1 System Administration Commands ifconfig(1M)
2
3
4
5 NAME
6 ifconfig - configure network interface parameters
7
8 SYNOPSIS
9 ifconfig interface [address_family] [address [/prefix_length]
10 [dest_address]] [addif address [/prefix_length]]
11 [removeif address [/prefix_length]] [arp | -arp]
12 [auth_algs authentication algorithm] [encr_algs encryption algorithm]
13 [encr_auth_algs authentication algorithm] [auto-revarp]
14 [broadcast address] [deprecated | -deprecated]
15 [preferred | -preferred] [destination dest_address]
16 [ether [address]] [failover | -failover] [group
17 [name | ""]] [index if_index] [ipmp] [metric n] [modlist]
18 [modinsert mod_name@pos] [modremove mod_name@pos]
19 [mtu n] [netmask mask] [plumb] [unplumb] [private
20 | -private] [nud | -nud] [set [address] [/netmask]]
21 [standby | -standby] [subnet subnet_address] [tdst
22 tunnel_dest_address] [token address/prefix_length]
23 [tsrc tunnel_src_address] [trailers | -trailers]
24 [up] [down] [usesrc [name | none]] [xmit | -xmit]
25 [encaplimit n | -encaplimit] [thoplimit n] [router
26 | -router] [zone zonename | -zone | -all-zones]
27
28
29 ifconfig [address_family] interface {auto-dhcp | dhcp} [primary]
30 [wait seconds] drop | extend | inform | ping
31 | release | start | status
32
33
34 DESCRIPTION
35 The command ifconfig is used to assign an address to a net-
36 work interface and to configure network interface parame-
37 ters. The ifconfig command must be used at boot time to
38 define the network address of each interface present on a
39 machine; it may also be used at a later time to redefine an
40 interface's address or other operating parameters. If no
41 option is specified, ifconfig displays the current confi-
42 guration for a network interface. If an address family is
43 specified, ifconfig reports only the details specific to
44 that address family. Only privileged users may modify the
45 configuration of a network interface. Options appearing
46 within braces ({}) indicate that one of the options must be
47 specified.
48
49 DHCP Configuration
50 The forms of ifconfig that use the auto-dhcp or dhcp argu-
51 ments are used to control the Dynamic Host Configuration
52 Protocol ("DHCP") configuration of the interface. In this
53 mode, ifconfig is used to control operation of
54 dhcpagent(1M), the DHCP client daemon. Once an interface is
55 placed under DHCP control by using the start operand, ifcon-
56 fig should not, in normal operation, be used to modify the
57
58
59
60 SunOS 5.11 Last change: 21 Jan 2007 1
61
62
63
64
65
66
67 System Administration Commands ifconfig(1M)
68
69
70
71 address or characteristics of the interface. If the address
72 of an interface under DHCP is changed, dhcpagent will remove
73 the interface from its control.
74
75 OPTIONS
76 The following options are supported:
77
78 addif address
79
80 Create the next unused logical interface on the speci-
81 fied physical interface.
82
83 all-zones
84
85 Make the interface available to every shared-IP zone on
86 the system. The appropriate zone to which to deliver
87 data is determined using the tnzonecfg database. This
88 option is available only if the system is configured
89 with the Solaris Trusted Extensions feature.
90
91 The tnzonecfg database is described in the tnzonecfg(4)
92 man page, which is part of the Solaris Trusted Exten-
93 sions Reference Manual.
94
95
96 anycast
97
98 Marks the logical interface as an anycast address by
99 setting the ANYCAST flag. See "INTERFACE FLAGS," below,
100 for more information on anycast.
101
102
103 -anycast
104
105 Marks the logical interface as not an anycast address by
106 clearing the ANYCAST flag.
107
108
109 arp
110
111 Enable the use of the Address Resolution Protocol
112 ("ARP") in mapping between network level addresses and
113 link level addresses (default). This is currently imple-
114 mented for mapping between IPv4 addresses and MAC
115 addresses.
116
117
118
119
120
121
122 SunOS 5.11 Last change: 21 Jan 2007 2
123
124
125
126
127
128
129 System Administration Commands ifconfig(1M)
130
131
132
133 -arp
134
135 Disable the use of the ARP on a physical interface.
136 ARP cannot be disabled on an IPMP IP interface.
137
138
139 auth_algs authentication algorithm
140
141 For a tunnel, enable IPsec AH with the authentication
142 algorithm specified. The algorithm can be either a
143 number or an algorithm name, including any to express no
144 preference in algorithm. All IPsec tunnel properties
145 must be specified on the same command line. To disable
146 tunnel security, specify an auth_alg of none.
147
148 It is now preferable to use the ipsecconf(1M) command
149 when configuring a tunnel's security properties. If
150 ipsecconf was used to set a tunnel's security proper-
151 ties, this keyword will not affect the tunnel.
152
153
154 auto-dhcp
155
156 Use DHCP to automatically acquire an address for this
157 interface. This option has a completely equivalent alias
158 called dhcp.
159
160 For IPv6, the interface specified must be the zeroth
161 logical interface (the physical interface name), which
162 has the link-local address.
163
164 primary
165
166 Defines the interface as the primary. The interface
167 is defined as the preferred one for the delivery of
168 client-wide configuration data. Only one interface
169 can be the primary at any given time. If another
170 interface is subsequently selected as the primary,
171 it replaces the previous one. Nominating an inter-
172 face as the primary one will not have much signifi-
173 cance once the client work station has booted, as
174 many applications will already have started and been
175 configured with data read from the previous primary
176 interface.
177
178
179 wait seconds
180
181 The ifconfig command will wait until the operation
182 either completes or for the interval specified,
183 whichever is the sooner. If no wait interval is
184 given, and the operation is one that cannot complete
185 immediately, ifconfig will wait 30 seconds for the
186
187
188
189 SunOS 5.11 Last change: 21 Jan 2007 3
190
191
192
193
194
195
196 System Administration Commands ifconfig(1M)
197
198
199
200 requested operation to complete. The symbolic value
201 forever may be used as well, with obvious meaning.
202
203
204 drop
205
206 Remove the specified interface from DHCP control
207 without notifying the DHCP server, and record the
208 current lease for later use. Additionally, for IPv4,
209 set the IP address to zero and mark the interface as
210 "down." For IPv6, unplumb all logical interfaces
211 plumbed by dhcpagent.
212
213
214 extend
215
216 Attempt to extend the lease on the interface's IP
217 address. This is not required, as the agent will
218 automatically extend the lease well before it
219 expires.
220
221
222 inform
223
224 Obtain network configuration parameters from DHCP
225 without obtaining a lease on IP addresses. This is
226 useful in situations where an IP address is obtained
227 through mechanisms other than DHCP.
228
229
230 ping
231
232 Check whether the interface given is under DHCP con-
233 trol, which means that the interface is managed by
234 the DHCP agent and is working properly. An exit
235 status of 0 means success.
236
237
238 release
239
240 Relinquish the IP addresses on the interface by
241 notifying the server and discard the current lease.
242 For IPv4, mark the interface as "down." For IPv6,
243 all logical interfaces plumbed by dhcpagent are
244 unplumbed.
245
246
247 start
248
249 Start DHCP on the interface.
250
251
252
253
254
255 SunOS 5.11 Last change: 21 Jan 2007 4
256
257
258
259
260
261
262 System Administration Commands ifconfig(1M)
263
264
265
266 status
267
268 Display the DHCP configuration status of the inter-
269 face.
270
271
272
273 auto-revarp
274
275 Use the Reverse Address Resolution Protocol (RARP) to
276 automatically acquire an address for this interface.
277 This will fail if the interface does not support RARP;
278 for example, IPoIB (IP over InfiniBand), and on IPv6
279 interfaces.
280
281
282 broadcast address
283
284 For IPv4 only. Specify the address to use to represent
285 broadcasts to the network. The default broadcast address
286 is the address with a host part of all 1's. A "+" (plus
287 sign) given for the broadcast value causes the broadcast
288 address to be reset to a default appropriate for the
289 (possibly new) address and netmask. The arguments of
290 ifconfig are interpreted left to right. Therefore
291
292 example% ifconfig -a netmask + broadcast +
293
294
295 and
296
297 example% ifconfig -a broadcast + netmask +
298
299
300 may result in different values being assigned for the
301 broadcast addresses of the interfaces.
