svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
dladm(8)
System Administration Commands dladm(8)
NAME
dladm - administer data links
SYNOPSIS
dladm
dladm show-link [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [link]
dladm rename-link [-R root-dir] link new-link
dladm delete-phys phys-link
dladm show-phys [-PZ] [-Lmv] [[-p] -o field[,...]] [-H]
[-z zone[,...]] [[-D [dcb-feature]] [-lr]] [-G] [phys-link]
dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode]
[-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L lacpmode]
[-T time] [-u address] aggr-link
dladm delete-aggr [-t] [-R root-dir] aggr-link
dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
aggr-link
dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
aggr-link
dladm show-aggr [-PLxZSCv] [[-p] -o field[,...]] [-z zone[,...]]
[aggr-link]
dladm create-bridge [-P protect] [-R root-dir] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay]
[-f force-protocol] [-l link...] bridge-name
dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay]
[-f force-protocol] bridge-name
dladm delete-bridge [-R root-dir] bridge-name
dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
dladm show-bridge [-flt] [[-p] -o field,...]
[bridge-name]
dladm create-vlan [-ft] [-R root-dir] -l ether-link
-v vid[,pvlan-svid[,pvlan-type]] [vlan-link]
dladm modify-vlan [-t] [-R root-dir] [-l ether-link]
[-v vid[,pvlan-svid[,pvlan-type]] [-f]]
{vlan-link,[vlan-link,...] | -L ether-link}
dladm delete-vlan [-t] [-R root-dir] vlan-link
dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [vlan-link]
dladm create-wlan [-R root-dir] [-p prop=value[,...]] <wlan-name>
dladm delete-wlan [-R root-dir] <wlan-name>
dladm set-wlan [-R root-dir] -p prop=value[,...] <wlan-name>
dladm reset-wlan [-R root-dir] -p prop=value[,...] <wlan-name>
dladm show-wlan [[-p] [-o field[,...]] [wlan-name]
dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none | wpa ] [-a open | shared] [-b bss | ibss] [-c]
[-m a | b | g | n ] [-T time] [-w] [wifi-link]
dladm disconnect-wifi [-a] [-d] [wifi-link]
dladm show-wifi [-Z] [[-p] -o field[,...]] [-z zone[,...]] [wifi-link]
dladm show-ether [-xZ] [[-p] -o field[,...]] [-z zone[,...]]
[-P protocol] [ether-link]
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
dladm show-linkprop [-HPZ] [[-c] -o field[,...]] [-p prop[,...]]
[-z zone[,...]] [link]
dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
dladm create-vnic [-t] [-f] -l link [-R root-dir] [-m value | auto |
{factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
| {random [-r prefix]}] [-v vlan-id][,pvlan-svid[,pvlan-type]]
[-P pkey] [-p prop=value[,...]] vnic-link
dladm create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] <vnic-link>
dladm modify-vnic [-t] [-R root-dir] [-l link] [-m value | auto |
{factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
| {random [-r prefix]}] [-v vlan-id[,pvlan-svid[,pvlan-type]]]
{vnic-link,[vnic-link,...] | -L link}
dladm delete-vnic [-t] [-R root-dir] vnic-link
dladm show-vnic [-P | {-z zone[,..]}] [[-p] -o field[,..]] [-l link]
[vnic-link]
dladm show-vnic [-Zmv] [-l link] [vnic-link]
dladm create-etherstub [-t] [-R root-dir] etherstub
dladm delete-etherstub [-t] [-R root-dir] etherstub
dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]
dladm create-iptun [-t] [-R root-dir] -T type
[-a {local|remote}=addr,...] iptun-link
dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,...
iptun-link
dladm delete-iptun [-t] [-R root-dir] iptun-link
dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [iptun-link]
dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey
[-p prop=value[,...]] part-link
dladm delete-part [-t] [-R root-dir] part-link
dladm show-part [-pP] [-o field[,...]] [-l ib-link] [part-link]
dladm create-eoib [-t] [-R root-dir] -l ib-link -g gw-system-name
-c gw-eth-port eoib-link
dladm delete-eoib [-t] [-R root-dir] eoib-link
dladm show-eoib [-PZ] [-g gw-system-name] [-l ib-link] [[-p]
-o field[,...]] [-z zone [,...]] [eoib-link]
dladm show-ib [-pP] [-o field[,...]] [ib-link]
dladm create-vxlan [-t] [-R root-dir]
-p vni=<vxlan-id>,addr=<ip_address>[,prop=value[,...]] vxlan-link
dladm create-vxlan [-t] [-R root-dir]
-p vni=<vxlan-id>,interface=<interface_name>[,prop=value[,...]]
