dladm(8) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

dladm(8)

System Administration Commands                                        dladm(8)



NAME
       dladm - administer data links

SYNOPSIS
       dladm


       dladm show-link [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [link]
       dladm rename-link [-R root-dir] link new-link


       dladm delete-phys phys-link
       dladm show-phys [-PZ] [-Lmv] [[-p] -o field[,...]] [-H]
            [-z zone[,...]] [[-D [dcb-feature]] [-lr]] [-G] [phys-link]


       dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode]
            [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
       dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L lacpmode]
            [-T time] [-u address] aggr-link
       dladm delete-aggr [-t] [-R root-dir] aggr-link
       dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
            aggr-link
       dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
            aggr-link
       dladm show-aggr [-PLxZSCv] [[-p] -o field[,...]] [-z zone[,...]]
            [aggr-link]


       dladm create-bridge [-P protect] [-R root-dir] [-p priority]
            [-m max-age] [-h hello-time] [-d forward-delay]
            [-f force-protocol] [-l link...] bridge-name
       dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
            [-m max-age] [-h hello-time] [-d forward-delay]
            [-f force-protocol] bridge-name
       dladm delete-bridge [-R root-dir] bridge-name
       dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
       dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
       dladm show-bridge [-flt] [[-p] -o field,...]
            [bridge-name]


       dladm create-vlan [-ft] [-R root-dir] -l ether-link
            -v vid[,pvlan-svid[,pvlan-type]] [vlan-link]
       dladm modify-vlan [-t] [-R root-dir] [-l ether-link]
            [-v vid[,pvlan-svid[,pvlan-type]] [-f]]
            {vlan-link,[vlan-link,...] | -L ether-link}
       dladm delete-vlan [-t] [-R root-dir] vlan-link
       dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [vlan-link]


       dladm create-wlan [-R root-dir] [-p prop=value[,...]] <wlan-name>
       dladm delete-wlan [-R root-dir] <wlan-name>
       dladm set-wlan [-R root-dir] -p prop=value[,...] <wlan-name>
       dladm reset-wlan [-R root-dir] -p prop=value[,...] <wlan-name>
       dladm show-wlan [[-p] [-o field[,...]] [wlan-name]


       dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
       dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
            [-s none | wpa ] [-a open | shared] [-b bss | ibss] [-c]
            [-m a | b | g | n ] [-T time] [-w] [wifi-link]
       dladm disconnect-wifi [-a] [-d] [wifi-link]
       dladm show-wifi [-Z] [[-p] -o field[,...]] [-z zone[,...]] [wifi-link]


       dladm show-ether [-xZ] [[-p] -o field[,...]] [-z zone[,...]]
            [-P protocol] [ether-link]


       dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
       dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
       dladm show-linkprop [-HPZ] [[-c] -o field[,...]] [-p prop[,...]]
            [-z zone[,...]] [link]


       dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
       dladm delete-secobj [-t] [-R root-dir] secobj[,...]
       dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]


       dladm create-vnic [-t] [-f] -l link [-R root-dir] [-m value | auto |
            {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
            | {random [-r prefix]}] [-v vlan-id][,pvlan-svid[,pvlan-type]]
            [-P pkey] [-p prop=value[,...]] vnic-link
       dladm create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] <vnic-link>
       dladm modify-vnic [-t] [-R root-dir] [-l link]  [-m value | auto |
            {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
            | {random [-r prefix]}] [-v vlan-id[,pvlan-svid[,pvlan-type]]]
            {vnic-link,[vnic-link,...] | -L link}
       dladm delete-vnic [-t] [-R root-dir] vnic-link
       dladm show-vnic [-P | {-z zone[,..]}] [[-p] -o field[,..]] [-l link]
            [vnic-link]
       dladm show-vnic [-Zmv] [-l link] [vnic-link]


       dladm create-etherstub [-t] [-R root-dir] etherstub
       dladm delete-etherstub [-t] [-R root-dir] etherstub
       dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]


       dladm create-iptun [-t] [-R root-dir] -T type
            [-a {local|remote}=addr,...] iptun-link
       dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,...
            iptun-link
       dladm delete-iptun [-t] [-R root-dir] iptun-link
       dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [iptun-link]


       dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey
            [-p prop=value[,...]] part-link
       dladm delete-part [-t] [-R root-dir] part-link
       dladm show-part [-pP] [-o field[,...]] [-l ib-link]  [part-link]


       dladm create-eoib [-t] [-R root-dir] -l ib-link -g gw-system-name
            -c gw-eth-port eoib-link
       dladm delete-eoib [-t] [-R root-dir] eoib-link
       dladm show-eoib [-PZ] [-g gw-system-name] [-l ib-link] [[-p]
            -o field[,...]] [-z zone [,...]] [eoib-link]
       dladm show-ib [-pP] [-o field[,...]] [ib-link]


       dladm create-vxlan [-t] [-R root-dir]
            -p vni=<vxlan-id>,addr=<ip_address>[,prop=value[,...]] vxlan-link
       dladm create-vxlan [-t] [-R root-dir]
            -p vni=<vxlan-id>,interface=<interface_name>[,prop=value[,...]]
            vxlan-link
       dladm show-vxlan [-pP] [-o field[,...]] [vxlan-link]
       dladm delete-vxlan [-t] [-R root-dir] vxlan-link


       dladm create-cap [-t] [-R root-dir] cap-link
       dladm show-cap [-pP] [-o field[,...]] [cap-link]
       dladm delete-cap [-t] [-R root-dir] cap-link


       dladm create-veth [-t] [-p {<prop>=<val>[,...]}[,...]]
            -r peer_veth_endpoint veth_endpoint
       dladm show-veth [-P] [veth_endpoint | peer_veth_endpoint]
       dladm delete-veth [-t] {veth_endpoint | peer_veth_endpoint}


       dladm help [subcommand-name]

DESCRIPTION
       The dladm command is used to administer data-links. A data-link is rep‐
       resented in the system as a STREAMS DLPI (v2) interface  which  can  be
       plumbed  under protocol stacks such as TCP/IP. Each data-link relies on
       either a single network device or an aggregation  of  devices  to  send
       packets to or receive packets from a network.


       Datalink  configuration  can  also be specified at install time through
       the System Configuration profiles. For more information, on System Con‐
       figuration profiles, see datalink-management(5) for details.


       Each dladm subcommand operates on one of the following objects:

       link

           A  datalink, identified by a name. The name can be at most 30 char‐
           acters, and must start with an alphabetic character and end with  a
           number  between  0 and 4294967294 inclusive (leading zeroes are not
           permitted). The rest  of  the  name  can  use  any  combination  of
           alphanumeric  characters,  along  with  '.'  and  '_'. In addition,
           datalink names may also contain the  special  delimiter  characters
           '/' and '-', as described below.

           When viewed from the global zone, datalinks inside a zone will have
           a prefix (identifying the zone), followed by a '/' and  the  tradi‐
           tional  datalink  name.  Thus, datalink "net0" inside zone "myzone"
           will appear as "myzone/net0" when viewed from the global zone. This
           ensures that the datalink names are always unique.

           Datalinks  automatically  created  to  support a particular feature
           will contain a prefix identifying the feature followed by a '-' and
           a  traditional  datalink name (for example, ldoms-vsw1.port2). This
           ensures that such datalinks will not have naming conflicts. Accord‐
           ingly,  dladm  cannot be used to create datalinks that contain '-'.
           The following are some of the prefixes that have been assigned:



           sp       Datalinks connected to service processors.


           ldoms    Datalinks used by LDOMs guest domains.


           vrrp     Datalinks used by L2 VRRP virtual routers.

           Some subcommands operate  only  on  certain  types  or  classes  of
           datalinks. For those cases, the following object names are used:

           aggr-link

               An aggregation datalink (or a key; see NOTES).


           eoib-link

               An Ethernet-over-InfiniBand (EoIB) datalink.


           ether-link

               A physical Ethernet datalink.


           iptun-link

               An IP tunnel link.


           part-link

               An InfiniBand (IB) partition data link.


           phys-link

               A physical datalink.


           vlan-link

               A VLAN datalink.


           veth-link

               A virtual Ethernet datalink.


           vnic-link

               A  virtual network interface created on a link or an etherstub.
               It is a pseudo device that can be treated as if it were an net‐
               work interface card on a machine.


           wifi-link

               A WiFi datalink.



       bridge

           A  bridge  instance, identified by an administratively-chosen name.
           The name may use any alphanumeric characters or the underscore,  _,
           but  must start and end with an alphabetic character. A bridge name
           can be at most 31 characters. The name default is reserved, as  are
           all names starting with SUNW.

           Note  that  appending  a zero (0) to a bridge name produces a valid
           link name, used for observability.

           Also note that the bridge-related subcommands, described with dladm
           subcommands  below,  require installation of the pkg://solaris/net‐
           work/bridging package.


       dev

           A network device, identified by concatenation of a driver name  and
           an instance number.


       etherstub

           An  Ethernet  stub  can be used instead of a physical NIC to create
           VNICs. VNICs created on an etherstub will appear  to  be  connected
           through  a virtual switch, allowing complete virtual networks to be
           built without physical hardware.


       part

           An IB partition link created on a IB physical link.


       secobj

           A secure object, identified by an administratively-chosen name. The
           name  can  use  any  alphanumeric characters, as well as underscore
           (_), period (.), and hyphen (-). A secure object  name  can  be  at
           most 32 characters.


       veth

           Veth  (Virtual Ethernet datalink) come in pairs and are always con‐
           nected to form  a  full-duplex  point-to-point  link.  The  packets
           transmitted  on one end will be received on the other end and vice-
           versa. They can be thought of as a physical cable  with  a  NIC  on
           each end.


       wlan-name

           A  Known  WLAN  object,  identified by the ESSID of a WiFi network.
           Known WLANs are a prioritized list that can be used by connect-wifi
           subcommand  to  automatically pick a WiFi network to connect to, if
           none is specified.



       dladm is  implemented  as  a  set  of  subcommands  with  corresponding
       options.  Options are described in the context of each subcommand. Many
       of the subcommands have the following as a common option:

       -R root-dir, --root-dir=root-dir

           Specifies an alternate root directory where the  operation-such  as
           creation, deletion, or renaming-should apply.



       dladm also supports a command form with no arguments. When invoked this
       way, dladm displays basic configuration information for  all  datalinks
       on a system. See EXAMPLES.

   SUBCOMMANDS
       The following subcommands are supported:

       dladm show-link [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [link]

           Show link configuration information either for all datalinks or for
           the specified link. By default, the system is configured  with  one
           datalink  for  each  known network device. The option to print link
           statistics is moved to dlstat(8).

           -o field[,...], --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all to  display  all  fields.  By  default
               (without -o), show-link displays all fields.

               LINK

                   The name of the datalink.


               ZONE

                   The current zone of the datalink.


               CLASS

                   The  class of the datalink. dladm distinguishes between the
                   following classes:

                   aggr

                       Link Aggregation either as Datalink Multipathing (dlmp)
                       or  IEEE  802.3ad  trunk. The show-aggr subcommand dis‐
                       plays more details for this class of datalink.


                   bridge

                       A bridge instance, identified by  an  administratively-
                       chosen name.


                   eoib

                       An  EoIB  interface.  The show-eoib subcommand displays
                       more detail for this class of datalink.


                   etherstub

                       Instance of an etherstub. An Ethernet stub can be  used
                       instead  of  a physical NIC to create VNICs. VNICs cre‐
                       ated on  an  etherstub  will  appear  to  be  connected
                       through  a  virtual  switch,  allowing complete virtual
                       networks to be built without physical hardware.


                   iptun

                       An instance of an IP tunnel link.


                   part

                       An IP-over-IB interface. The show-part subcommand  dis‐
                       plays more detail for this class of datalink.


                   phys

                       A  physical datalink. The show-phys subcommand displays
                       more detail for this class of datalink.


                   vlan

                       A VLAN datalink. The show-vlan subcommand displays more
                       detail for this class of datalink.


                   vnic

                       A  virtual  network interface. The show-vnic subcommand
                       displays more detail for this class of datalink.



               MTU

                   The maximum transmission unit size for the  datalink  being
                   displayed.


               STATE

                   The  virtual  link  state of the datalink. The state can be
                   up, down, or unknown. When a NIC is carved up into multiple
                   virtual  NICs  (VNICs),  then  a  virtual switch is created
                   internally to allow the VNICs and the primary  datalink  to
                   communicate  as  long  as  they are on the same VLAN. These
                   datalinks can talk to each  other,  even  if  the  physical
                   datalink  has no connection with the external network. This
                   forms the virtual link state of the datalink.

                   For IPoIB vnics, if the link is down, use  show-ib  subcom‐
                   mand  to  check  the  underlying port status and configured
                   pkeys, and the show-linkprop subcommand to check the broad‐
                   cast-group property.


               BRIDGE

                   The  name  of the bridge to which this link is assigned, if
                   any.


               OVER

                   The physical datalink(s) over which the datalink is operat‐
                   ing.  This  applies  to  aggr,  bridge, eoib, vlan and part
                   classes  of  datalinks.  A  VLAN,  IB  partition,  or  EoIB
                   datalink  is  created  over  a  single physical datalink, a
                   bridge has multiple attached links, and an  aggregation  is
                   comprised of one or more physical datalinks.



           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -P, --persistent

               Display the persistent link configuration.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               Display links from the specified zones. By default, dladm  dis‐
               plays  links  in  all  the zones when it is run from the global
               zone. The links in other zones are displayed  with  the  corre‐
               sponding zonename as its prefix, followed by the slash (/) sep‐
               arator. For example, zone1/net0

               When run from a non-global zone, this subcommand displays  only
               links  from  that  zone.  A non-global zone cannot see links in
               other zones.



       dladm rename-link [-R root-dir] link new-link

           Rename link to new-link. This is used to give a link  a  meaningful
           name,  or  to  associate  existing  link configuration such as link
           properties of a removed device with a new device. See the  EXAMPLES
           section for specific examples of how this subcommand is used.

           -R root-dir, --root-dir=root-dir

               See "Options," above.



       dladm delete-phys phys-link

           This  command  is  used to delete the persistent configuration of a
           link associated with physical hardware which has been removed  from
           the system.

           Layer 3 components such as ip interfaces should be deleted manually
           using the ipadm delete commands. See the EXAMPLES section.




       dladm show-phys [-PZ] [-Lmv] [[-p] -o field[,...]] [-H]
            [-z zone[,...]] [[-D [dcb-feature]] [-lr]] [-G] [phys-link]


           Show the physical device and attributes of all physical  links,  or
           of  the  named  physical link. Without -P, only physical links that
           are available on the running system are displayed.


           -D [dcb-feature]

               Show DCB (Data Center Bridging)-related configuration  informa‐
               tion  on  the  phys-link.  Supported  dcb-features  include ets
               (Enhanced Transmission Selection, IEEE 802.1Qaz) and pfc  (Pri‐
               ority-based  Flow  Control, IEEE 802.1Qbb). The output for dcb-
               feature is unstable.

               Output from -D  ets displays the following elements for ETS DCB
               feature:

               LINK

                   The name of the datalink.


               COS

                   802.1p priority value.


               ETSBW_LCL_EFFECT

                   The  effective  ETS  BW as a percentage for the CoS (802.1p
                   priority) value.


               ETSBW_RMT_EFFECT

                   The effective ETS BW as a percentage for  the  CoS  (802.1p
                   priority) value on the peer.


               ETSBW_LCL_SOURCE

                   Indicates the source for ETSBW_LCL_EFFECT value. This could
                   be either local (configured) or remote (recommended) value.


               CLIENTS

                   MAC clients that are using the CoS value.



           -l

               For ETS DCB feature, this shows additional local information:

               ETSBW_LCL

                   The configured ETS BW as a percentage for the  CoS  (802.1p
                   priority) value.


               ETSBW_LCL_EFFECT

                   The  effective  ETS  BW as a percentage for the CoS (802.1p
                   priority) value.


               ETSBW_LCL_ADVICE:

                   The ETS BW as a percentage for the  CoS  (802.1p  priority)
                   value that is recommended by the peer.



           -r

               For ETS DCB feature, this shows additional remote information:


               ETSBW_RMT_EFFECT

                   The  effective  ETS  BW as a percentage for the CoS (802.1p
                   priority) value on the peer.


               ETSBW_RMT_ADVICE:

                   The ETS BW as a percentage for the  CoS  (802.1p  priority)
                   value that is recommended to the peer.

               Output from -D  pfc displays the LINK, COS, and CLIENTS fields,
               just the same as the -D  ets output. In addition, -D  pfc  dis‐
               plays the following elements specifically for PFC DCB feature:

               PFC

                   If the configured PFC is enabled for the CoS (802.1p prior‐
                   ity) value.


               PFC_EFFECT

                   If the effective PFC is enabled for the CoS (802.1p  prior‐
                   ity) value.



           -H

               Show  hardware  resource  usage, as returned by the NIC driver.
               Output from -H displays the following elements:

               LINK

                   The name of the datalink.


               RINGTYPE

                   The type of the ring, either RX or TX.


               RINGS

                   The ring index. A ring is an hardware resource, which typi‐
                   cally  maps  to  a  DMA channel, that can be programmed for
                   specific use. For example, an RX ring can be programmed  to
                   receive only packets belonging to a specific MAC address.


               CLIENTS

                   MAC clients that are using the rings.



           -L

               Display  location  information  for the physical devices/links.
               Output is in location order — that is, onboard  devices  before
               expansion slots — and location information (for example, PCIexp
               Slot 2, MB) is supplied where available. Output  from  -L  sup‐
               ports the following elements:

               LINK

                   A physical device corresponding to a NIC driver.


               DEVICE

                   The name of the physical device under this link.


               LOC

                   Physical location description string (where available).



           -m

               Display  the  list of factory MAC addresses, their slot identi‐
               fiers, and their availability.


           -v

               Display the list of VLAN IDs or PKEYS, their availability,  and
               which client is using them.


               ID        The  VLAN  ID  (PKEYS)  supported  on  this  Ethernet
                         (IPoIB) device.


               INUSE     Whether the VLAN ID (PKEYS) is in use or not.


               CLIENT    The list of  clients  who  are  using  this  VLAN  ID
                         (PKEYS).


               VIDS      The  VLAN  ID  supported on this physical device. For
                         IPoIB device, the output will show --.


               PKEYS     The PKEYS supported on this physical device. For Eth‐
                         ernet device, the output will show --.



               Note -




                 The  output of this option is applicable for para-virtualized
                 devices. For example,  solaris-kz  brand's  zvnet  device  or
                 LDOM's vnet device. For other devices, the output is shown as
                 --.




           -V

               Display SR-IOV information for  a  physical  link.  The  output
               shows:

               LINK         The physical link name.


               VFS-AVAIL    The number of VFs available on this physical link.


               VFS-INUSE    The number of VFs in use by this physical link.


               FLAGS        The  only  possible  flag  is  l, which stands for
                            LDOMs-managed. If this flag is set, dladm will not
                            be able to create VF VNICs on this physical link.



           -G

               Display hardware ring group resource information for a physical
               link. Both transmit and receive hardware rings are DMA channels
               and can be exposed by device drivers. Rings are associated with
               ring groups. Receive ring groups are  associated  with  one  or
               more MAC addresses, and all network traffic matching any of the
               MAC addresses associated with a receive group must be delivered
               by the NIC through one of the rings of that group. The steering
               of traffic to the receive ring groups is enabled in  the  hard‐
               ware through layer-2/3 classification. The output displays:


               LINK             The physical link name.


               RG-AVAIL         The number of ring groups available on a phys‐
                                ical link.


               RG-INUSE-UMAC    The number of ring groups being used by kernel
                                data path bypass (see net_kernel_bypass).


               RG-INUSE-VNIC    The number of ring groups being used by VNICs.


               RG-INUSE-FLOW    The number of ring groups being used by FLOWs.




           -i

               Display  information  for  an implicitly created physical link.
               The output shows:


               LINK

                   The physical link name.


               MEDIA

                   The media type provided by the physical datalink.


               ID

                   The unique identifier for the implicitly  created  physical
                   datalink.  Shows  anet id for the Ethernet datalinks in the
                   format of "anet:<id>" within a solaris-kz brand zone.


               DEVICE

                   The name of the physical device for this link.


               ACTIVE

                   The underlying device actively in use.


               STANDBY

                   The underlying device put as standby.




           -o field, --output=field

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all, to display all fields. For each link,
               the following fields can be displayed:

               LINK

                   The name of the datalink.


               MEDIA

                   The media type provided by the physical datalink.


               STATE

                   The  physical  link  state of the datalink. This can be up,
                   down,  or  unknown.  The  physical  link  state  identifies
                   whether  the  physical  device  has  connectivity  with the
                   external network (it does, if the cable is plugged  in  and
                   the  state  of  the  port  on the other end of the cable is
                   "up").


               SPEED

                   The current speed of the link, in megabits per second.


               DUPLEX

                   For Ethernet links, the full/half duplex status of the link
                   is  displayed  if  the link state is up. The duplex is dis‐
                   played as unknown in all other cases.