302
303
304 deprecated
305
306 Marks the logical interface as deprecated. An address
307 associated with a deprecated interface will not be used
308 as source address for outbound packets unless either
309 there are no other addresses available on the interface
310 or the application has bound to this address explicitly.
311 The status display shows DEPRECATED as part of flags.
312 See for information on the flags supported by ifconfig.
313
314
315 -deprecated
316
317 Marks a logical interface as not deprecated. An address
318
319
320
321 SunOS 5.11 Last change: 21 Jan 2007 5
322
323
324
325
326
327
328 System Administration Commands ifconfig(1M)
329
330
331
332 associated with such an interface could be used as a
333 source address for outbound packets.
334
335
336 preferred
337
338 Marks the logical interface as preferred. This option is
339 only valid for IPv6 addresses. Addresses assigned to
340 preferred logical interfaces are preferred as source
341 addresses over all other addresses configured on the
342 system, unless the address is of an inappropriate scope
343 relative to the destination address. Preferred addresses
344 are used as source addresses regardless of which physi-
345 cal interface they are assigned to. For example, you can
346 configure a preferred source address on the loopback
347 interface and advertise reachability of this address by
348 using a routing protocol.
349
350
351 -preferred
352
353 Marks the logical interface as not preferred.
354
355
356 destination dest_address
357
358 Set the destination address for a point-to point inter-
359 face.
360
361
362 dhcp
363
364 This option is an alias for option auto-dhcp
365
366
367 down
368
369 Mark a logical interface as "down". (That is, turn off
370 the IFF_UP bit.) When a logical interface is marked
371 "down," the system does not attempt to use the address
372 assigned to that interface as a source address for out-
373 bound packets and will not recognize inbound packets
374 destined to that address as being addressed to this
375 host. Additionally, when all logical interfaces on a
376 given physical interface are "down," the physical inter-
377 face itself is disabled.
378
379 When a logical interface is down, all routes that
380 specify that interface as the output (using the -ifp
381 option in the route(1M) command or RTA_IFP in a
382 route(7P) socket) are removed from the forwarding table.
383 Routes marked with RTF_STATIC are returned to the table
384
385
386
387 SunOS 5.11 Last change: 21 Jan 2007 6
388
389
390
391
392
393
394 System Administration Commands ifconfig(1M)
395
396
397
398 if the interface is brought back up, while routes not
399 marked with RTF_STATIC are simply deleted.
400
401 When all logical interfaces that could possibly be used
402 to reach a particular gateway address are brought down
403 (specified without the interface option as in the previ-
404 ous paragraph), the affected gateway routes are treated
405 as though they had the RTF_BLACKHOLE flag set. All
406 matching packets are discarded because the gateway is
407 unreachable.
408
409
410 encaplimit n
411
412 Set the tunnel encapsulation limit for the interface to
413 n. This option applies to IPv4-in-IPv6 and IPv6-in-IPv6
414 tunnels only. The tunnel encapsulation limit controls
415 how many more tunnels a packet may enter before it
416 leaves any tunnels, that is, the tunnel nesting level.
417
418
419 -encaplimit
420
421 Disable generation of the tunnel encapsulation limit.
422 This option applies only to IPv4-in-IPv6 and IPv6-in-
423 IPv6 tunnels.
424
425
426 encr_auth_algs authentication algorithm
427
428 For a tunnel, enable IPsec ESP with the authentication
429 algorithm specified. It can be either a number or an
430 algorithm name, including any or none, to indicate no
431 algorithm preference. If an ESP encryption algorithm is
432 specified but the authentication algorithm is not, the
433 default value for the ESP authentication algorithm will
434 be any.
435
436 It is now preferable to use the ipsecconf(1M) command
437 when configuring a tunnel's security properties. If
438 ipsecconf was used to set a tunnel's security proper-
439 ties, this keyword will not affect the tunnel.
440
441
442 encr_algs encryption algorithm
443
444 For a tunnel, enable IPsec ESP with the encryption algo-
445 rithm specified. It can be either a number or an algo-
446 rithm name. Note that all IPsec tunnel properties must
447 be specified on the same command line. To disable tunnel
448 security, specify the value of encr_alg as none. If an
449 ESP authentication algorithm is specified, but the
450
451
452
453 SunOS 5.11 Last change: 21 Jan 2007 7
454
455
456
457
458
459
460 System Administration Commands ifconfig(1M)
461
462
463
464 encryption algorithm is not, the default value for the
465 ESP encryption will be null.
466
467 It is now preferable to use the ipsecconf(1M) command
468 when configuring a tunnel's security properties. If
469 ipsecconf was used to set a tunnel's security proper-
470 ties, this keyword will not affect the tunnel.
471
472
473 ether [ address ]
474
475 If no address is given and the user is root or has suf-
476 ficient privileges to open the underlying datalink, then
477 display the current Ethernet address information.
478
479 Otherwise, if the user is root or has sufficient
480 privileges, set the Ethernet address of the interfaces
481 to address. The address is an Ethernet address
482 represented as x:x:x:x:x:x where x is a hexadecimal
483 number between 0 and FF. Similarly, for the IPoIB (IP
484 over InfiniBand) interfaces, the address will be 20
485 bytes of colon-separated hex numbers between 0 and FF.
486
487 Some, though not all, Ethernet interface cards have
488 their own addresses. To use cards that do not have their
489 own addresses, refer to section 3.2.3(4) of the IEEE
490 802.3 specification for a definition of the locally
491 administered address space. Note that all IP interfaces
492 in an IPMP group must have unique hardware addresses;
493 see *in.mpathd(1M)*.
494
495
496 -failover
497
498 Set *NOFAILOVER* on the logical interface. This makes
499 the associated address available for use by *in.mpathd*
500 to perform probe-based failure detection for the
501 associated physical IP interface. As a side effect,
502 *DEPRECATED* will also be set on the logical interface.
503 This operation is not permitted on an IPMP IP interface.
504
505
506 failover
507
508 Clear *NOFAILOVER* on the logical interface. This is
509 the default. These logical interfaces are subject to
510 migration when brought up (see IP MULTIPATHING GROUPS).
511
512
513 group [ name | "" ]
514
515 When applied to a physical interface, it places the
516 interface into the named group. If the group does not
517 exist, it will be created, along with one or more IPMP
518 IP interfaces (for IPv4, IPv6, or both). Any *UP*
519 addresses that are not also marked *NOFAILOVER* are
520 subject to migration to the IPMP IP interface (see IP
521 MULTIPATHING GROUPS). Specifying a group name of *""*
522 removes the physical IP interface from the group.
523
524 When applied to a physical IPMP IP interface, it renames
525 the IPMP group to have the new name. If the name
526 already exists, or a name of *""* is specified, it
527 fails. Renaming IPMP groups is discouraged. Instead,
528 the IPMP IP interface should be given a meaningful name
529 when it is created via the *ipmp* subcommand, which the
530 system will also use as the IPMP group name.
531
532
533 index n
534
535 Change the interface index for the interface. The value
536 of n must be an interface index (if_index) that is not
537 used on another interface. if_index will be a non-zero
538 positive number that uniquely identifies the network
539 interface on the system.
540
541
542 ipmp
543
544 Create an IPMP IP interface with the specified name. An
545 interface must be separately created for use by IPv4 and
546 IPv6. The *address_family* parameter controls whether
547 the command applies to IPv4 or IPv6 (IPv4 if
548 unspecified). All IPMP IP interfaces have the *IPMP*
549 flag set.
550
551 metric n
552
553 Set the routing metric of the interface to n; if no
554 value is specified, the default is 0. The routing metric
555 is used by the routing protocol. Higher metrics have the
556 effect of making a route less favorable. Metrics are
557 counted as addition hops to the destination network or
558 host.
559
560
561 modinsert mod_name@pos
562
563 Insert a module with name mod_name to the stream of the
564 device at position pos. The position is relative to the
565 stream head. Position 0 means directly under stream
566 head.
