1
2
3
4 System Administration Commands ifconfig(1M)
5
6
7
8 NAME
9 ifconfig - configure network interface parameters
10
11 SYNOPSIS
12 ifconfig interface [address_family] [address [/prefix_length]
13 [dest_address]] [addif address [/prefix_length]]
14 [removeif address [/prefix_length]] [arp | -arp]
15 [auth_algs authentication algorithm] [encr_algs encryption algorithm]
16 [encr_auth_algs authentication algorithm] [auto-revarp]
17 [broadcast address] [deprecated | -deprecated]
18 [preferred | -preferred] [destination dest_address]
19 [ether [address]] [failover | -failover] [group
20 [name | ""]] [index if_index] [metric n] [modlist]
21 [modinsert mod_name@pos] [modremove mod_name@pos]
22 [mtu n] [netmask mask] [plumb] [unplumb] [private
23 | -private] [nud | -nud] [set [address] [/netmask]]
24 [standby | -standby] [subnet subnet_address] [tdst
25 tunnel_dest_address] [token address/prefix_length]
26 [tsrc tunnel_src_address] [trailers | -trailers]
27 [up] [down] [usesrc [name | none]] [xmit | -xmit]
28 [encaplimit n | -encaplimit] [thoplimit n] [router
29 | -router] [zone zonename | -zone | -all-zones]
30
31
32 ifconfig [address_family] interface {auto-dhcp | dhcp} [primary]
33 [wait seconds] drop | extend | inform | ping
34 | release | start | status
35
36
37 DESCRIPTION
38 The command ifconfig is used to assign an address to a net-
39 work interface and to configure network interface parame-
40 ters. The ifconfig command must be used at boot time to
41 define the network address of each interface present on a
42 machine; it may also be used at a later time to redefine an
43 interface's address or other operating parameters. If no
44 option is specified, ifconfig displays the current confi-
45 guration for a network interface. If an address family is
46 specified, ifconfig reports only the details specific to
47 that address family. Only privileged users may modify the
48 configuration of a network interface. Options appearing
49 within braces ({}) indicate that one of the options must be
50 specified.
51
52 DHCP Configuration
53 The forms of ifconfig that use the auto-dhcp or dhcp argu-
54 ments are used to control the Dynamic Host Configuration
55 Protocol ("DHCP") configuration of the interface. In this
56 mode, ifconfig is used to control operation of
57 dhcpagent(1M), the DHCP client daemon. Once an interface is
58 placed under DHCP control by using the start operand, ifcon-
59 fig should not, in normal operation, be used to modify the
60
61
62
63 SunOS 5.11 Last change: 21 Jan 2007 1
64
65
66
67
68
69
70 System Administration Commands ifconfig(1M)
71
72
73
74 address or characteristics of the interface. If the address
75 of an interface under DHCP is changed, dhcpagent will remove
76 the interface from its control.
77
78 OPTIONS
79 The following options are supported:
80
81 addif address
82
83 Create the next unused logical interface on the speci-
84 fied physical interface. If the physical interface is
85 part of a multipathing group, the logical interface can
86 be added to a different physical interface in the same
87 group.
88
89
90 all-zones
91
92 Make the interface available to every shared-IP zone on
93 the system. The appropriate zone to which to deliver
94 data is determined using the tnzonecfg database. This
95 option is available only if the system is configured
96 with the Solaris Trusted Extensions feature.
97
98 The tnzonecfg database is described in the tnzonecfg(4)
99 man page, which is part of the Solaris Trusted Exten-
100 sions Reference Manual.
101
102
103 anycast
104
105 Marks the logical interface as an anycast address by
106 setting the ANYCAST flag. See "INTERFACE FLAGS," below,
107 for more information on anycast.
108
109
110 -anycast
111
112 Marks the logical interface as not an anycast address by
113 clearing the ANYCAST flag.
114
115
116 arp
117
118 Enable the use of the Address Resolution Protocol
119 ("ARP") in mapping between network level addresses and
120 link level addresses (default). This is currently imple-
121 mented for mapping between IPv4 addresses and MAC
122 addresses.
123
124
125
126
127
128
129 SunOS 5.11 Last change: 21 Jan 2007 2
130
131
132
133
134
135
136 System Administration Commands ifconfig(1M)
137
138
139
140 -arp
141
142 Disable the use of the ARP on a physical interface.
143
144
145 auth_algs authentication algorithm
146
147 For a tunnel, enable IPsec AH with the authentication
148 algorithm specified. The algorithm can be either a
149 number or an algorithm name, including any to express no
150 preference in algorithm. All IPsec tunnel properties
151 must be specified on the same command line. To disable
152 tunnel security, specify an auth_alg of none.
153
154 It is now preferable to use the ipsecconf(1M) command
155 when configuring a tunnel's security properties. If
156 ipsecconf was used to set a tunnel's security proper-
157 ties, this keyword will not affect the tunnel.
158
159
160 auto-dhcp
161
162 Use DHCP to automatically acquire an address for this
163 interface. This option has a completely equivalent alias
164 called dhcp.
165
166 For IPv6, the interface specified must be the zeroth
167 logical interface (the physical interface name), which
168 has the link-local address.
169
170 primary
171
172 Defines the interface as the primary. The interface
173 is defined as the preferred one for the delivery of
174 client-wide configuration data. Only one interface
175 can be the primary at any given time. If another
176 interface is subsequently selected as the primary,
177 it replaces the previous one. Nominating an inter-
178 face as the primary one will not have much signifi-
179 cance once the client work station has booted, as
180 many applications will already have started and been
181 configured with data read from the previous primary
182 interface.
183
184
185 wait seconds
186
187 The ifconfig command will wait until the operation
188 either completes or for the interval specified,
189 whichever is the sooner. If no wait interval is
190 given, and the operation is one that cannot complete
191 immediately, ifconfig will wait 30 seconds for the
192
193
194
195 SunOS 5.11 Last change: 21 Jan 2007 3
196
197
198
199
200
201
202 System Administration Commands ifconfig(1M)
203
204
205
206 requested operation to complete. The symbolic value
207 forever may be used as well, with obvious meaning.
208
209
210 drop
211
212 Remove the specified interface from DHCP control
213 without notifying the DHCP server, and record the
214 current lease for later use. Additionally, for IPv4,
215 set the IP address to zero and mark the interface as
216 "down." For IPv6, unplumb all logical interfaces
217 plumbed by dhcpagent.
218
219
220 extend
221
222 Attempt to extend the lease on the interface's IP
223 address. This is not required, as the agent will
224 automatically extend the lease well before it
225 expires.
226
227
228 inform
229
230 Obtain network configuration parameters from DHCP
231 without obtaining a lease on IP addresses. This is
232 useful in situations where an IP address is obtained
233 through mechanisms other than DHCP.
234
235
236 ping
237
238 Check whether the interface given is under DHCP con-
239 trol, which means that the interface is managed by
240 the DHCP agent and is working properly. An exit
241 status of 0 means success.
242
243
244 release
245
246 Relinquish the IP addresses on the interface by
247 notifying the server and discard the current lease.
248 For IPv4, mark the interface as "down." For IPv6,
249 all logical interfaces plumbed by dhcpagent are
250 unplumbed.
251
252
253 start
254
255 Start DHCP on the interface.
256
257
258
259
260
261 SunOS 5.11 Last change: 21 Jan 2007 4
262
263
264
265
266
267
268 System Administration Commands ifconfig(1M)
269
270
271
272 status
273
274 Display the DHCP configuration status of the inter-
275 face.
276
277
278
279 auto-revarp
280
281 Use the Reverse Address Resolution Protocol (RARP) to
282 automatically acquire an address for this interface.
283 This will fail if the interface does not support RARP;
284 for example, IPoIB (IP over InfiniBand), and on IPv6
285 interfaces.
