or for the specified link. By default,
1923 current values are shown. If no properties are specified, all
1924 available link properties are displayed. For each property, the
1925 following fields are displayed:
1926
1927 -o field[,...], --output=field
1928
1929 A case-insensitive, comma-separated list of output fields to
1930 display. The field name must be one of the fields listed below,
1931 or the special value all to display all fields. For each link,
1932 the following fields can be displayed:
1933
1934 LINK
1935
1936 The name of the datalink.
1937
1938
1939 PROPERTY
1940
1941 The name of the property.
1942
1943
1944 PERM
1945
1946 The read/write permissions of the property. The value shown
1947 is one of ro or rw.
1948
1949
1950 VALUE
1951
1952 The current (or persistent) property value. If the value is
1953 not set, it is shown as --. If it is unknown, the value is
1954 shown as ?. Persistent values that are not set or have been
1955 reset will be shown as -- and will use the system DEFAULT
1956 value (if any).
1957
1958
1959 DEFAULT
1960
1961 The default value of the property. If the property has no
1962 default value, -- is shown.
1963
1964
1965 POSSIBLE
1966
1967 A comma-separated list of the values the property can have.
1968 If the values span a numeric range, min - max might be
1969 shown as shorthand. If the possible values are unknown or
1970 unbounded, -- is shown.
1971
1972 The list of properties depends on the link type and network
1973 device driver, and the available values for a given property
1974 further depends on the underlying network hardware and its
1975 state. General link properties are documented in the LINK PROP‐
1976 ERTIES section. However, link properties that begin with "_"
1977 (underbar) are specific to a given link or its underlying net‐
1978 work device and subject to change or removal. See the appropri‐
1979 ate network device driver man page for details.
1980
1981
1982 -c, --parseable
1983
1984 Display using a stable machine-parseable format. The -o option
1985 is required with this option. See "Parseable Output Format",
1986 below.
1987
1988
1989 -P, --persistent
1990
1991 Display persistent link property information
1992
1993
1994 -p prop, ..., --prop=prop, ...
1995
1996 A comma-separated list of properties to show. See the sections
1997 on link properties following subcommand descriptions.
1998
1999
2000
2001 dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
2002
2003 Create a secure object named secobj in the specified class to be
2004 later used as a WEP or WPA key in connecting to an encrypted net‐
2005 work. The value of the secure object can either be provided inter‐
2006 actively or read from a file. The sequence of interactive prompts
2007 and the file format depends on the class of the secure object.
2008
2009 Currently, the classes wep and wpa are supported. The WEP (Wired
2010 Equivalent Privacy) key can be either 5 or 13 bytes long. It can be
2011 provided either as an ASCII or hexadecimal string -- thus, 12345
2012 and 0x3132333435 are equivalent 5-byte keys (the 0x prefix can be
2013 omitted). A file containing a WEP key must consist of a single line
2014 using either WEP key format. The WPA (Wi-Fi Protected Access) key
2015 must be provided as an ASCII string with a length between 8 and 63
2016 bytes.
2017
2018 This subcommand is only usable by users or roles that belong to the
2019 "Network Link Security" RBAC profile.
2020
2021 -c class, --class=class
2022
2023 class can be wep or wpa. See preceding discussion.
2024
2025
2026 -t, --temporary
2027
2028 Specifies that the creation is temporary. Temporary creation
2029 last until the next reboot.
2030
2031
2032 -R root-dir, --root-dir=root-dir
2033
2034 See "Options," above.
2035
2036
2037 -f file, --file=file
2038
2039 Specifies a file that should be used to obtain the secure
2040 object's value. The format of this file depends on the secure
2041 object class. See the EXAMPLES section for an example of using
2042 this option to set a WEP key.
2043
2044
2045
2046 dladm delete-secobj [-t] [-R root-dir] secobj[,...]
2047
2048 Delete one or more specified secure objects. This subcommand is
2049 only usable by users or roles that belong to the "Network Link
2050 Security" RBAC profile.
2051
2052 -t, --temporary
2053
2054 Specifies that the deletions are temporary. Temporary deletions
2055 last until the next reboot.
2056
2057
2058 -R root-dir, --root-dir=root-dir
2059
2060 See "Options," above.
2061
2062
2063
2064 dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
2065
2066 Show current or persistent secure object information. If one or
2067 more secure objects are specified, then information for each is
2068 displayed. Otherwise, all current or persistent secure objects are
2069 displayed.
2070
2071 By default, current secure objects are displayed, which are all
2072 secure objects that have either been persistently created and not
2073 temporarily deleted, or temporarily created.
2074
2075 For security reasons, it is not possible to show the value of a
2076 secure object.
2077
2078 -o field[,...] , --output=field[,...]
2079
2080 A case-insensitive, comma-separated list of output fields to
2081 display. The field name must be one of the fields listed below.
2082 For displayed secure object, the following fields can be shown:
2083
2084 OBJECT
2085
2086 The name of the secure object.
2087
2088
2089 CLASS
2090
2091 The class of the secure object.
2092
2093
2094
2095 -p, --parseable
2096
2097 Display using a stable machine-parseable format. The -o option
2098 is required with -p. See "Parseable Output Format", below.
