DLADM(8) Maintenance Commands and Procedures DLADM(8)

NAME

dladm - administer data links

SYNOPSIS

dladm help

dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
dladm rename-link [-R root-dir] link new-link

dladm delete-phys phys-link
dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]

dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] -l ether-link [-l ether-link]... aggr-link
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] aggr-link
dladm delete-aggr [-t] [-R root-dir] aggr-link
dladm add-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link
dladm remove-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link
dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
[aggr-link]

dladm create-bridge [-R root-dir] [-P protect] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay]
[-f force-protocol] [-l link]... bridge-name
dladm modify-bridge [-R root-dir] [-P protect] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay]
[-f force-protocol] bridge-name
dladm delete-bridge [-R root-dir] bridge-name
dladm add-bridge [-R root-dir] -l link [-l link]... bridge-name
dladm remove-bridge [-R root-dir] -l link [-l link]... bridge-name
dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field[,...]]
bridge-name

dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
dladm delete-vlan [-t] [-R root-dir] vlan-link
dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]

dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none|wep|wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g]
[-T time] [wifi-link]
dladm disconnect-wifi [-a] [wifi-link]
dladm show-wifi [[-p] -o field[,...]] [wifi-link]

dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]

dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]

dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
dladm show-secobj [-P] [[-p] -o field[,...]] [secobj[,...]]

dladm create-vnic [-t] [-R root-dir] -l link [-m value | auto |
factory -n slot-identifier | random [-r prefix]] [-v vlan-id]
[-p prop=value[,...]] vnic-link
dladm delete-vnic [-t] [-R root-dir] vnic-link
dladm show-vnic [-P] [[-p] -o field[,...]] [-s [-i interval]] [-l link]
[vnic-link]

dladm create-etherstub [-t] [-R root-dir] etherstub
dladm delete-etherstub [-t] [-R root-dir] etherstub
dladm show-etherstub [etherstub]

dladm create-iptun [-t] [-R root-dir] -T type
[-a {local|remote}=addr[,...]] iptun-link
dladm modify-iptun [-t] [-R root-dir] [-a {local|remote}=addr[,...]]
iptun-link
dladm delete-iptun [-t] [-R root-dir] iptun-link
dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]

dladm create-overlay [-t] -e encap -s search -v vnetid
[-p prop=value[,...]] overlay
dladm delete-overlay [-t] overlay
dladm modify-overlay -d mac | -f | -s mac=ip:port overlay
dladm show-overlay [-f | -t] [[-p] -o field[,...]] [overlay]

dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
[-e time] [link]

DESCRIPTION

The dladm command is used to administer data-links. A data-link is
represented in the system as a STREAMS DLPI (v2) interface which can be
plumbed under protocol stacks such as TCP/IP. Each data-link relies on
either a single network device or an aggregation of devices to send
packets to or receive packets from a network.

Each dladm subcommand operates on one of the following objects:

link A datalink, identified by a name. In general, the name can
use any alphanumeric characters or underscore (_), but must
start with an alphabetic character and end with a number. A
datalink name can be at most 31 characters, and the ending
number must be between 0 and 4294967294 (inclusive). The
ending number must not begin with a zero. Datalink names
between 3 and 8 characters are recommended.

Some subcommands operate only on certain types or classes of
datalinks. For those cases, the following object names are
used:

phys-link A physical datalink.

vlan-link A VLAN datalink.

aggr-link An aggregation datalink (or a key; see NOTES).

ether-link A physical Ethernet datalink.

wifi-link A WiFi datalink.

vnic-link A virtual network interface created on a link,
an etherstub, or an overlay. It is a pseudo
device that can be treated as if it were an
network interface card on a machine.

iptun-link An IP tunnel link.

dev A network device, identified by concatenation of a driver
name and an instance number.

etherstub An Ethernet stub can be used instead of a physical NIC to
create VNICs. VNICs created on an etherstub will appear to
be connected through a virtual switch, allowing complete
virtual networks to be built without physical hardware.

bridge A bridge instance, identified by an administratively-chosen
name. The name may use any alphanumeric characters or the
underscore, (_), but must start and end with an alphabetic
character. A bridge name can be at most 31 characters. The
name `default' is reserved, as are all names starting with
`SUNW'.

Note that appending a zero (0) to a bridge name produces a
valid link name, used for observability.

secobj A secure object, identified by an administratively-chosen
name. The name can use any alphanumeric characters, as well
as underscore (_), dot (.), and hyphen (-). A secure object
name can be at most 32 characters.

overlay An overlay instance, identified by an administratively-
chosen name. An overlay can be used to create or join an
existing software defined network. VNICs created on an
overlay will appear to be connected by a local virtual
switch and will also be connected to interfaces on matching
overlays provided by other hosts. For more information on
overlay devices, see overlay(7).

Options

Each dladm subcommand has its own set of options. However, many of the
subcommands have the following as a common option:

-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where the operation -- such
as creation, deletion, or renaming -- should apply.

SUBCOMMANDS

When invoked with no arguments, dladm shows the link configuration
information, in the same way as dladm show-link.

The following subcommands are supported:

dladm help
Display brief command usage.

dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]

Show link configuration information (the default) or statistics,
either for all datalinks or for the link. By default, the system
is configured with one datalink for each known network device.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. When not modified by the -s option (described
below), the field name must be one of the fields listed
below, or the special value all to display all fields. By
default (without -o), show-link displays all fields.

LINK The name of the datalink.

CLASS The class of the datalink. dladm distinguishes
between the following classes:

phys A physical datalink. The show-phys
subcommand displays more detail for this
class of datalink.

aggr An IEEE 802.3ad link aggregation. The
show-aggr subcommand displays more
detail for this class of datalink.

etherstub An Ethernet stub. The show-etherstub
subcommand displays more detail for this
class of datalink.

overlay An overlay. The show-overlay subcommand
displays more detail for this class of
datalink.

vlan A VLAN datalink. The show-vlan
subcommand displays more detail for this
class of datalink.

vnic A virtual network interface. The
show-vnic subcommand displays more
detail for this class of datalink.

misc A generic datalink without any other
class-specific properties. Generally
used to indicate a pseudo device that
doesn't otherwise correspond to one of
the above classes.

MTU The maximum transmission unit size for the datalink
being displayed.

STATE The link state of the datalink. The state can be
`up', `down', or `unknown'.

BRIDGE The name of the bridge to which this link is
assigned, if any.

OVER The physical datalink(s) over which the datalink is
operating. This applies to aggr, bridge, and vlan
classes ov datalinks. A VLAN is created over a
single physical datalink, a bridge has multiple
attached links, and an aggregation is comprised of
one or more physical datalinks.

When the -o option is used in conjunction with the -s
option, used to display link statistics, the field name
must be one of the fields listed below, or the special
value all to display all fields.

LINK The name of the datalink.

IPACKETS Number of packets received on this link.

RBYTES Number of bytes received on this link.

IERRORS Number of input errors.

OPACKETS Number of packets sent on this link.

OBYTES Number of bytes sent on this link.

OERRORS Number of output errors.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-P, --persistent
Display the persistent link configuration.

-s, --statistics
Display link statistics.

-i interval, -interval= interval
Used with the -s option to specify an interval, in seconds,
at which statistics should be displayed. If this option is
not specified, statistics will be displayed only once.

dladm rename-link [-R root-dir] link new-link

Rename link to new-link. This is used to give a link a
meaningful name, or to associate existing link configuration such
as link properties of a removed device with a new device. See
the EXAMPLES section for specific examples of how this subcommand
is used.

-R root-dir, -root-dir=root-dir
See Options, above.

dladm delete-phys phys-link

This command is used to delete the persistent configuration of a
link associated with physical hardware which has been removed
from the system. See the EXAMPLES section.

dladm show-phys [-m | -H | -P] [[-p] -o field[,...]] [phys-link]

Show the physical device and attributes of all physical links, or
of the named physical link. Without -P, only physical links that
are available on the running system are displayed.

-H Show hardware resource usage, as returned by the NIC
driver. Output from -H displays the following elements:

LINK A physical device corresponding to a NIC driver.

RINGTYPE RX or TX. All rings in a group are of the same
group type.

RINGS A hardware resource used by a data link, subject
to assignment by a driver to different groups.

CLIENTS MAC clients that are using the rings within a
group.

-m Show MAC addresses and related information. Output from -m
displays the following elements:

LINK A physical device corresponding to a NIC driver.

SLOT When a given physical device has multiple
factory MAC addresses, this indicates the slot
of the corresponding MAC address which can be
used as part of a call to create-vnic.

ADDRESS Displays the MAC address of the device.

INUSE Displays whether or not a MAC Address is
actively being used.