286
287
288 broadcast address
289
290 For IPv4 only. Specify the address to use to represent
291 broadcasts to the network. The default broadcast address
292 is the address with a host part of all 1's. A "+" (plus
293 sign) given for the broadcast value causes the broadcast
294 address to be reset to a default appropriate for the
295 (possibly new) address and netmask. The arguments of
296 ifconfig are interpreted left to right. Therefore
297
298 example% ifconfig -a netmask + broadcast +
299
300
301 and
302
303 example% ifconfig -a broadcast + netmask +
304
305
306 may result in different values being assigned for the
307 broadcast addresses of the interfaces.
308
309
310 deprecated
311
312 Marks the logical interface as deprecated. An address
313 associated with a deprecated interface will not be used
314 as source address for outbound packets unless either
315 there are no other addresses available on the interface
316 or the application has bound to this address explicitly.
317 The status display shows DEPRECATED as part of flags.
318 See for information on the flags supported by ifconfig.
319
320
321 -deprecated
322
323 Marks a logical interface as not deprecated. An address
324
325
326
327 SunOS 5.11 Last change: 21 Jan 2007 5
328
329
330
331
332
333
334 System Administration Commands ifconfig(1M)
335
336
337
338 associated with such an interface could be used as a
339 source address for outbound packets.
340
341
342 preferred
343
344 Marks the logical interface as preferred. This option is
345 only valid for IPv6 addresses. Addresses assigned to
346 preferred logical interfaces are preferred as source
347 addresses over all other addresses configured on the
348 system, unless the address is of an inappropriate scope
349 relative to the destination address. Preferred addresses
350 are used as source addresses regardless of which physi-
351 cal interface they are assigned to. For example, you can
352 configure a preferred source address on the loopback
353 interface and advertise reachability of this address by
354 using a routing protocol.
355
356
357 -preferred
358
359 Marks the logical interface as not preferred.
360
361
362 destination dest_address
363
364 Set the destination address for a point-to point inter-
365 face.
366
367
368 dhcp
369
370 This option is an alias for option auto-dhcp
371
372
373 down
374
375 Mark a logical interface as "down". (That is, turn off
376 the IFF_UP bit.) When a logical interface is marked
377 "down," the system does not attempt to use the address
378 assigned to that interface as a source address for out-
379 bound packets and will not recognize inbound packets
380 destined to that address as being addressed to this
381 host. Additionally, when all logical interfaces on a
382 given physical interface are "down," the physical inter-
383 face itself is disabled.
384
385 When a logical interface is down, all routes that
386 specify that interface as the output (using the -ifp
387 option in the route(1M) command or RTA_IFP in a
388 route(7P) socket) are removed from the forwarding table.
389 Routes marked with RTF_STATIC are returned to the table
390
391
392
393 SunOS 5.11 Last change: 21 Jan 2007 6
394
395
396
397
398
399
400 System Administration Commands ifconfig(1M)
401
402
403
404 if the interface is brought back up, while routes not
405 marked with RTF_STATIC are simply deleted.
406
407 When all logical interfaces that could possibly be used
408 to reach a particular gateway address are brought down
409 (specified without the interface option as in the previ-
410 ous paragraph), the affected gateway routes are treated
411 as though they had the RTF_BLACKHOLE flag set. All
412 matching packets are discarded because the gateway is
413 unreachable.
414
415
416 encaplimit n
417
418 Set the tunnel encapsulation limit for the interface to
419 n. This option applies to IPv4-in-IPv6 and IPv6-in-IPv6
420 tunnels only. The tunnel encapsulation limit controls
421 how many more tunnels a packet may enter before it
422 leaves any tunnels, that is, the tunnel nesting level.
423
424
425 -encaplimit
426
427 Disable generation of the tunnel encapsulation limit.
428 This option applies only to IPv4-in-IPv6 and IPv6-in-
429 IPv6 tunnels.
430
431
432 encr_auth_algs authentication algorithm
433
434 For a tunnel, enable IPsec ESP with the authentication
435 algorithm specified. It can be either a number or an
436 algorithm name, including any or none, to indicate no
437 algorithm preference. If an ESP encryption algorithm is
438 specified but the authentication algorithm is not, the
439 default value for the ESP authentication algorithm will
440 be any.
441
442 It is now preferable to use the ipsecconf(1M) command
443 when configuring a tunnel's security properties. If
444 ipsecconf was used to set a tunnel's security proper-
445 ties, this keyword will not affect the tunnel.
446
447
448 encr_algs encryption algorithm
449
450 For a tunnel, enable IPsec ESP with the encryption algo-
451 rithm specified. It can be either a number or an algo-
452 rithm name. Note that all IPsec tunnel properties must
453 be specified on the same command line. To disable tunnel
454 security, specify the value of encr_alg as none. If an
455 ESP authentication algorithm is specified, but the
456
457
458
459 SunOS 5.11 Last change: 21 Jan 2007 7
460
461
462
463
464
465
466 System Administration Commands ifconfig(1M)
467
468
469
470 encryption algorithm is not, the default value for the
471 ESP encryption will be null.
472
473 It is now preferable to use the ipsecconf(1M) command
474 when configuring a tunnel's security properties. If
475 ipsecconf was used to set a tunnel's security proper-
476 ties, this keyword will not affect the tunnel.
477
478
479 ether [ address ]
480
481 If no address is given and the user is root or has suf-
482 ficient privileges to open the underlying device, then
483 display the current Ethernet address information.
484
485 Otherwise, if the user is root or has sufficient
486 privileges, set the Ethernet address of the interfaces
487 to address. The address is an Ethernet address
488 represented as x:x:x:x:x:x where x is a hexadecimal
489 number between 0 and FF. Similarly, for the IPoIB (IP
490 over InfiniBand) interfaces, the address will be 20
491 bytes of colon-separated hex numbers between 0 and FF.
492
493 Some, though not all, Ethernet interface cards have
494 their own addresses. To use cards that do not have their
495 own addresses, refer to section 3.2.3(4) of the IEEE
496 802.3 specification for a definition of the locally
497 administered address space. The use of multipathing
498 groups should be restricted to those cards with their
499 own addresses (see MULTIPATHING GROUPS).
500
501
502 -failover
503
504 Mark the logical interface as a non-failover interface.
505 Addresses assigned to non-failover logical interfaces
506 will not failover when the interface fails. Status
507 display shows NOFAILOVER as part of flags.
508
509
510 failover
511
512 Mark the logical interface as a failover interface. An
513 address assigned to such an interface will failover when
514 the interface fails. Status display does not show
515 NOFAILOVER as part of flags.
516
517
518 group [ name |""]
519
520 Insert the logical interface in the multipathing group
521 specified by name. To delete an interface from a group,
522
523
524
525 SunOS 5.11 Last change: 21 Jan 2007 8
526
527
528
529
530
531
532 System Administration Commands ifconfig(1M)
533
534
535
536 use a null string "". When invoked on the logical inter-
537 face with id zero, the status display shows the group
538 name.
539
540
541 index n
542
543 Change the interface index for the interface. The value
544 of n must be an interface index (if_index) that is not
545 used on another interface. if_index will be a non-zero
546 positive number that uniquely identifies the network
547 interface on the system.
548
549
550 metric n
551
552 Set the routing metric of the interface to n; if no
553 value is specified, the default is 0. The routing metric
554 is used by the routing protocol. Higher metrics have the
555 effect of making a route less favorable. Metrics are
556 counted as addition hops to the destination network or
557 host.
558
559
560 modinsert mod_name@pos
561
562 Insert a module with name mod_name to the stream of the
563 device at position pos. The position is relative to the
564 stream head. Position 0 means directly under stream
565 head.
