IFCONFIG(8) Maintenance Commands and Procedures IFCONFIG(8)
NAME
ifconfig - configure network interface parameters
SYNOPSIS
ifconfig interface [
address_family] [
address [
/prefix_length]
[
dest_address]] [
addif address [
/prefix_length]]
[
removeif address [
/prefix_length]] [
arp |
-arp]
[
auth_algs authentication algorithm] [
encr_algs encryption algorithm]
[
encr_auth_algs authentication algorithm] [
auto-revarp]
[
broadcast address] [
deprecated |
-deprecated]
[
preferred |
-preferred] [
destination dest_address]
[ether [
address]] [
failover |
-failover] [
group [
name | ""]] [
index if_index] [ipmp] [
metric n] [modlist]
[modinsert
mod_name@pos] [modremove
mod_name@pos]
[
mtu n] [
netmask mask] [
plumb] [
unplumb] [
private |
-private] [
nud |
-nud] [
set [
address] [
/netmask]]
[
standby |
-standby] [
subnet subnet_address] [
tdst tunnel_dest_address] [
token address/
prefix_length]
[
tsrc tunnel_src_address] [
trailers |
-trailers]
[
up] [
down] [
usesrc [
name | none]] [
xmit |
-xmit]
[
encaplimit n |
-encaplimit] [
thoplimit n] [
router |
-router] [zone
zonename |
-zone |
-all-zones]
ifconfig [
address_family]
interface {
auto-dhcp |
dhcp} [
primary]
[
wait seconds]
drop |
extend |
inform |
ping |
release |
start |
statusDESCRIPTION
The command
ifconfig is used to assign an address to a network
interface and to configure network interface parameters. The
ifconfig command must be used at boot time to define the network address of
each interface present on a machine; it may also be used at a later
time to redefine an interface's address or other operating
parameters. If no option is specified,
ifconfig displays the current
configuration for a network interface. If an address family is
specified,
ifconfig reports only the details specific to that address
family. Only privileged users may modify the configuration of a
network interface. Options appearing within braces (
{}) indicate that
one of the options must be specified.
Network Interface Observability
Network interface observability with
ifconfig is limited to those
network interfaces that have been prepared for use with the IP
protocol suite. The preferred method for configuring a network
interface for use with TCP/IP is with
ipadm and alternatively with
the use of the
plumb option as documented below. Network interfaces
that have not been configured for use with the IP protocol suite can
only be observed by using the
dladm command.
DHCP Configuration
The forms of
ifconfig that use the
auto-dhcp or
dhcp arguments are
used to control the Dynamic Host Configuration Protocol ("
DHCP")
configuration of the interface. In this mode,
ifconfig is used to
control operation of
dhcpagent(8), the
DHCP client daemon. Once an
interface is placed under
DHCP control by using the
start operand,
ifconfig should not, in normal operation, be used to modify the
address or characteristics of the interface. If the address of an
interface under
DHCP is changed,
dhcpagent will remove the interface
from its control.
OPTIONS
When the
ifconfig command is executed without any options its
behavior is the same as when the
-a option is supplied with no other
options or arguments.
The following options are supported:
addif address Create the next unused logical interface on the specified
physical interface.
all-zones Make the interface available to every shared-IP zone on the
system. The appropriate zone to which to deliver data is
determined using the
tnzonecfg database. This option is available
only if the system is configured with the Solaris Trusted
Extensions feature.
The
tnzonecfg database is described in the
tnzonecfg(5) man page,
which is part of the
Solaris Trusted Extensions Reference Manual.
anycast Marks the logical interface as an anycast address by setting the
ANYCAST flag. See "INTERFACE FLAGS," below, for more information
on anycast.
-anycast Marks the logical interface as not an anycast address by clearing
the
ANYCAST flag.
arp Enable the use of the Address Resolution Protocol ("
ARP") in
mapping between network level addresses and link level addresses
(default). This is currently implemented for mapping between IPv4
addresses and MAC addresses.
-arp Disable the use of the
ARP on a physical interface. ARP cannot be
disabled on an IPMP IP interface.
auth_algs authentication algorithm For a tunnel, enable IPsec
AH with the authentication algorithm
specified. The algorithm can be either a number or an algorithm
name, including
any to express no preference in algorithm. All
IPsec tunnel properties must be specified on the same command
line. To disable tunnel security, specify an
auth_alg of
none.
It is now preferable to use the
ipsecconf(8) command when
configuring a tunnel's security properties. If
ipsecconf was used
to set a tunnel's security properties, this keyword will not
affect the tunnel.
auto-dhcp Use DHCP to automatically acquire an address for this interface.
This option has a completely equivalent alias called
dhcp.
For IPv6, the interface specified must be the zeroth logical
interface (the physical interface name), which has the link-local
address.
primary Defines the interface as the
primary. The interface is
defined as the preferred one for the delivery of client-wide
configuration data. Only one interface can be the primary at
any given time. If another interface is subsequently selected
as the primary, it replaces the previous one. Nominating an
interface as the primary one will not have much significance
once the client work station has booted, as many applications
will already have started and been configured with data read
from the previous primary interface.
wait seconds The
ifconfig command will wait until the operation either
completes or for the interval specified, whichever is the
sooner. If no wait interval is given, and the operation is
one that cannot complete immediately,
ifconfig will wait 30
seconds for the requested operation to complete. The
symbolic value
forever may be used as well, with obvious
meaning.
drop Remove the specified interface from
DHCP control without
notifying the DHCP server, and record the current lease for
later use. Additionally, for IPv4, set the IP address to
zero. For IPv6, unplumb all logical interfaces plumbed by
dhcpagent.
extend Attempt to extend the lease on the interface's IP address.