CLIENT MAC clients that are using the address.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all, to display all
fields. Note that if either -H or -m are specified, then
the valid options are those described in their respective
sections. For each link, the following fields can be
displayed:

LINK The name of the datalink.

MEDIA The media type provided by the physical
datalink.

STATE The state of the link. This can be `up',
`down', or `unknown'.

SPEED The current speed of the link, in megabits per
second.

DUPLEX For Ethernet links, the full/half duplex status
of the link is displayed if the link state is
up. The duplex is displayed as unknown in all
other cases.

DEVICE The name of the physical device under this link.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-P, --persistent
This option displays persistent configuration for all
links, including those that have been removed from the
system. The output provides a FLAGS column in which the r
flag indicates that the physical device associated with a
physical link has been removed. For such links,
delete-phys can be used to purge the link's configuration
from the system.

dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] -l ether-link [-l -ether-link]... aggr-link

Combine a set of links into a single IEEE 802.3ad link
aggregation named aggr-link. The use of an integer key to
generate a link name for the aggregation is also supported for
backward compatibility. Many of the -aggr subcommands below also
support the use of a key to refer to a given aggregation, but use
of the aggregation link name is preferred. See the NOTES section
for more information on keys.

dladm supports a number of port selection policies for an
aggregation of ports. (See the description of the -P option,
below). If you do not specify a policy, create-aggr uses the L4
policy, described under the -P option.

-l ether-link, --link=ether-link
Each Ethernet link (or port) in the aggregation is
specified using an -l option followed by the name of the
link to be included in the aggregation. Multiple links are
included in the aggregation by specifying multiple -l
options. For backwards compatibility, the dladm command
also supports the using the -d option (or --dev) with a
device name to specify links by their underlying device
name. The other -aggr subcommands that take -l options
also accept -d.

-t, --temporary
Specifies that the aggregation is temporary. Temporary
aggregations last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-P policy, --policy=policy
Specifies the port selection policy to use for load
spreading of outbound traffic. The policy specifies which
dev object is used to send packets. A policy is a list of
one or more layers specifiers separated by commas. A layer
specifier is one of the following:

L2 Select outbound device according to source and
destination MAC addresses of the packet.

L3 Select outbound device according to source and
destination IP addresses of the packet.

L4 Select outbound device according to the upper layer
protocol information contained in the packet. For
TCP and UDP this includes source and destination
ports. For IPsec, this includes the SPI (Security
Parameters Index).

For example, to use upper layer protocol information, the
following policy can be used:

-P L4

Note that policy L4 is the default.

To use the source and destination MAC addresses as well as
the source and destination IP addresses, the following
policy can be used:

-P L2,L3

-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used, the
mode in which it should operate. Supported values are off,
active or passive.

-T time, --lacp-timer=mode
Specifies the LACP timer value. The supported values are
short or long.

-u address, --unicast=address
Specifies a fixed unicast hardware address to be used for
the aggregation. If this option is not specified, then an
address is automatically chosen from the set of addresses
of the component devices.

dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode] [-T time]
[-u address] aggr-link

Modify the parameters of the specified aggregation.

-t, --temporary
Specifies that the modification is temporary. Temporary
modifications last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-P policy, --policy=policy
Specifies the port selection policy to use for load
spreading of outbound traffic. See dladm create-aggr for a
description of valid policy values.

-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used, the
mode in which it should operate. Supported values are off,
active, or passive.

-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values are
short or long.

-u address, --unicast=address
Specifies a fixed unicast hardware address to be used for
the aggregation. If this option is not specified, then an
address is automatically chosen from the set of addresses
of the component devices.

dladm delete-aggr [-t] [-R root-dir] aggr-link

Deletes the specified aggregation.

-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm add-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link

Adds links to the specified aggregation.

-l ether-link, --link=ether-link
Specifies an Ethernet link to add to the aggregation.
Multiple links can be added by supplying multiple -l
options.

-t, --temporary
Specifies that the additions are temporary. Temporary
additions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm remove-aggr [-t] [-R root-dir] -l ether-link [-l ether-link]...
aggr-link

Removes links from the specified aggregation.

-l ether-link, --link=ether-link
Specifies an Ethernet link to remove from the aggregation.
Multiple links can be removed by supplying multiple -l
options.

-t, --temporary
Specifies that the removals are temporary. Temporary
removals last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
[aggr-link]

Show aggregation configuration (the default), LACP information,
or statistics, either for all aggregations or for the specified
aggregation.

By default (with no options), the following fields can be
displayed:

LINK The name of the aggregation link.

POLICY The LACP policy of the aggregation. See the
create-aggr -P option for a description of the
possible values.

ADDRPOLICY Either `auto', if the aggregation is configured to
automatically configure its unicast MAC address
(the default if the -u option was not used to
create or modify the aggregation), or `fixed', if
-u was used to set a fixed MAC address.

LACPACTIVITY The LACP mode of the aggregation. Possible values
are `off', `active', or `passive', as set by the -l
option to create-aggr or modify-aggr.

LACPTIMER The LACP timer value of the aggregation as set by
the -T option of create-aggr or modify-aggr.

FLAGS A set of state flags associated with the
aggregation. The only possible flag is `f', which
is displayed if the administrator forced the
creation the aggregation using the -f option to
create-aggr. Other flags might be defined in the
future.

The show-aggr command accepts the following options:

-L, --lacp
Displays detailed LACP information for the aggregation link
and each underlying port. Most of the state information
displayed by this option is defined by IEEE 802.3. With
this option, the following fields can be displayed:

LINK The name of the aggregation link.

PORT The name of one of the underlying aggregation
ports.

AGGREGATABLE Whether the port can be added to the
aggregation.

SYNC If `yes', the system considers the port to be
synchronized and part of the aggregation.

COLL If `yes', collection of incoming frames is
enabled on the associated port.

DIST If `yes', distribution of outgoing frames is
enabled on the associated port.

DEFAULTED If `yes', the port is using defaulted partner
information (that is, has not received LACP
data from the LACP partner).

EXPIRED If `yes', the receive state of the port is in
the EXPIRED state.

-x, --extended
Display additional aggregation information including
detailed information on each underlying port. With -x, the
following fields can be displayed:

LINK The name of the aggregation link.

PORT The name of one of the underlying aggregation
ports.

SPEED The speed of the link or port in megabits per
second.

DUPLEX The full/half duplex status of the link or
port is displayed if the link state is `up'.
The duplex status is displayed as `unknown'
in all other cases.

STATE The link state. This can be `up', `down', or
`unknown'.

ADDRESS The MAC address of the link or port.

PORTSTATE This indicates whether the individual
aggregation port is in the `standby' or
`attached' state.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed above, or the special value all, to display all
fields. The fields applicable to the -o option are limited
to those listed under each output mode. For example, if
using -L, only the fields listed under -L, above, can be
used with -o.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-p, --persistent
Display the persistent aggregation configuration rather
than the state of the running system.

-s, --statistics
Displays aggregation statistics.

-i interval, --interval=interval
Used with the -s option to specify an interval, in seconds,
at which statistics should be displayed. If this option is
not specified, statistics will be displayed only once.

dladm create-bridge [-R root-dir] [-P protect] [-p priority] [-m
max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
[-l link]... bridge-name

Create an 802.1D bridge instance and optionally assign one or
more network links to the new bridge. By default, no bridge
instances are present on the system.

In order to bridge between links, you must create at least one
bridge instance. Each bridge instance is separate, and there is
no forwarding connection between bridges.

-P protect, --protect=protect
Specifies a protection method. The defined protection
methods are stp for the Spanning Tree Protocol and trill
for TRILL, which is used on RBridges. The default value is
stp.

-R root-dir, --root-dir=root-dir
See Options, above.

-p priority, --priority=priority
Specifies the Bridge Priority. This sets the IEEE STP
priority value for determining the root bridge node in the
network. The default value is 32768. Valid values are 0
(highest priority) to 61440 (lowest priority), in
increments of 4096.

If a value not evenly divisible by 4096 is used, the system
silently rounds downwards to the next lower value that is
divisible by 4096.

-m max-age, --max-age=max-age
Specifies the maximum age for configuration information in
seconds. This sets the STP Bridge Max Age parameter. This
value is used for all nodes in the network if this node is
the root bridge. Bridge link information older than this
time is discarded. It defaults to 20 seconds. Valid
values are from 6 to 40 seconds. See the -d forward-delay
parameter for additional constraints.

-h hello-time, --hello-time=hello-time
Specifies the STP Bridge Hello Time parameter. When this
node is the root node, it sends Configuration BPDUs at this
interval throughout the network. The default value is 2
seconds. Valid values are from 1 to 10 seconds. See the
-d forward-delay parameter for additional constraints.