               DEVICE

                   The name of the physical device under this link.


               ALLOWED-ADDRESSES

                   Specifies the list of MAC prefixes that are 1 to  5  octets
                   long.  This  column  is applicable in solaris-kz brand zone
                   for para-virtualized device, namely, zvnet. VNICs with  MAC
                   addresses  that  start  with any one of the prefixes in the
                   list can be created inside the solaris-kz(7) brand zone.


               ALLOWED-VIDS

                   Specifies the list of VLAN ID ranges. This column is appli‐
                   cable in solaris-kz brand zone for para-virtualized device,
                   namely, zvnet. VNICs with VLAN IDs that are in the list can
                   be created inside the solaris-kz(7) brand zone.


               RG-AVAIL

                   The number of ring groups available on a physical link.


               RG-INUSE-UMAC

                   The  number  of  ring groups being used by kernel data path
                   bypass (see net_kernel_bypass(3LIB)).



           -p, --parseable

               Display using a stable machine-parseable format. The -o  option
               is required with -p. See "Parseable Output Format", below.


           -P, --persistent

               This  option  displays  persistent configuration for all links,
               including those that have been removed  from  the  system.  The
               output  provides  a  FLAGS column in which the r flag indicates
               that the physical device associated with a  physical  link  has
               been  removed. For such links, delete-phys can be used to purge
               the link's configuration from the system.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.

           By default, Oracle Solaris assigns link names with  the  prefix  of
           net.  Before installing Oracle Solaris, you can change this default
           by modifying the value of the linkname-policy/phys-prefix SMF prop‐
           erty of the service svc:/network/datalink-management:default. Spec‐
           ify a new value for this property in the System Configuration mani‐
           fests used the Automated Install (AI) program.




       dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode]
            [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link


           Combine  a  set of links into a single link aggregation named aggr-
           link. The aggregation could be Datalink Multipathing (dlmp) or IEEE
           802.3ad  compliant.  The  use  of an integer key to generate a link
           name for the aggregation is also supported for backward compatibil‐
           ity. Many of the *-aggr subcommands below also support the use of a
           key to refer to a given aggregation, but  use  of  the  aggregation
           link  name is preferred. See the NOTES section for more information
           on keys.

           dladm supports a number of port selection policies for an  aggrega‐
           tion  of  ports.  (See the description of the -P option, below.) If
           you do not specify a policy, create-aggr uses the default,  the  L4
           policy, described under the -P option.

           -l ether-link, --link=ether-link

               Each  Ethernet  link  (or port) in the aggregation is specified
               using an -l option followed by the  name  of  the  link  to  be
               included in the aggregation. Multiple links are included in the
               aggregation by specifying multiple  -l  options.  For  backward
               compatibility  with  previous  versions  of Oracle Solaris, the
               dladm command also supports the using the -d option (or  --dev)
               with  a device name to specify links by their underlying device
               name. The other  *-aggr subcommands that take -l  options  also
               accept -d.


           -t, --temporary

               Specifies that the aggregation is temporary. Temporary aggrega‐
               tions last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -m mode

               Mode must be set to one of the following:

               trunk

                   IEEE 802.3ad compliant link  aggregation.  If  unspecified,
                   mode is trunk.


               dlmp

                   Datalink  Multipathing  mode.  A  layer 2 high availability
                   technology  that  can  provide  failover   among   multiple
                   switches, and does not require switch configuration. A dlmp
                   link aggregation can also aggregate ports connected to same
                   switch. However, it cannot be used in back-to-back setup.

                   An  dlmp  link aggregation is limited in its load-spreading
                   ability: MAC clients configured on plumbed dlmp   aggr  are
                   distributed  across  all  aggr  ports but an individual MAC
                   client cannot spread load across multiple ports.

                   This mode is not IEEE 802.3ad  compliant.  Setting  policy,
                   lacpmode, time or MAC address is invalid in this mode.



           -P policy, --policy=policy

               Specifies  the  port selection policy to use for load spreading
               of outbound traffic. The policy specifies which dev  object  is
               used  to send packets. A policy is a list of one or more layers
               specifiers separated by commas. A layer specifier is one of the
               following:


               L2

                   Select  outbound device according to source and destination
                   MAC addresses of the packet.


               L3

                   Select outbound device according to source and  destination
                   IP addresses of the packet.


               L4

                   Select  outbound device according to the upper layer proto‐
                   col information contained in the packet. For TCP  and  UDP,
                   this includes source and destination ports. For IPsec, this
                   includes the SPI (Security Parameters Index).

               For example, to use upper layer protocol information, the  fol‐
               lowing policy can be used:


                 -P L4

               Note that policy L4 is the default.

               To  use the source and destination MAC addresses as well as the
               source and destination IP addresses, the following  policy  can
               be used:

                 -P L2,L3



           -L lacpmode, --lacp-mode=mode

               Specifies whether LACP should be used and, if used, the mode in
               which it should operate. Supported values are  off,  active  or
               passive.


           -T time, --lacp-timer=time

               Specifies  the LACP timer value. The supported values are short
               or long.


           -u address, --unicast=address

               Specifies a fixed unicast hardware address to be used  for  the
               aggregation.  If  this option is not specified, then an address
               is automatically chosen from the set of addresses of the compo‐
               nent devices.





       dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L lacpmode]
            [-T time] [-u address] aggr-link


           Modify the parameters of the specified aggregation.

           -t, --temporary

               Specifies  that the modification is temporary. Temporary aggre‐
               gations last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -m mode

               This option is Obsolete. One can delete the aggregation of  one
               mode, and create a new with another mode.


           -P policy, --policy=policy

               Specifies  the  port selection policy to use for load spreading
               of outbound traffic. See dladm create-aggr for a description of
               valid policy values.


           -L lacpmode, --lacp-mode=mode

               Specifies whether LACP should be used and, if used, the mode in
               which it should operate. Supported values are off,  active,  or
               passive.


           -T time, --lacp-timer=time

               Specifies  the LACP timer value. The supported values are short
               or long.


           -u address, --unicast=address

               Specifies a fixed unicast hardware address to be used  for  the
               aggregation.  If  this option is not specified, then an address
               is automatically chosen from the set of addresses of the compo‐
               nent devices.

               (Note  that  modification of the fixed unicast hardware address
               will override any previously defined mac-address link  property
               defined for the aggregation. See "General Link Properties".)



       dladm delete-aggr [-t] [-R root-dir] aggr-link

           Deletes the specified aggregation.

           -t, --temporary

               Specifies  that  the deletion is temporary. Temporary deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.





       dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
            aggr-link


           Adds links to the specified aggregation.

           -l ether-link, --link=ether-link

               Specifies an Ethernet link to add to the aggregation.  Multiple
               links can be added by supplying multiple -l options.


           -t, --temporary

               Specifies that the additions are temporary. Temporary additions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.





       dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
           aggr-link


           Removes links from the specified aggregation.

           -l ether-link, --link=ether-link

               Specifies an Ethernet link to remove from the aggregation. Mul‐
               tiple links can be added by supplying multiple -l options.


           -t, --temporary

               Specifies  that  the  removals are temporary. Temporary removal
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.





       dladm show-aggr [-PLxZSCv] [[-p] -o field[,...]] [-z zone[,...]]
            [aggr-link]


           Show aggregation configuration (the default), LACP information,  or
           DLMP  probe-based  failure/recovery detection status either for all
           aggregations or for the specified aggregation.

           By default (with no options), the  following  fields  can  be  dis‐
           played:


           LINK

               The name of the aggregation link.


           MODE

               The aggregation mode, either trunk or dlmp.


           POLICY

               The  LACP  policy  of  the aggregation. See the create-aggr  -P
               option for a description of the possible values.


           ADDRPOLICY

               Either auto, if the aggregation is configured to  automatically
               configure its unicast MAC address (the default if the -u option
               was not used to create or modify the aggregation), or fixed, if
               -u was used to set a fixed MAC address.


           LACPACTIVITY

               The  LACP  mode  of  the  aggregation. Possible values are off,
               active, or passive, as set by the -l option to  create-aggr  or
               modify-aggr.


           LACPTIMER

               The LACP timer value of the aggregation as set by the -T option
               of create-aggr or modify-aggr.

           The following field is not part of the default output, but  can  be
           queried using -o.


           FLAGS

               A  set of state flags associated with the aggregation. The only
               possible flag is f, which is  displayed  if  the  administrator
               forced the creation the aggregation using the -f option to cre‐
               ate-aggr. Other flags might be defined in the future.

           The show-aggr command accepts the following options:

           -L, --lacp

               Displays detailed LACP information for the aggregation link and
               each  underlying  port. Most of the state information displayed
               by this option is defined by IEEE 802.3. With this option,  the
               following fields can be displayed:

               LINK

                   The name of the aggregation link.


               PORT

                   The name of one of the underlying aggregation ports.


               AGGREGATABLE

                   Whether the port can be added to the aggregation.


               SYNC

                   If  yes,  the  system considers the port to be synchronized
                   and part of the aggregation.


               COLL

                   If yes, collection of incoming frames  is  enabled  on  the
                   associated port.


               DIST

                   If  yes,  distribution of outgoing frames is enabled on the
                   associated port.


               DEFAULTED

                   If yes, the port is  using  defaulted  partner  information
                   (that  is,  has  not received LACP data from the LACP part‐
                   ner).


               EXPIRED

                   If yes, the receive state of the port  is  in  the  EXPIRED
                   state.



           -x, --extended

               Display  additional  aggregation information including detailed
               information on each underlying port.  With  -x,  the  following
               fields can be displayed:

               LINK

                   The name of the aggregation link.


               PORT

                   The name of one of the underlying aggregation ports.


               SPEED

                   The speed of the link or port in megabits per second.


               DUPLEX

                   The  full/half  duplex  status  of the link or port is dis‐
                   played if the link state is up. The duplex status  is  dis‐
                   played as unknown in all other cases.


               STATE

                   The link state. This can be up, down, or unknown.


               ADDRESS

                   The MAC address of the link or port.


               PORTSTATE

                   This  indicates  whether the individual aggregation port is
                   in the standby or attached state.



           -C

               Displays detailed clients information for the given DLMP aggre‐
               gation  link  and each underlying port. With the -C option, the
               following fields can be displayed:


               LINK       The name of the aggregation link.


               PORT       The name of one of the underlying aggregation ports.


               SPEED      The speed of the link or port in megabits  per  sec‐
                          ond.


               DUPLEX     The  full/half  duplex status of the link or port is
                          displayed if the link state is up. The duplex status
                          is displayed as unknown in all other cases.


               STATE      The link state. This can be up, down, or unknown.


               CLIENTS    VNIC  or  VLAN clients that are associated with this
                          port.




           -v

               Displays the list of VLAN  IDs,  their  availability,  and  the
               client by using the VLAN ID.


               LINK    The name of the aggregation link.


               MODE    The aggregation mode, either trunk or dlmp.


               IDS     The  IPoIB  pkeys  supported  on this DLMP aggregation.
                       Shows in the format  of  "PKEY:<pkey_1,...,pkey_n>"  on
                       InfiniBand DLMP aggregation.




           -S

               Displays detailed probe information for the given DLMP aggrega‐
               tion link and each underlying  port.  With  -S,  the  following
               fields can be displayed:

               LINK

                   The name of the aggregation link.


               PORT

                   The name of one of the underlying aggregation ports.


               FLAGS

                   The four letters of the FLAGS field represent:

                   link state      ´u'  for  link up, 'd' for link down or '-'
                                   for unknown link state.


                   prober state    ´p' for elected ICMP prober  (in  case  all
                                   ports are failed).


                   L2 state        ´2' for "L2 active".


                   ICMP state      ´3' for "ICMP active".



               STATE

                   The  state  of  the  port. Possible values can be "active",
                   "failed" or "unknown".


               TARGETS

                   The active ICMP targets for this port.


               XTARGETS

                   The active transitive probe targets for this port.



           -o field[,...], --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed above,
               or the special value all, to display  all  fields.  The  fields
               applicable  to  the -o option are limited to those listed under
               each output mode. For example, if using  -L,  only  the  fields
               listed under -L, above, can be used with -o.


           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -P, --persistent

               Display the persistent aggregation  configuration  rather  than
               the state of the running system.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.





       dladm create-bridge [-P protect] [-R root-dir] [-p priority]
            [-m max-age] [-h hello-time] [-d forward-delay]
            [-f force-protocol] [-l link...] bridge-name


           Create  an 802.1D bridge instance and optionally assign one or more
           network links to the new bridge. By default,  no  bridge  instances
           are present on the system.

           In  order  to  bridge  between  links, you must create at least one
           bridge instance. Each bridge instance is separate, and there is  no
           forwarding connection between bridges.

           Note  that,  for  both  /usr/sbin and /sbin, virtual-switching link
           property has an interface stability of Volatile.

           Note that the bridge-related subcommands, create-bridge among them,
           require installation of the pkg://solaris/network/bridging package.


           -P protect, --protect=protect

               Specifies  a  protection method. The defined protection methods
               are stp for the Spanning Tree Protocol  and  trill  for  TRILL,
               which is used on RBridges. The default value is stp.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -p priority, --priority=priority

               Specifies  the Bridge Priority. This sets the IEEE STP priority
               value for determining the root bridge node in the network.  The
               default  value  is 32768. Valid values are 0 (highest priority)
               to 61440 (lowest priority), in increments of 4096.

               If a value not evenly divisible by 4096  is  used,  the  system
               silently rounds downward to the next lower value that is divis‐
               ible by 4096.


           -m max-age, --max-age=max-age

               Specifies the maximum age for configuration information in sec‐
               onds. This sets the STP Bridge Max Age parameter. This value is
               used for all nodes in the network if  this  node  is  the  root
               bridge.  Bridge  link  information older than this time is dis‐
               carded. It defaults to 20 seconds. Valid values are from  6  to
               40  seconds. See the -d  forward-delay parameter for additional
               constraints.


           -h hello-time, --hello-time=hello-time

               Specifies the STP Bridge Hello Time parameter. When  this  node
               is the root node, it sends Configuration BPDUs at this interval
               throughout the network. The default value is 2  seconds.  Valid
               values  are  from  1  to  10 seconds. See the -d  forward-delay
               parameter for additional constraints.


           -d forward-delay, --forward-delay=forward-delay

               Specifies the STP Bridge Forward  Delay  parameter.  When  this
               node is the root node, then all bridges in the network use this
               timer to sequence the link states when a port is  enabled.  The
               default value is 15 seconds. Valid values are from 4 to 30 sec‐
               onds.

               Bridges must obey the following two constraints:


                 2 * (forward-delay - 1.0) >= max-age

                 max-age >= 2 * (hello-time + 1.0)


               Any parameter setting that would violate those  constraints  is
               treated as an error and causes the command to fail with a diag‐
               nostic message. The message provides valid alternatives to  the
               supplied values.


           -f force-protocol, --force-protocol=force-protocol

               Specifies  the  MSTP  forced  maximum  supported  protocol. The
               default value is 3. Valid values are non-negative integers. The
               current  implementation  does not support RSTP or MSTP, so this
               currently has no effect. However, to prevent  MSTP  from  being
               used  in the future, the parameter may be set to 0 for STP only
               or 2 for STP and RSTP.


           -l link, --link=link

               Specifies one or more links to add to the newly-created bridge.
               This  is  similar to creating the bridge and then adding one or
               more links, as with the add-bridge subcommand. However, if  any
               of the links cannot be added, the entire command fails, and the
               new bridge itself is not created. To add multiple links on  the
               same  command  line,  repeat this option for each link. You are
               permitted to create bridges without links. For more information
               about link assignments, see the add-bridge subcommand.

           Bridge  creation and link assignment require the PRIV_SYS_DL_CONFIG
           privilege. Bridge creation might fail if the optional bridging fea‐
           ture is not installed on the system.




       dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
            [-m max-age] [-h hello-time] [-d forward-delay]
            [-f force-protocol] bridge-name


           Modify  the  operational  parameters  of  an  existing  bridge. The
           options are the same as for the  create-bridge  subcommand,  except
           that  the  -l  option is not permitted. To add links to an existing
           bridge, use the add-bridge subcommand.

           Bridge parameter modification requires the PRIV_SYS_DL_CONFIG priv‐
           ilege.


       dladm delete-bridge [-R root-dir] bridge-name

           Delete  a  bridge  instance. The bridge being deleted must not have
           any attached links. Use the remove-bridge subcommand to  deactivate
           links before deleting a bridge.

           Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.

           The  -R  (--root-dir)  option  is the same as for the create-bridge
           subcommand.


       dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name

           Add one or more links to an existing bridge. If multiple links  are
           specified, and adding any one of them results in an error, the com‐
           mand fails and no changes are made to the system.

           Link addition to a bridge requires  the  PRIV_SYS_DL_CONFIG  privi‐
           lege.

           A  link may be a member of at most one bridge. An error occurs when
           you attempt to add a link that already belongs to  another  bridge.
           To  move a link from one bridge instance to another, remove it from
           the current bridge before adding it to a new one.

           The links assigned to a bridge must not also be  VLANs,  VNICs,  or
           tunnels.  Only  physical Ethernet datalinks, aggregation datalinks,
           and Ethernet stubs are permitted to be assigned to a bridge.

           Links assigned to a bridge must all have  the  same  MTU.  This  is
           checked  when the link is assigned. The link is added to the bridge
           in a deactivated form if it is not the first link on the bridge and
           it has a differing MTU.

           Note  that  systems  using  bridging  should  not set the eeprom(8)
           local-mac-address? variable to false.

           The options are the same as for the create-bridge subcommand.


       dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name

           Remove one or more links from a bridge instance. If multiple  links
           are  specified,  and  removing  any  one of them would result in an
           error, the command fails and none are removed.

           Link removal from a bridge requires the  PRIV_SYS_DL_CONFIG  privi‐
           lege.

           The options are the same as for the create-bridge subcommand.


       dladm show-bridge [-flt] [[-p] -o field,...] [bridge-name]

           Show  the  running  status  and  configuration  of  bridges,  their
           attached links, learned  forwarding  entries,  and  TRILL  nickname
           databases.  When  showing  overall bridge status and configuration,
           the bridge name can be omitted to show all bridges. The other forms
           require a specified bridge.

           The show-bridge subcommand accepts the following options:


           -p, --parseable

               Display using a stable machine-parseable format. See "Parseable
               Output Format," below.


           -o field[,...], --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field names are described below. The special value
               all displays all fields. Each set of fields has its own default
               set to display when -o is not specified.

           By  default, the show-bridge subcommand shows bridge configuration.
           The following fields can be shown:


           BRIDGE

               The name of the bridge.


           ADDRESS

               The Bridge Unique Identifier value (MAC address).


           PRIORITY

               Configured priority value; set by  -p  with  create-bridge  and
               modify-bridge.


           BMAXAGE

               Configured bridge maximum age; set by -m with create-bridge and
               modify-bridge.


           BHELLOTIME

               Configured bridge hello time; set by -h with create-bridge  and
               modify-bridge.


           BFWDDELAY

               Configured  forwarding  delay; set by -d with create-bridge and
               modify-bridge.


           FORCEPROTO

               Configured forced maximum protocol;  set  by  -f  with  create-
               bridge and modify-bridge.


           TCTIME

               Time, in seconds, since last topology change.


           TCCOUNT

               Count of the number of topology changes.


           TCHANGE

               This indicates that a topology change was detected.


           DESROOT

               Bridge Identifier of the root node.


           ROOTCOST

               Cost of the path to the root node.


           ROOTPORT

               Port number used to reach the root node.


           MAXAGE

               Maximum age value from the root node.


           HELLOTIME

               Hello time value from the root node.


           FWDDELAY

               Forward delay value from the root node.


           HOLDTIME

               Minimum BPDU interval.

           By  default,  when the -o option is not specified, only the BRIDGE,
           ADDRESS, PRIORITY, and DESROOT fields are shown.

           The show-bridge subcommand also accepts the following options:




       dladm create-vlan [-ft] [-R root-dir] -l ether-link
            -v vid[,pvlan-svid[,pvlan-type]] [vlan-link]


           Create a tagged VLAN link with an ID  of  vid  over  Ethernet  link
           ether-link.  The  name  of  the VLAN link can be specified as vlan-
           link. The name can be specified as  zonename/linkname,  which  will
           create  the  VLAN in the given zone's namespace. If the name is not
           specified, a name will be automatically  generated  (assuming  that
           ether-link is namePPA) as:


             <name><1000 * vlan-tag + PPA>

           For example, if ether-link is bge1 and vid is 2, the name generated
           is bge2001.

           -f, --force

               Force the creation of the VLAN link. Some devices do not  allow
               frame  sizes large enough to include a VLAN header. When creat‐
               ing a VLAN link over such a device, the -f  option  is  needed,
               and  the MTU of the IP interfaces on the resulting VLAN must be
               set to 1496 instead of 1500.


           -l ether-link

               Specifies Ethernet link over which VLAN is created.