567
568 Based upon the example in the modlist option, use the
569 following command to insert a module with name ipqos
570 under the ip module and above the firewall module:
571
572 example% ifconfig eri0 modinsert ipqos@2
573
574
575 A subsequent listing of all the modules in the stream of
576 the device follows:
577
578 example% ifconfig eri0 modlist
579 0 arp
580 1 ip
581 2 ipqos
582 3 firewall
583 4 eri
584
585
586
587
588
589
590
591
592 SunOS 5.11 Last change: 21 Jan 2007 9
593
594
595
596
597
598
599 System Administration Commands ifconfig(1M)
600
601
602
603 modlist
604
605 List all the modules in the stream of the device.
606
607 The following example lists all the modules in the
608 stream of the device:
609
610 example% ifconfig eri0 modlist
611 0 arp
612 1 ip
613 2 firewall
614 4 eri
615
616
617
618
619 modremove mod_name@pos
620
621 Remove a module with name mod_name from the stream of
622 the device at position pos. The position is relative to
623 the stream head.
624
625 Based upon the example in the modinsert option, use the
626 following command to remove the firewall module from the
627 stream after inserting the ipqos module:
628
629 example% ifconfig eri0 modremove firewall@3
630
631
632 A subsequent listing of all the modules in the stream of
633 the device follows:
634
635 example% ifconfig eri0 modlist
636 0 arp
637 1 ip
638 2 ipqos
639 3 eri
640
641
642 Note that the core IP stack modules, for example, ip and
643 tun modules, cannot be removed.
644
645
646 mtu n
647
648 Set the maximum transmission unit of the interface to n.
649 For many types of networks, the mtu has an upper limit,
650 for example, 1500 for Ethernet. This option sets the
651 FIXEDMTU flag on the affected interface.
652
653
654
655
656
657
658 SunOS 5.11 Last change: 21 Jan 2007 10
659
660
661
662
663
664
665 System Administration Commands ifconfig(1M)
666
667
668
669 netmask mask
670
671 For IPv4 only. Specify how much of the address to
672 reserve for subdividing networks into subnetworks. The
673 mask includes the network part of the local address and
674 the subnet part, which is taken from the host field of
675 the address. The mask contains 1's for the bit positions
676 in the 32-bit address which are to be used for the net-
677 work and subnet parts, and 0's for the host part. The
678 mask should contain at least the standard network por-
679 tion, and the subnet field should be contiguous with the
680 network portion. The mask can be specified in one of
681 four ways:
682
683 1. with a single hexadecimal number with a leading
684 0x,
685
686 2. with a dot-notation address,
687
688 3. with a "+" (plus sign) address, or
689
690 4. with a pseudo host name/pseudo network name
691 found in the network database networks(4).
692 If a "+" (plus sign) is given for the netmask value, the
693 mask is looked up in the netmasks(4) database. This
694 lookup finds the longest matching netmask in the data-
695 base by starting with the interface's IPv4 address as
696 the key and iteratively masking off more and more low
697 order bits of the address. This iterative lookup ensures
698 that the netmasks(4) database can be used to specify the
699 netmasks when variable length subnetmasks are used
700 within a network number.
701
702 If a pseudo host name/pseudo network name is supplied as
703 the netmask value, netmask data may be located in the
704 hosts or networks database. Names are looked up by first
705 using gethostbyname(3NSL). If not found there, the names
706 are looked up in getnetbyname(3SOCKET). These interfaces
707 may in turn use nsswitch.conf(4) to determine what data
708 store(s) to use to fetch the actual value.
709
710 For both inet and inet6, the same information conveyed
711 by mask can be specified as a prefix_length attached to
712 the address parameter.
713
714
715 nud
716
717 Enables the neighbor unreachability detection mechanism
718 on a point-to-point physical interface.
719
720
721
722
723
724 SunOS 5.11 Last change: 21 Jan 2007 11
725
726
727
728
729
730
731 System Administration Commands ifconfig(1M)
732
733
734
735 -nud
736
737 Disables the neighbor unreachability detection mechanism
738 on a point-to-point physical interface.
739
740
741 plumb
742
743 For a physical IP interface, open the datalink
744 associated with the physical interface name and set up
745 the plumbing needed for IP to use the datalink. When
746 used with a logical interface name, this command is used
747 to create a specific named logical interface on an
748 existing physical IP interface.
749
750 An interface must be separately plumbed for IPv4 and
751 IPv6 according to the *address_family* parameter (IPv4
752 if unspecified). Before an interface has been plumbed,
753 it will not be shown by *ifconfig -a*.
754
755 Note that IPMP IP interfaces are not tied to a specific
756 datalink and are instead created with the *ipmp*
757 subcommand.
758
759 private
760
761 Tells the in.routed routing daemon that a specified log-
762 ical interface should not be advertised.
763
764
765 -private
766
767 Specify unadvertised interfaces.
768
769
770 removeif address
771
772 Remove the logical interface on the physical interface
773 specified that matches the address specified.
774
775 router
776
777 Enable IP forwarding on the interface. When enabled, the
778 interface is marked *ROUTER*, and IP packets can be for-
779 warded to and from the interface. Enabling *ROUTER* on
780 any IP interface in an IPMP group applies the flag to
781 all IP interfaces in that IPMP group.
782
783
784 -router
785
786 Disable IP forwarding on the interface. IP packets are
787 not forwarded to and from the interface. Disabling
788 *ROUTER* on any IP interface in an IPMP group disables
789 it on all IP interfaces in that IPMP group.
790
791
792
793 SunOS 5.11 Last change: 21 Jan 2007 12
794
795
796
797
798
799
800 System Administration Commands ifconfig(1M)
801
802
803
804 set
805
806 Set the address, prefix_length or both, for a logical
807 interface.
808
809
810 standby
811
812 Mark the physical IP interface as a *STANDBY* interface.
813 If an interface is marked *STANDBY* and is part of an
814 IPMP group, the interface will not be used for data
815 traffic unless another interface in the IPMP group
816 becomes unusable. When a *STANDBY* interface is
817 functional but not being used for data traffic, it will
818 also be marked *INACTIVE*. This operation is not
819 permitted on an IPMP IP interface.
820
821
822 -standby
823
824 Clear *STANDBY* on this interface. This is the default.
825
826
827 subnet
828
829 Set the subnet address for an interface.
830
831
832 tdst tunnel_dest_address
833
834 Set the destination address of a tunnel. The address
835 should not be the same as the dest_address of the tun-
836 nel, because no packets leave the system over such a
837 tunnel.
838
839
840 thoplimit n
841
842 Set the hop limit for a tunnel interface. The hop limit
843 value is used as the TTL in the IPv4 header for the
844 IPv6-in-IPv4 and IPv4-in-IPv4 tunnels. For IPv6-in-IPv6
845 and IPv4-in-IPv6 tunnels, the hop limit value is used as
846 the hop limit in the IPv6 header.
847
848
849 token address/prefix_length
850
851
852
853
854 SunOS 5.11 Last change: 21 Jan 2007 13
855
856
857
858
859
860
861 System Administration Commands ifconfig(1M)
862
863
864
865 Set the IPv6 token of an interface to be used for
866 address autoconfiguration.
867
868 example% ifconfig eri0 inet6 token ::1/64
869
870
871
872
873 trailers
874
875 This flag previously caused a nonstandard encapsulation
876 of IPv4 packets on certain link levels. Drivers supplied
877 with this release no longer use this flag. It is pro-
878 vided for compatibility, but is ignored.
879
880
881 -trailers
882
883 Disable the use of a "trailer" link level encapsulation.
884
885
886 tsrc tunnel_src_address
887
888 Set the source address of a tunnel. This is the source
889 address on an outer encapsulating IP header. It must be
890 an address of another interface already configured using
891 ifconfig.
892
893
894 unplumb
895
896 For a physical or IPMP interface, remove all associated
897 logical IP interfaces and tear down any plumbing needed
898 for IP to use the interface. For an IPMP IP interface,
899 this command will fail if the group is not empty. For a
900 logical interface, the logical interface is removed.
901
902 An interface must be separately unplumbed for IPv4 and
903 IPv6 according to the *address_family* parameter (IPv4
904 if unspecified). Upon success, the interface name will
905 no longer appear in the output of *ifconfig -a*.
906
907
908 up
909
910 Mark a logical interface *UP*. As a result, the IP
911 module will accept packets destined to the associated
912 address (unless the address is zero), along with any
913 associated multicast and broadcast IP addresses.
914 Similarly, the IP module will allow packets to be sent
915 with the associated address as a source address.