-d forward-delay, --forward-delay=forward-delay
Specifies the STP Bridge Forward Delay parameter. When
this node is the root node, then all bridges in the network
use this timer to sequence the link states when a port is
enabled. The default value is 15 seconds. Valid values
are from 4 to 30 seconds.

Bridges must obey the following two constraints:

2 * (forward-delay - 1.0) >= max-age

max-age >= 2 * (hello-time + 1.0)

Any parameter setting that would violate those constraints
is treated as an error and causes the command to fail with
a diagnostic message. The message provides valid
alternatives to the supplied values.

-f force-protocol, --force-protocol=force-protocol
Specifies the MSTP forced maximum supported protocol. The
default value is 3. Valid values are non-negative
integers. The current implementation does not support RSTP
or MSTP, so this currently has no effect. However, to
prevent MSTP from being used in the future, the parameter
may be set to 0 for STP only or 2 for STP and RSTP.

-l link, --link=link
Specifies one or more links to add to the newly-created
bridge. This is similar to creating the bridge and then
adding one or more links, as with the add-bridge
subcommand. However, if any of the links cannot be added,
the entire command fails, and the new bridge itself is not
created. To add multiple links on the same command line,
repeat this option for each link. You are permitted to
create bridges without links. For more information about
link assignments, see the add-bridge subcommand.

Bridge creation and link assignment require the
PRIV_SYS_DL_CONFIG privilege. Bridge creation might fail if the
optional bridging feature is not installed on the system.

dladm modify-bridge [-R root-dir] [-P protect] [-p priority] [-m
max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
bridge-name

Modify the operational parameters of an existing bridge. The
options are the same as for the create-bridge subcommand, except
that the -l option is not permitted. To add links to an existing
bridge, use the add-bridge subcommand.

Bridge parameter modification requires the PRIV_SYS_DL_CONFIG
privilege.

dladm delete-bridge [-R root-dir] bridge-name
Delete a bridge instance. The bridge being deleted must not have
any attached links. Use the remove-bridge subcommand to
deactivate links before deleting a bridge.

Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.

The -R (--root-dir) option is the same as for the create-bridge
subcommand.

dladm add-bridge [-R root-dir] -l link [-l link]... bridge-name

Add one or more links to an existing bridge. If multiple links
are specified, and adding any one of them results in an error,
the command fails and no changes are made to the system.

Link addition to a bridge requires the PRIV_SYS_DL_CONFIG
privilege.

A link may be a member of at most one bridge. An error occurs
when you attempt to add a link that already belongs to another
bridge. To move a link from one bridge instance to another,
remove it from the current bridge before adding it to a new one.

The links assigned to a bridge must not also be VLANs, VNICs, or
tunnels. Only physical Ethernet datalinks, aggregation
datalinks, wireless links, and Ethernet stubs are permitted to be
assigned to a bridge.

Links assigned to a bridge must all have the same MTU. This is
checked when the link is assigned. The link is added to the
bridge in a deactivated form if it is not the first link on the
bridge and it has a differing MTU.

Note that systems using bridging should not set the eeprom(8)
local-mac-address? variable to false.

The options are the same as for the create-bridge subcommand.

dladm remove-bridge [-R root-dir] -l link [-l link]... bridge-name

Remove one or more links from a bridge instance. If multiple
links are specified, and removing any one of them would result in
an error, the command fails and none are removed.

Link removal from a bridge requires the PRIV_SYS_DL_CONFIG
privilege.

The options are the same as for the create-bridge subcommand.

dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field[,...]]
bridge-name

Show the running status and configuration of bridges, their
attached links, learned forwarding entries, and TRILL nickname
databases. When showing overall bridge status and configuration,
the bridge name can be omitted to show all bridges. The other
forms require a specified bridge.

The show-bridge subcommand accepts the following options:

-i interval, --interval=interval
Used with the -s option to specify an interval, in seconds,
at which statistics should be displayed. If this option is
not specified, statistics will be displayed only once.

-s, --statistics
Display statistics for the specified bridges or for a given
bridge's attached links. This option cannot be used with
the -f and -t options.

-p, --parsable
Display using a stable machine-parsable format. See
Parsable Output Format, below.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field names are described below. The
special value all displays all fields. Each set of fields
has its own default set to display when -o is not
specified.

By default, the show-bridge subcommand shows bridge
configuration. The following fields can be shown:

BRIDGE The name of the bridge.

ADDRESS The Bridge Unique Identifier value (MAC address).

PRIORITY Configured priority value; set by -p with
create-bridge and modify-bridge.

BMAXAGE Configured bridge maximum age; set by -m with
create-bridge and modify-bridge.

BHELLOTIME Configured bridge hello time; set by -h with
create-bridge and modify-bridge.

BFWDDELAY Configured forwarding delay; set by -d with
create-bridge and modify-bridge.

FORCEPROTO Configured forced maximum protocol; set by -f with
create-bridge and modify-bridge.

TCTIME Time, in seconds, since last topology change.

TCCOUNT Count of the number of topology changes.

TCHANGE This indicates that a topology change was detected.

DESROOT Bridge Identifier of the root node.

ROOTCOST Cost of the path to the root node.

ROOTPORT Port number used to reach the root node.

MAXAGE Maximum age value from the root node.

HELLOTIME Hello time value from the root node.

FWDDELAY Forward delay value from the root node.

HOLDTIME Minimum BPDU interval.

By default, when the -o option is not specified, only the BRIDGE,
ADDRESS, PRIORITY, and DESROOT fields are shown.

When the -s option is specified, the show-bridge subcommand shows
bridge statistics. The following fields can be shown:

BRIDGE Bridge name.

DROPS Number of packets dropped due to resource problems.

FORWARDS Number of packets forwarded from one link to another.

MBCAST Number of multicast and broadcast packets handled by
the bridge.

RECV Number of packets received on all attached links.

SENT Number of packets sent on all attached links.

UNKNOWN Number of packets handled that have an unknown
destination. Such packets are sent to all links.

By default, when the -o option is not specified, only the BRIDGE,
DROPS, and FORWARDS fields are shown.

The show-bridge subcommand also accepts the following options:

-l, --link
Displays link-related status and statistics information for
all links attached to a single bridge instance. By using
this option and without the -s option, the following fields
can be displayed for each link:

LINK The link name.

INDEX Port (link) index number on the bridge.

STATE State of the link. The state can be `disabled',
`discarding', `learning', `forwarding',
`non-stp', or `bad-mtu'.

UPTIME Number of seconds since the last reset or
initialization.

OPERCOST Actual cost in use (1-65535).

OPERP2P This indicates whether point-to-point (P2P) mode
been detected.

OPEREDGE This indicates whether edge mode has been
detected.

DESROOT The Root Bridge Identifier that has been seen on
this port.

DESCOST Path cost to the network root node through the
designated port.

DESBRIDGE Bridge Identifier for this port.

DESPORT The ID and priority of the port used to transmit
configuration messages for this port.

TCACK This indicates whether Topology Change
Acknowledge has been seen.

When the -l option is specified without the -o option, only
the LINK, STATE, UPTIME, and DESROOT fields are shown.

When the -l option is specified, the -s option can be used
to display the following fields for each link:

LINK Link name.

CFGBPDU Number of configuration BPDUs received.

TCNBPDU Number of topology change BPDUs received.

RSTPBPDU Number of Rapid Spanning Tree BPDUs received.

TXBPDU Number of BPDUs transmitted.

DROPS Number of packets dropped due to resource
problems.

RECV Number of packets received by the bridge.

XMIT Number of packets sent by the bridge.

When the -o option is not specified, only the LINK, DROPS,
RECV, and XMIT fields are shown.

-f, --forwarding
Displays forwarding entries for a single bridge instance.
With this option, the following fields can be shown for
each forwarding entry:

DEST Destination MAC address.

AGE Age of entry in seconds and milliseconds. Omitted
for local entries.

FLAGS The L (local) flag is shown if the MAC address
belongs to an attached link or to a VNIC on one of
the attached links.

OUTPUT For local entries, this is the name of the
attached link that has the MAC address.
Otherwise, for bridges that use Spanning Tree
Protocol, this is the output interface name. For
RBridges, this is the output TRILL nickname.

When the -o option is not specified, the DEST, AGE, FLAGS,
and OUTPUT fields are shown.

-t, --trill
Displays TRILL nickname entries for a single bridge
instance. With this option, the following fields can be
shown for each TRILL nickname entry:

NICK TRILL nickname for this RBridge, which is a number
from 1 to 65535.

FLAGS The L flag is shown if the nickname identifies the
local system.

LINK Link name for output when sending messages to this
RBridge.