2099
2100
2101 -P, --persistent
2102
2103 Display persistent secure object information
2104
2105
2106
2107 dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto | {fac‐
2108 tory [-n slot-identifier]} | {random [-r prefix]}] [-v vlan-id] [-p
2109 prop=value[,...]] vnic-link
2110
2111 Create a VNIC with name vnic-link over the specified link.
2112
2113 -t, --temporary
2114
2115 Specifies that the VNIC is temporary. Temporary VNICs last
2116 until the next reboot.
2117
2118
2119 -R root-dir, --root-dir=root-dir
2120
2121 See "Options," above.
2122
2123
2124 -l link, --link=link
2125
2126 link can be a physical link or an etherstub.
2127
2128
2129 -m value | keyword, --mac-address=value | keyword
2130
2131 Sets the VNIC's MAC address based on the specified value or
2132 keyword. If value is not a keyword, it is interpreted as a uni‐
2133 cast MAC address, which must be valid for the underlying NIC.
2134 The following special keywords can be used:
2135
2136 factory [-n slot-identifier],
2137 factory [--slot=slot-identifier]
2138
2139 Assign a factory MAC address to the VNIC. When a factory
2140 MAC address is requested, -m can be combined with the -n
2141 option to specify a MAC address slot to be used. If -n is
2142 not specified, the system will choose the next available
2143 factory MAC address. The -m option of the show-phys subcom‐
2144 mand can be used to display the list of factory MAC
2145 addresses, their slot identifiers, and their availability.
2146
2147
2148
2149 random [-r prefix],
2150 random [--mac-prefix=prefix]
2151
2152 Assign a random MAC address to the VNIC. A default prefix
2153 consisting of a valid IEEE OUI with the local bit set will
2154 be used. That prefix can be overridden with the -r option.
2155
2156
2157 auto
2158
2159 Try and use a factory MAC address first. If none is avail‐
2160 able, assign a random MAC address. auto is the default
2161 action if the -m option is not specified.
2162
2163
2164 -v vlan-id
2165
2166 Enable VLAN tagging for this VNIC. The VLAN tag will have
2167 id vlan-id.
2168
2169
2170
2171 -p prop=value,..., --prop prop=value,...
2172
2173 A comma-separated list of properties to set to the specified
2174 values.
2175
2176
2177
2178 dladm delete-vnic [-t] [-R root-dir] vnic-link
2179
2180 Deletes the specified VNIC.
2181
2182 -t, --temporary
2183
2184 Specifies that the deletion is temporary. Temporary deletions
2185 last until the next reboot.
2186
2187
2188 -R root-dir, --root-dir=root-dir
2189
2190 See "Options," above.
2191
2192
2193
2194 dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]] [-l link]
2195 [vnic-link]
2196
2197 Show VNIC configuration information (the default) or statistics,
2198 for all VNICs, all VNICs on a link, or only the specified vnic-
2199 link.
2200
2201 -o field[,...] , --output=field[,...]
2202
2203 A case-insensitive, comma-separated list of output fields to
2204 display. The field name must be one of the fields listed below.
2205 The field name must be one of the fields listed below, or the
2206 special value all to display all fields. By default (without
2207 -o), show-vnic displays all fields.
2208
2209 LINK
2210
2211 The name of the VNIC.
2212
2213
2214 OVER
2215
2216 The name of the physical link over which this VNIC is con‐
2217 figured.
2218
2219
2220 SPEED
2221
2222 The maximum speed of the VNIC, in megabits per second.
2223
2224
2225 MACADDRESS
2226
2227 MAC address of the VNIC.
2228
2229
2230 MACADDRTYPE
2231
2232 MAC address type of the VNIC. dladm distinguishes among the
2233 following MAC address types:
2234
2235 random
2236
2237 A random address assigned to the VNIC.
2238
2239
2240 factory
2241
2242 A factory MAC address used by the VNIC.
2243
2244
2245
2246
2247 -p, --parseable
2248
2249 Display using a stable machine-parseable format. The -o option
2250 is required with -p. See "Parseable Output Format", below.
2251
2252
2253 -P, --persistent
2254
2255 Display the persistent VNIC configuration.
2256
2257
2258 -s, --statistics
2259
2260 Displays VNIC statistics.
2261
2262
2263 -i interval, --interval=interval
2264
2265 Used with the -s option to specify an interval, in seconds, at
2266 which statistics should be displayed. If this option is not
2267 specified, statistics will be displayed only once.
2268
2269
2270 -l link, --link=link
2271
2272 Display information for all VNICs on the named link.
2273
2274
2275
2276
2277 dladm create-etherstub [-t] [-R root-dir] etherstub
2278
2279 Create an etherstub with the specified name.
2280
2281 -t, --temporary
2282
2283 Specifies that the etherstub is temporary. Temporary etherstubs
2284 do not persist across reboots.
2285
2286
2287 -R root-dir, --root-dir=root-dir
2288
2289 See "Options," above.
2290
2291 VNICs can be created on top of etherstubs instead of physical NICs.
2292 As with physical NICs, such a creation causes the stack to implic‐
2293 itly create a virtual switch between the VNICs created on top of
2294 the same etherstub.