vxlan-link
dladm show-vxlan [-pP] [-o field[,...]] [vxlan-link]
dladm delete-vxlan [-t] [-R root-dir] vxlan-link
dladm create-cap [-t] [-R root-dir] cap-link
dladm show-cap [-pP] [-o field[,...]] [cap-link]
dladm delete-cap [-t] [-R root-dir] cap-link
dladm create-veth [-t] [-p {<prop>=<val>[,...]}[,...]]
-r peer_veth_endpoint veth_endpoint
dladm show-veth [-P] [veth_endpoint | peer_veth_endpoint]
dladm delete-veth [-t] {veth_endpoint | peer_veth_endpoint}
dladm help [subcommand-name]
DESCRIPTION
The dladm command is used to administer data-links. A data-link is rep‐
resented in the system as a STREAMS DLPI (v2) interface which can be
plumbed under protocol stacks such as TCP/IP. Each data-link relies on
either a single network device or an aggregation of devices to send
packets to or receive packets from a network.
Datalink configuration can also be specified at install time through
the System Configuration profiles. For more information, on System Con‐
figuration profiles, see datalink-management(5) for details.
Each dladm subcommand operates on one of the following objects:
link
A datalink, identified by a name. The name can be at most 30 char‐
acters, and must start with an alphabetic character and end with a
number between 0 and 4294967294 inclusive (leading zeroes are not
permitted). The rest of the name can use any combination of
alphanumeric characters, along with '.' and '_'. In addition,
datalink names may also contain the special delimiter characters
'/' and '-', as described below.
When viewed from the global zone, datalinks inside a zone will have
a prefix (identifying the zone), followed by a '/' and the tradi‐
tional datalink name. Thus, datalink "net0" inside zone "myzone"
will appear as "myzone/net0" when viewed from the global zone. This
ensures that the datalink names are always unique.
Datalinks automatically created to support a particular feature
will contain a prefix identifying the feature followed by a '-' and
a traditional datalink name (for example, ldoms-vsw1.port2). This
ensures that such datalinks will not have naming conflicts. Accord‐
ingly, dladm cannot be used to create datalinks that contain '-'.
The following are some of the prefixes that have been assigned:
sp Datalinks connected to service processors.
ldoms Datalinks used by LDOMs guest domains.
vrrp Datalinks used by L2 VRRP virtual routers.
Some subcommands operate only on certain types or classes of
datalinks. For those cases, the following object names are used:
aggr-link
An aggregation datalink (or a key; see NOTES).
eoib-link
An Ethernet-over-InfiniBand (EoIB) datalink.
ether-link
A physical Ethernet datalink.
iptun-link
An IP tunnel link.
part-link
An InfiniBand (IB) partition data link.
phys-link
A physical datalink.
vlan-link
A VLAN datalink.
veth-link
A virtual Ethernet datalink.
vnic-link
A virtual network interface created on a link or an etherstub.
It is a pseudo device that can be treated as if it were an net‐
work interface card on a machine.
wifi-link
A WiFi datalink.
bridge
A bridge instance, identified by an administratively-chosen name.
The name may use any alphanumeric characters or the underscore, _,
but must start and end with an alphabetic character. A bridge name
can be at most 31 characters. The name default is reserved, as are
all names starting with SUNW.
Note that appending a zero (0) to a bridge name produces a valid
link name, used for observability.
Also note that the bridge-related subcommands, described with dladm
subcommands below, require installation of the pkg://solaris/net‐
work/bridging package.
dev
A network device, identified by concatenation of a driver name and
an instance number.
etherstub
An Ethernet stub can be used instead of a physical NIC to create
VNICs. VNICs created on an etherstub will appear to be connected
through a virtual switch, allowing complete virtual networks to be
built without physical hardware.
part
An IB partition link created on a IB physical link.
secobj
A secure object, identified by an administratively-chosen name. The
name can use any alphanumeric characters, as well as underscore
(_), period (.), and hyphen (-). A secure object name can be at
most 32 characters.
veth
Veth (Virtual Ethernet datalink) come in pairs and are always con‐
nected to form a full-duplex point-to-point link. The packets
transmitted on one end will be received on the other end and vice-
versa. They can be thought of as a physical cable with a NIC on
each end.
wlan-name
A Known WLAN object, identified by the ESSID of a WiFi network.