NEXTHOP MAC address of the next hop RBridge that is used
to reach the RBridge with this nickname.

When the -o option is not specified, the NICK, FLAGS, LINK,
and NEXTHOP fields are shown.

dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]

Create a tagged VLAN link with an ID of vid over Ethernet link
ether-link. The name of the VLAN link can be specified as vlan-
link. If the name is not specified, a name will be automatically
generated (assuming that ether-link is namePPA) as:

<name><1000 * vid + PPA>

For example, if ether-link is bge1 and vid is 2, the name
generated is bge2001.

-f, --force
Force the creation of the VLAN link. Some devices do not
allow frame sizes large enough to include a VLAN header.
When creating a VLAN link over such a device, the -f option
is needed, and the MTU of the IP interfaces on the
resulting VLAN must be set to 1496 instead of 1500.

-l ether-link
Specifies Ethernet link over which VLAN is created.

-t, --temporary
Specifies that the VLAN link is temporary. Temporary VLAN
links last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm delete-vlan [-t] [-R root-dir] vlan-link

Delete the VLAN link specified.

The delete-vlan subcommand accepts the following options:

-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]

Display VLAN configuration for all VLAN links or for the
specified VLAN link.

The show-vlan subcommand accepts the following options:

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all, to display all
fields. For each VLAN link, the following fields can be
displayed:

LINK The name of the VLAN link.

VID The ID associated with the VLAN.

OVER The name of the physical link over which this VLAN
is configured.

FLAGS A set of flags associated with the VLAN link.
Possible flags are:

-f The VLAN was created using the -f option to
create-vlan.

-i The VLAN was implicitly created when the DLPI
link was opened. These VLAN links are
automatically deleted on last close of the
DLPI link (for example, when the IP interface
associated with the VLAN link is unplumbed).

Additional flags may be defined in the future.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-P, --persistent
Display the persistent VLAN configuration rather than the
state of the running system.

dladm scan-wifi [[-p] -o field[,...]] [wifi-link]

Scans for WiFi networks, either on all WiFi links, or just on the
specified wifi-link.

By default, currently all fields but BSSTYPE are displayed.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all to display all
fields. For each WiFi network found, the following fields
can be displayed:

LINK The name of the link the WiFi network is on.

ESSID The ESSID (name) of the WiFi network.

BSSID Either the hardware address of the WiFi network's
Access Point (for BSS networks), or the WiFi
network's randomly generated unique token (for
IBSS networks).

SEC Either `none' for a WiFi network that uses no
security, `wep' for a WiFi network that requires
WEP (Wired Equivalent Privacy), or `wpa' for a
WiFi network that requires WPA (Wi-Fi Protected
Access).

MODE The supported connection modes: one or more of
`a', `b', or `g'.

STRENGTH The strength of the signal: one of `excellent',
`very good', `good', `weak', or `very weak'.

SPEED The maximum speed of the WiFi network, in
megabits per second.

BSSTYPE Either `bss' for `BSS' (infrastructure) networks,
or `ibss' for `IBSS' (ad-hoc) networks.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none|wep|wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g]
[-T time] [wifi-link]

Connects to a WiFi network. This consists of four steps:
discovery, filtration, prioritization, and association. However,
to enable connections to non-broadcast WiFi networks and to
improve performance, if a BSSID or ESSID is specified using the
-e or -i options, then the first three steps are skipped and
connect-wifi immediately attempts to associate with a BSSID or
ESSID that matches the rest of the provided parameters. If this
association fails, but there is a possibility that other networks
matching the specified criteria exist, then the traditional
discovery process begins as specified below.

The discovery step finds all available WiFi networks on the
specified WiFi link, which must not yet be connected. For
administrative convenience, if there is only one WiFi link on the
system, wifi-link can be omitted.

Once discovery is complete, the list of networks is filtered
according to the value of the following options:

-e essid, --essid=essid
Networks that do not have the same essid are filtered out.

-b bss|ibss, --bsstype=bss|ibss
Networks that do not have the same bsstype are filtered
out.

-m a|b|g, --mode=a|b|g
Networks not appropriate for the specified 802.11 mode are
filtered out.

-k key[,...], --key=key[,...]
Use the specified secobj named by the key to connect to the
network. Networks not appropriate for the specified keys
are filtered out.

-s none|wep|wpa, --sec=none|wep|wpa
Networks not appropriate for the specified security mode
are filtered out.

Next, the remaining networks are prioritized, first by signal
strength, and then by maximum speed. Finally, an attempt is made
to associate with each network in the list, in order, until one
succeeds or no networks remain.

In addition to the options described above, the following options
also control the behavior of connect-wifi:

-a open|shared, --auth=open|shared
Connect using the specified authentication mode. By
default, open and shared are tried in order.

-c, --create-ibss
Used with -b ibss to create a new ad-hoc network if one
matching the specified ESSID cannot be found. If no ESSID
is specified, then -c -b ibss always triggers the creation
of a new ad-hoc network.

-T time, --timeout=time
Specifies the number of seconds to wait for association to
succeed. If time is forever, then the associate will wait
indefinitely. The current default is ten seconds, but this
might change in the future. Timeouts shorter than the
default might not succeed reliably.

-k key[,...], --key=key[,...]
In addition to the filtering previously described, the
specified keys will be used to secure the association. The
security mode to use will be based on the key class; if a
security mode was explicitly specified, it must be
compatible with the key class. All keys must be of the
same class.

For security modes that support multiple key slots, the
slot to place the key will be specified by a colon followed
by an index. Therefore, -k mykey:3 places mykey in slot 3.
By default, slot 1 is assumed. For security modes that
support multiple keys, a comma-separated list can be
specified, with the first key being the active key.

dladm disconnect-wifi [-a] [wifi-link]

Disconnect from one or more WiFi networks. If wifi-link
specifies a connected WiFi link, then it is disconnected. For
administrative convenience, if only one WiFi link is connected,
wifi-link can be omitted.

-a, --all-links
Disconnects from all connected links. This is primarily
intended for use by scripts.

dladm show-wifi [[-p] -o field[,...]] [wifi-link]

Shows WiFi configuration information either for all WiFi links or
for the specified wifi-link.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all, to display all
fields. For each WiFi link, the following fields can be
displayed:

LINK The name of the link being displayed.

STATUS Either `connected' if the link is connected, or
`disconnected' if it is not connected. If the
link is disconnected, all remaining fields have
the value `--'.

ESSID The ESSID (name) of the connected WiFi network.

BSSID Either the hardware address of the WiFi network's
Access Point (for BSS networks), or the WiFi
network's randomly generated unique token (for
IBSS networks).

SEC Either `none' for a WiFi network that uses no
security, `wep' for a WiFi network that requires
WEP, or `wpa' for a WiFi network that requires
WPA.

MODE The supported connection modes: one or more of
`a', `b', or `g'.

STRENGTH The connection strength: one of `excellent',
`very good', `good', `weak', or `very weak'.

SPEED The connection speed, in megabits per second.

AUTH Either `open' or `shared' (see connect-wifi).

BSSTYPE Either `bss' for `BSS' (infrastructure) networks,
or `ibss' for `IBSS' (ad-hoc) networks.

By default, currently all fields but AUTH, BSSID, and
BSSTYPE are displayed.

-p, --parsable
Displays using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]

Shows state information either for all physical Ethernet links or
for a specified physical Ethernet link.

The show-ether subcommand accepts the following options:

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all to display all
fields. For each link, the following fields can be
displayed:

LINK The name of the link being displayed.

PTYPE Parameter type, where `current' indicates the
negotiated state of the link, `capable' indicates
capabilities supported by the device, `adv'
indicates the advertised capabilities, and `peeradv'
indicates the capabilities advertised by the link-
partner.

STATE The state of the link.

AUTO A yes/no value indicating whether auto-negotiation
is advertised.

SPEED-DUPLEX
Combinations of speed and duplex values available.
The units of speed are encoded with a trailing
suffix of `G' (Gigabits/s) or `M' (Mb/s). Duplex
values are encoded as `f' (full-duplex) or `h'
(half-duplex).

PAUSE Flow control information. Can be `no', indicating
no flow control is available; `tx', indicating that
the end-point can transmit pause frames, but ignores
any received pause frames; `rx', indicating that the
end-point receives and acts upon received pause
frames; or `bi', indicating bi-directional flow-
control.

REM_FAULT
Fault detection information. Valid values are
`none' or `fault'.

By default, all fields except REM_FAULT are displayed for
the "current" PTYPE.

-p, --parsable
Displays using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-x, --extended
Extended output is displayed for PTYPE values of `current',
`capable', `adv' and `peeradv'.

dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link

Sets the values of one or more properties on the link specified.
The list of properties and their possible values depend on the
link type, the network device driver, and networking hardware.
These properties can be retrieved using show-linkprop.

