Clearview IPMP manpages
1 2 3 4 System Administration Commands ifconfig(1M) 5 6 7 8 NAME 9 ifconfig - configure network interface parameters 10 11 SYNOPSIS 12 ifconfig interface [address_family] [address [/prefix_length] 13 [dest_address]] [addif address [/prefix_length]] 14 [removeif address [/prefix_length]] [arp | -arp] 15 [auth_algs authentication algorithm] [encr_algs encryption algorithm] 16 [encr_auth_algs authentication algorithm] [auto-revarp] 17 [broadcast address] [deprecated | -deprecated] 18 [preferred | -preferred] [destination dest_address] 19 [ether [address]] [failover | -failover] [group 20 [name | ""]] [index if_index] [metric n] [modlist] 21 [modinsert mod_name@pos] [modremove mod_name@pos] 22 [mtu n] [netmask mask] [plumb] [unplumb] [private 23 | -private] [nud | -nud] [set [address] [/netmask]] 24 [standby | -standby] [subnet subnet_address] [tdst 25 tunnel_dest_address] [token address/prefix_length] 26 [tsrc tunnel_src_address] [trailers | -trailers] 27 [up] [down] [usesrc [name | none]] [xmit | -xmit] 28 [encaplimit n | -encaplimit] [thoplimit n] [router 29 | -router] [zone zonename | -zone | -all-zones] 30 31 32 ifconfig [address_family] interface {auto-dhcp | dhcp} [primary] 33 [wait seconds] drop | extend | inform | ping 34 | release | start | status 35 36 37 DESCRIPTION 38 The command ifconfig is used to assign an address to a net- 39 work interface and to configure network interface parame- 40 ters. The ifconfig command must be used at boot time to 41 define the network address of each interface present on a 42 machine; it may also be used at a later time to redefine an 43 interface's address or other operating parameters. If no 44 option is specified, ifconfig displays the current confi- 45 guration for a network interface. If an address family is 46 specified, ifconfig reports only the details specific to 47 that address family. Only privileged users may modify the 48 configuration of a network interface. Options appearing 49 within braces ({}) indicate that one of the options must be 50 specified. 51 52 DHCP Configuration 53 The forms of ifconfig that use the auto-dhcp or dhcp argu- 54 ments are used to control the Dynamic Host Configuration 55 Protocol ("DHCP") configuration of the interface. In this 56 mode, ifconfig is used to control operation of 57 dhcpagent(1M), the DHCP client daemon. Once an interface is 58 placed under DHCP control by using the start operand, ifcon- 59 fig should not, in normal operation, be used to modify the 60 61 62 63 SunOS 5.11 Last change: 21 Jan 2007 1 64 65 66 67 68 69 70 System Administration Commands ifconfig(1M) 71 72 73 74 address or characteristics of the interface. If the address 75 of an interface under DHCP is changed, dhcpagent will remove 76 the interface from its control. 77 78 OPTIONS 79 The following options are supported: 80 81 addif address 82 83 Create the next unused logical interface on the speci- 84 fied physical interface. If the physical interface is 85 part of a multipathing group, the logical interface can 86 be added to a different physical interface in the same 87 group. 88 89 90 all-zones 91 92 Make the interface available to every shared-IP zone on 93 the system. The appropriate zone to which to deliver 94 data is determined using the tnzonecfg database. This 95 option is available only if the system is configured 96 with the Solaris Trusted Extensions feature. 97 98 The tnzonecfg database is described in the tnzonecfg(4) 99 man page, which is part of the Solaris Trusted Exten- 100 sions Reference Manual. 101 102 103 anycast 104 105 Marks the logical interface as an anycast address by 106 setting the ANYCAST flag. See "INTERFACE FLAGS," below, 107 for more information on anycast. 108 109 110 -anycast 111 112 Marks the logical interface as not an anycast address by 113 clearing the ANYCAST flag. 114 115 116 arp 117 118 Enable the use of the Address Resolution Protocol 119 ("ARP") in mapping between network level addresses and 120 link level addresses (default). This is currently imple- 121 mented for mapping between IPv4 addresses and MAC 122 addresses. 123 124 125 126 127 128 129 SunOS 5.11 Last change: 21 Jan 2007 2 130 131 132 133 134 135 136 System Administration Commands ifconfig(1M) 137 138 139 140 -arp 141 142 Disable the use of the ARP on a physical interface. 143 144 145 auth_algs authentication algorithm 146 147 For a tunnel, enable IPsec AH with the authentication 148 algorithm specified. The algorithm can be either a 149 number or an algorithm name, including any to express no 150 preference in algorithm. All IPsec tunnel properties 151 must be specified on the same command line. To disable 152 tunnel security, specify an auth_alg of none. 153 154 It is now preferable to use the ipsecconf(1M) command 155 when configuring a tunnel's security properties. If 156 ipsecconf was used to set a tunnel's security proper- 157 ties, this keyword will not affect the tunnel. 158 159 160 auto-dhcp 161 162 Use DHCP to automatically acquire an address for this 163 interface. This option has a completely equivalent alias 164 called dhcp. 165 166 For IPv6, the interface specified must be the zeroth 167 logical interface (the physical interface name), which 168 has the link-local address. 169 170 primary 171 172 Defines the interface as the primary. The interface 173 is defined as the preferred one for the delivery of 174 client-wide configuration data. Only one interface 175 can be the primary at any given time. If another 176 interface is subsequently selected as the primary, 177 it replaces the previous one. Nominating an inter- 178 face as the primary one will not have much signifi- 179 cance once the client work station has booted, as 180 many applications will already have started and been 181 configured with data read from the previous primary 182 interface. 183 184 185 wait seconds 186 187 The ifconfig command will wait until the operation 188 either completes or for the interval specified, 189 whichever is the sooner. If no wait interval is 190 given, and the operation is one that cannot complete 191 immediately, ifconfig will wait 30 seconds for the 192 193 194 195 SunOS 5.11 Last change: 21 Jan 2007 3 196 197 198 199 200 201 202 System Administration Commands ifconfig(1M) 203 204 205 206 requested operation to complete. The symbolic value 207 forever may be used as well, with obvious meaning. 208 209 210 drop 211 212 Remove the specified interface from DHCP control 213 without notifying the DHCP server, and record the 214 current lease for later use. Additionally, for IPv4, 215 set the IP address to zero and mark the interface as 216 "down." For IPv6, unplumb all logical interfaces 217 plumbed by dhcpagent. 218 219 220 extend 221 222 Attempt to extend the lease on the interface's IP 223 address. This is not required, as the agent will 224 automatically extend the lease well before it 225 expires. 226 227 228 inform 229 230 Obtain network configuration parameters from DHCP 231 without obtaining a lease on IP addresses. This is 232 useful in situations where an IP address is obtained 233 through mechanisms other than DHCP. 234 235 236 ping 237 238 Check whether the interface given is under DHCP con- 239 trol, which means that the interface is managed by 240 the DHCP agent and is working properly. An exit 241 status of 0 means success. 242 243 244 release 245 246 Relinquish the IP addresses on the interface by 247 notifying the server and discard the current lease. 248 For IPv4, mark the interface as "down." For IPv6, 249 all logical interfaces plumbed by dhcpagent are 250 unplumbed. 251 252 253 start 254 255 Start DHCP on the interface. 256 257 258 259 260 261 SunOS 5.11 Last change: 21 Jan 2007 4 262 263 264 265 266 267 268 System Administration Commands ifconfig(1M) 269 270 271 272 status 273 274 Display the DHCP configuration status of the inter- 275 face. 276 277 278 279 auto-revarp 280 281 Use the Reverse Address Resolution Protocol (RARP) to 282 automatically acquire an address for this interface. 