This is not required, as the agent will automatically extend
the lease well before it expires.
inform Obtain network configuration parameters from
DHCP without
obtaining a lease on
IP addresses. This is useful in
situations where an
IP address is obtained through mechanisms
other than
DHCP.
ping Check whether the interface given is under
DHCP control,
which means that the interface is managed by the
DHCP agent
and is working properly. An exit status of
0 means success.
release Relinquish the IP addresses on the interface by notifying the
server and discard the current lease. For IPv4, set the IP
address to zero. For IPv6, all logical interfaces plumbed by
dhcpagent are unplumbed.
start Start
DHCP on the interface.
status Display the
DHCP configuration status of the interface.
auto-revarp Use the Reverse Address Resolution Protocol (RARP) to
automatically acquire an address for this interface. This will
fail if the interface does not support RARP; for example, IPoIB
(IP over InfiniBand), and on IPv6 interfaces.
broadcast address For IPv4 only. Specify the address to use to represent broadcasts
to the network. The default broadcast address is the address with
a host part of all
1's. A "
+" (plus sign) given for the broadcast
value causes the broadcast address to be reset to a default
appropriate for the (possibly new) address and netmask. The
arguments of
ifconfig are interpreted left to right. Therefore
example% ifconfig -a netmask + broadcast +
and
example% ifconfig -a broadcast + netmask +
may result in different values being assigned for the broadcast
addresses of the interfaces.
deprecated Marks the logical interface as deprecated. An address associated
with a deprecated interface will not be used as source address
for outbound packets unless either there are no other addresses
available on the interface or the application has bound to this
address explicitly. The status display shows
DEPRECATED as part
of flags. See for information on the flags supported by
ifconfig.
-deprecated Marks a logical interface as not deprecated. An address
associated with such an interface could be used as a source
address for outbound packets.
preferred Marks the logical interface as preferred. This option is only
valid for IPv6 addresses. Addresses assigned to preferred logical
interfaces are preferred as source addresses over all other
addresses configured on the system, unless the address is of an
inappropriate scope relative to the destination address.
Preferred addresses are used as source addresses regardless of
which physical interface they are assigned to. For example, you
can configure a preferred source address on the loopback
interface and advertise reachability of this address by using a
routing protocol.
-preferred Marks the logical interface as not preferred.
destination dest_address Set the destination address for a point-to point interface.
dhcp This option is an alias for option
auto-dhcp down Mark a logical interface as "down". (That is, turn off the
IFF_UP bit.) When a logical interface is marked "down," the system does
not attempt to use the address assigned to that interface as a
source address for outbound packets and will not recognize
inbound packets destined to that address as being addressed to
this host. Additionally, when all logical interfaces on a given
physical interface are "down," the physical interface itself is
disabled.
When a logical interface is down, all routes that specify that
interface as the output (using the
-ifp option in the
route(8) command or
RTA_IFP in a
route(4P) socket) are removed from the
forwarding table. Routes marked with
RTF_STATIC are returned to
the table if the interface is brought back up, while routes not
marked with
RTF_STATIC are simply deleted.
When all logical interfaces that could possibly be used to reach
a particular gateway address are brought down (specified without
the interface option as in the previous paragraph), the affected
gateway routes are treated as though they had the
RTF_BLACKHOLE flag set. All matching packets are discarded because the gateway
is unreachable.
encaplimit n Set the tunnel encapsulation limit for the interface to n. This
option applies to IPv4-in-IPv6 and IPv6-in-IPv6 tunnels only, and
it simply modifies the
encaplimit link property of the underlying
IPv6 tunnel link (see
dladm(8)). The tunnel encapsulation limit
controls how many more tunnels a packet can enter before it
leaves any tunnel, that is, the tunnel nesting level.
This option is obsolete, superseded by the
dladm(8) encaplimit link property.
-encaplimit Disable generation of the tunnel encapsulation limit. This option
applies only to IPv4-in-IPv6 and IPv6-in-IPv6 tunnels. This
simply sets the
encaplimit link property of the underlying IPv6
tunnel link to 0 (see
dladm(8) encaplimit).
This option is obsolete, superseded by the
dladm(8) encaplimit link property.
encr_auth_algs authentication algorithm For a tunnel, enable IPsec
ESP with the authentication algorithm
specified. It can be either a number or an algorithm name,
including
any or
none, to indicate no algorithm preference. If an
ESP encryption algorithm is specified but the authentication
algorithm is not, the default value for the
ESP authentication
algorithm will be
any.
It is now preferable to use the
ipsecconf(8) command when
configuring a tunnel's security properties. If
ipsecconf was used
to set a tunnel's security properties, this keyword will not
affect the tunnel.
encr_algs encryption algorithm For a tunnel, enable IPsec
ESP with the encryption algorithm
specified. It can be either a number or an algorithm name. Note
that all IPsec tunnel properties must be specified on the same
command line. To disable tunnel security, specify the value of
encr_alg as
none. If an
ESP authentication algorithm is
specified, but the encryption algorithm is not, the default value
for the
ESP encryption will be
null.
It is now preferable to use the
ipsecconf(8) command when
configuring a tunnel's security properties. If
ipsecconf was used
to set a tunnel's security properties, this keyword will not
affect the tunnel.
ether [
address ]
If no address is given and the user is root or has sufficient
privileges to open the underlying datalink, then display the
current Ethernet address information.
Otherwise, if the user is root or has sufficient privileges, set
the Ethernet address of the interfaces to
address. The address is
an Ethernet address represented as
x:x:x:x:x:x where
x is a
hexadecimal number between 0 and FF. Similarly, for the IPoIB (IP
over InfiniBand) interfaces, the address will be 20 bytes of
colon-separated hex numbers between
0 and
FF.
Some, though not all, Ethernet interface cards have their own
addresses. To use cards that do not have their own addresses,
refer to section 3.2.3(4) of the IEEE 802.3 specification for a
definition of the locally administered address space. Note that
all IP interfaces in an IPMP group must have unique hardware
addresses; see
in.mpathd(8).
-failover Set
NOFAILOVER on the logical interface. This makes the
associated address available for use by
in.mpathd to perform
probe-based failure detection for the associated physical IP
interface. As a side effect,
DEPRECATED will also be set on the
logical interface. This operation is not permitted on an IPMP IP
interface.
failover Clear
NOFAILOVER on the logical interface. This is the default.