566
567 Based upon the example in the modlist option, use the
568 following command to insert a module with name ipqos
569 under the ip module and above the firewall module:
570
571 example% ifconfig eri0 modinsert ipqos@2
572
573
574 A subsequent listing of all the modules in the stream of
575 the device follows:
576
577 example% ifconfig eri0 modlist
578 0 arp
579 1 ip
580 2 ipqos
581 3 firewall
582 4 eri
583
584
585
586
587
588
589
590
591 SunOS 5.11 Last change: 21 Jan 2007 9
592
593
594
595
596
597
598 System Administration Commands ifconfig(1M)
599
600
601
602 modlist
603
604 List all the modules in the stream of the device.
605
606 The following example lists all the modules in the
607 stream of the device:
608
609 example% ifconfig eri0 modlist
610 0 arp
611 1 ip
612 2 firewall
613 4 eri
614
615
616
617
618 modremove mod_name@pos
619
620 Remove a module with name mod_name from the stream of
621 the device at position pos. The position is relative to
622 the stream head.
623
624 Based upon the example in the modinsert option, use the
625 following command to remove the firewall module from the
626 stream after inserting the ipqos module:
627
628 example% ifconfig eri0 modremove firewall@3
629
630
631 A subsequent listing of all the modules in the stream of
632 the device follows:
633
634 example% ifconfig eri0 modlist
635 0 arp
636 1 ip
637 2 ipqos
638 3 eri
639
640
641 Note that the core IP stack modules, for example, ip and
642 tun modules, cannot be removed.
643
644
645 mtu n
646
647 Set the maximum transmission unit of the interface to n.
648 For many types of networks, the mtu has an upper limit,
649 for example, 1500 for Ethernet. This option sets the
650 FIXEDMTU flag on the affected interface.
651
652
653
654
655
656
657 SunOS 5.11 Last change: 21 Jan 2007 10
658
659
660
661
662
663
664 System Administration Commands ifconfig(1M)
665
666
667
668 netmask mask
669
670 For IPv4 only. Specify how much of the address to
671 reserve for subdividing networks into subnetworks. The
672 mask includes the network part of the local address and
673 the subnet part, which is taken from the host field of
674 the address. The mask contains 1's for the bit positions
675 in the 32-bit address which are to be used for the net-
676 work and subnet parts, and 0's for the host part. The
677 mask should contain at least the standard network por-
678 tion, and the subnet field should be contiguous with the
679 network portion. The mask can be specified in one of
680 four ways:
681
682 1. with a single hexadecimal number with a leading
683 0x,
684
685 2. with a dot-notation address,
686
687 3. with a "+" (plus sign) address, or
688
689 4. with a pseudo host name/pseudo network name
690 found in the network database networks(4).
691 If a "+" (plus sign) is given for the netmask value, the
692 mask is looked up in the netmasks(4) database. This
693 lookup finds the longest matching netmask in the data-
694 base by starting with the interface's IPv4 address as
695 the key and iteratively masking off more and more low
696 order bits of the address. This iterative lookup ensures
697 that the netmasks(4) database can be used to specify the
698 netmasks when variable length subnetmasks are used
699 within a network number.
700
701 If a pseudo host name/pseudo network name is supplied as
702 the netmask value, netmask data may be located in the
703 hosts or networks database. Names are looked up by first
704 using gethostbyname(3NSL). If not found there, the names
705 are looked up in getnetbyname(3SOCKET). These interfaces
706 may in turn use nsswitch.conf(4) to determine what data
707 store(s) to use to fetch the actual value.
708
709 For both inet and inet6, the same information conveyed
710 by mask can be specified as a prefix_length attached to
711 the address parameter.
712
713
714 nud
715
716 Enables the neighbor unreachability detection mechanism
717 on a point-to-point physical interface.
718
719
720
721
722
723 SunOS 5.11 Last change: 21 Jan 2007 11
724
725
726
727
728
729
730 System Administration Commands ifconfig(1M)
731
732
733
734 -nud
735
736 Disables the neighbor unreachability detection mechanism
737 on a point-to-point physical interface.
738
739
740 plumb
741
742 Open the device associated with the physical interface
743 name and set up the streams needed for IP to use the
744 device. When used with a logical interface name, this
745 command is used to create a specific named logical
746 interface. An interface must be separately plumbed for
747 use by IPv4 and IPv6. The address_family parameter con-
748 trols whether the ifconfig command applies to IPv4 or
749 IPv6.
750
751 Before an interface has been plumbed, the interface will
752 not show up in the output of the ifconfig -a command.
753
754
755 private
756
757 Tells the in.routed routing daemon that a specified log-
758 ical interface should not be advertised.
759
760
761 -private
762
763 Specify unadvertised interfaces.
764
765
766 removeif address
767
768 Remove the logical interface on the physical interface
769 specified that matches the address specified. When the
770 interface is part of a multipathing group, the logical
771 interface will be removed from the physical interface in
772 the group that holds the address.
773
774
775 router
776
777 Enable IP forwarding on the interface. When enabled, the
778 interface is marked ROUTER, and IP packets can be for-
779 warded to and from the interface.
780
781
782 -router
783
784 Disable IP forwarding on the interface. IP packets are
785 not forwarded to and from the interface.
786
787
788
789 SunOS 5.11 Last change: 21 Jan 2007 12
790
791
792
793
794
795
796 System Administration Commands ifconfig(1M)
797
798
799
800 set
801
802 Set the address, prefix_length or both, for a logical
803 interface.
804
805
806 standby
807
808 Marks the physical interface as a standby interface. If
809 the interface is marked STANDBY and is part of the mul-
810 tipathing group, the interface will not be selected to
811 send out packets unless some other interface in the
812 group has failed and the network access has been failed
813 over to this standby interface.
814
815 The status display shows "STANDBY, INACTIVE" indicating
816 that that the interface is a standby and is also inac-
817 tive. IFF_INACTIVE will be cleared when some other
818 interface belonging to the same multipathing group fails
819 over to this interface. Once a failback happens, the
820 status display will return to INACTIVE.
821
822
823 -standby
824
825 Turns off standby on this interface.
826
827
828 subnet
829
830 Set the subnet address for an interface.
831
832
833 tdst tunnel_dest_address
834
835 Set the destination address of a tunnel. The address
836 should not be the same as the dest_address of the tun-
837 nel, because no packets leave the system over such a
838 tunnel.
839
840
841 thoplimit n
842
843 Set the hop limit for a tunnel interface. The hop limit
844 value is used as the TTL in the IPv4 header for the
845 IPv6-in-IPv4 and IPv4-in-IPv4 tunnels. For IPv6-in-IPv6
846 and IPv4-in-IPv6 tunnels, the hop limit value is used as
847 the hop limit in the IPv6 header.
848
849
850 token address/prefix_length
851
852
853
854
855 SunOS 5.11 Last change: 21 Jan 2007 13
856
857
858
859
860
861
862 System Administration Commands ifconfig(1M)
863
864
865
866 Set the IPv6 token of an interface to be used for
867 address autoconfiguration.
868
869 example% ifconfig eri0 inet6 token ::1/64
870
871
872
873
874 trailers
875
876 This flag previously caused a nonstandard encapsulation
877 of IPv4 packets on certain link levels. Drivers supplied
878 with this release no longer use this flag. It is pro-
879 vided for compatibility, but is ignored.
880
881
882 -trailers
883
884 Disable the use of a "trailer" link level encapsulation.
885
886
887 tsrc tunnel_src_address
888
889 Set the source address of a tunnel. This is the source
890 address on an outer encapsulating IP header. It must be
891 an address of another interface already configured using
892 ifconfig.
893
894
895 unplumb
896
897 Close the device associated with this physical interface
898 name and any streams that ifconfig set up for IP to use
899 the device. When used with a logical interface name, the
900 logical interface is removed from the system. After this
901 command is executed, the device name will no longer
902 appear in the output of ifconfig -a.