916
917
918 usesrc [ name | none ]
919
920 Specify a physical interface to be used for source
921 address selection. If the keyword none is used, then any
922 previous selection is cleared.
923
924
925
926 SunOS 5.11 Last change: 21 Jan 2007 14
927
928
929
930
931
932
933 System Administration Commands ifconfig(1M)
934
935
936
937 When an application does not choose a non-zero source
938 address using bind(3SOCKET), the system will select an
939 appropriate source address based on the outbound inter-
940 face and the address selection rules (see
941 ipaddrsel(1M)).
942
943 When usesrc is specified and the specified interface is
944 selected in the forwarding table for output, the system
945 looks first to the specified physical interface and its
946 associated logical interfaces when selecting a source
947 address. If no usable address is listed in the forward-
948 ing table, the ordinary selection rules apply. For exam-
949 ple, if you enter:
950
951 # ifconfig eri0 usesrc vni0
952
953
954 ...and vni0 has address 10.0.0.1 assigned to it, the
955 system will prefer 10.0.0.1 as the source address for
956 any packets originated by local connections that are
957 sent through eri0. Further examples are provided in the
958 EXAMPLES section.
959
960 While you can specify any physical interface (or even
961 loopback), be aware that you can also specify the vir-
962 tual IP interface (see vni(7D)). The virtual IP inter-
963 face is not associated with any physical hardware and is
964 thus immune to hardware failures. You can specify any
965 number of physical interfaces to use the source address
966 hosted on a single virtual interface. This simplifies
967 the configuration of routing-based multipathing. If one
968 of the physical interfaces were to fail, communication
969 would continue through one of the remaining, functioning
970 physical interfaces. This scenario assumes that the
971 reachability of the address hosted on the virtual inter-
972 face is advertised in some manner, for example, through
973 a routing protocol.
974
975 Because the ifconfig preferred option is applied to all
976 interfaces, it is coarser-grained than the usesrc
977 option. It will be overridden by usesrc and setsrc
978 (route subcommand), in that order.
979
980 The use of the usesrc option is mutually exclusive of
981 the IPMP *group* and *standby* subcommands. That is, if
982 an interface is already part of a IPMP group or
983 specified as a *STANDBY* interface, then it cannot be
984 specified with a usesrc option, and vice-versa.
985
986
987
988 SunOS 5.11 Last change: 21 Jan 2007 15
989
990
991
992
993
994
995 System Administration Commands ifconfig(1M)
996
997
998
999 xmit
1000
1001 Enable a logical interface to transmit packets. This is
1002 the default behavior when the logical interface is up.
1003
1004
1005 -xmit
1006
1007 Disable transmission of packets on an interface. The
1008 interface will continue to receive packets.
1009
1010
1011 zone zonename
1012
1013 Place the logical interface in zone zonename. The named
1014 zone must be active in the kernel in the ready or run-
1015 ning state. The interface is unplumbed when the zone is
1016 halted or rebooted. The zone must be configure to be an
1017 shared-IP zone. zonecfg(1M) is used to assign network
1018 interface names to exclusive-IP zones.
1019
1020
1021 -zone
1022
1023 Place IP interface in the global zone. This is the
1024 default.
1025
1026
1027 OPERANDS
1028 The interface operand, as well as address parameters that
1029 affect it, are described below.
1030
1031 interface
1032
1033 A string of one of the following forms:
1034
1035 o name physical-unit, for example, eri0 or ce1
1036
1037 o name physical-unit:logical-unit, for example,
1038 eri0:1
1039
1040 o ip.tunN or ip6.tunN, for tunnels
1041 If the interface name starts with a dash (-), it is
1042 interpreted as a set of options which specify a set of
1043 interfaces. In such a case, -a must be part of the
1044 options and any of the additional options below can be
1045 added in any order. If one of these interface names is
1046 given, the commands following it are applied to all of
1047 the interfaces that match.
1048
1049 -a
1050
1051
1052
1053
1054 SunOS 5.11 Last change: 21 Jan 2007 16
1055
1056
1057
1058
1059
1060
1061 System Administration Commands ifconfig(1M)
1062
1063
1064
1065 Apply the command to all interfaces of the specified
1066 address family. If no address family is supplied,
1067 either on the command line or by means of
1068 /etc/default/inet_type, then all address families
1069 will be selected.
1070
1071
1072 -d
1073
1074 Apply the commands to all "down" interfaces in the
1075 system.
1076
1077
1078 -D
1079
1080 Apply the commands to all interfaces not under DHCP
1081 (Dynamic Host Configuration Protocol) control.
1082
1083
1084 -u
1085
1086 Apply the commands to all "up" interfaces in the
1087 system.
1088
1089
1090 -Z
1091
1092 Apply the commands to all interfaces in the user's
1093 zone.
1094
1095
1096 -4
1097
1098 Apply the commands to all IPv4 interfaces.
1099
1100
1101 -6
1102
1103 Apply the commands to all IPv6 interfaces.
1104
1105
1106
1107 address_family
1108
1109 The address family is specified by the address_family
1110 parameter. The ifconfig command currently supports the
1111 following families: inet and inet6. If no address family
1112 is specified, the default is inet.
1113
1114 ifconfig honors the DEFAULT_IP setting in the
1115 /etc/default/inet_type file when it displays interface
1116 information . If DEFAULT_IP is set to IP_VERSION4, then
1117
1118
1119
1120 SunOS 5.11 Last change: 21 Jan 2007 17
1121
1122
1123
1124
1125
1126
1127 System Administration Commands ifconfig(1M)
1128
1129
1130
1131 ifconfig will omit information that relates to IPv6
1132 interfaces. However, when you explicitly specify an
1133 address family (inet or inet6) on the ifconfig command
1134 line, the command line overrides the DEFAULT_IP set-
1135 tings.
1136
1137
1138 address
1139
1140 For the IPv4 family (inet), the address is either a host
1141 name present in the host name data base (see hosts(4))
1142 or in the Network Information Service (NIS) map hosts,
1143 or an IPv4 address expressed in the Internet standard
1144 "dot notation".
1145
1146 For the IPv6 family (inet6), the address is either a
1147 host name present in the host name data base (see
1148 hosts(4)) or in the Network Information Service (NIS)
1149 map ipnode, or an IPv6 address expressed in the Internet
1150 standard colon-separated hexadecimal format represented
1151 as x:x:x:x:x:x:x:x where x is a hexadecimal number
1152 between 0 and FFFF.
1153
1154
1155 prefix_length
1156
1157 For the IPv4 and IPv6 families (inet and inet6), the
1158 prefix_length is a number between 0 and the number of
1159 bits in the address. For inet, the number of bits in the
1160 address is 32; for inet6, the number of bits in the
1161 address is 128. The prefix_length denotes the number of
1162 leading set bits in the netmask.
1163
1164
1165 dest_address
1166
1167 If the dest_address parameter is supplied in addition to
1168 the address parameter, it specifies the address of the
1169 correspondent on the other end of a point-to-point link.
1170
1171
1172 tunnel_dest_address
1173
1174 An address that is or will be reachable through an
1175 interface other than the tunnel being configured. This
1176 tells the tunnel where to send the tunneled packets.
1177 This address must not be the same as the interface des-
1178 tination address being configured.
1179
1180
1181 tunnel_src_address
1182
1183
1184
1185
1186 SunOS 5.11 Last change: 21 Jan 2007 18
1187
1188
1189
1190
1191
1192
1193 System Administration Commands ifconfig(1M)
1194
1195
1196
1197 An address that is attached to an already configured
1198 interface that has been configured "up" with ifconfig.
1199
1200
1201 INTERFACE FLAGS
1202 The ifconfig command supports the following interface flags.
1203 The term "address" in this context refers to a logical
1204 interface, for example, eri0:0, while "interface " refers to
1205 the physical interface, for example, eri0.
1206
1207 ADDRCONF
1208
1209 The address is from stateless addrconf. The stateless
1210 mechanism allows a host to generate its own address
1211 using a combination of information advertised by routers
1212 and locally available information. Routers advertise
1213 prefixes that identify the subnet associated with the
1214 link, while the host generates an "interface identifier"
1215 that uniquely identifies an interface in a subnet. In
1216 the absence of information from routers, a host can gen-
1217 erate link-local addresses. This flag is specific to
1218 IPv6.
1219
1220
1221 ANYCAST
1222
1223 Indicates an anycast address. An anycast address identi-
1224 fies the nearest member of a group of systems that pro-
1225 vides a particular type of service. An anycast address
1226 is assigned to a group of systems. Packets are delivered
1227 to the nearest group member identified by the anycast
1228 address instead of being delivered to all members of the
1229 group.