These logical interfaces are subject to migration when brought up
(see
IP MULTIPATHING GROUPS).
group [
name |
""]
When applied to a physical interface, it places the interface
into the named group. If the group does not exist, it will be
created, along with one or more IPMP IP interfaces (for IPv4,
IPv6, or both). Any
UP addresses that are not also marked
NOFAILOVER are subject to migration to the IPMP IP interface (see
IP MULTIPATHING GROUPS). Specifying a group name of
"" removes
the physical IP interface from the group.
When applied to a physical IPMP IP interface, it renames the IPMP
group to have the new name. If the name already exists, or a name
of
"" is specified, it fails. Renaming IPMP groups is
discouraged. Instead, the IPMP IP interface should be given a
meaningful name when it is created by means of the
ipmp subcommand, which the system will also use as the IPMP group
name.
index n Change the interface index for the interface. The value of
n must
be an interface index (
if_index) that is not used on another
interface.
if_index will be a non-zero positive number that
uniquely identifies the network interface on the system.
ipmp Create an IPMP IP interface with the specified name. An interface
must be separately created for use by IPv4 and IPv6. The
address_family parameter controls whether the command applies to
IPv4 or IPv6 (IPv4 if unspecified). All IPMP IP interfaces have
the
IPMP flag set.
metric n Set the routing metric of the interface to
n; if no value is
specified, the default is
0. The routing metric is used by the
routing protocol. Higher metrics have the effect of making a
route less favorable. Metrics are counted as addition hops to the
destination network or host.
modinsert mod_name@pos Insert a module with name
mod_name to the stream of the device at
position
pos. The position is relative to the stream head.
Position
0 means directly under stream head.
Based upon the example in the
modlist option, use the following
command to insert a module with name
ipqos under the
ip module
and above the firewall module:
example% ifconfig eri0 modinsert ipqos@2
A subsequent listing of all the modules in the stream of the
device follows:
example% ifconfig eri0 modlist
0 arp
1 ip
2 ipqos
3 firewall
4 eri
modlist List all the modules in the stream of the device.
The following example lists all the modules in the stream of the
device:
example% ifconfig eri0 modlist
0 arp
1 ip
2 firewall
4 eri
modremove mod_name@pos Remove a module with name
mod_name from the stream of the device
at position
pos. The position is relative to the stream head.
Based upon the example in the
modinsert option, use the following
command to remove the firewall module from the stream after
inserting the
ipqos module:
example% ifconfig eri0 modremove firewall@3
A subsequent listing of all the modules in the stream of the
device follows:
example% ifconfig eri0 modlist
0 arp
1 ip
2 ipqos
3 eri
Note that the core IP stack modules, for example,
ip and
tun modules, cannot be removed.
mtu n Set the maximum transmission unit of the interface to
n. For many
types of networks, the
mtu has an upper limit, for example,
1500 for Ethernet. This option sets the
FIXEDMTU flag on the affected
interface.
netmask mask For IPv4 only. Specify how much of the address to reserve for
subdividing networks into subnetworks. The mask includes the
network part of the local address and the subnet part, which is
taken from the host field of the address. The mask contains 1's
for the bit positions in the 32-bit address which are to be used
for the network and subnet parts, and 0's for the host part. The
mask should contain at least the standard network portion, and
the subnet field should be contiguous with the network portion.
The mask can be specified in one of four ways:
1. with a single hexadecimal number with a leading 0x,
2. with a dot-notation address,
3. with a "
+" (plus sign) address, or
4. with a pseudo host name/pseudo network name found in
the network database
networks(5).
If a "
+" (plus sign) is given for the netmask value, the mask is
looked up in the
netmasks(5) database. This lookup finds the
longest matching netmask in the database by starting with the
interface's IPv4 address as the key and iteratively masking off
more and more low order bits of the address. This iterative
lookup ensures that the
netmasks(5) database can be used to
specify the netmasks when variable length subnetmasks are used
within a network number.
If a pseudo host name/pseudo network name is supplied as the
netmask value, netmask data may be located in the
hosts or
networks database. Names are looked up by first using
gethostbyname(3NSL). If not found there, the names are looked up
in
getnetbyname(3SOCKET). These interfaces may in turn use
nsswitch.conf(5) to determine what data store(s) to use to fetch
the actual value.
For both
inet and
inet6, the same information conveyed by
mask can be specified as a
prefix_length attached to the
address parameter.
nud Enables the neighbor unreachability detection mechanism on a
point-to-point physical interface.
-nud Disables the neighbor unreachability detection mechanism on a
point-to-point physical interface.
plumb For a physical IP interface, open the datalink associated with
the physical interface name and set up the plumbing needed for IP
to use the datalink. When used with a logical interface name,
this command is used to create a specific named logical interface
on an existing physical IP interface.
An interface must be separately plumbed for IPv4 and IPv6
according to the
address_family parameter (IPv4 if unspecified).
Before an interface has been plumbed, it will not be shown by
ifconfig -a.
Note that IPMP IP interfaces are not tied to a specific datalink
and are instead created with the
ipmp subcommand.
private Tells the
in.routed routing daemon that a specified logical
interface should not be advertised.
-private Specify unadvertised interfaces.
removeif address Remove the logical interface on the physical interface specified
that matches the
address specified.
router Enable IP forwarding on the interface. When enabled, the
interface is marked
ROUTER, and IP packets can be forwarded to
and from the interface. Enabling
ROUTER on any IP interface in
an IPMP group enables it on all IP interfaces in that IPMP group.
-router Disable IP forwarding on the interface. IP packets are not
forwarded to and from the interface. Disabling
ROUTER on any IP
interface in an IPMP group disables it on all IP interfaces in
that IPMP group.
set Set the
address,
prefix_length or both, for a logical interface.
standby Mark the physical IP interface as a
STANDBY interface. If an
interface is marked
STANDBY and is part of an IPMP group, the
interface will not be used for data traffic unless another
interface in the IPMP group becomes unusable. When a
STANDBY interface is functional but not being used for data traffic, it
will also be marked
INACTIVE. This operation is not permitted on
an IPMP IP interface.