2295
2296
2297
2298 dladm delete-etherstub [-t] [-R root-dir] etherstub
2299
2300 Delete the specified etherstub.
2301
2302 -t, --temporary
2303
2304 Specifies that the deletion is temporary. Temporary deletions
2305 last until the next reboot.
2306
2307
2308 -R root-dir, --root-dir=root-dir
2309
2310 See "Options," above.
2311
2312
2313
2314 dladm show-etherstub [etherstub]
2315
2316 Show all configured etherstubs by default, or the specified ether‐
2317 stub if etherstub is specified.
2318
2319
2320 dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst]
2321 iptun-link
2322
2323 Create an IP tunnel link named iptun-link. Such links can addition‐
2324 ally be protected with IPsec using ipsecconf(1M).
2325
2326 An IP tunnel is conceptually comprised of two parts: a virtual link
2327 between two or more IP nodes, and an IP interface above this link
2328 that allows the system to transmit and receive IP packets encapsu‐
2329 lated by the underlying link. This subcommand creates a virtual
2330 link. The ifconfig(1M) command is used to configure IP interfaces
2331 above the link.
2332
2333 -t, --temporary
2334
2335 Specifies that the IP tunnel link is temporary. Temporary tun‐
2336 nels last until the next reboot.
2337
2338
2339 -R root-dir, --root-dir=root-dir
2340
2341 See "Options," above.
2342
2343
2344 -T type, --tunnel-type=type
2345
2346 Specifies the type of tunnel to be created. The type must be
2347 one of the following:
2348
2349 ipv4
2350
2351 A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
2352 This type of tunnel requires IPv4 source and destination
2353 addresses to function. IPv4 and IPv6 interfaces can be
2354 plumbed above such a tunnel to create IPv4-over-IPv4 and
2355 IPv6-over-IPv4 tunneling configurations.
2356
2357
2358 ipv6
2359
2360 A point-to-point, IP-over-IP tunnel between two IPv6 nodes
2361 as defined in IETF RFC 2473. This type of tunnel requires
2362 IPv6 source and destination addresses to function. IPv4 and
2363 IPv6 interfaces can be plumbed above such a tunnel to cre‐
2364 ate IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configura‐
2365 tions.
2366
2367
2368 6to4
2369
2370 A 6to4, point-to-multipoint tunnel as defined in IETF RFC
2371 3056. This type of tunnel requires an IPv4 source address
2372 to function. An IPv6 interface is plumbed on such a tunnel
2373 link to configure a 6to4 router.
2374
2375
2376
2377 -s tsrc, --tunnel-src=tsrc
2378
2379 Literal IP address or hostname corresponding to the tunnel
2380 source. If a hostname is specified, it will be resolved to IP
2381 addresses, and one of those IP addresses will be used as the
2382 tunnel source. Because IP tunnels are created before naming
2383 services have been brought online during the boot process, it
2384 is important that any hostname used be included in /etc/hosts.
2385
2386
2387 -d tdst, --tunnel-dst=tdst
2388
2389 Literal IP address or hostname corresponding to the tunnel des‐
2390 tination.
2391
2392
2393
2394 dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link
2395
2396 Modify the parameters of the specified IP tunnel.
2397
2398 -t, --temporary
2399
2400 Specifies that the modification is temporary. Temporary modifi‐
2401 cations last until the next reboot.
2402
2403
2404 -R root-dir, --root-dir=root-dir
2405
2406 See "Options," above.
2407
2408
2409 -s tsrc, --tunnel-src=tsrc
2410
2411 Specifies a new tunnel source address. See create-iptun for a
2412 description.
2413
2414
2415 -d tdst, --tunnel-dst=tdst
2416
2417 Specifies a new tunnel destination address. See create-iptun
2418 for a description.
2419
2420
2421
2422 dladm delete-iptun [-t] [-R root-dir] iptun-link
2423
2424 Delete the specified IP tunnel link.
2425
2426 -t, --temporary
2427
2428 Specifies that the deletion is temporary. Temporary deletions
2429 last until the next reboot.
2430
2431
2432 -R root-dir, --root-dir=root-dir
2433
2434 See "Options," above.
2435
2436
2437
2438 dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
2439
2440 Show IP tunnel link configuration for a single IP tunnel or all IP
2441 tunnels.
2442
2443 -P, --persistent
2444
2445 Display the persistent IP tunnel configuration.
2446
2447
2448 -p, --parseable
2449
2450 Display using a stable machine-parseable format. The -o option
2451 is required with -p. See "Parseable Output Format", below.
2452
2453
2454 -o field[,...], --output=field[,...]
2455
2456 A case-insensitive, comma-separated list of output fields to
2457 display. The field name must be one of the fields listed below,
2458 or the special value all, to display all fields. By default
2459 (without -o), show-iptun displays all fields.
2460
2461 LINK
2462
2463 The name of the IP tunnel link.
2464
2465
2466 TYPE
2467
2468 Type of tunnel as specified by the -T option of create-
2469 iptun.
