Clearview IPMP manpages
1 System Administration Commands ifconfig(1M) 2 3 4 5 NAME 6 ifconfig - configure network interface parameters 7 8 SYNOPSIS 9 ifconfig interface [address_family] [address [/prefix_length] 10 [dest_address]] [addif address [/prefix_length]] 11 [removeif address [/prefix_length]] [arp | -arp] 12 [auth_algs authentication algorithm] [encr_algs encryption algorithm] 13 [encr_auth_algs authentication algorithm] [auto-revarp] 14 [broadcast address] [deprecated | -deprecated] 15 [preferred | -preferred] [destination dest_address] 16 [ether [address]] [failover | -failover] [group 17 [name | ""]] [index if_index] [ipmp] [metric n] [modlist] 18 [modinsert mod_name@pos] [modremove mod_name@pos] 19 [mtu n] [netmask mask] [plumb] [unplumb] [private 20 | -private] [nud | -nud] [set [address] [/netmask]] 21 [standby | -standby] [subnet subnet_address] [tdst 22 tunnel_dest_address] [token address/prefix_length] 23 [tsrc tunnel_src_address] [trailers | -trailers] 24 [up] [down] [usesrc [name | none]] [xmit | -xmit] 25 [encaplimit n | -encaplimit] [thoplimit n] [router 26 | -router] [zone zonename | -zone | -all-zones] 27 28 29 ifconfig [address_family] interface {auto-dhcp | dhcp} [primary] 30 [wait seconds] drop | extend | inform | ping 31 | release | start | status 32 33 34 DESCRIPTION 35 The command ifconfig is used to assign an address to a net- 36 work interface and to configure network interface parame- 37 ters. The ifconfig command must be used at boot time to 38 define the network address of each interface present on a 39 machine; it may also be used at a later time to redefine an 40 interface's address or other operating parameters. If no 41 option is specified, ifconfig displays the current confi- 42 guration for a network interface. If an address family is 43 specified, ifconfig reports only the details specific to 44 that address family. Only privileged users may modify the 45 configuration of a network interface. Options appearing 46 within braces ({}) indicate that one of the options must be 47 specified. 48 49 DHCP Configuration 50 The forms of ifconfig that use the auto-dhcp or dhcp argu- 51 ments are used to control the Dynamic Host Configuration 52 Protocol ("DHCP") configuration of the interface. In this 53 mode, ifconfig is used to control operation of 54 dhcpagent(1M), the DHCP client daemon. Once an interface is 55 placed under DHCP control by using the start operand, ifcon- 56 fig should not, in normal operation, be used to modify the 57 58 59 60 SunOS 5.11 Last change: 21 Jan 2007 1 61 62 63 64 65 66 67 System Administration Commands ifconfig(1M) 68 69 70 71 address or characteristics of the interface. If the address 72 of an interface under DHCP is changed, dhcpagent will remove 73 the interface from its control. 74 75 OPTIONS 76 The following options are supported: 77 78 addif address 79 80 Create the next unused logical interface on the speci- 81 fied physical interface. 82 83 all-zones 84 85 Make the interface available to every shared-IP zone on 86 the system. The appropriate zone to which to deliver 87 data is determined using the tnzonecfg database. This 88 option is available only if the system is configured 89 with the Solaris Trusted Extensions feature. 90 91 The tnzonecfg database is described in the tnzonecfg(4) 92 man page, which is part of the Solaris Trusted Exten- 93 sions Reference Manual. 94 95 96 anycast 97 98 Marks the logical interface as an anycast address by 99 setting the ANYCAST flag. See "INTERFACE FLAGS," below, 100 for more information on anycast. 101 102 103 -anycast 104 105 Marks the logical interface as not an anycast address by 106 clearing the ANYCAST flag. 107 108 109 arp 110 111 Enable the use of the Address Resolution Protocol 112 ("ARP") in mapping between network level addresses and 113 link level addresses (default). This is currently imple- 114 mented for mapping between IPv4 addresses and MAC 115 addresses. 116 117 118 119 120 121 122 SunOS 5.11 Last change: 21 Jan 2007 2 123 124 125 126 127 128 129 System Administration Commands ifconfig(1M) 130 131 132 133 -arp 134 135 Disable the use of the ARP on a physical interface. 136 ARP cannot be disabled on an IPMP IP interface. 137 138 139 auth_algs authentication algorithm 140 141 For a tunnel, enable IPsec AH with the authentication 142 algorithm specified. The algorithm can be either a 143 number or an algorithm name, including any to express no 144 preference in algorithm. All IPsec tunnel properties 145 must be specified on the same command line. To disable 146 tunnel security, specify an auth_alg of none. 147 148 It is now preferable to use the ipsecconf(1M) command 149 when configuring a tunnel's security properties. If 150 ipsecconf was used to set a tunnel's security proper- 151 ties, this keyword will not affect the tunnel. 152 153 154 auto-dhcp 155 156 Use DHCP to automatically acquire an address for this 157 interface. This option has a completely equivalent alias 158 called dhcp. 159 160 For IPv6, the interface specified must be the zeroth 161 logical interface (the physical interface name), which 162 has the link-local address. 163 164 primary 165 166 Defines the interface as the primary. The interface 167 is defined as the preferred one for the delivery of 168 client-wide configuration data. Only one interface 169 can be the primary at any given time. If another 170 interface is subsequently selected as the primary, 171 it replaces the previous one. Nominating an inter- 172 face as the primary one will not have much signifi- 173 cance once the client work station has booted, as 174 many applications will already have started and been 175 configured with data read from the previous primary 176 interface. 177 178 179 wait seconds 180 181 The ifconfig command will wait until the operation 182 either completes or for the interval specified, 183 whichever is the sooner. If no wait interval is 184 given, and the operation is one that cannot complete 185 immediately, ifconfig will wait 30 seconds for the 186 187 188 189 SunOS 5.11 Last change: 21 Jan 2007 3 190 191 192 193 194 195 196 System Administration Commands ifconfig(1M) 197 198 199 200 requested operation to complete. The symbolic value 201 forever may be used as well, with obvious meaning. 202 203 204 drop 205 206 Remove the specified interface from DHCP control 207 without notifying the DHCP server, and record the 208 current lease for later use. Additionally, for IPv4, 209 set the IP address to zero and mark the interface as 210 "down." For IPv6, unplumb all logical interfaces 211 plumbed by dhcpagent. 212 213 214 extend 215 216 Attempt to extend the lease on the interface's IP 217 address. This is not required, as the agent will 218 automatically extend the lease well before it 219 expires. 220 221 222 inform 223 224 Obtain network configuration parameters from DHCP 225 without obtaining a lease on IP addresses. This is 226 useful in situations where an IP address is obtained 227 through mechanisms other than DHCP. 228 229 230 ping 231 232 Check whether the interface given is under DHCP con- 233 trol, which means that the interface is managed by 234 the DHCP agent and is working properly. An exit 235 status of 0 means success. 236 237 238 release 239 240 Relinquish the IP addresses on the interface by 241 notifying the server and discard the current lease. 242 For IPv4, mark the interface as "down." For IPv6, 243 all logical interfaces plumbed by dhcpagent are 244 unplumbed. 245 246 247 start 248 249 Start DHCP on the interface. 250 251 252 253 254 255 SunOS 5.11 Last change: 21 Jan 2007 4 256 257 258 259 260 261 262 System Administration Commands ifconfig(1M) 263 264 265 266 status 267 268 Display the DHCP configuration status of the inter- 269 face. 270 271 272 273 auto-revarp 274 275 Use the Reverse Address Resolution Protocol (RARP) to 276 automatically acquire an address for this interface. 277 This will fail if the interface does not support RARP; 278 for example, IPoIB (IP over InfiniBand), and on IPv6 279 interfaces. 280 281 282 broadcast address 283 284 For IPv4 only. Specify the address to use to represent 285 broadcasts to the network. The default broadcast address 286 is the address with a host part of all 1's. A "+" (plus 287 sign) given for the broadcast value causes the broadcast 288 address to be reset to a default appropriate for the 289 (possibly new) address and netmask. The arguments of 290 ifconfig are interpreted left to right. Therefore 291 292 example% ifconfig -a netmask + broadcast + 293 294 295 and 296 297 example% ifconfig -a broadcast + netmask + 298 299 300 may result in different values being assigned for the 301 broadcast addresses of the interfaces. 