283 This will fail if the interface does not support RARP; 284 for example, IPoIB (IP over InfiniBand), and on IPv6 285 interfaces. 286 287 288 broadcast address 289 290 For IPv4 only. Specify the address to use to represent 291 broadcasts to the network. The default broadcast address 292 is the address with a host part of all 1's. A "+" (plus 293 sign) given for the broadcast value causes the broadcast 294 address to be reset to a default appropriate for the 295 (possibly new) address and netmask. The arguments of 296 ifconfig are interpreted left to right. Therefore 297 298 example% ifconfig -a netmask + broadcast + 299 300 301 and 302 303 example% ifconfig -a broadcast + netmask + 304 305 306 may result in different values being assigned for the 307 broadcast addresses of the interfaces. 308 309 310 deprecated 311 312 Marks the logical interface as deprecated. An address 313 associated with a deprecated interface will not be used 314 as source address for outbound packets unless either 315 there are no other addresses available on the interface 316 or the application has bound to this address explicitly. 317 The status display shows DEPRECATED as part of flags. 318 See for information on the flags supported by ifconfig. 319 320 321 -deprecated 322 323 Marks a logical interface as not deprecated. An address 324 325 326 327 SunOS 5.11 Last change: 21 Jan 2007 5 328 329 330 331 332 333 334 System Administration Commands ifconfig(1M) 335 336 337 338 associated with such an interface could be used as a 339 source address for outbound packets. 340 341 342 preferred 343 344 Marks the logical interface as preferred. This option is 345 only valid for IPv6 addresses. Addresses assigned to 346 preferred logical interfaces are preferred as source 347 addresses over all other addresses configured on the 348 system, unless the address is of an inappropriate scope 349 relative to the destination address. Preferred addresses 350 are used as source addresses regardless of which physi- 351 cal interface they are assigned to. For example, you can 352 configure a preferred source address on the loopback 353 interface and advertise reachability of this address by 354 using a routing protocol. 355 356 357 -preferred 358 359 Marks the logical interface as not preferred. 360 361 362 destination dest_address 363 364 Set the destination address for a point-to point inter- 365 face. 366 367 368 dhcp 369 370 This option is an alias for option auto-dhcp 371 372 373 down 374 375 Mark a logical interface as "down". (That is, turn off 376 the IFF_UP bit.) When a logical interface is marked 377 "down," the system does not attempt to use the address 378 assigned to that interface as a source address for out- 379 bound packets and will not recognize inbound packets 380 destined to that address as being addressed to this 381 host. Additionally, when all logical interfaces on a 382 given physical interface are "down," the physical inter- 383 face itself is disabled. 384 385 When a logical interface is down, all routes that 386 specify that interface as the output (using the -ifp 387 option in the route(1M) command or RTA_IFP in a 388 route(7P) socket) are removed from the forwarding table. 389 Routes marked with RTF_STATIC are returned to the table 390 391 392 393 SunOS 5.11 Last change: 21 Jan 2007 6 394 395 396 397 398 399 400 System Administration Commands ifconfig(1M) 401 402 403 404 if the interface is brought back up, while routes not 405 marked with RTF_STATIC are simply deleted. 406 407 When all logical interfaces that could possibly be used 408 to reach a particular gateway address are brought down 409 (specified without the interface option as in the previ- 410 ous paragraph), the affected gateway routes are treated 411 as though they had the RTF_BLACKHOLE flag set. All 412 matching packets are discarded because the gateway is 413 unreachable. 414 415 416 encaplimit n 417 418 Set the tunnel encapsulation limit for the interface to 419 n. This option applies to IPv4-in-IPv6 and IPv6-in-IPv6 420 tunnels only. The tunnel encapsulation limit controls 421 how many more tunnels a packet may enter before it 422 leaves any tunnels, that is, the tunnel nesting level. 423 424 425 -encaplimit 426 427 Disable generation of the tunnel encapsulation limit. 428 This option applies only to IPv4-in-IPv6 and IPv6-in- 429 IPv6 tunnels. 430 431 432 encr_auth_algs authentication algorithm 433 434 For a tunnel, enable IPsec ESP with the authentication 435 algorithm specified. It can be either a number or an 436 algorithm name, including any or none, to indicate no 437 algorithm preference. If an ESP encryption algorithm is 438 specified but the authentication algorithm is not, the 439 default value for the ESP authentication algorithm will 440 be any. 441 442 It is now preferable to use the ipsecconf(1M) command 443 when configuring a tunnel's security properties. If 444 ipsecconf was used to set a tunnel's security proper- 445 ties, this keyword will not affect the tunnel. 446 447 448 encr_algs encryption algorithm 449 450 For a tunnel, enable IPsec ESP with the encryption algo- 451 rithm specified. It can be either a number or an algo- 452 rithm name. Note that all IPsec tunnel properties must 453 be specified on the same command line. To disable tunnel 454 security, specify the value of encr_alg as none. If an 455 ESP authentication algorithm is specified, but the 456 457 458 459 SunOS 5.11 Last change: 21 Jan 2007 7 460 461 462 463 464 465 466 System Administration Commands ifconfig(1M) 467 468 469 470 encryption algorithm is not, the default value for the 471 ESP encryption will be null. 472 473 It is now preferable to use the ipsecconf(1M) command 474 when configuring a tunnel's security properties. If 475 ipsecconf was used to set a tunnel's security proper- 476 ties, this keyword will not affect the tunnel. 477 478 479 ether [ address ] 480 481 If no address is given and the user is root or has suf- 482 ficient privileges to open the underlying device, then 483 display the current Ethernet address information. 484 485 Otherwise, if the user is root or has sufficient 486 privileges, set the Ethernet address of the interfaces 487 to address. The address is an Ethernet address 488 represented as x:x:x:x:x:x where x is a hexadecimal 489 number between 0 and FF. Similarly, for the IPoIB (IP 490 over InfiniBand) interfaces, the address will be 20 491 bytes of colon-separated hex numbers between 0 and FF. 492 493 Some, though not all, Ethernet interface cards have 494 their own addresses. To use cards that do not have their 495 own addresses, refer to section 3.2.3(4) of the IEEE 496 802.3 specification for a definition of the locally 497 administered address space. The use of multipathing 498 groups should be restricted to those cards with their 499 own addresses (see MULTIPATHING GROUPS). 500 501 502 -failover 503 504 Mark the logical interface as a non-failover interface. 505 Addresses assigned to non-failover logical interfaces 506 will not failover when the interface fails. Status 507 display shows NOFAILOVER as part of flags. 508 509 510 failover 511 512 Mark the logical interface as a failover interface. An 513 address assigned to such an interface will failover when 514 the interface fails. Status display does not show 515 NOFAILOVER as part of flags. 516 517 518 group [ name |""] 519 520 Insert the logical interface in the multipathing group 521 specified by name. To delete an interface from a group, 522 523 524 525 SunOS 5.11 Last change: 21 Jan 2007 8 526 527 528 529 530 531 532 System Administration Commands ifconfig(1M) 533 534 535 536 use a null string "". When invoked on the logical inter- 537 face with id zero, the status display shows the group 538 name. 539 540 541 index n 542 543 Change the interface index for the interface. The value 544 of n must be an interface index (if_index) that is not 545 used on another interface. if_index will be a non-zero 546 positive number that uniquely identifies the network 547 interface on the system. 