NAME

nwamcfg – create and modify network configuration profiles

SYNOPSIS

nwamcfg                            (interactive mode)
nwamcfg <subcommand> [options...]
nwamcfg [-d] -f <command-file>
nwamcfg help [<subcommand>]

DESCRIPTION

The nwamcfg utility manipulates system network configuration profiles. nwamcfg can be invoked interactively, with an individual subcommand, or by specifying a command file that contains a series of subcommands.

nwamcfg commands are performed within a scope. There are three scopes: global, profile, and NCP. When nwamcfg is invoked without any arguments, the editing session begins in the global scope. In the global scope, NCPs, location and enm profiles, and Known WLAN entries are available to operate on. Selecting an NCP will move the editing session to the NCP scope; from there, individual NCUs may be created or selected to move into the profile scope. Also at the global scope, selecting or creating a Location, ENM, or Known WLAN will move the editing session to the profile scope.

Within a given profile scope, profile properties may be viewed and modified.

In interactive mode, changes are not stored to persistent storage until commit is invoked. Commit is implicitly invoked at "end" or "exit", or may be explicitly invoked by the user. When commit is invoked, the entire profile is committed. In order to maintain the consistency of persistent storage, the commit operation includes a verify step; if verification fails, the commit will also fail. If an implicit commit fails, the user will be given the option of ending/ exiting without committing the current changes, or remaining in the current scope to make further changes.

Properties

NCU Properties

Properties common to all NCUs

type: enumerated value: link | ip
Specifies the NCU type, either link or ip. This property value is set when the NCU is created and may not be changed thereafter.
class: enumerated value: phys | iptun for link NCUs; ip for ip NCUs
Specifies the NCU class, which depends on the type. This property value is set when the NCU is created and may not be changed thereafter.
parent: string: name of parent NCP
Specifies the NCP of which this NCU is a component. The value is set when the NCU is created and may not be changed thereafter.

Properties of IP NCUs

ip-version: list of enumerated values: ipv4 | ipv6 | all
The version(s) of IP that should be used on this NCU.
The default value is "all".
ipv4-addrsrc: list of enumerated values: dhcp | static
Identifies the source of IPv4 addresses assigned to this NCU; multiple values may be assigned. If one of the values assigned is "static," the ipv4-addr property must include at least one IPv4 address to be assigned to the NCU.
The default value is "dhcp".
ipv4-addr: list of IPv4 address(es)
One or more IPv4 addresses to be assigned to this NCU.
ipv6-addrsrc: list of enumerated values: dhcpv6 | autoconf | static
Identifies the source of IPv6 addresses assigned to this NCU; multiple values may be assigned. If one of the values assigned is "static," the ipv6-addr property must include at least one IPv6 address to be assigned to the NCU.
The default value is "dhcpv6,autoconf".
ipv6-addr: list of IPv6 address(es)
One or more IPv6 addresses to be assigned to this NCU.

Properties common to all LINK NCUs

activation-mode: enumerated value: manual | prioritized
The type of trigger for automatic activation of this NCU.
The default value is "manual."
enabled: boolean: true | false
If the activation-mode is "manual", the enabled property reflects the link NCU's current state. This property is read-only; it is changed indirectly by enabling or disabling the NCU using nwamadm(1M).
The default value is "true."
priority-group: uint64: group priority number
If activation-mode is set to "prioritized," this property specifies the priority group to which this NCU belongs. A group consists of one or more NCUs; smaller numbers are higher priority. The highest priority group that is determined to be available will be activated by nwamd, and will remain so until it is no longer available, or a higher priority group becomes available.
priority-mode: enumerated value: exclusive | shared | all
If activation-mode is set to "prioritized," this property specifies the mode used to determine availability and activation behavior for a priority group.
• exclusive: at least one NCU must be available to make the group available; and only one NCU will be activated. If more than one member NCU is available, nwamd will randomly choose one to activate.
• shared: at least one NCU must be available to make the group available; all available NCUs will be activated.
• all: all group member NCUs must be available to make the group available; all member NCUs will be activated.
link-mac-addr: string: 48-bit mac address
The mac address assigned to this link. By default, NWAM will request the factory-assigned or default mac address for the link; set a different value here to override that selection.
link-autopush: list of strings: modules to be pushed over the link
Identifies a list of modules that should be automatically pushed over the link when it is opened.
link-mtu: uint64: the MTU size for this link
This property will be automatically set to the default MTU for the physical link; that value may be overridden by setting this property to a different value.