1230
1231
1232 BROADCAST
1233
1234 This broadcast address is valid. This flag and POINTTO-
1235 POINT are mutually exclusive
1236
1237
1238 CoS
1239
1240 This interface supports some form of Class of Service
1241 (CoS) marking. An example is the 802.1D user priority
1242 marking supported on VLAN interfaces. For IPMP IP
1243 interfaces, this will only be set if all interfaces in
1244 the group have CoS set.
1245
1246
1247 DEPRECATED
1248
1249 This address is deprecated. This address will not be
1250 used as a source address for outbound packets unless
1251 there are no other addresses on this interface or an
1252 application has explicitly bound to this address. An
1253 IPv6 deprecated address is part of the standard
1254 mechanism for renumbering in IPv6 and will eventually be
1255 deleted when not used. For both IPv4 and IPv6,
1256 *DEPRECATED* is also set on all *NOFAILOVER* addresses,
1257 though this may change in a future release.
1258
1259 DHCPRUNNING
1260
1261 The logical interface is managed by *dhcpagent(1M)*.
1262
1263
1264 DUPLICATE
1265
1266 The logical interface has been disabled because the IP
1267 address configured on the interface is a duplicate. Some
1268 other node on the network is using this address. If the
1269 address was configured by DHCP or is temporary, the sys-
1270 tem will choose another automatically, if possible. Oth-
1271 erwise, the system will attempt to recover this address
1272 periodically and the interface will recover when the
1273 conflict has been removed from the network. Changing the
1274 address or netmask, or setting the logical interface to
1275 up will restart duplicate detection. Setting the inter-
1276 face to down terminates recovery and removes the DUPLI-
1277 CATE flag.
1278
1279
1280 FAILED
1281
1282 The *in.mpathd* daemon has determined that the interface
1283 has failed. *FAILED* interfaces will not be used to
1284 send or receive IP data traffic. If this is set on a
1285 physical IP interface in an IPMP group, IP data traffic
1286 will continue to flow over other usable IP interfaces in
1287 the IPMP group. If this is set on an IPMP IP interface,
1288 the entire group has failed and no data traffic can be
1289 sent or received over any interfaces in that group.
1290
1291
1292 FIXEDMTU
1293
1294 The MTU has been set using the -mtu option. This flag is
1295 read-only. Interfaces that have this flag set have a
1296 fixed MTU value that is unaffected by dynamic MTU
1297 changes that can occur when drivers notify IP of link
1298 MTU changes.
1299
1300
1301 INACTIVE
1302
1303 The physical interface is functioning but is not used to
1304 send or receive data traffic according to administrative
1305 policy. This flag is initially set by the *standby*
1306 subcommand and is subsequently controlled by
1307 *in.mpathd*. It also set when *FAILBACK=no* mode is
1308 enabled (see *in.mpathd(1M)*) to indicate that the IP
1309 interface has repaired but is not being used.
1310
1311
1312 IPMP
1313
1314 Indicates that this is an IPMP IP interface.
1315
1316
1317 LOOPBACK
1318
1319 Indicates that this is the loopback interface.
1320
1321
1322 MULTI_BCAST
1323
1324 Indicates that the broadcast address is used for multi-
1325 cast on this interface.
1326
1327
1328 MULTICAST
1329
1330 The interface supports multicast. IP assumes that any
1331 interface that supports hardware broadcast, or that is a
1332 point-to-point link, will support multicast.
1333
1334
1335 NOARP
1336
1337 There is no address resolution protocol (ARP) for this
1338 interface that corresponds to all interfaces for a dev-
1339 ice without a broadcast address. This flag is specific
1340 to IPv4.
1341
1342
1343 NOFAILOVER
1344
1345 The address associated with this logical interface is
1346 available to *in.mpathd* for probe-based failure
1347 detection of the associated physical IP interface.
1348
1349
1350 NOLOCAL
1351
1352 The interface has no address , just an on-link subnet.
1353
1354
1355
1356
1357
1358
1359 SunOS 5.11 Last change: 21 Jan 2007 21
1360
1361
1362
1363
1364
1365
1366 System Administration Commands ifconfig(1M)
1367
1368
1369
1370 NONUD
1371
1372 NUD is disabled on this interface. NUD (neighbor
1373 unreachability detection) is used by a node to track the
1374 reachability state of its neighbors, to which the node
1375 actively sends packets, and to perform any recovery if a
1376 neighbor is detected to be unreachable. This flag is
1377 specific to IPv6.
1378
1379
1380 NORTEXCH
1381
1382 The interface does not exchange routing information. For
1383 RIP-2, routing packets are not sent over this interface.
1384 Additionally, messages that appear to come over this
1385 interface receive no response. The subnet or address of
1386 this interface is not included in advertisements over
1387 other interfaces to other routers.
1388
1389
1390 NOXMIT
1391
1392 Indicates that the address does not transmit packets.
1393 RIP-2 also does not advertise this address.
1394
1395
1396 OFFLINE
1397
1398 The interface is offline and thus cannot send or receive
1399 IP data traffic. This is only set on IP interfaces in
1400 an IPMP group. See *if_mpadm(1M)* and *cfgadm(1M)*.
1401
1402
1403 POINTOPOINT
1404
1405 Indicates that the address is a point-to-point link.
1406 This flag and BROADCAST are mutually exclusive
1407
1408
1409 PREFERRED
1410
1411 This address is a preferred IPv6 source address. This
1412 address will be used as a source address for IPv6 com-
1413 munication with all IPv6 destinations, unless another
1414 address on the system is of more appropriate scope. The
1415 DEPRECATED flag takes precedence over the PREFERRED
1416 flag.
1417
1418
1419
1420
1421
1422
1423 SunOS 5.11 Last change: 21 Jan 2007 22
1424
1425
1426
1427
1428
1429
1430 System Administration Commands ifconfig(1M)
1431
1432
1433
1434 PRIVATE
1435
1436 Indicates that this address is not advertised. For RIP-
1437 2, this interface is used to send advertisements. How-
1438 ever, neither the subnet nor this address are included
1439 in advertisements to other routers.
1440
1441
1442 ROUTER
1443
1444 Indicates that IP packets can be forwarded to and from
1445 the interface.
1446
1447
1448 RUNNING
1449
1450 Indicates that the required resources for an i nterface
1451 are allocated. For some interfaces this also indicates
1452 that the link is up. For IPMP IP interfaces, *RUNNING*
1453 is set as long as one IP interface in the group is
1454 active.
1455
1456
1457 STANDBY
1458
1459 Indicates that this physical interface will not be used
1460 for data traffic unless another interface in the IPMP
1461 group becomes unusable. The *INACTIVE* and *FAILED*
1462 flags indicate whether it is actively being used.
1463
1464
1465 TEMPORARY
1466
1467 Indicates that this is a temporary IPv6 address as
1468 defined in RFC 3041.
1469
1470
1471 UNNUMBERED
1472
1473 This flag is set when the local IP address on the link
1474 matches the local address of some other link in the sys-
1475 tem
1476
1477
1478 UP
1479
1480 Indicates that the logical interface (and the associated
1481 physical interface) is up. The IP module will accept
1482 packets destined to UP addresses (unless the address is
1483 zero), along with any associated multicast and broadcast
1484 IP addresses. Similarly, the IP module will allow
1485 packets to be sent with an UP address as a source
1486 address.
1487
1488
1489 SunOS 5.11 Last change: 21 Jan 2007 23
1490
1491
1492
1493
1494
1495
1496 System Administration Commands ifconfig(1M)
1497
1498
1499
1500 VIRTUAL
1501
1502 Indicates that the physical interface has no underlying
1503 hardware. It is not possible to transmit or receive
1504 packets through a virtual interface. These interfaces
1505 are useful for configuring local addresses that can be
1506 used on multiple interfaces. (See also the *usesrc*
1507 option.)
1508
1509
1510 XRESOLV
1511
1512 Indicates that the interface uses an IPv6 external
1513 resolver.