-standby Clear
STANDBY on the interface. This is the default.
subnet Set the subnet
address for an interface.
tdst tunnel_dest_address Set the destination address of a tunnel. The address should not
be the same as the
dest_address of the tunnel, because no packets
leave the system over such a tunnel.
This option is obsolete, superseded by the
dladm(8) create-iptun and
modify-iptun subcommands.
thoplimit n Set the hop limit for a tunnel interface. The hop limit value is
used as the
TTL in the IPv4 header for the IPv6-in-IPv4 and
IPv4-in-IPv4 tunnels. For IPv6-in-IPv6 and IPv4-in-IPv6 tunnels,
the hop limit value is used as the hop limit in the IPv6 header.
This option simply modifies the
hoplimit link property of the
underlying IP tunnel link (see
dladm(8)).
This option is obsolete, superseded by the
dladm(8) hoplimit link
property.
token address/
prefix_length Set the IPv6 token of an interface to be used for address
autoconfiguration.
example%
ifconfig eri0 inet6 token ::1/64 trailers This flag previously caused a nonstandard encapsulation of IPv4
packets on certain link levels. Drivers supplied with this
release no longer use this flag. It is provided for
compatibility, but is ignored.
-trailers Disable the use of a "trailer" link level encapsulation.
tsrc tunnel_src_address Set the source address of a tunnel. This is the source address on
an outer encapsulating
IP header. It must be an address of
another interface already configured using
ifconfig.
This option is obsolete, superseded by the
dladm(8) create-iptun and
modify-iptun subcommands.
unplumb For a physical or IPMP interface, remove all associated logical
IP interfaces and tear down any plumbing needed for IP to use the
interface. For an IPMP IP interface, this command will fail if
the group is not empty. For a logical interface, the logical
interface is removed.
An interface must be separately unplumbed for IPv4 and IPv6
according to the
address_family parameter (IPv4 if unspecified).
Upon success, the interface name will no longer appear in the
output of
ifconfig -a.
up Mark a logical interface
UP. As a result, the IP module will
accept packets destined to the associated address (unless the
address is zero), along with any associated multicast and
broadcast IP addresses. Similarly, the IP module will allow
packets to be sent with the associated address as a source
address. At least one logical interface must be
UP for the
associated physical interface to send or receive packets
usesrc [
name |
none ]
Specify a physical interface to be used for source address
selection. If the keyword
none is used, then any previous
selection is cleared.
When an application does not choose a non-zero source address
using
bind(3SOCKET), the system will select an appropriate source
address based on the outbound interface and the address selection
rules (see
ipaddrsel(8)).
When
usesrc is specified and the specified interface is selected
in the forwarding table for output, the system looks first to the
specified physical interface and its associated logical
interfaces when selecting a source address. If no usable address
is listed in the forwarding table, the ordinary selection rules
apply. For example, if you enter:
#
ifconfig eri0 usesrc vni0 ...and
vni0 has address 10.0.0.1 assigned to it, the system will
prefer 10.0.0.1 as the source address for any packets originated
by local connections that are sent through
eri0. Further examples
are provided in the
EXAMPLES section.
While you can specify any physical interface (or even loopback),
be aware that you can also specify the virtual IP interface (see
vni(4D)). The virtual IP interface is not associated with any
physical hardware and is thus immune to hardware failures. You
can specify any number of physical interfaces to use the source
address hosted on a single virtual interface. This simplifies the
configuration of routing-based multipathing. If one of the
physical interfaces were to fail, communication would continue
through one of the remaining, functioning physical interfaces.
This scenario assumes that the reachability of the address hosted
on the virtual interface is advertised in some manner, for
example, through a routing protocol.
Because the
ifconfig preferred option is applied to all
interfaces, it is coarser-grained than the
usesrc option. It will
be overridden by
usesrc and
setsrc (route subcommand), in that
order.
IPMP and the
usesrc option are mutually exclusive. That is, if an
interface is part of an IPMP group or marked
STANDBY, then it
cannot be specified by means of
usesrc, and vice-versa.
xmit Enable a logical interface to transmit packets. This is the
default behavior when the logical interface is up.
-xmit Disable transmission of packets on an interface. The interface
will continue to receive packets.
zone zonename Place the logical interface in zone
zonename. The named zone must
be active in the kernel in the ready or running state. The
interface is unplumbed when the zone is halted or rebooted. The
zone must be configured to be an shared-IP zone.
zonecfg(8) is
used to assign network interface names to exclusive-IP zones.
-zone Place IP interface in the global zone. This is the default.
OPERANDS
The
interface operand, as well as address parameters that affect it,
are described below.
interface A string of one of the following forms:
o
name physical-unit, for example,
eri0 or
ce1 o
name physical-unit:logical-unit, for example,
eri0:1 o
ip.tunN,
ip6.tunN, or
ip6to4.tunN for implicit IP
tunnel links
If the interface name starts with a dash (-), it is interpreted
as a set of options which specify a set of interfaces. In such a
case,
-a must be part of the options and any of the additional
options below can be added in any order. If one of these
interface names is given, the commands following it are applied
to all of the interfaces that match.
-a Apply the command to all interfaces of the specified address
family. If no address family is supplied, either on the
command line or by means of
/etc/default/inet_type, then all
address families will be selected.
-d Apply the commands to all "down" interfaces in the system.
-D Apply the commands to all interfaces not under
DHCP (Dynamic
Host Configuration Protocol) control.
-u Apply the commands to all "up" interfaces in the system.
-Z Apply the commands to all interfaces in the user's zone.
-4 Apply the commands to all IPv4 interfaces.
-6 Apply the commands to all IPv6 interfaces.
address_family The address family is specified by the
address_family parameter.