           -t, --temporary

               Specifies that the VLAN link is temporary. Temporary VLAN links
               last  until the next reboot. The -t option must be specified if
               the VLAN is created in a non-global zone's namespace.


           -R root-dir, --root-dir=root-dir

               See "Options," above.





       dladm modify-vlan [-t] [-R root-dir] [-l ether-link]
            [-v vid[,pvlan-svid[,pvlan-type]] [-f]]
            {vlan-link,[vlan-link,...] | -L ether-link}


           Modifies the underlying link and/or the VLAN-ID  of  the  specified
           VLAN  link(s).  The VLAN link(s) can be specified as a comma-delim‐
           ited list or as -L  source-ether-link to  indicate  "all  VLANs  on
           source-ether-link".

           -t, --temporary

               Specifies that the VLAN modification is temporary.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -l ether-link

               Specifies  the  Ethernet link to which to move the VLAN(s). The
               Ethernet link must  be  different  from  the  current  one  the
               VLAN(s) is or are using.


           -v vid[,pvlan-svid[,pvlan-type]]  [-f]

               Specifies  the VLAN-ID to be used. This option can be used only
               if a single VLAN link is  specified.  The  purpose  of  the  -f
               option is the same as in create-vlan, above.



       dladm delete-vlan [-t] [-R root-dir] vlan-link

           Delete the VLAN link specified.

           The delete-vlan subcommand accepts the following options:

           -t, --temporary

               Specifies  that  the deletion is temporary. Temporary deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.



       dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [vlan-link]

           Display VLAN configuration for all VLAN links or for the  specified
           VLAN link.

           The show-vlan subcommand accepts the following options:

           -o field[,...], --output=field[,...]

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below,
               or  the special value all, to display all fields. For each VLAN
               link, the following fields can be displayed:

               LINK

                   The name of the VLAN link.


               VID

                   The ID associated with the VLAN or the primary VID  associ‐
                   ated with a PVLAN.


               SVID

                   The PVLAN secondary VLAN ID associated with the VNIC.


               PVLAN-TYPE

                   The PVLAN type associated with the VNIC.


               OVER

                   The  name of the physical link over which this VLAN is con‐
                   figured.


               FLAGS

                   A set of flags associated  with  the  VLAN  link.  Possible
                   flags are:


                   f

                       The  VLAN  was  created  using the -f option to create-
                       vlan.


                   i

                       The VLAN was implicitly created when the DLPI link  was
                       opened.  These  VLAN links are automatically deleted on
                       last close of the DLPI link (for example, when  the  IP
                       interface associated with the VLAN link is unplumbed).

                   Additional flags might be defined in the future.



           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -P, --persistent

               Display the persistent VLAN configuration rather than the state
               of the running system.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.



       dladm create-wlan [-R root-dir] [-p prop=value[,...]] <wlan-name>

           Creates  a  Known WLAN with the given name wlan-name. The wlan-name
           represents the ESSID of the WiFi network whose  properties  can  be
           saved in this object.


           -R root-dir, --root-dir=root-dir

               See Options section above.


           -p prop=value,..., --prop prop=value,...

               A  comma-separated  list  of properties to set to the specified
               values.




       dladm delete-wlan [-R root-dir] <wlan-name>

           Deletes the specified Known WLAN.


           -R root-dir, --root-dir=root-dir

               See Options section above.




       dladm set-wlan [-R root-dir] -p prop=value[,...] <wlan-name>

           Sets the value of one of more properties on the Known  WLAN  speci‐
           fied.


           -R root-dir, --root-dir=root-dir

               See Options section above.


           -p prop=value,..., --prop prop=value,...

               A  comma-separated  list  of properties to set to the specified
               values.




       dladm reset-wlan [-R root-dir] -p prop=value[,...] <wlan-name>

           Resets the value of one or more properties on the Known WLAN speci‐
           fied.


           -R root-dir, --root-dir=root-dir

               See Options section above.


           -p prop=value,..., --prop prop=value,...

               A  comma-separated  list  of properties to set to the specified
               values.




       dladm show-wlan [[-p] [-o field[,...]] [wlan-name]

           Displays the Known WLAN configuration for all Known  WLANs  or  the
           specified Known WLAN.


           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p option. See the "Parseable  Output  Format"
               section below.


           -o field[,...] , --output=field[,...]

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below,
               or  the  special  value  all, to display all fields. By default
               (without the -o option), show-wlan displays all fields.


           ESSID

               The name of the Known WLAN.


           PRIORITY

               The relative priority of this Known WLAN; a smaller number rep‐
               resents  higher  priority.  If  no  priority  is specified, the
               default value of 0 is assigned.


           BSSIDS

               If a specific access point should be preferred over  other  the
               same  ESSID,  this property allows the access point's BSSIDs to
               be specified.


           SECURITY-MODE

               The encryption mode of this Known WLAN's WiFi network. The fol‐
               lowing values are valid:


               none    No encryption is used by the WiFi network.


               wpa     Wi-Fi  Protected Access (WPA) encryption is used by the
                       WiFi Network.




           KEY

               Secure object name to associate with this Known WLAN.  If  this
               Known  WLAN  uses  an  encryption  mode  that supports multiple
               keyslots, the slot to place the key is shown by  a  colon  fol‐
               lowed by an index. For example, mykey:3 places mykey in slot 3.
               Valid values are 1 to 4. If unspecified, slot 1 is assumed  and
               used by default.




       dladm scan-wifi [[-p] -o field[,...]] [wifi-link]

           Scans  for  WiFi networks, either on all WiFi links, or just on the
           specified wifi-link.

           By default, currently all fields but BSSTYPE are displayed.

           -o field[,...], --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all to display all fields. For  each  WiFi
               network found, the following fields can be displayed:

               LINK

                   The name of the link the WiFi network is on.


               ESSID

                   The ESSID (name) of the WiFi network.


               BSSID

                   Either  the  hardware  address of the WiFi network's Access
                   Point (for BSS networks), or the  WiFi  network's  randomly
                   generated unique token (for IBSS networks).


               SEC

                   Either  none  for  a WiFi network that uses no security, or
                   wpa for a WiFi network that requires WPA  (Wi-Fi  Protected
                   Access).


               MODE

                   The  supported connection modes: one or more of a, b, g, or
                   n.


               STRENGTH

                   The strength of the signal: one of  excellent,  very  good,
                   good, weak, or very weak.


               SPEED

                   The maximum speed of the WiFi network, in megabits per sec‐
                   ond.


               BSSTYPE

                   Either bss for BSS (infrastructure) networks, or  ibss  for
                   IBSS (ad-hoc) networks.



           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.





       dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
            [-s none | wpa ] [-a open | shared] [-b bss | ibss] [-c]
            [-m a | b | g | n ] [-T time] [-w] [wifi-link]


           Connects to a WiFi network. This consists of four steps: discovery,
           filtration,  prioritization,  and  association.  However, to enable
           connections to non-broadcast WiFi networks and to  improve  perfor‐
           mance, if a BSSID or ESSID is specified using the -e or -i options,
           then the first three steps are skipped and connect-wifi immediately
           attempts  to  associate with a BSSID or ESSID that matches the rest
           of the provided parameters. If this association fails, but there is
           a  possibility  that other networks matching the specified criteria
           exist, then the traditional discovery process begins  as  specified
           below.

           The  discovery step finds all available WiFi networks on the speci‐
           fied WiFi link, which must not yet be connected. For administrative
           convenience,  if  there  is only one WiFi link on the system, wifi-
           link can be omitted.

           Once discovery is  complete,  the  list  of  networks  is  filtered
           according to the value of the following options:

           If  no  BSSID or ESSID is specified, the information from the Known
           WLAN list is utilized to select a WiFi network to connect  to.  The
           WiFi  network  with  the highest priority (the lowest value) in the
           Known WLAN list is selected to connect to. If Known WLAN list  does
           not  have any available WiFi networks, the list of networks is fil‐
           tered according to the value of the following options:


           -e essid, --essid=essid

               Networks that do not have the same essid are filtered out.


           -b bss|ibss, --bsstype=bss|ibss

               Networks that do not have the same bsstype are filtered out.


           -m a|b|g, --mode=a|b|g|n

               Networks not appropriate for the specified 802.11 mode are fil‐
               tered out.


           -k key,..., --key=key, ...

               Use  the  specified  secobj  named by the key to connect to the
               network. Networks not appropriate for the  specified  keys  are
               filtered out.


           -s none|wpa, --sec=none|wpa

               Networks  not  appropriate  for the specified security mode are
               filtered out.

           Next, the remaining  networks  are  prioritized,  first  by  signal
           strength, and then by maximum speed. Finally, an attempt is made to
           associate with each network in the list, in order, until  one  suc‐
           ceeds or no networks remain.

           When  the connection to the WiFi network is successful, the network
           and any associated security key information is added to  the  Known
           WLAN  list,  if  it  is  not  already on the list. This facilitates
           reconnection if the WiFi connection is lost.

           In addition to the options described above, the  following  options
           also control the behavior of connect-wifi:

           -a open|shared, --auth=open|shared

               Connect  using  the  specified authentication mode. By default,
               open and shared are tried in order.


           -c, --create-ibss

               Used with -b ibss to create a new ad-hoc network if one  match‐
               ing  the specified ESSID cannot be found. If no ESSID is speci‐
               fied, then -c -b ibss always triggers the creation of a new ad-
               hoc network.


           -T time, --timeout=time

               Specifies the number of seconds to wait for association to suc‐
               ceed. If time is forever, then the associate will wait  indefi‐
               nitely.  The  current  default  is  ten seconds, but this might
               change in the future. Timeouts shorter than the  default  might
               not succeed reliably.


           -k key,..., --key=key,...

               In  addition  to the filtering previously described, the speci‐
               fied keys will be used to secure the association. The  security
               mode  to use will be based on the key class; if a security mode
               was explicitly specified, it must be compatible  with  the  key
               class. All keys must be of the same class.

               For security modes that support multiple key slots, the slot to
               place the key will be specified  by  a  colon  followed  by  an
               index.  Therefore,  -k  mykey:3  places  mykey  in  slot  3. By
               default, slot 1 is assumed. For  security  modes  that  support
               multiple  keys,  a  comma-separated list can be specified, with
               the first key being the active key.


           -w, --wlan-only

               Only connect to a WiFi network that is also in the  Known  WLAN
               list. If such a WiFi network is not found, then further connec‐
               tion based on  the  heuristics  mentioned  above  will  not  be
               attempted. This option cannot be specified with other options.



       dladm disconnect-wifi [-a] [-d] [wifi-link]

           Disconnect from one or more WiFi networks. If wifi-link specifies a
           connected WiFi link, then it is  disconnected.  For  administrative
           convenience,  if  only one WiFi link is connected, wifi-link can be
           omitted.

           -a, --all-links

               Disconnects  from  all  connected  links.  This  is   primarily
               intended for use by scripts.


           -d, --delete-wlan

               Disconnects  from  the current WiFi network and also removes it
               from the Known WLAN list. This option is for convenience and is
               the  same as running "dladm disconnect-wifi" followed by "dladm
               delete-wlan" commands.



       dladm show-wifi [-Z] [[-p] -o field,...] [-z zone[,...]] [wifi-link]

           Shows WiFi configuration information either for all WiFi  links  or
           for the specified link wifi-link.

           -o field,..., --output=field

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below,
               or  the special value all, to display all fields. For each WiFi
               link, the following fields can be displayed:


               LINK

                   The name of the link being displayed.


               STATUS

                   Either connected if the link is connected, or  disconnected
                   if  it  is  not connected. If the link is disconnected, all
                   remaining fields have the value --.


               ESSID

                   The ESSID (name) of the connected WiFi network.


               BSSID

                   Either the hardware address of the  WiFi  network's  Access
                   Point  (for  BSS  networks), or the WiFi network's randomly
                   generated unique token (for IBSS networks).


               SEC

                   Either none for a WiFi network that uses  no  security,  or
                   wpa for a WiFi network that requires WPA.


               MODE

                   The  supported connection modes: one or more of a, b, g, or
                   n.


               STRENGTH

                   The connection strength: one of excellent, very good, good,
                   weak, or very weak.


               SPEED

                   The connection speed, in megabits per second.


               AUTH

                   Either open or shared (see connect-wifi).


               BSSTYPE

                   Either  bss  for BSS (infrastructure) networks, or ibss for
                   IBSS (ad-hoc) networks.

               By default, currently all fields but AUTH, BSSID,  BSSTYPE  are
               displayed.


           -p, --parseable

               Displays using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.





       dladm show-ether [-xZ] [[-p] -o field[,...]] [-z zone[,...]]
            [-P protocol] [ether-link]


           Shows state information either for all physical Ethernet  links  or
           for a specified physical Ethernet link.

           The show-ether subcommand accepts the following options:

           -o field,..., --output=field

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below,
               or  the special value all to display all fields. For each link,
               the following fields can be displayed:


               LINK

                   The name of the link being displayed.


               PTYPE

                   Parameter type,  where  current  indicates  the  negotiated
                   state of the link, capable indicates capabilities supported
                   by the device, adv indicates the  advertised  capabilities,
                   and  peeradv  indicates  the capabilities advertised by the
                   link-partner.


               STATE

                   The physical link state of the datalink. This  can  be  up,
                   down,  or  unknown.  The  physical  link  state  identifies
                   whether the  physical  device  has  connectivity  with  the
                   external  network  (it does, if the cable is plugged in and
                   the state of the port on the other  end  of  the  cable  is
                   "up").


               AUTO

                   A  yes/no  value  indicating  whether  auto-negotiation  is
                   advertised.


               SPEED-DUPLEX

                   Combinations of speed  and  duplex  values  available.  The
                   units  of  speed  are  encoded  with a trailing suffix of G
                   (Gigabits/s) or M (Mb/s). Duplex values are  encoded  as  f
                   (full-duplex) or h (half-duplex).


               PAUSE

                   Flow  control  information.  Can  be no, indicating no flow
                   control is available; tx, indicating that the end-point can
                   transmit  pause  frames,  but  ignores  any  received pause
                   frames; rx, indicating that the end-point receives and acts
                   upon  received  pause  frames;  or bi, indicating bi-direc‐
                   tional flow control.


               REM_FAULT

                   Fault detection  information.  Valid  values  are  none  or
                   fault.

               By  default,  all fields except REM_FAULT are displayed for the
               "current" PTYPE.


           -p, --parseable

               Displays using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -P protocol

               Displays  information  about supported Ethernet protocols. Sup‐
               ported protocols include vdp, the VSI Discovery and  Configura‐
               tion protocol, and ecp, Edge Control Protocol.

               VDP  information is specific to a VNIC. Thus, if the link argu‐
               ment is a phys-link, VDP information for all of the  VNIC  over
               the phys-link is displayed.

               ECP information is specific to a phys-link.

               For VDP, following information is displayed:


               VSI

                   The name of the Virtual Station Interface (VSI) or VNIC.


               LINK

                   The  name of the physical link over which this VNIC is con‐
                   figured.


               VSI-STATE

                   The state of the VDP protocol state machine for  the  VNIC.
                   Supported states include ASSOC, DEASSOC, or TIMEDOUT.


               VSIID

                   The identifier for the VSI or VNIC. This identifier is used
                   by the bridge to associate properties with VNICs. Supported
                   format  for  the  VSIID is the MAC address. Thus, the VSIID
                   for a VNIC is its MAC address.


               VSI-TYPE-ID

                   This is VSI Type ID and Version associated with a VNIC  and
                   is of the form VSI Type ID/Version. The VSI Type identifies
                   the properties associated with the VNIC.


               CMD-PENDING

                   The VDP command that is currently  in  progress.  Supported
                   commands  are:  ASSOC,  DEASSOC. The ASSOC command requests
                   the bridge to associate properties with a  VSI  (identified
                   by  the  VSIID), whereas the DEASSOC requests the bridge to
                   disassociate the properties from a given VSIID.


               FILTER-INFO

                   The information used by the switch to filter packets for  a
                   given  VNIC.  Supported format for Filter Info includes the
                   MAC/VLAN ID combination. Thus, the FilterInfo for a VNIC is
                   its MAC address and VLAN ID, if any.


               KEEPALIVE-INTERVAL

                   The  interval  (in  seconds)  for Keep Alive messages to be
                   transmitted for existing associations. The default is  11.6
                   secs.


               RESP-TIMEOUT

                   The  time  (in  seconds)  to  wait  for a response from the
                   bridge before timing out a request.

               For ECP, following information is displayed:

               LINK

                   The name of the physical link for the ECP instance.


               MAC-RETRIES

                   The maximum number of transmission retries without  receiv‐
                   ing an acknowledgment from the peer.


               TIMEOUT

                   The  interval  of  time  (in  milliseconds)  to wait for an
                   acknowledgment from the peer.



           -x, --extended

               Extended output is displayed for PTYPE values of current, capa‐
               ble, adv and peeradv.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.



       dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link

           Sets  the  values  of one or more properties on the link specified.
           The list of properties and their possible values depend on the link
           type,  the  network  device  driver, and networking hardware. These
           properties can be retrieved using show-linkprop.


           -t, --temporary

               Specifies that the changes  are  temporary.  Temporary  changes
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -p prop=value[,...], --prop prop=value[,...]

               A  comma-separated  list  of properties to set to the specified
               values.

           Note that when the persistent value is  set,  the  temporary  value
           changes to the same value.


       dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link

           Resets  one  or  more properties to their values on the link speci‐
           fied. Properties are reset to the values they had at startup. If no
           properties  are  specified,  all  properties  are  reset. See show-
           linkprop for a description of properties.


           -t, --temporary

               Specifies that the resets are temporary. Values  are  reset  to
               default values. Temporary resets last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -p prop, ..., --prop=prop, ...

               A comma-separated list of properties to reset.

           Note  that  when the persistent value is reset, the temporary value
           changes to the same value.




       dladm show-linkprop [-HPZ] [[-c] -o field[,...]] [-p prop[,...]]
            [-z zone[,...]] [link]


           Show the current or persistent values of one  or  more  properties,
           either  for  all  datalinks  or for the specified link. By default,
           current values are shown.  If  no  properties  are  specified,  all
           available  link  properties  are  displayed. For each property, the
           following fields are displayed:

           -o field[,...], --output=field

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all to display all fields. For each  link,
               the following fields can be displayed:


               LINK

                   The name of the datalink.


               PROPERTY

                   The name of the property.


               PERM

                   The read/write permissions of the property. The value shown
                   is one of ro or rw.


               VALUE

                   The current (or persistent) property value. If the value is
                   not  set, it is shown as --. If it is unknown, the value is
                   shown as ?. Persistent values that are not set or have been
                   reset  will  be shown as -- and will use the system DEFAULT
                   value (if any).


               EFFECTIVE

                   The property value chosen by the system. For  some  proper‐
                   ties  the value chosen by the system may not be the same as
                   the value configured by the user. This is because the prop‐
                   erty  value  is  constrained  by the resource availability,
                   capabilities of the underlying  physical  datalink,  or  in
                   some cases the datalink partner.


               DEFAULT

                   The  default  value of the property. If the property has no
                   default value, -- is shown.


               POSSIBLE

                   A comma-separated list of the values the property can have.
                   If  the  values  span  a  numeric range, min - max might be
                   shown as shorthand. If the possible values are  unknown  or
                   unbounded, -- is shown.


               HWPOSSIBLE

                   Shows  a  value if there is hardware support. This explains
                   that the physical NIC is capable of the property.  A  value
                   of -- means there is no support.


               SWPOSSIBLE

                   Shows  a value if there is software support in the network‐
                   ing stack for the property. A value of -- means there is no
                   support.

                   For   both   HWPOSSIBLE  and  SWPOSSIBLE,  any  granularity
                   requirement (step value) for the value is shown  after  the
                   number  range followed by a :. Currently, only max-bw prop‐
                   erty shows a value for the step value.


               MODE

                   Shows the current mode used for the data link to  implement
                   the  property.  Possible values or sw for software only, hw
                   for hardware only and none for no support is  possible  for
                   the  link.  Note that MODE can be none even though there is
                   hardware or software support.

               HWFLAGS and SWFLAGS currently show the flag o for  outbound,  i
               for  inbound  and  oi  for  inbound and outbound. Currently, it
               shows a value only for the SLA properties, max-bw, bw-share and
               priority.

               The  list  of  properties  depends on the link type and network
               device driver, and the available values for  a  given  property
               further  depends  on  the  underlying  network hardware and its
               state. General link properties are documented in  the  "General
               Link  Properties"  section. However, link properties that begin
               with "_" (underbar) are specific to a given link or its  under‐
               lying  network device and subject to change or removal. See the
               appropriate network device driver man page for details.


           -c, --parseable

               Display using a stable machine-parseable format. The -o  option
               is  required  with  this option. See "Parseable Output Format",
               below.


           -H

               Show-linkprop -H shows information on the  underlying  physical
               link  capabilities  and the networking stack software capabili‐
               ties for supporting the property. Also,  shows  which  mode  is
               currently used for the data link.


           -P, --persistent

               Display persistent link property information


           -p prop, ..., --prop=prop, ...