302 303 304 deprecated 305 306 Marks the logical interface as deprecated. An address 307 associated with a deprecated interface will not be used 308 as source address for outbound packets unless either 309 there are no other addresses available on the interface 310 or the application has bound to this address explicitly. 311 The status display shows DEPRECATED as part of flags. 312 See for information on the flags supported by ifconfig. 313 314 315 -deprecated 316 317 Marks a logical interface as not deprecated. An address 318 319 320 321 SunOS 5.11 Last change: 21 Jan 2007 5 322 323 324 325 326 327 328 System Administration Commands ifconfig(1M) 329 330 331 332 associated with such an interface could be used as a 333 source address for outbound packets. 334 335 336 preferred 337 338 Marks the logical interface as preferred. This option is 339 only valid for IPv6 addresses. Addresses assigned to 340 preferred logical interfaces are preferred as source 341 addresses over all other addresses configured on the 342 system, unless the address is of an inappropriate scope 343 relative to the destination address. Preferred addresses 344 are used as source addresses regardless of which physi- 345 cal interface they are assigned to. For example, you can 346 configure a preferred source address on the loopback 347 interface and advertise reachability of this address by 348 using a routing protocol. 349 350 351 -preferred 352 353 Marks the logical interface as not preferred. 354 355 356 destination dest_address 357 358 Set the destination address for a point-to point inter- 359 face. 360 361 362 dhcp 363 364 This option is an alias for option auto-dhcp 365 366 367 down 368 369 Mark a logical interface as "down". (That is, turn off 370 the IFF_UP bit.) When a logical interface is marked 371 "down," the system does not attempt to use the address 372 assigned to that interface as a source address for out- 373 bound packets and will not recognize inbound packets 374 destined to that address as being addressed to this 375 host. Additionally, when all logical interfaces on a 376 given physical interface are "down," the physical inter- 377 face itself is disabled. 378 379 When a logical interface is down, all routes that 380 specify that interface as the output (using the -ifp 381 option in the route(1M) command or RTA_IFP in a 382 route(7P) socket) are removed from the forwarding table. 383 Routes marked with RTF_STATIC are returned to the table 384 385 386 387 SunOS 5.11 Last change: 21 Jan 2007 6 388 389 390 391 392 393 394 System Administration Commands ifconfig(1M) 395 396 397 398 if the interface is brought back up, while routes not 399 marked with RTF_STATIC are simply deleted. 400 401 When all logical interfaces that could possibly be used 402 to reach a particular gateway address are brought down 403 (specified without the interface option as in the previ- 404 ous paragraph), the affected gateway routes are treated 405 as though they had the RTF_BLACKHOLE flag set. All 406 matching packets are discarded because the gateway is 407 unreachable. 408 409 410 encaplimit n 411 412 Set the tunnel encapsulation limit for the interface to 413 n. This option applies to IPv4-in-IPv6 and IPv6-in-IPv6 414 tunnels only. The tunnel encapsulation limit controls 415 how many more tunnels a packet may enter before it 416 leaves any tunnels, that is, the tunnel nesting level. 417 418 419 -encaplimit 420 421 Disable generation of the tunnel encapsulation limit. 422 This option applies only to IPv4-in-IPv6 and IPv6-in- 423 IPv6 tunnels. 424 425 426 encr_auth_algs authentication algorithm 427 428 For a tunnel, enable IPsec ESP with the authentication 429 algorithm specified. It can be either a number or an 430 algorithm name, including any or none, to indicate no 431 algorithm preference. If an ESP encryption algorithm is 432 specified but the authentication algorithm is not, the 433 default value for the ESP authentication algorithm will 434 be any. 435 436 It is now preferable to use the ipsecconf(1M) command 437 when configuring a tunnel's security properties. If 438 ipsecconf was used to set a tunnel's security proper- 439 ties, this keyword will not affect the tunnel. 440 441 442 encr_algs encryption algorithm 443 444 For a tunnel, enable IPsec ESP with the encryption algo- 445 rithm specified. It can be either a number or an algo- 446 rithm name. Note that all IPsec tunnel properties must 447 be specified on the same command line. To disable tunnel 448 security, specify the value of encr_alg as none. If an 449 ESP authentication algorithm is specified, but the 450 451 452 453 SunOS 5.11 Last change: 21 Jan 2007 7 454 455 456 457 458 459 460 System Administration Commands ifconfig(1M) 461 462 463 464 encryption algorithm is not, the default value for the 465 ESP encryption will be null. 466 467 It is now preferable to use the ipsecconf(1M) command 468 when configuring a tunnel's security properties. If 469 ipsecconf was used to set a tunnel's security proper- 470 ties, this keyword will not affect the tunnel. 471 472 473 ether [ address ] 474 475 If no address is given and the user is root or has suf- 476 ficient privileges to open the underlying datalink, then 477 display the current Ethernet address information. 478 479 Otherwise, if the user is root or has sufficient 480 privileges, set the Ethernet address of the interfaces 481 to address. The address is an Ethernet address 482 represented as x:x:x:x:x:x where x is a hexadecimal 483 number between 0 and FF. Similarly, for the IPoIB (IP 484 over InfiniBand) interfaces, the address will be 20 485 bytes of colon-separated hex numbers between 0 and FF. 486 487 Some, though not all, Ethernet interface cards have 488 their own addresses. To use cards that do not have their 489 own addresses, refer to section 3.2.3(4) of the IEEE 490 802.3 specification for a definition of the locally 491 administered address space. Note that all IP interfaces 492 in an IPMP group must have unique hardware addresses; 493 see *in.mpathd(1M)*. 494 495 496 -failover 497 498 Set *NOFAILOVER* on the logical interface. This makes 499 the associated address available for use by *in.mpathd* 500 to perform probe-based failure detection for the 501 associated physical IP interface. As a side effect, 502 *DEPRECATED* will also be set on the logical interface. 503 This operation is not permitted on an IPMP IP interface. 504 505 506 failover 507 508 Clear *NOFAILOVER* on the logical interface. This is 509 the default. These logical interfaces are subject to 510 migration when brought up (see IP MULTIPATHING GROUPS). 511 512 513 group [ name | "" ] 514 515 When applied to a physical interface, it places the 516 interface into the named group. If the group does not 517 exist, it will be created, along with one or more IPMP 518 IP interfaces (for IPv4, IPv6, or both). Any *UP* 519 addresses that are not also marked *NOFAILOVER* are 520 subject to migration to the IPMP IP interface (see IP 521 MULTIPATHING GROUPS). Specifying a group name of *""* 522 removes the physical IP interface from the group. 523 524 When applied to a physical IPMP IP interface, it renames 525 the IPMP group to have the new name. If the name 526 already exists, or a name of *""* is specified, it 527 fails. Renaming IPMP groups is discouraged. Instead, 528 the IPMP IP interface should be given a meaningful name 529 when it is created via the *ipmp* subcommand, which the 530 system will also use as the IPMP group name. 531 532 533 index n 534 535 Change the interface index for the interface. The value 536 of n must be an interface index (if_index) that is not 537 used on another interface. if_index will be a non-zero 538 positive number that uniquely identifies the network 539 interface on the system. 