903
904
905 up
906
907 Mark a logical interface "up". This happens automati-
908 cally when assigning the first address to a logical
909 interface. The up option enables an interface after an
910 ifconfig down, which reinitializes the hardware.
911
912
913 usesrc [ name | none ]
914
915 Specify a physical interface to be used for source
916 address selection. If the keyword none is used, then any
917 previous selection is cleared.
918
919
920
921 SunOS 5.11 Last change: 21 Jan 2007 14
922
923
924
925
926
927
928 System Administration Commands ifconfig(1M)
929
930
931
932 When an application does not choose a non-zero source
933 address using bind(3SOCKET), the system will select an
934 appropriate source address based on the outbound inter-
935 face and the address selection rules (see
936 ipaddrsel(1M)).
937
938 When usesrc is specified and the specified interface is
939 selected in the forwarding table for output, the system
940 looks first to the specified physical interface and its
941 associated logical interfaces when selecting a source
942 address. If no usable address is listed in the forward-
943 ing table, the ordinary selection rules apply. For exam-
944 ple, if you enter:
945
946 # ifconfig eri0 usesrc vni0
947
948
949 ...and vni0 has address 10.0.0.1 assigned to it, the
950 system will prefer 10.0.0.1 as the source address for
951 any packets originated by local connections that are
952 sent through eri0. Further examples are provided in the
953 EXAMPLES section.
954
955 While you can specify any physical interface (or even
956 loopback), be aware that you can also specify the vir-
957 tual IP interface (see vni(7D)). The virtual IP inter-
958 face is not associated with any physical hardware and is
959 thus immune to hardware failures. You can specify any
960 number of physical interfaces to use the source address
961 hosted on a single virtual interface. This simplifies
962 the configuration of routing-based multipathing. If one
963 of the physical interfaces were to fail, communication
964 would continue through one of the remaining, functioning
965 physical interfaces. This scenario assumes that the
966 reachability of the address hosted on the virtual inter-
967 face is advertised in some manner, for example, through
968 a routing protocol.
969
970 Because the ifconfig preferred option is applied to all
971 interfaces, it is coarser-grained than the usesrc
972 option. It will be overridden by usesrc and setsrc
973 (route subcommand), in that order.
974
975 The use of the usesrc option is mutually exclusive of
976 the IP multipathing ifconfig options, group and standby.
977 That is, if an interface is already part of a IP mul-
978 tipathing group or specified as a standby interface,
979 then it cannot be specified with a usesrc option, and
980 vice-versa. For more details on IP multipathing, see
981 in.mpathd(1M) and the .
982
983
984
985
986
987 SunOS 5.11 Last change: 21 Jan 2007 15
988
989
990
991
992
993
994 System Administration Commands ifconfig(1M)
995
996
997
998 xmit
999
1000 Enable a logical interface to transmit packets. This is
1001 the default behavior when the logical interface is up.
1002
1003
1004 -xmit
1005
1006 Disable transmission of packets on an interface. The
1007 interface will continue to receive packets.
1008
1009
1010 zone zonename
1011
1012 Place the logical interface in zone zonename. The named
1013 zone must be active in the kernel in the ready or run-
1014 ning state. The interface is unplumbed when the zone is
1015 halted or rebooted. The zone must be configure to be an
1016 shared-IP zone. zonecfg(1M) is used to assign network
1017 interface names to exclusive-IP zones.
1018
1019
1020 -zone
1021
1022 Place IP interface in the global zone. This is the
1023 default.
1024
1025
1026 OPERANDS
1027 The interface operand, as well as address parameters that
1028 affect it, are described below.
1029
1030 interface
1031
1032 A string of one of the following forms:
1033
1034 o name physical-unit, for example, eri0 or ce1
1035
1036 o name physical-unit:logical-unit, for example,
1037 eri0:1
1038
1039 o ip.tunN or ip6.tunN, for tunnels
1040 If the interface name starts with a dash (-), it is
1041 interpreted as a set of options which specify a set of
1042 interfaces. In such a case, -a must be part of the
1043 options and any of the additional options below can be
1044 added in any order. If one of these interface names is
1045 given, the commands following it are applied to all of
1046 the interfaces that match.
1047
1048 -a
1049
1050
1051
1052
1053 SunOS 5.11 Last change: 21 Jan 2007 16
1054
1055
1056
1057
1058
1059
1060 System Administration Commands ifconfig(1M)
1061
1062
1063
1064 Apply the command to all interfaces of the specified
1065 address family. If no address family is supplied,
1066 either on the command line or by means of
1067 /etc/default/inet_type, then all address families
1068 will be selected.
1069
1070
1071 -d
1072
1073 Apply the commands to all "down" interfaces in the
1074 system.
1075
1076
1077 -D
1078
1079 Apply the commands to all interfaces not under DHCP
1080 (Dynamic Host Configuration Protocol) control.
1081
1082
1083 -u
1084
1085 Apply the commands to all "up" interfaces in the
1086 system.
1087
1088
1089 -Z
1090
1091 Apply the commands to all interfaces in the user's
1092 zone.
1093
1094
1095 -4
1096
1097 Apply the commands to all IPv4 interfaces.
1098
1099
1100 -6
1101
1102 Apply the commands to all IPv6 interfaces.
1103
1104
1105
1106 address_family
1107
1108 The address family is specified by the address_family
1109 parameter. The ifconfig command currently supports the
1110 following families: inet and inet6. If no address family
1111 is specified, the default is inet.
1112
1113 ifconfig honors the DEFAULT_IP setting in the
1114 /etc/default/inet_type file when it displays interface
1115 information . If DEFAULT_IP is set to IP_VERSION4, then
1116
1117
1118
1119 SunOS 5.11 Last change: 21 Jan 2007 17
1120
1121
1122
1123
1124
1125
1126 System Administration Commands ifconfig(1M)
1127
1128
1129
1130 ifconfig will omit information that relates to IPv6
1131 interfaces. However, when you explicitly specify an
1132 address family (inet or inet6) on the ifconfig command
1133 line, the command line overrides the DEFAULT_IP set-
1134 tings.
1135
1136
1137 address
1138
1139 For the IPv4 family (inet), the address is either a host
1140 name present in the host name data base (see hosts(4))
1141 or in the Network Information Service (NIS) map hosts,
1142 or an IPv4 address expressed in the Internet standard
1143 "dot notation".
1144
1145 For the IPv6 family (inet6), the address is either a
1146 host name present in the host name data base (see
1147 hosts(4)) or in the Network Information Service (NIS)
1148 map ipnode, or an IPv6 address expressed in the Internet
1149 standard colon-separated hexadecimal format represented
1150 as x:x:x:x:x:x:x:x where x is a hexadecimal number
1151 between 0 and FFFF.
1152
1153
1154 prefix_length
1155
1156 For the IPv4 and IPv6 families (inet and inet6), the
1157 prefix_length is a number between 0 and the number of
1158 bits in the address. For inet, the number of bits in the
1159 address is 32; for inet6, the number of bits in the
1160 address is 128. The prefix_length denotes the number of
1161 leading set bits in the netmask.
1162
1163
1164 dest_address
1165
1166 If the dest_address parameter is supplied in addition to
1167 the address parameter, it specifies the address of the
1168 correspondent on the other end of a point-to-point link.
1169
1170
1171 tunnel_dest_address
1172
1173 An address that is or will be reachable through an
1174 interface other than the tunnel being configured. This
1175 tells the tunnel where to send the tunneled packets.
1176 This address must not be the same as the interface des-
1177 tination address being configured.
1178
1179
1180 tunnel_src_address
1181
1182
1183
1184
1185 SunOS 5.11 Last change: 21 Jan 2007 18
1186
1187
1188
1189
1190
1191
1192 System Administration Commands ifconfig(1M)
1193
1194
1195
1196 An address that is attached to an already configured
1197 interface that has been configured "up" with ifconfig.
