NAME nwamcfg - create and modify network configuration profiles SYNOPSIS nwamcfg (interactive mode) nwamcfg [options...] nwamcfg [-d] -f nwamcfg help DESCRIPTION The nwamcfg utility manipulates system network configuration profiles. nwamcfg can be invoked interactively, with an individual subcommand, or by specifying a command file that contains a series of subcommands. nwamcfg commands are performed within a scope. There are three scopes: global, profile, and NCP. When nwamcfg is invoked without any arguments, the editing session begins in the global scope. In the global scope, NCPs and location and enm profiles are available to operate on. Selecting an NCP will move the editing session to the NCP scope; from there, individual NCUs may be created or selected to move into the profile scope. Also at the global scope, selecting or creating a Location or ENM will move the editing session to the profile scope. Within a given profile scope, profile properties may be viewed and modified. In interactive mode, changes are not stored to persistent storage until commit is invoked. Commit is implicitly invoked at "end" or "exit", or may be explicitly invoked by the user. When commit is invoked, the entire profile is committed. In order to maintain the consistency of persistent storage, the commit operation includes a verify step; if verification fails, the commit will also fail. If an implicit commit fails, the user will be given the option of ending/ exiting without committing the current changes, or remaining in the current scope to make further changes. See nwam(5) for an overview of profiles, and their usage in the nwam framework. Properties NCU Properties Properties common to all NCUs type: enumerated value: link | ip Specifies the NCU type, either link or ip. This property value is set when the NCU is created and may not be changed thereafter. class: enumerated value: phys | iptun for link NCUs; ip for ip NCUs Specifies the NCU class, which depends on the type. This property value is set when the NCU is created and may not be changed thereafter. parent: string: name of parent NCP Specifies the NCP of which this NCU is a component. The value is set when the NCU is created and may not be changed thereafter. activation: enumerated value: always | never | manual | prioritized | conditional The type of trigger for automatic activation of this NCU. The default value is "always." priority-group: uint64: group priority number If activation is set to "prioritized," this property specifies the priority group to which this NCU belongs. A group consists of one or more NCUs; smaller numbers are higher priority. The highest priority group that is determined to be available will be activated by nwamd, and will remain so until it is no longer available, or a higher priority group becomes available. priority-mode: enumerated value: exclusive | shared | all If activation is set to "prioritized," this property specifies the mode used to determine availability and activation behavior for a priority group. exclusive: at least one NCU must be available to make the group available; and only one NCU will be activated. If more than one member NCU is available, nwamd will randomly choose one to activate. shared: at least one NCU must be available to make the group available; all available NCUs will be activated. all: all group member NCUs must be available to make the group available; all member NCUs will be activated. condition: string: NCU identifier If activation is set to "conditional," this property specifies the NCU or NCUs upon which this NCU depends. An NCU is specified by the syntax :, i.e. "ip:net0" specifies the ip NCU named net0, while "link:net0" specifies the link NCU named net0. An ip NCU will typically have the same name as the link upon which it is plumbed. over: string: NCU identifier Identifies the NCU over which this NCU is arranged. For example, an ip NCU will typically be over a link NCU, in which case the ip NCU's over property would be set to the link NCU's identifier string; for a phys link NCU, which corresponds to a physical device, this property will be empty. NCUs are specified by the ":" syntax described in the condition property section above. under: string: NCU identifier Identifies the NCU under which this NCU is arranged. For example, a link NCU may be under an ip NCU, in which case the link NCU's under property would be set to the ip NCU's identifier string; for an ip NCU, this property will be empty. NCUs are specified by the ":" syntax described in the condition property section above. Properties of IP NCUs ip-version: list of enumerated values: ipv4 | ipv6 | all The version(s) of IP that should be used on this NCU. The default value is "all". ipv4-addrsrc: list of enumerated values: dhcp | static Identifies the source of IPv4 addresses