2470
2471
2472 FLAGS
2473
2474 A set of flags associated with the IP tunnel link. Possible
2475 flags are:
2476
2477 s
2478
2479 The IP tunnel link is protected by IPsec policy. To
2480 display the IPsec policy associated with the tunnel
2481 link, enter:
2482
2483 # ipsecconf -ln -i tunnel-link
2484
2485
2486 See ipsecconf(1M) for more details on how to configure
2487 IPsec policy.
2488
2489
2490 i
2491
2492 The IP tunnel link was implicitly created with ifcon‐
2493 fig(1M), and will be automatically deleted when it is
2494 no longer referenced (that is, when the last IP inter‐
2495 face over the tunnel is unplumbed). See ifconfig(1M)
2496 for details on implicit tunnel creation.
2497
2498
2499
2500 SOURCE
2501
2502 The tunnel source address.
2503
2504
2505 DESTINATION
2506
2507 The tunnel destination address.
2508
2509
2510
2511
2512 dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e
2513 time] [link]
2514
2515 Show the historical network usage from a stored extended accounting
2516 file. Configuration and enabling of network accounting through acc‐
2517 tadm(1M) is required. The default output will be the summary of
2518 network usage for the entire period of time in which extended
2519 accounting was enabled.
2520
2521 -a
2522
2523 Display all historical network usage for the specified period
2524 of time during which extended accounting is enabled. This
2525 includes the usage information for the links that have already
2526 been deleted.
2527
2528
2529 -f filename, --file=filename
2530
2531 Read extended accounting records of network usage from file‐
2532 name.
2533
2534
2535 -F format, --format=format
2536
2537 Specifies the format of plotfile that is specified by the -p
2538 option. As of this release, gnuplot is the only supported for‐
2539 mat.
2540
2541
2542 -p plotfile, --plot=plotfile
2543
2544 Write network usage data to a file of the format specified by
2545 the -F option, which is required.
2546
2547
2548 -s time, --start=time
2549 -e time, --stop=time
2550
2551 Start and stop times for data display. Time is in the format
2552 MM/DD/YYYY,hh:mm:ss.
2553
2554
2555 link
2556
2557 If specified, display the network usage only for the named
2558 link. Otherwise, display network usage for all links.
2559
2560
2561
2562 Parseable Output Format
2563 Many dladm subcommands have an option that displays output in a
2564 machine-parseable format. The output format is one or more lines of
2565 colon (:) delimited fields. The fields displayed are specific to the
2566 subcommand used and are listed under the entry for the -o option for a
2567 given subcommand. Output includes only those fields requested by means
2568 of the -o option, in the order requested.
2569
2570
2571 When you request multiple fields, any literal colon characters are
2572 escaped by a backslash (\) before being output. Similarly, literal
2573 backslash characters will also be escaped (\\). This escape format is
2574 parseable by using shell read(1) functions with the environment vari‐
2575 able IFS=: (see EXAMPLES, below). Note that escaping is not done when
2576 you request only a single field.
2577
2578 General Link Properties
2579 The following general link properties are supported:
2580
2581 autopush
2582
2583 Specifies the set of STREAMS modules to push on the stream associ‐
2584 ated with a link when its DLPI device is opened. It is a space-
2585 delimited list of modules.
2586
2587 The optional special character sequence [anchor] indicates that a
2588 STREAMS anchor should be placed on the stream at the module previ‐
2589 ously specified in the list. It is an error to specify more than
2590 one anchor or to have an anchor first in the list.
2591
2592 The autopush property is preferred over the more general auto‐
2593 push(1M) command.
2594
2595
2596 cpus
2597
2598 Bind the processing of packets for a given data link to a processor
2599 or a set of processors. The value can be a comma-separated list of
2600 one or more processor ids. If the list consists of more than one
2601 processor, the processing will spread out to all the processors.
2602 Connection to processor affinity and packet ordering for any indi‐
2603 vidual connection will be maintained.
2604
2605 The processor or set of processors are not exclusively reserved for
2606 the link. Only the kernel threads and interrupts associated with
2607 processing of the link are bound to the processor or the set of
2608 processors specified. In case it is desired that processors be ded‐
2609 icated to the link, psrset(1M) can be used to create a processor
2610 set and then specifying the processors from the processor set to
2611 bind the link to.
2612
2613 If the link was already bound to processor or set of processors due
2614 to a previous operation, the binding will be removed and the new
2615 set of processors will be used instead.
2616
2617 The default is no CPU binding, which is to say that the processing
2618 of packets is not bound to any specific processor or processor set.
2619
2620
2621 learn_limit
2622
2623 Limits the number of new or changed MAC sources to be learned over
2624 a bridge link. When the number exceeds this value, learning on that
2625 link is temporarily disabled. Only non-VLAN, non-VNIC type links
2626 have this property.
2627
2628 The default value is 1000. Valid values are greater or equal to 0.
2629
2630
2631 learn_decay
2632
2633 Specifies the decay rate for source changes limited by learn_limit.
2634 This number is subtracted from the counter for a bridge link every
2635 5 seconds. Only non-VLAN, non-VNIC type links have this property.