540 541 542 ipmp 543 544 Create an IPMP IP interface with the specified name. An 545 interface must be separately created for use by IPv4 and 546 IPv6. The *address_family* parameter controls whether 547 the command applies to IPv4 or IPv6 (IPv4 if 548 unspecified). All IPMP IP interfaces have the *IPMP* 549 flag set. 550 551 metric n 552 553 Set the routing metric of the interface to n; if no 554 value is specified, the default is 0. The routing metric 555 is used by the routing protocol. Higher metrics have the 556 effect of making a route less favorable. Metrics are 557 counted as addition hops to the destination network or 558 host. 559 560 561 modinsert mod_name@pos 562 563 Insert a module with name mod_name to the stream of the 564 device at position pos. The position is relative to the 565 stream head. Position 0 means directly under stream 566 head. 567 568 Based upon the example in the modlist option, use the 569 following command to insert a module with name ipqos 570 under the ip module and above the firewall module: 571 572 example% ifconfig eri0 modinsert ipqos@2 573 574 575 A subsequent listing of all the modules in the stream of 576 the device follows: 577 578 example% ifconfig eri0 modlist 579 0 arp 580 1 ip 581 2 ipqos 582 3 firewall 583 4 eri 584 585 586 587 588 589 590 591 592 SunOS 5.11 Last change: 21 Jan 2007 9 593 594 595 596 597 598 599 System Administration Commands ifconfig(1M) 600 601 602 603 modlist 604 605 List all the modules in the stream of the device. 606 607 The following example lists all the modules in the 608 stream of the device: 609 610 example% ifconfig eri0 modlist 611 0 arp 612 1 ip 613 2 firewall 614 4 eri 615 616 617 618 619 modremove mod_name@pos 620 621 Remove a module with name mod_name from the stream of 622 the device at position pos. The position is relative to 623 the stream head. 624 625 Based upon the example in the modinsert option, use the 626 following command to remove the firewall module from the 627 stream after inserting the ipqos module: 628 629 example% ifconfig eri0 modremove firewall@3 630 631 632 A subsequent listing of all the modules in the stream of 633 the device follows: 634 635 example% ifconfig eri0 modlist 636 0 arp 637 1 ip 638 2 ipqos 639 3 eri 640 641 642 Note that the core IP stack modules, for example, ip and 643 tun modules, cannot be removed. 644 645 646 mtu n 647 648 Set the maximum transmission unit of the interface to n. 649 For many types of networks, the mtu has an upper limit, 650 for example, 1500 for Ethernet. This option sets the 651 FIXEDMTU flag on the affected interface. 652 653 654 655 656 657 658 SunOS 5.11 Last change: 21 Jan 2007 10 659 660 661 662 663 664 665 System Administration Commands ifconfig(1M) 666 667 668 669 netmask mask 670 671 For IPv4 only. Specify how much of the address to 672 reserve for subdividing networks into subnetworks. The 673 mask includes the network part of the local address and 674 the subnet part, which is taken from the host field of 675 the address. The mask contains 1's for the bit positions 676 in the 32-bit address which are to be used for the net- 677 work and subnet parts, and 0's for the host part. The 678 mask should contain at least the standard network por- 679 tion, and the subnet field should be contiguous with the 680 network portion. The mask can be specified in one of 681 four ways: 682 683 1. with a single hexadecimal number with a leading 684 0x, 685 686 2. with a dot-notation address, 687 688 3. with a "+" (plus sign) address, or 689 690 4. with a pseudo host name/pseudo network name 691 found in the network database networks(4). 692 If a "+" (plus sign) is given for the netmask value, the 693 mask is looked up in the netmasks(4) database. This 694 lookup finds the longest matching netmask in the data- 695 base by starting with the interface's IPv4 address as 696 the key and iteratively masking off more and more low 697 order bits of the address. This iterative lookup ensures 698 that the netmasks(4) database can be used to specify the 699 netmasks when variable length subnetmasks are used 700 within a network number. 701 702 If a pseudo host name/pseudo network name is supplied as 703 the netmask value, netmask data may be located in the 704 hosts or networks database. Names are looked up by first 705 using gethostbyname(3NSL). If not found there, the names 706 are looked up in getnetbyname(3SOCKET). These interfaces 707 may in turn use nsswitch.conf(4) to determine what data 708 store(s) to use to fetch the actual value. 709 710 For both inet and inet6, the same information conveyed 711 by mask can be specified as a prefix_length attached to 712 the address parameter. 713 714 715 nud 716 717 Enables the neighbor unreachability detection mechanism 718 on a point-to-point physical interface. 719 720 721 722 723 724 SunOS 5.11 Last change: 21 Jan 2007 11 725 726 727 728 729 730 731 System Administration Commands ifconfig(1M) 732 733 734 735 -nud 736 737 Disables the neighbor unreachability detection mechanism 738 on a point-to-point physical interface. 739 740 741 plumb 742 743 For a physical IP interface, open the datalink 744 associated with the physical interface name and set up 745 the plumbing needed for IP to use the datalink. When 746 used with a logical interface name, this command is used 747 to create a specific named logical interface on an 748 existing physical IP interface. 749 750 An interface must be separately plumbed for IPv4 and 751 IPv6 according to the *address_family* parameter (IPv4 752 if unspecified). Before an interface has been plumbed, 753 it will not be shown by *ifconfig -a*. 754 755 Note that IPMP IP interfaces are not tied to a specific 756 datalink and are instead created with the *ipmp* 757 subcommand. 758 759 private 760 761 Tells the in.routed routing daemon that a specified log- 762 ical interface should not be advertised. 763 764 765 -private 766 767 Specify unadvertised interfaces. 768 769 770 removeif address 771 772 Remove the logical interface on the physical interface 773 specified that matches the address specified. 774 775 router 776 777 Enable IP forwarding on the interface. When enabled, the 778 interface is marked *ROUTER*, and IP packets can be for- 779 warded to and from the interface. Enabling *ROUTER* on 780 any IP interface in an IPMP group applies the flag to 781 all IP interfaces in that IPMP group. 782 783 784 -router 785 786 Disable IP forwarding on the interface. IP packets are 787 not forwarded to and from the interface. Disabling 788 *ROUTER* on any IP interface in an IPMP group disables 789 it on all IP interfaces in that IPMP group. 790 791 792 793 SunOS 5.11 Last change: 21 Jan 2007 12 794 795 796 797 798 799 800 System Administration Commands ifconfig(1M) 801 802 803 804 set 805 806 Set the address, prefix_length or both, for a logical 807 interface. 808 809 810 standby 811 812 Mark the physical IP interface as a *STANDBY* interface. 813 If an interface is marked *STANDBY* and is part of an 814 IPMP group, the interface will not be used for data 815 traffic unless another interface in the IPMP group 816 becomes unusable. When a *STANDBY* interface is 817 functional but not being used for data traffic, it will 818 also be marked *INACTIVE*. This operation is not 819 permitted on an IPMP IP interface. 820 821 822 -standby 823 824 Clear *STANDBY* on this interface. This is the default. 825 826 827 subnet 828 829 Set the subnet address for an interface. 830 831 832 tdst tunnel_dest_address 833 834 Set the destination address of a tunnel. The address 835 should not be the same as the dest_address of the tun- 836 nel, because no packets leave the system over such a 837 tunnel. 838 839 840 thoplimit n 841 842 Set the hop limit for a tunnel interface. The hop limit 843 value is used as the TTL in the IPv4 header for the 844 IPv6-in-IPv4 and IPv4-in-IPv4 tunnels. For IPv6-in-IPv6 845 and IPv4-in-IPv6 tunnels, the hop limit value is used as 846 the hop limit in the IPv6 header. 847 848 849 token address/prefix_length 850 851 852 853 854 SunOS 5.11 Last change: 21 Jan 2007 13 855 856 857 858 859 860 861 System Administration Commands ifconfig(1M) 862 863 864 865 Set the IPv6 token of an interface to be used for 866 address autoconfiguration. 867 868 example% ifconfig eri0 inet6 token ::1/64 869 870 871 872 873 trailers 874 875 This flag previously caused a nonstandard encapsulation 876 of IPv4 packets on certain link levels. Drivers supplied 877 with this release no longer use this flag. It is pro- 878 vided for compatibility, but is ignored. 879 880 881 -trailers 882 883 Disable the use of a "trailer" link level encapsulation. 