1198
1199
1200 INTERFACE FLAGS
1201 The ifconfig command supports the following interface flags.
1202 The term "address" in this context refers to a logical
1203 interface, for example, eri0:0, while "interface " refers to
1204 the physical interface, for example, eri0.
1205
1206 ADDRCONF
1207
1208 The address is from stateless addrconf. The stateless
1209 mechanism allows a host to generate its own address
1210 using a combination of information advertised by routers
1211 and locally available information. Routers advertise
1212 prefixes that identify the subnet associated with the
1213 link, while the host generates an "interface identifier"
1214 that uniquely identifies an interface in a subnet. In
1215 the absence of information from routers, a host can gen-
1216 erate link-local addresses. This flag is specific to
1217 IPv6.
1218
1219
1220 ANYCAST
1221
1222 Indicates an anycast address. An anycast address identi-
1223 fies the nearest member of a group of systems that pro-
1224 vides a particular type of service. An anycast address
1225 is assigned to a group of systems. Packets are delivered
1226 to the nearest group member identified by the anycast
1227 address instead of being delivered to all members of the
1228 group.
1229
1230
1231 BROADCAST
1232
1233 This broadcast address is valid. This flag and POINTTO-
1234 POINT are mutually exclusive
1235
1236
1237 CoS
1238
1239 This interface supports some form of Class of Service
1240 (CoS) marking. An example is the 802.1D user priority
1241 marking supported on VLAN interfaces.
1242
1243
1244 DEPRECATED
1245
1246 This address is deprecated. This address will not be
1247 used as a source address for outbound packets unless
1248
1249
1250
1251 SunOS 5.11 Last change: 21 Jan 2007 19
1252
1253
1254
1255
1256
1257
1258 System Administration Commands ifconfig(1M)
1259
1260
1261
1262 there are no other addresses on this interface or an
1263 application has explicitly bound to this address. An
1264 IPv6 deprecated address will eventually be deleted when
1265 not used, whereas an IPv4 deprecated address is often
1266 used with IP network multipathing IPv4 test addresses,
1267 which are determined by the setting of the NOFAILOVER
1268 flag. Further, the DEPRECATED flag is part of the stan-
1269 dard mechanism for renumbering in IPv6.
1270
1271
1272 DHCP
1273
1274 DHCP is used to manage this address.
1275
1276
1277 DUPLICATE
1278
1279 The logical interface has been disabled because the IP
1280 address configured on the interface is a duplicate. Some
1281 other node on the network is using this address. If the
1282 address was configured by DHCP or is temporary, the sys-
1283 tem will choose another automatically, if possible. Oth-
1284 erwise, the system will attempt to recover this address
1285 periodically and the interface will recover when the
1286 conflict has been removed from the network. Changing the
1287 address or netmask, or setting the logical interface to
1288 up will restart duplicate detection. Setting the inter-
1289 face to down terminates recovery and removes the DUPLI-
1290 CATE flag.
1291
1292
1293 FAILED
1294
1295 The interface has failed. New addresses cannot be
1296 created on this interface. If this interface is part of
1297 an IP network multipathing group, a failover will occur
1298 to another interface in the group, if possible
1299
1300
1301 FIXEDMTU
1302
1303 The MTU has been set using the -mtu option. This flag is
1304 read-only. Interfaces that have this flag set have a
1305 fixed MTU value that is unaffected by dynamic MTU
1306 changes that can occur when drivers notify IP of link
1307 MTU changes.
1308
1309
1310 INACTIVE
1311
1312 Indicates that the interface is not currently being used
1313 for regular traffic by the system. New addresses cannot
1314
1315
1316
1317 SunOS 5.11 Last change: 21 Jan 2007 20
1318
1319
1320
1321
1322
1323
1324 System Administration Commands ifconfig(1M)
1325
1326
1327
1328 be created on this interface. The flag is set automati-
1329 cally on standby interfaces. It can also be set when the
1330 system detects that a failed interface has been repaired
1331 and FAILBACK=no is configured in /etc/default/mpathd.
1332 The flag is cleared when the interface fails or when a
1333 failover to that interface occurs.
1334
1335
1336 LOOPBACK
1337
1338 Indicates that this is the loopback interface.
1339
1340
1341 MIP
1342
1343 Indicates that mobile IP controls this interface.
1344
1345
1346 MULTI_BCAST
1347
1348 Indicates that the broadcast address is used for multi-
1349 cast on this interface.
1350
1351
1352 MULTICAST
1353
1354 The interface supports multicast. IP assumes that any
1355 interface that supports hardware broadcast, or that is a
1356 point-to-point link, will support multicast.
1357
1358
1359 NOARP
1360
1361 There is no address resolution protocol (ARP) for this
1362 interface that corresponds to all interfaces for a dev-
1363 ice without a broadcast address. This flag is specific
1364 to IPv4.
1365
1366
1367 NOFAILOVER
1368
1369 This address will not failover if the interface fails.
1370 IP network multipathing test addresses must be marked
1371 nofailover.
1372
1373
1374 NOLOCAL
1375
1376 The interface has no address , just an on-link subnet.
1377
1378
1379
1380
1381
1382
1383 SunOS 5.11 Last change: 21 Jan 2007 21
1384
1385
1386
1387
1388
1389
1390 System Administration Commands ifconfig(1M)
1391
1392
1393
1394 NONUD
1395
1396 NUD is disabled on this interface. NUD (neighbor
1397 unreachability detection) is used by a node to track the
1398 reachability state of its neighbors, to which the node
1399 actively sends packets, and to perform any recovery if a
1400 neighbor is detected to be unreachable. This flag is
1401 specific to IPv6.
1402
1403
1404 NORTEXCH
1405
1406 The interface does not exchange routing information. For
1407 RIP-2, routing packets are not sent over this interface.
1408 Additionally, messages that appear to come over this
1409 interface receive no response. The subnet or address of
1410 this interface is not included in advertisements over
1411 other interfaces to other routers.
1412
1413
1414 NOXMIT
1415
1416 Indicates that the address does not transmit packets.
1417 RIP-2 also does not advertise this address.
1418
1419
1420 OFFLINE
1421
1422 Indicates that the interface has been offlined. New
1423 addresses cannot be created on this interface. Inter-
1424 faces in an IP network multipathing group are offlined
1425 prior to removal and replacement using dynamic reconfi-
1426 guration.
1427
1428
1429 POINTOPOINT
1430
1431 Indicates that the address is a point-to-point link.
1432 This flag and BROADCAST are mutually exclusive
1433
1434
1435 PREFERRED
1436
1437 This address is a preferred IPv6 source address. This
1438 address will be used as a source address for IPv6 com-
1439 munication with all IPv6 destinations, unless another
1440 address on the system is of more appropriate scope. The
1441 DEPRECATED flag takes precedence over the PREFERRED
1442 flag.
1443
1444
1445
1446
1447
1448
1449 SunOS 5.11 Last change: 21 Jan 2007 22
1450
1451
1452
1453
1454
1455
1456 System Administration Commands ifconfig(1M)
1457
1458
1459
1460 PRIVATE
1461
1462 Indicates that this address is not advertised. For RIP-
1463 2, this interface is used to send advertisements. How-
1464 ever, neither the subnet nor this address are included
1465 in advertisements to other routers.
1466
1467
1468 ROUTER
1469
1470 Indicates that IP packets can be forwarded to and from
1471 the interface.
1472
1473
1474 RUNNING
1475
1476 Indicates that the required resources for an interface
1477 are allocated. For some interfaces this also indicates
1478 that the link is up.