2636
2637 The default value is 200. Valid values are greater or equal to 0.
2638
2639
2640 maxbw
2641
2642 Sets the full duplex bandwidth for the link. The bandwidth is spec‐
2643 ified as an integer with one of the scale suffixes (K, M, or G for
2644 Kbps, Mbps, and Gbps). If no units are specified, the input value
2645 will be read as Mbps. The default is no bandwidth limit.
2646
2647
2648 priority
2649
2650 Sets the relative priority for the link. The value can be given as
2651 one of the tokens high, medium, or low. The default is high.
2652
2653
2654 stp
2655
2656 Enables or disables Spanning Tree Protocol on a bridge link. Set‐
2657 ting this value to 0 disables Spanning Tree, and puts the link into
2658 forwarding mode with BPDU guarding enabled. This mode is appropri‐
2659 ate for point-to-point links connected only to end nodes. Only non-
2660 VLAN, non-VNIC type links have this property. The default value is
2661 1, to enable STP.
2662
2663
2664 forward
2665
2666 Enables or disables forwarding for a VLAN. Setting this value to 0
2667 disables bridge forwarding for a VLAN link. Disabling bridge for‐
2668 warding removes that VLAN from the "allowed set" for the bridge.
2669 The default value is 1, to enable bridge forwarding for configured
2670 VLANs.
2671
2672
2673 default_tag
2674
2675 Sets the default VLAN ID that is assumed for untagged packets sent
2676 to and received from this link. Only non-VLAN, non-VNIC type links
2677 have this property. Setting this value to 0 disables the bridge
2678 forwarding of untagged packets to and from the port. The default
2679 value is VLAN ID 1. Valid values values are from 0 to 4094.
2680
2681
2682 stp_priority
2683
2684 Sets the STP and RSTP Port Priority value, which is used to deter‐
2685 mine the preferred root port on a bridge. Lower numerical values
2686 are higher priority. The default value is 128. Valid values range
2687 from 0 to 255.
2688
2689
2690 stp_cost
2691
2692 Sets the STP and RSTP cost for using the link. The default value is
2693 auto, which sets the cost based on link speed, using 100 for
2694 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
2695 range from 1 to 65535.
2696
2697
2698 stp_edge
2699
2700 Enables or disables bridge edge port detection. If set to 0
2701 (false), the system assumes that the port is connected to other
2702 bridges even if no bridge PDUs of any type are seen. The default
2703 value is 1, which detects edge ports automatically.
2704
2705
2706 stp_p2p
2707
2708 Sets bridge point-to-point operation mode. Possible values are
2709 true, false, and auto. When set to auto, point-to-point connections
2710 are automatically discovered. When set to true, the port mode is
2711 forced to use point-to-point. When set to false, the port mode is
2712 forced to use normal multipoint mode. The default value is auto.
2713
2714
2715 stp_mcheck
2716
2717 Triggers the system to run the RSTP Force BPDU Migration Check pro‐
2718 cedure on this link. The procedure is triggered by setting the
2719 property value to 1. The property is automatically reset back to 0.
2720 This value cannot be set unless the following are true:
2721
2722 o The link is bridged
2723
2724 o The bridge is protected by Spanning Tree
2725
2726 o The bridge force-protocol value is at least 2 (RSTP)
2727 The default value is 0.
2728
2729
2730 zone
2731
2732 Specifies the zone to which the link belongs. This property can be
2733 modified only temporarily through dladm, and thus the -t option
2734 must be specified. To modify the zone assignment such that it per‐
2735 sists across reboots, please use zonecfg(1M). Possible values con‐
2736 sist of any exclusive-IP zone currently running on the system. By
2737 default, the zone binding is as per zonecfg(1M).
2738
2739
2740 Wifi Link Properties
2741 The following WiFi link properties are supported. Note that the ability
2742 to set a given property to a given value depends on the driver and
2743 hardware.
2744
2745 channel
2746
2747 Specifies the channel to use. This property can be modified only by
2748 certain WiFi links when in IBSS mode. The default value and allowed
2749 range of values varies by regulatory domain.
2750
2751
2752 powermode
2753
2754 Specifies the power management mode of the WiFi link. Possible val‐
2755 ues are off (disable power management), max (maximum power sav‐
2756 ings), and fast (performance-sensitive power management). Default
2757 is off.
2758
2759
2760 radio
2761
2762 Specifies the radio mode of the WiFi link. Possible values are on
2763 or off. Default is on.