884 885 886 tsrc tunnel_src_address 887 888 Set the source address of a tunnel. This is the source 889 address on an outer encapsulating IP header. It must be 890 an address of another interface already configured using 891 ifconfig. 892 893 894 unplumb 895 896 For a physical or IPMP interface, remove all associated 897 logical IP interfaces and tear down any plumbing needed 898 for IP to use the interface. For an IPMP IP interface, 899 this command will fail if the group is not empty. For a 900 logical interface, the logical interface is removed. 901 902 An interface must be separately unplumbed for IPv4 and 903 IPv6 according to the *address_family* parameter (IPv4 904 if unspecified). Upon success, the interface name will 905 no longer appear in the output of *ifconfig -a*. 906 907 908 up 909 910 Mark a logical interface *UP*. As a result, the IP 911 module will accept packets destined to the associated 912 address (unless the address is zero), along with any 913 associated multicast and broadcast IP addresses. 914 Similarly, the IP module will allow packets to be sent 915 with the associated address as a source address. 916 917 918 usesrc [ name | none ] 919 920 Specify a physical interface to be used for source 921 address selection. If the keyword none is used, then any 922 previous selection is cleared. 923 924 925 926 SunOS 5.11 Last change: 21 Jan 2007 14 927 928 929 930 931 932 933 System Administration Commands ifconfig(1M) 934 935 936 937 When an application does not choose a non-zero source 938 address using bind(3SOCKET), the system will select an 939 appropriate source address based on the outbound inter- 940 face and the address selection rules (see 941 ipaddrsel(1M)). 942 943 When usesrc is specified and the specified interface is 944 selected in the forwarding table for output, the system 945 looks first to the specified physical interface and its 946 associated logical interfaces when selecting a source 947 address. If no usable address is listed in the forward- 948 ing table, the ordinary selection rules apply. For exam- 949 ple, if you enter: 950 951 # ifconfig eri0 usesrc vni0 952 953 954 ...and vni0 has address 10.0.0.1 assigned to it, the 955 system will prefer 10.0.0.1 as the source address for 956 any packets originated by local connections that are 957 sent through eri0. Further examples are provided in the 958 EXAMPLES section. 959 960 While you can specify any physical interface (or even 961 loopback), be aware that you can also specify the vir- 962 tual IP interface (see vni(7D)). The virtual IP inter- 963 face is not associated with any physical hardware and is 964 thus immune to hardware failures. You can specify any 965 number of physical interfaces to use the source address 966 hosted on a single virtual interface. This simplifies 967 the configuration of routing-based multipathing. If one 968 of the physical interfaces were to fail, communication 969 would continue through one of the remaining, functioning 970 physical interfaces. This scenario assumes that the 971 reachability of the address hosted on the virtual inter- 972 face is advertised in some manner, for example, through 973 a routing protocol. 974 975 Because the ifconfig preferred option is applied to all 976 interfaces, it is coarser-grained than the usesrc 977 option. It will be overridden by usesrc and setsrc 978 (route subcommand), in that order. 979 980 The use of the usesrc option is mutually exclusive of 981 the IPMP *group* and *standby* subcommands. That is, if 982 an interface is already part of a IPMP group or 983 specified as a *STANDBY* interface, then it cannot be 984 specified with a usesrc option, and vice-versa. 985 986 987 988 SunOS 5.11 Last change: 21 Jan 2007 15 989 990 991 992 993 994 995 System Administration Commands ifconfig(1M) 996 997 998 999 xmit 1000 1001 Enable a logical interface to transmit packets. This is 1002 the default behavior when the logical interface is up. 1003 1004 1005 -xmit 1006 1007 Disable transmission of packets on an interface. The 1008 interface will continue to receive packets. 1009 1010 1011 zone zonename 1012 1013 Place the logical interface in zone zonename. The named 1014 zone must be active in the kernel in the ready or run- 1015 ning state. The interface is unplumbed when the zone is 1016 halted or rebooted. The zone must be configure to be an 1017 shared-IP zone. zonecfg(1M) is used to assign network 1018 interface names to exclusive-IP zones. 1019 1020 1021 -zone 1022 1023 Place IP interface in the global zone. This is the 1024 default. 1025 1026 1027 OPERANDS 1028 The interface operand, as well as address parameters that 1029 affect it, are described below. 1030 1031 interface 1032 1033 A string of one of the following forms: 1034 1035 o name physical-unit, for example, eri0 or ce1 1036 1037 o name physical-unit:logical-unit, for example, 1038 eri0:1 1039 1040 o ip.tunN or ip6.tunN, for tunnels 1041 If the interface name starts with a dash (-), it is 1042 interpreted as a set of options which specify a set of 1043 interfaces. In such a case, -a must be part of the 1044 options and any of the additional options below can be 1045 added in any order. If one of these interface names is 1046 given, the commands following it are applied to all of 1047 the interfaces that match. 1048 1049 -a 1050 1051 1052 1053 1054 SunOS 5.11 Last change: 21 Jan 2007 16 1055 1056 1057 1058 1059 1060 1061 System Administration Commands ifconfig(1M) 1062 1063 1064 1065 Apply the command to all interfaces of the specified 1066 address family. If no address family is supplied, 1067 either on the command line or by means of 1068 /etc/default/inet_type, then all address families 1069 will be selected. 1070 1071 1072 -d 1073 1074 Apply the commands to all "down" interfaces in the 1075 system. 1076 1077 1078 -D 1079 1080 Apply the commands to all interfaces not under DHCP 1081 (Dynamic Host Configuration Protocol) control. 1082 1083 1084 -u 1085 1086 Apply the commands to all "up" interfaces in the 1087 system. 1088 1089 1090 -Z 1091 1092 Apply the commands to all interfaces in the user's 1093 zone. 1094 1095 1096 -4 1097 1098 Apply the commands to all IPv4 interfaces. 1099 1100 1101 -6 1102 1103 Apply the commands to all IPv6 interfaces. 1104 1105 1106 1107 address_family 1108 1109 The address family is specified by the address_family 1110 parameter. The ifconfig command currently supports the 1111 following families: inet and inet6. If no address family 1112 is specified, the default is inet. 1113 1114 ifconfig honors the DEFAULT_IP setting in the 1115 /etc/default/inet_type file when it displays interface 1116 information . If DEFAULT_IP is set to IP_VERSION4, then 1117 1118 1119 1120 SunOS 5.11 Last change: 21 Jan 2007 17 1121 1122 1123 1124 1125 1126 1127 System Administration Commands ifconfig(1M) 1128 1129 1130 1131 ifconfig will omit information that relates to IPv6 1132 interfaces. However, when you explicitly specify an 1133 address family (inet or inet6) on the ifconfig command 1134 line, the command line overrides the DEFAULT_IP set- 1135 tings. 1136 1137 1138 address 1139 1140 For the IPv4 family (inet), the address is either a host 1141 name present in the host name data base (see hosts(4)) 1142 or in the Network Information Service (NIS) map hosts, 1143 or an IPv4 address expressed in the Internet standard 1144 "dot notation". 1145 1146 For the IPv6 family (inet6), the address is either a 1147 host name present in the host name data base (see 1148 hosts(4)) or in the Network Information Service (NIS) 1149 map ipnode, or an IPv6 address expressed in the Internet 1150 standard colon-separated hexadecimal format represented 1151 as x:x:x:x:x:x:x:x where x is a hexadecimal number 1152 between 0 and FFFF. 1153 1154 1155 prefix_length 1156 1157 For the IPv4 and IPv6 families (inet and inet6), the 1158 prefix_length is a number between 0 and the number of 1159 bits in the address. For inet, the number of bits in the 1160 address is 32; for inet6, the number of bits in the 1161 address is 128. The prefix_length denotes the number of 1162 leading set bits in the netmask. 1163 1164 1165 dest_address 1166 1167 If the dest_address parameter is supplied in addition to 1168 the address parameter, it specifies the address of the 1169 correspondent on the other end of a point-to-point link. 1170 1171 1172 tunnel_dest_address 1173 1174 An address that is or will be reachable through an 1175 interface other than the tunnel being configured. This 1176 tells the tunnel where to send the tunneled packets. 