Skip Navigation Links | |
Exit Print View | |
man pages section 1M: System Administration Commands Oracle Solaris 11.1 Information Library |
- administer data links
dladm
dladm show-link [-PZ] [-s [-i interval]] [[-p] -o field[,...]] [-z zone[,...]] [link] dladm rename-link [-R root-dir] link new-link
dladm delete-phys phys-link dladm show-phys [-PZ] [-Lm] [[-p] -o field[,...]] [-H] [-z zone[,...]] [-D [dcb-feature]] [phys-link]
dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode] [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link dladm modify-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode] [-T time] [-u address] aggr-link dladm delete-aggr [-t] [-R root-dir] aggr-link dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...] aggr-link dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...] aggr-link dladm show-aggr [-PLxZ] [-s [-i interval]] [[-p] -o field[,...]] [-z zone[,...]] [aggr-link]
dladm create-bridge [-P protect] [-R root-dir] [-p priority] [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol] [-l link...] bridge-name dladm modify-bridge [-P protect] [-R root-dir] [-p priority] [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol] bridge-name dladm delete-bridge [-R root-dir] bridge-name dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...] [bridge-name]
dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link] dladm modify-vlan [-t] [-R root-dir] [-l ether-link] [-v vid [-f]] {vlan-link,[vlan-link,...] | -L ether-link} dladm delete-vlan [-t] [-R root-dir] vlan-link dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [vlan-link]
dladm scan-wifi [[-p] -o field[,...]] [wifi-link] dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c] [-m a | b | g | n ] [-T time] [wifi-link] dladm disconnect-wifi [-a] [wifi-link] dladm show-wifi [-Z] [[-p] -o field[,...]] [-z zone[,...]] [wifi-link]
dladm show-ether [-xZ] [[-p] -o field[,...]] [-z zone[,...]] [-P protocol] [ether-link]
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link dladm show-linkprop [-PZ] [[-c] -o field[,...]] [-p prop[,...]] [-z zone[,...]] [link]
dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj dladm delete-secobj [-t] [-R root-dir] secobj[,...] dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto | {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid} | {random [-r prefix]}] [-v vlan-id] [-p prop=value[,...]] vnic-link dladm modify-vnic [-t] [-R root-dir] [-l link] [-m value | auto | {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid} | {random [-r prefix]}] [-v vlan-id] {vnic-link,[vnic-link,...] | -L link} dladm delete-vnic [-t] [-R root-dir] vnic-link dladm show-vnic [-pPZ] [-s [-i interval]] [-o field[,...]] [-l link] [-z zone[,...]] [vnic-link]
dladm create-etherstub [-t] [-R root-dir] etherstub dladm delete-etherstub [-t] [-R root-dir] etherstub dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]
dladm create-iptun [-t] [-R root-dir] -T type [-a {local|remote}=addr,...] iptun-link dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,... iptun-link dladm delete-iptun [-t] [-R root-dir] iptun-link dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [iptun-link]
dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey [-p prop=value[,...]] part-link dladm delete-part [-t] [-R root-dir] part-link dladm show-part [-pP] [-o field[,...]] [-l ib-link] [part-link]
dladm show-ib [-pP] [-o field[,...]] [ib-link]
dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e time] [link]
dladm help [subcommand-name]
The dladm command is used to administer data-links. A data-link is represented in the system as a STREAMS DLPI (v2) interface which can be plumbed under protocol stacks such as TCP/IP. Each data-link relies on either a single network device or an aggregation of devices to send packets to or receive packets from a network.
Each dladm subcommand operates on one of the following objects:
A datalink, identified by a name. In general, the name can use any alphanumeric characters (or the underscore, _, or the period, .), but must start with an alphabetic character and end with a number. A datalink name can be at most 31 characters, and the ending number must be between 0 and 4294967294 (inclusive). The ending number must not begin with a zero. Datalink names between 3 and 8 characters are recommended.
Some subcommands operate only on certain types or classes of datalinks. For those cases, the following object names are used:
An aggregation datalink (or a key; see NOTES).
A physical Ethernet datalink.
An IP tunnel link.
An InfiniBand (IB) partition data link.
A physical datalink.
A VLAN datalink.
A virtual network interface created on a link or an etherstub. It is a pseudo device that can be treated as if it were an network interface card on a machine.
A WiFi datalink.
A bridge instance, identified by an administratively-chosen name. The name may use any alphanumeric characters or the underscore, _, but must start and end with an alphabetic character. A bridge name can be at most 31 characters. The name default is reserved, as are all names starting with SUNW.
Note that appending a zero (0) to a bridge name produces a valid link name, used for observability.
Also note that the bridge-related subcommands, described with dladm subcommands below, require installation of the pkg://solaris/network/bridging package.
A network device, identified by concatenation of a driver name and an instance number.
An Ethernet stub can be used instead of a physical NIC to create VNICs. VNICs created on an etherstub will appear to be connected through a virtual switch, allowing complete virtual networks to be built without physical hardware.
An IB partition link created on a IB physical link.
A secure object, identified by an administratively-chosen name. The name can use any alphanumeric characters, as well as underscore (_), period (.), and hyphen (-). A secure object name can be at most 32 characters.
dladm is implemented as a set of subcommands with corresponding options. Options are described in the context of each subcommand. Many of the subcommands have the following as a common option:
Specifies an alternate root directory where the operation-such as creation, deletion, or renaming-should apply.
dladm also supports a command form with no arguments. When invoked this way, dladm displays basic configuration information for all datalinks on a system. See EXAMPLES.
The following subcommands are supported:
Show link configuration information either for all datalinks or for the specified link. By default, the system is configured with one datalink for each known network device. The option to print link statistics is moved to dlstat(1M).
A case-insensitive, comma-separated list of output fields to display. When not modified by the -s option (described below), the field name must be one of the fields listed below, or the special value all to display all fields. By default (without -o), show-link displays all fields.
The name of the datalink.
The current zone of the datalink.
The class of the datalink. dladm distinguishes between the following classes:
Link Aggregation either as Datalink Multipathing (dlmp) or IEEE 802.3ad trunk. The show-aggr subcommand displays more details for this class of datalink.
A bridge instance, identified by an administratively-chosen name.
Instance of an etherstub. An Ethernet stub can be used instead of a physical NIC to create VNICs. VNICs created on an etherstub will appear to be connected through a virtual switch, allowing complete virtual networks to be built without physical hardware.
An instance of an IP tunnel link.
An IP-over-IB interface. The show-part subcommand displays more detail for this class of datalink.
A physical datalink. The show-phys subcommand displays more detail for this class of datalink.
A VLAN datalink. The show-vlan subcommand displays more detail for this class of datalink.
A virtual network interface. The show-vnic subcommand displays more detail for this class of datalink.
The maximum transmission unit size for the datalink being displayed.
The link state of the datalink. The state can be up, down, or unknown.
The name of the bridge to which this link is assigned, if any.
The physical datalink(s) over which the datalink is operating. This applies to aggr, bridge, and vlan and part partition classes of datalinks. A VLAN or IB partition is created over a single physical datalink, a bridge has multiple attached links, and an aggregation is comprised of one or more physical datalinks.
When the -o option is used in conjunction with the -s option, used to display link statistics, the field name must be one of the fields listed below, or the special value all to display all fields
The name of the datalink.
Number of packets received on this link.
Number of bytes received on this link.
Number of input errors.
Number of packets sent on this link.
Number of bytes sent on this link.
Number of output errors.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display the persistent link configuration.
Display link statistics. This option is made obsolete by dlstat(1M).
Used with the -s option to specify an interval, in seconds, at which statistics should be displayed. This option is made obsolete by dlstat(1M).
Display ZONE column in the output.
Display links from the specified zones. By default, dladm displays links in all the zones when it is run from the global zone. The links in other zones are displayed with the corresponding zonename as its prefix, followed by the slash (/) separator. For example, zone1/net0
When run from a non-global zone, this subcommand displays only links from that zone. A non-global zone cannot see links in other zones.
Rename link to new-link. This is used to give a link a meaningful name, or to associate existing link configuration such as link properties of a removed device with a new device. See the EXAMPLES section for specific examples of how this subcommand is used.
See “Options,” above.
This command is used to delete the persistent configuration of a link associated with physical hardware which has been removed from the system. See the EXAMPLES section.
Show the physical device and attributes of all physical links, or of the named physical link. Without -P, only physical links that are available on the running system are displayed.
Show DCB (Data Center Bridging)-related configuration information on the phys-link. Supported dcb-features include ets (Enhanced Transmission Selection, IEEE 802.1Qaz) and pfc (Priority-based Flow Control, IEEE 802.1Qbb). Output from -D ets displays the following elements for ETS:
A physical device corresponding to a NIC driver.
802.1p priority value.
The configured ETS BW as a percentage for the CoS (802.1p priority) value.
The effective ETS BW as a percentage for the CoS (802.1p priority) value.
MAC clients that are using the CoS value.
Output from -D pfc displays the LINK, COS, and CLIENTS fields, just the same as the -D ets output. In addition, -D pfc displays the following elements specifically for PFC:
If the configured PFC is enabled for the CoS (802.1p priority) value.
If the effective PFC is enabled for the CoS (802.1p priority) value.
Show hardware resource usage, as returned by the NIC driver. Output from -H displays the following elements:
A physical device corresponding to a NIC driver.
The type of the ring, either RX or TX.
The ring index. A ring is an hardware resource, which typically maps to a DMA channel, that can be programmed for specific use. For example, an RX ring can be programmed to receive only packets belonging to a specific MAC address.
MAC clients that are using the rings.
Display location information for the physical devices/links. Output is in location order—that is, onboard devices before expansion slots—and location information (for example, PCIexp Slot 2, MB) is supplied where available. Output from -L supports the following elements:
A physical device corresponding to a NIC driver.
The name of the physical device under this link.
Physical location description string (where available).
Display the list of factory MAC addresses, their slot identifiers, and their availability.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each link, the following fields can be displayed:
The name of the datalink.
The media type provided by the physical datalink.
The state of the link. This can be up, down, or unknown.
The current speed of the link, in megabits per second.
For Ethernet links, the full/half duplex status of the link is displayed if the link state is up. The duplex is displayed as unknown in all other cases.
The name of the physical device under this link.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
This option displays persistent configuration for all links, including those that have been removed from the system. The output provides a FLAGS column in which the r flag indicates that the physical device associated with a physical link has been removed. For such links, delete-phys can be used to purge the link's configuration from the system.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
By default, Solaris assigns link names with the prefix of net. Before installing Solaris, you can change this default by modifying the value of the linkname-policy/phys-prefix SMF property of the service svc:/network/datalink-management:default. Specify a new value for this property in the System Configuration manifests used the Automated Install (AI) program. See Oracle Solaris Administration: Network Interfaces and Network Virtualization for details.