2764
2765
2766 speed
2767
2768 Specifies a fixed speed for the WiFi link, in megabits per second.
2769 The set of possible values depends on the driver and hardware (but
2770 is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
2771 By default, there is no fixed speed.
2772
2773
2774 Ethernet Link Properties
2775 The following MII Properties, as documented in ieee802.3(5), are sup‐
2776 ported in read-only mode:
2777
2778 o duplex
2779
2780 o state
2781
2782 o adv_autoneg_cap
2783
2784 o adv_10gfdx_cap
2785
2786 o adv_1000fdx_cap
2787
2788 o adv_1000hdx_cap
2789
2790 o adv_100fdx_cap
2791
2792 o adv_100hdx_cap
2793
2794 o adv_10fdx_cap
2795
2796 o adv_10hdx_cap
2797
2798
2799 Each adv_ property (for example, adv_10fdx_cap) also has a read/write
2800 counterpart en_ property (for example, en_10fdx_cap) controlling param‐
2801 eters used at auto-negotiation. In the absence of Power Management, the
2802 adv* speed/duplex parameters provide the values that are both negoti‐
2803 ated and currently effective in hardware. However, with Power Manage‐
2804 ment enabled, the speed/duplex capabilities currently exposed in hard‐
2805 ware might be a subset of the set of bits that were used in initial
2806 link parameter negotiation. Thus the MII adv_* parameters are marked
2807 read-only, with an additional set of en_* parameters for configuring
2808 speed and duplex properties at initial negotiation.
2809
2810
2811 Note that the adv_autoneg_cap does not have an en_autoneg_cap counter‐
2812 part: the adv_autoneg_cap is a 0/1 switch that turns off/on autonegoti‐
2813 ation itself, and therefore cannot be impacted by Power Management.
2814
2815
2816 In addition, the following Ethernet properties are reported:
2817
2818 speed
2819
2820 (read-only) The operating speed of the device, in Mbps.
2821
2822
2823 mtu
2824
2825 The maximum client SDU (Send Data Unit) supported by the device.
2826 Valid range is 68-65536.
2827
2828
2829 flowctrl
2830
2831 Establishes flow-control modes that will be advertised by the
2832 device. Valid input is one of:
2833
2834 no
2835
2836 No flow control enabled.
2837
2838
2839 rx
2840
2841 Receive, and act upon incoming pause frames.
2842
2843
2844 tx
2845
2846 Transmit pause frames to the peer when congestion occurs, but
2847 ignore received pause frames.
2848
2849
2850 bi
2851
2852 Bidirectional flow control.
2853
2854 Note that the actual settings for this value are constrained by the
2855 capabilities allowed by the device and the link partner.
2856
2857
2858 tagmode
2859
2860 This link property controls the conditions in which 802.1Q VLAN
2861 tags will be inserted in packets being transmitted on the link. Two
2862 mode values can be assigned to this property:
2863
2864 normal Insert a VLAN tag in outgoing packets under the follow‐
2865 ing conditions:
2866
2867 o The packet belongs to a VLAN.
2868
2869 o The user requested priority tagging.
2870
2871
2872 vlanonly Insert a VLAN tag only when the outgoing packet belongs
2873 to a VLAN. If a tag is being inserted in this mode and
2874 the user has also requested a non-zero priority, the
2875 priority is honored and included in the VLAN tag.
2876
2877 The default value is vlanonly.
2878
2879
2880 IP Tunnel Link Properties
2881 The following IP tunnel link properties are supported.
2882
2883 hoplimit
2884
2885 Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating
2886 outer IP header of a tunnel link. This property exists for all tun‐
2887 nel types. The default value is 64.
2888
2889
2890 encaplimit
2891
2892 Specifies the IPv6 encapsulation limit for an IPv6 tunnel as
2893 defined in RFC 2473. This value is the tunnel nesting limit for a
2894 given tunneled packet. The default value is 4. A value of 0 dis‐
2895 ables the encapsulation limit.
2896
2897
2899 Example 1 Configuring an Aggregation
2900
2901
2902 To configure a data-link over an aggregation of devices bge0 and bge1
2903 with key 1, enter the following command:
2904
2905
2906 # dladm create-aggr -d bge0 -d bge1 1
2907
2908
2909
2910 Example 2 Connecting to a WiFi Link
2911
2912
2913 To connect to the most optimal available unsecured network on a system
2914 with a single WiFi link (as per the prioritization rules specified for
2915 connect-wifi), enter the following command:
2916
2917
2918 # dladm connect-wifi
2919
2920
2921
2922 Example 3 Creating a WiFi Key
2923
2924
2925 To interactively create the WEP key mykey, enter the following command:
2926
2927
2928 # dladm create-secobj -c wep mykey
2929
2930
2931
2932
2933 Alternatively, to non-interactively create the WEP key mykey using the
2934 contents of a file:
2935
2936
2937 # umask 077
2938 # cat >/tmp/mykey.$$ <<EOF
2939 12345
2940 EOF
2941 # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
2942 # rm /tmp/mykey.$$
2943
2944
2945
2946 Example 4 Connecting to a Specified Encrypted WiFi Link
2947
2948
2949 To use key mykey to connect to ESSID wlan on link ath0, enter the fol‐