Location Properties

activation-mode: enumerated value: manual | system | conditional-all | conditional-any
The type of trigger for automatic activation of this Location.
The default value is "manual".
enabled: boolean: true | false
If the activation-mode is "manual", the enabled property reflects the Location's current state. This property is read-only; it is changed indirectly by enabling or disabling the Location using nwamadm(1M).
The default value is "false."
conditions: list of strings: conditional expressions
If activation-mode is set to "conditional-all" or "conditional-any," this property specifies the test to determine whether or not this Location should be activated. The conditional expression is made up of a sequence of conditions that can be assigned a boolean value, such as "advertised-domain is sun.com" or "ip:bge0 is-not active." The format of these expressions is defined in the "Condition Expressions" section below. If multiple conditions are specified, either all must be true to meet the activation requirements (when activation-mode is conditional-all) or any one may be true (when activation-mode is conditional-any).
Note the distinction between "advertised-domain" and "system-domain". The advertised domain is learned via external communication, such as the DNSdmain or NISdmain advertised by a DHCP server. This attribute is useful for conditional activation of locations; for example, if the advertised domain is mycompany.com, activate the "work" location. The system domain is the domain which is currently assigned to the system; that is, it is the value returned by the domainname(1M) command. This attribute is useful for conditional activation of ENMs, as it will only become true after a location has been activated and the system configured for that particular domain.
default-domain: string: system domain name
The domain name that should be applied to the system; this domain name will be used by NIS and LDAP.
nameservices: enum value list: files | dns | nis | ldap
Specifies the name services that should be configured, such as DNS, NIS, and/or LDAP.
nameservices-config-file: string: path to nsswitch.conf file
Specifies the nsswitch.conf file to be used. If the nameservices property specifies a single name service, /etc/nsswitch. will be used by default; this property may be used to override that default. If the nameservices property identifies more than one name service, this property must specify an nsswitch.conf file.
dns-nameservice-configsrc: enum value list: manual | dhcp
Specifies the source(s) that should be used to obtain configuration information for the DNS name service. If manual is included, the remaining dns-nameservice-* properties will be used.
dns-nameservice-domain: string: domain name
dns-nameservice-servers: string list: name server address(es)
dns-nameservice-search: string: domain search string

If DNS is one of the configured name services and manual is one of its configuration sources, these properties specify its configuration parameters. Only the servers property is required; search and domain are optional.
nis-nameservice-configsrc: enum value list: manual | dhcp
Specifies the source(s) that should be used to obtain configuration information for the NIS name service. If manual is included, the remaining nis-nameservice-* properties will be used.
nis-nameservice-servers: string list: name server address(es)

If NIS is one of the configured name services and manual is one of its configuration sources, this property specifies its server address. If this property is not specified, the NIS client will be started in broadcast mode.
ldap-nameservice-configsrc: enum value list: manual
Specifies the source that should be used to obtain configuration information for the LDAP name service. Manual is currently the only option for LDAP; thus the ldap-nameservice-* properties must be provided to complete LDAP configuration.
ldap-nameservice-servers: string list: name server address(es)

If LDAP is one of the configured name services, this property specifies its server address. This property is required, and it is expected that the specified server will have a client profile which will be used to complete client configuration.
hosts-file: string: path to hosts/ipnodes database file
Specifies the path to the file that should be used as the local hosts and ipnodes database, mapping hostnames to IP addresses.
nfsv4-domain: string: domain name to be used for NVSv4
Specifies the NVSv4 domain to be used. If this value is unspecified, the name service domain will be used.
ipfilter-config-file: string: path to ipfilter IPv4 configuration file
ipfilter-v6-config-file: string: path to ipfilter IPv6 configuration file
ipnat-config-file: string: path to ipnat configuration file
ippool-config-file: string: path to ippool configuration file

These properties each specify the path to the rules file for a component of the ipfilter configuration. If a given config-file property is set, the corresponding ipfilter component will be enabled, reading configuration from the specified file.
ike-config-file: string: path to IKE configuration file
Specifies the IKE configuration file. If a value is specified, the svc:/network/ipsec/ike service will be enabled, reading configuration from the specified file.
ipsecpolicy-config-file: string path to IPsec policy configuration file
Specifies the IPsec policy configuration file. If a value is specified, the svc:/network/ipsec/policy service will be enabled, reading configuration from the specified file.
svcs-enable: string list: list of FMRIs
svcs-disable: string list: list of FMRIs
Specifies the services that should be enabled or disabled when this location is active.