1479
1480
1481 STANDBY
1482
1483 Indicates that this is a standby interface to be used on
1484 failures. Only interfaces in an IP network multipathing
1485 group should be designated as standby interfaces. If
1486 this interface is part of a IP network multipathing
1487 group, the interface will not be selected to send out
1488 packets unless some other interface in the group fails
1489 over to it.
1490
1491
1492 TEMPORARY
1493
1494 Indicates that this is a temporary IPv6 address as
1495 defined in RFC 3041.
1496
1497
1498 UNNUMBERED
1499
1500 This flag is set when the local IP address on the link
1501 matches the local address of some other link in the sys-
1502 tem
1503
1504
1505 UP
1506
1507 Indicates that the interface is up, that is, all the
1508 routing entries and the like for this interface have
1509 been set up.
1510
1511
1512
1513
1514
1515 SunOS 5.11 Last change: 21 Jan 2007 23
1516
1517
1518
1519
1520
1521
1522 System Administration Commands ifconfig(1M)
1523
1524
1525
1526 VIRTUAL
1527
1528 Indicates that the physical interface has no underlying
1529 hardware. It is not possible to transmit or receive
1530 packets through a virtual interface. These interfaces
1531 are useful for configuring local addresses that can be
1532 used on multiple interfaces. (See also the -usesrc
1533 option.)
1534
1535
1536 XRESOLV
1537
1538 Indicates that the interface uses an IPv6 external
1539 resolver.
1540
1541
1542 LOGICAL INTERFACES
1543 Solaris TCP/IP allows multiple logical interfaces to be
1544 associated with a physical network interface. This allows a
1545 single machine to be assigned multiple IP addresses, even
1546 though it may have only one network interface. Physical net-
1547 work interfaces have names of the form driver-name
1548 physical-unit-number, while logical interfaces have names of
1549 the form driver-name physical-unit-number:logical-unit-
1550 number. A physical interface is configured into the system
1551 using the plumb command. For example:
1552
1553 example% ifconfig eri0 plumb
1554
1555
1556
1557
1558 Once a physical interface has been "plumbed", logical inter-
1559 faces associated with the physical interface can be config-
1560 ured by separate -plumb or -addif options to the ifconfig
1561 command.
1562
1563 example% ifconfig eri0:1 plumb
1564
1565
1566
1567
1568 allocates a specific logical interface associated with the
1569 physical interface eri0. The command
1570
1571 example% ifconfig eri0 addif 192.168.200.1/24 up
1572
1573
1574
1575
1576 allocates the next available logical unit number on the eri0
1577 physical interface and assigns an address and prefix_length.
1578
1579
1580
1581 SunOS 5.11 Last change: 21 Jan 2007 24
1582
1583
1584
1585
1586
1587
1588 System Administration Commands ifconfig(1M)
1589
1590
1591
1592 A logical interface can be configured with parameters (
1593 address,prefix_length, and so on) different from the physi-
1594 cal interface with which it is associated. Logical inter-
1595 faces that are associated with the same physical interface
1596 can be given different parameters as well. Each logical
1597 interface must be associated with an existing and "up" phy-
1598 sical interface. So, for example, the logical interface
1599 eri0:1 can only be configured after the physical interface
1600 eri0 has been plumbed.
1601
1602
1603 To delete a logical interface, use the -unplumb or -removeif
1604 options. For example,
1605
1606 example% ifconfig eri0:1 down unplumb
1607
1608
1609
1610
1611 will delete the logical interface eri0:1.
1612
1613 MULTIPATHING GROUPS
1614 Physical interfaces that share the same IP broadcast domain
1615 can be collected into a multipathing group using the group
1616 keyword. Interfaces assigned to the same multipathing group
1617 are treated as equivalent and outgoing traffic is spread
1618 across the interfaces on a per-IP-destination basis. In
1619 addition, individual interfaces in a multipathing group are
1620 monitored for failures; the addresses associated with failed
1621 interfaces are automatically transferred to other function-
1622 ing interfaces within the group.
1623
1624
1625 For more details on IP multipathing, see in.mpathd(1M) and
1626 the . See netstat(1M) for per-IP-destination information.
1627
1628 CONFIGURING IPV6 INTERFACES
1629 When an IPv6 physical interface is plumbed and configured
1630 "up" with ifconfig, it is automatically assigned an IPv6
1631 link-local address for which the last 64 bits are calculated
1632 from the MAC address of the interface.
1633
1634 example% ifconfig eri0 inet6 plumb up
1635
1636
1637
1638
1639 The following example shows that the link-local address has
1640 a prefix of fe80::/10.
1641
1642 example% ifconfig eri0 inet6
1643 ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6>
1644
1645
1646
1647 SunOS 5.11 Last change: 21 Jan 2007 25
1648
1649
1650
1651
1652
1653
1654 System Administration Commands ifconfig(1M)
1655
1656
1657
1658 mtu 1500 index 2
1659 inet6 fe80::a00:20ff:fe8e:f3ad/10
1660
1661
1662
1663
1664 Link-local addresses are only used for communication on the
1665 local subnet and are not visible to other subnets.
1666
1667
1668 If an advertising IPv6 router exists on the link advertising
1669 prefixes, then the newly plumbed IPv6 interface will auto-
1670 configure logical interface(s) depending on the prefix
1671 advertisements. For example, for the prefix advertisement
1672 2001:0db8:3c4d:0:55::/64, the autoconfigured interface will
1673 look like:
1674
1675 eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6>
1676 mtu 1500 index 2
1677 inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64
1678
1679
1680
1681
1682 Even if there are no prefix advertisements on the link, you
1683 can still assign global addresses manually, for example:
1684
1685 example% ifconfig eri0 inet6 addif \
1686 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
1687
1688
1689
1690
1691 To configure boot-time defaults for the interface eri0,
1692 place the following entry in the /etc/hostname6.eri0 file:
1693
1694 addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
1695
1696
1697 Configuring IPv6/IPv4 tunnels
1698 An IPv6 over IPv4 tunnel interface can send and receive IPv6
1699 packets encapsulated in an IPv4 packet. Create tunnels at
1700 both ends pointing to each other. IPv6 over IPv4 tunnels
1701 require the tunnel source and tunnel destination IPv4 and
1702 IPv6 addresses. Solaris 8 supports both automatic and con-
1703 figured tunnels. For automatic tunnels, an IPv4-compatible
1704 IPv6 address is used. The following demonstrates auto-tunnel
1705 configuration:
1706
1707 example% ifconfig ip.atun0 inet6 plumb
1708 example% ifconfig ip.atun0 inet6 tsrc IPv4-address \
1709 ::IPv4 address/96 up
1710
1711
1712
1713 SunOS 5.11 Last change: 21 Jan 2007 26
1714
1715
1716
1717
1718
1719
1720 System Administration Commands ifconfig(1M)
1721
1722
1723
1724 where IPv4-address is the IPv4 address of the interface
1725 through which the tunnel traffic will flow, and IPv4-
1726 address, ::<IPv4-address>, is the corresponding IPv4-
1727 compatible IPv6 address.
1728
1729
1730 The following is an example of a configured tunnel:
1731
1732 example% ifconfig ip.tun0 inet6 plumb tsrc my-ipv4-address \
1733 tdst peer-ipv4-address up
1734
1735
1736
1737
1738 This creates a configured tunnel between my-ipv4-address and
1739 peer-ipv4-address with corresponding link-local addresses.