Combine a set of links into a single link aggregation named aggr-link. The aggregation could be HA-only or IEEE 802.3ad compliant. The use of an integer key to generate a link name for the aggregation is also supported for backward compatibility. Many of the *-aggr subcommands below also support the use of a key to refer to a given aggregation, but use of the aggregation link name is preferred. See the NOTES section for more information on keys.
dladm supports a number of port selection policies for an aggregation of ports. (See the description of the -P option, below.) If you do not specify a policy, create-aggr uses the default, the L4 policy, described under the -P option.
Each Ethernet link (or port) in the aggregation is specified using an -l option followed by the name of the link to be included in the aggregation. Multiple links are included in the aggregation by specifying multiple -l options. For backward compatibility with previous versions of Solaris, the dladm command also supports the using the -d option (or --dev) with a device name to specify links by their underlying device name. The other *-aggr subcommands that take -loptions also accept -d.
Specifies that the aggregation is temporary. Temporary aggregations last until the next reboot.
See “Options,” above.
Mode must be set to one of the following:
IEEE 802.3ad compliant link aggregation. If unspecified, mode is trunk.
Datalink Multipathing mode. A layer 2 high availability technology that can provide failover among multiple switches, and does not require switch configuration. A dlmp link aggregation can also aggregate ports connected to same switch. However, it cannot be used in back-to-back setup.
An dlmp link aggregation is limited in its load-spreading ability: MAC clients configured on plumbed dlmp aggr are distributed across all aggr ports but an individual MAC client cannot spread load across multiple ports.
This mode is not IEEE 802.3ad compliant. Setting policy, lacpmode, time or MAC address is invalid in this mode.
Specifies the port selection policy to use for load spreading of outbound traffic. The policy specifies which dev object is used to send packets. A policy is a list of one or more layers specifiers separated by commas. A layer specifier is one of the following:
Select outbound device according to source and destination MAC addresses of the packet.
Select outbound device according to source and destination IP addresses of the packet.
Select outbound device according to the upper layer protocol information contained in the packet. For TCP and UDP, this includes source and destination ports. For IPsec, this includes the SPI (Security Parameters Index).
For example, to use upper layer protocol information, the following policy can be used:
-P L4
Note that policy L4 is the default.
To use the source and destination MAC addresses as well as the source and destination IP addresses, the following policy can be used:
-P L2,L3
Specifies whether LACP should be used and, if used, the mode in which it should operate. Supported values are off, active or passive.
Specifies the LACP timer value. The supported values are short or long.
Specifies a fixed unicast hardware address to be used for the aggregation. If this option is not specified, then an address is automatically chosen from the set of addresses of the component devices.
Modify the parameters of the specified aggregation.
Specifies that the modification is temporary. Temporary aggregations last until the next reboot.
See “Options,” above.
See description of -m mode option under create-aggr subcommand, above.
Specifies the port selection policy to use for load spreading of outbound traffic. See dladm create-aggr for a description of valid policy values.
Specifies whether LACP should be used and, if used, the mode in which it should operate. Supported values are off, active, or passive.
Specifies the LACP timer value. The supported values are short or long.
Specifies a fixed unicast hardware address to be used for the aggregation. If this option is not specified, then an address is automatically chosen from the set of addresses of the component devices.
(Note that modification of the fixed unicast hardware address will override any previously defined mac-address link property defined for the aggregation. See “General Link Properties”.)
Deletes the specified aggregation.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Adds links to the specified aggregation.
Specifies an Ethernet link to add to the aggregation. Multiple links can be added by supplying multiple -l options.
Specifies that the additions are temporary. Temporary additions last until the next reboot.
See “Options,” above.
Removes links from the specified aggregation.
Specifies an Ethernet link to remove from the aggregation. Multiple links can be added by supplying multiple -l options.
Specifies that the removals are temporary. Temporary removal last until the next reboot.
See “Options,” above.
Show aggregation configuration (the default) or LACP information either for all aggregations or for the specified aggregation.
By default (with no options), the following fields can be displayed:
The name of the aggregation link.
The aggregation mode, either trunk or dlmp.
The LACP policy of the aggregation. See the create-aggr -P option for a description of the possible values.
Either auto, if the aggregation is configured to automatically configure its unicast MAC address (the default if the -u option was not used to create or modify the aggregation), or fixed, if -u was used to set a fixed MAC address.
The LACP mode of the aggregation. Possible values are off, active, or passive, as set by the -l option to create-aggr or modify-aggr.
The LACP timer value of the aggregation as set by the -T option of create-aggr or modify-aggr.
The following field is not part of the default output, but can be queried using -o.
A set of state flags associated with the aggregation. The only possible flag is f, which is displayed if the administrator forced the creation the aggregation using the -f option to create-aggr. Other flags might be defined in the future.
The show-aggr command accepts the following options:
Displays detailed LACP information for the aggregation link and each underlying port. Most of the state information displayed by this option is defined by IEEE 802.3. With this option, the following fields can be displayed:
The name of the aggregation link.
The name of one of the underlying aggregation ports.
Whether the port can be added to the aggregation.
If yes, the system considers the port to be synchronized and part of the aggregation.
If yes, collection of incoming frames is enabled on the associated port.
If yes, distribution of outgoing frames is enabled on the associated port.
If yes, the port is using defaulted partner information (that is, has not received LACP data from the LACP partner).
If yes, the receive state of the port is in the EXPIRED state.
Display additional aggregation information including detailed information on each underlying port. With -x, the following fields can be displayed:
The name of the aggregation link.
The name of one of the underlying aggregation ports.
The speed of the link or port in megabits per second.
The full/half duplex status of the link or port is displayed if the link state is up. The duplex status is displayed as unknown in all other cases.
The link state. This can be up, down, or unknown.
The MAC address of the link or port.
This indicates whether the individual aggregation port is in the standby or attached state.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed above, or the special value all, to display all fields. The fields applicable to the -o option are limited to those listed under each output mode. For example, if using -L, only the fields listed under -L, above, can be used with -o.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display the persistent aggregation configuration rather than the state of the running system.
Displays aggregation statistics. This option is made obsolete by dlstat(1M).
Used with the -s option to specify an interval, in seconds, at which statistics should be displayed. This option is made obsolete by dlstat(1M).
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Create an 802.1D bridge instance and optionally assign one or more network links to the new bridge. By default, no bridge instances are present on the system.
In order to bridge between links, you must create at least one bridge instance. Each bridge instance is separate, and there is no forwarding connection between bridges.
Note that the bridge-related subcommands, create-bridge among them, require installation of the pkg://solaris/network/bridging package.
Specifies a protection method. The defined protection methods are stp for the Spanning Tree Protocol and trill for TRILL, which is used on RBridges. The default value is stp.
See “Options,” above.
Specifies the Bridge Priority. This sets the IEEE STP priority value for determining the root bridge node in the network. The default value is 32768. Valid values are 0 (highest priority) to 61440 (lowest priority), in increments of 4096.
If a value not evenly divisible by 4096 is used, the system silently rounds downward to the next lower value that is divisible by 4096.
Specifies the maximum age for configuration information in seconds. This sets the STP Bridge Max Age parameter. This value is used for all nodes in the network if this node is the root bridge. Bridge link information older than this time is discarded. It defaults to 20 seconds. Valid values are from 6 to 40 seconds. See the -d forward-delay parameter for additional constraints.
Specifies the STP Bridge Hello Time parameter. When this node is the root node, it sends Configuration BPDUs at this interval throughout the network. The default value is 2 seconds. Valid values are from 1 to 10 seconds. See the -d forward-delay parameter for additional constraints.
Specifies the STP Bridge Forward Delay parameter. When this node is the root node, then all bridges in the network use this timer to sequence the link states when a port is enabled. The default value is 15 seconds. Valid values are from 4 to 30 seconds.
Bridges must obey the following two constraints:
2 * (forward-delay - 1.0) >= max-age max-age >= 2 * (hello-time + 1.0)
Any parameter setting that would violate those constraints is treated as an error and causes the command to fail with a diagnostic message. The message provides valid alternatives to the supplied values.
Specifies the MSTP forced maximum supported protocol. The default value is 3. Valid values are non-negative integers. The current implementation does not support RSTP or MSTP, so this currently has no effect. However, to prevent MSTP from being used in the future, the parameter may be set to 0 for STP only or 2 for STP and RSTP.
Specifies one or more links to add to the newly-created bridge. This is similar to creating the bridge and then adding one or more links, as with the add-bridge subcommand. However, if any of the links cannot be added, the entire command fails, and the new bridge itself is not created. To add multiple links on the same command line, repeat this option for each link. You are permitted to create bridges without links. For more information about link assignments, see the add-bridge subcommand.
Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG privilege. Bridge creation might fail if the optional bridging feature is not installed on the system.
Modify the operational parameters of an existing bridge. The options are the same as for the create-bridge subcommand, except that the -l option is not permitted. To add links to an existing bridge, use the add-bridge subcommand.
Bridge parameter modification requires the PRIV_SYS_DL_CONFIG privilege.
Delete a bridge instance. The bridge being deleted must not have any attached links. Use the remove-bridge subcommand to deactivate links before deleting a bridge.
Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
The -R (--root-dir) option is the same as for the create-bridge subcommand.
Add one or more links to an existing bridge. If multiple links are specified, and adding any one of them results in an error, the command fails and no changes are made to the system.
Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privilege.
A link may be a member of at most one bridge. An error occurs when you attempt to add a link that already belongs to another bridge. To move a link from one bridge instance to another, remove it from the current bridge before adding it to a new one.
The links assigned to a bridge must not also be VLANs, VNICs, or tunnels. Only physical Ethernet datalinks, aggregation datalinks, and Ethernet stubs are permitted to be assigned to a bridge.
Links assigned to a bridge must all have the same MTU. This is checked when the link is assigned. The link is added to the bridge in a deactivated form if it is not the first link on the bridge and it has a differing MTU.
Note that systems using bridging should not set the eeprom(1M) local-mac-address? variable to false.
The options are the same as for the create-bridge subcommand.
Remove one or more links from a bridge instance. If multiple links are specified, and removing any one of them would result in an error, the command fails and none are removed.
Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privilege.
The options are the same as for the create-bridge subcommand.