Known WLANs are a prioritized list that can be used by connect-wifi
subcommand to automatically pick a WiFi network to connect to, if
none is specified.
dladm is implemented as a set of subcommands with corresponding
options. Options are described in the context of each subcommand. Many
of the subcommands have the following as a common option:
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where the operation-such as
creation, deletion, or renaming-should apply.
dladm also supports a command form with no arguments. When invoked this
way, dladm displays basic configuration information for all datalinks
on a system. See EXAMPLES.
SUBCOMMANDS
The following subcommands are supported:
dladm show-link [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [link]
Show link configuration information either for all datalinks or for
the specified link. By default, the system is configured with one
datalink for each known network device. The option to print link
statistics is moved to dlstat(8).
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. By default
(without -o), show-link displays all fields.
LINK
The name of the datalink.
ZONE
The current zone of the datalink.
CLASS
The class of the datalink. dladm distinguishes between the
following classes:
aggr
Link Aggregation either as Datalink Multipathing (dlmp)
or IEEE 802.3ad trunk. The show-aggr subcommand dis‐
plays more details for this class of datalink.
bridge
A bridge instance, identified by an administratively-
chosen name.
eoib
An EoIB interface. The show-eoib subcommand displays
more detail for this class of datalink.
etherstub
Instance of an etherstub. An Ethernet stub can be used
instead of a physical NIC to create VNICs. VNICs cre‐
ated on an etherstub will appear to be connected
through a virtual switch, allowing complete virtual
networks to be built without physical hardware.
iptun
An instance of an IP tunnel link.
part
An IP-over-IB interface. The show-part subcommand dis‐
plays more detail for this class of datalink.
phys
A physical datalink. The show-phys subcommand displays
more detail for this class of datalink.
vlan
A VLAN datalink. The show-vlan subcommand displays more
detail for this class of datalink.
vnic
A virtual network interface. The show-vnic subcommand
displays more detail for this class of datalink.
MTU
The maximum transmission unit size for the datalink being
displayed.
STATE
The virtual link state of the datalink. The state can be
up, down, or unknown. When a NIC is carved up into multiple
virtual NICs (VNICs), then a virtual switch is created
internally to allow the VNICs and the primary datalink to
communicate as long as they are on the same VLAN. These
datalinks can talk to each other, even if the physical
datalink has no connection with the external network. This
forms the virtual link state of the datalink.
For IPoIB vnics, if the link is down, use show-ib subcom‐
mand to check the underlying port status and configured
pkeys, and the show-linkprop subcommand to check the broad‐
cast-group property.
BRIDGE
The name of the bridge to which this link is assigned, if
any.
OVER
The physical datalink(s) over which the datalink is operat‐
ing. This applies to aggr, bridge, eoib, vlan and part
classes of datalinks. A VLAN, IB partition, or EoIB
datalink is created over a single physical datalink, a
bridge has multiple attached links, and an aggregation is
comprised of one or more physical datalinks.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P, --persistent
Display the persistent link configuration.
-Z
Display ZONE column in the output.
-z zone[,...]
Display links from the specified zones. By default, dladm dis‐
plays links in all the zones when it is run from the global
zone. The links in other zones are displayed with the corre‐
sponding zonename as its prefix, followed by the slash (/) sep‐
arator. For example, zone1/net0
When run from a non-global zone, this subcommand displays only
links from that zone. A non-global zone cannot see links in
other zones.
dladm rename-link [-R root-dir] link new-link
Rename link to new-link. This is used to give a link a meaningful
name, or to associate existing link configuration such as link
properties of a removed device with a new device. See the EXAMPLES
section for specific examples of how this subcommand is used.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm delete-phys phys-link
This command is used to delete the persistent configuration of a
link associated with physical hardware which has been removed from
the system.
Layer 3 components such as ip interfaces should be deleted manually
using the ipadm delete commands. See the EXAMPLES section.
dladm show-phys [-PZ] [-Lmv] [[-p] -o field[,...]] [-H]
[-z zone[,...]] [[-D [dcb-feature]] [-lr]] [-G] [phys-link]
Show the physical device and attributes of all physical links, or
of the named physical link. Without -P, only physical links that
are available on the running system are displayed.