1740 For tunnels with global or site-local addresses, the logical
1741 tunnel interfaces need to be configured in the following
1742 form:
1743
1744 example% ifconfig ip.tun0 inet6 addif my-v6-address peer-v6-address up
1745
1746
1747
1748
1749 For example,
1750
1751 example% ifconfig ip.tun0 inet6 plumb tsrc 109.146.85.57 \
1752 tdst 109.146.85.212 up
1753 example% ifconfig ip.tun0 inet6 addif 2::45 2::46 up
1754
1755
1756
1757
1758 To show all IPv6 interfaces that are up and configured:
1759
1760 example% ifconfig -au6
1761 ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6>
1762 mtu 1480 index 3
1763 inet tunnel src 109.146.85.57 tunnel dst 109.146.85.212
1764 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1765 tunnel hop limit 60
1766 inet6 fe80::6d92:5539/10 --> fe80::6d92:55d4
1767 ip.tun0:1: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6>
1768 mtu 1480 index 3
1769 inet6 2::45/128 --> 2::46
1770
1771
1772
1773
1774 In the output above, note the line that begins with "tunnel
1775 security settings". The content of this line varies
1776
1777
1778
1779 SunOS 5.11 Last change: 21 Jan 2007 27
1780
1781
1782
1783
1784
1785
1786 System Administration Commands ifconfig(1M)
1787
1788
1789
1790 according to whether and how you have set your security set-
1791 tings. See "Display of Tunnel Security Settings," below.
1792
1793 Configuring IPv4/IPv6 Tunnels
1794 An IPv4 over IPv6 tunnel interface can send and receive IPv4
1795 packets encapsulated in an IPv6 packet. Create tunnels at
1796 both ends pointing to each other. IPv4 over IPv6 tunnels
1797 require the tunnel source and tunnel destination IPv6 and
1798 IPv4 addresses. The following demonstrates auto-tunnel con-
1799 figuration:
1800
1801 example% ifconfig ip6.tun0 inet plumb tsrc my-ipv6-address \
1802 tdst peer-ipv6-address my-ipv4-address \
1803 peer-ipv4-address up
1804
1805
1806
1807
1808 This creates a configured tunnel between my-ipv6-address and
1809 peer-ipv6-address with my-ipv4-address and peer-ipv4-address
1810 as the endpoints of the point-to-point interface, for exam-
1811 ple:
1812
1813 example% ifconfig ip6.tun0 inet plumb tsrc fe80::1 tdst fe80::2 \
1814 10.0.0.208 10.0.0.210 up
1815
1816
1817
1818
1819 To show all IPv4 interfaces that are up and configured:
1820
1821 example% ifconfig -au4
1822 lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
1823 inet 127.0.0.1 netmask ff000000
1824 eri0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 \
1825 index 2
1826 inet 172.17.128.208 netmask ffffff00 broadcast 172.17.128.255
1827 ip6.tun0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> \
1828 mtu 1460
1829 index 3
1830 inet6 tunnel src fe80::1 tunnel dst fe80::2
1831 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1832 tunnel hop limit 60 tunnel encapsulation limit 4
1833 inet 10.0.0.208 --> 10.0.0.210 netmask ff000000
1834
1835
1836
1837
1838 In the output above, note the line that begins with "tunnel
1839 security settings". The content of this line varies accord-
1840 ing to whether and how you have set your security settings.
1841 See "Display of Tunnel Security Settings," below.
1842
1843
1844
1845 SunOS 5.11 Last change: 21 Jan 2007 28
1846
1847
1848
1849
1850
1851
1852 System Administration Commands ifconfig(1M)
1853
1854
1855
1856 Display of Tunnel Security Settings
1857 The ifconfig output for tunneled interfaces indicates secu-
1858 rity settings, if present, for a tunnel. The content of the
1859 line showing your settings differs depending on how you have
1860 made your settings:
1861
1862 o If you set your security policy using the ifconfig
1863 -auth_algs, -encr_algs, and -encr_auth_algs options
1864 and do not use ipsecconf(1M), ifconfig displays
1865 your settings for each of these options.
1866
1867 o If you set your security policy using ipsecconf(1M)
1868 with the tunnel keyword (the preferred method),
1869 ifconfig displays:
1870
1871 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1872
1873
1874 ...in effect, hiding your settings from those
1875 without privileges to view them.
1876
1877 If you do net set security policy, using either
1878 ifconfig or ipsecconf, there is no tunnel security
1879 setting displayed.
1880
1881 EXAMPLES
1882 Example 1 Using the ifconfig Command
1883
1884
1885 If your workstation is not attached to an Ethernet, the net-
1886 work interface, for example, eri0, should be marked "down"
1887 as follows:
1888
1889
1890 example% ifconfig eri0 down
1891
1892
1893
1894 Example 2 Printing Addressing Information
1895
1896
1897 To print out the addressing information for each interface,
1898 use the following command:
1899
1900
1901 example% ifconfig -a
1902
1903
1904
1905 Example 3 Resetting the Broadcast Address
1906
1907
1908
1909
1910
1911 SunOS 5.11 Last change: 21 Jan 2007 29
1912
1913
1914
1915
1916
1917
1918 System Administration Commands ifconfig(1M)
1919
1920
1921
1922 To reset each interface's broadcast address after the net-
1923 masks have been correctly set, use the next command:
1924
1925
1926 example% ifconfig -a broadcast +
1927
1928
1929
1930 Example 4 Changing the Ethernet Address
1931
1932
1933 To change the Ethernet address for interface ce0, use the
1934 following command:
1935
1936
1937 example% ifconfig ce0 ether aa:1:2:3:4:5
1938
1939
1940
1941 Example 5 Configuring an IP-in-IP Tunnel
1942
1943
1944 To configure an IP-in-IP tunnel, first plumb it with the
1945 following command:
1946
1947
1948 example% ifconfig ip.tun0 plumb
1949
1950
1951
1952
1953 Then configure it as a point-to-point interface, supplying
1954 the tunnel source and the tunnel destination:
1955
1956
1957 example% ifconfig ip.tun0 myaddr mydestaddr tsrc another_myaddr \
1958 tdst a_dest_addr up
1959
1960
1961
1962
1963 Use ipsecconf(1M), as described above, to configure tunnel
1964 security properties.
1965
1966
1967 Example 6 Configuring 6to4 Tunnels
1968
1969
1970 To configure 6to4 tunnels, use the following commands:
1971
1972
1973 example% ifconfig ip.6to4tun0 inet6 plumb
1974
1975
1976
1977 SunOS 5.11 Last change: 21 Jan 2007 30
1978
1979
1980
1981
1982
1983
1984 System Administration Commands ifconfig(1M)
1985
1986
1987
1988 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address 6to4-address/64 up
1989
1990
1991
1992
1993 IPv4-address denotes the address of the encapsulating inter-
1994 face. 6to4-address denotes the address of the local IPv6
1995 address of form 2002:IPv4-address:SUBNET-ID:HOSTID.
1996
1997
1998
1999 The long form should be used to resolve any potential con-
2000 flicts that might arise if the system administrator utilizes
2001 an addressing plan where the values for SUBNET-ID or HOSTID
2002 are reserved for something else.
2003
2004
2005
2006 After the interface is plumbed, a 6to4 tunnel can be config-
2007 ured as follows:
2008
2009
2010 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address up
2011
2012
2013
2014
2015 This short form sets the address. It uses the convention:
2016
2017
2018 2002:IPv4-address::1
2019
2020
2021
2022 The SUBNET-ID is 0, and the HOSTID is 1.
2023
2024
2025 Example 7 Configuring IP Forwarding on an Interface
2026
2027
2028 To enable IP forwarding on a single interface, use the fol-
2029 lowing command:
2030
2031
2032 example% ifconfig eri0 router
2033
2034
2035
2036
2037 To disable IP forwarding on a single interface, use the fol-
2038 lowing command:
2039
2040
2041
2042
2043 SunOS 5.11 Last change: 21 Jan 2007 31
2044
2045
2046
2047
2048
2049
2050 System Administration Commands ifconfig(1M)
2051
2052
2053
2054 example% ifconfig eri0 -router
2055
2056
2057
2058 Example 8 Configuring Source Address Selection Using a Vir-
2059 tual Interface
2060
2061
2062 The following command configures source address selection
2063 such that every packet that is locally generated with no
2064 bound source address and going out on qfe2 prefers a source
2065 address hosted on vni0.