Show the running status and configuration of bridges, their attached links, learned forwarding entries, and TRILL nickname databases. When showing overall bridge status and configuration, the bridge name can be omitted to show all bridges. The other forms require a specified bridge.
The show-bridge subcommand accepts the following options:
Used with the -s option to specify an interval, in seconds, at which statistics should be displayed. If this option is not specified, statistics will be displayed only once.
Display statistics for the specified bridges or for a given bridge's attached links. This option cannot be used with the -f and -t options.
Display using a stable machine-parsable format. See “Parsable Output Format,” below.
A case-insensitive, comma-separated list of output fields to display. The field names are described below. The special value all displays all fields. Each set of fields has its own default set to display when -o is not specified.
By default, the show-bridge subcommand shows bridge configuration. The following fields can be shown:
The name of the bridge.
The Bridge Unique Identifier value (MAC address).
Configured priority value; set by -p with create-bridge and modify-bridge.
Configured bridge maximum age; set by -m with create-bridge and modify-bridge.
Configured bridge hello time; set by -h with create-bridge and modify-bridge.
Configured forwarding delay; set by -d with create-bridge and modify-bridge.
Configured forced maximum protocol; set by -f with create-bridge and modify-bridge.
Time, in seconds, since last topology change.
Count of the number of topology changes.
This indicates that a topology change was detected.
Bridge Identifier of the root node.
Cost of the path to the root node.
Port number used to reach the root node.
Maximum age value from the root node.
Hello time value from the root node.
Forward delay value from the root node.
Minimum BPDU interval.
By default, when the -o option is not specified, only the BRIDGE, ADDRESS, PRIORITY, and DESROOT fields are shown.
When the -s option is specified, the show-bridge subcommand shows bridge statistics. The following fields can be shown:
Bridge name.
Number of packets dropped due to resource problems.
Number of packets forwarded from one link to another.
Number of multicast and broadcast packets handled by the bridge.
Number of packets received on all attached links.
Number of packets sent on all attached links.
Number of packets handled that have an unknown destination. Such packets are sent to all links.
By default, when the -o option is not specified, only the BRIDGE, DROPS, and FORWARDS fields are shown.
The show-bridge subcommand also accepts the following options:
Displays link-related status and statistics information for all links attached to a single bridge instance. By using this option and without the -s option, the following fields can be displayed for each link:
The link name.
Port (link) index number on the bridge.
State of the link. The state can be disabled, discarding, learning, forwarding, non-stp, or bad-mtu.
Number of seconds since the last reset or initialization.
Actual cost in use (1-65535).
This indicates whether point-to-point (P2P) mode been detected.
This indicates whether edge mode has been detected.
The Root Bridge Identifier that has been seen on this port.
Path cost to the network root node through the designated port.
Bridge Identifier for this port.
The ID and priority of the port used to transmit configuration messages for this port.
This indicates whether Topology Change Acknowledge has been seen.
When the -l option is specified without the -o option, only the LINK, STATE, UPTIME, and DESROOT fields are shown.
When the -l option is specified, the -s option can be used to display the following fields for each link:
Link name.
Number of configuration BPDUs received.
Number of topology change BPDUs received.
Number of Rapid Spanning Tree BPDUs received.
Number of BPDUs transmitted.
Number of packets dropped due to resource problems.
Number of packets received by the bridge.
Number of packets sent by the bridge.
When the -o option is not specified, only the LINK, DROPS, RECV, and XMIT fields are shown.
Displays forwarding entries for a single bridge instance. With this option, the following fields can be shown for each forwarding entry:
Destination MAC address.
Age of entry in seconds and milliseconds. Omitted for local entries.
The L (local) flag is shown if the MAC address belongs to an attached link or to a VNIC on one of the attached links.
For local entries, this is the name of the attached link that has the MAC address. Otherwise, for bridges that use Spanning Tree Protocol, this is the output interface name. For RBridges, this is the output TRILL nickname.
When the -o option is not specified, the DEST, AGE, FLAGS, and OUTPUT fields are shown.
Displays TRILL nickname entries for a single bridge instance. With this option, the following fields can be shown for each TRILL nickname entry:
TRILL nickname for this RBridge, which is a number from 1 to 65535.
The L flag is shown if the nickname identifies the local system.
Link name for output when sending messages to this RBridge.
MAC address of the next hop RBridge that is used to reach the RBridge with this nickname.
When the -o option is not specified, the NICK, FLAGS, LINK, and NEXTHOP fields are shown.
Create a tagged VLAN link with an ID of vid over Ethernet link ether-link. The name of the VLAN link can be specified as vlan-link. If the name is not specified, a name will be automatically generated (assuming that ether-link is namePPA) as:
<name><1000 * vlan-tag + PPA>
For example, if ether-link is bge1 and vid is 2, the name generated is bge2001.
Force the creation of the VLAN link. Some devices do not allow frame sizes large enough to include a VLAN header. When creating a VLAN link over such a device, the -f option is needed, and the MTU of the IP interfaces on the resulting VLAN must be set to 1496 instead of 1500.
Specifies Ethernet link over which VLAN is created.
Specifies that the VLAN link is temporary. Temporary VLAN links last until the next reboot.
See “Options,” above.
Modifies the underlying link and/or the VLAN-ID of the specified VLAN link(s). The VLAN link(s) can be specified as a comma-delimited list or as -L source-ether-link to indicate “all VLANs on source-ether-link”.
Specifies that the VLAN modification is temporary.
See “Options,” above.
Specifies the Ethernet link to which to move the VLAN(s). The Ethernet link must be different from the current one the VLAN(s) is or are using.
Specifies the VLAN-ID to be used. This option can be used only if a single VLAN link is specified. The purpose of the -f option is the same as in create-vlan, above.
Delete the VLAN link specified.
The delete-vlansubcommand accepts the following options:
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Display VLAN configuration for all VLAN links or for the specified VLAN link.
The show-vlan subcommand accepts the following options:
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each VLAN link, the following fields can be displayed:
The name of the VLAN link.
The ID associated with the VLAN.
The name of the physical link over which this VLAN is configured.
A set of flags associated with the VLAN link. Possible flags are:
The VLAN was created using the -f option to create-vlan.
The VLAN was implicitly created when the DLPI link was opened. These VLAN links are automatically deleted on last close of the DLPI link (for example, when the IP interface associated with the VLAN link is unplumbed).
Additional flags might be defined in the future.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display the persistent VLAN configuration rather than the state of the running system.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Scans for WiFi networks, either on all WiFi links, or just on the specified wifi-link.
By default, currently all fields but BSSTYPE are displayed.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each WiFi network found, the following fields can be displayed:
The name of the link the WiFi network is on.
The ESSID (name) of the WiFi network.
Either the hardware address of the WiFi network's Access Point (for BSS networks), or the WiFi network's randomly generated unique token (for IBSS networks).
Either none for a WiFi network that uses no security, wep for a WiFi network that requires WEP (Wired Equivalent Privacy), or wpa for a WiFi network that requires WPA (Wi-Fi Protected Access).
The supported connection modes: one or more of a, b, g, or n.
The strength of the signal: one of excellent, very good, good, weak, or very weak.
The maximum speed of the WiFi network, in megabits per second.
Either bss for BSS (infrastructure) networks, or ibss for IBSS (ad-hoc) networks.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Connects to a WiFi network. This consists of four steps: discovery, filtration, prioritization, and association. However, to enable connections to non-broadcast WiFi networks and to improve performance, if a BSSID or ESSID is specified using the -e or -i options, then the first three steps are skipped and connect-wifi immediately attempts to associate with a BSSID or ESSID that matches the rest of the provided parameters. If this association fails, but there is a possibility that other networks matching the specified criteria exist, then the traditional discovery process begins as specified below.
The discovery step finds all available WiFi networks on the specified WiFi link, which must not yet be connected. For administrative convenience, if there is only one WiFi link on the system, wifi-link can be omitted.
Once discovery is complete, the list of networks is filtered according to the value of the following options:
Networks that do not have the same essid are filtered out.
Networks that do not have the same bsstype are filtered out.
Networks not appropriate for the specified 802.11 mode are filtered out.
Use the specified secobj named by the key to connect to the network. Networks not appropriate for the specified keys are filtered out.
Networks not appropriate for the specified security mode are filtered out.
Next, the remaining networks are prioritized, first by signal strength, and then by maximum speed. Finally, an attempt is made to associate with each network in the list, in order, until one succeeds or no networks remain.
In addition to the options described above, the following options also control the behavior of connect-wifi:
Connect using the specified authentication mode. By default, open and shared are tried in order.
Used with -b ibss to create a new ad-hoc network if one matching the specified ESSID cannot be found. If no ESSID is specified, then -c -b ibss always triggers the creation of a new ad-hoc network.
Specifies the number of seconds to wait for association to succeed. If time is forever, then the associate will wait indefinitely. The current default is ten seconds, but this might change in the future. Timeouts shorter than the default might not succeed reliably.
In addition to the filtering previously described, the specified keys will be used to secure the association. The security mode to use will be based on the key class; if a security mode was explicitly specified, it must be compatible with the key class. All keys must be of the same class.
For security modes that support multiple key slots, the slot to place the key will be specified by a colon followed by an index. Therefore, -k mykey:3 places mykey in slot 3. By default, slot 1 is assumed. For security modes that support multiple keys, a comma-separated list can be specified, with the first key being the active key.
Disconnect from one or more WiFi networks. If wifi-link specifies a connected WiFi link, then it is disconnected. For administrative convenience, if only one WiFi link is connected, wifi-link can be omitted.
Disconnects from all connected links. This is primarily intended for use by scripts.
Shows WiFi configuration information either for all WiFi links or for the specified link wifi-link.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each WiFi link, the following fields can be displayed:
The name of the link being displayed.
Either connected if the link is connected, or disconnected if it is not connected. If the link is disconnected, all remaining fields have the value --.
The ESSID (name) of the connected WiFi network.
Either the hardware address of the WiFi network's Access Point (for BSS networks), or the WiFi network's randomly generated unique token (for IBSS networks).
Either none for a WiFi network that uses no security, wep for a WiFi network that requires WEP, or wpa for a WiFi network that requires WPA.
The supported connection modes: one or more of a, b, g, or n.
The connection strength: one of excellent, very good, good, weak, or very weak.
The connection speed, in megabits per second.
Either open or shared (see connect-wifi).
Either bss for BSS (infrastructure) networks, or ibss for IBSS (ad-hoc) networks.
By default, currently all fields but AUTH, BSSID, BSSTYPE are displayed.
Displays using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Shows state information either for all physical Ethernet links or for a specified physical Ethernet link.