assigned to this NCU; multiple values may be assigned. If one of the values assigned is "static," the ipv4-addr property must include at least one IPv4 address to be assigned to the NCU. The default value is "dhcp". ipv4-addr: list of IPv4 address(es) One or more IPv4 addresses to be assigned to this NCU. ipv6-addrsrc: list of enumerated values: dhcpv6 | autoconf | static Identifies the source of IPv6 addresses assigned to this NCU; multiple values may be assigned. If one of the values assigned is "static," the ipv6-addr property must include at least one IPv6 address to be assigned to the NCU. The default value is "dhcpv6,autoconf". ipv6-addr: list of IPv6 address(es) One or more IPv6 addresses to be assigned to this NCU. Properties common to all LINK NCUs link-mac-addr: string: 48-bit mac address The mac address assigned to this link. By default, NWAM will request the factory-assigned or default mac address for the link; set a different value here to override that selection. link-autopush: list of strings: modules to be pushed over the link Identifies a list of modules that should be automatically pushed over the link when it is opened. link-mtu: uint64: the MTU size for this link This property will be automatically set to the default MTU for the physical link; that value may be overridden by setting this property to a different value. Properties of IPTUN LINK NCUs iptun-type: enumerated value: ipv4 | ipv6 | 6to4 Identifies the tunnel type. iptun-tsrc: string: IPv4 or IPv6 address
iptun-tdst: string: IPv4 or IPv6 address The source and destination tunnel/outer address for this tunnel. Appropriate IP version depends on the tunnel type (IPv4 for ipv4 or 6to4 tunnel; IPv6 for IPv6 tunnel). iptun-encr: string: encryption algorithm The encryption algorithm to be used for IPsec ESP on this tunnel. The string value may be either a number (defined in /etc/inet/ipsecalgs) or an algorithm name; if the value is "none," tunnel security will be disabled. ESP with no encryption may be specified by leaving this property empty and specifying an encryption authentication algorithm (by setting the iptun-encr-auth property). iptun-encr-auth: string: authentication algorithm The authentication algorithm to be used for IPsec ESP on this tunnel. The string value may be either a number (defined in /etc/inet/ipsecalgs) or an algorithm name, including "any" or "none" to specify any algorithm or no authentication, respectively. If an ESP encryption algorithm is specified (by setting the iptun-encr property) but ESP authentication is not, the default value will be "any." iptun-auth: string: authentication algorithm The authentication algorithm to be used for IPsec AH on this tunnel. The string value may be either a number (defined in /etc/inet/ipsecalgs) or an algorithm name, including "any" to express no preference in algorithm. Location Properties activation: enumerated value: never | manual | conditional The type of trigger for automatic activation of this Location. The default value is "manual". condition: string: conditional expression If activation is set to "conditional," this property specifies the test to determine whether or not this Location should be activated. The conditional expression is made up of a sequence of conditions that can be assigned a boolean value, such as "domain:sun.com is assigned" or "ip:bge0 is not up." The attributes that may be tested include NCUs (is/is not up), WLANs (identified by an ESSID, is/is not connected), IP address or range (is/is not available), and domain (is/is not assigned). Conditions are joined by "and" or "or" operators. nameservice-discover: boolean: true | false Specifies the way in which NWAM should gather Name Service configuration information. If true, NWAM will use dhcpinfo to find this information, and all other name service related properties will be ignored. If false, the other name service properties should specify the desired name service configuration for this location. The default value is "true". nameservices: enum value list: files | dns | nis | nisplus | ldap Specifies the name services that should be configured, such as DNS, NIS, and/or LDAP. nameservices-config-file: string: path to nsswitch.conf file Specifies the nsswitch.conf file to be used. If the nameservices property specifies a single name service, /etc/nsswitch. will be used by default; this property may be used to override that default. If the nameservices property identifies more than one name service, this property must specify an nsswitch.conf file. dns-nameservice-servers: string list: name server address(es)
dns-nameservice-domain: string: domain name
dns-nameservice-search: string: domain search string
If DNS is one of the configured name services, these properties specify the appropriate configuration parameters. Only the servers property is required; domain and search are optional. nis-nameservice-servers: string list: name server address(es)