               A  comma-separated list of properties to show. See the sections
               on link properties following subcommand descriptions.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.



       dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj

           Create a secure object named secobj in the specified  class  to  be
           later  used  as a WEP or WPA key in connecting to an encrypted net‐
           work. The value of the secure object can either be provided  inter‐
           actively  or  read from a file. The sequence of interactive prompts
           and the file format depends on the class of the secure object.

           Currently, the class wpa is supported. The  WEP  (Wired  Equivalent
           Privacy)  was deprecated because of security issues. The WPA (Wi-Fi
           Protected Access) key must be provided as an ASCII  string  with  a
           length between 8 and 63 bytes.

           This subcommand is only usable by users or roles that belong to the
           "Network Link Security" RBAC profile.

           -c class, --class=class

               class can only be wpa. See preceding discussion.


           -t, --temporary

               Specifies that the creation is  temporary.  Temporary  creation
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -f file, --file=file

               Specifies  a  file  that  should  be  used to obtain the secure
               object's value. The format of this file depends on  the  secure
               object  class. See the EXAMPLES section for an example of using
               this option to set a WEP key.



       dladm delete-secobj [-t] [-R root-dir] secobj[,...]

           Delete one or more specified secure  objects.  This  subcommand  is
           only  usable  by  users  or  roles that belong to the "Network Link
           Security" RBAC profile.

           -t, --temporary

               Specifies that the deletions are temporary. Temporary deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.



       dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]

           Show  current  or  persistent  secure object information. If one or
           more secure objects are specified, then  information  for  each  is
           displayed.  Otherwise, all current or persistent secure objects are
           displayed.

           By default, current secure objects are  displayed,  which  are  all
           secure  objects  that have either been persistently created and not
           temporarily deleted, or temporarily created.

           For security reasons, it is not possible to show  the  value  of  a
           secure object.

           -o field[,...] , --output=field[,...]

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below.
               For displayed secure object, the following fields can be shown:

               OBJECT

                   The name of the secure object.


               CLASS

                   The class of the secure object.



           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -P, --persistent

               Display persistent secure object information





       dladm create-vnic [-t] [-f] -l link [-R root-dir] [-m value | auto |
            {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
            | {random [-r prefix]}] [-v vlan-id][,pvlan-svid[,pvlan-type]]
            [-P pkey] [-p prop=value[,...]] vnic-link


           Create a VNIC with name vnic-link  over  the  specified  link.  The
           vnic-link  can be specified as zonename/linkname, which will create
           the VNIC in the given zone's namespace.

           -t, --temporary

               Specifies that the VNIC  is  temporary.  Temporary  VNICs  last
               until  the  next reboot. The -i option must be specified if the
               VNIC is to be created in a non-global zone's namespace.


           -f, --force

               If the VNIC is a IPoIB VNIC, force the  creation  of  the  VNIC
               even  if  pkey  is  absent  on the port, the multicast group is
               absent, or the port is down.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -l link, --link=link

               link can be a physical link, an etherstub,  or  an  aggregation
               link (aggr-link).


           -m value | keyword, --mac-address=value | keyword

               This option only applies to Ethernet VNICs.

               Sets  the  VNIC's  MAC  address based on the specified value or
               keyword. If value is not a keyword, it is interpreted as a uni‐
               cast MAC address, which must be valid for the underlying NIC. A
               user-specified MAC address must be drawn from the ranges speci‐
               fied  by  the Globally Unique and Locally Administered types of
               MAC addresses.

               The following special keywords can be used:

               factory [-n slot-identifier],
               factory [--slot=slot-identifier]

                   Assign a factory MAC address to the VNIC.  When  a  factory
                   MAC  address  is  requested, -m can be combined with the -n
                   option to specify a MAC address slot to be used. If  -n  is
                   not  specified,  the  system will choose the next available
                   factory MAC address. The -m option of the show-phys subcom‐
                   mand  can  be  used  to  display  the  list  of factory MAC
                   addresses, their slot identifiers, and their availability.



               random [-r prefix],
               random [--mac-prefix=prefix]

                   Assign a random MAC address to the VNIC. A  default  prefix
                   consisting  of a valid IEEE OUI with the local bit set will
                   be used. That prefix can be overridden with the -r option.



               vrrp -A {inet | inet6} -V vrid

                   Assign a VRRP virtual MAC address to the VNIC base  on  the
                   specified address family and vrid.


               auto

                   Try  to assign random mac-address first if possible, if NIC
                   supports it, else try to assign a factory mac-address. auto
                   is the default action if the -m option is not specified.


               -v vlan-id[,pvlan-svid[,pvlan-type]]

                   This option only applies to Ethernet VNICs.

                   Enable  VLAN  tagging for this VNIC. The VLAN tag will have
                   id vlan-id, or a PVLAN tag pair if pvlan-svid is specified.

                   Note -



                     dladm create-vnic may fail while creating a vNIC over  an
                     EoIB  (Ethernet-over-InfiniBand)  data  link, if executed
                     right after the InfiniBand gateway switch's disallowhost‐
                     config  or  allowhostconfig command. The commands restart
                     the bridge manager on the gateway, triggering a series of
                     asynchronous  events between the gateway and the host. It
                     takes some time to finalize those events  and  vNIC  cre‐
                     ation  requests  prematurely  generated  by  the host get
                     rejected.



                     To avoid this, wait for after the  disallowhostconfig  or
                     allowhostconfig  command returns and before executing the
                     create-vnic command.




           -P, --pkey=pkey

               Partition key to be used. This option is  mandatory  for  IPoIB
               VNICs  and  not applicable for other type of links. pkey speci‐
               fied is always treated as hexadecimal, whether it  has  the  0x
               prefix or not.


           -p prop=value,..., --prop prop=value,...

               A  comma-separated  list  of properties to set to the specified
               values.





       dladm create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] <vnic-link>



           Note -



             You must install Elastic Virtual Switch (EVS) IPS packages to use
             this  form  of  create-vnic, and then configure EVS controller as
             described in the evsadm(8) manpage and Managing Network  Virtual‐
             ization and Network Resources in Oracle Solaris 11.4.

           Creates  a VNIC with name vnic-link, by connecting to a EVS evsname
           at optionally provided Virtual Port (VPort) vportname. If the  ten‐
           antname  is  provided,  then  the  EVS will be searched in tenant's
           namespace. If VPort is specified, then the SLA properties  (max-bw,
           cos,  and  priority), IP address, and MAC address of the VPort will
           be inherited by the VNIC. If Vport is not specified, then  the  EVS
           controller will generate a system VPort which will have IP address,
           MAC address, and default SLA properties of EVS, and then  the  VNIC
           will be connected to this system VPort.

           VNICs  when  connected  to  EVS  have the following limitations (in
           terms of how they can be managed through dladm):


               o      They cannot be renamed through dladm rename-link


               o      Their properties cannot be changed by using  dladm  set-
                      linkprop or dladm reset-linkprop


               o      They cannot be modified by using dladm modify-vnic

           For  more  information  on  EVS, VPorts, and tenants, see evsadm(8)
           manpage.

           The VNIC created is temporary and will be lost  upon  next  reboot.
           See EXAMPLES section below for an example usage.

           -t, --temporary

               Specifies  that  the  VNIC  is  temporary.  This  is a required
               option.


           -T <tenantname>, --tenant <tenantname>

               Specifies the name of the tenant that owns the EVS.  If  it  is
               not  provided,  then  the  default  tenant  sys-global  will be
               assumed.


           -c <evsname>[/<vportname>], --connect <evsname>[/vportname]

               Specifies the name of the EVS to which the VNIC  must  be  con‐
               nected. If vportname is provided, the VNIC will be connected to
               that vport. If a vportname is not provided, then a  vport  will
               be automatically generated and assigned to the VNIC.

               The  act of connecting a VNIC to EVS results in either the VNIC
               inheriting the properties from EVS or a provided vport.





       dladm modify-vnic [-t] [-R root-dir] [-l link]  [-m value | auto |
            {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
            | {random [-r prefix]}] [-v vlan-id[,pvlan-svid[,pvlan-type]]]
            {vnic-link,[vnic-link,...] | -L link}


           Modifies the underlying link and/or the MAC address/VLAN-ID of  the
           specified  VNIC  link(s).  The  VNIC  link(s) can be specified as a
           comma-delimited list or as -L  source-link to indicate  "all  VNICs
           on source-link".

           -t, --temporary

               Specifies that the VNIC modification is temporary.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -l link, --link=link

               Specifies the link to which to move the VNIC(s). link can be of
               any link type supported by create-vnic. link must be  different
               from  the  link the VNIC(s) are currently using. If the VNIC(s)
               are using a factory MAC address and -m is not specified, a  new
               MAC  address will be allocated on the target link, using the -m
               auto scheme, and assigned to the VNIC(s).


           -m value | keyword, --mac-address=value | keyword

               This option only applies to Ethernet VNICs.

               See create-vnic, above,  for  supported  options.  If  multiple
               VNICs  are specified, only the auto, random, and factory (with‐
               out -n) address assignment schemes will be supported.



       dladm delete-vnic [-t] [-R root-dir] vnic-link

           Deletes the specified VNIC.

           -t, --temporary

               Specifies that the deletion is temporary.  Temporary  deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.





       dladm show-vnic [-P | {-z zone[,..]}] [[-p] -o field[,..]] [-l link]
            [vnic-link]
       dladm show-vnic [-Zmv] [-l link] [vnic-link]


           Show  VNIC  configuration information for all VNICs, all VNICs on a
           link, or only the specified vnic-link.

           -o field[,...] , --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all to  display  all  fields.  By  default
               (without -o), show-vnic displays all fields.


               LINK

                   The name of the VNIC.


               OVER

                   The  name of the physical link over which this VNIC is con‐
                   figured.


               SPEED

                   The maximum speed of the VNIC, in megabits per second.


               MACADDRESS

                   MAC address of the VNIC.

                   For IPoIB VNICs, by default (without -o), first five  bytes
                   of  the  mac  address  are  shown, and ".." is shown in the
                   sixth byte position. To show the full mac address  use  the
                   -o option.


               MACADDRESSES

                   If  the VNIC is associated with more than one MAC addresses
                   then this column will display all the MAC  addresses  of  a
                   VNIC.

                   For  IPoIB VNICs, by default (without -o), first five bytes
                   of the mac address are shown, and  ".."  is  shown  in  the
                   sixth  byte  position. To show the full mac address use the
                   -o option.


               MACADDRTYPE

                   MAC address type of the VNIC. dladm distinguishes among the
                   following MAC address types:

                   random

                       A random address assigned to the VNIC.


                   factory

                       A factory MAC address used by the VNIC.



               MACADDRTYPES

                   If  the VNIC is associated with more than one MAC addresses
                   then this column will display the MAC address type for each
                   of the MAC address.


               VID

                   The VLAN ID associated with the VNIC.


               SVID

                   The Secondary VLAN ID associated with the VNIC.


               PVLAN-TYPE

                   The PVLAN type associated with the VNIC.


               VIDS

                   If  the VNIC is associated with more than one VLAN ID, then
                   this column will display all the VLAN IDs.


               EVS

                   Name of the EVS to which the VNIC is connected to.


               VPORT

                   Name of the vport to which the VNIC  is  connected  to  and
                   inherits the properties from.


               TENANT

                   Name of the tenant that owns the EVS.


               PKEY

                   IB  partition key associated with the VNIC. Applicable only
                   to IPoIB datalinks.


               IDS

                   Shows VIDS  for  Ethernet  datalinks  and  PKEY  for  IPoIB
                   datalinks  in  the  format "VID:<value>" and "PKEY:<value>"
                   respectively.

               See the create-vnic section above for more information on  EVS,
               VPORT, and TENANT.


           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -P, --persistent

               Display the persistent VNIC configuration.


           -l link, --link=link

               Display information for all VNICs on the named link.


           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.


           -V

               Display SR-IOV information for a VNIC. The output shows:

               LINK           The name of the VNIC.


               VF_ASSIGNED    The name of the  VF  device  instance  currently
                              assigned to the VNIC.



           -c

               Display  the  EVS  information  for  the  given vnic. This is a
               shortcut for the following fields: LINK,  TENANT,  EVS,  VPORT,
               OVER, MACADDRESS, VIDS.

               See the create-vnic section above for more information.


           -m

               Display all MAC addresses, MAC address types and VLAN IDs asso‐
               ciated with the VNIC.


           -v

               Display all VLAN information associated with the VNIC.





       dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey
            [-p prop=value[,...]] part-link


           Create an IP-over-IB link with the name part-link over  the  speci‐
           fied link. This subcommand is supported only on InfiniBand physical
           links. The part-link can be specified as  zonename/linkname,  which
           will create the partition link in the given zone's namespace.

           -f, --force

               Forces  the  creation  of  the  partition  link even if pkey is
               absent on the port, the multicast group is absent, or the  port
               is down.


           -l ib-link, --link=ib-link

               IP-over-IB physical link name.


           -P, --pkey=pkey

               Partition  key to be used for creating the partition link. pkey
               specified is always treated as hexadecimal, whether it has  the
               0x prefix or not.


           -p prop=value[,..]
           --prop prop=value[,..]

               A  comma-separated  list  of properties to set to the specified
               values. Supported properties are given  "General  Link  Proper‐
               ties" section below.



           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -t, --temporary

               Specifies that the partition link creation is temporary. Tempo‐
               rary partition links last until the next reboot. The -t  option
               must  be  specified if the partition link is to be created in a
               non-global zone's namespace.



       dladm delete-part [-R root-dir] part-link

           Delete the specified partition link.

           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -t, --temporary

               Specifies that the partition link deletion is temporary. Tempo‐
               rary deletion last until the next reboot.



       dladm show-part [-pP] [-l ib-link] [-o field[,...]] [part-link]

           Displays IB partition link information for all partition links, for
           all partitions on ib-link, or for only the specified part-link.

           -l ib-link, --link=ib-link

               Display information for all the partitions on the named link.


           -o field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all to  display  all  fields.  By  default
               (without -o), show-part displays all fields.

               LINK

                   The name of the partition link.


               PKEY

                   Pkey associated with the partition link.


               OVER

                   The  name  of  the  physical link over which this partition
                   link is created.


               STATE

                   Current state of the partition link.  Possible  values  are
                   up,  down, or unknown. If the link is down, use the show-ib
                   subcommand to check the underlying port status and  config‐
                   ured  pkeys,  and the show-linkprop subcommand to check the
                   broadcast-group property.


               FLAGS

                   A set of state flags used for creating the partition  link.
                   Possible values are:

                   f    Partition   was  created  forcibly  (without  checking
                        whether creating a partition were possible).


                   t    Partition link is temporary, lasting  only  until  the
                        next reboot.




           -P, --persistent

               Display the persistent IB partition link configuration.


           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.



       dladm show-ib [-pP] [-o field[,...]] [ib-link]

           Display IB physical link information on all  or  the  specified  IB
           links.

           -o field[,...]

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below,
               or  the  special  value  all  to display all fields. By default
               (without -o), show-ib displays all fields except HCA, GWID  and
               GWFLAGS.

               LINK

                   The name of the physical link.


               HCA

                   InfiniBand  Host  Channel  Adapter (HCA) name as managed by
                   the ibadm(8) utility.


               HCAGUID

                   Globally unique identifier of the HCA.


               PORTGUID

                   Globally unique identifier of the port. If the PORTGUID  is
                   not  set,  it  is  shown  as unknown. For IB SR-IOV virtual
                   adapters, the PORTGUID is set when the link is up.


               PORT

                   Port number.


               STATE

                   Current state of the physical link. Possible values are up,
                   down, or unknown.


               GWNAME

                   The  configured  system  name  of  the  IB-Ethernet gateway
                   switch that is discovered from this IB physical link.


               GWPORT

                   The name of the connector associated with the gateway  Eth‐
                   ernet port.


               GWID

                   The identifier for the gateway instance associated with the
                   displayed gateway Ethernet port. The value is  expected  to
                   be  unique even if multiple gateway switches share the same
                   InfiniBand fabric. The value of the gateway instance  iden‐
                   tifier ranges from 0 to 1023.


               GWFLAGS

                   A set of flags associated with the discovered gateway. Pos‐
                   sible flags are:

                   a    The gateway has indicated its availability for  logins
                        from this IB port in its advertisement.


                   H    The  gateway  allows host-administered VNICs from this
                        IB port.


                   n    The gateway has at least one macaddress  assigned  for
                        the EoIB datalink from this IB port.



               PKEYS

                   Pkeys  available on the port associated with the IP-over-IB
                   link specified in the LINK field.



           -P, --persistent

               Display the persistent IB physical link configuration.


           -p, --parseable

               Display using a stable machine-parseable format. The -o  option
               is required with -p. See "Parseable Output Format", below.





       dladm create-eoib [-t] [-R root-dir] -l ib-link -g gw-system-name
            -c gw-eth-port eoib-link


           Create  an  EoIB  link  with  the name eoib-link over the specified
           link. This subcommand is  supported  only  on  InfiniBand  physical
           links.

           -t, --temporary

               Specifies  that  the EoIB link creation is temporary. Temporary
               links will last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options" above.


           -l ib-link,--link=ib-link

               InfiniBand physical link name.


           -g gw-system-name

               Specifies the system name of the IB-Ethernet gateway switch.


           -c gw-eth-port

               Specifies the name of the connector associated with the gateway
               switch's Ethernet port.



       dladm delete-eoib [-t] [-R root-dir] eoib-link

           Delete the specified EoIB link.

           -t, --temporary

               Specifies  that  the EoIB link creation is temporary. Temporary
               links will last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options" above.





       dladm show-eoib [-PZ] [-g gw-system-name] [-l ib-link] [[-p]
            -o field[,...]] [-z zone [,...]] [eoib-link]


           Displays information about all the EoIB datalinks  on  the  system,
           EoIB  datalinks over a specific ib-link and/or a gw-system-name, or
           information about a specific EoIB datalink.

           -P, --persistent

               Display the persistent EoIB link configuration.


           -Z

               Display ZONE column in the output.


           -g gw-system-name

               Display information about  EoIB  datalinks  bound  to  Ethernet
               ports on the specified gateway.


           -l ib-link

               Display  information about EoIB datalinks built over the speci‐
               fied IB link.


           -o field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all to  display  all  fields.  By  default
               (without -o option) show-eoib displays all fields.

               LINK

                   The name of the EoIB datalink.


               GWNAME

                   The  configured  system  name  of  the  IB-Ethernet gateway
                   switch. For persistent links, if the gateway system name is
                   unknown  (because  the  link is being migrated from the old
                   administration model) and if the gateway  corresponding  to
                   the  GWID  of  the link is not discovered yet, the value is
                   shown as ?.


               GWPORT

                   The name of the connector associated with the gateway  Eth‐
                   ernet  port.  For  persistent  links, if the gateway system
                   name is unknown (because the link is  being  migrated  from
                   the  old model of administration) and if the gateway corre‐
                   sponding to the GWID of the link is not discovered yet, the
                   value is shown as ?.


               GWID

                   The identifier for the gateway instance associated with the
                   displayed gateway Ethernet port. The value is  expected  to
                   be  unique even if multiple gateway switches share the same
                   InfiniBand fabric. The value of the gateway instance  iden‐
                   tifier  ranges  from 0 to 1023. If the gateway has not been
                   discovered yet, the value is shown as --.


               SPEED

                   The maximum speed of the link, in megabits per second.


               MACADDRESS

                   MAC address assigned for the EoIB link on the  gateway.  If
                   the  underlying  connection  to  the  gateway  has not been
                   established yet, the macaddress is shown as all zeros.


               OVER

                   The name of the IB  physical  link  over  which  this  EoIB
                   datalink is created.


               FLAGS

                   A  set  of flags associated with the EoIB link. In addition
                   to the flags listed earlier under show-ib description,  two
                   additional flag values are possible:

                   D    The  Ethernet  port  associated  with the link is cur‐
                        rently DOWN.


                   U    The Ethernet port associated with  the  link  is  cur‐
                        rently UP.




           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format" below.



       dladm create-etherstub [-t] [-R root-dir] etherstub

           Create an etherstub with the specified name.


           -t, --temporary

               Specifies that the etherstub is temporary. Temporary etherstubs
               do not persist across reboots.


           -R root-dir, --root-dir=root-dir

               See "Options," above.

           VNICs can be created on top of etherstubs instead of physical NICs.
           As with physical NICs, such a creation causes the stack to  implic‐
           itly  create  a  virtual switch between the VNICs created on top of
           the same etherstub.


       dladm delete-etherstub [-t] [-R root-dir] etherstub

           Delete the specified etherstub.

           -t, --temporary

               Specifies that the deletion is temporary.  Temporary  deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.



       dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]

           Show  all configured etherstubs by default, or the specified ether‐
           stub if etherstub is specified.

           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.





       dladm create-iptun [-t] [-R root-dir] -T type
            [-a {local|remote}=addr,...] iptun-link


           Create an IP tunnel link named iptun-link. Such links can addition‐
           ally be protected with IPsec using ipsecconf(8).