The show-ether subcommand accepts the following options:
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each link, the following fields can be displayed:
The name of the link being displayed.
Parameter type, where current indicates the negotiated state of the link, capable indicates capabilities supported by the device, adv indicates the advertised capabilities, and peeradv indicates the capabilities advertised by the link-partner.
The state of the link.
A yes/no value indicating whether auto-negotiation is advertised.
Combinations of speed and duplex values available. The units of speed are encoded with a trailing suffix of G (Gigabits/s) or M (Mb/s). Duplex values are encoded as f (full-duplex) or h (half-duplex).
Flow control information. Can be no, indicating no flow control is available; tx, indicating that the end-point can transmit pause frames, but ignores any received pause frames; rx, indicating that the end-point receives and acts upon received pause frames; or bi, indicating bi-directional flow-control.
Fault detection information. Valid values are none or fault.
By default, all fields except REM_FAULT are displayed for the “current” PTYPE.
Displays using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Displays information about supported Ethernet protocols. Supported protocols include vdp, the VSI Discovery and Configuration protocol, and ecp, Edge Control Protocol.
VDP information is specific to a VNIC. Thus, if the link argument is a phys-link, VDP information for all of the VNIC over the phys-link is displayed.
ECP information is specific to a phys-link.
For VDP, following information is displayed:
The name of the Virtual Station Interface (VSI) or VNIC.
The name of the physical link over which this VNIC is configured.
The state of the VDP protocol state machine for the VNIC. Supported states include ASSOC, DEASSOC, or TIMEDOUT.
The identifier for the VSI or VNIC. This identifier is used by the bridge to associate properties with VNICs. Supported format for the VSIID is the MAC address. Thus, the VSIID for a VNIC is its MAC address.
This is VSI Type ID and Version associated with a VNIC and is of the form VSI Type ID/Version. The VSI Type identifies the properties associated with the VNIC.
The VDP command that is currently in progress. Supported commands are: ASSOC, DEASSOC. The ASSOC command requests the bridge to associate properties with a VSI (identified by the VSIID), whereas the DEASSOC requests the bridge to disassociate the properties from a given VSIID.
The information used by the switch to filter packets for a given VNIC. Supported format for Filter Info includes the MAC/VLAN ID combination. Thus, the FilterInfo for a VNIC is its MAC address and VLAN ID, if any.
The inteval (in seconds) for Keep Alive messages to be transmitted for existing associations. The default is 11.6 secs.
The time (in seconds) to wait for a response from the bridge before timing out a request.
For ECP, following information is displayed:
The name of the physical link for the ECP instance.
The maximum number of transmission retries without receiving an acknowledgement from the peer.
The interval of time (in milliseconds) to wait for an acknowledgment from the peer.
Extended output is displayed for PTYPE values of current, capable, adv and peeradv.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Sets the values of one or more properties on the link specified. The list of properties and their possible values depend on the link type, the network device driver, and networking hardware. These properties can be retrieved using show-linkprop.
Specifies that the changes are temporary. Temporary changes last until the next reboot.
See “Options,” above.
A comma-separated list of properties to set to the specified values.
Note that when the persistent value is set, the temporary value changes to the same value.
Resets one or more properties to their values on the link specified. Properties are reset to the values they had at startup. If no properties are specified, all properties are reset. See show-linkprop for a description of properties.
Specifies that the resets are temporary. Values are reset to default values. Temporary resets last until the next reboot.
See “Options,” above.
A comma-separated list of properties to reset.
Note that when the persistent value is reset, the temporary value changes to the same value.
Show the current or persistent values of one or more properties, either for all datalinks or for the specified link. By default, current values are shown. If no properties are specified, all available link properties are displayed. For each property, the following fields are displayed:
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each link, the following fields can be displayed:
The name of the datalink.
The name of the property.
The read/write permissions of the property. The value shown is one of ro or rw.
The current (or persistent) property value. If the value is not set, it is shown as --. If it is unknown, the value is shown as ?. Persistent values that are not set or have been reset will be shown as -- and will use the system DEFAULT value (if any).
The default value of the property. If the property has no default value, -- is shown.
A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown or unbounded, -- is shown.
The list of properties depends on the link type and network device driver, and the available values for a given property further depends on the underlying network hardware and its state. General link properties are documented in the “General Link Properties” section. However, link properties that begin with “_” (underbar) are specific to a given link or its underlying network device and subject to change or removal. See the appropriate network device driver man page for details.
Display using a stable machine-parseable format. The -o option is required with this option. See “Parseable Output Format”, below.
Display persistent link property information
A comma-separated list of properties to show. See the sections on link properties following subcommand descriptions.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Create a secure object named secobj in the specified class to be later used as a WEP or WPA key in connecting to an encrypted network. The value of the secure object can either be provided interactively or read from a file. The sequence of interactive prompts and the file format depends on the class of the secure object.
Currently, the classes wep and wpa are supported. The WEP (Wired Equivalent Privacy) key can be either 5 or 13 bytes long. It can be provided either as an ASCII or hexadecimal string -- thus, 12345 and 0x3132333435 are equivalent 5-byte keys (the 0x prefix can be omitted). A file containing a WEP key must consist of a single line using either WEP key format. The WPA (Wi-Fi Protected Access) key must be provided as an ASCII string with a length between 8 and 63 bytes.
This subcommand is only usable by users or roles that belong to the “Network Link Security” RBAC profile.
class can be wep or wpa. See preceding discussion.
Specifies that the creation is temporary. Temporary creation last until the next reboot.
See “Options,” above.
Specifies a file that should be used to obtain the secure object's value. The format of this file depends on the secure object class. See the EXAMPLES section for an example of using this option to set a WEP key.
Delete one or more specified secure objects. This subcommand is only usable by users or roles that belong to the “Network Link Security” RBAC profile.
Specifies that the deletions are temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Show current or persistent secure object information. If one or more secure objects are specified, then information for each is displayed. Otherwise, all current or persistent secure objects are displayed.
By default, current secure objects are displayed, which are all secure objects that have either been persistently created and not temporarily deleted, or temporarily created.
For security reasons, it is not possible to show the value of a secure object.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below. For displayed secure object, the following fields can be shown:
The name of the secure object.
The class of the secure object.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display persistent secure object information
Create a VNIC with name vnic-link over the specified link.
Specifies that the VNIC is temporary. Temporary VNICs last until the next reboot.
See “Options,” above.
link can be a physical link or an etherstub.
Sets the VNIC's MAC address based on the specified value or keyword. If value is not a keyword, it is interpreted as a unicast MAC address, which must be valid for the underlying NIC. A user-specified MAC address must be drawn from the ranges specified by the Globally Unique and Locally Administered types of MAC addresses.
The following special keywords can be used:
Assign a factory MAC address to the VNIC. When a factory MAC address is requested, -m can be combined with the -n option to specify a MAC address slot to be used. If -n is not specified, the system will choose the next available factory MAC address. The -m option of the show-phys subcommand can be used to display the list of factory MAC addresses, their slot identifiers, and their availability.
Assign a random MAC address to the VNIC. A default prefix consisting of a valid IEEE OUI with the local bit set will be used. That prefix can be overridden with the -r option.
Assign a VRRP virtual MAC address to the VNIC base on the specified address family and vrid.
Try and use a factory MAC address first. If none is available, assign a random MAC address. auto is the default action if the -m option is not specified.
Enable VLAN tagging for this VNIC. The VLAN tag will have id vlan-id.
A comma-separated list of properties to set to the specified values.
Modifies the underlying link and/or the MAC address/VLAN-ID of the specified VNIC link(s). The VNIC link(s) can be specified as a comma-delimited list or as -L source-link to indicate “all VNICs on source-link”.
Specifies that the VNIC modification is temporary.
See “Options,” above.
Specifies the link to which to move the VNIC(s). link can be of any link type supported by create-vnic. link must be different from the link the VNIC(s) are currently using. If the VNIC(s) are using a factory MAC address and -m is not specified, a new MAC address will be allocated on the target link, using the -m auto scheme, and assigned to the VNIC(s).
See create-vnic, above, for supported options. If multiple VNICs are specified, only the auto, random, and factory (without -n) address assignment schemes will be supported.
Deletes the specified VNIC.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Show VNIC configuration information for all VNICs, all VNICs on a link, or only the specified vnic-link.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without -o), show-vnic displays all fields.
The name of the VNIC.
The name of the physical link over which this VNIC is configured.
The maximum speed of the VNIC, in megabits per second.
MAC address of the VNIC.
MAC address type of the VNIC. dladm distinguishes among the following MAC address types:
A random address assigned to the VNIC.
A factory MAC address used by the VNIC.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display the persistent VNIC configuration.
Displays VNIC statistics. This option is made obsolete by dlstat(1M).
Used with the -s option to specify an interval, in seconds, at which statistics should be displayed. This option is made obsolete by dlstat(1M).
Display information for all VNICs on the named link.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Create an IP-over-IB link with the name part-link over the specified link. This subcommand is supported only on InfiniBand physical links.
Forces the creation of the partition link even if pkey is absent on the port, the multicast group is absent, or the port is down.
IP-over-IB physical link name.
Partition key to be used for creating the partition link. pkey specified is always treated as hexadecimal, whether it has the 0x prefix or not.
A comma-separated list of properties to set to the specified values. Supported properties are given “General Link Properties” section below.
See “Options,” above.
Specifies that the partition link creation is temporary. Temporary partition links last until the next reboot.
Delete the specified partition link.
See “Options,” above.
Specifies that the partition link deletion is temporary. Temporary deletion last until the next reboot.
Displays IB partition link information for all partition links, for all partitions on ib-link, or for only the specified part-link.
Display information for all the partitions on the named link.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without -o), show-part displays all fields.
The name of the partition link.
Pkey associated with the partition link.
The name of the physical link over which this partition link is created.
Current state of the partition link. Possible values are up, down, or unknown.
A set of state flags used for creating the partition link. Possible values are:
Partition was created forcibly (without checking whether creating a partition were possible).
Partition link is temporary, lasting only until the next reboot.
Display the persistent IB partition link configuration.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Display IB physical link information on all or the specified IB links.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without -o), show-ib displays all fields.
The name of the physical link.
Globally unique identifier of the HCA.
Globally unique identifier of the port.
Port number.
Current state of the physical link. Possible values are up, down, or unknown.
Pkeys available on the port associated with the IP-over-IB link specified in the LINK field.
Display the persistent IB physical link configuration.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
Create an etherstub with the specified name.
Specifies that the etherstub is temporary. Temporary etherstubs do not persist across reboots.