548 549 550 metric n 551 552 Set the routing metric of the interface to n; if no 553 value is specified, the default is 0. The routing metric 554 is used by the routing protocol. Higher metrics have the 555 effect of making a route less favorable. Metrics are 556 counted as addition hops to the destination network or 557 host. 558 559 560 modinsert mod_name@pos 561 562 Insert a module with name mod_name to the stream of the 563 device at position pos. The position is relative to the 564 stream head. Position 0 means directly under stream 565 head. 566 567 Based upon the example in the modlist option, use the 568 following command to insert a module with name ipqos 569 under the ip module and above the firewall module: 570 571 example% ifconfig eri0 modinsert ipqos@2 572 573 574 A subsequent listing of all the modules in the stream of 575 the device follows: 576 577 example% ifconfig eri0 modlist 578 0 arp 579 1 ip 580 2 ipqos 581 3 firewall 582 4 eri 583 584 585 586 587 588 589 590 591 SunOS 5.11 Last change: 21 Jan 2007 9 592 593 594 595 596 597 598 System Administration Commands ifconfig(1M) 599 600 601 602 modlist 603 604 List all the modules in the stream of the device. 605 606 The following example lists all the modules in the 607 stream of the device: 608 609 example% ifconfig eri0 modlist 610 0 arp 611 1 ip 612 2 firewall 613 4 eri 614 615 616 617 618 modremove mod_name@pos 619 620 Remove a module with name mod_name from the stream of 621 the device at position pos. The position is relative to 622 the stream head. 623 624 Based upon the example in the modinsert option, use the 625 following command to remove the firewall module from the 626 stream after inserting the ipqos module: 627 628 example% ifconfig eri0 modremove firewall@3 629 630 631 A subsequent listing of all the modules in the stream of 632 the device follows: 633 634 example% ifconfig eri0 modlist 635 0 arp 636 1 ip 637 2 ipqos 638 3 eri 639 640 641 Note that the core IP stack modules, for example, ip and 642 tun modules, cannot be removed. 643 644 645 mtu n 646 647 Set the maximum transmission unit of the interface to n. 648 For many types of networks, the mtu has an upper limit, 649 for example, 1500 for Ethernet. This option sets the 650 FIXEDMTU flag on the affected interface. 651 652 653 654 655 656 657 SunOS 5.11 Last change: 21 Jan 2007 10 658 659 660 661 662 663 664 System Administration Commands ifconfig(1M) 665 666 667 668 netmask mask 669 670 For IPv4 only. Specify how much of the address to 671 reserve for subdividing networks into subnetworks. The 672 mask includes the network part of the local address and 673 the subnet part, which is taken from the host field of 674 the address. The mask contains 1's for the bit positions 675 in the 32-bit address which are to be used for the net- 676 work and subnet parts, and 0's for the host part. The 677 mask should contain at least the standard network por- 678 tion, and the subnet field should be contiguous with the 679 network portion. The mask can be specified in one of 680 four ways: 681 682 1. with a single hexadecimal number with a leading 683 0x, 684 685 2. with a dot-notation address, 686 687 3. with a "+" (plus sign) address, or 688 689 4. with a pseudo host name/pseudo network name 690 found in the network database networks(4). 691 If a "+" (plus sign) is given for the netmask value, the 692 mask is looked up in the netmasks(4) database. This 693 lookup finds the longest matching netmask in the data- 694 base by starting with the interface's IPv4 address as 695 the key and iteratively masking off more and more low 696 order bits of the address. This iterative lookup ensures 697 that the netmasks(4) database can be used to specify the 698 netmasks when variable length subnetmasks are used 699 within a network number. 700 701 If a pseudo host name/pseudo network name is supplied as 702 the netmask value, netmask data may be located in the 703 hosts or networks database. Names are looked up by first 704 using gethostbyname(3NSL). If not found there, the names 705 are looked up in getnetbyname(3SOCKET). These interfaces 706 may in turn use nsswitch.conf(4) to determine what data 707 store(s) to use to fetch the actual value. 708 709 For both inet and inet6, the same information conveyed 710 by mask can be specified as a prefix_length attached to 711 the address parameter. 712 713 714 nud 715 716 Enables the neighbor unreachability detection mechanism 717 on a point-to-point physical interface. 718 719 720 721 722 723 SunOS 5.11 Last change: 21 Jan 2007 11 724 725 726 727 728 729 730 System Administration Commands ifconfig(1M) 731 732 733 734 -nud 735 736 Disables the neighbor unreachability detection mechanism 737 on a point-to-point physical interface. 738 739 740 plumb 741 742 Open the device associated with the physical interface 743 name and set up the streams needed for IP to use the 744 device. When used with a logical interface name, this 745 command is used to create a specific named logical 746 interface. An interface must be separately plumbed for 747 use by IPv4 and IPv6. The address_family parameter con- 748 trols whether the ifconfig command applies to IPv4 or 749 IPv6. 750 751 Before an interface has been plumbed, the interface will 752 not show up in the output of the ifconfig -a command. 753 754 755 private 756 757 Tells the in.routed routing daemon that a specified log- 758 ical interface should not be advertised. 759 760 761 -private 762 763 Specify unadvertised interfaces. 764 765 766 removeif address 767 768 Remove the logical interface on the physical interface 769 specified that matches the address specified. When the 770 interface is part of a multipathing group, the logical 771 interface will be removed from the physical interface in 772 the group that holds the address. 773 774 775 router 776 777 Enable IP forwarding on the interface. When enabled, the 778 interface is marked ROUTER, and IP packets can be for- 779 warded to and from the interface. 780 781 782 -router 783 784 Disable IP forwarding on the interface. IP packets are 785 not forwarded to and from the interface. 786 787 788 789 SunOS 5.11 Last change: 21 Jan 2007 12 790 791 792 793 794 795 796 System Administration Commands ifconfig(1M) 797 798 799 800 set 801 802 Set the address, prefix_length or both, for a logical 803 interface. 804 805 806 standby 807 808 Marks the physical interface as a standby interface. If 809 the interface is marked STANDBY and is part of the mul- 810 tipathing group, the interface will not be selected to 811 send out packets unless some other interface in the 812 group has failed and the network access has been failed 813 over to this standby interface. 814 815 The status display shows "STANDBY, INACTIVE" indicating 816 that that the interface is a standby and is also inac- 817 tive. IFF_INACTIVE will be cleared when some other 818 interface belonging to the same multipathing group fails 819 over to this interface. Once a failback happens, the 820 status display will return to INACTIVE. 821 822 823 -standby 824 825 Turns off standby on this interface. 826 827 828 subnet 829 830 Set the subnet address for an interface. 831 832 833 tdst tunnel_dest_address 834 835 Set the destination address of a tunnel. The address 836 should not be the same as the dest_address of the tun- 837 nel, because no packets leave the system over such a 838 tunnel. 839 840 841 thoplimit n 842 843 Set the hop limit for a tunnel interface. The hop limit 844 value is used as the TTL in the IPv4 header for the 845 IPv6-in-IPv4 and IPv4-in-IPv4 tunnels. For IPv6-in-IPv6 846 and IPv4-in-IPv6 tunnels, the hop limit value is used as 847 the hop limit in the IPv6 header. 