           An IP tunnel is conceptually comprised of two parts: a virtual link
           between two or more IP nodes, and an IP interface above  this  link
           that  allows the system to transmit and receive IP packets encapsu‐
           lated by the underlying link. This  subcommand  creates  a  virtual
           link. The ipadm(8) command is used to configure IP interfaces above
           the link.

           -t, --temporary

               Specifies that the IP tunnel link is temporary. Temporary  tun‐
               nels last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -T type, --tunnel-type=type

               Specifies  the  type  of tunnel to be created. The type must be
               one of the following:

               ipv4

                   A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
                   This  type  of  tunnel requires IPv4 source and destination
                   addresses to function. IPv4  and  IPv6  interfaces  can  be
                   plumbed  above  such  a tunnel to create IPv4-over-IPv4 and
                   IPv6-over-IPv4 tunneling configurations.


               ipv6

                   A point-to-point, IP-over-IP tunnel between two IPv6  nodes
                   as  defined  in IETF RFC 2473. This type of tunnel requires
                   IPv6 source and destination addresses to function. IPv4 and
                   IPv6  interfaces can be plumbed above such a tunnel to cre‐
                   ate IPv4-over-IPv6 and IPv6-over-IPv6 tunneling  configura‐
                   tions.


               6to4

                   A  6to4,  point-to-multipoint tunnel as defined in IETF RFC
                   3056. This type of tunnel requires an IPv4  source  address
                   to  function. An IPv6 interface is plumbed on such a tunnel
                   link to configure a 6to4 router.



           -a {local|remote}=addr,...
           --address {local|remote}=addr,...

               Literal IP addresses or hostnames corresponding to the local or
               remote  tunnel  addresses. Either local or remote can be speci‐
               fied individually, or both can  be  specified  separated  by  a
               comma (for example, -a  local=laddr,remote=raddr).






       dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,...
            iptun-link


           Modify the parameters of the specified IP tunnel.

           -t, --temporary

               Specifies that the modification is temporary. Temporary modifi‐
               cations last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -a {local|remote}=addr,...
           --address {local|remote}=addr,...

               Specify new local or remote addresses for the tunnel link.  See
               create-iptun for a description.




       dladm delete-iptun [-t] [-R root-dir] iptun-link

           Delete the specified IP tunnel link.

           -t, --temporary

               Specifies  that  the deletion is temporary. Temporary deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.





       dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [iptun-link]


           Show IP tunnel link configuration for a single IP tunnel or all  IP
           tunnels.

           -P, --persistent

               Display the persistent IP tunnel configuration.


           -p, --parseable

               Display  using a stable machine-parseable format. The -o option
               is required with -p. See "Parseable Output Format", below.


           -o field[,...], --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all, to display  all  fields.  By  default
               (without -o), show-iptun displays all fields.

               LINK

                   The name of the IP tunnel link.


               TYPE

                   Type  of  tunnel  as  specified by the -T option of create-
                   iptun.


               FLAGS

                   A set of flags associated with the IP tunnel link. Possible
                   flags are:

                   s

                       The  IP  tunnel  link  is protected by IPsec policy. To
                       display the IPsec policy  associated  with  the  tunnel
                       link, enter:


                         # ipsecconf -ln -i tunnel-link

                       See  ipsecconf(8)  for more details on how to configure
                       IPsec policy.


                   i

                       The  IP  tunnel  link  was  implicitly   created   with
                       ipadm(8),  and will be automatically deleted when it is
                       no longer referenced (that is, when the last IP  inter‐
                       face  over  the  tunnel  is  removed). See ipadm(8) for
                       details on implicit tunnel creation.



               LOCAL

                   The local tunnel address.


               REMOTE

                   The remote tunnel address.



           -Z

               Display ZONE column in the output.


           -z zone[,...]

               See description of -z option under dladm show-link, above.





       dladm create-vxlan [-t] [-R root-dir]
            -p vni=<vxlan-id>,addr=<ip_address>[,prop=value[,...]] vxlan-link
       dladm create-vxlan [-t] [-R root-dir]
            -p vni=<vxlan-id>,interface=<interface_name>[,prop=value[,...]]
            vxlan-link


           Creates a VXLAN link called vxlan-link. A VXLAN link is  a  virtual
           link  that  is created over an IP interface, which will be used for
           receiving and transmitting VXLAN packets.

           -t, --temporary

               Specifies that the modification is temporary. Temporary modifi‐
               cations last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.


           -p prop=value[,...]

               The  properties  of  the VXLAN link to be created. See "General
               Link Properties" for VXLAN related properties.



       dladm delete-vxlan [-t] [-R root-dir] vxlan-link

           Deletes the specified VXLAN link.

           -t, --temporary

               Specifies that the modification is temporary. Temporary modifi‐
               cations last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options," above.



       dladm show-vxlan [-P] [[-p] -o field[,...]] [vxlan-link]

           Displays  VXLAN configuration for all VXLAN links or for the speci‐
           fied VXLAN link.

           The show-vxlan subcommand accepts the following options:

           -P, --persistent

               Displays the persistent IP tunnel configuration.


           -p, --parseable

               Displays using a stable machine-parseable format. The -o option
               is  required  with  -p  option.  See "Parseable Output Format",
               below.


           -o field[,...], --output=field[,...]

               A case-insensitive, comma-separated list of  output  fields  to
               display. The field name must be one of the fields listed below,
               or the special value all, to display all fields. For each VXLAN
               link, the following fields can be displayed:

               LINK      The name of the VXLAN link.


               ADDR      The  address  of the IP interface associated with the
                         VXLAN link.


               VNI       The VXLAN segment number that the VXLAN link  belongs
                         to.


               MGROUP    The multicast group associated with the VXLAN link.




       dladm create-cap [-t] [-R root-dir] cap-link

           Creates a capture datalink with name cap-link. The cap-link must be
           unique in given zone namespace, where dladm command is running.


           -t, --temporary

               Specifies that the capture  datalink  is  temporary.  Temporary
               capture last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options" above.




       dladm delete-cap [-t] [-R root-dir] cap-link

           Deletes the specified capture datalink.


           -t, --temporary

               Specifies  that  the deletion is temporary. Temporary deletions
               last until the next reboot.


           -R root-dir, --root-dir=root-dir

               See "Options" above.




       dladm show-cap [-P] [[-p] -o <field>,...] [cap-link]

           Shows all/individual cap-link capture  interface(s)  bound  to  the
           zone, where dladm command is running.


           -P, --persistent

               Show persistent datalink configuration.


           -p, --parseable

               Displays using a stable machine-parseable format. The -o option
               is required with  -p  option.  See  "Parseable  Output  Format"
               below.


           -o field[,...], --output=field[,...]

               A  case-insensitive,  comma-separated  list of output fields to
               display. The field name must be one of the fields listed below,
               or  the special value all, to display all fields. For each cap‐
               ture link, the following fields can be displayed:


               LINK    The name of the capture link.


               ZONE    The current zone of the datalink.


               TYPE    Datalink type, currently pflog link type  is  the  only
                       type supported.


               MTU     Link mtu.








       dladm create-veth [-t] [-p {<prop>=<val>[,...]}[,...]]
            -r peer_veth_endpoint veth_endpoint


           Creates the veth pair using explicitly provided end points.


           -t, --temporary

               Specifies  that the veth datalink is temporary. Temporary veths
               last until the next reboot.


           -p {<prop>=<val>[,...]}[,...]

               A comma-separated list of properties to set  to  the  specified
               values.


           -r peer_veth_endpoint

               Specifies  the  name  of  the  peer veth endpoint for the given
               local veth endpoint.




       dladm show-veth [-P] [veth_endpoint | peer_veth_endpoint]

           Show veth configuration for a single veth or all veth datalinks.


           -P, --persistent

               Display the persistent veth configuration.


           dladm delete-veth [-t] {veth_endpoint | peer_veth_endpoint}

               Deletes the specified veth datalink.


           -t, --temporary

               Specifies that the deletion is temporary.  Temporary  deletions
               last until the next reboot.




       help [subcommand-name]

           Displays  all  the supported dladm subcommands or usage for a given
           subcommand. If you invoke help for a specific subcommand, the  com‐
           mand  syntax  is displayed, along with an example. Using dladm help
           without any argument displays all of the subcommands.


   Parseable Output Format
       Many dladm subcommands  have  an  option  that  displays  output  in  a
       machine-parseable  format.  The  output  format is one or more lines of
       colon (:) delimited fields. The fields displayed are  specific  to  the
       subcommand  used and are listed under the entry for the -o option for a
       given subcommand. Output includes only those fields requested by  means
       of the -o option, in the order requested.


       When  you  request  multiple  fields,  any literal colon characters are
       escaped by a backslash (\)  before  being  output.  Similarly,  literal
       backslash  characters  will also be escaped (\\). This escape format is
       parseable by using shell read(1) functions with the  environment  vari‐
       able  IFS=:  (see EXAMPLES, below). Note that escaping is not done when
       you request only a single field.

   General Link Properties
       The following general link properties are supported:


       authentication

           Datalink authentication. Setting authentication to "off" will  dis‐
           able  802.1X authentication on the wired datalink, and WiFi authen‐
           tication on wireless datalink. Setting it to a  network  name  will
           enable 802.1X or WiFi authentication on the datalink. Note that the
           network name and its authentication parameters needs to be  config‐
           ured  by  nacadm(8) first. If the underneath NIC is being DRed, the
           "authentication" property needs to be set to "off" first. Having it
           enabled will cause the NIC DR to fail.


       authentication-state

           Datalink  authentication state. This property is read-only property
           used to show the state of authentication on  a  datalink.  Possible
           values include succeeded, failed, in-progress, and off.


       autopush

           Specifies  the set of STREAMS modules to push on the stream associ‐
           ated with a link when its DLPI device is opened.  It  is  a  space-
           delimited list of modules.

           The  optional  special character sequence [anchor] indicates that a
           STREAMS anchor should be placed on the stream at the module  previ‐
           ously  specified  in  the list. It is an error to specify more than
           one anchor or to have an anchor first in the list.

           The autopush property is preferred  over  the  more  general  auto‐
           push(8) command.


       cos

           The  802.1p  priority associated with the link. This property, when
           set, indicates the 802.1p priority on outbound packets on the link.
           The  values  range  from 0 to 7. When this property is set, all the
           packets outbound on the link will have a VLAN tag with the priority
           field  set  to  the  property value. When this property is set on a
           physical NIC, only traffic for the primary client on that  physical
           NIC  will have priority set and not any other datalinks on the NIC.
           This property is only valid on Ethernet data link. The default  cos
           is  0  for  VLAN data links or when the underlying device registers
           DCB capabilities, otherwise the default is not to add a VLAN tag.


       cpus

           Bind the processing of packets for a given data link to a processor
           or  a set of processors. The value can be a comma-separated list of
           one or more processor ids or a range of ids. If the  list  consists
           of  more  than one processor, the processing will spread out to all
           the processors. Connection to processor affinity and packet  order‐
           ing for any individual connection will be maintained.

           The processor or set of processors are not exclusively reserved for
           the link. Only the kernel threads and  interrupts  associated  with
           processing  of  the  link  are bound to the processor or the set of
           processors specified. In case it is desired that processors be ded‐
           icated to the link, psrset(8) can be used to create a processor set
           and then specifying the processors from the processor set  to  bind
           the link to.

           If the link was already bound to processor or set of processors due
           to a previous operation, the binding will be removed  and  the  new
           set of processors will be used instead.

           The  default is no CPU binding, which is to say that the processing
           of packets is not bound to any specific processor or processor set.

           Specification of the cpus property is not allowed on links  with  a
           pool link property.


       cpus-effective

           The effective value of cpus property displays the list of CPUs used
           for packet processing on the named data link. If the cpus  property
           has  been  set,  the  effective  value  will be the same as the set
           value. If the pool property has been set, effective value  will  be
           selected  from the pool designated by the administrator. If neither
           the pool nor cpus property is  set,  the  system  will  select  the
           effective value for cpus property.


       ets-bw-local

           This  indicates  the  ETS bandwidth configured on the TX side for a
           link. This property can be configured on a data link  only  if  the
           underlying  physical NIC registers DCB capability and supports ETS.
           The value is a percentage of the physical NIC's bandwidth  and  the
           sum  of  values  of  this property over all links on a physical NIC
           cannot exceed 100. Aggregation of physical NIC  that  register  DCB
           capabilities is not supported currently, hence this property cannot
           be set on aggregations. The effective value for this property could
           be  the ets-bw-local or ets-bw-local-advice depending on LLDP nego‐
           tiations.


       ets-bw-local-advice

           This indicates the ETS bandwidth (as a percentage)  recommended  by
           the  remote  end  for  this link. The value is obtained by means of
           LLDP.


       ets-bw-remote

           This indicates the ETS bandwidth (in percentage) that is  effective
           on  the remote end for this link. The value is obtained by means of
           LLDP.


       ets-bw-remote-advice

           This indicates the ETS bandwidth (as a percentage)  recommended  to
           the remote end for this link. This value is used by LLDP.


       ip-interface

           Applicable only for VXLAN links. This property specifies the under‐
           lying IP interface for a VXLAN link.  The  VXLAN  will  be  created
           using  an  IP address that is available on the specified interface.
           By default a IPv4 address will be selected for the VXLAN link which
           can  be changed using the ip-version property. This property can be
           set only when creating a VXLAN link and cannot be  modified  there‐
           after. This property may change in the future.


       ip-version

           Applicable only to VXLAN datalinks. This property indicates whether
           an IPv4 or IPv6 address should be  selected  on  an  IP  interface,
           specified using interface property, for a VXLAN link. This property
           can be set only when creating a VXLAN link and cannot  be  modified
           thereafter. This property may change in the future.


       local-ip

           Applicable  only  for  VXLAN  links. This property specifies the IP
           address, IPv4 or IPv6, that hosts a VXLAN link. A prefixlen may  be
           specified  as  part  of the IPv4 or IPv6 address. A hostname may be
           provided instead of an IP address. If a hostname is  provided,  its
           numeric  value  is  obtained  from  the  entry in /etc/hosts or the
           resolver specified for hosts or ipnodes in nsswitch.conf(5). As  IP
           addresses  are  created  before  naming  services have been brought
           online during boot process, it is important that any hostname  used
           be  included in /etc/hosts. This property can be set only when cre‐
           ating a VXLAN link and cannot be modified thereafter. This property
           may change in the future.


       rx-fanout

           Allows you to specify the number of receive-side fanout threads.

           Traffic  received on a receive ring can be fanned out across multi‐
           ple threads and processed in parallel. This is particularly  useful
           when  the system has large number of CPUs. This property is a count
           for the number of receive-side  fanout  threads  for  a  particular
           datalink. Note that this property lets an administrator specify the
           desired rx-fanout. However, based on the number of  available  CPUs
           and hardware RX rings, the system might choose a different (smaller
           or even higher) value for fanout.

           The number of CPUs is the upper bound on the  receive  side  fanout
           while  the  number of rx-rings is the lower bound. Thus, the actual
           receive side fanout count can have a value different from  the  one
           set by the user.

           Receive  side fanout could be disabled if zero is explicitly speci‐
           fied by an  administrator,  that  is,  no  fanout  thread  will  be
           involved  in receive side packet processing. This might give better
           latency in cases where the number of connections is less  than  the
           number of hardware RX rings.


       learn-limit

           Limits  the number of new or changed MAC sources to be learned over
           a bridge link. When the number exceeds this value, learning on that
           link  is  temporarily  disabled. Only non-VLAN, non-VNIC type links
           have this property.

           The default value is 1000. Valid values are greater or equal to 0.


       learn-decay

           Specifies the decay rate for source changes limited by learn-limit.
           This  number is subtracted from the counter for a bridge link every
           5 seconds. Only non-VLAN, non-VNIC type links have this property.

           The default value is 200. Valid values are greater or equal to 0.


       lro

           Specifies the user's disposition of turning LRO on or off or  using
           system default LRO value on a data link.

           Valid  values  are off, on, or auto. The default value is auto. The
           value auto is set to off for physical NICs while  it  inherits  the
           lower link's lro disposition for virtual NICs.

           Note -



             The system might not turn LRO on if it determines it is unsafe to
             do so. For instance, if IP is forwarding  traffic  using  a  data
             link,  then  the  system  would deem it unsafe to turn on LRO for
             that data link. So the effective value will be different from the
             configured value in such cases.



       tph

           Applicable only for physical datalinks. TPH (Transaction processing
           hints) is a performance feature in PCIe 3.0 specification and later
           that  allows I/O devices to populate data in the system cache hier‐
           archy. TPH is proved very useful for high  packet  rates  workload.
           For  workloads which are not latency sensitive, there is no differ‐
           ence for applications that consume the data from L3  cache  or  DDR
           memory.



           auto    Allows  the OS to decide whether to enable tph mode on this
                   link. This is the default value.


           on      Turns the tph mode on. This will allow  the  physical  link
                   leverage tph feature to improve the performance for certain
                   workload.


           off     Turns the tph mode off. This will disable the tph  mode  on
                   the physical link.


           The  user  can  display  the current tph setting by using the show-
           linkprop command. The EFFECTIVE column will show the value  decided
           by the OS. The VALUE column will show the user specified value. The
           POSSIBLE column will show whether the feature is supported  by  the
           datalink on the current platform.


       mac-address

           Sets  the  primary MAC address for the data link. When set, changes
           the primary MAC address used by all current and future MAC  clients
           of the underlying data link.


       max-bw

           Sets the full duplex bandwidth for the link. The bandwidth is spec‐
           ified as an integer with one of the scale suffixes (K, M, or G  for
           Kbps,  Mbps,  and Gbps). If no units are specified, the input value
           will be read as Mbps. The default is no bandwidth limit.


       bw-share

           Bandwidth share for a VNIC is the minimum share  of  the  bandwidth
           the VNIC will get when there is competition from other VNICs on the
           same data link. Note that the bandwidth is allocated among all  the
           active  VNICs.  The  amount  of allocation is proportional to their
           share. For example,


             # dladm set-linkprop -p bw-share=40        vnic1
             # dladm set-linkprop -p bw-share=10        vnic2

           Assuming a 1Gbps link and assuming these two are  the  only  VNICs,
           vnic1  can  have  up to 800 Mbps (1Gbps * 40/(40+10)) and vnic2 can
           have up to 200 Mbps (1Gbps * 10/(40+10)).

           The above example assumes both the VNICs have  traffic  to  consume
           their  share  of the bandwidth. However, if vnic1 consumes only 100
           Mbps, then vnic2 can go up to 900 Mbps.  The  goal  with  bandwidth
           shares  is no wasted bandwidth when there is a VNIC that can use it
           while assuring the allocated share when there is  competition  from
           other VNICs.

           This  property  is  currently supported only on certain NICs. dladm
           show-linkprop -H -p bw-share command can be used  to  determine  if
           bw-share property is supported on a given link. The value can range
           from 1 to 100. The value is a relative share  value  and  does  not
           indicate  a  percentage  of  the  bandwidth. The effective value is
           printed as a percentage of the physical link bandwidth. This is the
           minimum % of the bandwidth assured to the VNIC when there is compe‐
           tition. The effective value can  keep  changing  depending  on  the
           other VNICs or hardware network flows on the link.

           For  more  details about hardware network flows, see the flowadm(8)
           man page.

           For example, datalink  has  exclusive  ring-group  vnic1,  hardware
           flows tcpflow1 and udpflow1.

             # dladm show-linkprop -pbw-share vnic1
             LINK        PROPERTY   PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
             vnic1       bw-share   rw   10           33.33%       --        1-100
             # flowadm show-flowprop -pbw-share
             FLOW        PROPERTY   PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
             tcpflow1    bw-share   rw   10           33.33%       --        1-100
             udpflow1    bw-share   rw   10           33.33%       --        1-100



       multicast-group

           Applicable  only  to  VXLAN datalinks. This property that indicates
           the multicast group a VXLAN link subscribes to. The VXLAN link will
           use  this  address  to discover other VXLAN links on the same VXLAN
           segment. If this property is not set, the default all-host  address
           will  be used by the VXLAN link. This property can be set only when
           creating a VXLAN link and cannot be modified thereafter. This prop‐
           erty may change in the future.


       pool

           Bind  the  processing of packets for a given data link to a pool of
           processors defined and administered by poolcfg(8)  and  pooladm(8).
           The  binding  of  processes is similar to what occurs with the cpus
           link property, except that the list of CPUs is not explicit and  is
           instead maintained by the pools facility.

           If  pools  are  enabled,  and  no  pool  is specified for the link,
           pool_default will be used for packet processing.

           For zones with ip-type=exclusive, if a pool is specified through  a
           pool  zone  property  or  dedicated-cpus allocation, that pool will
           also be used for all data links associated with the zone.

           Specification of the pool property is not allowed on links  with  a
           cpus link property.