2950 lowing command:
2951
2952
2953 # dladm connect-wifi -k mykey -e wlan ath0
2954
2955
2956
2957 Example 5 Changing a Link Property
2958
2959
2960 To set powermode to the value fast on link pcwl0, enter the following
2961 command:
2962
2963
2964 # dladm set-linkprop -p powermode=fast pcwl0
2965
2966
2967
2968 Example 6 Connecting to a WPA-Protected WiFi Link
2969
2970
2971 Create a WPA key psk and enter the following command:
2972
2973
2974 # dladm create-secobj -c wpa psk
2975
2976
2977
2978
2979 To then use key psk to connect to ESSID wlan on link ath0, enter the
2980 following command:
2981
2982
2983 # dladm connect-wifi -k psk -e wlan ath0
2984
2985
2986
2987 Example 7 Renaming a Link
2988
2989
2990 To rename the bge0 link to mgmt0, enter the following command:
2991
2992
2993 # dladm rename-link bge0 mgmt0
2994
2995
2996
2997 Example 8 Replacing a Network Card
2998
2999
3000 Consider that the bge0 device, whose link was named mgmt0 as shown in
3001 the previous example, needs to be replaced with a ce0 device because of
3002 a hardware failure. The bge0 NIC is physically removed, and replaced
3003 with a new ce0 NIC. To associate the newly added ce0 device with the
3004 mgmt0 configuration previously associated with bge0, enter the follow‐
3005 ing command:
3006
3007
3008 # dladm rename-link ce0 mgmt0
3009
3010
3011
3012 Example 9 Removing a Network Card
3013
3014
3015 Suppose that in the previous example, the intent is not to replace the
3016 bge0 NIC with another NIC, but rather to remove and not replace the
3017 hardware. In that case, the mgmt0 datalink configuration is not slated
3018 to be associated with a different physical device as shown in the pre‐
3019 vious example, but needs to be deleted. Enter the following command to
3020 delete the datalink configuration associated with the mgmt0 datalink,
3021 whose physical hardware (bge0 in this case) has been removed:
3022
3023
3024 # dladm delete-phys mgmt0
3025
3026
3027
3028 Example 10 Using Parseable Output to Capture a Single Field
3029
3030
3031 The following assignment saves the MTU of link net0 to a variable named
3032 mtu.
3033
3034
3035 # mtu=`dladm show-link -p -o mtu net0`
3036
3037
3038
3039 Example 11 Using Parseable Output to Iterate over Links
3040
3041
3042 The following script displays the state of each link on the system.
3043
3044
3045 # dladm show-link -p -o link,state | while IFS=: read link state; do
3046 print "Link $link is in state $state"
3047 done
3048
3049
3050
3051 Example 12 Configuring VNICs
3052
3053
3054 Create two VNICs with names hello0 and test1 over a single physical
3055 link bge0:
3056
3057
3058 # dladm create-vnic -l bge0 hello0
3059 # dladm create-vnic -l bge0 test1
3060
3061
3062
3063 Example 13 Configuring VNICs and Allocating Bandwidth and Priority
3064
3065
3066 Create two VNICs with names hello0 and test1 over a single physical
3067 link bge0 and make hello0 a high priority VNIC with a factory-assigned
3068 MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low pri‐
3069 ority VNIC with a random MAC address and a maximum bandwidth of
3070 100Mbps.
3071
3072
3073 # dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0
3074 # dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1
3075
3076
3077
3078 Example 14 Configuring a VNIC with a Factory MAC Address
3079
3080
3081 First, list the available factory MAC addresses and choose one of them:
3082
3083
3084 # dladm show-phys -m bge0
3085 LINK SLOT ADDRESS INUSE CLIENT
3086 bge0 primary 0:e0:81:27:d4:47 yes bge0
3087 bge0 1 8:0:20:fe:4e:a5 no
3088 bge0 2 8:0:20:fe:4e:a6 no
3089 bge0 3 8:0:20:fe:4e:a7 no
3090
3091
3092
3093
3094 Create a VNIC named hello0 and use slot 1's address:
3095
3096
3097 # dladm create-vnic -l bge0 -m factory -n 1 hello0
3098 # dladm show-phys -m bge0
3099 LINK SLOT ADDRESS INUSE CLIENT
3100 bge0 primary 0:e0:81:27:d4:47 yes bge0
3101 bge0 1 8:0:20:fe:4e:a5 yes hello0
3102 bge0 2 8:0:20:fe:4e:a6 no
3103 bge0 3 8:0:20:fe:4e:a7 no
3104
3105
3106
3107 Example 15 Creating a VNIC with User-Specified MAC Address, Binding it
3108 to Set of Processors
3109
3110
3111 Create a VNIC with name hello0, with a user specified MAC address, and
3112 a processor binding 0, 1, 2, 3.
3113
3114
3115 # dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,1,2,3 hello0
3116
3117
3118
3119 Example 16 Creating a Virtual Network Without a Physical NIC
3120
3121
3122 First, create an etherstub with name stub1:
3123
3124
3125 # dladm create-etherstub stub1
3126
3127
3128
3129
3130 Create two VNICs with names hello0 and test1 on the etherstub. This
3131 operation implicitly creates a virtual switch connecting hello0 and
3132 test1.
3133
3134
3135 # dladm create-vnic -l stub1 hello0
3136 # dladm create-vnic -l stub1 test1
3137
3138
3139
3140 Example 17 Showing Network Usage
3141
3142
3143 Network usage statistics can be stored using the extended accounting
3144 facility, acctadm(1M).