848 849 850 token address/prefix_length 851 852 853 854 855 SunOS 5.11 Last change: 21 Jan 2007 13 856 857 858 859 860 861 862 System Administration Commands ifconfig(1M) 863 864 865 866 Set the IPv6 token of an interface to be used for 867 address autoconfiguration. 868 869 example% ifconfig eri0 inet6 token ::1/64 870 871 872 873 874 trailers 875 876 This flag previously caused a nonstandard encapsulation 877 of IPv4 packets on certain link levels. Drivers supplied 878 with this release no longer use this flag. It is pro- 879 vided for compatibility, but is ignored. 880 881 882 -trailers 883 884 Disable the use of a "trailer" link level encapsulation. 885 886 887 tsrc tunnel_src_address 888 889 Set the source address of a tunnel. This is the source 890 address on an outer encapsulating IP header. It must be 891 an address of another interface already configured using 892 ifconfig. 893 894 895 unplumb 896 897 Close the device associated with this physical interface 898 name and any streams that ifconfig set up for IP to use 899 the device. When used with a logical interface name, the 900 logical interface is removed from the system. After this 901 command is executed, the device name will no longer 902 appear in the output of ifconfig -a. 903 904 905 up 906 907 Mark a logical interface "up". This happens automati- 908 cally when assigning the first address to a logical 909 interface. The up option enables an interface after an 910 ifconfig down, which reinitializes the hardware. 911 912 913 usesrc [ name | none ] 914 915 Specify a physical interface to be used for source 916 address selection. If the keyword none is used, then any 917 previous selection is cleared. 918 919 920 921 SunOS 5.11 Last change: 21 Jan 2007 14 922 923 924 925 926 927 928 System Administration Commands ifconfig(1M) 929 930 931 932 When an application does not choose a non-zero source 933 address using bind(3SOCKET), the system will select an 934 appropriate source address based on the outbound inter- 935 face and the address selection rules (see 936 ipaddrsel(1M)). 937 938 When usesrc is specified and the specified interface is 939 selected in the forwarding table for output, the system 940 looks first to the specified physical interface and its 941 associated logical interfaces when selecting a source 942 address. If no usable address is listed in the forward- 943 ing table, the ordinary selection rules apply. For exam- 944 ple, if you enter: 945 946 # ifconfig eri0 usesrc vni0 947 948 949 ...and vni0 has address 10.0.0.1 assigned to it, the 950 system will prefer 10.0.0.1 as the source address for 951 any packets originated by local connections that are 952 sent through eri0. Further examples are provided in the 953 EXAMPLES section. 954 955 While you can specify any physical interface (or even 956 loopback), be aware that you can also specify the vir- 957 tual IP interface (see vni(7D)). The virtual IP inter- 958 face is not associated with any physical hardware and is 959 thus immune to hardware failures. You can specify any 960 number of physical interfaces to use the source address 961 hosted on a single virtual interface. This simplifies 962 the configuration of routing-based multipathing. If one 963 of the physical interfaces were to fail, communication 964 would continue through one of the remaining, functioning 965 physical interfaces. This scenario assumes that the 966 reachability of the address hosted on the virtual inter- 967 face is advertised in some manner, for example, through 968 a routing protocol. 969 970 Because the ifconfig preferred option is applied to all 971 interfaces, it is coarser-grained than the usesrc 972 option. It will be overridden by usesrc and setsrc 973 (route subcommand), in that order. 974 975 The use of the usesrc option is mutually exclusive of 976 the IP multipathing ifconfig options, group and standby. 977 That is, if an interface is already part of a IP mul- 978 tipathing group or specified as a standby interface, 979 then it cannot be specified with a usesrc option, and 980 vice-versa. For more details on IP multipathing, see 981 in.mpathd(1M) and the . 982 983 984 985 986 987 SunOS 5.11 Last change: 21 Jan 2007 15 988 989 990 991 992 993 994 System Administration Commands ifconfig(1M) 995 996 997 998 xmit 999 1000 Enable a logical interface to transmit packets. This is 1001 the default behavior when the logical interface is up. 1002 1003 1004 -xmit 1005 1006 Disable transmission of packets on an interface. The 1007 interface will continue to receive packets. 1008 1009 1010 zone zonename 1011 1012 Place the logical interface in zone zonename. The named 1013 zone must be active in the kernel in the ready or run- 1014 ning state. The interface is unplumbed when the zone is 1015 halted or rebooted. The zone must be configure to be an 1016 shared-IP zone. zonecfg(1M) is used to assign network 1017 interface names to exclusive-IP zones. 1018 1019 1020 -zone 1021 1022 Place IP interface in the global zone. This is the 1023 default. 1024 1025 1026 OPERANDS 1027 The interface operand, as well as address parameters that 1028 affect it, are described below. 1029 1030 interface 1031 1032 A string of one of the following forms: 1033 1034 o name physical-unit, for example, eri0 or ce1 1035 1036 o name physical-unit:logical-unit, for example, 1037 eri0:1 1038 1039 o ip.tunN or ip6.tunN, for tunnels 1040 If the interface name starts with a dash (-), it is 1041 interpreted as a set of options which specify a set of 1042 interfaces. In such a case, -a must be part of the 1043 options and any of the additional options below can be 1044 added in any order. If one of these interface names is 1045 given, the commands following it are applied to all of 1046 the interfaces that match. 1047 1048 -a 1049 1050 1051 1052 1053 SunOS 5.11 Last change: 21 Jan 2007 16 1054 1055 1056 1057 1058 1059 1060 System Administration Commands ifconfig(1M) 1061 1062 1063 1064 Apply the command to all interfaces of the specified 1065 address family. If no address family is supplied, 1066 either on the command line or by means of 1067 /etc/default/inet_type, then all address families 1068 will be selected. 1069 1070 1071 -d 1072 1073 Apply the commands to all "down" interfaces in the 1074 system. 1075 1076 1077 -D 1078 1079 Apply the commands to all interfaces not under DHCP 1080 (Dynamic Host Configuration Protocol) control. 1081 1082 1083 -u 1084 1085 Apply the commands to all "up" interfaces in the 1086 system. 1087 1088 1089 -Z 1090 1091 Apply the commands to all interfaces in the user's 1092 zone. 1093 1094 1095 -4 1096 1097 Apply the commands to all IPv4 interfaces. 1098 1099 1100 -6 1101 1102 Apply the commands to all IPv6 interfaces. 1103 1104 1105 1106 address_family 1107 1108 The address family is specified by the address_family 1109 parameter. The ifconfig command currently supports the 1110 following families: inet and inet6. If no address family 1111 is specified, the default is inet. 1112 1113 ifconfig honors the DEFAULT_IP setting in the 1114 /etc/default/inet_type file when it displays interface 1115 information . If DEFAULT_IP is set to IP_VERSION4, then 1116 1117 1118 1119 SunOS 5.11 Last change: 21 Jan 2007 17 1120 1121 1122 1123 1124 1125 1126 System Administration Commands ifconfig(1M) 1127 1128 1129 1130 ifconfig will omit information that relates to IPv6 1131 interfaces. However, when you explicitly specify an 1132 address family (inet or inet6) on the ifconfig command 1133 line, the command line overrides the DEFAULT_IP set- 1134 tings. 1135 1136 1137 address 1138 1139 For the IPv4 family (inet), the address is either a host 1140 name present in the host name data base (see hosts(4)) 1141 or in the Network Information Service (NIS) map hosts, 1142 or an IPv4 address expressed in the Internet standard 1143 "dot notation". 