           If  the  pools  facility has been enabled, and if the administrator
           has not assigned a pool to a data link, then the effective value of
           pool will be pool_default. If the pools facility is disabled, there
           is no pool and the effective value will be empty.


       priority

           Sets the relative priority for the link. The value can be given  as
           one of the tokens high, medium, or low. The default is medium. This
           priority is not reflected in any protocol priority  fields  on  the
           wire,  but used for packet processing scheduling within the system.
           A high priority link offers  a  better  latency  depending  on  the
           availability  of  system resources. Setting this property can cause
           CPU utilization to go up for some workloads.


       rx-rings-available

           A read-only property that specifies the number of  rings  available
           on the receive side.


       rx-rings

           Specifies  the  number  of receive rings side for the MAC client. A
           value of sw means this MAC client should not  be  assigned  any  RX
           ring  and  will  be  software-based.  A  value of hw means this MAC
           client can get one RX ring, if  available,  or  will  be  software-
           based.  A non-zero value means reserve that many rings for this MAC
           client, if available, and fail if not.  If  this  property  is  not
           specified,  the  MAC  client  can get one RX ring, if available, or
           will be software-based.


       rx-hw-client-available

           A read-only property that specifies the  number  of  additional  RX
           hardware-based MAC clients that can be created.


       tx-rings-available

           A  read-only  property that specifies the number of rings available
           on the transmit side.


       tx-rings

           Specifies the number of transmit rings for the MAC client. A  value
           of  sw  means this MAC client should not be assigned any TX ring. A
           value of hw means this MAC client can get one TX  ring,  if  avail‐
           able,  or  will  be  software-based. A non-zero value means reserve
           that many rings for this MAC client, if available, and fail if not.
           If  this  property  is not specified, the MAC client can get one TX
           ring, if available, or will be software-based.


       tx-hw-client-available

           A read-only property that specifics the  number  of  additional  TX
           hardware-based MAC clients that can be created.


       stp

           Enables  or  disables Spanning Tree Protocol on a bridge link. Set‐
           ting this value to 0 disables Spanning Tree, and puts the link into
           forwarding  mode with BPDU guarding enabled. This mode is appropri‐
           ate for point-to-point links connected only to end nodes. Only non-
           VLAN,  non-VNIC type links have this property. The default value is
           1, to enable STP.


       forward

           Enables or disables forwarding for a VLAN. Setting this value to  0
           disables  bridge  forwarding for a VLAN link. Disabling bridge for‐
           warding removes that VLAN from the "allowed set"  for  the  bridge.
           The  default value is 1, to enable bridge forwarding for configured
           VLANs.


       default-tag

           Sets the default VLAN ID that is assumed for untagged packets  sent
           to  and received from this link. Only non-VLAN, non-VNIC type links
           have this property. Setting this value to  0  disables  the  bridge
           forwarding  of  untagged  packets to and from the port. The default
           value is VLAN ID 1. Valid values are from 0 to  4094.  The  default
           VLAN ID is also referred to as the Port VLAN Identifier (PVID).

           You  cannot  create  a  tagged VLAN or VLAN-tagged VNIC link with a
           VLAN ID that matches the default VLAN value of the underlying link.
           All  untagged  packets  on the link are already associated with the
           default VLAN (PVID). To successfully create a tagged VLAN or  VLAN-
           tagged  VNIC link with VLAN ID equal to the default VLAN value, you
           must first change the default-tag property of the  underlying  link
           to a different VLAN value.

           When  default-tag=0, all untagged packets on the link are no longer
           associated with any VLAN. As a result, you can create a  VLAN  link
           with  any  VLAN  ID  from 1 to 4094. Note that any received packets
           that are erroneously tagged with the PVID at an end-point might  be
           dropped.  This  situation  occurs  if all the end-points on a given
           link do not agree on the PVID. All end-points on a  link  must  use
           the same PVID and must not tag traffic with the PVID.


       stp-priority

           Sets  the STP and RSTP Port Priority value, which is used to deter‐
           mine the preferred root port on a bridge.  Lower  numerical  values
           are  higher  priority. The default value is 128. Valid values range
           from 0 to 255.


       stp-cost

           Sets the STP and RSTP cost for using the link. The default value is
           auto,  which  sets  the  cost  based  on  link speed, using 100 for
           10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
           range from 1 to 65535.


       stp-edge

           Enables  or  disables  bridge  edge  port  detection.  If  set to 0
           (false), the system assumes that the port  is  connected  to  other
           bridges  even  if  no bridge PDUs of any type are seen. The default
           value is 1, which detects edge ports automatically.


       stp-p2p

           Sets bridge point-to-point  operation  mode.  Possible  values  are
           true, false, and auto. When set to auto, point-to-point connections
           are automatically discovered. When set to true, the  port  mode  is
           forced  to  use point-to-point. When set to false, the port mode is
           forced to use normal multipoint mode. The default value is auto.


       stp-mcheck

           Triggers the system to run the RSTP Force BPDU Migration Check pro‐
           cedure  on  this  link.  The  procedure is triggered by setting the
           property value to 1. The property is automatically reset back to 0.
           This value cannot be set unless the following are true:


               o      The link is bridged


               o      The bridge is protected by Spanning Tree


               o      The bridge force-protocol value is at least 2 (RSTP)

           The default value is 0.


       protection

           Enables one or more types of link protection. Valid values are:

           mac-nospoof

               MAC address anti-spoof. An outbound packet's source MAC address
               must match the  link's  configured  MAC  address.  Non-matching
               packets will be dropped. If the link belongs to a zone, turning
               mac-nospoof on will prevent the zone's owner from modifying the
               link's MAC address.


           ip-nospoof

               IP  address  anti-spoof. This protection type works in conjunc‐
               tion with the link property allowed-ips.

               allowed-ips is a list containing IP (IPv4 or  IPv6)  addresses.
               This list is empty by default. Addresses that are implicitly in
               this list are: the link local IPv6 address  conforming  to  RFC
               2464 (derived from the link's MAC address); IPv4/IPv6 addresses
               learned  from  DHCP  replies;   the   unspecified   (all-zeros)
               IPv4/IPv6 address.

               An  outbound  IP  packet  can  pass if its source address is in
               allowed-ips.

               An outbound ARP packet can pass if its sender protocol  address
               is in allowed-ips.

               When  a datalink has been protected by setting allowed-ips to a
               set of one or more IP addresses, any attempts to  configure  IP
               addresses  that  are  not  in  this set will fail with an EPERM
               error being returned to the user. Moreover, the  interface  may
               not  be used for forwarding IP packets, and attempts to set the
               ipadm(8) forwarding property on the interface will encounter an
               EPERM error.


           dhcp-nospoof

               DHCP  client  ID  (DUID  for DHCPv6) and hardware address anti-
               spoof. This protection type works in conjunction with the  link
               property allowed-dhcp-cids.

               Items  in the allowed-dhcp-cids list should be formatted in the
               same way as the "client-id" property in ipadm utility. The only
               difference  is  that  .  (period)  should be used in place of ,
               (comma) when specifying DUIDs. For more  information,  see  the
               ipadm(8) man page.

               An  outbound  DHCP (v4/v6) packet can pass only if these condi‐
               tions are satisfied:

                   o      If  allowed-dhcp-cids  is  not  configured  and  the
                          packet type is:

                       o      DHCPv4,  the client ID field must match the con‐
                              figured MAC address.


                       o      DHCPv6, the DUID must be of type 1 or 3 and  the
                              link  layer  address part of the DUID must match
                              the configured MAC address.



                   o      If allowed-dhcp-cids is configured  and  the  packet
                          type is:

                       o      DHCPv4,  the  client  ID field must match one of
                              the IDs on  this  list  or  the  configured  MAC
                              address.


                       o      DHCPv6, the DUID field must match one of the IDs
                              on this list or, the DUID must be of type 1 or 3
                              and  the  link  layer  address  part of the DUID
                              matches the configured MAC address.




           restricted

               This protection restricts outgoing packet types to  just  IPv4,
               IPv6, and ARP.



       vni

           Applicable  only  to  VXLAN  datalinks.  This property, with values
           ranging between 0 and 16777215, that specifies  the  VXLAN  segment
           the  link  belongs  to.  This property is mandatory when creating a
           VXLAN link and cannot be modified  thereafter.  This  property  may
           change in the future.


       vsi-manager-id

           An IPv6 address.

           When  the  VDP service is enabled on a VNIC, properties of the VNIC
           are exchanged with the bridge using a 3-byte VSI Type ID and 1-byte
           VSI  Version.  A VSI Manager maintains the mapping between the {VSI
           Type ID-VSI Version} and the set of properties.  The  {VSI  Manager
           ID,  VSI  Type  id, VSI Version} tuple identifies a specific set of
           properties.

           On a VNIC, the vsi-manager-id can be explicitly  assigned.  If  the
           vsi-manager-id  is  not  explicitly assigned, the vsi-manager-id is
           set to the vsi-manager-id value of the underlying link.

           On physical link, vsi-manager-id specifies the default vsi-manager-
           id for all the VNICs over it. The default value of the vsi-manager-
           id on a physical link is 0.

           The default VSI Manager ID on a physical link  is  associated  with
           the  Oracle  VSI  Manager  (oracle_v1).  The  Oracle VSI Manager is
           defined as a 3-byte encoding using the following link properties:

             Bits            Properties
             --------------------------------------------------
             0-4             Link Bandwidth Limit
                             00000-10100 :   0-100% of link speed
                                             in increments of 5%
                             rest        :   reserved

             5-7             Link Speed
                                             000 - Unknown
                                             001 - 10 Mbps
                                             010 - 100 Mbps
                                             011 - 1 Gbps
                                             100 - 10 Gbps
                                             101 - 40 Gbps
                                             110 - 100 Gbps
                                             111 - Reserved

             8-12            Reserved

             13-15           Traffic Class (0-7)

             16-17           Link MTU
                                             00 - 1500 bytes
                                             01 - 9000 bytes
                                             10 - Custom
                                             11 - Reserved


             18-23           Reserved



       vsi-manager-id-encoding

           The encoding associated with the  physical  link's  vsi-manager-id.
           Supported  values  include  oracle_v1 and none. If this property is
           set to none, the vsi-type-id and vsi-version are not  automatically
           generated  over this link for VNICs that do not have their vsi-man‐
           ager-id explicitly set.


       vsi-type-id

           A 3-byte value that is used to determine the properties  associated
           with a VNIC. The vsi-type-id is used along with the vsi-version and
           vsi-manager-id to obtain the actual properties associated with  the
           VNIC.  When  the  vsi-manager-id is not explicitly on the VNIC, the
           vsi-type-id is automatically generated using the properties of  the
           VNIC and the above encoding (oracle_v1).


       vsi-version

           A  1-byte value that is used to determine the properties associated
           with a VNIC. The vsi-version is used along with the vsi-type-id and
           vsi-manager-id  to obtain the actual properties associated with the
           VNIC. When the vsi-manager-id is not explicitly on  the  VNIC,  the
           vsi-version is set to 0.


       vsi-version-effective

           A read-only property. The effective VSI Version on a link.


       virtual-switching

           This  property determines if switching between VNICs or MAC clients
           over a physical link happens through the virtual switch  associated
           with  the link or on the external switch. This property is applica‐
           ble only to physical and aggregated  links.  By  default  switching
           happens  through the virtual switch associated with the link. Valid
           values include:

           local     Switching between MAC clients or VNICs over the link hap‐
                     pens  internally  through the link's virtual switch. This
                     is referred to as Virtual Ethernet Bridge (VEB).


           remote    Switching between MAC clients or VNICs over the link hap‐
                     pens  externally  through  the  external  switch. This is
                     referred to as Virtual Ethernet Port  Aggregator  (VEPA).
                     Setting  this value assumes that Reflective Relay is con‐
                     figured on the external switch.


           auto      Switching is determined through Link Layer Discovery Pro‐
                     tocol (LLDP) protocol. This value initiates LLDP exchange
                     with the external switch to enable Reflective  Relay.  If
                     LLDP successfully enables Reflective Relay on the switch,
                     the effective value is remote (that is, switching happens
                     on  the  external  switch),  else  it  is local (that is,
                     switching happens  locally  through  the  link's  virtual
                     switch).



       iov

           This  property  behaves differently depending on whether it is used
           on a physical link or a VNIC.

           Setting this link property on a physical link allows  the  user  to
           enable/disable SR-IOV mode. The possible values for iov on a physi‐
           cal link are:


           auto    Allows the OS decide whether to enable SR-IOV mode on  this
                   link. This is the default value.


           on      Turns  SR-IOV  mode  on. This will allow the creation of VF
                   VNICS.


           off     Turns SR-IOV mode off. This will  disable  the  ability  to
                   create VF VNICs.

           The  user  can  display  the  current  iov  setting  by using show-
           linkprop. The EFFECTIVE column will show the value decided  by  the
           OS. The VALUE column will show the user specified value.

           This property may also be specified during VNIC creation via the -p
           option. This option allows the user to choose whether to  create  a
           VF VNIC or not. For this case, the possible values for iov are:


           inherit

               Inherit  the  EFFECTIVE  iov setting from the VNIC's underlying
               link. For example, if the underlying link has -iov on, specify‐
               ing  inherit  during VNIC creation means, allowing the OS allo‐
               cate a VF if possible; If a VF is not found, create  a  regular
               VNIC instead. If the underlying link has iov off, it means a VF
               will not be allocated.

               If -p  iov is not specified during  create-vnic,  this  is  the
               assumed default value.


           on

               A  VF must be allocated for this VNIC. If a VF cannot be found,
               fail the VNIC creation.


           off

               Do not allocate a VF for  this  VNIC.  The  created  VNIC  will
               always  be a regular VNIC regardless of the underlying iov set‐
               ting.

           Unlike the physical link case, the VNIC's iov  property  cannot  be
           modified  by  set-linkprop. It can only be specified during create-
           vnic. Displaying this property through show-linkprop is allowed.


       ring-group

           This property behaves differently depending on whether it  is  used
           on  a  physical  link  or  a VNIC. The user can display the current
           ring-group by using  show-linkprop  command.  For  physical  links,
           ring-group  is  just a read-only property to indicate if the driver
           supports this feature. The user may not  enable/disable  this  fea‐
           ture. Valid values are exclusive and shared.

           For  VNICs,  ring-group is a property that may only be specified at
           VNIC creation time. The valid values are: auto (OS decides  whether
           exclusive  or shared used on a particular physical link), exclusive
           (VNIC creation fails if exclusive ring-group  unavailable),  shared
           (does  not  allocate  dedicated  resources)  The  default  value is
           shared.

           This property can also be specified during  VNIC  creation  through
           the  -p  option.  This  option allows the user to choose whether to
           create a exclusive hardware ring group VNIC or not.

           After VNIC creation, ring-group may not  be  modified  through  the
           set-linkprop  command.  Exclusive ring-group VNICs can be supported
           in SRIOV mode. In SRIOV mode, the VNIC needs to set the  iov  prop‐
           erty to "off" for exclusive ring-group VNIC creation.


       pvlan-tagmode

           This property determines how the outgoing packets should be tagged.
           This property applies to physical links and the valid values are:


           primary      The outgoing packets will be tagged  with  the  VNIC's
                        Primary VID.


           secondary    The  outgoing  packets  will be tagged with the VNIC's
                        Secondary VID. This is the default value.




       poll

           Allows you  to  enable/disable  polling  mechanism  based  on  per-
           datalink basis.

           Polling  is  a  feature meant for reducing interrupt overhead under
           high network load. Polling is not desirable  for  latency-sensitive
           workloads because it may incur some delays in the receive path.

           The network stack auto-tunes its polling algorithm to minimize such
           delays. To avoid delays that may be caused by polling, that feature
           can  be disabled on a per-datalink basis. Note that this can result
           in an increased interrupt rate and CPU utilization.

           Note that polling is also  disabled  automatically  when  disabling
           receive-side fanout by setting rx-fanout property to zero.


       zone

           Specifies  the zone to which the link belongs. This property can be
           modified only temporarily through dladm, and  thus  the  -t  option
           must  be specified. To modify the zone assignment such that it per‐
           sists across reboots, please use zonecfg(8). Possible  values  con‐
           sist  of  any exclusive-IP zone currently running on the system. By
           default, the zone binding is as per zonecfg(8).


       firmware-version

           Applicable only for physical datalinks. A read-only  property  that
           specifies  the  firmware  version information for the physical NIC.
           This property is only shown when explicitly requested  through  the
           -p option. The format, meaning, and stability of its value is up to
           each individual driver and optionally documented  in  the  driver's
           manual page.



       On IPoIB VNICs, only the following link properties are supported: auto‐
       push,  zone,  max-bw,  cpus,  rx-fanout,  pool,  priority,  protection,
       allowed-ips, and allowed-dhcp-cids.

   Wifi Link Properties
       The following WiFi link properties are supported. Note that the ability
       to set a given property to a given value  depends  on  the  driver  and
       hardware.

       channel

           Specifies the channel to use. This property can be modified only by
           certain WiFi links when in IBSS mode. The default value and allowed
           range of values varies by regulatory domain.


       power-mode

           Specifies the power management mode of the WiFi link. Possible val‐
           ues are off (disable power management),  max  (maximum  power  sav‐
           ings),  and  fast (performance-sensitive power management). Default
           is off.


       radio

           Specifies the radio mode of the WiFi link. Possible values  are  on
           or off. Default is on.


       speed

           Specifies  a fixed speed for the WiFi link, in megabits per second.
           The set of possible values depends on the driver and hardware  (but
           is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
           By default, there is no fixed speed.


   Ethernet Link Properties
       The following MII Properties, as documented in ieee802.3(7),  are  sup‐
       ported in read-only mode:

           o      duplex


           o      state

                  Formerly,   read-only   adv_<speed><duplex>_cap   properties
                  reflecting the advertised speed-duplex values (1 meaning  on
                  and  0 being off), and writable en_<speed><duplex>_cap prop‐
                  erties were provided to enable or  disable  specific  speed-
                  duplex  combinations. These have been replaced with a single
                  speed-duplex value that can be set  to  any  combination  of
                  (assuming  the  speeds are supported by the underlying hard‐
                  ware):

               o      100g-f (100 GigaBit Full-Duplex)


               o      50g-f (50 GigaBit Full-Duplex)


               o      40g-f (40 GigaBit Full-Duplex)


               o      25g-f (25 GigaBit Full-Duplex)


               o      10g-f (10 GigaBit Full-Duplex)


               o      1g-f (1 GigaBit Full-Duplex)


               o      1g-h (1 Gigabit Half-Duplex)


               o      100m-f (100 MegaBit Full-Duplex)


               o      100m-h (100 MegaBit Half-Duplex)


               o      10m-f (10 Megabit Full-Duplex)


               o      10m-h (10 MegaBit Half-Duplex)



           o      auto-negotiation

                  Auto-negotiation was previously supported through  the  adv-
                  autoneg-cap  property. It is now specified through the auto-
                  negotiation property.

                  In the absence of  Power  Management,  the  possible  speed-
                  duplex  values  provide  the values that are both negotiated
                  and currently effective in  hardware.  However,  with  Power
                  Management  enabled, the speed/duplex capabilities currently
                  exposed in the hardware might be a subset of the set of bits
                  that were used in initial link parameter negotiation. Chang‐
                  ing the current set of speed-duplex values configures  speed
                  and duplex properties at initial negotiation.

                  Auto-negotiation  is  a  0/1  switch that turns off/on auto-
                  negotiation, and therefore cannot be impacted by Power  Man‐
                  agement.



       In addition, the following Ethernet properties are reported:

       flow-control

           Establishes  flow-control  modes  that  will  be  advertised by the
           device. Valid input is one of:


           auto

               Flow control mode on the device is dynamically  determined.  To
               see  the  actual flow control mode set on the device, check the
               effective value of flow-control property.


           no

               No flow-control enabled.


           rx

               Receive, and act upon incoming pause frames.


           tx

               Transmit pause frames to the peer when congestion  occurs,  but
               ignore received pause frames.


           pfc

               Transmit pause frames including the priority value of the traf‐
               fic that should be paused. Receive pause frames, and  act  upon
               the traffic whose priority values are specified in the frame.


           bi

               Bidirectional flow control.

           Note that the actual settings for this value are constrained by the
           capabilities allowed by the device and the link  partner.  As  such
           the  effective  value  of  flow-control indicates the system chosen
           value.


       gvrp-timeout

           Specifies wait period between VID announcement broadcasts, in  mil‐
           liseconds.


       mtu

           The  maximum  client  SDU (Send Data Unit) supported by the device.
           Valid range is 68-65536.


       num-tcs

           The number of Traffic Classes supported on  the  device.  A  device
           supporting  extensions  for  DCB (Data Center Bridging) can support
           multiple traffic classes. This property can be used to determine if
           the device supports DCB extensions. This is a read-only property.


       pfcmap

           This  property  is  used to indicate the 802.1p priority values for
           which PFC (Priority-based flow control)  is  enabled.  This  is  an
           8-bit  mask,  in  which  an individual bit signifies whether PFC is
           enabled for the corresponding priority. For  priorities  that  have
           PFC enabled, the device will transmit a pause frame for that prior‐
           ity in the event of congestion. This is relevant only if num-tcs is
           greater than zero and flow-ctrl-effective is pfc.