The
ifconfig command currently supports the following families:
inet and
inet6. If no address family is specified, the default is
inet.
ifconfig honors the
DEFAULT_IP setting in the
/etc/default/inet_type file when it displays interface
information. If
DEFAULT_IP is set to
IP_VERSION4, then
ifconfig will omit information that relates to IPv6 interfaces. However,
when you explicitly specify an address family (
inet or
inet6) on
the
ifconfig command line, the command line overrides the
DEFAULT_IP settings.
address For the IPv4 family (
inet), the
address is either a host name
present in the host name data base (see
hosts(5)) or in the
Network Information Service (NIS) map
hosts, or an IPv4 address
expressed in the Internet standard "dot notation".
For the IPv6 family (
inet6), the
address is either a host name
present in the host name data base (see
hosts(5)) or in the
Network Information Service (
NIS) map
ipnode, or an IPv6 address
expressed in the Internet standard colon-separated hexadecimal
format represented as
x:x:x:x:x:x:x:x where
x is a hexadecimal
number between
0 and
FFFF.
prefix_length For the IPv4 and IPv6 families (
inet and
inet6), the
prefix_length is a number between 0 and the number of bits in the
address. For
inet, the number of bits in the address is 32; for
inet6, the number of bits in the address is 128. The
prefix_length denotes the number of leading set bits in the
netmask.
dest_address If the
dest_address parameter is supplied in addition to the
address parameter, it specifies the address of the correspondent
on the other end of a point-to-point link.
tunnel_dest_address An address that is or will be reachable through an interface
other than the tunnel being configured. This tells the tunnel
where to send the tunneled packets. This address must not be the
same as the interface destination address being configured.
tunnel_src_address An address that is attached to an already configured interface
that has been configured "up" with
ifconfig.
INTERFACE FLAGS
The
ifconfig command supports the following interface flags. The term
"address" in this context refers to a logical interface, for example,
eri0:0, while "interface" refers to the physical interface, for
example,
eri0.
ADDRCONF The address is from stateless
addrconf. The stateless mechanism
allows a host to generate its own address using a combination of
information advertised by routers and locally available
information. Routers advertise prefixes that identify the subnet
associated with the link, while the host generates an "interface
identifier" that uniquely identifies an interface in a subnet. In
the absence of information from routers, a host can generate
link-local addresses. This flag is specific to IPv6.
ANYCAST Indicates an
anycast address. An
anycast address identifies the
nearest member of a group of systems that provides a particular
type of service. An
anycast address is assigned to a group of
systems. Packets are delivered to the nearest group member
identified by the
anycast address instead of being delivered to
all members of the group.
BROADCAST This
broadcast address is valid. This flag and
POINTOPOINT are
mutually exclusive
CoS This interface supports some form of Class of Service (CoS)
marking. An example is the 802.1D user priority marking supported
on
VLAN interfaces. For IPMP IP interfaces, this will only be set
if all interfaces in the group have CoS set.
Note that this flag is only set on interfaces over VLAN links and
over Ethernet links that have their
dladm(8) tagmode link
property set to
normal.
DEPRECATED This address is deprecated. This address will not be used as a
source address for outbound packets unless there are no other
addresses on this interface or an application has explicitly
bound to this address. An IPv6 deprecated address is part of the
standard mechanism for renumbering in IPv6 and will eventually be
deleted when not used. For both IPv4 and IPv6,
DEPRECATED is also
set on all
NOFAILOVER addresses, though this may change in a
future release.
DHCPRUNNING The logical interface is managed by
dhcpagent(8).
DUPLICATE The logical interface has been disabled because the IP address
configured on the interface is a duplicate. Some other node on
the network is using this address. If the address was configured
by DHCP or is temporary, the system will choose another
automatically, if possible. Otherwise, the system will attempt to
recover this address periodically and the interface will recover
when the conflict has been removed from the network. Changing the
address or netmask, or setting the logical interface to
up will
restart duplicate detection. Setting the interface to
down terminates recovery and removes the
DUPLICATE flag.
FAILED The
in.mpathd daemon has determined that the interface has
failed.
FAILED interfaces will not be used to send or receive IP
data traffic. If this is set on a physical IP interface in an
IPMP group, IP data traffic will continue to flow over other
usable IP interfaces in the IPMP group. If this is set on an IPMP
IP interface, the entire group has failed and no data traffic can
be sent or received over any interfaces in that group.
FIXEDMTU The MTU has been set using the
-mtu option. This flag is read-
only. Interfaces that have this flag set have a fixed MTU value
that is unaffected by dynamic MTU changes that can occur when
drivers notify IP of link MTU changes.
INACTIVE The physical interface is functioning but is not used to send or
receive data traffic according to administrative policy. This
flag is initially set by the
standby subcommand and is
subsequently controlled by
in.mpathd. It also set when
FAILBACK=no mode is enabled (see
in.mpathd(8)) to indicate that
the IP interface has repaired but is not being used.
IPMP Indicates that this is an IPMP IP interface.
LOOPBACK Indicates that this is the loopback interface.
MULTI_BCAST Indicates that the broadcast address is used for multicast on
this interface.
MULTICAST The interface supports multicast.
IP assumes that any interface
that supports hardware broadcast, or that is a point-to-point
link, will support multicast.
NOARP There is no address resolution protocol (
ARP) for this interface
that corresponds to all interfaces for a device without a
broadcast address. This flag is specific to IPv4.
NOFAILOVER The address associated with this logical interface is available
to
in.mpathd for probe-based failure detection of the associated
physical IP interface.
NOLOCAL The interface has no address, just an on-link subnet.
NONUD NUD is disabled on this interface.
NUD (neighbor unreachability
detection) is used by a node to track the reachability state of
its neighbors, to which the node actively sends packets, and to
perform any recovery if a neighbor is detected to be unreachable.
This flag is specific to IPv6.
NORTEXCH The interface does not exchange routing information. For RIP-2,
routing packets are not sent over this interface. Additionally,
messages that appear to come over this interface receive no
response. The subnet or address of this interface is not included
in advertisements over other interfaces to other routers.
NOXMIT Indicates that the address does not transmit packets. RIP-2 also
does not advertise this address.