See “Options,” above.
VNICs can be created on top of etherstubs instead of physical NICs. As with physical NICs, such a creation causes the stack to implicitly create a virtual switch between the VNICs created on top of the same etherstub.
Delete the specified etherstub.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Show all configured etherstubs by default, or the specified etherstub if etherstub is specified.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
Create an IP tunnel link named iptun-link. Such links can additionally be protected with IPsec using ipsecconf(1M).
An IP tunnel is conceptually comprised of two parts: a virtual link between two or more IP nodes, and an IP interface above this link that allows the system to transmit and receive IP packets encapsulated by the underlying link. This subcommand creates a virtual link. The ipadm(1M) command is used to configure IP interfaces above the link.
Specifies that the IP tunnel link is temporary. Temporary tunnels last until the next reboot.
See “Options,” above.
Specifies the type of tunnel to be created. The type must be one of the following:
A point-to-point, IP-over-IP tunnel between two IPv4 nodes. This type of tunnel requires IPv4 source and destination addresses to function. IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create IPv4-over-IPv4 and IPv6-over-IPv4 tunneling configurations.
A point-to-point, IP-over-IP tunnel between two IPv6 nodes as defined in IETF RFC 2473. This type of tunnel requires IPv6 source and destination addresses to function. IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configurations.
A 6to4, point-to-multipoint tunnel as defined in IETF RFC 3056. This type of tunnel requires an IPv4 source address to function. An IPv6 interface is plumbed on such a tunnel link to configure a 6to4 router.
Literal IP addresses or hostnames corresponding to the local or remote tunnel addresses. Either local or remote can be specified individually, or both can be specified separated by a comma (for example, -a local=laddr,remote=raddr).
Modify the parameters of the specified IP tunnel.
Specifies that the modification is temporary. Temporary modifications last until the next reboot.
See “Options,” above.
Specify new local or remote addresses for the tunnel link. See create-iptun for a description.
Delete the specified IP tunnel link.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Show IP tunnel link configuration for a single IP tunnel or all IP tunnels.
Display the persistent IP tunnel configuration.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. By default (without -o), show-iptun displays all fields.
The name of the IP tunnel link.
Type of tunnel as specified by the -T option of create-iptun.
A set of flags associated with the IP tunnel link. Possible flags are:
The IP tunnel link is protected by IPsec policy. To display the IPsec policy associated with the tunnel link, enter:
# ipsecconf -ln -i tunnel-link
See ipsecconf(1M) for more details on how to configure IPsec policy.
The IP tunnel link was implicitly created with ipadm(1M), and will be automatically deleted when it is no longer referenced (that is, when the last IP interface over the tunnel is removed). See ipadm(1M) for details on implicit tunnel creation.
The local tunnel address.
The remote tunnel address.
Display ZONE column in the output.
See description of -z option under dladm show-link, above.
This subcommand is made obsolete by the dlstat(1M) show-link -h command.
Displays all the supported dladm subcommands or usage for a given subcommand. If you invoke help for a specific subcommand, the command syntax is displayed, along with an example. Using dladm help without any argument displays all of the subcommands.
Many dladm subcommands have an option that displays output in a machine-parseable format. The output format is one or more lines of colon (:) delimited fields. The fields displayed are specific to the subcommand used and are listed under the entry for the -o option for a given subcommand. Output includes only those fields requested by means of the -o option, in the order requested.
When you request multiple fields, any literal colon characters are escaped by a backslash (\) before being output. Similarly, literal backslash characters will also be escaped (\\). This escape format is parseable by using shell read(1) functions with the environment variable IFS=: (see EXAMPLES, below). Note that escaping is not done when you request only a single field.
The following general link properties are supported:
Specifies the set of STREAMS modules to push on the stream associated with a link when its DLPI device is opened. It is a space-delimited list of modules.
The optional special character sequence [anchor] indicates that a STREAMS anchor should be placed on the stream at the module previously specified in the list. It is an error to specify more than one anchor or to have an anchor first in the list.
The autopush property is preferred over the more general autopush(1M) command.
The 802.1p priority associated with the link. This property, when set, indicates the 802.1p priority on outbound packets on the link. The values range from 0 to 7. When this property is set, all the packets outbound on the link will have a VLAN tag with the priority field set to the property value. When this property is set on a physical NIC, only traffic for the primary client on that physical NIC will have priority set and not any other datalinks on the NIC. This property is only valid on Ethernet data link. The default cos is 0 for VLAN data links or when the underlyng device registers DCB capabilities, otherwise the default is not to add a VLAN tag.
Bind the processing of packets for a given data link to a processor or a set of processors. The value can be a comma-separated list of one or more processor ids or a range of ids. If the list consists of more than one processor, the processing will spread out to all the processors. Connection to processor affinity and packet ordering for any individual connection will be maintained.
The processor or set of processors are not exclusively reserved for the link. Only the kernel threads and interrupts associated with processing of the link are bound to the processor or the set of processors specified. In case it is desired that processors be dedicated to the link, psrset(1M) can be used to create a processor set and then specifying the processors from the processor set to bind the link to.
If the link was already bound to processor or set of processors due to a previous operation, the binding will be removed and the new set of processors will be used instead.
The default is no CPU binding, which is to say that the processing of packets is not bound to any specific processor or processor set.
Specification of the cpus property is not allowed on links with a pool link property.
This read-only property displays the list of CPUs used for packet processing on the named data link.
If the cpus property has been set, cpus-effective will be the same.
If the pool property has been set, the cpus-effective will be selected from the pool designated by the administrator.
If neither the pool nor cpus property is set, the system will select the appropriate value for cpus-effective.
This indicates the ETS bandwidth configured on the TX side for a link. This property can be configured on a data link only if the underlying physical NIC registers DCB capability and supports ETS. The value is a percentage of the physical NIC's bandwidth and the sum of values of this property over all links on a physical NIC cannot exceed 100. Aggregation of physical NIC that register DCB capabilities is not supported currently, hence this property cannot be set on aggregations.
This indicates the ETS bandwidth (as a percentage) recommended by the remote end for this link. The value is obtained by means of LLDP.
This indicates the ETS bandwidth (as a percentage) that is effective on the TX side for the link. This could be the etsbw-lcl or etsbw-lcl-advice depending on LLDP negotiations.
This indicates the ETS bandwidth (in percentage) that is effective on the remote end for this link. The value is obtained by means of LLDP.
Allows you to specify the number of receive-side fanout threads.
Traffic received on a receive ring can be fanned out across multiple threads and processed in parallel. This is particularly useful when the system has large number of CPUs. This property is a count for the number of receive-side fanout threads for a particular datalink. Note that this property lets an administrator specify the desired rxfanout. However, based on the number of available CPUs and hardware RX rings, the system might choose a different (smaller or even higher) value for fanout.
The number of CPUs is the upper bound on the receive side fanout while the number of rxrings is the lower bound. Thus, the actual receive-side fanout count can have a value different from the one set by the user.
Limits the number of new or changed MAC sources to be learned over a bridge link. When the number exceeds this value, learning on that link is temporarily disabled. Only non-VLAN, non-VNIC type links have this property.
The default value is 1000. Valid values are greater or equal to 0.
Specifies the decay rate for source changes limited by learn_limit. This number is subtracted from the counter for a bridge link every 5 seconds. Only non-VLAN, non-VNIC type links have this property.
The default value is 200. Valid values are greater or equal to 0.
Specifies the user's disposition of turning LRO on or off or using system default LRO value on a data link.
The default value is off. Valid values are off, on, or auto. auto is to apply the default LRO setting on the data link.
Read-only property that shows the actual LRO status of a data link. Even if the user has enabled LRO for a data link, the system might not turn it on if it determines it is unsafe to do so. For instance, if IP is forwarding traffic using a data link, then the system would deem it unsafe to turn on LRO for that data link.
Valid values are off or on.
Sets the primary MAC address for the data link. When set, changes the primary MAC address used by all current and future MAC clients of the underlying data link.
Sets the full duplex bandwidth for the link. The bandwidth is specified as an integer with one of the scale suffixes (K, M, or G for Kbps, Mbps, and Gbps). If no units are specified, the input value will be read as Mbps. The default is no bandwidth limit.
Bind the processing of packets for a given data link to a pool of processors defined and administered by poolcfg(1M) and pooladm(1M). The binding of processes is similar to what occurs with the cpus link property, except that the list of CPUs is not explicit and is instead maintained by the pools facility.
If pools are enabled, and no pool is specified for the link, pool_default will be used for packet processing.
For zones with ip-type=exclusive, if a pool is specified through a pool zone property or dedicated-cpus allocation, that pool will also be used for all data links associated with the zone.
Specification of the pool property is not allowed on links with a cpus link property.
If the pools facility has been enabled, this read-only property displays the pool that is being used for packet processing. If the administrator has not assigned a pool to a data link, the pool will be pool_default.
If the pools facility is disabled, there is no effective pool and the value will be empty.
Sets the relative priority for the link. The value can be given as one of the tokens high, medium, or low. The default is high. This priority is not reflected in any protocol priority fields on the wire, but used for packet processing scheduling within the system.
A read-only property that specifies the number of rings available on the receive side.
Specifies the number of receive rings side for the MAC client. A value of sw means this MAC client should not be assigned any RX ring and will be software-based. A value of hw means this MAC client can get one RX ring, if available, or will be software-based. A non-zero value means reserve that many rings for this MAC client, if available, and fail if not. If this property is not specified, the MAC client can get one RX ring, if available, or will be software-based.
A read-only property that specifies the number of additional RX hardware-based MAC clients that can be created.
A read-only property that specifies the number of rings available on the transmit side.
Specifies the number of transmit rings for the MAC client. A value of sw means this MAC client should not be assigned any TX ring. A value of hw means this MAC client can get one TX ring, if available, or will be software-based. A non-zero value means reserve that many rings for this MAC client, if available, and fail if not. If this property is not specified, the MAC client can get one TX ring, if available, or will be software-based.
A read-only property that specifics the number of additional TX hardware-based MAC clients that can be created.
Enables or disables Spanning Tree Protocol on a bridge link. Setting this value to 0 disables Spanning Tree, and puts the link into forwarding mode with BPDU guarding enabled. This mode is appropriate for point-to-point links connected only to end nodes. Only non-VLAN, non-VNIC type links have this property. The default value is 1, to enable STP.
Enables or disables forwarding for a VLAN. Setting this value to 0 disables bridge forwarding for a VLAN link. Disabling bridge forwarding removes that VLAN from the “allowed set” for the bridge. The default value is 1, to enable bridge forwarding for configured VLANs.