2066
2067
2068 example% ifconfig qfe2 usesrc vni0
2069
2070
2071
2072
2073 The ifconfig -a output for the qfe2 and vni0 interfaces
2074 displays as follows:
2075
2076
2077 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
2078 1500 index 4
2079 usesrc vni0
2080 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
2081 ether 0:3:ba:17:4b:e1
2082 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
2083 mtu 0 index 5
2084 srcof qfe2
2085 inet 3.4.5.6 netmask ffffffff
2086
2087
2088
2089 Observe, above, the usesrc and srcof keywords in the ifcon-
2090 fig output. These keywords also appear on the logical
2091 instances of the physical interface, even though this is a
2092 per-physical interface parameter. There is no srcof keyword
2093 in ifconfig for configuring interfaces. This information is
2094 determined automatically from the set of interfaces that
2095 have usesrc set on them.
2096
2097
2098
2099 The following command, using the none keyword, undoes the
2100 effect of the preceding ifconfig usersrc command.
2101
2102
2103 example% ifconfig qfe2 usesrc none
2104
2105
2106
2107
2108
2109 SunOS 5.11 Last change: 21 Jan 2007 32
2110
2111
2112
2113
2114
2115
2116 System Administration Commands ifconfig(1M)
2117
2118
2119
2120 Following this command, ifconfig -a output displays as fol-
2121 lows:
2122
2123
2124 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
2125 1500 index 4
2126 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
2127 ether 0:3:ba:17:4b:e1
2128 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
2129 mtu 0 index 5
2130 inet 3.4.5.6 netmask ffffffff
2131
2132
2133
2134 Note the absence of the usesrc and srcof keywords in the
2135 output above.
2136
2137
2138 Example 9 Configuring Source Address Selection for an IPv6
2139 Address
2140
2141
2142 The following command configures source address selection
2143 for an IPv6 address, selecting a source address hosted on
2144 vni0.
2145
2146
2147 example% ifconfig qfe1 inet6 usesrc vni0
2148
2149
2150
2151
2152 Following this command, ifconfig -a output displays as fol-
2153 lows:
2154
2155
2156 qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
2157 usesrc vni0
2158 inet6 fe80::203:baff:fe17:4be0/10
2159 ether 0:3:ba:17:4b:e0
2160 vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
2161 index 5
2162 srcof qfe1
2163 inet6 fe80::203:baff:fe17:4444/128
2164 vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
2165 index 5
2166 srcof qfe1
2167 inet6 fec0::203:baff:fe17:4444/128
2168 vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
2169 index 5
2170 srcof qfe1
2171 inet6 2000::203:baff:fe17:4444/128
2172
2173
2174
2175 SunOS 5.11 Last change: 21 Jan 2007 33
2176
2177
2178
2179
2180
2181
2182 System Administration Commands ifconfig(1M)
2183
2184
2185
2186 Depending on the scope of the destination of the packet
2187 going out on qfe1, the appropriately scoped source address
2188 is selected from vni0 and its aliases.
2189
2190
2191 Example 10 Using Source Address Selection with Shared-IP
2192 Zones
2193
2194
2195 The following is an example of how the usesrc feature can be
2196 used with the zones(5) facility in Solaris. The following
2197 commands are invoked in the global zone:
2198
2199
2200 example% ifconfig hme0 usesrc vni0
2201 example% ifconfig eri0 usesrc vni0
2202 example% ifconfig qfe0 usesrc vni0
2203
2204
2205
2206
2207 Following the preceding commands, the ifconfig -a output for
2208 the virtual interfaces would display as:
2209
2210
2211 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
2212 mtu 0 index 23
2213 srcof hme0 eri0 qfe0
2214 inet 10.0.0.1 netmask ffffffff
2215 vni0:1:
2216 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
2217 index 23
2218 zone test1
2219 srcof hme0 eri0 qfe0
2220 inet 10.0.0.2 netmask ffffffff
2221 vni0:2:
2222 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
2223 index 23
2224 zone test2
2225 srcof hme0 eri0 qfe0
2226 inet 10.0.0.3 netmask ffffffff
2227 vni0:3:
2228 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
2229 index 23
2230 zone test3
2231 srcof hme0 eri0 qfe0
2232 inet 10.0.0.4 netmask ffffffff
2233
2234
2235
2236 There is one virtual interface alias per zone (test1, test2,
2237 and test3). A source address from the virtual interface
2238
2239
2240
2241 SunOS 5.11 Last change: 21 Jan 2007 34
2242
2243
2244
2245
2246
2247
2248 System Administration Commands ifconfig(1M)
2249
2250
2251
2252 alias in the same zone is selected. The virtual interface
2253 aliases were created using zonecfg(1M) as follows:
2254
2255
2256 example% zonecfg -z test1
2257 zonecfg:test1> add net
2258 zonecfg:test1:net> set physical=vni0
2259 zonecfg:test1:net> set address=10.0.0.2
2260
2261
2262
2263
2264 The test2 and test3 zone interfaces and addresses are
2265 created in the same way.
2266
2267
2268 Example 11 Turning Off DHCPv6
2269
2270
2271 The following example shows how to disable automatic use of
2272 DHCPv6 on all interfaces, and immediately shut down DHCPv6
2273 on the interface named hme0. See in.ndpd(1M) and
2274 ndpd.conf(4) for more information on the automatic DHCPv6
2275 configuration mechanism.
2276
2277
2278 example% echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf
2279 example% pkill -HUP -x in.ndpd
2280 example% ifconfig hme0 dhcp release
2281
2282
2283
2284 FILES
2285 /etc/netmasks
2286
2287 Netmask data.
2288
2289
2290 /etc/default/inet_type
2291
2292 Default Internet protocol type.
2293
2294
2295 ATTRIBUTES
2296 See attributes(5) for descriptions of the following attri-
2297 butes:
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307 SunOS 5.11 Last change: 21 Jan 2007 35
2308
2309
2310
2311
2312
2313
2314 System Administration Commands ifconfig(1M)
2315
2316
2317
2318 _______________________________________________________________________
2319 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
2320 |_______________________________________|______________________________|
2321 | Availability | SUNWcsu |
2322 |_______________________________________|______________________________|
2323 | Interface Stability for command-line| Committed |
2324 | options | |
2325 |_______________________________________|______________________________|
2326 | Interface Stability for command output| Uncommitted |
2327 |_______________________________________|______________________________|
2328
2329
2330 SEE ALSO
2331 dhcpinfo(1), dhcpagent(1M), in.mpathd(1M), in.ndpd(1M),
2332 in.routed(1M), ipsecconf(1M), ndd(1M), netstat(1M),
2333 zoneadm(1M), zonecfg(1M), ethers(3SOCKET),
2334 gethostbyname(3NSL), getnetbyname(3SOCKET), hosts(4),
2335 inet_type(4), ndpd.conf(4), netmasks(4), networks(4),
2336 nsswitch.conf(4), attributes(5), privileges(5), zones(5),
2337 arp(7P), ipsecah(7P), ipsecesp(7P), tun(7M)
2338
2339
2340 DIAGNOSTICS
2341 ifconfig sends messages that indicate if:
2342
2343 o the specified interface does not exist
2344
2345 o the requested address is unknown
2346
2347 o the user is not privileged and tried to alter an
2348 interface's configuration
2349
2350 NOTES
2351 Do not select the names broadcast, down, private, trailers,
2352 up or other possible option names when you choose host
2353 names. If you choose any one of these names as host names,
2354 it can cause unusual problems that are extremely difficult
2355 to diagnose.
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373 SunOS 5.11 Last change: 21 Jan 2007 36
2374
2375
2376