-t, --temporary
Specifies that the changes are temporary. Temporary
changes last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the
specified values.

Note that when the persistent value is set, the temporary value
changes to the same value.

dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link

Resets one or more properties to their values on the link
specified. Properties are reset to the values they had at
startup. If no properties are specified, all properties are
reset. See show-linkprop for a description of properties.

-t, --temporary
Specifies that the resets are temporary. Values are reset
to default values. Temporary resets last until the next
reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-p prop[,...], --prop=prop[,...]
A comma-separated list of properties to reset.

Note that when the persistent value is reset, the temporary value
changes to the same value.

dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]

Show the current or persistent values of one or more properties,
either for all datalinks or for the specified link. By default,
current values are shown. If no properties are specified, all
available link properties are displayed. For each property, the
following fields are displayed:

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all to display all
fields. For each link, the following fields can be
displayed:

LINK The name of the datalink.

PROPERTY The name of the property.

PERM The read/write permissions of the property. The
value shown is one of `ro' or `rw'.

VALUE The current (or persistent) property value. If
the value is not set, it is shown as `--'. If it
is unknown, the value is shown as `'?.
Persistent values that are not set or have been
reset will be shown as `--' and will use the
system DEFAULT value (if any).

DEFAULT The default value of the property. If the
property has no default value, `--' is shown.

POSSIBLE A comma-separated list of the values the property
can have. If the values span a numeric range,
`min-max' might be shown as shorthand. If the
possible values are unknown or unbounded, `--' is
shown.

The list of properties depends on the link type and network
device driver, and the available values for a given
property further depends on the underlying network hardware
and its state. General link properties are documented in
the LINK PROPERTIES section. However, link properties that
begin with underscore (_) are specific to a given link or
its underlying network device and subject to change or
removal. See the appropriate network device driver man
page for details.

-c, --parsable
Display using a stable machine-parsable format. The -o
option is required with this option. See Parsable Output
Format, below.

-P, --persistent
Display persistent link property information.

-p prop[,...], --prop=prop[,...]
A comma-separated list of properties to show. See the
sections on link properties following subcommand
descriptions.

dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj

Create a secure object named secobj in the specified class to be
later used as a WEP or WPA key in connecting to an encrypted
network. The value of the secure object can either be provided
interactively or read from a file. The sequence of interactive
prompts and the file format depends on the class of the secure
object.

Currently, the classes `wep' and `wpa' are supported. The `WEP'
(Wired Equivalent Privacy) key can be either 5 or 13 bytes long.
It can be provided either as an ASCII or hexadecimal string --
thus, 12345 and 0x3132333435 are equivalent 5-byte keys (the 0x
prefix can be omitted). A file containing a `WEP' key must
consist of a single line using either `WEP' key format. The WPA
(Wi-Fi Protected Access) key must be provided as an ASCII string
with a length between 8 and 63 bytes.

This subcommand is only usable by users or roles that belong to
the "Network Link Security" RBAC profile.

-c class, --class=class
class can be `wep' or `wpa'. See preceding discussion.

-t, --temporary
Specifies that the creation is temporary. Temporary
creation lasts until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-f file, --file=file
Specifies a file that should be used to obtain the secure
object's value. The format of this file depends on the
secure object class. See the EXAMPLES section for an
example of using this option to set a WEP key.

dladm delete-secobj [-t] [-R root-dir] secobj[,...]

Delete one or more specified secure objects. This subcommand is
only usable by users or roles that belong to the "Network Link
Security" RBAC profile.

-t, --temporary
Specifies that the deletions are temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-secobj [-P] [[-p] -o field[,...]] [secobj[,...]]

Show current or persistent secure object information. If one or
more secure objects are specified, then information for each is
displayed. Otherwise, all current or persistent secure objects
are displayed.

By default, current secure objects are displayed, which are all
secure objects that have either been persistently created and not
temporarily deleted, or temporarily created.

For security reasons, it is not possible to show the value of a
secure object.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below. For displayed secure object, the following
fields can be shown:

OBJECT The name of the secure object.

CLASS The class of the secure object.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-P, --persistent
Display persistent secure object information

dladm create-vnic [-t] [-R root-dir] -l link [-m value | auto | factory
-n slot-identifier | random [-r prefix]] [-v vlan-id] [-p
prop=value[,...]] vnic-link

Create a VNIC with name vnic-link over the specified link.

-t, --temporary
Specifies that the VNIC is temporary. Temporary VNICs last
until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-l link, --link=link
link can be a physical link, an etherstub or an overlay.

-m value|keyword, --mac-address=value|keyword
Sets the VNIC's MAC address based on the specified value or
keyword. If value is not a keyword, it is interpreted as a
unicast MAC address, which must be valid for the underlying
NIC. The following special keywords can be used:

factory [-n slot-identifier]
factory [--slot=slot-identifier]
Assign a factory MAC address to the VNIC. When a
factory MAC address is requested, -m can be combined
with the -n option to specify a MAC address slot to
be used. If -n is not specified, the system will
choose the next available factory MAC address. The
-m option of the show-phys subcommand can be used to
display the list of factory MAC addresses, their slot
identifiers, and their availability.
random [-r prefix]
random [--mac-prefix=prefix]
Assign a random MAC address to the VNIC. A default
prefix consisting of a valid IEEE OUI with the local
bit set will be used. That prefix can be overridden
with the -r option.
auto Try and use a factory MAC address first. If none is
available, assign a random MAC address. auto is the
default action if the -m option is not specified.
-v vlan-id
Enable VLAN tagging for this VNIC. The VLAN tag will
have id vlan-id.

-p prop[,...], --prop=prop[,...]
A comma-separated list of properties to set to the
specified values.

dladm delete-vnic [-t] [-R root-dir] vnic-link

Deletes the specified VNIC.

-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-vnic [-P] [[-p] -o field[,...]] [-s [-i interval]] [-l link]
[vnic-link]

Show VNIC configuration information (the default) or statistics,
for all VNICs, all VNICs on a link, or only the specified
vnic-link.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below. The field name must be one of the fields
listed below, or the special value all to display all
fields. By default (without -o), show-vnic displays all
fields.

LINK The name of the VNIC.

OVER The name of the physical link over which this
VNIC is configured.

SPEED The maximum speed of the VNIC, in megabits per
second.

MACADDRESS MAC address of the VNIC.

MACADDRTYPE MAC address type of the VNIC. dladm
distinguishes among the following MAC address
types:

random A random address assigned to the
VNIC.

factory A factory MAC address used by the
VNIC.

VID The VLAN ID for the VNIC.

ZONE The zone to which the VNIC is currently
assigned.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-P, --persistent
Display the persistent VNIC configuration.

-s, --statistics
Displays VNIC statistics.

-i interval, --interval=interval
Used with the -s option to specify an interval, in seconds,
at which statistics should be displayed. If this option is
not specified, statistics will be displayed only once.

-l link, --link=link
Display information for all VNICs on the named link.

dladm create-etherstub [-t] [-R root-dir] etherstub

Create an etherstub with the specified name.

-t, --temporary
Specifies that the etherstub is temporary. Temporary
etherstubs do not persist across reboots.

-R root-dir, --root-dir=root-dir
See Options, above.

VNICs can be created on top of etherstubs instead of physical
NICs. As with physical NICs, such a creation causes the stack to
implicitly create a virtual switch between the VNICs created on
top of the same etherstub.

dladm delete-etherstub [-t] [-R root-dir] etherstub

Delete the specified etherstub.

-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-etherstub [etherstub]

Show all configured etherstubs by default, or the specified
etherstub if etherstub is specified.

dladm create-iptun [-t] [-R root-dir] -T type
[-a {local|remote}=addr[,...]] iptun-link

Create an IP tunnel link named iptun-link. Such links can
additionally be protected with IPsec using ipsecconf(8).

An IP tunnel is conceptually comprised of two parts: a virtual
link between two or more IP nodes, and an IP interface above this
link that allows the system to transmit and receive IP packets
encapsulated by the underlying link. This subcommand creates a
virtual link. The ifconfig(8) command is used to configure IP
interfaces above the link.

-t, --temporary
Specifies that the IP tunnel link is temporary. Temporary
tunnels last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-T type, --tunnel-type=type
Specifies the type of tunnel to be created. The type must
be one of the following:

ipv4 A point-to-point, IP-over-IP tunnel between two IPv4
nodes. This type of tunnel requires IPv4 source and
destination addresses to function. IPv4 and IPv6
interfaces can be plumbed above such a tunnel to
create IPv4-over-IPv4 and IPv6-over-IPv4 tunneling
configurations.

ipv6 A point-to-point, IP-over-IP tunnel between two IPv6
nodes as defined in IETF RFC 2473. This type of
tunnel requires IPv6 source and destination addresses
to function. IPv4 and IPv6 interfaces can be plumbed
above such a tunnel to create IPv4-over-IPv6 and
IPv6-over-IPv6 tunneling configurations.