           The  effective  value  of  pfcmap can either be the user configured
           value or the effective value of  pfcmap-remote  depending  on  LLDP
           DCBx negotiations.


       pfcmap-remote

           This  property  is  used  to  indicate the PFC configuration of the
           remote peer, usually an adjacent switch.


       ptp

           (read-only) This property is used to indicate the  availability  of
           PTP hardware assistance in the device.


       speed

           (read-only) The operating speed of the device, in Mbps.


       tag-mode

           This  link  property  controls  the conditions in which 802.1Q VLAN
           tags will be inserted in packets being transmitted on the link. Two
           mode values can be assigned to this property:


           normal

               Insert  a VLAN tag in outgoing packets under the following con‐
               ditions:

                   o      The packet belongs to a VLAN.


                   o      The user requested priority tagging.



           vlanonly

               Insert a VLAN tag only when the outgoing packet  belongs  to  a
               VLAN.  If a tag is being inserted in this mode and the user has
               also requested a non-zero priority, the priority is honored and
               included in the VLAN tag.

           The default value is vlanonly.


       vlan-announce

           This   property  controls  automatic  VLAN  ID  announcement.  When
           enabled, it broadcasts the VIDs of any VNICs or VLANs configured on
           the  device. It supports both physical links and aggregations. Pos‐
           sible values are:

           off

               No VID announcements will be sent.


           gvrp

               Announcements sent using GVRP protocol, as defined  in  802.1D.
               See gvrp-timeout to configure broadcast frequency.



   InfiniBand Link Properties
       The  following  properties  are  supported  only on IB partition object
       datalinks and IPoIB VNIC datalinks.

       link-mode

           Sets the link transport service type on an IB  partition  datalink.
           The default value is cm. Valid values are:

           cm

               Connected  Mode. This mode uses a default MTU of 65520 and sup‐
               ports a maximum MTU of 65535 bytes. If Connected  Mode  is  not
               available  for  a  remote  node,  Unreliable Datagram mode will
               automatically be used instead.


           ud

               Unreliable Datagram Mode. This mode uses a default MTU of  2044
               and supports a maximum MTU of 4092 bytes.


           broadcast-group

               The  broadcast  group state of an IB partition object datalink.
               The default value is unknown. Valid values are:


               unknown

                   Initial state of an IB partition object datalink after cre‐
                   ation and before creating IP instance.


               absent

                   Broadcast group is not configured by the Subnet Manager.


               joined

                   Broadcast  group  is  configured  and  IB  partition object
                   datalink successfully joined the broadcast group.


               unsuccessful

                   Broadcast group is configured but IPoIB failed to join  the
                   broadcast  group.  This can occur if one or parameters such
                   as MTU, srate and Q key  is/are  different  from  broadcast
                   group  created  on  the Subnet Manager (SM). See SM log for
                   exact reason for the join failure.





   IP Tunnel Link Properties
       The following IP tunnel link properties are supported.

       hop-limit

           Specifies the IPv4 TTL or IPv6  hop  limit  for  the  encapsulating
           outer IP header of a tunnel link. This property exists for all tun‐
           nel types. The default value is 64.


       encap-limit

           Specifies the IPv6  encapsulation  limit  for  an  IPv6  tunnel  as
           defined  in  RFC 2473. This value is the tunnel nesting limit for a
           given tunneled packet. The default value is 4. A value  of  0  dis‐
           ables the encapsulation limit.


   Aggregation Link Properties
       The following properties are supported only on DLMP mode aggregations.

       probe-enabled

           This  property  controls  whether  the probe-based failure/recovery
           detection is enabled for the given aggregation. When disabled,  the
           health  detection  of the underlying port will be solely relying on
           the port's link state. Possible values are:

           true     Probe-based failure/recovery detection is enabled. This is
                    the default value.


           false    Probe-based failure/recovery detection is disabled.



       probe-ip

           This property is a comma separated list of IP addresses allowed for
           use as source IP addresses for ICMP probing. IP addresses from this
           list,  if  configured (as plumbed primary or as VNICs) will be used
           for ICMP probing. These IP addresses will continue  to  carry  data
           traffic  like usual. Thus, there is no need to reserve exclusive IP
           addresses for probing.

           Each field in the list consists of "source IP" followed by optional
           target configuration information. The target information, if speci‐
           fied, can either be the target IP address or the string "rt". If it
           is  the  latter, the in.dlmpd daemon will consult the routing table
           for routes on the same subnet as the specified "source IP" address,
           and uses the specified next-hop as the target IP address.

           If  no  target  is  specified, the DLMP probing service will try to
           discover potential targets IP addresses by sending the ICMP  multi‐
           cast packet.

           Regardless the sources of the target IP address (discovered, speci‐
           fied or come from the routing table), the target IP address must be
           in  the  same subnetwork as the specified source IP address, or, it
           will not take effect.

           The following forms are accepted:

           <IP address>[/prefixlen][+<target address> |"rt"]

               Explicitly  specify  the  IP  address  and  its  prefix  length
               (optional). For example, 10.134.8.0/24+.


           <addrobj_name>[+<target address> | "rt"]

               Specify  the  specific  addrobj  name, which can be seen in the
               ipadm show-addr output. For example, vnic1/addr1+169.156.0.1.


           <interface_name>[+<target address> | "rt"]

               Specify a specific interface name. It can be either the name of
               the  aggregation  interface  itself or any VNIC configured over
               the aggregation in the global zone. All the IPv4 addresses  and
               IPv6  addresses  configured  on the specified interface will be
               used for ICMP probing.

               Note that to avoid  ambiguity  between  the  hostname  and  the
               interface  name, the interface names will be enclosed by square
               brackets. For example:

                 [dlmp1]+


                 +[<target>]



           [*|*v4|*v6][:<target address> | "rt"]

               The special strings "*", "*v4", and "*v6" can also be used. All
               the  IP  addresses  (or  the IPv4/link-local-IPv6 IP addresses)
               configured on the aggregation and the VNICs will  be  potential
               source IP address of ICMP probes.



       probe-vlan-id

           This  link  property specifies the VLAN-ID to be used for both ICMP
           and transitive probing. Valid values are from 0 to 4094. The  value
           0 indicates that the probes are untagged. The default value is 0.


       probe-fdt

           This  link  property defines the failure detection time. It config‐
           ures the expected failure detection  time  value  in  seconds.  The
           default value is 10s.


   Known WLAN Properties
       The  following  Known  WLAN properties are supported: priority, bssids,
       security-mode, key. These properties are  described  in  the  show-wlan
       subcommand section above.

EXAMPLES
       Example 1 Display Datalink Configuration



       The  following command shows the effect of invoking dladm with no argu‐
       ments.


         # dladm
         LINK                CLASS     MTU    STATE    OVER
         net0                phys      1500   up       --
         net1                phys      1500   up       --
         net2                phys      1500   unknown  --
         net3                phys      1500   up       --
         vnic1               vnic      1500   up       net1
         vlan1               vlan      1500   up       net1
         aggr1               aggr      1500   up       net2 net3
         stub1               etherstub 9000   unknown  --



       Example 2 Configuring an Aggregation



       To configure a data-link over an aggregation of devices bge0  (linkname
       net0) and bge1 (linkname net1) with key 1, enter the following command:


         # dladm create-aggr -l net0 -l net1 1




       To  configure  an  IEEE  802.3ad  link  aggregation  of devices e1000g1
       (linkname net0) and e1000g2 (linkname net1) with the name aggr1,  enter
       following command:


         # dladm create-aggr -l net0 -l net1 aggr1




       To  configure  an  Datalink  Multipathing  (dlmp)  link  aggregation of
       devices ixgbe1 (linkame net2) and ixgbe2 (linkname net3) with the  name
       aggr2 enter following command:


         # dladm create-aggr -m dlmp -l net2  -l net3 aggr2




       To list aggregations, enter following command:


         # dladm show-aggr
         LINK              MODE    POLICY   ADDRPOLICY           LACPACTIVITY  LACPTIMER
         aggr1             trunk   L4       auto                 off           short
         aggr2             dlmp    --       --                   --            --



       Example 3 Connecting to a WiFi Link



       To  connect to the most optimal available unsecured network on a system
       with a single WiFi link (as per the prioritization rules specified  for
       connect-wifi), enter the following command:


         # dladm connect-wifi




       Alternatively, to connect to an available network with the highest pri‐
       ority in the Known WLAN list, enter the following command:


         # dladm connect-wifi -w



       Example 4 Creating a WiFi Key



       To interactively create the WPA key mykey, enter the following command:


         # dladm create-secobj -c wpa mykey




       Alternatively, to non-interactively create the WPA key mykey using  the
       contents of a file:


          # umask 077
          # cat >/tmp/mykey.$$ <<EOF
          12345678
          EOF
          # dladm create-secobj -c wpa -f /tmp/mykey.$$ mykey
          # rm /tmp/mykey.$$



       Example 5 Connecting to a Specified Encrypted WiFi Link



       To use key mykey to connect to ESSID  wlan on link ath0, enter the fol‐
       lowing command:


         # dladm connect-wifi -k mykey -e wlan ath0




       Example 6 Changing a Link Property



       To set power-mode to the value fast on link pcwl0, enter the  following
       command:


         # dladm set-linkprop -p power-mode=fast pcwl0



       Example 7 Connecting to a WPA-Protected WiFi Link



       Create a WPA key psk and enter the following command:


         # dladm create-secobj -c wpa psk




       To  then  use  key psk to connect to ESSID wlan on link ath0, enter the
       following command:


         # dladm connect-wifi -k psk -e wlan ath0



       Example 8 Renaming a Link



       To rename the bge0 link to mgmt0, enter the following command:


         # dladm rename-link bge0 mgmt0



       Example 9 Replacing a Network Card



       Consider that the bge0 device, whose link was named mgmt0 as  shown  in
       the previous example, needs to be replaced with a ce0 device because of
       a hardware failure. The bge0 NIC is physically  removed,  and  replaced
       with  a  new  ce0 NIC. To associate the newly added ce0 device with the
       mgmt0 configuration previously associated with bge0, enter the  follow‐
       ing command:


         # dladm rename-link ce0 mgmt0



       Example 10 Removing a Network Card



       Suppose  that in the previous example, the intent is not to replace the
       bge0 NIC with another NIC, but rather to remove  and  not  replace  the
       hardware.  In that case, the mgmt0 datalink configuration is not slated
       to be associated with a different physical device as shown in the  pre‐
       vious  example, but needs to be deleted. Enter the following command to
       delete the datalink configuration associated with the  mgmt0  datalink,
       whose physical hardware (bge0 in this case) has been removed:


         # dladm delete-phys mgmt0



       Example 11 Using Parseable Output to Capture a Single Field



       The following assignment saves the MTU of link net0 to a variable named
       mtu.


         # mtu=`dladm show-link -p -o mtu net0`



       Example 12 Using Parsable Output to Iterate over Links



       The following script displays the state of each link on the system.


         # dladm show-link -p -o link,state | while IFS=: read link state; do
                     print "Link $link is in state $state"
                 done



       Example 13 Configuring VNICs



       Create two VNICs with names hello0 and test1  over  a  single  physical
       link net0:


         # dladm create-vnic -l net0 hello0
         # dladm create-vnic -l net0 test1



       Example 14 Configuring VNICs and Allocating Bandwidth and Priority



       Create  two  VNICs  with  names hello0 and test1 over a single physical
       link net0 and make hello0 a high priority VNIC with a  factory-assigned
       MAC  address with a maximum bandwidth of 50 Mbps. Make test1 a low pri‐
       ority VNIC with a  random  MAC  address  and  a  maximum  bandwidth  of
       100Mbps.


         # dladm create-vnic -l net0 -m factory -p max-bw=50,priority=high hello0
         # dladm create-vnic -l net0 -m random -p max-bw=100M,priority=low test1



       Example 15 Configuring a VNIC with a Factory MAC Address



       First, list the available factory MAC addresses and choose one of them:


         # dladm show-phys -m net0
         LINK            SLOT         ADDRESS              INUSE    CLIENT
         net0            primary      0:e0:81:27:d4:47     yes      net0
         net0            1            8:0:20:fe:4e:a5      no
         net0            2            8:0:20:fe:4e:a6      no
         net0            3            8:0:20:fe:4e:a7      no




       Create a VNIC named hello0 and use slot 1's address:


         # dladm create-vnic -l net0 -m factory -n 1 hello0
         # dladm show-phys -m net0
         LINK            SLOT         ADDRESS              INUSE    CLIENT
         net0            primary      0:e0:81:27:d4:47     yes      net0
         net0            1            8:0:20:fe:4e:a5      yes      hello0
         net0            2            8:0:20:fe:4e:a6      no
         net0            3            8:0:20:fe:4e:a7      no



       Example  16 Creating a VNIC with User-Specified MAC Address, Binding it
       to Set of Processors



       Create a VNIC with name hello0, with a user specified MAC address,  and
       a processor binding 0, 2, 4-6.


         # dladm create-vnic -l net0 -m 8:0:20:fe:4e:b8 -p cpus=0,2,4-6 hello0



       Example 17 Creating a Virtual Network Without a Physical NIC



       First, create an etherstub with name stub1:


         # dladm create-etherstub stub1




       Create  two  VNICs  with  names hello0 and test1 on the etherstub. This
       operation implicitly creates a virtual  switch  connecting  hello0  and
       test1.


         # dladm create-vnic -l stub1 hello0
         # dladm create-vnic -l stub1 test1



       Example 18 Displaying Bridge Information



       The following commands use the show-bridge subcommand with no and vari‐
       ous options.


         # dladm show-bridge
         BRIDGE       PROTECT ADDRESS           PRIORITY DESROOT
         foo          stp     32768/8:0:20:bf:f 32768    8192/0:d0:0:76:14:38
         bar          stp     32768/8:0:20:e5:8 32768    8192/0:d0:0:76:14:38

         # dladm show-bridge -l foo
         LINK         STATE        UPTIME   DESROOT
         hme0         forwarding   117      8192/0:d0:0:76:14:38
         qfe1         forwarding   117      8192/0:d0:0:76:14:38

         # dladm show-bridge -f foo
         DEST              AGE     FLAGS  OUTPUT
         8:0:20:bc:a7:dc   10.860  --     hme0
         8:0:20:bf:f9:69   --      L      hme0
         8:0:20:c0:20:26   17.420  --     hme0
         8:0:20:e5:86:11   --      L      qfe1



       Example 19 Creating an IPv4 Tunnel



       The following sequence of commands creates and then displays a  persis‐
       tent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:


         # dladm create-iptun -T ipv4 -a local=66.1.2.3,remote=192.4.5.6 mytunnel0
         # dladm show-iptun mytunnel0
         LINK            TYPE  FLAGS  SOURCE              DESTINATION
         mytunnel0       ipv4  --     66.1.2.3            192.4.5.6




       A  point-to-point  IP  interface  can  then be created over this tunnel
       link:


         # ipadm create-ip mytunnel0
         # ipadm create-addr -T static -a local=10.1.0.1,remote=10.1.0.2 \
         mytunnel0/addr
         # ipadm show-addr mytunnel0/addr
         ADDROBJ           TYPE     STATE        ADDR
         mytunnel0/addr    static   ok           10.1.0.1->10.1.0.2



       Example 20 Creating a 6to4 Tunnel



       The following command creates a 6to4 tunnel link. The IPv4  address  of
       the 6to4 router is 75.10.11.12.


         # dladm create-iptun -T 6to4 -a local=75.10.11.12 sitetunnel0
         # dladm show-iptun sitetunnel0
         LINK            TYPE  FLAGS  SOURCE              DESTINATION
         sitetunnel0     6to4  --     75.10.11.12         --




       The following command creates an IPv6 interface on this tunnel:


         # ipadm create-ip sitetunnel0
         # ipadm show-addr sitetunnel0/_a
         ADDROBJ           TYPE     STATE        ADDR
         sitetunnel0/_a    static   ok           2002:4b0a:b0c::1/16




       Note  that  the system automatically configures the IPv6 address on the
       6to4 IP interface. See ipadm(8) for a description of how IPv6 addresses
       are configured on 6to4 tunnel links.


       Example 21 Using Link Protection



       To enable link protection:


         # dladm set-linkprop \
         -p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0




       To disable link protection:


         # dladm reset-linkprop -p protection vnic0




       To modify the allowed-ips list:


         # dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0




       To modify the allowed-dhcp-cids list:


         # dladm set-linkprop -p allowed-dhcp-cids=hello vnic0




       To display the resulting configuration:


         # dladm show-linkprop -p protection,allowed-ips vnic0
         LINK  PROPERTY    PERM   VALUE        EFFECTIVE    DEFAULT POSSIBLE
         vnic0 protection  rw     mac-nospoof, mac-nospoof, --      mac-nospoof,
                                  restricted,  restricted,          restricted,
                                  ip-nospoof,  ip-nospoof,          ip-nospoof,
                                  dhcp-nospoof dhcp-nospoof         dhcp-nospoof
         vnic0 allowed-ips rw     10.0.0.1,    10.0.0.1,    --      --
                                  10.0.0.2     10.0.0.2
         vnic0 allowed-dhcp-cids rw hello      hello        --      --



       Example 22 Creating an IB Partition



       The  following command creates a partition ffff.ibp0 with partition key
       0xffff on the physical link ibp0.


         # dladm create-part -P ffff -l ibp0 ffff.ibp0



       Example 23 Displaying IB Partition Information



       The following command displays IB partition information.


         # dladm show-part
         LINK         PKEY OVER         STATE    FLAGS
         ffff.ibp0    FFFF ibp0         up       ----



       Example 24 Displaying IB Data Links Information



       The following command displays IB data links information.


         # dladm show-ib
         LINK     HCAGUID        PORTGUID       PORT STATE  GWNAME GWPORT  PKEYS
         net0     3BA000100CD7C  3BA000100CD7D  1    down   --     --      FFFF
         net1     3BA000100CD7C  3BA000100CD7E  2    down   --     --      FFFF
         net3     5AD0000033634  5AD0000033636  2    up     --     --      FFFF,8001
         net2     5AD0000033634  5AD0000033635  1    up     --     --      FFFF,8001



       Example 25 Displaying IB HCA mapping



       The following command displays IB HCA name as managed by ibadm(8)  that
       each IB link runs over.


         # dladm show-ib -o link,hca,port,hcaguid,portguid,pkeys
         LINK     HCA            PORT   HCAGUID        PORTGUID       PKEYS
         net0     hermon0        1      3BA000100CD7C  3BA000100CD7D  FFFF,8001
         net1     hermon0        2      3BA000100CD7C  3BA000100CD7E  FFFF,8001
         net3     hermon0.vhca0  2      5AD0000033634  5AD0000033636  FFFF,8001
         net2     hermon0.vhca1  1      5AD0000033634  5AD0000033635  FFFF,8001



       Example 26 Deleting a Partition



       The following command deletes the partition ffff.ibp0.


         # dladm delete-part ffff.ibp0



       Example 27 Using show-link to Display Partition Information



       The  following  command uses the show-link subcommand to display parti‐
       tion information.


         # dladm show-link
         LINK        CLASS     MTU    STATE    OVER
         e1000g0     phys      1500   up       --
         e1000g1     phys      1500   unknown  --
         net0        phys      65520  down     --
         net3        phys      65520  up       --
         net2        phys      65520  up       --
         net1        phys      65520  down     --
         pffff.ibp0  part      2044   down     ibp0
         p8001.ibp2  part      65520  unknown  ibp2



       Example 28 Displaying Links in All Zones from the Global Zone



       The show-link command shown below displays data links in all zones from
       the  global  zone.  Links that are not in the global zone are displayed
       with the zonename prefix followed by the slash (/) separator.



       In this example, net0 is a VNIC created in the global zone,  zone1/net0
       is  an automatically created VNIC for zone1, and zone2/net0 is an auto‐
       matically created VNIC for zone2.


         # dladm show-link
         LINK                CLASS     MTU    STATE    OVER
         e1000g0             phys      1500   up       --
         e1000g1             phys      8170   unknown  --
         e1000g2             phys      1500   unknown  --
         e1000g3             phys      1500   unknown  --
         net0                vnic      1500   up       e1000g0
         zone1/net0          vnic      1500   up       e1000g0
         zone2/net0          vnic      1500   up       e1000g0



       Example 29 Displaying Links in the Global Zone



       The following show-link command displays data links in the global  zone
       only.


         # dladm show-link -z global
         LINK                CLASS     MTU    STATE    OVER
         e1000g0             phys      1500   up       --
         e1000g1             phys      8170   unknown  --
         e1000g2             phys      1500   unknown  --
         e1000g3             phys      1500   unknown  --
         net0                vnic      1500   up       e1000g0



       Example 30 Displaying Links for a Specified Zone



       The following show-link command displays data links in a specific, non-
       global zone.


         # dladm show-link -z zone1
         LINK                CLASS     MTU    STATE    OVER
         zone1/net0          vnic      1500   up       e1000g0



       Example 31 Displaying Links for a Specified Zone from the Global Zone



       The following show-link command displays, from the  global  zone,  data
       links in a specific, non-global zone.