1177 This address must not be the same as the interface des- 1178 tination address being configured. 1179 1180 1181 tunnel_src_address 1182 1183 1184 1185 1186 SunOS 5.11 Last change: 21 Jan 2007 18 1187 1188 1189 1190 1191 1192 1193 System Administration Commands ifconfig(1M) 1194 1195 1196 1197 An address that is attached to an already configured 1198 interface that has been configured "up" with ifconfig. 1199 1200 1201 INTERFACE FLAGS 1202 The ifconfig command supports the following interface flags. 1203 The term "address" in this context refers to a logical 1204 interface, for example, eri0:0, while "interface " refers to 1205 the physical interface, for example, eri0. 1206 1207 ADDRCONF 1208 1209 The address is from stateless addrconf. The stateless 1210 mechanism allows a host to generate its own address 1211 using a combination of information advertised by routers 1212 and locally available information. Routers advertise 1213 prefixes that identify the subnet associated with the 1214 link, while the host generates an "interface identifier" 1215 that uniquely identifies an interface in a subnet. In 1216 the absence of information from routers, a host can gen- 1217 erate link-local addresses. This flag is specific to 1218 IPv6. 1219 1220 1221 ANYCAST 1222 1223 Indicates an anycast address. An anycast address identi- 1224 fies the nearest member of a group of systems that pro- 1225 vides a particular type of service. An anycast address 1226 is assigned to a group of systems. Packets are delivered 1227 to the nearest group member identified by the anycast 1228 address instead of being delivered to all members of the 1229 group. 1230 1231 1232 BROADCAST 1233 1234 This broadcast address is valid. This flag and POINTTO- 1235 POINT are mutually exclusive 1236 1237 1238 CoS 1239 1240 This interface supports some form of Class of Service 1241 (CoS) marking. An example is the 802.1D user priority 1242 marking supported on VLAN interfaces. For IPMP IP 1243 interfaces, this will only be set if all interfaces in 1244 the group have CoS set. 1245 1246 1247 DEPRECATED 1248 1249 This address is deprecated. This address will not be 1250 used as a source address for outbound packets unless 1251 there are no other addresses on this interface or an 1252 application has explicitly bound to this address. An 1253 IPv6 deprecated address is part of the standard 1254 mechanism for renumbering in IPv6 and will eventually be 1255 deleted when not used. For both IPv4 and IPv6, 1256 *DEPRECATED* is also set on all *NOFAILOVER* addresses, 1257 though this may change in a future release. 1258 1259 DHCPRUNNING 1260 1261 The logical interface is managed by *dhcpagent(1M)*. 1262 1263 1264 DUPLICATE 1265 1266 The logical interface has been disabled because the IP 1267 address configured on the interface is a duplicate. Some 1268 other node on the network is using this address. If the 1269 address was configured by DHCP or is temporary, the sys- 1270 tem will choose another automatically, if possible. Oth- 1271 erwise, the system will attempt to recover this address 1272 periodically and the interface will recover when the 1273 conflict has been removed from the network. Changing the 1274 address or netmask, or setting the logical interface to 1275 up will restart duplicate detection. Setting the inter- 1276 face to down terminates recovery and removes the DUPLI- 1277 CATE flag. 1278 1279 1280 FAILED 1281 1282 The *in.mpathd* daemon has determined that the interface 1283 has failed. *FAILED* interfaces will not be used to 1284 send or receive IP data traffic. If this is set on a 1285 physical IP interface in an IPMP group, IP data traffic 1286 will continue to flow over other usable IP interfaces in 1287 the IPMP group. If this is set on an IPMP IP interface, 1288 the entire group has failed and no data traffic can be 1289 sent or received over any interfaces in that group. 1290 1291 1292 FIXEDMTU 1293 1294 The MTU has been set using the -mtu option. This flag is 1295 read-only. Interfaces that have this flag set have a 1296 fixed MTU value that is unaffected by dynamic MTU 1297 changes that can occur when drivers notify IP of link 1298 MTU changes. 1299 1300 1301 INACTIVE 1302 1303 The physical interface is functioning but is not used to 1304 send or receive data traffic according to administrative 1305 policy. This flag is initially set by the *standby* 1306 subcommand and is subsequently controlled by 1307 *in.mpathd*. It also set when *FAILBACK=no* mode is 1308 enabled (see *in.mpathd(1M)*) to indicate that the IP 1309 interface has repaired but is not being used. 1310 1311 1312 IPMP 1313 1314 Indicates that this is an IPMP IP interface. 1315 1316 1317 LOOPBACK 1318 1319 Indicates that this is the loopback interface. 1320 1321 1322 MULTI_BCAST 1323 1324 Indicates that the broadcast address is used for multi- 1325 cast on this interface. 1326 1327 1328 MULTICAST 1329 1330 The interface supports multicast. IP assumes that any 1331 interface that supports hardware broadcast, or that is a 1332 point-to-point link, will support multicast. 1333 1334 1335 NOARP 1336 1337 There is no address resolution protocol (ARP) for this 1338 interface that corresponds to all interfaces for a dev- 1339 ice without a broadcast address. This flag is specific 1340 to IPv4. 1341 1342 1343 NOFAILOVER 1344 1345 The address associated with this logical interface is 1346 available to *in.mpathd* for probe-based failure 1347 detection of the associated physical IP interface. 1348 1349 1350 NOLOCAL 1351 1352 The interface has no address , just an on-link subnet. 1353 1354 1355 1356 1357 1358 1359 SunOS 5.11 Last change: 21 Jan 2007 21 1360 1361 1362 1363 1364 1365 1366 System Administration Commands ifconfig(1M) 1367 1368 1369 1370 NONUD 1371 1372 NUD is disabled on this interface. NUD (neighbor 1373 unreachability detection) is used by a node to track the 1374 reachability state of its neighbors, to which the node 1375 actively sends packets, and to perform any recovery if a 1376 neighbor is detected to be unreachable. This flag is 1377 specific to IPv6. 1378 1379 1380 NORTEXCH 1381 1382 The interface does not exchange routing information. For 1383 RIP-2, routing packets are not sent over this interface. 1384 Additionally, messages that appear to come over this 1385 interface receive no response. The subnet or address of 1386 this interface is not included in advertisements over 1387 other interfaces to other routers. 1388 1389 1390 NOXMIT 1391 1392 Indicates that the address does not transmit packets. 1393 RIP-2 also does not advertise this address. 1394 1395 1396 OFFLINE 1397 1398 The interface is offline and thus cannot send or receive 1399 IP data traffic. This is only set on IP interfaces in 1400 an IPMP group. See *if_mpadm(1M)* and *cfgadm(1M)*. 1401 1402 1403 POINTOPOINT 1404 1405 Indicates that the address is a point-to-point link. 1406 This flag and BROADCAST are mutually exclusive 1407 1408 1409 PREFERRED 1410 1411 This address is a preferred IPv6 source address. This 1412 address will be used as a source address for IPv6 com- 1413 munication with all IPv6 destinations, unless another 1414 address on the system is of more appropriate scope. The 1415 DEPRECATED flag takes precedence over the PREFERRED 1416 flag. 1417 1418 1419 1420 1421 1422 1423 SunOS 5.11 Last change: 21 Jan 2007 22 1424 1425 1426 1427 1428 1429 1430 System Administration Commands ifconfig(1M) 1431 1432 1433 1434 PRIVATE 1435 1436 Indicates that this address is not advertised. For RIP- 1437 2, this interface is used to send advertisements. How- 1438 ever, neither the subnet nor this address are included 1439 in advertisements to other routers. 1440 1441 1442 ROUTER 1443 1444 Indicates that IP packets can be forwarded to and from 1445 the interface. 1446 1447 1448 RUNNING 1449 1450 Indicates that the required resources for an i nterface 1451 are allocated. For some interfaces this also indicates 1452 that the link is up. For IPMP IP interfaces, *RUNNING* 1453 is set as long as one IP interface in the group is 1454 active. 1455 1456 1457 STANDBY 1458 1459 Indicates that this physical interface will not be used 1460 for data traffic unless another interface in the IPMP 1461 group becomes unusable. The *INACTIVE* and *FAILED* 1462 flags indicate whether it is actively being used. 1463 1464 1465 TEMPORARY 1466 1467 Indicates that this is a temporary IPv6 address as 1468 defined in RFC 3041. 