1144 1145 For the IPv6 family (inet6), the address is either a 1146 host name present in the host name data base (see 1147 hosts(4)) or in the Network Information Service (NIS) 1148 map ipnode, or an IPv6 address expressed in the Internet 1149 standard colon-separated hexadecimal format represented 1150 as x:x:x:x:x:x:x:x where x is a hexadecimal number 1151 between 0 and FFFF. 1152 1153 1154 prefix_length 1155 1156 For the IPv4 and IPv6 families (inet and inet6), the 1157 prefix_length is a number between 0 and the number of 1158 bits in the address. For inet, the number of bits in the 1159 address is 32; for inet6, the number of bits in the 1160 address is 128. The prefix_length denotes the number of 1161 leading set bits in the netmask. 1162 1163 1164 dest_address 1165 1166 If the dest_address parameter is supplied in addition to 1167 the address parameter, it specifies the address of the 1168 correspondent on the other end of a point-to-point link. 1169 1170 1171 tunnel_dest_address 1172 1173 An address that is or will be reachable through an 1174 interface other than the tunnel being configured. This 1175 tells the tunnel where to send the tunneled packets. 1176 This address must not be the same as the interface des- 1177 tination address being configured. 1178 1179 1180 tunnel_src_address 1181 1182 1183 1184 1185 SunOS 5.11 Last change: 21 Jan 2007 18 1186 1187 1188 1189 1190 1191 1192 System Administration Commands ifconfig(1M) 1193 1194 1195 1196 An address that is attached to an already configured 1197 interface that has been configured "up" with ifconfig. 1198 1199 1200 INTERFACE FLAGS 1201 The ifconfig command supports the following interface flags. 1202 The term "address" in this context refers to a logical 1203 interface, for example, eri0:0, while "interface " refers to 1204 the physical interface, for example, eri0. 1205 1206 ADDRCONF 1207 1208 The address is from stateless addrconf. The stateless 1209 mechanism allows a host to generate its own address 1210 using a combination of information advertised by routers 1211 and locally available information. Routers advertise 1212 prefixes that identify the subnet associated with the 1213 link, while the host generates an "interface identifier" 1214 that uniquely identifies an interface in a subnet. In 1215 the absence of information from routers, a host can gen- 1216 erate link-local addresses. This flag is specific to 1217 IPv6. 1218 1219 1220 ANYCAST 1221 1222 Indicates an anycast address. An anycast address identi- 1223 fies the nearest member of a group of systems that pro- 1224 vides a particular type of service. An anycast address 1225 is assigned to a group of systems. Packets are delivered 1226 to the nearest group member identified by the anycast 1227 address instead of being delivered to all members of the 1228 group. 1229 1230 1231 BROADCAST 1232 1233 This broadcast address is valid. This flag and POINTTO- 1234 POINT are mutually exclusive 1235 1236 1237 CoS 1238 1239 This interface supports some form of Class of Service 1240 (CoS) marking. An example is the 802.1D user priority 1241 marking supported on VLAN interfaces. 1242 1243 1244 DEPRECATED 1245 1246 This address is deprecated. This address will not be 1247 used as a source address for outbound packets unless 1248 1249 1250 1251 SunOS 5.11 Last change: 21 Jan 2007 19 1252 1253 1254 1255 1256 1257 1258 System Administration Commands ifconfig(1M) 1259 1260 1261 1262 there are no other addresses on this interface or an 1263 application has explicitly bound to this address. An 1264 IPv6 deprecated address will eventually be deleted when 1265 not used, whereas an IPv4 deprecated address is often 1266 used with IP network multipathing IPv4 test addresses, 1267 which are determined by the setting of the NOFAILOVER 1268 flag. Further, the DEPRECATED flag is part of the stan- 1269 dard mechanism for renumbering in IPv6. 1270 1271 1272 DHCP 1273 1274 DHCP is used to manage this address. 1275 1276 1277 DUPLICATE 1278 1279 The logical interface has been disabled because the IP 1280 address configured on the interface is a duplicate. Some 1281 other node on the network is using this address. If the 1282 address was configured by DHCP or is temporary, the sys- 1283 tem will choose another automatically, if possible. Oth- 1284 erwise, the system will attempt to recover this address 1285 periodically and the interface will recover when the 1286 conflict has been removed from the network. Changing the 1287 address or netmask, or setting the logical interface to 1288 up will restart duplicate detection. Setting the inter- 1289 face to down terminates recovery and removes the DUPLI- 1290 CATE flag. 1291 1292 1293 FAILED 1294 1295 The interface has failed. New addresses cannot be 1296 created on this interface. If this interface is part of 1297 an IP network multipathing group, a failover will occur 1298 to another interface in the group, if possible 1299 1300 1301 FIXEDMTU 1302 1303 The MTU has been set using the -mtu option. This flag is 1304 read-only. Interfaces that have this flag set have a 1305 fixed MTU value that is unaffected by dynamic MTU 1306 changes that can occur when drivers notify IP of link 1307 MTU changes. 1308 1309 1310 INACTIVE 1311 1312 Indicates that the interface is not currently being used 1313 for regular traffic by the system. New addresses cannot 1314 1315 1316 1317 SunOS 5.11 Last change: 21 Jan 2007 20 1318 1319 1320 1321 1322 1323 1324 System Administration Commands ifconfig(1M) 1325 1326 1327 1328 be created on this interface. The flag is set automati- 1329 cally on standby interfaces. It can also be set when the 1330 system detects that a failed interface has been repaired 1331 and FAILBACK=no is configured in /etc/default/mpathd. 1332 The flag is cleared when the interface fails or when a 1333 failover to that interface occurs. 1334 1335 1336 LOOPBACK 1337 1338 Indicates that this is the loopback interface. 1339 1340 1341 MIP 1342 1343 Indicates that mobile IP controls this interface. 1344 1345 1346 MULTI_BCAST 1347 1348 Indicates that the broadcast address is used for multi- 1349 cast on this interface. 1350 1351 1352 MULTICAST 1353 1354 The interface supports multicast. IP assumes that any 1355 interface that supports hardware broadcast, or that is a 1356 point-to-point link, will support multicast. 1357 1358 1359 NOARP 1360 1361 There is no address resolution protocol (ARP) for this 1362 interface that corresponds to all interfaces for a dev- 1363 ice without a broadcast address. This flag is specific 1364 to IPv4. 1365 1366 1367 NOFAILOVER 1368 1369 This address will not failover if the interface fails. 1370 IP network multipathing test addresses must be marked 1371 nofailover. 1372 1373 1374 NOLOCAL 1375 1376 The interface has no address , just an on-link subnet. 1377 1378 1379 1380 1381 1382 1383 SunOS 5.11 Last change: 21 Jan 2007 21 1384 1385 1386 1387 1388 1389 1390 System Administration Commands ifconfig(1M) 1391 1392 1393 1394 NONUD 1395 1396 NUD is disabled on this interface. NUD (neighbor 1397 unreachability detection) is used by a node to track the 1398 reachability state of its neighbors, to which the node 1399 actively sends packets, and to perform any recovery if a 1400 neighbor is detected to be unreachable. This flag is 1401 specific to IPv6. 1402 1403 1404 NORTEXCH 1405 1406 The interface does not exchange routing information. For 1407 RIP-2, routing packets are not sent over this interface. 1408 Additionally, messages that appear to come over this 1409 interface receive no response. The subnet or address of 1410 this interface is not included in advertisements over 1411 other interfaces to other routers. 1412 1413 1414 NOXMIT 1415 1416 Indicates that the address does not transmit packets. 1417 RIP-2 also does not advertise this address. 1418 1419 1420 OFFLINE 1421 1422 Indicates that the interface has been offlined. New 1423 addresses cannot be created on this interface. Inter- 1424 faces in an IP network multipathing group are offlined 1425 prior to removal and replacement using dynamic reconfi- 1426 guration. 