Sets the default VLAN ID that is assumed for untagged packets sent to and received from this link. Only non-VLAN, non-VNIC type links have this property. Setting this value to 0 disables the bridge forwarding of untagged packets to and from the port. The default value is VLAN ID 1. Valid values values are from 0 to 4094. The default VLAN ID is also referred to as the Port VLAN Identifier (PVID).
You cannot create a tagged VLAN or VLAN-tagged VNIC link with a VLAN ID that matches the default VLAN value of the underlying link. All untagged packets on the link are already associated with the default VLAN (PVID). To successfully create a tagged VLAN or VLAN-tagged VNIC link with VLAN ID equal to the default VLAN value, you must first change the default_tag property of the underlying link to a different VLAN value.
When default_tag=0, all untagged packets on the link are no longer associated with any VLAN. As a result, you can create a VLAN link with any VLAN ID from 1 to 4094. Note that any received packets that are erroneously tagged with the PVID at an end-point might be dropped. This situation occurs if all the end-points on a given link do not agree on the PVID. All end-points on a link must use the same PVID and must not tag traffic with the PVID.
Sets the STP and RSTP Port Priority value, which is used to determine the preferred root port on a bridge. Lower numerical values are higher priority. The default value is 128. Valid values range from 0 to 255.
Sets the STP and RSTP cost for using the link. The default value is auto, which sets the cost based on link speed, using 100 for 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values range from 1 to 65535.
Enables or disables bridge edge port detection. If set to 0 (false), the system assumes that the port is connected to other bridges even if no bridge PDUs of any type are seen. The default value is 1, which detects edge ports automatically.
Sets bridge point-to-point operation mode. Possible values are true, false, and auto. When set to auto, point-to-point connections are automatically discovered. When set to true, the port mode is forced to use point-to-point. When set to false, the port mode is forced to use normal multipoint mode. The default value is auto.
Triggers the system to run the RSTP Force BPDU Migration Check procedure on this link. The procedure is triggered by setting the property value to 1. The property is automatically reset back to 0. This value cannot be set unless the following are true:
The link is bridged
The bridge is protected by Spanning Tree
The bridge force-protocol value is at least 2 (RSTP)
The default value is 0.
Enables one or more types of link protection. Valid values are:
MAC address anti-spoof. An outbound packet's source MAC address must match the link's configured MAC address. Non-matching packets will be dropped. If the link belongs to a zone, turning mac-nospoof on will prevent the zone's owner from modifying the link's MAC address.
IP address anti-spoof. This protection type works in conjunction with the link property allowed-ips.
allowed-ips is a list containing IP (IPv4 or IPv6) addresses. This list is empty by default. Addresses that are implicitly in this list are: the link local IPv6 address conforming to RFC 2464 (derived from the link's MAC address); IPv4/IPv6 addresses learned from DHCP replies; the unspecified (all-zeros) IPv4/IPv6 address.
An outbound IP packet can pass if its source address is in allowed-ips.
An outbound ARP packet can pass if its sender protocol address is in allowed-ips.
When a datalink has been protected by setting allowed-ips to a set of one or more IP addresses, any attempts to configure IP addresses that are not in this set will fail with an EPERM error being returned to the user. Moreover, the interface may not be used for forwarding IP packets, and attempts to set the ipadm(1M) forwarding property on the interface will encounter an EPERM error.
DHCP client ID (DUID for DHCPv6) and hardware address anti-spoof. This protection type works in conjunction with the link property allowed-dhcp-cids.
Items in the allowed-dhcp-cids list should be formatted in the same way as the CLIENT_ID field in the /etc/default/dhcpagent file. The only difference is that . (period) should be used in place of , (comma) when specifying DUIDs. See dhcpagent(1M) for details.
An outbound DHCP (v4/v6) packet can pass only if these conditions are satisfied:
If allowed-dhcp-cids is not configured and the packet type is:
DHCPv4, the client ID field must match the configured MAC address.
DHCPv6, the DUID must be of type 1 or 3 and the link layer address part of the DUID must match the configured MAC address.
If allowed-dhcp-cids is configured and the packet type is:
DHCPv4, the client ID field must match one of the IDs on this list or the configured MAC address.
DHCPv6, the DUID field must match one of the IDs on this list or, the DUID must be of type 1 or 3 and the link layer address part of the DUID matches the configured MAC address.
This protection restricts outgoing packet types to just IPv4, IPv6, and ARP.
An IPv6 address.
When the VDP service is enabled on a VNIC, properties of the VNIC are exchanged with the bridge using a 3-byte VSI Type ID and 1-byte VSI Version. A VSI Manager maintains the mapping between the {VSI Type ID-VSI Version} and the set of properties. The {VSI Manager ID, VSI Type id, VSI Version} tuple identifies a specific set of properties.
On a VNIC, the vsi-mgrid can be explicitly assigned. If the vsi-mgrid is not explicitly assigned, the vsi-mgrid is set to the vsi-mgrid value of the underlying link.
On physical link, vsi-mgrid specifies the default vsi-manageid for all the VNICs over it. The default value of the vsi-mgrid on a physical link is 0.
The default VSI Manager ID on a physical link is associated with the Oracle VSI Manager (oracle_v1). The Oracle VSI Manager is defined as a 3-byte encoding using the following link properties:
Bits Properties -------------------------------------------------- 0-4 Link Bandwidth Limit 00000-10100 : 0-100% of link speed in increments of 5% rest : reserved 5-7 Link Speed 000 - Unknown 001 - 10 Mbps 010 - 100 Mbps 011 - 1 Gbps 100 - 10 Gbps 101 - 40 Gbps 110 - 100 Gbps 111 - Reserved 8-12 Reserved 13-15 Traffic Class (0-7) 16-17 Link MTU 00 - 1500 bytes 01 - 9000 bytes 10 - Custom 11 - Reserved 18-23 Reserved
A read-only property for VNICs. The effective VSI Manager ID on a virtual link.
The encoding associated with the physical link's vsi-mgrid. Supported values include oracle_v1 and none. If this property is set to none, the vsi-typeid and vsi-vers are not automatically generated over this link for VNICs that do not have their vsi-mgrid explicitly set.
A read-only property for VNICs. The effective VSI Manager ID encoding used for a virtual link.
A 3-byte value that is used to determine the properties associated with a VNIC. The vsi-typeid is used along with the vsi-vers and vsi-mgrid to obtain the actual properties associated with the VNIC. When the vsi-mgrid is not explicitly on the VNIC, the vsi-typeid is automatically generated using the properties of the VNIC and the above encoding (oracle_v1).
A read-only property. The effective VSI Type ID on a link.
A 1-byte value that is used to determine the properties associated with a VNIC. The vsi-vers is used along with the vsi-typeid and vsi-mgrid to obtain the actual properties associated with the VNIC. When the vsi-mgrid is not explicitly on the VNIC, the vsi-vers is set to 0.
A read-only property. The effective VSI Version on a link.
Specifies the zone to which the link belongs. This property can be modified only temporarily through dladm, and thus the -t option must be specified. To modify the zone assignment such that it persists across reboots, please use zonecfg(1M). Possible values consist of any exclusive-IP zone currently running on the system. By default, the zone binding is as per zonecfg(1M).
The following WiFi link properties are supported. Note that the ability to set a given property to a given value depends on the driver and hardware.
Specifies the channel to use. This property can be modified only by certain WiFi links when in IBSS mode. The default value and allowed range of values varies by regulatory domain.
Specifies the power management mode of the WiFi link. Possible values are off (disable power management), max (maximum power savings), and fast (performance-sensitive power management). Default is off.
Specifies the radio mode of the WiFi link. Possible values are on or off. Default is on.
Specifies a fixed speed for the WiFi link, in megabits per second. The set of possible values depends on the driver and hardware (but is shown by show-linkprop); common speeds include 1, 2, 11, and 54. By default, there is no fixed speed.
The following MII Properties, as documented in ieee802.3(5), are supported in read-only mode:
duplex
state
adv_autoneg_cap
adv_10gfdx_cap
adv_1000fdx_cap
adv_1000hdx_cap
adv_100fdx_cap
adv_100hdx_cap
adv_10fdx_cap
adv_10hdx_cap
Each adv_ property (for example, adv_10fdx_cap) also has a read/write counterpart en_ property (for example, en_10fdx_cap) controlling parameters used at auto-negotiation. In the absence of Power Management, the adv* speed/duplex parameters provide the values that are both negotiated and currently effective in hardware. However, with Power Management enabled, the speed/duplex capabilities currently exposed in hardware might be a subset of the set of bits that were used in initial link parameter negotiation. Thus the MII adv_* parameters are marked read-only, with an additional set of en_* parameters for configuring speed and duplex properties at initial negotiation.
Note that the adv_autoneg_cap does not have an en_autoneg_cap counterpart: the adv_autoneg_cap is a 0/1 switch that turns off/on autonegotiation itself, and therefore cannot be impacted by Power Management.
In addition, the following Ethernet properties are reported:
Establishes flow-control modes that will be advertised by the device. Valid input is one of:
Flow control mode on the device is dynamically determined. To see the actual flow control mode set on the device, check the flowctrl-effective link property.
No flow control enabled.
Receive, and act upon incoming pause frames.
Transmit pause frames to the peer when congestion occurs, but ignore received pause frames.
Transmit pause frames including the priority value of the traffic that should be paused. Receive pause frames, and act upon the traffic whose priority values are specified in the frame.
Bidirectional flow control.
Note that the actual settings for this value are constrained by the capabilities allowed by the device and the link partner.
Specifies wait period between VID announcement broadcasts, in milliseconds.
Actual flow-control mode configured on the device. When flowctrl property is set to auto, this indicates the flow control mode that is in effect. This is a read-only property.
The maximum client SDU (Send Data Unit) supported by the device. Valid range is 68-65536.
The number of Traffic Classes supported on the device. A device supporting extensions for DCB (Data Center Bridging) can support multiple traffic classes. This property can be used to determine if the device supports DCB extensions. This is a read-only property.
This property is used to indicate the 802.1p priority values for which PFC (Priority-based flow control) is enabled. This is an 8-bit mask, in which an individual bit signifies whether PFC is enabled for the corresponding priority. For priorities that have PFC enabled, the device will transmit a pause frame for that priority in the event of congestion. This is relevant only if ntcs is greater than zero and flowctrl-effective is pfc.
This property is used to indicate the PFC configuration of the remote peer, usually an adjacent switch.
This property is used to indicate the effective PFC configuration on the system. The value can be pfcmap or pfcmap-rmt-effective depending on LLDP DCBx negotiations.