1469 1470 1471 UNNUMBERED 1472 1473 This flag is set when the local IP address on the link 1474 matches the local address of some other link in the sys- 1475 tem 1476 1477 1478 UP 1479 1480 Indicates that the logical interface (and the associated 1481 physical interface) is up. The IP module will accept 1482 packets destined to UP addresses (unless the address is 1483 zero), along with any associated multicast and broadcast 1484 IP addresses. Similarly, the IP module will allow 1485 packets to be sent with an UP address as a source 1486 address. 1487 1488 1489 SunOS 5.11 Last change: 21 Jan 2007 23 1490 1491 1492 1493 1494 1495 1496 System Administration Commands ifconfig(1M) 1497 1498 1499 1500 VIRTUAL 1501 1502 Indicates that the physical interface has no underlying 1503 hardware. It is not possible to transmit or receive 1504 packets through a virtual interface. These interfaces 1505 are useful for configuring local addresses that can be 1506 used on multiple interfaces. (See also the *usesrc* 1507 option.) 1508 1509 1510 XRESOLV 1511 1512 Indicates that the interface uses an IPv6 external 1513 resolver. 1514 1515 1516 LOGICAL INTERFACES 1517 Solaris TCP/IP allows multiple logical interfaces to be 1518 associated with a physical network interface. This allows a 1519 single machine to be assigned multiple IP addresses, even 1520 though it may have only one network interface. Physical net- 1521 work interfaces have names of the form driver-name 1522 physical-unit-number, while logical interfaces have names of 1523 the form driver-name physical-unit-number:logical-unit- 1524 number. A physical interface is configured into the system 1525 using the plumb command. For example: 1526 1527 example% ifconfig eri0 plumb 1528 1529 1530 1531 1532 Once a physical interface has been "plumbed", logical inter- 1533 faces associated with the physical interface can be config- 1534 ured by separate -plumb or -addif options to the ifconfig 1535 command. 1536 1537 example% ifconfig eri0:1 plumb 1538 1539 1540 1541 1542 allocates a specific logical interface associated with the 1543 physical interface eri0. The command 1544 1545 example% ifconfig eri0 addif 192.168.200.1/24 up 1546 1547 1548 1549 1550 allocates the next available logical unit number on the eri0 1551 physical interface and assigns an address and prefix_length. 1552 1553 1554 1555 SunOS 5.11 Last change: 21 Jan 2007 24 1556 1557 1558 1559 1560 1561 1562 System Administration Commands ifconfig(1M) 1563 1564 1565 1566 A logical interface can be configured with parameters ( 1567 address,prefix_length, and so on) different from the physi- 1568 cal interface with which it is associated. Logical inter- 1569 faces that are associated with the same physical interface 1570 can be given different parameters as well. Each logical 1571 interface must be associated with an existing and "up" phy- 1572 sical interface. So, for example, the logical interface 1573 eri0:1 can only be configured after the physical interface 1574 eri0 has been plumbed. 1575 1576 1577 To delete a logical interface, use the *unplumb* or 1578 *removeif* options. For example, 1579 1580 example% ifconfig eri0:1 down unplumb 1581 1582 will delete the logical interface *eri0:1*. 1583 1584 IP MULTIPATHING GROUPS 1585 1586 Physical interfaces that share the same IP broadcast domain 1587 _must_ be collected into a single IP Multipathing (IPMP) 1588 group using the *group* subcommand. Each IPMP group has an 1589 associated IPMP IP interface, which can either be explicitly 1590 created (the preferred method) by using the *ipmp* 1591 subcommand or implicitly created by *ifconfig* in response 1592 to placing an IP interface into a new IPMP group. 1593 Implicitly-created IPMP interfaces will be named ipmp_N_ 1594 where _N_ is the lowest integer that doesn't conflict with 1595 an existing IP interface name or IPMP group name. 1596 1597 Each IPMP IP interface is created with a matching IPMP group 1598 name, though it can be changed using the *group* subcommand. 1599 Each IPMP IP interface hosts a set of highly-available IP 1600 addresses. These addresses will remain reachable so long as 1601 at least one interface in the group is active, where 1602 "active" is defined as having at least one UP address and 1603 having *INACTIVE*, *FAILED*, and *OFFLINE* clear. IP 1604 addresses hosted on the IPMP IP interface may either be 1605 configured statically or configured through DHCP via the 1606 *dhcp* subcommand. 1607 1608 Interfaces assigned to the same IPMP group are treated as 1609 equivalent and monitored for failure by *in.mpathd*. 1610 Provided that active interfaces in the group remain, IP 1611 interface failures (and any subsequent repairs) are handled 1612 transparently to sockets-based applications. IPMP is also 1613 integrated with the Dynamic Reconfiguration framework (see 1614 *cfgadm(1M)*), which enables network adapters to be replaced 1615 transparently to sockets-based applications. 1616 1617 The IP module automatically load-spreads all outbound 1618 traffic across all active interfaces in an IPMP group. 1619 Similarly, all *UP* addresses hosted on the IPMP IP 1620 interface and will be distributed across the active 1621 interfaces to promote inbound load-spreading. The 1622 *ipmpstat(1M)* utility allows many aspects of the IPMP 1623 subsystem to be observed, including the current binding of 1624 IP data addresses to IP interfaces. 1625 1626 When an interface is placed into an IPMP group, any *UP* 1627 logical interfaces are "migrated" to the IPMP IP interface 1628 for use by the group, unless: 1629 1630 * The logical interface is marked *NOFAILOVER* 1631 * The logical interface hosts an IPv6 link-local address. 1632 * The logical interface hosts an IPv4 0.0.0.0 address. 1633 1634 Likewise, once an interface is in a group, if changes are 1635 made to a logical interface such that it is *UP* and not 1636 exempted by one of the conditions above, it will also 1637 migrate to the associated IPMP IP interface. Logical 1638 interfaces never migrate back, even if the physical 1639 interface that contributed the address is removed from the 1640 group. 1641 1642 Each interface placed into an IPMP group may be optionally 1643 configured with a "test" address that *in.mpathd* will use 1644 for probe-based failure detection; see *in.mpathd(1M)*. 1645 These addresses must be marked *NOFAILOVER* (using the 1646 *-failover* subcommand) prior to being marked *UP*. Test 1647 addresses may also be acquired through DHCP via the *dhcp* 1648 subcommand. 1649 1650 For more background on IPMP, please see the "IPMP 1651 Administrative Overview" and "IPMP Configuration Tasks" 1652 chapters of the administrator documentation. 1653 1654 1655 CONFIGURING IPV6 INTERFACES 1656 When an IPv6 physical interface is plumbed and configured 1657 "up" with ifconfig, it is automatically assigned an IPv6 1658 link-local address for which the last 64 bits are calculated 1659 from the MAC address of the interface. 1660 1661 example% ifconfig eri0 inet6 plumb up 1662 1663 1664 1665 1666 The following example shows that the link-local address has 1667 a prefix of fe80::/10. 1668 1669 example% ifconfig eri0 inet6 1670 ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> 1671 1672 1673 1674 SunOS 5.11 Last change: 21 Jan 2007 25 1675 1676 1677 1678 1679 1680 1681 System Administration Commands ifconfig(1M) 1682 1683 1684 1685 mtu 1500 index 2 1686 inet6 fe80::a00:20ff:fe8e:f3ad/10 1687 1688 1689 1690 1691 Link-local addresses are only used for communication on the 1692 local subnet and are not visible to other subnets. 