6to4 A 6to4, point-to-multipoint tunnel as defined in IETF
RFC 3056. This type of tunnel requires an IPv4
source address to function. An IPv6 interface is
plumbed on such a tunnel link to configure a 6to4
router.

-a local=addr
Literal IP address or hostname corresponding to the tunnel
source. If a hostname is specified, it will be resolved to
IP addresses, and one of those IP addresses will be used as
the tunnel source. As IP tunnels are created before naming
services have been brought online during the boot process,
it is important that any hostname used be included in
/etc/inet/hosts. -a remote=addr Literal IP address or
hostname corresponding to the tunnel destination.

dladm modify-iptun [-t] [-R root-dir] [-a {local|remote}=addr[,...]]
iptun-link

Modify the parameters of the specified IP tunnel.

-t, --temporary
Specifies that the modification is temporary. Temporary
modifications last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

-a local=addr
Specifies a new tunnel source address. See create-iptun
for a description.

-a remote=addr
Specifies a new tunnel destination address. See
create-iptun for a description.

delete-iptun [-t] [-R root-dir] iptun-link

Delete the specified IP tunnel link.

-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.

-R root-dir, --root-dir=root-dir
See Options, above.

dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]

Show IP tunnel link configuration for a single IP tunnel or all
IP tunnels.

-P, --persistent
Display the persistent IP tunnel configuration.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all, to display all
fields. By default (without -o), show-iptun displays all
fields.

LINK The name of the IP tunnel link.

TYPE Type of tunnel as specified by the -T option of
create-iptun.

FLAGS A set of flags associated with the IP tunnel link.
Possible flags are:

s The IP tunnel link is protected by IPsec
policy. To display the IPsec policy
associated with the tunnel link, enter:

ipsecconf -ln -i tunnel-link

See ipsecconf(8) for more details on how to
configure IPsec policy.

i The IP tunnel link was implicitly created
with ifconfig(8), and will be automatically
deleted when it is no longer referenced (that
is, when the last IP interface over the
tunnel is unplumbed). See ifconfig(8) for
details on implicit tunnel creation.

LOCAL The tunnel source address on the local system.

REMOTE The tunnel destination address on the remote
system.

dladm create-overlay [-t] -e encap -s search -v vnetid
[-p prop=value[,...]] overlay

Create an overlay device named overlay.

Overlay devices are similar to etherstubs. VNICs can be created
on top of them. However, unlike an etherstub which is local to
the system, an overlay device can be configured to communicate to
remote hosts, providing a means for network virtualization. The
way in which it does this is described by the encapsulation
module and the search plugin. For more information on these, see
overlay(7).

An overlay device has a series of required and optional
properties. These properties vary based upon the search and
encapsulation modules and are fully specified in overlay(7). Not
every property needs to be specified -- some have default values
which will be used if nothing specific is specified. For
example, the default port for VXLAN comes from its IANA standard.
If a required property is missing, the command will fail and
inform you of the missing properties.

-t, --temporary
Specifies that the overlay is temporary. Temporary
overlays last until the next reboot.

-e encap, --encap=encap
Use encap as the encapsulation plugin for the overlay
device overlay. The encapsulation plugin determines how
packets are transformed before being put on the wire.

-s search, --search=search
Use search as the search plugin for overlay. The search
plugin determines how non-local targets are found and where
packets are directed to.

-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the
specified values.

-v vnetid, --vnetid=vnetid
Sets the virtual networking identifier to vnetid. A
virtual network identifier determines is similar to a VLAN
identifier, in that it identifies a unique virtual network.
All overlay devices on the system share the same space for
the virtual network identifier. However, the valid range
of identifiers is determined by the encapsulation plugin
specified by -e.

dladm delete-overlay [-t] overlay

Delete the specified overlay. This will fail if there are VNICs
on top of the device.

-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.

dladm modify-overlay -d mac | -f | -s mac=ip:port overlay

Modifies the target tables for the specified overlay.

The different options allow for different ways of modifying the
target table. One of -d, -f, and -s is required. This is not
applicable for all kinds of overlay devices. For more
information, see overlay(7).

-d mac, --delete-entry=mac
Deletes the entry for mac from the target table for
overlay. Note, if a lookup is pending or outstanding, this
does not cancel it or stop it from updating the value.

-f, --flush-table
Flushes all values in the target table for overlay.

-s mac=value, --set-entry=mac=value
Sets the value of overlay's target table entry for mac to
the specified value. The specified value varies upon the
encapsulation plugin. The value may be a combination of a
MAC address, IP address, and port. Generally, this looks
like [mac,][IP:][port]. If a component is the last one,
then there is no need for a separator. eg. if just the
MAC address or IP is needed, it would look like mac and IP
respectively.

dladm show-overlay [-f | -t] [[-p] -o field[,...]] [overlay]

Shows overlay configuration (the default), internal target tables
(-t), or the FMA state (-f), either for all overlays or the
specified overlay.

By default (with neither -f or -t specified), the following
fields will be displayed:

LINK The name of the overlay.

PROPERTY The name of the property.

PERM The read/write permissions of the property. The value
shown is one of `r-' or `rw'.

VALUE The current property value. If the value is not set,
it is shown as `--'. If it is unknown, the value is
shown as `?'.

DEFAULT The default value of the property. If the property has
no default value, `--' is shown.

POSSIBLE A comma-separated list of the values the property can
have. If the values span a numeric range, `min-max' If
the possible values are unknown or unbounded, `--' is
shown.

When the -f option is used, the following fields will be
displayed:

LINK The name of the overlay.

STATUS Either `ONLINE' or `DEGRADED'.

DETAILS When the overlay's status is `ONLINE', then this has
the value `--'. Otherwise, when it is `DEGRADED', this
field provides a more detailed explanation as to why
it's degraded.

When the -t option is used, the following fields will be
displayed:

LINK The name of the overlay.

TARGET The target MAC address of a table entry.

DESTINATION
The address that an encapsulated packet will be sent to
when a packet has the address specified by `TARGET'.

The show-overlay command supports the following options:

-f, --fma
Displays information about an overlay device's FMA state.

-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed above, or the special value all, to display all
fields. The fields applicable to the -o option are limited
to those listed under each output mode. For example, if
using -L, only the fields listed under -L, above, can be
used with -o.

-p, --parsable
Display using a stable machine-parsable format. The -o
option is required with -p. See Parsable Output Format,
below.

-t, --target
Displays information about an overlay device's target
table. For more information on the target table, see
overlay(7).

dladm show-usage [-a] -f filename [-p plotfile -F format]
[-s time ][-e time] [link]

Show the historical network usage from a stored extended
accounting file. Configuration and enabling of network
accounting through acctadm(8) is required. The default output
will be the summary of network usage for the entire period of
time in which extended accounting was enabled.
-a Display all historical network usage for the specified
period of time during which extended accounting is enabled.
This includes the usage information for the links that have
already been deleted.

-f filename, --file=filename
Read extended accounting records of network usage from
filename.

-F format, --format=format
Specifies the format of plotfile that is specified by the
-p option. gnuplot is the only currently supported format.

-p plotfile, --plot=plotfile
Write network usage data to a file of the format specified
by the -F option, which is required.

-s time, --start=time
-e time, --stop=time
Start and stop times for data display. Time is in the
format MM/DD/YYYY,hh:mm:ss

link If specified, display the network usage only for the named
link. Otherwise, display network usage for all links.

Parsable Output Format

Many dladm subcommands have an option that displays output in a
machine-parsable format. The output format is one or more lines of
colon (:) delimited fields. The fields displayed are specific to the
subcommand used and are listed under the entry for the -o option for a
given subcommand. Output includes only those fields requested by means
of the -o option, in the order requested.

When you request multiple fields, any literal colon characters are
escaped by a backslash (\) before being output. Similarly, literal
backslash characters will also be escaped (\\). This escape format is
parsable by using shell read(1) functions with the environment variable
IFS=: (see EXAMPLES, below). Note that escaping is not done when you
request only a single field.

General Link Properties

The following general link properties are supported:

allowed-ips
A comma-separated list of IP addresses that are allowed on the
interface.

An address in CIDR format with no host address specified is used
to indicate that any address on that subnet is allowed (e.g.
192.168.10.0/24 means any address in the range 192.168.10.0 -
192.168.10.255 is allowed).

autopush
Specifies the set of STREAMS modules to push on the stream
associated with a link when its DLPI device is opened. It is a
space-delimited list of modules.