(read-only) The operating speed of the device, in Mbps.
This link property controls the conditions in which 802.1Q VLAN tags will be inserted in packets being transmitted on the link. Two mode values can be assigned to this property:
Insert a VLAN tag in outgoing packets under the following conditions:
The packet belongs to a VLAN.
The user requested priority tagging.
Insert a VLAN tag only when the outgoing packet belongs to a VLAN. If a tag is being inserted in this mode and the user has also requested a non-zero priority, the priority is honored and included in the VLAN tag.
The default value is vlanonly.
This property controls automatic VLAN ID anouncement. When enabled, it broadcasts the VIDs of any VNICs or VLANs configured on the device. It supports both physical links and aggregations. Possible values are:
No VID announcements will be sent.
Announcements sent using GVRP protocol, as defined in 802.1D. See gvrp-timeout to configure broadcast frequency.
The following properties are supported only on IB partition object links.
Sets the link transport service type on an IB partition datalink. The default value is cm. Valid values are:
Connected Mode. This mode uses a default MTU of 65520 and supports a maximum MTU of 65535 bytes. If Connected Mode is not available for a remote node, Unreliable Datagram mode will automatically be used instead.
Unreliable Datagram Mode. This mode uses a default MTU of 2044 and supports a maximum MTU of 4092 bytes.
The following IP tunnel link properties are supported.
Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating outer IP header of a tunnel link. This property exists for all tunnel types. The default value is 64.
Specifies the IPv6 encapsulation limit for an IPv6 tunnel as defined in RFC 2473. This value is the tunnel nesting limit for a given tunneled packet. The default value is 4. A value of 0 disables the encapsulation limit.
Example 1 Display Datalink Configuration
The following command shows the effect of invoking dladm with no arguments.
# dladm LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- net2 phys 1500 unknown -- net3 phys 1500 up -- vnic1 vnic 1500 up net1 vlan1 vlan 1500 up net1 aggr1 aggr 1500 up net2 net3 stub1 etherstub 9000 unknown --
Example 2 Configuring an Aggregation
To configure a data-link over an aggregation of devices bge0 (linkname net0) and bge1 (linkname net1) with key 1, enter the following command:
# dladm create-aggr -l net0 -l net1 1
To configure an IEEE 802.3ad link aggregation of devices e1000g1 (linkname net0) and e1000g2 (linkname net1) with the name aggr1, enter following command:
# dladm create-aggr -l net0 -l net1 aggr1
To configure an Datalink Multipathing (dlmp) link aggregation of devices ixgbe1 (linkame net2) and ixgbe2 (linkname net3) with the name aggr2 enter following command:
# dladm create-aggr -m dlmp -l net2 -l net3 aggr2
To list aggregations, enter following command:
# dladm show-aggr LINK MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER aggr1 trunk L4 auto off short aggr2 dlmp -- -- -- --
Example 3 Connecting to a WiFi Link
To connect to the most optimal available unsecured network on a system with a single WiFi link (as per the prioritization rules specified for connect-wifi), enter the following command:
# dladm connect-wifi
Example 4 Creating a WiFi Key
To interactively create the WEP key mykey, enter the following command:
# dladm create-secobj -c wep mykey
Alternatively, to non-interactively create the WEP key mykey using the contents of a file:
# umask 077 # cat >/tmp/mykey.$$ <<EOF 12345 EOF # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey # rm /tmp/mykey.$$
Example 5 Connecting to a Specified Encrypted WiFi Link
To use key mykey to connect to ESSID wlan on link ath0, enter the following command:
# dladm connect-wifi -k mykey -e wlan ath0
Example 6 Changing a Link Property
To set powermode to the value fast on link pcwl0, enter the following command:
# dladm set-linkprop -p powermode=fast pcwl0
Example 7 Connecting to a WPA-Protected WiFi Link
Create a WPA key psk and enter the following command:
# dladm create-secobj -c wpa psk
To then use key psk to connect to ESSID wlan on link ath0, enter the following command:
# dladm connect-wifi -k psk -e wlan ath0
Example 8 Renaming a Link
To rename the bge0 link to mgmt0, enter the following command:
# dladm rename-link bge0 mgmt0
Example 9 Replacing a Network Card
Consider that the bge0 device, whose link was named mgmt0 as shown in the previous example, needs to be replaced with a ce0 device because of a hardware failure. The bge0 NIC is physically removed, and replaced with a new ce0 NIC. To associate the newly added ce0 device with the mgmt0 configuration previously associated with bge0, enter the following command:
# dladm rename-link ce0 mgmt0
Example 10 Removing a Network Card
Suppose that in the previous example, the intent is not to replace the bge0 NIC with another NIC, but rather to remove and not replace the hardware. In that case, the mgmt0 datalink configuration is not slated to be associated with a different physical device as shown in the previous example, but needs to be deleted. Enter the following command to delete the datalink configuration associated with the mgmt0 datalink, whose physical hardware (bge0 in this case) has been removed:
# dladm delete-phys mgmt0
Example 11 Using Parseable Output to Capture a Single Field
The following assignment saves the MTU of link net0 to a variable named mtu.
# mtu=`dladm show-link -p -o mtu net0`
Example 12 Using Parseable Output to Iterate over Links
The following script displays the state of each link on the system.
# dladm show-link -p -o link,state | while IFS=: read link state; do print "Link $link is in state $state" done
Example 13 Configuring VNICs
Create two VNICs with names hello0 and test1 over a single physical link net0:
# dladm create-vnic -l net0 hello0 # dladm create-vnic -l net0 test1
Example 14 Configuring VNICs and Allocating Bandwidth and Priority
Create two VNICs with names hello0 and test1 over a single physical link net0 and make hello0 a high priority VNIC with a factory-assigned MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low priority VNIC with a random MAC address and a maximum bandwidth of 100Mbps.
# dladm create-vnic -l net0 -m factory -p maxbw=50,priority=high hello0 # dladm create-vnic -l net0 -m random -p maxbw=100M,priority=low test1
Example 15 Configuring a VNIC with a Factory MAC Address
First, list the available factory MAC addresses and choose one of them:
# dladm show-phys -m net0 LINK SLOT ADDRESS INUSE CLIENT net0 primary 0:e0:81:27:d4:47 yes net0 net0 1 8:0:20:fe:4e:a5 no net0 2 8:0:20:fe:4e:a6 no net0 3 8:0:20:fe:4e:a7 no
Create a VNIC named hello0 and use slot 1's address:
# dladm create-vnic -l net0 -m factory -n 1 hello0 # dladm show-phys -m net0 LINK SLOT ADDRESS INUSE CLIENT net0 primary 0:e0:81:27:d4:47 yes net0 net0 1 8:0:20:fe:4e:a5 yes hello0 net0 2 8:0:20:fe:4e:a6 no net0 3 8:0:20:fe:4e:a7 no
Example 16 Creating a VNIC with User-Specified MAC Address, Binding it to Set of Processors
Create a VNIC with name hello0, with a user specified MAC address, and a processor binding 0, 2, 4-6.
# dladm create-vnic -l net0 -m 8:0:20:fe:4e:b8 -p cpus=0,2,4-6 hello0
Example 17 Creating a Virtual Network Without a Physical NIC
First, create an etherstub with name stub1:
# dladm create-etherstub stub1
Create two VNICs with names hello0 and test1 on the etherstub. This operation implicitly creates a virtual switch connecting hello0 and test1.
# dladm create-vnic -l stub1 hello0 # dladm create-vnic -l stub1 test1
Example 18 Displaying Bridge Information
The following commands use the show-bridge subcommand with no and various options.
# dladm show-bridge BRIDGE PROTECT ADDRESS PRIORITY DESROOT foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38 bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38 # dladm show-bridge -l foo LINK STATE UPTIME DESROOT hme0 forwarding 117 8192/0:d0:0:76:14:38 qfe1 forwarding 117 8192/0:d0:0:76:14:38 # dladm show-bridge -s foo BRIDGE DROPS FORWARDS foo 0 302 # dladm show-bridge -ls foo LINK DROPS RECV XMIT hme0 0 360832 31797 qfe1 0 322311 356852 # dladm show-bridge -f foo DEST AGE FLAGS OUTPUT 8:0:20:bc:a7:dc 10.860 -- hme0 8:0:20:bf:f9:69 -- L hme0 8:0:20:c0:20:26 17.420 -- hme0 8:0:20:e5:86:11 -- L qfe1
Example 19 Creating an IPv4 Tunnel
The following sequence of commands creates and then displays a persistent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:
# dladm create-iptun -T ipv4 -a local=66.1.2.3,remote=192.4.5.6 mytunnel0 # dladm show-iptun mytunnel0 LINK TYPE FLAGS SOURCE DESTINATION mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
A point-to-point IP interface can then be created over this tunnel link:
# ipadm create-ip mytunnel0 # ipadm create-addr -T static -a local=10.1.0.1,remote=10.1.0.2 \ mytunnel0/addr # ipadm show-addr mytunnel0/addr ADDROBJ TYPE STATE ADDR mytunnel0/addr static ok 10.1.0.1->10.1.0.2
Example 20 Creating a 6to4 Tunnel
The following command creates a 6to4 tunnel link. The IPv4 address of the 6to4 router is 75.10.11.12.
# dladm create-iptun -T 6to4 -a local=75.10.11.12 sitetunnel0 # dladm show-iptun sitetunnel0 LINK TYPE FLAGS SOURCE DESTINATION sitetunnel0 6to4 -- 75.10.11.12 --
The following command creates an IPv6 interface on this tunnel:
# ipadm create-ip sitetunnel0 # ipadm show-addr sitetunnel0/_a ADDROBJ TYPE STATE ADDR sitetunnel0/_a static ok 2002:4b0a:b0c::1/16
Note that the system automatically configures the IPv6 address on the 6to4 IP interface. See ipadm(1M) for a description of how IPv6 addresses are configured on 6to4 tunnel links.
Example 21 Using Link Protection
To enable link protection:
# dladm set-linkprop \ -p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0
To disable link protection:
# dladm reset-linkprop -p protection vnic0
To modify the allowed-ips list:
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0
To modify the allowed-dhcp-cids list:
# dladm set-linkprop -p allowed-dhcp-cids=hello vnic0
To display the resulting configuration:
# dladm show-linkprop -p protection,allowed-ips vnic0 LINK PROPERTY PERM VALUE DEFAULT POSSIBLE vnic0 protection rw mac-nospoof, -- mac-nospoof, restricted, restricted, ip-nospoof, ip-nospoof, dhcp-nospoof dhcp-nospoof vnic0 allowed-ips rw 10.0.0.1, -- -- 10.0.0.2 vnic0 allowed-dhcp-cids rw hello -- --
Example 22 Creating an IB Partition
The following command creates a partition ffff.ibp0 with partition key 0xffff on the physical link ibp0.