1693 1694 1695 If an advertising IPv6 router exists on the link advertising 1696 prefixes, then the newly plumbed IPv6 interface will auto- 1697 configure logical interface(s) depending on the prefix 1698 advertisements. For example, for the prefix advertisement 1699 2001:0db8:3c4d:0:55::/64, the autoconfigured interface will 1700 look like: 1701 1702 eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> 1703 mtu 1500 index 2 1704 inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 1705 1706 1707 1708 1709 Even if there are no prefix advertisements on the link, you 1710 can still assign global addresses manually, for example: 1711 1712 example% ifconfig eri0 inet6 addif \ 1713 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up 1714 1715 1716 1717 1718 To configure boot-time defaults for the interface eri0, 1719 place the following entry in the /etc/hostname6.eri0 file: 1720 1721 addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up 1722 1723 1724 Configuring IPv6/IPv4 tunnels 1725 An IPv6 over IPv4 tunnel interface can send and receive IPv6 1726 packets encapsulated in an IPv4 packet. Create tunnels at 1727 both ends pointing to each other. IPv6 over IPv4 tunnels 1728 require the tunnel source and tunnel destination IPv4 and 1729 IPv6 addresses. Solaris 8 supports both automatic and con- 1730 figured tunnels. For automatic tunnels, an IPv4-compatible 1731 IPv6 address is used. The following demonstrates auto-tunnel 1732 configuration: 1733 1734 example% ifconfig ip.atun0 inet6 plumb 1735 example% ifconfig ip.atun0 inet6 tsrc IPv4-address \ 1736 ::IPv4 address/96 up 1737 1738 1739 1740 SunOS 5.11 Last change: 21 Jan 2007 26 1741 1742 1743 1744 1745 1746 1747 System Administration Commands ifconfig(1M) 1748 1749 1750 1751 where IPv4-address is the IPv4 address of the interface 1752 through which the tunnel traffic will flow, and IPv4- 1753 address, ::<IPv4-address>, is the corresponding IPv4- 1754 compatible IPv6 address. 1755 1756 1757 The following is an example of a configured tunnel: 1758 1759 example% ifconfig ip.tun0 inet6 plumb tsrc my-ipv4-address \ 1760 tdst peer-ipv4-address up 1761 1762 1763 1764 1765 This creates a configured tunnel between my-ipv4-address and 1766 peer-ipv4-address with corresponding link-local addresses. 1767 For tunnels with global or site-local addresses, the logical 1768 tunnel interfaces need to be configured in the following 1769 form: 1770 1771 example% ifconfig ip.tun0 inet6 addif my-v6-address peer-v6-address up 1772 1773 1774 1775 1776 For example, 1777 1778 example% ifconfig ip.tun0 inet6 plumb tsrc 109.146.85.57 \ 1779 tdst 109.146.85.212 up 1780 example% ifconfig ip.tun0 inet6 addif 2::45 2::46 up 1781 1782 1783 1784 1785 To show all IPv6 interfaces that are up and configured: 1786 1787 example% ifconfig -au6 1788 ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> 1789 mtu 1480 index 3 1790 inet tunnel src 109.146.85.57 tunnel dst 109.146.85.212 1791 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1' 1792 tunnel hop limit 60 1793 inet6 fe80::6d92:5539/10 --> fe80::6d92:55d4 1794 ip.tun0:1: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> 1795 mtu 1480 index 3 1796 inet6 2::45/128 --> 2::46 1797 1798 1799 1800 1801 In the output above, note the line that begins with "tunnel 1802 security settings". The content of this line varies 1803 1804 1805 1806 SunOS 5.11 Last change: 21 Jan 2007 27 1807 1808 1809 1810 1811 1812 1813 System Administration Commands ifconfig(1M) 1814 1815 1816 1817 according to whether and how you have set your security set- 1818 tings. See "Display of Tunnel Security Settings," below. 1819 1820 Configuring IPv4/IPv6 Tunnels 1821 An IPv4 over IPv6 tunnel interface can send and receive IPv4 1822 packets encapsulated in an IPv6 packet. Create tunnels at 1823 both ends pointing to each other. IPv4 over IPv6 tunnels 1824 require the tunnel source and tunnel destination IPv6 and 1825 IPv4 addresses. The following demonstrates auto-tunnel con- 1826 figuration: 1827 1828 example% ifconfig ip6.tun0 inet plumb tsrc my-ipv6-address \ 1829 tdst peer-ipv6-address my-ipv4-address \ 1830 peer-ipv4-address up 1831 1832 1833 1834 1835 This creates a configured tunnel between my-ipv6-address and 1836 peer-ipv6-address with my-ipv4-address and peer-ipv4-address 1837 as the endpoints of the point-to-point interface, for exam- 1838 ple: 1839 1840 example% ifconfig ip6.tun0 inet plumb tsrc fe80::1 tdst fe80::2 \ 1841 10.0.0.208 10.0.0.210 up 1842 1843 1844 1845 1846 To show all IPv4 interfaces that are up and configured: 1847 1848 example% ifconfig -au4 1849 lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 1850 inet 127.0.0.1 netmask ff000000 1851 eri0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 \ 1852 index 2 1853 inet 172.17.128.208 netmask ffffff00 broadcast 172.17.128.255 1854 ip6.tun0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> \ 1855 mtu 1460 1856 index 3 1857 inet6 tunnel src fe80::1 tunnel dst fe80::2 1858 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1' 1859 tunnel hop limit 60 tunnel encapsulation limit 4 1860 inet 10.0.0.208 --> 10.0.0.210 netmask ff000000 1861 1862 1863 1864 1865 In the output above, note the line that begins with "tunnel 1866 security settings". The content of this line varies accord- 1867 ing to whether and how you have set your security settings. 1868 See "Display of Tunnel Security Settings," below. 1869 1870 1871 1872 SunOS 5.11 Last change: 21 Jan 2007 28 1873 1874 1875 1876 1877 1878 1879 System Administration Commands ifconfig(1M) 1880 1881 1882 1883 Display of Tunnel Security Settings 1884 The ifconfig output for tunneled interfaces indicates secu- 1885 rity settings, if present, for a tunnel. The content of the 1886 line showing your settings differs depending on how you have 1887 made your settings: 1888 1889 o If you set your security policy using the ifconfig 1890 -auth_algs, -encr_algs, and -encr_auth_algs options 1891 and do not use ipsecconf(1M), ifconfig displays 1892 your settings for each of these options. 1893 1894 o If you set your security policy using ipsecconf(1M) 1895 with the tunnel keyword (the preferred method), 1896 ifconfig displays: 1897 1898 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1' 1899 1900 1901 ...in effect, hiding your settings from those 1902 without privileges to view them. 1903 1904 If you do net set security policy, using either 1905 ifconfig or ipsecconf, there is no tunnel security 1906 setting displayed. 1907 1908 EXAMPLES 1909 Example 1 Using the ifconfig Command 1910 1911 1912 If your workstation is not attached to an Ethernet, the net- 1913 work interface, for example, eri0, should be marked "down" 1914 as follows: 1915 1916 1917 example% ifconfig eri0 down 1918 1919 1920 1921 Example 2 Printing Addressing Information 1922 1923 1924 To print out the addressing information for each interface, 1925 use the following command: 1926 1927 1928 example% ifconfig -a 1929 1930 1931 1932 Example 3 Resetting the Broadcast Address 1933 1934 1935 1936 1937 1938 SunOS 5.11 Last change: 21 Jan 2007 29 1939 1940 1941 1942 1943 1944 1945 System Administration Commands ifconfig(1M) 1946 1947 1948 1949 To reset each interface's broadcast address after the net- 1950 masks have been correctly set, use the next command: 1951 1952 1953 example% ifconfig -a broadcast + 1954 1955 1956 1957 Example 4 Changing the Ethernet Address 1958 1959 1960 To change the Ethernet address for interface ce0, use the 1961 following command: 1962 1963 1964 example% ifconfig ce0 ether aa:1:2:3:4:5 1965 1966 1967 1968 Example 5 Configuring an IP-in-IP Tunnel 1969 1970 1971 To configure an IP-in-IP tunnel, first plumb it with the 1972 following command: 1973 1974 1975 example% ifconfig ip.tun0 plumb 1976 1977 1978 1979 1980 Then configure it as a point-to-point interface, supplying 1981 the tunnel source and the tunnel destination: 1982 1983 1984 example% ifconfig ip.tun0 myaddr mydestaddr tsrc another_myaddr \ 1985 tdst a_dest_addr up 1986 1987 1988 1989 1990 Use ipsecconf(1M), as described above, to configure tunnel 1991 security properties. 1992 1993 1994 Example 6 Configuring 6to4 Tunnels 1995 1996 1997 To configure 6to4 tunnels, use the following commands: 1998 1999 2000 example% ifconfig ip.6to4tun0 inet6 plumb 2001 2002 2003 2004 SunOS 5.11 Last change: 21 Jan 2007 30 2005 2006 2007 2008 2009 2010 2011 System Administration Commands ifconfig(1M) 2012 2013 2014 2015 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address 6to4-address/64 up 2016 2017 2018 2019 2020 IPv4-address denotes the address of the encapsulating inter- 2021 face. 6to4-address denotes the address of the local IPv6 2022 address of form 2002:IPv4-address:SUBNET-ID:HOSTID. 2023 2024 2025 2026 The long form should be used to resolve any potential con- 2027 flicts that might arise if the system administrator utilizes 2028 an addressing plan where the values for SUBNET-ID or HOSTID 2029 are reserved for something else. 2030 2031 2032 2033 After the interface is plumbed, a 6to4 tunnel can be config- 2034 ured as follows: 2035 2036 2037 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address up 2038 2039 2040 2041 2042 This short form sets the address. It uses the convention: 2043 2044 2045 2002:IPv4-address::1 2046 2047 2048 2049 The SUBNET-ID is 0, and the HOSTID is 1. 