The optional special character sequence `[anchor]' indicates that
a STREAMS anchor should be placed on the stream at the module
previously specified in the list. It is an error to specify more
than one anchor or to have an anchor first in the list.

The autopush property is preferred over the more general
autopush(8) command.

cpus Bind the processing of packets for a given data link to a
processor or a set of processors. The value can be a comma-
separated list of one or more processor ids. If the list
consists of more than one processor, the processing will spread
out to all the processors. Connection to processor affinity and
packet ordering for any individual connection will be maintained.

The processor or set of processors are not exclusively reserved
for the link. Only the kernel threads and interrupts associated
with processing of the link are bound to the processor or the set
of processors specified. In case it is desired that processors
be dedicated to the link, psrset(8) can be used to create a
processor set and then specifying the processors from the
processor set to bind the link to.

If the link was already bound to processor or set of processors
due to a previous operation, the binding will be removed and the
new set of processors will be used instead.

The default is no CPU binding, which is to say that the
processing of packets is not bound to any specific processor or
processor set.

learn_limit
Limits the number of new or changed MAC sources to be learned
over a bridge link. When the number exceeds this value, learning
on that link is temporarily disabled. Only non-VLAN, non-VNIC
type links have this property.

The default value is 1000. Valid values are greater or equal to
0.

learn_decay
Specifies the decay rate for source changes limited by
learn_limit. This number is subtracted from the counter for a
bridge link every 5 seconds. Only non-VLAN, non-VNIC type links
have this property.

The default value is 200. Valid values are greater or equal to
0.

maxbw
Sets the full duplex bandwidth for the link. The bandwidth is
specified as an integer with one of the scale suffixes (K, M, or
G for Kbps, Mbps, and Gbps). If no units are specified, the
input value will be read as Mbps. The default is no bandwidth
limit.

priority
Sets the relative priority for the link. The value can be given
as one of the tokens high, medium, or low. The default is high.

stp Enables or disables Spanning Tree Protocol on a bridge link.
Setting this value to `0' disables Spanning Tree, and puts the
link into forwarding mode with BPDU guarding enabled. This mode
is appropriate for point-to-point links connected only to end
nodes. Only non-VLAN, non-VNIC type links have this property.
The default value is `1', to enable STP.

forward
Enables or disables forwarding for a VLAN. Setting this value to
`0' disables bridge forwarding for a VLAN link. Disabling bridge
forwarding removes that VLAN from the "allowed set" for the
bridge. The default value is `1', to enable bridge forwarding
for configured VLANs.

default_tag
Sets the default VLAN ID that is assumed for untagged packets
sent to and received from this link. Only non-VLAN, non-VNIC
type links have this property. Setting this value to `0'
disables the bridge forwarding of untagged packets to and from
the port. The default value is `1'. Valid values values are
from 0 to 4094.

promisc-filtered
Enables or disables the default filtering of promiscuous mode for
certain classes of links. By default, VNICs will only see
unicast traffic destined for it in promiscuous mode. Not all the
unicast traffic from the underlying device makes it to the VNIC.
Disabling this would cause a VNIC, for example, to be able to see
all unicast traffic from the device it is created over. The
default value is on.

stp_priority
Sets the STP and RSTP Port Priority value, which is used to
determine the preferred root port on a bridge. Lower numerical
values are higher priority. The default value is 128. Valid
values range from 0 to 255.

stp_cost
Sets the STP and RSTP cost for using the link. The default value
is auto, which sets the cost based on link speed, using `100' for
10Mbps, `19' for 100Mbps, `4' for 1Gbps, and `2' for 10Gbps.
Valid values range from 1 to 65535.

stp_edge
Enables or disables bridge edge port detection. If set to `0'
(false), the system assumes that the port is connected to other
bridges even if no bridge PDUs of any type are seen. The default
value is `1', which detects edge ports automatically.

stp_p2p
Sets bridge point-to-point operation mode. Possible values are
true, false, and auto. When set to auto, point-to-point
connections are automatically discovered. When set to true, the
port mode is forced to use point-to-point. When set to false,
the port mode is forced to use normal multipoint mode. The
default value is auto.

stp_mcheck
Triggers the system to run the RSTP Force BPDU Migration Check
procedure on this link. The procedure is triggered by setting
the property value to `1'. The property is automatically reset
back to `0'. This value cannot be set unless the following are
true:

+o The link is bridged

+o The bridge is protected by Spanning Tree

+o The bridge force-protocol value is at least 2 (RSTP)

The default value is 0.

zone Specifies the zone to which the link belongs. This property can
be modified only temporarily through dladm, and thus the -t
option must be specified. To modify the zone assignment such
that it persists across reboots, use zonecfg(8). Possible values
consist of any exclusive-IP zone currently running on the system.
By default, the zone binding is as per zonecfg(8).

Wifi Link Properties

The following WiFi link properties are supported. Note that the
ability to set a given property to a given value depends on the driver
and hardware.

channel
Specifies the channel to use. This property can be modified only
by certain WiFi links when in IBSS mode. The default value and
allowed range of values varies by regulatory domain.

powermode
Specifies the power management mode of the WiFi link. Possible
values are off disable power management, max maximum power
savings, and fast (performance-sensitive power management).
Default is off.

radio
Specifies the radio mode of the WiFi link. Possible values are
on or off. Default is on.

speed
Specifies a fixed speed for the WiFi link, in megabits per
second. The set of possible values depends on the driver and
hardware (but is shown by show-linkprop); common speeds include
1, 2, 11, and 54. By default, there is no fixed speed.

Ethernet Link Properties

The following MII Properties, as documented in ieee802.3(7), are
supported in read-only mode:

+o duplex
+o state
+o adv_autoneg_cap
+o adv_10gfdx_cap
+o adv_1000fdx_cap
+o adv_1000hdx_cap
+o adv_100fdx_cap
+o adv_100hdx_cap
+o adv_10fdx_cap
+o adv_10hdx_cap

Each `adv_' property (for example, `adv_10fdx_cap') also has a
read/write counterpart `en_' property (for example, `en_10fdx_cap')
controlling parameters used at auto-negotiation. In the absence of
Power Management, the `adv_*' speed/duplex parameters provide the
values that are both negotiated and currently effective in hardware.
However, with Power Management enabled, the speed/duplex capabilities
currently exposed in hardware might be a subset of the set of bits that
were used in initial link parameter negotiation. Thus the MII `adv_*'
parameters are marked read-only, with an additional set of `en_*'
parameters for configuring speed and duplex properties at initial
negotiation.

Note that the `adv_autoneg_cap' does not have an `en_autoneg_cap'
counterpart: the `adv_autoneg_cap' is a 0/1 switch that turns off/on
auto-negotiation itself, and therefore cannot be impacted by Power
Management.

In addition, the following Ethernet properties are reported:

speed
(read-only) The operating speed of the device, in Mbps.

mtu The maximum client SDU (Send Data Unit) supported by the device.
Valid range is 68-65536.

flowctrl
Establishes flow-control modes that will be advertised by the
device. Valid input is one of:

no No flow control enabled.

rx Receive, and act upon incoming pause frames.

tx Transmit pause frames to the peer when congestion occurs,
but ignore received pause frames.

bi Bidirectional flow control.

Note that the actual settings for this value are constrained by
the capabilities allowed by the device and the link partner.

en_fec_cap
Sets the Forward Error Correct (FEC) code(s) to be advertised by
the device. Valid values are:

none Allow the device not to use FEC.

auto The device will automatically decide which FEC code to use.

rs Allow Reed-Solomon FEC code.

base-r
Allow Base-R (also known as FireCode) code.

Valid input is either auto as a single value, or a comma
separated combination of none, rs and base-r. The default value
is auto.

Note the actual FEC settings and combinations are constrained by
the capabilities allowed by the device and the link partner.

adv_fec_cap
(read-only) The current negotiated Forward Error Correction code.

secondary-macs
A comma-separated list of additional MAC addresses that are
allowed on the interface.

tagmode
This link property controls the conditions in which 802.1Q VLAN
tags will be inserted in packets being transmitted on the link.
Two mode values can be assigned to this property:

normal
Insert a VLAN tag in outgoing packets under the following
conditions:

+o The packet belongs to a VLAN.

+o The user requested priority tagging.

vlanonly
Insert a VLAN tag only when the outgoing packet belongs to
a VLAN. If a tag is being inserted in this mode and the
user has also requested a non-zero priority, the priority
is honored and included in the VLAN tag.

The default value is vlanonly.

media
(read-only) The current type of media that the Ethernet link is
using, if known. For example, this would be something like
1000BASE-T, 25GBASE-CR, 100GBASE-KR4, etc.