ENM Properties

activation-mode: enumerated value: manual | conditional-all | conditional-any
The type of trigger for automatic activation of this ENM.
The default value is "manual".
enabled: boolean: true | false
If the activation-mode is "manual", the enabled property reflects the ENM's current state. This property is read-only; it is changed indirectly by enabling or disabling the ENM using nwamadm(1M).
The default value is "false."
conditions: list of strings: conditional expressions
If activation-mode is set to "conditional-all" or "conditional-any," this property specifies the test to determine whether or not this ENM should be activated. The conditional expression is made up of a sequence of conditions that can be assigned a boolean value, such as "system-domain is sun.com" or "ip:bge0 is-not active." The format of these expressions is defined in the "Condition Expressions" section below. If multiple conditions are specified, either all must be true to meet the activation requirements (when activation-mode is conditional-all) or any one may be true (when activation-mode is conditional-any).
Note the distinction between "advertised-domain" and "system-domain". The advertised domain is learned via external communication, such as the DNSdmain or NISdmain advertised by a DHCP server. This attribute is useful for conditional activation of locations; for example, if the advertised domain is mycompany.com, activate the "work" location. The system domain is the domain which is currently assigned to the system; that is, it is the value returned by the domainname(1M) command. This attribute is useful for conditional activation of ENMs, as it will only become true after a location has been activated and the system configured for that particular domain.
fmri: string: service FMRI
If this ENM is implemented as an SMF service, this property identifies that service. If this property is specified, the ENM will be activated by enabling the service and deactivated by disabling the service.
start: string: start command
If this ENM is not implemented as an SMF service, this property identifies the command that should be exec'ed to start/activate the ENM. This property will be ignored if the fmri property is set.
stop: string: stop command
If this ENM is not implemented as an SMF service, this property identifies the command that should be exec'ed to stop/deactivate the ENM. This property will be ignored if the fmri property is set.

Known WLAN Properties

bssids: list of strings: WLAN BSSID(s) (AP MAC addresses)
If a specific Access Point should be preferred over others with the same name/ESSID, this property allows the AP's BSSID to be specified.
priority: uint64: a numeric priority value
The relative priority of this WLAN; a smaller number represents higher priority.
keyname: list of strings: Secure object name(s)
Allows the user to associate secure objects created using dladm with Known WLANs.

Condition Expressions

Locations and ENMs can be activated based on a set of user-specified conditions. The following table summarizes the syntax of those condition expressions.

Object Type	Object	Condition
NCU|ENM|Location	name	is/is-not active
Object Type	Condition	Object
WLAN/ESSID	is/is-not/contains/does-not-contain	name string
BSSID	is/is-not	bssid string
ip-address	is/is-not	IPv4 or IPv6 address
ip-address	is-in-range/is-not-in-range	IPv4 or IPv6 address plus netmask/prefixlen
advertised-domain	is/is-not/contains/does-not-contain	name string
system-domain	is/is-not/contains/does-not-contain	name string

OPTIONS

-d
Removes all configuration before reading subcommands from the command-file.

-f <command-file>
Reads and executes nwamcfg subcommands from command-file.

SUBCOMMANDS

The following subcommands are supported.

cancel

End the current profile specification without committing the current changes to persistent storage, and pop up to the next higher scope.

clear <prop-name>

Clear the value for the specified property.

commit

Commit the current profile to persistent storage. Since a configuration must be correct to be committed, this operation automatically performs a verify on the object as well. The commit operation is attempted automatically upon leaving the current scope (with either the 'end' or 'exit' subcommand).