1427 1428 1429 POINTOPOINT 1430 1431 Indicates that the address is a point-to-point link. 1432 This flag and BROADCAST are mutually exclusive 1433 1434 1435 PREFERRED 1436 1437 This address is a preferred IPv6 source address. This 1438 address will be used as a source address for IPv6 com- 1439 munication with all IPv6 destinations, unless another 1440 address on the system is of more appropriate scope. The 1441 DEPRECATED flag takes precedence over the PREFERRED 1442 flag. 1443 1444 1445 1446 1447 1448 1449 SunOS 5.11 Last change: 21 Jan 2007 22 1450 1451 1452 1453 1454 1455 1456 System Administration Commands ifconfig(1M) 1457 1458 1459 1460 PRIVATE 1461 1462 Indicates that this address is not advertised. For RIP- 1463 2, this interface is used to send advertisements. How- 1464 ever, neither the subnet nor this address are included 1465 in advertisements to other routers. 1466 1467 1468 ROUTER 1469 1470 Indicates that IP packets can be forwarded to and from 1471 the interface. 1472 1473 1474 RUNNING 1475 1476 Indicates that the required resources for an interface 1477 are allocated. For some interfaces this also indicates 1478 that the link is up. 1479 1480 1481 STANDBY 1482 1483 Indicates that this is a standby interface to be used on 1484 failures. Only interfaces in an IP network multipathing 1485 group should be designated as standby interfaces. If 1486 this interface is part of a IP network multipathing 1487 group, the interface will not be selected to send out 1488 packets unless some other interface in the group fails 1489 over to it. 1490 1491 1492 TEMPORARY 1493 1494 Indicates that this is a temporary IPv6 address as 1495 defined in RFC 3041. 1496 1497 1498 UNNUMBERED 1499 1500 This flag is set when the local IP address on the link 1501 matches the local address of some other link in the sys- 1502 tem 1503 1504 1505 UP 1506 1507 Indicates that the interface is up, that is, all the 1508 routing entries and the like for this interface have 1509 been set up. 1510 1511 1512 1513 1514 1515 SunOS 5.11 Last change: 21 Jan 2007 23 1516 1517 1518 1519 1520 1521 1522 System Administration Commands ifconfig(1M) 1523 1524 1525 1526 VIRTUAL 1527 1528 Indicates that the physical interface has no underlying 1529 hardware. It is not possible to transmit or receive 1530 packets through a virtual interface. These interfaces 1531 are useful for configuring local addresses that can be 1532 used on multiple interfaces. (See also the -usesrc 1533 option.) 1534 1535 1536 XRESOLV 1537 1538 Indicates that the interface uses an IPv6 external 1539 resolver. 1540 1541 1542 LOGICAL INTERFACES 1543 Solaris TCP/IP allows multiple logical interfaces to be 1544 associated with a physical network interface. This allows a 1545 single machine to be assigned multiple IP addresses, even 1546 though it may have only one network interface. Physical net- 1547 work interfaces have names of the form driver-name 1548 physical-unit-number, while logical interfaces have names of 1549 the form driver-name physical-unit-number:logical-unit- 1550 number. A physical interface is configured into the system 1551 using the plumb command. For example: 1552 1553 example% ifconfig eri0 plumb 1554 1555 1556 1557 1558 Once a physical interface has been "plumbed", logical inter- 1559 faces associated with the physical interface can be config- 1560 ured by separate -plumb or -addif options to the ifconfig 1561 command. 1562 1563 example% ifconfig eri0:1 plumb 1564 1565 1566 1567 1568 allocates a specific logical interface associated with the 1569 physical interface eri0. The command 1570 1571 example% ifconfig eri0 addif 192.168.200.1/24 up 1572 1573 1574 1575 1576 allocates the next available logical unit number on the eri0 1577 physical interface and assigns an address and prefix_length. 1578 1579 1580 1581 SunOS 5.11 Last change: 21 Jan 2007 24 1582 1583 1584 1585 1586 1587 1588 System Administration Commands ifconfig(1M) 1589 1590 1591 1592 A logical interface can be configured with parameters ( 1593 address,prefix_length, and so on) different from the physi- 1594 cal interface with which it is associated. Logical inter- 1595 faces that are associated with the same physical interface 1596 can be given different parameters as well. Each logical 1597 interface must be associated with an existing and "up" phy- 1598 sical interface. So, for example, the logical interface 1599 eri0:1 can only be configured after the physical interface 1600 eri0 has been plumbed. 1601 1602 1603 To delete a logical interface, use the -unplumb or -removeif 1604 options. For example, 1605 1606 example% ifconfig eri0:1 down unplumb 1607 1608 1609 1610 1611 will delete the logical interface eri0:1. 1612 1613 MULTIPATHING GROUPS 1614 Physical interfaces that share the same IP broadcast domain 1615 can be collected into a multipathing group using the group 1616 keyword. Interfaces assigned to the same multipathing group 1617 are treated as equivalent and outgoing traffic is spread 1618 across the interfaces on a per-IP-destination basis. In 1619 addition, individual interfaces in a multipathing group are 1620 monitored for failures; the addresses associated with failed 1621 interfaces are automatically transferred to other function- 1622 ing interfaces within the group. 1623 1624 1625 For more details on IP multipathing, see in.mpathd(1M) and 1626 the . See netstat(1M) for per-IP-destination information. 1627 1628 CONFIGURING IPV6 INTERFACES 1629 When an IPv6 physical interface is plumbed and configured 1630 "up" with ifconfig, it is automatically assigned an IPv6 1631 link-local address for which the last 64 bits are calculated 1632 from the MAC address of the interface. 1633 1634 example% ifconfig eri0 inet6 plumb up 1635 1636 1637 1638 1639 The following example shows that the link-local address has 1640 a prefix of fe80::/10. 1641 1642 example% ifconfig eri0 inet6 1643 ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> 1644 1645 1646 1647 SunOS 5.11 Last change: 21 Jan 2007 25 1648 1649 1650 1651 1652 1653 1654 System Administration Commands ifconfig(1M) 1655 1656 1657 1658 mtu 1500 index 2 1659 inet6 fe80::a00:20ff:fe8e:f3ad/10 1660 1661 1662 1663 1664 Link-local addresses are only used for communication on the 1665 local subnet and are not visible to other subnets. 1666 1667 1668 If an advertising IPv6 router exists on the link advertising 1669 prefixes, then the newly plumbed IPv6 interface will auto- 1670 configure logical interface(s) depending on the prefix 1671 advertisements. For example, for the prefix advertisement 1672 2001:0db8:3c4d:0:55::/64, the autoconfigured interface will 1673 look like: 1674 1675 eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> 1676 mtu 1500 index 2 1677 inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 1678 1679 1680 1681 1682 Even if there are no prefix advertisements on the link, you 1683 can still assign global addresses manually, for example: 1684 1685 example% ifconfig eri0 inet6 addif \ 1686 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up 1687 1688 1689 1690 1691 To configure boot-time defaults for the interface eri0, 1692 place the following entry in the /etc/hostname6.eri0 file: 1693 1694 addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up 1695 1696 1697 Configuring IPv6/IPv4 tunnels 1698 An IPv6 over IPv4 tunnel interface can send and receive IPv6 1699 packets encapsulated in an IPv4 packet. Create tunnels at 1700 both ends pointing to each other. IPv6 over IPv4 tunnels 1701 require the tunnel source and tunnel destination IPv4 and 1702 IPv6 addresses. Solaris 8 supports both automatic and con- 1703 figured tunnels. For automatic tunnels, an IPv4-compatible 1704 IPv6 address is used. The following demonstrates auto-tunnel 1705 configuration: 1706 1707 example% ifconfig ip.atun0 inet6 plumb 1708 example% ifconfig ip.atun0 inet6 tsrc IPv4-address \ 1709 ::IPv4 address/96 up 1710 1711 1712 1713 SunOS 5.11 Last change: 21 Jan 2007 26 1714 1715 1716 1717 1718 1719 1720 System Administration Commands ifconfig(1M) 1721 1722 1723 1724 where IPv4-address is the IPv4 address of the interface 1725 through which the tunnel traffic will flow, and IPv4- 1726 address, ::<IPv4-address>, is the corresponding IPv4- 1727 compatible IPv6 address. 