2050 2051 2052 Example 7 Configuring IP Forwarding on an Interface 2053 2054 2055 To enable IP forwarding on a single interface, use the fol- 2056 lowing command: 2057 2058 2059 example% ifconfig eri0 router 2060 2061 2062 2063 2064 To disable IP forwarding on a single interface, use the fol- 2065 lowing command: 2066 2067 2068 2069 2070 SunOS 5.11 Last change: 21 Jan 2007 31 2071 2072 2073 2074 2075 2076 2077 System Administration Commands ifconfig(1M) 2078 2079 2080 2081 example% ifconfig eri0 -router 2082 2083 2084 2085 Example 8 Configuring Source Address Selection Using a Vir- 2086 tual Interface 2087 2088 2089 The following command configures source address selection 2090 such that every packet that is locally generated with no 2091 bound source address and going out on qfe2 prefers a source 2092 address hosted on vni0. 2093 2094 2095 example% ifconfig qfe2 usesrc vni0 2096 2097 2098 2099 2100 The ifconfig -a output for the qfe2 and vni0 interfaces 2101 displays as follows: 2102 2103 2104 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 2105 1500 index 4 2106 usesrc vni0 2107 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255 2108 ether 0:3:ba:17:4b:e1 2109 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> 2110 mtu 0 index 5 2111 srcof qfe2 2112 inet 3.4.5.6 netmask ffffffff 2113 2114 2115 2116 Observe, above, the usesrc and srcof keywords in the ifcon- 2117 fig output. These keywords also appear on the logical 2118 instances of the physical interface, even though this is a 2119 per-physical interface parameter. There is no srcof keyword 2120 in ifconfig for configuring interfaces. This information is 2121 determined automatically from the set of interfaces that 2122 have usesrc set on them. 2123 2124 2125 2126 The following command, using the none keyword, undoes the 2127 effect of the preceding *ifconfig* *usesrc* command. 2128 2129 2130 example% ifconfig qfe2 usesrc none 2131 2132 2133 2134 2135 2136 SunOS 5.11 Last change: 21 Jan 2007 32 2137 2138 2139 2140 2141 2142 2143 System Administration Commands ifconfig(1M) 2144 2145 2146 2147 Following this command, ifconfig -a output displays as fol- 2148 lows: 2149 2150 2151 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 2152 1500 index 4 2153 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255 2154 ether 0:3:ba:17:4b:e1 2155 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> 2156 mtu 0 index 5 2157 inet 3.4.5.6 netmask ffffffff 2158 2159 2160 2161 Note the absence of the usesrc and srcof keywords in the 2162 output above. 2163 2164 2165 Example 9 Configuring Source Address Selection for an IPv6 2166 Address 2167 2168 2169 The following command configures source address selection 2170 for an IPv6 address, selecting a source address hosted on 2171 vni0. 2172 2173 2174 example% ifconfig qfe1 inet6 usesrc vni0 2175 2176 2177 2178 2179 Following this command, ifconfig -a output displays as fol- 2180 lows: 2181 2182 2183 qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3 2184 usesrc vni0 2185 inet6 fe80::203:baff:fe17:4be0/10 2186 ether 0:3:ba:17:4b:e0 2187 vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0 2188 index 5 2189 srcof qfe1 2190 inet6 fe80::203:baff:fe17:4444/128 2191 vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0 2192 index 5 2193 srcof qfe1 2194 inet6 fec0::203:baff:fe17:4444/128 2195 vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0 2196 index 5 2197 srcof qfe1 2198 inet6 2000::203:baff:fe17:4444/128 2199 2200 2201 2202 SunOS 5.11 Last change: 21 Jan 2007 33 2203 2204 2205 2206 2207 2208 2209 System Administration Commands ifconfig(1M) 2210 2211 2212 2213 Depending on the scope of the destination of the packet 2214 going out on qfe1, the appropriately scoped source address 2215 is selected from vni0 and its aliases. 2216 2217 2218 Example 10 Using Source Address Selection with Shared-IP 2219 Zones 2220 2221 2222 The following is an example of how the usesrc feature can be 2223 used with the zones(5) facility in Solaris. The following 2224 commands are invoked in the global zone: 2225 2226 2227 example% ifconfig hme0 usesrc vni0 2228 example% ifconfig eri0 usesrc vni0 2229 example% ifconfig qfe0 usesrc vni0 2230 2231 2232 2233 2234 Following the preceding commands, the ifconfig -a output for 2235 the virtual interfaces would display as: 2236 2237 2238 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> 2239 mtu 0 index 23 2240 srcof hme0 eri0 qfe0 2241 inet 10.0.0.1 netmask ffffffff 2242 vni0:1: 2243 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0 2244 index 23 2245 zone test1 2246 srcof hme0 eri0 qfe0 2247 inet 10.0.0.2 netmask ffffffff 2248 vni0:2: 2249 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0 2250 index 23 2251 zone test2 2252 srcof hme0 eri0 qfe0 2253 inet 10.0.0.3 netmask ffffffff 2254 vni0:3: 2255 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0 2256 index 23 2257 zone test3 2258 srcof hme0 eri0 qfe0 2259 inet 10.0.0.4 netmask ffffffff 2260 2261 2262 2263 There is one virtual interface alias per zone (test1, test2, 2264 and test3). A source address from the virtual interface 2265 2266 2267 2268 SunOS 5.11 Last change: 21 Jan 2007 34 2269 2270 2271 2272 2273 2274 2275 System Administration Commands ifconfig(1M) 2276 2277 2278 2279 alias in the same zone is selected. The virtual interface 2280 aliases were created using zonecfg(1M) as follows: 2281 2282 2283 example% zonecfg -z test1 2284 zonecfg:test1> add net 2285 zonecfg:test1:net> set physical=vni0 2286 zonecfg:test1:net> set address=10.0.0.2 2287 2288 2289 2290 2291 The test2 and test3 zone interfaces and addresses are 2292 created in the same way. 2293 2294 2295 Example 11 Turning Off DHCPv6 2296 2297 2298 The following example shows how to disable automatic use of 2299 DHCPv6 on all interfaces, and immediately shut down DHCPv6 2300 on the interface named hme0. See in.ndpd(1M) and 2301 ndpd.conf(4) for more information on the automatic DHCPv6 2302 configuration mechanism. 2303 2304 2305 example% echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf 2306 example% pkill -HUP -x in.ndpd 2307 example% ifconfig hme0 dhcp release 2308 2309 2310 2311 FILES 2312 /etc/netmasks 2313 2314 Netmask data. 2315 2316 2317 /etc/default/inet_type 2318 2319 Default Internet protocol type. 2320 2321 2322 ATTRIBUTES 2323 See attributes(5) for descriptions of the following attri- 2324 butes: 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 SunOS 5.11 Last change: 21 Jan 2007 35 2335 2336 2337 2338 2339 2340 2341 System Administration Commands ifconfig(1M) 2342 2343 2344 2345 _______________________________________________________________________ 2346 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 2347 |_______________________________________|______________________________| 2348 | Availability | SUNWcsu | 2349 |_______________________________________|______________________________| 2350 | Interface Stability for command-line| Committed | 2351 | options | | 2352 |_______________________________________|______________________________| 2353 | Interface Stability for command output| Uncommitted | 2354 |_______________________________________|______________________________| 2355 2356 2357 SEE ALSO 2358 dhcpinfo(1), dhcpagent(1M), in.mpathd(1M), in.ndpd(1M), 2359 in.routed(1M), ipmpstat(1M), ipsecconf(1M), netstat(1M), 2360 zoneadm(1M), zonecfg(1M), ethers(3SOCKET), 2361 gethostbyname(3NSL), getnetbyname(3SOCKET), hosts(4), 2362 inet_type(4), ndpd.conf(4), netmasks(4), networks(4), 2363 nsswitch.conf(4), attributes(5), privileges(5), zones(5), 2364 arp(7P), ipsecah(7P), ipsecesp(7P), tun(7M) 2365 2366 2367 DIAGNOSTICS 2368 ifconfig sends messages that indicate if: 2369 2370 o the specified interface does not exist 2371 2372 o the requested address is unknown 2373 2374 o the user is not privileged and tried to alter an 2375 interface's configuration 2376 2377 NOTES 2378 Do not select the names broadcast, down, private, trailers, 2379 up or other possible option names when you choose host 2380 names. If you choose any one of these names as host names, 2381 it can cause unusual problems that are extremely difficult 2382 to diagnose. 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 SunOS 5.11 Last change: 21 Jan 2007 36 2401 2402 2403 --- EOF ---