Note that in non-interactive mode a commit is not required, as the commit is implicit for any subcommand which changes a value.

create [ -t <template> ] <object-type> [ <class> ] <object-name>

Create an in-memory profile of the specified type and name. The -t <template> option specifies that the new object should be identical to <template>, where <template> is the name of an existing object of the same type. If the -t option is not used, the new object is created with default values. For NCPs, only a "User" NCP can be created.

destroy { -a | <object-type> [ <class> ] <object-name> }

Remove all or the specified profile from memory and persistent storage. This action is immediate; it does not need to be committed. A destroyed object cannot be reverted.

end

End the current profile specification, and pop up to the next higher scope. The current object is verified and committed before ending; if either the verify or commit fails, an appropriate error message is issued and the user is given the opportunity to end without committing the current changes, or to remain in the current scope and continue editing.

exit

Exit the nwamcfg session. The current profile is verified and committed before ending; if either fails, an appropriate error message is issued and the user is given the opportunity to exit without committing the current changes, or to remain in the current scope and continue editing.

export [ -d ] [ -f <output-file> ] [ <object-type> [ <class> ] <object-name> ]

Print the current configuration at the current or specified scope to standard out, or to a file specified with the -f option. The -d option generates a "destroy -a" as the first line of output. This subcommand produces output in a form suitable for use in a command file. The Automatic NCP and the Automatic and NoNet locations cannot be exported.

get <prop-name>

Get the current (in-memory) value of the specified property.

help [ <subcommand> ]

Display general help or help about a specific subcommand.

list [ <object-type> [ <class> ] <object-name> ]

List all profiles, property-value pairs and resources that exist at the current or specified scope.

revert

Delete any current changes to the current profile and revert to the values from persistent storage.

select <object-type> [ <class> ] <object-name>

Select one of the profiles available at the current scope level and jump down into that object's scope. The selected object will be loaded into memory from persistent storage.

set <prop-name>=<value1>[,<value2>...]

Set the current (in-memory) value of the specified property. If performed in non-interactive mode, the change is also committed to persistent storage.

The delimiter for values of multi-valued properties is "," (comma). If any of the individual values in such a property contains a comma, it must be escaped (i.e., written as "\,"). Commas within properties that can only have a single value are not interpreted as delimiters, and need not be escaped.

verify

Verify that the current in-memory object has a valid configuration.

walkprop

Walk each property associated with the current profile. For each property, the name and current value are displayed, and a prompt is given to allow the user to change the current value.

The delimiter for values of multi-valued properties is "," (comma). If any of the individual values in such a property contains a comma, it must be escaped (i.e., written as "\,"). Commas within properties that can only have a single value are not interpreted as delimiters, and need not be escaped.

This subcommand is only meaningful in interactive mode.

SEE ALSO

netcfgd(1M), nwamadm(1M), nwamd(1M), nwam-manager(1M)

EXAMPLES

Example 1: Set an NCU property from the command line (in non-interactive mode)
# nwamcfg "select ncp User; select ncu link net1; set mtu=1492"
#

Example 2: List all top-level profiles from the command line
# nwamcfg list
NCPs:
        Automatic
        User
Locations:
        Automatic
        NoNet
        home
        office
ENMs:
        myenm
        enmtest
WLANs:
        sunwifi
        coffeeshop
        linksys
#

Example 3: Destroy a Location profile from the command line
# nwamcfg destroy loc home
Destroyed loc 'home'
#

Example 4: Interactively create an NCU profile.
# nwamcfg
nwamcfg> select ncp User
nwamcfg:ncp:User> create ncu ip net1
Created ncu 'net1'.  Walking properties ...
        ip-version (all) [ipv4|ipv6|all]> ipv4
        ipv4-addr-src (dhcp) [static|dhcp]> static
        ipv4-static-addr ()> 168.1.2.3
nwamcfg:ncp:User:ncu:net1> list
NCU:IP:net1
        type:             ip
        class:            ip
        parent-ncp:       "User"
        ip version:       ipv4
        ipv4-addr-src:    static
        ipv4-static-addr: 168.1.2.3
nwamcfg:ncp:User:ncu:net1> commit
Committed changes
nwamcfg:ncp:User:ncu:net1> end
nwamcfg:ncp:User> exit
#

Example 5: Select an existing enm, display its contents,
           and change a property value
# nwamcfg
nwamcfg>select enm myenm
nwamcfg:enm:myenm>list
ENM:myenm
        activation-mode manual
        enabled         true
        start           "/usr/local/bin/myenm start"
        stop            "/usr/local/bin/myenm stop"
nwamcfg:enm:myenm>set stop="/bin/alt_stop"
nwamcfg:enm:myenm>list
ENM:myenm
        activation-mode manual
        enabled         true
        start           "/usr/local/bin/myenm start"
        stop            "/bin/alt_stop"
nwamcfg:enm:myenm>exit
Committed changes
#