1728 1729 1730 The following is an example of a configured tunnel: 1731 1732 example% ifconfig ip.tun0 inet6 plumb tsrc my-ipv4-address \ 1733 tdst peer-ipv4-address up 1734 1735 1736 1737 1738 This creates a configured tunnel between my-ipv4-address and 1739 peer-ipv4-address with corresponding link-local addresses. 1740 For tunnels with global or site-local addresses, the logical 1741 tunnel interfaces need to be configured in the following 1742 form: 1743 1744 example% ifconfig ip.tun0 inet6 addif my-v6-address peer-v6-address up 1745 1746 1747 1748 1749 For example, 1750 1751 example% ifconfig ip.tun0 inet6 plumb tsrc 109.146.85.57 \ 1752 tdst 109.146.85.212 up 1753 example% ifconfig ip.tun0 inet6 addif 2::45 2::46 up 1754 1755 1756 1757 1758 To show all IPv6 interfaces that are up and configured: 1759 1760 example% ifconfig -au6 1761 ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> 1762 mtu 1480 index 3 1763 inet tunnel src 109.146.85.57 tunnel dst 109.146.85.212 1764 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1' 1765 tunnel hop limit 60 1766 inet6 fe80::6d92:5539/10 --> fe80::6d92:55d4 1767 ip.tun0:1: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> 1768 mtu 1480 index 3 1769 inet6 2::45/128 --> 2::46 1770 1771 1772 1773 1774 In the output above, note the line that begins with "tunnel 1775 security settings". The content of this line varies 1776 1777 1778 1779 SunOS 5.11 Last change: 21 Jan 2007 27 1780 1781 1782 1783 1784 1785 1786 System Administration Commands ifconfig(1M) 1787 1788 1789 1790 according to whether and how you have set your security set- 1791 tings. See "Display of Tunnel Security Settings," below. 1792 1793 Configuring IPv4/IPv6 Tunnels 1794 An IPv4 over IPv6 tunnel interface can send and receive IPv4 1795 packets encapsulated in an IPv6 packet. Create tunnels at 1796 both ends pointing to each other. IPv4 over IPv6 tunnels 1797 require the tunnel source and tunnel destination IPv6 and 1798 IPv4 addresses. The following demonstrates auto-tunnel con- 1799 figuration: 1800 1801 example% ifconfig ip6.tun0 inet plumb tsrc my-ipv6-address \ 1802 tdst peer-ipv6-address my-ipv4-address \ 1803 peer-ipv4-address up 1804 1805 1806 1807 1808 This creates a configured tunnel between my-ipv6-address and 1809 peer-ipv6-address with my-ipv4-address and peer-ipv4-address 1810 as the endpoints of the point-to-point interface, for exam- 1811 ple: 1812 1813 example% ifconfig ip6.tun0 inet plumb tsrc fe80::1 tdst fe80::2 \ 1814 10.0.0.208 10.0.0.210 up 1815 1816 1817 1818 1819 To show all IPv4 interfaces that are up and configured: 1820 1821 example% ifconfig -au4 1822 lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 1823 inet 127.0.0.1 netmask ff000000 1824 eri0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 \ 1825 index 2 1826 inet 172.17.128.208 netmask ffffff00 broadcast 172.17.128.255 1827 ip6.tun0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> \ 1828 mtu 1460 1829 index 3 1830 inet6 tunnel src fe80::1 tunnel dst fe80::2 1831 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1' 1832 tunnel hop limit 60 tunnel encapsulation limit 4 1833 inet 10.0.0.208 --> 10.0.0.210 netmask ff000000 1834 1835 1836 1837 1838 In the output above, note the line that begins with "tunnel 1839 security settings". The content of this line varies accord- 1840 ing to whether and how you have set your security settings. 1841 See "Display of Tunnel Security Settings," below. 1842 1843 1844 1845 SunOS 5.11 Last change: 21 Jan 2007 28 1846 1847 1848 1849 1850 1851 1852 System Administration Commands ifconfig(1M) 1853 1854 1855 1856 Display of Tunnel Security Settings 1857 The ifconfig output for tunneled interfaces indicates secu- 1858 rity settings, if present, for a tunnel. The content of the 1859 line showing your settings differs depending on how you have 1860 made your settings: 1861 1862 o If you set your security policy using the ifconfig 1863 -auth_algs, -encr_algs, and -encr_auth_algs options 1864 and do not use ipsecconf(1M), ifconfig displays 1865 your settings for each of these options. 1866 1867 o If you set your security policy using ipsecconf(1M) 1868 with the tunnel keyword (the preferred method), 1869 ifconfig displays: 1870 1871 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1' 1872 1873 1874 ...in effect, hiding your settings from those 1875 without privileges to view them. 1876 1877 If you do net set security policy, using either 1878 ifconfig or ipsecconf, there is no tunnel security 1879 setting displayed. 1880 1881 EXAMPLES 1882 Example 1 Using the ifconfig Command 1883 1884 1885 If your workstation is not attached to an Ethernet, the net- 1886 work interface, for example, eri0, should be marked "down" 1887 as follows: 1888 1889 1890 example% ifconfig eri0 down 1891 1892 1893 1894 Example 2 Printing Addressing Information 1895 1896 1897 To print out the addressing information for each interface, 1898 use the following command: 1899 1900 1901 example% ifconfig -a 1902 1903 1904 1905 Example 3 Resetting the Broadcast Address 1906 1907 1908 1909 1910 1911 SunOS 5.11 Last change: 21 Jan 2007 29 1912 1913 1914 1915 1916 1917 1918 System Administration Commands ifconfig(1M) 1919 1920 1921 1922 To reset each interface's broadcast address after the net- 1923 masks have been correctly set, use the next command: 1924 1925 1926 example% ifconfig -a broadcast + 1927 1928 1929 1930 Example 4 Changing the Ethernet Address 1931 1932 1933 To change the Ethernet address for interface ce0, use the 1934 following command: 1935 1936 1937 example% ifconfig ce0 ether aa:1:2:3:4:5 1938 1939 1940 1941 Example 5 Configuring an IP-in-IP Tunnel 1942 1943 1944 To configure an IP-in-IP tunnel, first plumb it with the 1945 following command: 1946 1947 1948 example% ifconfig ip.tun0 plumb 1949 1950 1951 1952 1953 Then configure it as a point-to-point interface, supplying 1954 the tunnel source and the tunnel destination: 1955 1956 1957 example% ifconfig ip.tun0 myaddr mydestaddr tsrc another_myaddr \ 1958 tdst a_dest_addr up 1959 1960 1961 1962 1963 Use ipsecconf(1M), as described above, to configure tunnel 1964 security properties. 1965 1966 1967 Example 6 Configuring 6to4 Tunnels 1968 1969 1970 To configure 6to4 tunnels, use the following commands: 1971 1972 1973 example% ifconfig ip.6to4tun0 inet6 plumb 1974 1975 1976 1977 SunOS 5.11 Last change: 21 Jan 2007 30 1978 1979 1980 1981 1982 1983 1984 System Administration Commands ifconfig(1M) 1985 1986 1987 1988 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address 6to4-address/64 up 1989 1990 1991 1992 1993 IPv4-address denotes the address of the encapsulating inter- 1994 face. 6to4-address denotes the address of the local IPv6 1995 address of form 2002:IPv4-address:SUBNET-ID:HOSTID. 1996 1997 1998 1999 The long form should be used to resolve any potential con- 2000 flicts that might arise if the system administrator utilizes 2001 an addressing plan where the values for SUBNET-ID or HOSTID 2002 are reserved for something else. 2003 2004 2005 2006 After the interface is plumbed, a 6to4 tunnel can be config- 2007 ured as follows: 2008 2009 2010 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address up 2011 2012 2013 2014 2015 This short form sets the address. It uses the convention: 2016 2017 2018 2002:IPv4-address::1 2019 2020 2021 2022 The SUBNET-ID is 0, and the HOSTID is 1. 