1514
1515
1516 LOGICAL INTERFACES
1517 Solaris TCP/IP allows multiple logical interfaces to be
1518 associated with a physical network interface. This allows a
1519 single machine to be assigned multiple IP addresses, even
1520 though it may have only one network interface. Physical net-
1521 work interfaces have names of the form driver-name
1522 physical-unit-number, while logical interfaces have names of
1523 the form driver-name physical-unit-number:logical-unit-
1524 number. A physical interface is configured into the system
1525 using the plumb command. For example:
1526
1527 example% ifconfig eri0 plumb
1528
1529
1530
1531
1532 Once a physical interface has been "plumbed", logical inter-
1533 faces associated with the physical interface can be config-
1534 ured by separate -plumb or -addif options to the ifconfig
1535 command.
1536
1537 example% ifconfig eri0:1 plumb
1538
1539
1540
1541
1542 allocates a specific logical interface associated with the
1543 physical interface eri0. The command
1544
1545 example% ifconfig eri0 addif 192.168.200.1/24 up
1546
1547
1548
1549
1550 allocates the next available logical unit number on the eri0
1551 physical interface and assigns an address and prefix_length.
1552
1553
1554
1555 SunOS 5.11 Last change: 21 Jan 2007 24
1556
1557
1558
1559
1560
1561
1562 System Administration Commands ifconfig(1M)
1563
1564
1565
1566 A logical interface can be configured with parameters (
1567 address,prefix_length, and so on) different from the physi-
1568 cal interface with which it is associated. Logical inter-
1569 faces that are associated with the same physical interface
1570 can be given different parameters as well. Each logical
1571 interface must be associated with an existing and "up" phy-
1572 sical interface. So, for example, the logical interface
1573 eri0:1 can only be configured after the physical interface
1574 eri0 has been plumbed.
1575
1576
1577 To delete a logical interface, use the *unplumb* or
1578 *removeif* options. For example,
1579
1580 example% ifconfig eri0:1 down unplumb
1581
1582 will delete the logical interface *eri0:1*.
1583
1584 IP MULTIPATHING GROUPS
1585
1586 Physical interfaces that share the same IP broadcast domain
1587 _must_ be collected into a single IP Multipathing (IPMP)
1588 group using the *group* subcommand. Each IPMP group has an
1589 associated IPMP IP interface, which can either be explicitly
1590 created (the preferred method) by using the *ipmp*
1591 subcommand or implicitly created by *ifconfig* in response
1592 to placing an IP interface into a new IPMP group.
1593 Implicitly-created IPMP interfaces will be named ipmp_N_
1594 where _N_ is the lowest integer that doesn't conflict with
1595 an existing IP interface name or IPMP group name.
1596
1597 Each IPMP IP interface is created with a matching IPMP group
1598 name, though it can be changed using the *group* subcommand.
1599 Each IPMP IP interface hosts a set of highly-available IP
1600 addresses. These addresses will remain reachable so long as
1601 at least one interface in the group is active, where
1602 "active" is defined as having at least one UP address and
1603 having *INACTIVE*, *FAILED*, and *OFFLINE* clear. IP
1604 addresses hosted on the IPMP IP interface may either be
1605 configured statically or configured through DHCP via the
1606 *dhcp* subcommand.
1607
1608 Interfaces assigned to the same IPMP group are treated as
1609 equivalent and monitored for failure by *in.mpathd*.
1610 Provided that active interfaces in the group remain, IP
1611 interface failures (and any subsequent repairs) are handled
1612 transparently to sockets-based applications. IPMP is also
1613 integrated with the Dynamic Reconfiguration framework (see
1614 *cfgadm(1M)*), which enables network adapters to be replaced
1615 transparently to sockets-based applications.
1616
1617 The IP module automatically load-spreads all outbound
1618 traffic across all active interfaces in an IPMP group.
1619 Similarly, all *UP* addresses hosted on the IPMP IP
1620 interface and will be distributed across the active
1621 interfaces to promote inbound load-spreading. The
1622 *ipmpstat(1M)* utility allows many aspects of the IPMP
1623 subsystem to be observed, including the current binding of
1624 IP data addresses to IP interfaces.
1625
1626 When an interface is placed into an IPMP group, any *UP*
1627 logical interfaces are "migrated" to the IPMP IP interface
1628 for use by the group, unless:
1629
1630 * The logical interface is marked *NOFAILOVER*
1631 * The logical interface hosts an IPv6 link-local address.
1632 * The logical interface hosts an IPv4 0.0.0.0 address.
1633
1634 Likewise, once an interface is in a group, if changes are
1635 made to a logical interface such that it is *UP* and not
1636 exempted by one of the conditions above, it will also
1637 migrate to the associated IPMP IP interface. Logical
1638 interfaces never migrate back, even if the physical
1639 interface that contributed the address is removed from the
1640 group.
1641
1642 Each interface placed into an IPMP group may be optionally
1643 configured with a "test" address that *in.mpathd* will use
1644 for probe-based failure detection; see *in.mpathd(1M)*.
1645 These addresses must be marked *NOFAILOVER* (using the
1646 *-failover* subcommand) prior to being marked *UP*. Test
1647 addresses may also be acquired through DHCP via the *dhcp*
1648 subcommand.
1649
1650 For more background on IPMP, please see the "IPMP
1651 Administrative Overview" and "IPMP Configuration Tasks"
1652 chapters of the administrator documentation.
1653
1654
1655 CONFIGURING IPV6 INTERFACES
1656 When an IPv6 physical interface is plumbed and configured
1657 "up" with ifconfig, it is automatically assigned an IPv6
1658 link-local address for which the last 64 bits are calculated
1659 from the MAC address of the interface.
1660
1661 example% ifconfig eri0 inet6 plumb up
1662
1663
1664
1665
1666 The following example shows that the link-local address has
1667 a prefix of fe80::/10.
1668
1669 example% ifconfig eri0 inet6
1670 ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6>
1671
1672
1673
1674 SunOS 5.11 Last change: 21 Jan 2007 25
1675
1676
1677
1678
1679
1680
1681 System Administration Commands ifconfig(1M)
1682
1683
1684
1685 mtu 1500 index 2
1686 inet6 fe80::a00:20ff:fe8e:f3ad/10
1687
1688
1689
1690
1691 Link-local addresses are only used for communication on the
1692 local subnet and are not visible to other subnets.
1693
1694
1695 If an advertising IPv6 router exists on the link advertising
1696 prefixes, then the newly plumbed IPv6 interface will auto-
1697 configure logical interface(s) depending on the prefix
1698 advertisements. For example, for the prefix advertisement
1699 2001:0db8:3c4d:0:55::/64, the autoconfigured interface will
1700 look like:
1701
1702 eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6>
1703 mtu 1500 index 2
1704 inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64
1705
1706
1707
1708
1709 Even if there are no prefix advertisements on the link, you
1710 can still assign global addresses manually, for example:
1711
1712 example% ifconfig eri0 inet6 addif \
1713 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
1714
1715
1716
1717
1718 To configure boot-time defaults for the interface eri0,
1719 place the following entry in the /etc/hostname6.eri0 file:
1720
1721 addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
1722
1723
1724 Configuring IPv6/IPv4 tunnels
1725 An IPv6 over IPv4 tunnel interface can send and receive IPv6
1726 packets encapsulated in an IPv4 packet. Create tunnels at
1727 both ends pointing to each other. IPv6 over IPv4 tunnels
1728 require the tunnel source and tunnel destination IPv4 and
1729 IPv6 addresses. Solaris 8 supports both automatic and con-
1730 figured tunnels. For automatic tunnels, an IPv4-compatible
1731 IPv6 address is used. The following demonstrates auto-tunnel
1732 configuration:
1733
1734 example% ifconfig ip.atun0 inet6 plumb
1735 example% ifconfig ip.atun0 inet6 tsrc IPv4-address \
1736 ::IPv4 address/96 up
1737
1738
1739
1740 SunOS 5.11 Last change: 21 Jan 2007 26
1741
1742
1743
1744
1745
1746
1747 System Administration Commands ifconfig(1M)
1748
1749
1750
1751 where IPv4-address is the IPv4 address of the interface
1752 through which the tunnel traffic will flow, and IPv4-
1753 address, ::<IPv4-address>, is the corresponding IPv4-
1754 compatible IPv6 address.