nis-nameservice-domain: string: domain name If NIS is one of the configured name services, these properties specify the appropriate configuration parameters. The domain property is required; if the server property is not specified, the NIS client will be started in broadcast mode. nisplus-nameservice-servers: string list: name server address(es)
nisplus-nameservice-domain: string: domain name If NIS+ is one of the configured name services, these properties specify the appropriate configuration parameters. ldap-nameservice-servers: string list: name server address(es)
ldap-nameservice-domain: string: domain name If LDAP is one of the configured name services, these properties specify the appropriate configuration parameters. The server property is required, and it is expected that the specified server will have a client profile which will be used to complete client configuration. The domain may be optionally specified as well. hosts-file: string: path to hosts/ipnodes database file Specifies the path to the file that should be used as the local hosts and ipnodes database, mapping hostnames to IP addresses. nfsv4-domain: string: domain name to be used for NVSv4 Specifies the NVSv4 domain to be used. If this value is unspecified, the name service domain will be used. ipfilter-config-file: string: path to ipfilter IPv4 configuration file
ipfilter-v6-config-file: string: path to ipfilter IPv6 configuration file
ipnat-config-file: string: path to ipnat configuration file
ippool-config-file: string: path to ippool configuration file
These properties each specify the path to the rules file for a component of the ipfilter configuration. If a given config-file property is set, the corresponding ipfilter component will be enabled, reading configuration from the specified file. ike-config-file: string: path to IKE configuration file Specifies the IKE configuration file. If a value is specified, the svc:/network/ipsec/ike service will be enabled, reading configuration from the specified file. ipseckey-config-file: string: path to manual key configuration file Specifies the manual key file. If a value is specified, the svc:/network/ipsec/manual-key service will be enabled, reading configuration from the specified file. ipsecpolicy-config-file: string path to IPsec policy configuration file Specifies the IPsec policy configuration file. If a value is specified, the svc:/network/ipsec/policy service will be enabled, reading configuration from the specified file. svcs-enable: string list: list of FMRIs
svcs-disable: string list: list of FMRIs Specifies the services that should be enabled or disabled when this location is active. ENM Properties activation: enumerated value: always | never | manual | conditional The type of trigger for automatic activation of this ENM. The default value is "manual". condition: string: identification of conditional NCU or Location If activation is set to "conditional," this property specifies the NCU(s) or Location upon which this ENM depends. The ENM will be activated (its 'start' expression will be exec'ed) when the conditional objects become active. fmri: string: service FMRI If this ENM is implemented as an SMF service, this property identifies that service. If this property is specified, the ENM will be activated by enabling the service and deactivated by disabling the service. start: string: start command If this ENM is not implemented as an SMF service, this property identifies the command that should be exec'ed to start/activate the ENM. This property will be ignored if the fmri property is set. stop: string: stop command If this ENM is not implemented as an SMF service, this property identifies the command that should be exec'ed to stop/deactivate the ENM. This property will be ignored if the fmri property is set. OPTIONS -d Removes all configuration before reading subcommands from the command-file. -f Reads and executes nwamcfg subcommands from command-file. SUBCOMMANDS The following subcommands are supported. cancel End the current profile without committing the current changes to persistent storage, and pop up to the next higher scope. This subcommand is only meaningful in interactive mode. clear Clear the value for the specified property. commit Commit the current profile to persistent storage. Since a configuration must be correct to be committed, this operation automatically performs a verify on the object as well. The commit operation is attempted automatically upon leaving the current scope (with either the 'end' or 'exit' subcommand). This subcommand is only meaningful in interactive mode. In non-interactive mode, the commit is implicit in any subcommand which changes a value. create [ -t