IP Tunnel Link Properties

The following IP tunnel link properties are supported.

hoplimit
Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating
outer IP header of a tunnel link. This property exists for all
tunnel types. The default value is 64.

encaplimit
Specifies the IPv6 encapsulation limit for an IPv6 tunnel as
defined in RFC 2473. This value is the tunnel nesting limit for
a given tunneled packet. The default value is 4. A value of 0
disables the encapsulation limit.

EXAMPLES

Example 1 Configuring an Aggregation

To configure a data-link over an aggregation of devices bge0 and bge1
with key 1, enter the following command:

# dladm create-aggr -d bge0 -d bge1 1

Example 2 Connecting to a WiFi Link

To connect to the most optimal available unsecured network on a system
with a single WiFi link (as per the prioritization rules specified for
connect-wifi), enter the following command:

# dladm connect-wifi

Example 3 Creating a WiFi Key

To interactively create the WEP key `mykey', enter the following
command:

# dladm create-secobj -c wep mykey

Alternatively, to non-interactively create the WEP key `mykey' using
the contents of a file:

# umask 077
# cat >/tmp/mykey.$$ <<EOF
12345
EOF
# dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
# rm /tmp/mykey.$$

Example 4 Connecting to a Specified Encrypted WiFi Link

To use key `mykey' to connect to ESSID `wlan' on link `ath0', enter the
following command:

# dladm connect-wifi -k mykey -e wlan ath0

Example 5 Changing a Link Property

To set powermode to the value `fast' on link `pcwl0', enter the
following command:

# dladm set-linkprop -p powermode=fast pcwl0

Example 6 Connecting to a WPA-Protected WiFi Link

Create a WPA key `psk' and enter the following command:

# dladm create-secobj -c wpa psk

To then use key `psk' to connect to ESSID `wlan' on link `ath0', enter
the following command:

# dladm connect-wifi -k psk -e wlan ath0

Example 7 Renaming a Link

To rename the `bge0' link to `mgmt0', enter the following command:

# dladm rename-link bge0 mgmt0

Example 8 Replacing a Network Card

Consider that the bge0 device, whose link was named mgmt0 as shown in
the previous example, needs to be replaced with a ce0 device because of
a hardware failure. The bge0 NIC is physically removed, and replaced
with a new ce0 NIC. To associate the newly added ce0 device with the
mgmt0 configuration previously associated with bge0, enter the
following command:

# dladm rename-link ce0 mgmt0

Example 9 Removing a Network Card

Suppose that in the previous example, the intent is not to replace the
bge0 NIC with another NIC, but rather to remove and not replace the
hardware. In that case, the mgmt0 datalink configuration is not slated
to be associated with a different physical device as shown in the
previous example, but needs to be deleted. Enter the following command
to delete the datalink configuration associated with the mgmt0
datalink, whose physical hardware (bge0 in this case) has been removed:

# dladm delete-phys mgmt0

Example 10 Using Parsable Output to Capture a Single Field

The following assignment saves the MTU of link net0 to a variable named
`mtu'.

# mtu=`dladm show-link -p -o mtu net0`

Example 11 Using Parsable Output to Iterate over Links

The following script displays the state of each link on the system.

# dladm show-link -p -o link,state | \
while IFS=: read link state; do
print "Link $link is in state $state"
done

Example 12 Configuring VNICs

Create two VNICs with names `hello0' and `test1' over a single physical
link `bge0':

# dladm create-vnic -l bge0 hello0
# dladm create-vnic -l bge0 test1

Example 13 Configuring VNICs and Allocating Bandwidth and Priority

Create two VNICs with names `hello0' and `test1' over a single physical
link `bge0' and make `hello0' a high priority VNIC with a factory-
assigned MAC address with a maximum bandwidth of 50 Mbps. Make `test1'
a low priority VNIC with a random MAC address and a maximum bandwidth
of 100Mbps.

# dladm create-vnic -l bge0 -m factory \
-p maxbw=50,priority=high hello0
# dladm create-vnic -l bge0 -m random \
-p maxbw=100M,priority=low test1

Example 14 Configuring a VNIC with a Factory MAC Address

First, list the available factory MAC addresses and choose one of them:

# dladm show-phys -m bge0
LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 no
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no

Create a VNIC named `hello0' and use slot 1's address:

# dladm create-vnic -l bge0 -m factory -n 1 hello0
# dladm show-phys -m bge0
LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 yes hello0
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no

Example 15 Creating a VNIC with User-Specified MAC Address, Binding it
to Set of Processors

Create a VNIC with name `hello0', with a user specified MAC address,
and a processor binding 0, 1, 2, 3.

# dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 \
-p cpus=0,1,2,3 hello0

Example 16 Creating a Virtual Network Without a Physical NIC

First, create an etherstub with name `stub1':

# dladm create-etherstub stub1

Create two VNICs with names `hello0' and `test1' on the etherstub.
This operation implicitly creates a virtual switch connecting `hello0'
and `test1'.

# dladm create-vnic -l stub1 hello0
# dladm create-vnic -l stub1 test1

Example 17 Showing Network Usage

Network usage statistics can be stored using the extended accounting
facility, acctadm(8).

# acctadm -e basic -f /var/log/net.log net
# acctadm net
Network accounting: active
Network accounting file: /var/log/net.log
Tracked Network resources: basic
Untracked Network resources: src_ip,dst_ip,src_port,dst_port,...

The saved historical data can be retrieved in summary form using the
show-usage subcommand:

# dladm show-usage -f /var/log/net.log
LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH
e1000g0 80 1031 546908 0 0 2.44 Kbps

Example 18 Displaying Bridge Information

The following commands use the show-bridge subcommand with no and
various options.

# dladm show-bridge
BRIDGE PROTECT ADDRESS PRIORITY DESROOT
foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38

# dladm show-bridge -l foo
LINK STATE UPTIME DESROOT
hme0 forwarding 117 8192/0:d0:0:76:14:38
qfe1 forwarding 117 8192/0:d0:0:76:14:38

# dladm show-bridge -s foo
BRIDGE DROPS FORWARDS
foo 0 302

# dladm show-bridge -ls foo
LINK DROPS RECV XMIT
hme0 0 360832 31797
qfe1 0 322311 356852

# dladm show-bridge -f foo
DEST AGE FLAGS OUTPUT
8:0:20:bc:a7:dc 10.860 -- hme0
8:0:20:bf:f9:69 -- L hme0
8:0:20:c0:20:26 17.420 -- hme0
8:0:20:e5:86:11 -- L qfe1

Example 19 Creating an IPv4 Tunnel

The following sequence of commands creates and then displays a
persistent IPv4 tunnel link named `mytunnel0' between 66.1.2.3 and
192.4.5.6:

# dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
# dladm show-iptun mytunnel0
LINK TYPE FLAGS SOURCE DESTINATION
mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6

A point-to-point IP interface can then be created over this tunnel
link:

# ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up

As with any other IP interface, configuration persistence for this IP
interface is achieved by placing the desired ifconfig(8) commands (in
this case, the command for 10.1.0.1 10.1.0.2) into
/etc/hostname.mytunnel0.

Example 20 Creating a 6to4 Tunnel

The following command creates a 6to4 tunnel link. The IPv4 address of
the 6to4 router is 75.10.11.12.

# dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
# dladm show-iptun sitetunnel0
LINK TYPE FLAGS SOURCE DESTINATION
sitetunnel0 6to4 -- 75.10.11.12 --

The following command plumbs an IPv6 interface on this tunnel:

# ifconfig sitetunnel0 inet6 plumb up
# ifconfig sitetunnel0 inet6
sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
inet tunnel src 75.10.11.12
tunnel hop limit 64
inet6 2002:4b0a:b0c::1/16

Note that the system automatically configures the IPv6 address on the
6to4 IP interface. See ifconfig(8) for a description of how IPv6
addresses are configured on 6to4 tunnel links.

INTERFACE STABILITY

The command line interface of dladm is Committed. The output of dladm
is Committed

SEE ALSO

read(1), dlpi(4P), attributes(7), ieee802.3(7), overlay(7), acctadm(8),
autopush(8), eeprom(8), ifconfig(8), ipadm(8), ipsecconf(8), ndd(8),
psrset(8), wpad(8), zonecfg(8)

NOTES

The preferred method of referring to an aggregation in the aggregation
subcommands is by its link name. Referring to an aggregation by its
integer key is supported for backward compatibility, but is not
necessary. When creating an aggregation, if a key is specified instead
of a link name, the aggregation's link name will be automatically
generated by dladm as aggrkey.

illumos September 15, 2024 illumos