1755
1756
1757 The following is an example of a configured tunnel:
1758
1759 example% ifconfig ip.tun0 inet6 plumb tsrc my-ipv4-address \
1760 tdst peer-ipv4-address up
1761
1762
1763
1764
1765 This creates a configured tunnel between my-ipv4-address and
1766 peer-ipv4-address with corresponding link-local addresses.
1767 For tunnels with global or site-local addresses, the logical
1768 tunnel interfaces need to be configured in the following
1769 form:
1770
1771 example% ifconfig ip.tun0 inet6 addif my-v6-address peer-v6-address up
1772
1773
1774
1775
1776 For example,
1777
1778 example% ifconfig ip.tun0 inet6 plumb tsrc 109.146.85.57 \
1779 tdst 109.146.85.212 up
1780 example% ifconfig ip.tun0 inet6 addif 2::45 2::46 up
1781
1782
1783
1784
1785 To show all IPv6 interfaces that are up and configured:
1786
1787 example% ifconfig -au6
1788 ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6>
1789 mtu 1480 index 3
1790 inet tunnel src 109.146.85.57 tunnel dst 109.146.85.212
1791 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1792 tunnel hop limit 60
1793 inet6 fe80::6d92:5539/10 --> fe80::6d92:55d4
1794 ip.tun0:1: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6>
1795 mtu 1480 index 3
1796 inet6 2::45/128 --> 2::46
1797
1798
1799
1800
1801 In the output above, note the line that begins with "tunnel
1802 security settings". The content of this line varies
1803
1804
1805
1806 SunOS 5.11 Last change: 21 Jan 2007 27
1807
1808
1809
1810
1811
1812
1813 System Administration Commands ifconfig(1M)
1814
1815
1816
1817 according to whether and how you have set your security set-
1818 tings. See "Display of Tunnel Security Settings," below.
1819
1820 Configuring IPv4/IPv6 Tunnels
1821 An IPv4 over IPv6 tunnel interface can send and receive IPv4
1822 packets encapsulated in an IPv6 packet. Create tunnels at
1823 both ends pointing to each other. IPv4 over IPv6 tunnels
1824 require the tunnel source and tunnel destination IPv6 and
1825 IPv4 addresses. The following demonstrates auto-tunnel con-
1826 figuration:
1827
1828 example% ifconfig ip6.tun0 inet plumb tsrc my-ipv6-address \
1829 tdst peer-ipv6-address my-ipv4-address \
1830 peer-ipv4-address up
1831
1832
1833
1834
1835 This creates a configured tunnel between my-ipv6-address and
1836 peer-ipv6-address with my-ipv4-address and peer-ipv4-address
1837 as the endpoints of the point-to-point interface, for exam-
1838 ple:
1839
1840 example% ifconfig ip6.tun0 inet plumb tsrc fe80::1 tdst fe80::2 \
1841 10.0.0.208 10.0.0.210 up
1842
1843
1844
1845
1846 To show all IPv4 interfaces that are up and configured:
1847
1848 example% ifconfig -au4
1849 lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
1850 inet 127.0.0.1 netmask ff000000
1851 eri0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 \
1852 index 2
1853 inet 172.17.128.208 netmask ffffff00 broadcast 172.17.128.255
1854 ip6.tun0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> \
1855 mtu 1460
1856 index 3
1857 inet6 tunnel src fe80::1 tunnel dst fe80::2
1858 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1859 tunnel hop limit 60 tunnel encapsulation limit 4
1860 inet 10.0.0.208 --> 10.0.0.210 netmask ff000000
1861
1862
1863
1864
1865 In the output above, note the line that begins with "tunnel
1866 security settings". The content of this line varies accord-
1867 ing to whether and how you have set your security settings.
1868 See "Display of Tunnel Security Settings," below.
1869
1870
1871
1872 SunOS 5.11 Last change: 21 Jan 2007 28
1873
1874
1875
1876
1877
1878
1879 System Administration Commands ifconfig(1M)
1880
1881
1882
1883 Display of Tunnel Security Settings
1884 The ifconfig output for tunneled interfaces indicates secu-
1885 rity settings, if present, for a tunnel. The content of the
1886 line showing your settings differs depending on how you have
1887 made your settings:
1888
1889 o If you set your security policy using the ifconfig
1890 -auth_algs, -encr_algs, and -encr_auth_algs options
1891 and do not use ipsecconf(1M), ifconfig displays
1892 your settings for each of these options.
1893
1894 o If you set your security policy using ipsecconf(1M)
1895 with the tunnel keyword (the preferred method),
1896 ifconfig displays:
1897
1898 tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
1899
1900
1901 ...in effect, hiding your settings from those
1902 without privileges to view them.
1903
1904 If you do net set security policy, using either
1905 ifconfig or ipsecconf, there is no tunnel security
1906 setting displayed.
1907
1908 EXAMPLES
1909 Example 1 Using the ifconfig Command
1910
1911
1912 If your workstation is not attached to an Ethernet, the net-
1913 work interface, for example, eri0, should be marked "down"
1914 as follows:
1915
1916
1917 example% ifconfig eri0 down
1918
1919
1920
1921 Example 2 Printing Addressing Information
1922
1923
1924 To print out the addressing information for each interface,
1925 use the following command:
1926
1927
1928 example% ifconfig -a
1929
1930
1931
1932 Example 3 Resetting the Broadcast Address
1933
1934
1935
1936
1937
1938 SunOS 5.11 Last change: 21 Jan 2007 29
1939
1940
1941
1942
1943
1944
1945 System Administration Commands ifconfig(1M)
1946
1947
1948
1949 To reset each interface's broadcast address after the net-
1950 masks have been correctly set, use the next command:
1951
1952
1953 example% ifconfig -a broadcast +
1954
1955
1956
1957 Example 4 Changing the Ethernet Address
1958
1959
1960 To change the Ethernet address for interface ce0, use the
1961 following command:
1962
1963
1964 example% ifconfig ce0 ether aa:1:2:3:4:5
1965
1966
1967
1968 Example 5 Configuring an IP-in-IP Tunnel
1969
1970
1971 To configure an IP-in-IP tunnel, first plumb it with the
1972 following command:
1973
1974
1975 example% ifconfig ip.tun0 plumb
1976
1977
1978
1979
1980 Then configure it as a point-to-point interface, supplying
1981 the tunnel source and the tunnel destination:
1982
1983
1984 example% ifconfig ip.tun0 myaddr mydestaddr tsrc another_myaddr \
1985 tdst a_dest_addr up
1986
1987
1988
1989
1990 Use ipsecconf(1M), as described above, to configure tunnel
1991 security properties.
1992
1993
1994 Example 6 Configuring 6to4 Tunnels
1995
1996
1997 To configure 6to4 tunnels, use the following commands:
1998
1999
2000 example% ifconfig ip.6to4tun0 inet6 plumb
2001
2002
2003
2004 SunOS 5.11 Last change: 21 Jan 2007 30
2005
2006
2007
2008
2009
2010
2011 System Administration Commands ifconfig(1M)
2012
2013
2014
2015 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address 6to4-address/64 up
2016
2017
2018
2019
2020 IPv4-address denotes the address of the encapsulating inter-
2021 face. 6to4-address denotes the address of the local IPv6
2022 address of form 2002:IPv4-address:SUBNET-ID:HOSTID.
2023
2024
2025
2026 The long form should be used to resolve any potential con-
2027 flicts that might arise if the system administrator utilizes
2028 an addressing plan where the values for SUBNET-ID or HOSTID
2029 are reserved for something else.
2030
2031
2032
2033 After the interface is plumbed, a 6to4 tunnel can be config-
2034 ured as follows:
2035
2036
2037 example% ifconfig ip.6to4tun0 inet6 tsrc IPv4-address up
2038
2039
2040
2041
2042 This short form sets the address. It uses the convention:
2043
2044
2045 2002:IPv4-address::1
2046
2047
2048
2049 The SUBNET-ID is 0, and the HOSTID is 1.
2050
2051
2052 Example 7 Configuring IP Forwarding on an Interface
2053
2054
2055 To enable IP forwarding on a single interface, use the fol-
2056 lowing command:
2057
2058
2059 example% ifconfig eri0 router
2060
2061
2062
2063
2064 To disable IP forwarding on a single interface, use the fol-
2065 lowing command:
2066
2067
2068
2069
2070 SunOS 5.11 Last change: 21 Jan 2007 31
2071
2072
2073
2074
2075
2076
2077 System Administration Commands ifconfig(1M)
2078
2079
2080
2081 example% ifconfig eri0 -router
2082
2083
2084
2085 Example 8 Configuring Source Address Selection Using a Vir-
2086 tual Interface
2087
2088
2089 The following command configures source address selection
2090 such that every packet that is locally generated with no
2091 bound source address and going out on qfe2 prefers a source
2092 address hosted on vni0.