         # dladm show-link -z zone1
         LINK                CLASS     MTU    STATE    OVER
         zone1/net0          vnic      1500   up       e1000g0



       Example 32 Displaying Links in a Non-Global Zone



       The  following show-link shown below is invoked from zone1 and displays
       only data links for that zone.



       Note that, in show-link output, the zone1/ prefix is not displayed. The
       prefix is not displayed because the command was invoked from within the
       zone.


         # zlogin zone1
         # dladm show-link -z zone1
         LINK                CLASS     MTU    STATE    OVER
         net0                vnic      1500   up       ?



       Example 33 Using -Z Option to Display the Current Zone



       The command below presumes the following conditions:


           o      The link net1 is currently assigned to  zoneA.  The  entries
                  net1  and zoneA/net1 represents the same link. The ZONE col‐
                  umn for these two entries is the same and is the name of the
                  zone to which the link is currently assigned.


           o      The link net2 is not assigned to any non-global zone.


           o      The link zoneB/net2 is an automatic VNIC created for zoneB.


           o      The link zoneC/net2 is an automatic VNIC created for zoneC.


           o      The  link  zoneD/net2  is an IP tunnel created inside zoneD.
                  Unlike for net1, each entry for net2 represents a  different
                  link. The ZONE column for these entries is different.



         # dladm show-link -Z
         LINK        ZONE      CLASS     MTU    STATE    OVER
         e1000g0     global    phys      1500   up       --
         e1000g1     global    phys      1500   up       --
         net1        zoneA     vnic      1500   up       e1000g0
         zoneA/net1  zoneA     vnic      1500   up       e1000g0
         net2        global    vnic      1500   up       e1000g1
         zoneB/net2  zoneB     vnic      1500   up       e1000g1
         zoneC/net2  zoneC     vnic      1500   up       e1000g1
         zoneD/net2  zoneD     iptun     65515  up       --



       Example 34 Displaying VDP Information



       The following command displays VDP information for vnic1.


         # dladm show-ether -P vdp vnic1
         LINK    VSI     VSIID           VSI-TYPE-ID      VSI-STATE CMD-PENDING
         ixgbe1  vnic1   2:8:20:3:2:b    0x58/0          ASSOC     DEASSOC



       Example 35 Displaying ECP Information



       The following command displays ECP information for ixgbe1.


         # dladm show-ether -P ecp  ixgbe1
         LINK    SEQNO   ACKNO   LAST-ACK        MAX-RETRIES     TIMEOUTS
         ixgbe1  65535   25660   0               3                164



       Example 36 Setting the VSI Manager ID, VSI Type, and VSI Version



       The  following  commands set the VSI Manager ID, VSI Type, and VSI Ver‐
       sion on vnic1.


         # dladm set-linkprop -p vsi-manager-id=fe80::214:4fff:fec2:67c8 vnic1
         # dladm set-linkprop -p vsi-type-id=0x64,vsi-version=1 vnic1



       Example 37 Migrating a VLAN, Modifying its VLAN-ID



       The following command sequence shows how you migrate a VLAN and  modify
       its VLAN-ID.


         # dladm show-vlan vlan0
         LINK         VID SVID PVLAN-TYPE  FLAGS  OVER
         vlan0            100 --   --          -----  net0
         # dladm modify-vlan -l net1 -v 200 vlan0
         # dladm show-vlan vlan0
         LINK         VID SVID PVLAN-TYPE  FLAGS  OVER
         vlan0            200 --   --          -----  net1



       Example 38 Migrating Multiple VNICs



       The following command sequence shows how you migrate multiple VNICs.


         # dladm show-vnic
         LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS
         vnic0     net0     1000   2:8:20:ec:c4:1d   random         VID:0
         vnic1     net0     1000   2:8:20:ec:c4:1e   random         VID:0
         # dladm modify-vnic -l net1 -L net0
         # dladm show-vnic
         LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS
         vnic0     net1     1000   2:8:20:ec:c4:1d   random         VID:0
         vnic1     net1     1000   2:8:20:ec:c4:1e   random         VID:0



       Example 39 Migrating a VNIC and Modifying its MAC Address



       The  following command sequence shows how you migrate a VNIC and modify
       its MAC address.


         # dladm show-vnic vnic0
         LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS
         vnic0     net0     1000   2:8:20:ec:c4:1d   random         VID:0
         # dladm modify-vnic -l net1 -m 2:8:20:00:01:02 vnic0
         # dladm show-vnic vnic0
         LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS
         vnic0     net1     1000   2:8:20:0:1:2      fixed          VID:0



       Example 40 Configuring cos and ETS Bandwidth



       The following example creates a VNIC with name vnic1 over the  physical
       link net1 and assigns to it a cos value of 3.


         # dladm create-vnic -p cos=3 -l net1 vnic1




       All  packets transmitted by vnic1 will have a VLAN header with the pri‐
       ority field set to 3.



       Additionally, if the underlying physical NIC has registered  DCB  capa‐
       bility,  an  ETS bandwidth can be assigned to vnic1. The following com‐
       mands assume the LLDP package is not installed or enabled.



       Check if the underlying NIC has registered  DCB  capability  using  the
       num-tcs  link property. If the value of num-tcs is non-zero, the under‐
       lying NIC has registered DCB capability.


         # dladm show-linkprop -p num-tcs net1




       The following command assigns an ETS bandwidth of  10%  of  the  link's
       bandwidth to vnic1.


         # dladm set-linkprop -p ets-bw-local=10 vnic1




       Note if the max-bw link property has also been set, then the traffic is
       limited by the max-bw value.



       With the LLDP package (service/network/lldp) installed and enabled, the
       ETS  bandwidth  configuration  will follow the IEEE 802.1Qaz specifica‐
       tion.



       The LLDP ETS TLV willing property determines whether the local  or  the
       remote's configuration is applied or used.



       The  ets-bw-local-advice  link property indicates the value recommended
       by the remote, if available. The effective value of  ets-bw-local  link
       property  will  indicate the actual ETS bandwidth assigned to vnic1, as
       shown below.


         # dladm show-linkprop -p ets-bw-local-advice, ets-bw-local-effective vnic1




       The following command is used to advice the peer to assign 10%  of  the
       link's bandwidth for vnic1.


         # dladm set-linkprop -p ets-bw-remote-advice=10 vnic1



       Example 41 Configuring an EoIB datalink



       Inspect  the  list  of  all  gateways reachable from a specific IB port
       'ibp1'.


         # dladm show-ib ibp1
         LINK   HCAGUID        PORTGUID       PORT STATE  GWNAME    GWPORT    PKEYS
         ibp1   212800013F2F5A 212800013F2F5B 1    up     nm2gw-1   0a-eth-1  FFFF
                                                          nm2gw-1   0a-eth-2
                                                          nm2gw-1   0a-eth-3
                                                          nm2gw-1   0a-eth-4




       Create an EoIB datalink elink1 binding the host IB port 'ibp1'  to  the
       Ethernet port '0a-eth-2' on the EoIB Gateway 'nm2gw-1'.


         # dladm create-eoib -l ibp1 -g nm2gw-1 -c 0a-eth-2 elink1




       Verify  that an IP interface may be created over the newly created EoIB
       datalink elink1.


         # ipadm create-ip elink1
         # ipadm create-addr -T static -a local=192.168.99.142/24 elink1/v4



         # dladm show-eoib
         LINK    GWNAME  GWPORT   GWID   FLAGS   SPEED  MACADDRESS     OVER
         elink1  nm2gw-1 0a-eth-2 1A8    aHnU--  10000  0:25:8b:60:2:3 ibp1




       If the EoIB datalink elink1 is no longer required and may  be  removed,
       delete  any  IP  interfaces (or VNICs) built over the datalink and then
       delete the datalink itself using the delete-eoib subcommand.


         # ipadm delete-ip elink1
         # dladm delete-eoib elink1
         # dladm show-eoib


       Example 42 Configuring an EoIB datalink Over an IB Port That is Down




         # dladm show-ib -p -o state ibp2
         down

         # dladm create-eoib -l ibp2 -g nm2gw-1 -c 0a-eth-1 elink2

         # ipadm create-ip elink2

         # dladm show-link elink2
         LINK                CLASS     MTU    STATE    OVER
         elink2              eoib      1500   down     ibp2




       Now, enable the IB port for ibp2 and check the datalink state.




         # dladm show-ib -p -o state ibp2
         up

         # dladm show-link elink2
         LINK                CLASS     MTU    STATE    OVER
         elink2              eoib      1500   up       ibp2


       Example 43 Configuring an EoIB Datalink When IB Subnet Manager is Down




         nm2gw-2# disablesm
         Stopping partitiond-daemon. [  OK  ]
         Stopping IB Subnet Manager..-. [  OK  ]

         ib-host# sminfo
         ibwarn: [2488] _do_madrpc: recv failed: Connection timed out
         ibwarn: [2488] mad_rpc: _do_madrpc failed; dport (Lid 1)
         sminfo: iberror: failed: query

         ib-host# dladm create-eoib -l ibp2 -g nm2gw-2 -c 0a-eth-1 elink3

         ib-host# ipadm create-ip elink3

         ib-host# dladm show-link elink3
         LINK                CLASS     MTU    STATE    OVER
         elink3              eoib      1500   down     ibp2




       Now, enable the IB Subnet Manager on the Gateway and check the state of
       the datalink again.


         ib-host# dladm show-link elink3
         LINK                CLASS     MTU    STATE    OVER
         elink3              eoib      1500   up       ibp2


       Example 44 Displaying the Probe State of the DLMP Mode Aggregation



       The  following command displays the probe state of the DLMP mode aggre‐
       gation.


         # dladm show-aggr -S aggr1
         LINK       PORT   FLAGS  STATE  TARGETS        XTARGETS
         aggr1      s1     u--3   active 192.169.0.2    s0
         --         s0     u-2-   active --             s1


       Example 45 Creating a Known WLAN



       The following command creates a Known WLAN with a default  priority  of
       0.


         # dladm create-wlan home




       To  create a Known WLAN for a WiFi network that uses WPA encryption and
       associate a secure object with it, enter the following command:


         # dladm create-wlan -p security-mode=wpa,key=office-key office




       If the office Known WLAN already exists, the properties can be set with
       the following command:


         # dladm set-wlan -p security-mode=wpa,key=office-key office



       Example 46 Changing the priority of a Known WLAN



       The following displays how to change the priority of a Known WLAN to 5.


         # dladm set-wlan -p priority=5 home



       Example 47 Displaying all Known WLANs



       The  following  command displays the Known WLANs configured on the sys‐
       tem.



                 # dladm show-wlan
                 ESSID               PRIORITY  SECURITY-MODE   KEY
                 home                5         --              --
                 office              0         wpa             office-key



       Example 48 Displaying Help



       The following command illustrates the use of invoking the help  subcom‐
       mand without arguments.


         # dladm help
         The following subcommands are supported:
         Bridge          : add-bridge     create-bridge   delete-bridge
                           modify-bridge  remove-bridge   show-bridge
         Etherstub       : create-etherstub delete-etherstub show-etherstub
         EoIB            : create-eoib    delete-eoib     show-eoib
         IB              : create-part    delete-part     show-ib
                           show-part
         IP tunnel       : create-iptun   delete-iptun    modify-iptun
                           show-iptun
         Link Aggregation: add-aggr       create-aggr     delete-aggr
                           modify-aggr    remove-aggr     show-aggr
         Link            : rename-link    reset-linkprop  set-linkprop
                           show-link      show-linkprop
         Secure Object   : create-secobj  delete-secobj   show-secobj
         VLAN            : create-vlan    delete-vlan     modify-vlan
                           show-vlan
         VNIC            : create-vnic    delete-vnic     modify-vnic
                           show-vnic
         VXLAN           : create-vxlan   delete-vxlan    show-vxlan
         Wifi            : connect-wifi   disconnect-wifi scan-wifi
                           show-wifi
         Known WLAN      : create-wlan    delete-wlan     show-wlan
                           set-wlan       reset-wlan
         Miscellaneous   : delete-phys    show-ether      show-phys
         For more info, run: dladm help <subcommand>




       The  following command illustrates the use of invoking the help subcom‐
       mand with a specific subcommand.


         # dladm help create-vnic
         usage:
                   create-vnic     [-t] -l link [-m value | auto |
                   {factory [-n slot-id]} | {random [-r prefix]} |
                   {vrrp -V vrid -A {inet | inet6}} [-v vid [-f]]
                   [-p prop=value[,...]] [-R root-dir] vnic-link

         create-vnic     -t -c <evsname>[/<vportname>] [-T <tenant>] vnic-link>



       Example 49 Creating a VNIC in a Non-Global Zone



       The following example creates a VNIC v1 in non-global zones  zone1  and
       zone2 from the global zone. zone1/net0 and zone2/net0 are automatically
       created VNICs for zone1 and zone2 respectively.


         # dladm create-vnic -t -l net1 zone1/v1
         # dladm create-vnic -t -l net1 zone2/v1
         # dladm show-link -Z
         LINK                ZONE      CLASS     MTU    STATE    OVER
         net1                global    phys      1500   unknown  --
         net0                global    phys      1500   up       --
         zone1/net0          zone1     vnic      1500   up       net0
         zone2/net0          zone2     vnic      1500   up       net0
         zone1/v1            zone1     vnic      1500   up       net1
         zone2/v1            zone2     vnic      1500   up       net1


       Example 50 Using -m to Display a VNIC



       The following command shows how to use the -m option to display a VNIC.



         # dladm show-vnic -m
         LINK    OVER      SPEED  MACADDRESSES      MACADDRTYPES     IDS

         vnic0   net5      10000  0:14:4f:fb:87:ee  fixed            VID:0

         vnic1   net5      10000  0:14:4f:87:13:7a  fixed            VID:0

                                  0:14:4f:87:13:7e  fixed

                                  0:14:4f:f8:7e:a   fixed



       Example 51 Enabling SR-IOV mode and creating a VF VNIC



       The following commands show how to enable SR-IOV mode and create  a  VF
       VNIC.



         # dladm set-linkprop -p iov=on net0
         # dladm show-linkprop -p iov net0
         LINK    PROPERTY  PERM VALUE    EFFECTIVE   DEFAULT   POSSIBLE
         net0    iov       rw   auto     on          auto      auto,on,off




         # dladm create-vnic -lnet0 v1
         # dladm show-linkprop -p iov v1
         LINK    PROPERTY  PERM VALUE    EFFECTIVE   DEFAULT   POSSIBLE
         v1      iov       r-   inherit  on          inherit   inherit,on,off


       Example 52 Displaying SR-IOV information



       The  following  commands can be used to show additional SR-IOV informa‐
       tion (continuing from the previous example).



         # dladm show-phys -V
         LINK    VFS-AVAIL   VFS-INUSE    FLAGS
         net0    30          1            -----




         # dladm show-vnic -V
         LINK    VF-ASSIGNED
         v1      ixgbevf0




       Alternatively, the above fields can specified through the -o option:



         # dladm show-phys -o LINK,VFS-INUSE
         LINK    VFS-INUSE
         net0    1




         # dladm show-vnic -o VF-ASSIGNED
         VF-ASSIGNED
         ixgbevf0


       Example 53 Creating a regular VNIC on a physical link with iov enabled



       The following command can be used to create a regular VNIC  on  a  link
       with iov=on.


         # dladm create-vnic -lnet0 -piov=off v1




       These commands can be used to verify that the VNIC does not have a VF:



         # dladm show-linkprop -p iov v1
         LINK    PROPERTY  PERM VALUE    EFFECTIVE   DEFAULT   POSSIBLE
         v1      iov       r-   off      off         inherit   inherit,on,off




         # dladm show-vnic -V
         LINK    VF-ASSIGNED
         v1      --


       Example  54  Creating  a  VNIC  by  connecting it to an Elastic Virtual
       Switch (EVS)



       The following example creates a VNIC by connecting to an EVS.


         # dladm create-vnic -t -c HR/vport0 vnic0
         # dladm show-vnic -c

         LINK   TENANT     EVS    VPORT    OVER     MACADDRESS        IDS
         vnic0  sys-global HR     vport0   net2     2:8:20:c1:df:14   VID:100




       HR is an EVS and has a port vport0 to which vnic0  will  be  connected.
       vnic0 will inherit all the properties of vport0. HR and vport0 are man‐
       aged through evsadm(8).

       Example 55 Creating IPoIB VNICs



       The following example creates IPoIB VNIC  with  name  ipoib_vnic0  over
       physical link net4 with pkey of 0xffff.


         # dladm create-vnic -l net4 -P 0xffff ipoib_vnic0




       To see the VNIC information:



         # dladm show-vnic

         LINK         OVER    SPEED  MACADDRESS        MACADDRTYPE IDS
         ipoib_vnic0  net4    32000  80:0:0:4a:fe:..   fixed       PKEY:0xFFFF

         # dladm show-vnic  -o link,macaddress

         LINK            MACADDRESS
         ipoib_vnic0     80:0:0:4a:fe:80:0:0:0:0:0:0:0:21:28:0:1:a0:a5:8e



       Example 56 Creating a Veth Pair



       The  following  command  creates a veth pair with veth's name veth1 and
       peer's name veth0.


         # dladm create-veth -r veth0 veth1




       The following command displays the veth information.



         # dladm show-veth

         LINK                MTU    MACADDRESS        PEER
         veth1               1500   a:0:20:ab:48:64   veth0
         veth0               1500   a:0:20:df:e9:d2   veth1



       Example 57 Deleting a Veth



       The following command deletes the veth veth1 and its peer.


         # dladm delete-veth veth1



       Example 58 Changing a Veth Property



       The following command sets mtu to 2000 on veth0 and veth1.



         #dladm set-linkprop -p mtu=2000 veth0
         #dladm set-linkprop -p mtu=2000 veth1
         #dladm show-veth

         LINK                MTU    MACADDRESS        PEER
         veth1               2000   a:0:20:ab:48:64   veth0
         veth0               2000   a:0:20:df:e9:d2   veth1



       Example 59 Creating IPoIB VNICs on InfiniBand DLMP Aggregation



       The following example creates InfiniBand DLMP aggregation over two  HCA
       ports,  then  creates  IPoIB  VNIC  with name ipoib_vnic0 over the DLMP
       aggregation.



         # dladm create-aggr -l net4 -l net5 -m dlmp dlmp_ib0

         # dladm show-aggr -x dlmp_ib0
         LINK       PORT           SPEED DUPLEX   STATE     ADDRESS            PORTSTATE
         dlmp_ib0   --             32000Mb full    up       unknown            --
                   net4           32000Mb full    up       unknown            attached
                   net5           32000Mb full    up       unknown            attached

         # dladm create-vnic -l dlmp_ib0 -P ffff ipoib_vnic0

         # dladm show-vnic ipoib_vnic0
         LINK            OVER           SPEED  MACADDRESS        MACADDRTYPE IDS
         ipoib_vnic0     dlmp_ib0       32000  80:0:0:4a:fe:..   fixed       PKEY:0xffff

         # dladm show-aggr -C dlmp_ib0
         LINK       PORT           SPEED DUPLEX   STATE     CLIENTS
         dlmp_ib0   --             32000Mb full    up       --
                   net4           32000Mb full    up       ipoib_vnic0
                   net5           32000Mb full    up       --




ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       /usr/sbin


       tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE  TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/network _ Interface StabilityCommit‐
       ted



       /sbin


       tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE  TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
       ted



       Note that, for both /usr/sbin and /sbin, the -s and -i options  to  the
       show-aggr,  show-link and show-vnic subcommands are Committed Obsolete.
       These options will be removed in a future release.


       Note that, for both /usr/sbin and  /sbin,  the  virtual-switching  link
       property has an interface stability of Volatile.


       Note  that the bridge-related subcommands, described with dladm subcom‐
       mands above, require installation of the pkg://solaris/network/bridging
       package.


       Note  that,  the -H option in dladm show-linkprop -H and the associated
       fields: HWPOSSIBLE, SWPOSSIBLE,  HWFLAGS,  SWFLAGS  and  MODE  have  an
       interface stability of Volatile.

SEE ALSO
       dlpi(4P),   attributes(7),   ieee802.3(7),   acctadm(8),   autopush(8),
       datalink-management(5), dlstat(8),  evsadm(8),  ibadm(8),  ifconfig(8),
       in.dlmpd(8),  ipadm(8),  ipsecconf(8),  lldpadm(8),  ndd(8), netadm(8),
       netcfg(8), pooladm(8), poolcfg(8), psrset(8),  vrrpadm(8),  zonecfg(8),
       dhcpagent(8)


       Configuring and Managing Network Components in Oracle Solaris 11.4

NOTES
       The  preferred method of referring to an aggregation in the aggregation
       subcommands is by its link name. Referring to  an  aggregation  by  its
       integer  key is supported for backward compatibility, but is not neces‐
       sary. When creating an aggregation, if a key is specified instead of  a
       link  name, the aggregation's link name will be automatically generated
       by dladm as aggrkey.



Oracle Solaris 11.4               11 May 2021                         dladm(8)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3