# dladm create-part -P ffff -l ibp0 ffff.ibp0
Example 23 Displaying IB Partition Information
The following command displays IB partition information.
# dladm show-part LINK PKEY OVER STATE FLAGS ffff.ibp0 FFFF ibp0 up ----
Example 24 Displaying IB Data Links Information
The following command displays IB data links information.
# dladm show-ib LINK HCAGUID PORTGUID PORT STATE PKEYS net0 3BA000100CD7C 3BA000100CD7D 1 down FFFF net1 3BA000100CD7C 3BA000100CD7E 2 down FFFF net3 5AD0000033634 5AD0000033636 2 up FFFF,8001 net2 5AD0000033634 5AD0000033635 1 up FFFF,8001
Example 25 Deleting a Partition
The following command deletes the partition ffff.ibp0.
# dladm delete-part ffff.ibp0
Example 26 Using show-link to Display Partition Information
The following command uses the show-link subcommand to display partition information.
# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 1500 unknown -- net0 phys 65520 down -- net3 phys 65520 up -- net2 phys 65520 up -- net1 phys 65520 down -- pffff.ibp0 part 2044 down ibp0 p8001.ibp2 part 65520 unknown ibp2
Example 27 Displaying Links in All Zones from the Global Zone
The show-link command shown below displays data links in all zones from the global zone. Links that are not in the global zone are displayed with the zonename prefix followed by the slash (/) separator.
In this example, net0 is a VNIC created in the global zone, zone1/net0 is an automatically created VNIC for zone1, and zone2/net0 is an automatically created VNIC for zone2.
# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 8170 unknown -- e1000g2 phys 1500 unknown -- e1000g3 phys 1500 unknown -- net0 vnic 1500 up e1000g0 zone1/net0 vnic 1500 up e1000g0 zone2/net0 vnic 1500 up e1000g0
Example 28 Displaying Links in the Global Zone
The following show-link command displays data links in the global zone only.
# dladm show-link -z global LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 8170 unknown -- e1000g2 phys 1500 unknown -- e1000g3 phys 1500 unknown -- net0 vnic 1500 up e1000g0
Example 29 Displaying Links for a Specified Zone
The following show-link command displays data links in a specific, non-global zone.
# dladm show-link -z zone1 LINK CLASS MTU STATE OVER zone1/net0 vnic 1500 up e1000g0
Example 30 Displaying Links for a Specified Zone from the Global Zone
The following show-link command displays, from the global zone, data links in a specific, non-global zone.
# dladm show-link -z zone1 LINK CLASS MTU STATE OVER zone1/net0 vnic 1500 up e1000g0
Example 31 Displaying Links in a Non-Global Zone
The following show-link shown below is invoked from zone1 and displays only data links for that zone.
Note that, in show-link output, the zone1/ prefix is not displayed. The prefix is not displayed because the command was invoked from within the zone.
# zlogin zone1 # dladm show-link -z zone1 LINK CLASS MTU STATE OVER net0 vnic 1500 up ?
Example 32 Using -Z Option to Display the Current Zone
The command below presumes the following conditions:
The link net1 is currently assigned to zoneA. The entries net1 and zoneA/net1 represents the same link. The ZONE column for these two entries is the same and is the name of the zone to which the link is currently assigned.
The link net2 is not assigned to any non-global zone.
The link zoneB/net2 is an automatic VNIC created for zoneB.
The link zoneC/net2 is an automatic VNIC created for zoneC.
The link zoneD/net2 is an IP tunnel created inside zoneD. Unlike for net1, each entry for net2 represents a different link. The ZONE column for these entries is different.
# dladm show-link -Z LINK ZONE CLASS MTU STATE OVER e1000g0 global phys 1500 up -- e1000g1 global phys 1500 up -- net1 zoneA vnic 1500 up e1000g0 zoneA/net1 zoneA vnic 1500 up e1000g0 net2 global vnic 1500 up e1000g1 zoneB/net2 zoneB vnic 1500 up e1000g1 zoneC/net2 zoneC vnic 1500 up e1000g1 zoneD/net2 zoneD iptun 65515 up --
Example 33 Displaying VDP Information
The following command displays VDP information for vnic1.
# dladm show-ether -P vdp vnic1 LINK VSI VSIID VSI-TYPEID VSI-STATE CMD-PENDING ixgbe1 vnic1 2:8:20:3:2:b 0x58/0 ASSOC DEASSOC
Example 34 Displaying ECP Information
The following command displays ECP information for ixgbe1.
# dladm show-ether -P ecp ixgbe1 LINK SEQNO ACKNO LAST-ACK MAX-RETRIES TIMEOUTS ixgbe1 65535 25660 0 3 164
Example 35 Setting the VSI Manager ID, VSI Type, and VSI Version
The following commands set the VSI Manager ID, VSI Type, and VSI Version on vnic1.
# dladm set-linkprop -p vsi-mgrid=fe80::214:4fff:fec2:67c8 vnic1 # dladm set-linkprop -p vsi-typeid=0x64,vsi-vers=1 vnic1
Example 36 Migrating a VLAN, Modifying its VLAN-ID
The following command sequence shows how you migrate a VLAN and modify its VLAN-ID.
# dladm show-vlan vlan0 LINK VID OVER FLAGS vlan0 100 net0 ----- # dladm modify-vlan -l net1 -v 200 vlan0 # dladm show-vlan vlan0 LINK VID OVER FLAGS vlan0 200 net1 -----
Example 37 Migrating Multiple VNICs
The following command sequence shows how you migrate multiple VNICs.
# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 net0 1000 2:8:20:ec:c4:1d random 0 vnic1 net0 1000 2:8:20:ec:c4:1e random 0 # dladm modify-vnic -l net1 -L net0 # dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 net1 1000 2:8:20:ec:c4:1d random 0 vnic1 net1 1000 2:8:20:ec:c4:1e random 0
Example 38 Migrating a VNIC and Modifying its MAC Address
The following command sequence shows how you migrate a VNIC and modify its MAC address.
# dladm show-vnic vnic0 LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 net0 1000 2:8:20:ec:c4:1d random 0 # dladm modify-vnic -l net1 -m 2:8:20:00:01:02 vnic0 # dladm show-vnic vnic0 LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 net1 1000 2:8:20:0:1:2 fixed 0
Example 39 Configuring cos and ETS Bandwidth
The following example creates a VNIC with name vnic1 over the physical link net1 and assigns to it a cos value of 3.
# dladm create-vnic -p cos=3 -l net1 vnic1
All packets transmitted by vnic1 will have a VLAN header with the priority field set to 3.
Additionally, if the underlying physical NIC has registered DCB capability, an ETS bandwidth can be assigned to vnic1. The following commands assume the LLDP package is not installed or enabled.
Check if the underlying NIC has registered DCB capability using the ntcs link property. If the value of ntcs is non-zero, the underlying NIC has registered DCB capability.
# dladm show-linkprop -p ntcs net1
The following command assigns an ETS bandwidth of 10% of the link's bandwidth to vnic1.
# dladm set-linkprop -p etsbw_lcl=10 vnic1
Note if the maxbw link property has also been set, then the traffic is limited by the maxbw value.
With the LLDP package (service/network/lldp) installed and enabled, the ETS bandiwdth configuration will follow the IEEE 802.1Qaz specification.
The LLDP ETS TLV willing property determines whether the local or the remote's configuration is effective.
The etsbw-lcl-advice link property indicates the value recommended by the remote, if available. The etsbw-lcl-effective link property will indicate the actual ETS bandwidth assigned to vnic1, as shown below.
# dladm show-linkprop -p etsbw-lcl-advice,etsbw-lcl-effective vnic1
Example 40 Displaying Help
The following command illustrates the use of invoking the help subcommand without arguments.
# dladm help The following subcommands are supported: Bridge subcommands : add-bridge, create-bridge, delete-bridge, modify-bridge, remove-bridge, show-bridge Etherstub subcommands : create-etherstub, delete-etherstub, show-etherstub IB subcommands : create-part, delete-part, show-ib, show-part IP tunnel subcommands : create-iptun, delete-iptun, modify-iptun, show-iptun Link Aggregation subcommands: add-aggr, create-aggr, delete-aggr, modify-aggr, remove-aggr, show-aggr Link subcommands : rename-link, reset-linkprop, set-linkprop, show-link, show-linkprop Secure Object subcommands : create-secobj, delete-secobj, show-secobj VLAN subcommands : create-vlan, delete-vlan, show-vlan VNIC subcommands : create-vnic, delete-vnic, show-vnic Wifi subcommands : connect-wifi, disconnect-wifi, scan-wifi, show-wifi Miscellaneous subcommands : delete-phys, show-ether, show-phys, show-usage For more info, run: dladm help subcommand
The following command illustrates the use of invoking the help subcommand with a specific subcommand.
# dladm help create-vnic usage: create-vnic [-t] -l link [-m value | auto | {factory [-n slot-id]} | {random [-r prefix]} | {vrrp -V vrid -A {inet | inet6}} [-v vid [-f]] [-p prop=value[,...]] vnic-link example: # dladm create-vnic -l net0 -m factory -n 2 -p mtu=1200 vnic1
See attributes(5) for descriptions of the following attributes:
/usr/sbin
|
/sbin
|
Note that, for both /usr/sbin and /sbin, the -s and -i options to the show-aggr, show-link and show-vnic subcommands are Committed Obsolete.
Note that, for both /usr/sbin and /sbin, show-linkprop's *effective properties have an interface stability of Volatile.
Note that the bridge-related subcommands, described with dladm subcommands above, require installation of the pkg://solaris/network/bridging package.
acctadm(1M), autopush(1M), dhcpagent(1M), dlstat(1M), ifconfig(1M), ipadm(1M), ipsecconf(1M), lldpadm(1M), ndd(1M), pooladm(1M), poolcfg(1M), psrset(1M), vrrpadm(1M), wpad(1M), zonecfg(1M), attributes(5), ieee802.3(5), dlpi(7P)
The preferred method of referring to an aggregation in the aggregation subcommands is by its link name. Referring to an aggregation by its integer key is supported for backward compatibility, but is not necessary. When creating an aggregation, if a key is specified instead of a link name, the aggregation's link name will be automatically generated by dladm as aggrkey.