2093
2094
2095 example% ifconfig qfe2 usesrc vni0
2096
2097
2098
2099
2100 The ifconfig -a output for the qfe2 and vni0 interfaces
2101 displays as follows:
2102
2103
2104 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
2105 1500 index 4
2106 usesrc vni0
2107 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
2108 ether 0:3:ba:17:4b:e1
2109 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
2110 mtu 0 index 5
2111 srcof qfe2
2112 inet 3.4.5.6 netmask ffffffff
2113
2114
2115
2116 Observe, above, the usesrc and srcof keywords in the ifcon-
2117 fig output. These keywords also appear on the logical
2118 instances of the physical interface, even though this is a
2119 per-physical interface parameter. There is no srcof keyword
2120 in ifconfig for configuring interfaces. This information is
2121 determined automatically from the set of interfaces that
2122 have usesrc set on them.
2123
2124
2125
2126 The following command, using the none keyword, undoes the
2127 effect of the preceding *ifconfig* *usesrc* command.
2128
2129
2130 example% ifconfig qfe2 usesrc none
2131
2132
2133
2134
2135
2136 SunOS 5.11 Last change: 21 Jan 2007 32
2137
2138
2139
2140
2141
2142
2143 System Administration Commands ifconfig(1M)
2144
2145
2146
2147 Following this command, ifconfig -a output displays as fol-
2148 lows:
2149
2150
2151 qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
2152 1500 index 4
2153 inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
2154 ether 0:3:ba:17:4b:e1
2155 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
2156 mtu 0 index 5
2157 inet 3.4.5.6 netmask ffffffff
2158
2159
2160
2161 Note the absence of the usesrc and srcof keywords in the
2162 output above.
2163
2164
2165 Example 9 Configuring Source Address Selection for an IPv6
2166 Address
2167
2168
2169 The following command configures source address selection
2170 for an IPv6 address, selecting a source address hosted on
2171 vni0.
2172
2173
2174 example% ifconfig qfe1 inet6 usesrc vni0
2175
2176
2177
2178
2179 Following this command, ifconfig -a output displays as fol-
2180 lows:
2181
2182
2183 qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
2184 usesrc vni0
2185 inet6 fe80::203:baff:fe17:4be0/10
2186 ether 0:3:ba:17:4b:e0
2187 vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
2188 index 5
2189 srcof qfe1
2190 inet6 fe80::203:baff:fe17:4444/128
2191 vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
2192 index 5
2193 srcof qfe1
2194 inet6 fec0::203:baff:fe17:4444/128
2195 vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
2196 index 5
2197 srcof qfe1
2198 inet6 2000::203:baff:fe17:4444/128
2199
2200
2201
2202 SunOS 5.11 Last change: 21 Jan 2007 33
2203
2204
2205
2206
2207
2208
2209 System Administration Commands ifconfig(1M)
2210
2211
2212
2213 Depending on the scope of the destination of the packet
2214 going out on qfe1, the appropriately scoped source address
2215 is selected from vni0 and its aliases.
2216
2217
2218 Example 10 Using Source Address Selection with Shared-IP
2219 Zones
2220
2221
2222 The following is an example of how the usesrc feature can be
2223 used with the zones(5) facility in Solaris. The following
2224 commands are invoked in the global zone:
2225
2226
2227 example% ifconfig hme0 usesrc vni0
2228 example% ifconfig eri0 usesrc vni0
2229 example% ifconfig qfe0 usesrc vni0
2230
2231
2232
2233
2234 Following the preceding commands, the ifconfig -a output for
2235 the virtual interfaces would display as:
2236
2237
2238 vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
2239 mtu 0 index 23
2240 srcof hme0 eri0 qfe0
2241 inet 10.0.0.1 netmask ffffffff
2242 vni0:1:
2243 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
2244 index 23
2245 zone test1
2246 srcof hme0 eri0 qfe0
2247 inet 10.0.0.2 netmask ffffffff
2248 vni0:2:
2249 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
2250 index 23
2251 zone test2
2252 srcof hme0 eri0 qfe0
2253 inet 10.0.0.3 netmask ffffffff
2254 vni0:3:
2255 flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
2256 index 23
2257 zone test3
2258 srcof hme0 eri0 qfe0
2259 inet 10.0.0.4 netmask ffffffff
2260
2261
2262
2263 There is one virtual interface alias per zone (test1, test2,
2264 and test3). A source address from the virtual interface
2265
2266
2267
2268 SunOS 5.11 Last change: 21 Jan 2007 34
2269
2270
2271
2272
2273
2274
2275 System Administration Commands ifconfig(1M)
2276
2277
2278
2279 alias in the same zone is selected. The virtual interface
2280 aliases were created using zonecfg(1M) as follows:
2281
2282
2283 example% zonecfg -z test1
2284 zonecfg:test1> add net
2285 zonecfg:test1:net> set physical=vni0
2286 zonecfg:test1:net> set address=10.0.0.2
2287
2288
2289
2290
2291 The test2 and test3 zone interfaces and addresses are
2292 created in the same way.
2293
2294
2295 Example 11 Turning Off DHCPv6
2296
2297
2298 The following example shows how to disable automatic use of
2299 DHCPv6 on all interfaces, and immediately shut down DHCPv6
2300 on the interface named hme0. See in.ndpd(1M) and
2301 ndpd.conf(4) for more information on the automatic DHCPv6
2302 configuration mechanism.
2303
2304
2305 example% echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf
2306 example% pkill -HUP -x in.ndpd
2307 example% ifconfig hme0 dhcp release
2308
2309
2310
2311 FILES
2312 /etc/netmasks
2313
2314 Netmask data.
2315
2316
2317 /etc/default/inet_type
2318
2319 Default Internet protocol type.
2320
2321
2322 ATTRIBUTES
2323 See attributes(5) for descriptions of the following attri-
2324 butes:
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334 SunOS 5.11 Last change: 21 Jan 2007 35
2335
2336
2337
2338
2339
2340
2341 System Administration Commands ifconfig(1M)
2342
2343
2344
2345 _______________________________________________________________________
2346 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
2347 |_______________________________________|______________________________|
2348 | Availability | SUNWcsu |
2349 |_______________________________________|______________________________|
2350 | Interface Stability for command-line| Committed |
2351 | options | |
2352 |_______________________________________|______________________________|
2353 | Interface Stability for command output| Uncommitted |
2354 |_______________________________________|______________________________|
2355
2356
2357 SEE ALSO
2358 dhcpinfo(1), dhcpagent(1M), in.mpathd(1M), in.ndpd(1M),
2359 in.routed(1M), ipmpstat(1M), ipsecconf(1M), netstat(1M),
2360 zoneadm(1M), zonecfg(1M), ethers(3SOCKET),
2361 gethostbyname(3NSL), getnetbyname(3SOCKET), hosts(4),
2362 inet_type(4), ndpd.conf(4), netmasks(4), networks(4),
2363 nsswitch.conf(4), attributes(5), privileges(5), zones(5),
2364 arp(7P), ipsecah(7P), ipsecesp(7P), tun(7M)
2365
2366
2367 DIAGNOSTICS
2368 ifconfig sends messages that indicate if:
2369
2370 o the specified interface does not exist
2371
2372 o the requested address is unknown
2373
2374 o the user is not privileged and tried to alter an
2375 interface's configuration
2376
2377 NOTES
2378 Do not select the names broadcast, down, private, trailers,
2379 up or other possible option names when you choose host
2380 names. If you choose any one of these names as host names,
2381 it can cause unusual problems that are extremely difficult
2382 to diagnose.
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400 SunOS 5.11 Last change: 21 Jan 2007 36
2401
2402
2403