OFFLINE The interface is offline and thus cannot send or receive IP data
traffic. This is only set on IP interfaces in an IPMP group. See
if_mpadm(8) and
cfgadm(8).
POINTOPOINT Indicates that the address is a point-to-point link. This flag
and
BROADCAST are mutually exclusive
PREFERRED This address is a preferred IPv6 source address. This address
will be used as a source address for IPv6 communication with all
IPv6 destinations, unless another address on the system is of
more appropriate scope. The
DEPRECATED flag takes precedence over
the
PREFERRED flag.
PRIVATE Indicates that this address is not advertised. For RIP-2, this
interface is used to send advertisements. However, neither the
subnet nor this address are included in advertisements to other
routers.
PROMISC A read-only flag indicating that an interface is in promiscuous
mode. All addresses associated with an interface in promiscuous
mode will display (in response to
ifconfig -a, for example) the
PROMISC flag.
ROUTER Indicates that IP packets can be forwarded to and from the
interface.
RUNNING Indicates that the required resources for an interface are
allocated. For some interfaces this also indicates that the link
is up. For IPMP IP interfaces,
RUNNING is set as long as one IP
interface in the group is active.
STANDBY Indicates that this physical interface will not be used for data
traffic unless another interface in the IPMP group becomes
unusable. The
INACTIVE and
FAILED flags indicate whether it is
actively being used.
TEMPORARY Indicates that this is a temporary IPv6 address as defined in RFC
3041.
UNNUMBERED This flag is set when the local IP address on the link matches
the local address of some other link in the system
UP Indicates that the logical interface (and the associated physical
interface) is up. The IP module will accept packets destined to
UP addresses (unless the address is zero), along with any
associated multicast and broadcast IP addresses. Similarly, the
IP module will allow packets to be sent with an
UP address as a
source address.
VIRTUAL Indicates that the physical interface has no underlying hardware.
It is not possible to transmit or receive packets through a
virtual interface. These interfaces are useful for configuring
local addresses that can be used on multiple interfaces. (See
also the
usesrc option.)
XRESOLV Indicates that the interface uses an IPv6 external resolver.
LOGICAL INTERFACES
Solaris
TCP/IP allows multiple logical interfaces to be associated
with a physical network interface. This allows a single machine to be
assigned multiple
IP addresses, even though it may have only one
network interface. Physical network interfaces have names of the form
driver-name physical-unit-number, while logical interfaces have names
of the form
driver-name physical-unit-number:logical-unit-number. A
physical interface is configured into the system using the
plumb command. For example:
example%
ifconfig eri0 plumb Once a physical interface has been "plumbed", logical interfaces
associated with the physical interface can be configured by separate
-plumb or
-addif options to the
ifconfig command.
example%
ifconfig eri0:1 plumb allocates a specific logical interface associated with the physical
interface
eri0. The command
example%
ifconfig eri0 addif 192.168.200.1/24 up allocates the next available logical unit number on the
eri0 physical
interface and assigns an
address and
prefix_length.
A logical interface can be configured with parameters (
address,
prefix_length, and so on) different from the physical interface with
which it is associated. Logical interfaces that are associated with
the same physical interface can be given different parameters as
well. Each logical interface must be associated with an existing and
"up" physical interface. So, for example, the logical interface
eri0:1 can only be configured after the physical interface
eri0 has
been plumbed.
To delete a logical interface, use the
unplumb or
removeif options.
For example,
example%
ifconfig eri0:1 down unplumb will delete the logical interface
eri0:1.
IP MULTIPATHING GROUPS
Physical interfaces that share the same link-layer broadcast domain
must be collected into a single IP Multipathing (IPMP) group using
the
group subcommand. Each IPMP group has an associated IPMP IP
interface, which can either be explicitly created (the preferred
method) by using the
ipmp subcommand or implicitly created by
ifconfig in response to placing an IP interface into a new IPMP
group. Implicitly-created IPMP interfaces will be named
ipmpN where
N is the lowest integer that does not conflict with an existing IP
interface name or IPMP group name.
Each IPMP IP interface is created with a matching IPMP group name,
though it can be changed using the
group subcommand. Each IPMP IP
interface hosts a set of highly-available IP addresses. These
addresses will remain reachable so long as at least one interface in
the group is active, where "active" is defined as having at least one
UP address and having
INACTIVE,
FAILED, and
OFFLINE clear. IP
addresses hosted on the IPMP IP interface may either be configured
statically or configured through DHCP by means of the
dhcp subcommand.
Interfaces assigned to the same IPMP group are treated as equivalent
and monitored for failure by
in.mpathd. Provided that active
interfaces in the group remain, IP interface failures (and any
subsequent repairs) are handled transparently to sockets-based
applications. IPMP is also integrated with the Dynamic
Reconfiguration framework (see
cfgadm(8)), which enables network
adapters to be replaced in a way that is invisible to sockets-based
applications.
The IP module automatically load-spreads all outbound traffic across
all active interfaces in an IPMP group. Similarly, all
UP addresses
hosted on the IPMP IP interface will be distributed across the active
interfaces to promote inbound load-spreading. The
ipmpstat(8) utility
allows many aspects of the IPMP subsystem to be observed, including
the current binding of IP data addresses to IP interfaces.
When an interface is placed into an IPMP group, any
UP logical
interfaces are "migrated" to the IPMP IP interface for use by the
group, unless:
o the logical interface is marked
NOFAILOVER;
o the logical interface hosts an IPv6 link-local address;
o the logical interface hosts an IPv4 0.0.0.0 address.
Likewise, once an interface is in a group, if changes are made to a
logical interface such that it is
UP and not exempted by one of the
conditions above, it will also migrate to the associated IPMP IP
interface. Logical interfaces never migrate back, even if the
physical interface that contributed the address is removed from the
group.
Each interface placed into an IPMP group may be optionally configured
with a "test" address that
in.mpathd will use for probe-based failure
detection; see
in.mpathd(8). These addresses must be marked
NOFAILOVER (using the
-failover subcommand) prior to being marked
UP.