3145
3146
3147 # acctadm -e basic -f /var/log/net.log net
3148 # acctadm net
3149 Network accounting: active
3150 Network accounting file: /var/log/net.log
3151 Tracked Network resources: basic
3152 Untracked Network resources: src_ip,dst_ip,src_port,dst_port,protocol,
3153 dsfield
3154
3155
3156
3157
3158 The saved historical data can be retrieved in summary form using the
3159 show-usage subcommand:
3160
3161
3162 # dladm show-usage -f /var/log/net.log
3163 LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
3164 e1000g0 80 1031 546908 0 0 2.44 Kbps
3165
3166
3167
3168 Example 18 Displaying Bridge Information
3169
3170
3171 The following commands use the show-bridge subcommand with no and vari‐
3172 ous options.
3173
3174
3175 # dladm show-bridge
3176 BRIDGE PROTECT ADDRESS PRIORITY DESROOT
3177 foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
3178 bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
3179
3180 # dladm show-bridge -l foo
3181 LINK STATE UPTIME DESROOT
3182 hme0 forwarding 117 8192/0:d0:0:76:14:38
3183 qfe1 forwarding 117 8192/0:d0:0:76:14:38
3184
3185 # dladm show-bridge -s foo
3186 BRIDGE DROPS FORWARDS
3187 foo 0 302
3188
3189 # dladm show-bridge -ls foo
3190 LINK DROPS RECV XMIT
3191 hme0 0 360832 31797
3192 qfe1 0 322311 356852
3193
3194 # dladm show-bridge -f foo
3195 DEST AGE FLAGS OUTPUT
3196 8:0:20:bc:a7:dc 10.860 -- hme0
3197 8:0:20:bf:f9:69 -- L hme0
3198 8:0:20:c0:20:26 17.420 -- hme0
3199 8:0:20:e5:86:11 -- L qfe1
3200
3201
3202
3203 Example 19 Creating an IPv4 Tunnel
3204
3205
3206 The following sequence of commands creates and then displays a persis‐
3207 tent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:
3208
3209
3210 # dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
3211 # dladm show-iptun mytunnel0
3212 LINK TYPE FLAGS SOURCE DESTINATION
3213 mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
3214
3215
3216
3217
3218 A point-to-point IP interface can then be created over this tunnel
3219 link:
3220
3221
3222 # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
3223
3224
3225
3226
3227 As with any other IP interface, configuration persistence for this IP
3228 interface is achieved by placing the desired ifconfig commands (in this
3229 case, the command for "10.1.0.1 10.1.0.2") into /etc/hostname.mytun‐
3230 nel0.
3231
3232
3233 Example 20 Creating a 6to4 Tunnel
3234
3235
3236 The following command creates a 6to4 tunnel link. The IPv4 address of
3237 the 6to4 router is 75.10.11.12.
3238
3239
3240 # dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
3241 # dladm show-iptun sitetunnel0
3242 LINK TYPE FLAGS SOURCE DESTINATION
3243 sitetunnel0 6to4 -- 75.10.11.12 --
3244
3245
3246
3247
3248 The following command plumbs an IPv6 interface on this tunnel:
3249
3250
3251 # ifconfig sitetunnel0 inet6 plumb up
3252 # ifconfig sitetunnel0 inet6
3253 sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
3254 inet tunnel src 75.10.11.12
3255 tunnel hop limit 64
3256 inet6 2002:4b0a:b0c::1/16
3257
3258
3259
3260
3261 Note that the system automatically configures the IPv6 address on the
3262 6to4 IP interface. See ifconfig(1M) for a description of how IPv6
3263 addresses are configured on 6to4 tunnel links.
3264
3265
3267 See attributes(5) for descriptions of the following attributes:
3268
3269
3270 /usr/sbin
3271
3272
3273
3274
3275 ┌─────────────────────────────┬─────────────────────────────┐
3276 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
3277 ├─────────────────────────────┼─────────────────────────────┤
3278 │Availability │SUNWcsu │
3279 ├─────────────────────────────┼─────────────────────────────┤
3280 │Interface Stability │Committed │
3281 └─────────────────────────────┴─────────────────────────────┘
3282
3283
3284 /sbin
3285
3286
3287
3288
3289 ┌─────────────────────────────┬─────────────────────────────┐
3290 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
3291 ├─────────────────────────────┼─────────────────────────────┤
3292 │Availability │SUNWcsr │
3293 ├─────────────────────────────┼─────────────────────────────┤
3294 │Interface Stability │Committed │
3295 └─────────────────────────────┴─────────────────────────────┘
3296
3298 acctadm(1M), autopush(1M), ifconfig(1M), ipsecconf(1M), ndd(1M),
3299 psrset(1M), wpad(1M), zonecfg(1M), attributes(5), ieee802.3(5),
3300 dlpi(7P)
3301
3303 The preferred method of referring to an aggregation in the aggregation
3304 subcommands is by its link name. Referring to an aggregation by its
3305 integer key is supported for backward compatibility, but is not neces‐
3306 sary. When creating an aggregation, if a key is specified instead of a
3307 link name, the aggregation's link name will be automatically generated
3308 by dladm as aggrkey.
3309
3310
3311
3312SunOS 5.11 23 Sep 2009 dladm(1M)