2023 2024 2025 Example 7 Configuring IP Forwarding on an Interface 2026 2027 2028 To enable IP forwarding on a single interface, use the fol- 2029 lowing command: 2030 2031 2032 example% ifconfig eri0 router 2033 2034 2035 2036 2037 To disable IP forwarding on a single interface, use the fol- 2038 lowing command: 2039 2040 2041 2042 2043 SunOS 5.11 Last change: 21 Jan 2007 31 2044 2045 2046 2047 2048 2049 2050 System Administration Commands ifconfig(1M) 2051 2052 2053 2054 example% ifconfig eri0 -router 2055 2056 2057 2058 Example 8 Configuring Source Address Selection Using a Vir- 2059 tual Interface 2060 2061 2062 The following command configures source address selection 2063 such that every packet that is locally generated with no 2064 bound source address and going out on qfe2 prefers a source 2065 address hosted on vni0. 2066 2067 2068 example% ifconfig qfe2 usesrc vni0 2069 2070 2071 2072 2073 The ifconfig -a output for the qfe2 and vni0 interfaces 2074 displays as follows: 2075 2076 2077 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 2078 1500 index 4 2079 usesrc vni0 2080 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255 2081 ether 0:3:ba:17:4b:e1 2082 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> 2083 mtu 0 index 5 2084 srcof qfe2 2085 inet 3.4.5.6 netmask ffffffff 2086 2087 2088 2089 Observe, above, the usesrc and srcof keywords in the ifcon- 2090 fig output. These keywords also appear on the logical 2091 instances of the physical interface, even though this is a 2092 per-physical interface parameter. There is no srcof keyword 2093 in ifconfig for configuring interfaces. This information is 2094 determined automatically from the set of interfaces that 2095 have usesrc set on them. 2096 2097 2098 2099 The following command, using the none keyword, undoes the 2100 effect of the preceding ifconfig usersrc command. 2101 2102 2103 example% ifconfig qfe2 usesrc none 2104 2105 2106 2107 2108 2109 SunOS 5.11 Last change: 21 Jan 2007 32 2110 2111 2112 2113 2114 2115 2116 System Administration Commands ifconfig(1M) 2117 2118 2119 2120 Following this command, ifconfig -a output displays as fol- 2121 lows: 2122 2123 2124 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 2125 1500 index 4 2126 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255 2127 ether 0:3:ba:17:4b:e1 2128 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> 2129 mtu 0 index 5 2130 inet 3.4.5.6 netmask ffffffff 2131 2132 2133 2134 Note the absence of the usesrc and srcof keywords in the 2135 output above. 2136 2137 2138 Example 9 Configuring Source Address Selection for an IPv6 2139 Address 2140 2141 2142 The following command configures source address selection 2143 for an IPv6 address, selecting a source address hosted on 2144 vni0. 2145 2146 2147 example% ifconfig qfe1 inet6 usesrc vni0 2148 2149 2150 2151 2152 Following this command, ifconfig -a output displays as fol- 2153 lows: 2154 2155 2156 qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3 2157 usesrc vni0 2158 inet6 fe80::203:baff:fe17:4be0/10 2159 ether 0:3:ba:17:4b:e0 2160 vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0 2161 index 5 2162 srcof qfe1 2163 inet6 fe80::203:baff:fe17:4444/128 2164 vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0 2165 index 5 2166 srcof qfe1 2167 inet6 fec0::203:baff:fe17:4444/128 2168 vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0 2169 index 5 2170 srcof qfe1 2171 inet6 2000::203:baff:fe17:4444/128 2172 2173 2174 2175 SunOS 5.11 Last change: 21 Jan 2007 33 2176 2177 2178 2179 2180 2181 2182 System Administration Commands ifconfig(1M) 2183 2184 2185 2186 Depending on the scope of the destination of the packet 2187 going out on qfe1, the appropriately scoped source address 2188 is selected from vni0 and its aliases. 2189 2190 2191 Example 10 Using Source Address Selection with Shared-IP 2192 Zones 2193 2194 2195 The following is an example of how the usesrc feature can be 2196 used with the zones(5) facility in Solaris. The following 2197 commands are invoked in the global zone: 2198 2199 2200 example% ifconfig hme0 usesrc vni0 2201 example% ifconfig eri0 usesrc vni0 2202 example% ifconfig qfe0 usesrc vni0 2203 2204 2205 2206 2207 Following the preceding commands, the ifconfig -a output for 2208 the virtual interfaces would display as: 2209 2210 2211 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> 2212 mtu 0 index 23 2213 srcof hme0 eri0 qfe0 2214 inet 10.0.0.1 netmask ffffffff 2215 vni0:1: 2216 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0 2217 index 23 2218 zone test1 2219 srcof hme0 eri0 qfe0 2220 inet 10.0.0.2 netmask ffffffff 2221 vni0:2: 2222 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0 2223 index 23 2224 zone test2 2225 srcof hme0 eri0 qfe0 2226 inet 10.0.0.3 netmask ffffffff 2227 vni0:3: 2228 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0 2229 index 23 2230 zone test3 2231 srcof hme0 eri0 qfe0 2232 inet 10.0.0.4 netmask ffffffff 2233 2234 2235 2236 There is one virtual interface alias per zone (test1, test2, 2237 and test3). A source address from the virtual interface 2238 2239 2240 2241 SunOS 5.11 Last change: 21 Jan 2007 34 2242 2243 2244 2245 2246 2247 2248 System Administration Commands ifconfig(1M) 2249 2250 2251 2252 alias in the same zone is selected. The virtual interface 2253 aliases were created using zonecfg(1M) as follows: 2254 2255 2256 example% zonecfg -z test1 2257 zonecfg:test1> add net 2258 zonecfg:test1:net> set physical=vni0 2259 zonecfg:test1:net> set address=10.0.0.2 2260 2261 2262 2263 2264 The test2 and test3 zone interfaces and addresses are 2265 created in the same way. 2266 2267 2268 Example 11 Turning Off DHCPv6 2269 2270 2271 The following example shows how to disable automatic use of 2272 DHCPv6 on all interfaces, and immediately shut down DHCPv6 2273 on the interface named hme0. See in.ndpd(1M) and 2274 ndpd.conf(4) for more information on the automatic DHCPv6 2275 configuration mechanism. 2276 2277 2278 example% echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf 2279 example% pkill -HUP -x in.ndpd 2280 example% ifconfig hme0 dhcp release 2281 2282 2283 2284 FILES 2285 /etc/netmasks 2286 2287 Netmask data. 2288 2289 2290 /etc/default/inet_type 2291 2292 Default Internet protocol type. 2293 2294 2295 ATTRIBUTES 2296 See attributes(5) for descriptions of the following attri- 2297 butes: 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 SunOS 5.11 Last change: 21 Jan 2007 35 2308 2309 2310 2311 2312 2313 2314 System Administration Commands ifconfig(1M) 2315 2316 2317 2318 _______________________________________________________________________ 2319 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 2320 |_______________________________________|______________________________| 2321 | Availability | SUNWcsu | 2322 |_______________________________________|______________________________| 2323 | Interface Stability for command-line| Committed | 2324 | options | | 2325 |_______________________________________|______________________________| 2326 | Interface Stability for command output| Uncommitted | 2327 |_______________________________________|______________________________| 2328 2329 2330 SEE ALSO 2331 dhcpinfo(1), dhcpagent(1M), in.mpathd(1M), in.ndpd(1M), 2332 in.routed(1M), ipsecconf(1M), ndd(1M), netstat(1M), 2333 zoneadm(1M), zonecfg(1M), ethers(3SOCKET), 2334 gethostbyname(3NSL), getnetbyname(3SOCKET), hosts(4), 2335 inet_type(4), ndpd.conf(4), netmasks(4), networks(4), 2336 nsswitch.conf(4), attributes(5), privileges(5), zones(5), 2337 arp(7P), ipsecah(7P), ipsecesp(7P), tun(7M) 2338 2339 2340 DIAGNOSTICS 2341 ifconfig sends messages that indicate if: 2342 2343 o the specified interface does not exist 2344 2345 o the requested address is unknown 2346 2347 o the user is not privileged and tried to alter an 2348 interface's configuration 2349 2350 NOTES 2351 Do not select the names broadcast, down, private, trailers, 2352 up or other possible option names when you choose host 2353 names. If you choose any one of these names as host names, 2354 it can cause unusual problems that are extremely difficult 2355 to diagnose. 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 SunOS 5.11 Last change: 21 Jan 2007 36 2374 2375 2376 --- EOF ---