Test addresses may also be acquired through DHCP by means of the
dhcp subcommand.
For more background on IPMP, please see the IPMP-related chapters of
the
System Administration Guide: Network Interfaces and Network Virtualization.
CONFIGURING IPV6 INTERFACES When an IPv6 physical interface is plumbed and configured "up" with
ifconfig, it is automatically assigned an IPv6 link-local address for
which the last 64 bits are calculated from the
MAC address of the
interface.
example%
ifconfig eri0 inet6 plumb up The following example shows that the link-local address has a prefix
of
fe80::/10.
example%
ifconfig eri0 inet6 ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6>
mtu 1500 index 2 inet6 fe80::a00:20ff:fe8e:f3ad/10
Link-local addresses are only used for communication on the local
subnet and are not visible to other subnets.
If an advertising IPv6 router exists on the link advertising
prefixes, then the newly plumbed IPv6 interface will autoconfigure
logical interface(s) depending on the prefix advertisements. For
example, for the prefix advertisement
2001:0db8:3c4d:0:55::/64, the
autoconfigured interface will look like:
eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6>
mtu 1500 index 2
inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64
Even if there are no prefix advertisements on the link, you can still
assign global addresses manually, for example:
example%
ifconfig eri0 inet6 addif \ 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up To configure boot-time defaults for the interface
eri0, place the
following entry in the
/etc/hostname6.eri0 file:
addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up
Configuring IP-over-IP Tunnel Interfaces An IP tunnel is conceptually comprised of two parts: a virtual link
between two or more IP nodes, and an IP interface above this link
which allows the system to transmit and receive IP packets
encapsulated by the underlying link.
The
dladm(8) command is used to configure tunnel links, and
ifconfig is used to configure IP interfaces over those tunnel links. An
IPv4-over-IPv4 tunnel is created by plumbing an IPv4 interface over
an IPv4 tunnel link. An IPv6-over-IPv4 tunnel is created by plumbing
an IPv6 interface over an IPv6 tunnel link, and so forth.
When IPv6 interfaces are plumbed over IP tunnel links, their IPv6
addresses are automatically set. For IPv4 and IPv6 tunnels, source
and destination link-local addresses of the form
fe80::interface-id are configured. For IPv4 tunnels, the
interface-id is the IPv4 tunnel
source or destination address. For IPv6 tunnels, the
interface-id is
the last 64 bits of the IPv6 tunnel source or destination address.
For example, for an IPv4 tunnel between 10.1.2.3 and 10.4.5.6, the
IPv6 link-local source and destination addresses of the IPv6
interface would be
fe80::a01:203 and
fe80::a04:506. For an IPv6
tunnel between
2000::1234:abcd and
3000::5678:abcd, the IPv6 link-
local source and destination addresses of the interface would be
fe80::1234:abcd and
fe80::5678:abcd. These default link-local
addresses can be overridden by specifying the addresses explicitly,
as with any other point-to-point interface.
For 6to4 tunnels, a 6to4 global address of the form
2002:tsrc::1/16
is configured. The
tsrc portion is the tunnel source IPv4 address.
The prefix length of the 6to4 interface is automatically set to 16,
as all 6to4 packets (destinations in the
2002::/16 range) are
forwarded to the 6to4 tunnel interface. For example, for a 6to4 link
with a tunnel source of 75.1.2.3, the IPv6 interface would have an
address of
2002:4b01:203::1/16.
Additional IPv6 addresses can be added using the
addif option or by
plumbing additional logical interfaces.
For backward compatibility, the plumbing of tunnel IP interfaces with
special names will implicitly result in the creation of tunnel links
without invoking
dladm create-iptun. These tunnel names are:
ip.tunN An IPv4 tunnel
ip6.tunN An IPv6 tunnel
ip.6to4tunN A 6to4 tunnel
These tunnels are "implicit tunnels", denoted with the
i flag in
dladm show-iptun output. The tunnel links over which these special IP
interfaces are plumbed are automatically created, and they are
automatically deleted when the last reference is released (that is,
when the last IP interface is unplumbed).
The
tsrc,
tdst,
encaplim, and
hoplimit options to
ifconfig are
obsolete and maintained only for backward compatibility. They are
equivalent to their
dladm(8) counterparts.
Display of Tunnel Security Settings
The
ifconfig output for IP tunnel interfaces indicates whether IPsec
policy is configured for the underlying IP tunnel link. For example,
a line of the following form will be displayed if IPsec policy is
present:
tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'
If you do net set security policy, using either
ifconfig or
ipsecconf(8), there is no tunnel security setting displayed.
EXAMPLES
Example 1: Using the ifconfig Command
If your workstation is not attached to an Ethernet, the network
interface, for example,
eri0, should be marked "down" as follows:
example%
ifconfig eri0 down Example 2: Printing Addressing Information
To print out the addressing information for each interface, use the
following command:
example%
ifconfig -a Example 3: Resetting the Broadcast Address
To reset each interface's broadcast address after the netmasks have
been correctly set, use the next command:
example%
ifconfig -a broadcast + Example 4: Changing the Ethernet Address
To change the Ethernet address for interface
ce0, use the following
command:
example%
ifconfig ce0 ether aa:1:2:3:4:5 Example 5: Configuring an IP-in-IP Tunnel
To configure an IP-in-IP tunnel, first create an IP tunnel link
(
tunsrc and
tundst are hostnames with corresponding IPv4 entries in
/etc/hosts):
example%
dladm create-iptun -T ipv4 -s tunsrc -d tundst tun0 Then plumb a point-to-point interface, supplying the source and
destination addresses (
mysrc and
thedst are hostnames with
corresponding IPv4 entries in
/etc/hosts):
example%
ifconfig tun0 plumb mysrc thedst up Use
ipsecconf(8), as described above, to configure tunnel security
properties.
Configuring IPv6 tunnels is done by using a tunnel type of
ipv6 with
create-iptun. IPv6 interfaces can also be plumbed over either type of
tunnel.
Example 6: Configuring 6to4 Tunnels
To configure 6to4 tunnels, first create a 6to4 tunnel link (
myv4addr is a hostname with a corresponding IPv4 entry in
/etc/hosts):
example%
dladm create-iptun -T 6to4 -s myv4addr my6to4tun0 Then an IPv6 interface is plumbed over this link:
example%
ifconfig my6to4tun0 inet6 plumb up The IPv6 address of the interface is automatically set as described
above.
Example 7: Configuring IP Forwarding on an Interface
To enable IP forwarding on a single interface, use the following
command:
example%
ifconfig eri0 router To disable IP forwarding on a single interface, use the following
command:
example%
ifconfig eri0 -router Example 8: Configuring Source Address Selection Using a Virtual
Interface
The following command configures source address selection such that
every packet that is locally generated with no bound source address
and going out on
qfe2 prefers a source address hosted on
vni0.
example%
ifconfig qfe2 usesrc vni0 The
ifconfig -a output for the
qfe2 and
vni0 interfaces displays as
follows:
qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
1500 index 4
usesrc vni0
inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
ether 0:3:ba:17:4b:e1
vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
mtu 0 index 5
srcof qfe2
inet 3.4.5.6 netmask ffffffff
Observe, above, the
usesrc and
srcof keywords in the
ifconfig output.
These keywords also appear on the logical instances of the physical
interface, even though this is a per-physical interface parameter.
There is no
srcof keyword in
ifconfig for configuring interfaces.
This information is determined automatically from the set of
interfaces that have
usesrc set on them.
The following command, using the
none keyword, undoes the effect of
the preceding
ifconfig usesrc command.
example%
ifconfig qfe2 usesrc none Following this command,
ifconfig -a output displays as follows:
qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
1500 index 4
inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
ether 0:3:ba:17:4b:e1
vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
mtu 0 index 5
inet 3.4.5.6 netmask ffffffff
Note the absence of the
usesrc and
srcof keywords in the output
above.
Example 9: Configuring Source Address Selection for an IPv6 Address
The following command configures source address selection for an IPv6
address, selecting a source address hosted on
vni0.
example%
ifconfig qfe1 inet6 usesrc vni0 Following this command,
ifconfig -a output displays as follows:
qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
usesrc vni0
inet6 fe80::203:baff:fe17:4be0/10
ether 0:3:ba:17:4b:e0
vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
index 5
srcof qfe1
inet6 fe80::203:baff:fe17:4444/128
vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
index 5
srcof qfe1
inet6 fec0::203:baff:fe17:4444/128
vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
index 5
srcof qfe1
inet6 2000::203:baff:fe17:4444/128
Depending on the scope of the destination of the packet going out on
qfe1, the appropriately scoped source address is selected from
vni0 and its aliases.
Example 10: Using Source Address Selection with Shared-IP Zones
The following is an example of how the
usesrc feature can be used
with the
zones(7) facility in Solaris. The following commands are
invoked in the global zone:
example%
ifconfig hme0 usesrc vni0 example%
ifconfig eri0 usesrc vni0 example% i
fconfig qfe0 usesrc vni0 Following the preceding commands, the
ifconfig -a output for the
virtual interfaces would display as:
vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
mtu 0 index 23
srcof hme0 eri0 qfe0
inet 10.0.0.1 netmask ffffffff
vni0:1:
flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
index 23
zone test1
srcof hme0 eri0 qfe0
inet 10.0.0.2 netmask ffffffff
vni0:2:
flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
index 23
zone test2
srcof hme0 eri0 qfe0
inet 10.0.0.3 netmask ffffffff
vni0:3:
flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
index 23
zone test3
srcof hme0 eri0 qfe0
inet 10.0.0.4 netmask ffffffff
There is one virtual interface alias per zone (
test1,
test2, and
test3). A source address from the virtual interface alias in the same
zone is selected. The virtual interface aliases were created using
zonecfg(8) as follows:
example%
zonecfg -z test1 zonecfg:test1>
add net zonecfg:test1:net>
set physical=vni0 zonecfg:test1:net>
set address=10.0.0.2 The
test2 and
test3 zone interfaces and addresses are created in the
same way.
Example 11: Turning Off DHCPv6
The following example shows how to disable automatic use of DHCPv6 on
all interfaces, and immediately shut down DHCPv6 on the interface
named
hme0. See
in.ndpd(8) and
ndpd.conf(5) for more information on
the automatic DHCPv6 configuration mechanism.
example%
echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf example%
pkill -HUP -x in.ndpd example%
ifconfig hme0 dhcp releaseFILES
/etc/netmasks Netmask data.
/etc/default/inet_type Default Internet protocol type.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------------------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------------------------------+-----------------+
|Interface Stability for command-line | Committed |
|options | |
+---------------------------------------+-----------------+
|Interface Stability for command output | Uncommitted |
+---------------------------------------+-----------------+
SEE ALSO
dhcpinfo(1),
gethostbyname(3NSL),
ethers(3SOCKET),
getnetbyname(3SOCKET),
arp(4P),
ipsecah(4P),
ipsecesp(4P),
hosts(5),
inet_type(5),
ndpd.conf(5),
netmasks(5),
networks(5),
nsswitch.conf(5),
attributes(7),
privileges(7),
zones(7),
cfgadm(8),
dhcpagent(8),
dladm(8),
if_mpadm(8),
in.mpathd(8),
in.ndpd(8),
in.routed(8),
ipmpstat(8),
ipsecconf(8),
ndd(8),
netstat(8),
zoneadm(8),
zonecfg(8) System Administration Guide: IP ServicesDIAGNOSTICS
ifconfig sends messages that indicate if:
o the specified interface does not exist
o the requested address is unknown
o the user is not privileged and tried to alter an
interface's configuration
NOTES
Do not select the names
broadcast,
down,
private,
trailers,
up or
other possible option names when you choose host names. If you choose
any one of these names as host names, it can cause unusual problems
that are extremely difficult to diagnose.
February 17, 2023 IFCONFIG(8)