-D [dcb-feature]
Show DCB (Data Center Bridging)-related configuration informa‐
tion on the phys-link. Supported dcb-features include ets
(Enhanced Transmission Selection, IEEE 802.1Qaz) and pfc (Pri‐
ority-based Flow Control, IEEE 802.1Qbb). The output for dcb-
feature is unstable.
Output from -D ets displays the following elements for ETS DCB
feature:
LINK
The name of the datalink.
COS
802.1p priority value.
ETSBW_LCL_EFFECT
The effective ETS BW as a percentage for the CoS (802.1p
priority) value.
ETSBW_RMT_EFFECT
The effective ETS BW as a percentage for the CoS (802.1p
priority) value on the peer.
ETSBW_LCL_SOURCE
Indicates the source for ETSBW_LCL_EFFECT value. This could
be either local (configured) or remote (recommended) value.
CLIENTS
MAC clients that are using the CoS value.
-l
For ETS DCB feature, this shows additional local information:
ETSBW_LCL
The configured ETS BW as a percentage for the CoS (802.1p
priority) value.
ETSBW_LCL_EFFECT
The effective ETS BW as a percentage for the CoS (802.1p
priority) value.
ETSBW_LCL_ADVICE:
The ETS BW as a percentage for the CoS (802.1p priority)
value that is recommended by the peer.
-r
For ETS DCB feature, this shows additional remote information:
ETSBW_RMT_EFFECT
The effective ETS BW as a percentage for the CoS (802.1p
priority) value on the peer.
ETSBW_RMT_ADVICE:
The ETS BW as a percentage for the CoS (802.1p priority)
value that is recommended to the peer.
Output from -D pfc displays the LINK, COS, and CLIENTS fields,
just the same as the -D ets output. In addition, -D pfc dis‐
plays the following elements specifically for PFC DCB feature:
PFC
If the configured PFC is enabled for the CoS (802.1p prior‐
ity) value.
PFC_EFFECT
If the effective PFC is enabled for the CoS (802.1p prior‐
ity) value.
-H
Show hardware resource usage, as returned by the NIC driver.
Output from -H displays the following elements:
LINK
The name of the datalink.
RINGTYPE
The type of the ring, either RX or TX.
RINGS
The ring index. A ring is an hardware resource, which typi‐
cally maps to a DMA channel, that can be programmed for
specific use. For example, an RX ring can be programmed to
receive only packets belonging to a specific MAC address.
CLIENTS
MAC clients that are using the rings.
-L
Display location information for the physical devices/links.
Output is in location order — that is, onboard devices before
expansion slots — and location information (for example, PCIexp
Slot 2, MB) is supplied where available. Output from -L sup‐
ports the following elements:
LINK
A physical device corresponding to a NIC driver.
DEVICE
The name of the physical device under this link.
LOC
Physical location description string (where available).
-m
Display the list of factory MAC addresses, their slot identi‐
fiers, and their availability.
-v
Display the list of VLAN IDs or PKEYS, their availability, and
which client is using them.
ID The VLAN ID (PKEYS) supported on this Ethernet
(IPoIB) device.
INUSE Whether the VLAN ID (PKEYS) is in use or not.
CLIENT The list of clients who are using this VLAN ID
(PKEYS).
VIDS The VLAN ID supported on this physical device. For
IPoIB device, the output will show --.
PKEYS The PKEYS supported on this physical device. For Eth‐
ernet device, the output will show --.
Note -
The output of this option is applicable for para-virtualized
devices. For example, solaris-kz brand's zvnet device or
LDOM's vnet device. For other devices, the output is shown as
--.
-V
Display SR-IOV information for a physical link. The output
shows:
LINK The physical link name.
VFS-AVAIL The number of VFs available on this physical link.
VFS-INUSE The number of VFs in use by this physical link.
FLAGS The only possible flag is l, which stands for
LDOMs-managed. If this flag is set, dladm will not
be able to create VF VNICs on this physical link.
-G
Display hardware ring group resource information for a physical
link. Both transmit and receive hardware rings are DMA channels
and can be exposed by device drivers. Rings are associated with
ring groups. Receive ring groups are associated with one or
more MAC addresses, and all network traffic matching any of the
MAC addresses associated with a receive group must be delivered
by the NIC through one of the rings of that group. The steering
of traffic to the receive ring groups is enabled in the hard‐
ware through layer-2/3 classification. The output displays:
LINK The physical link name.
RG-AVAIL The number of ring groups available on a phys‐
ical link.
RG-INUSE-UMAC The number of ring groups being used by kernel
data path bypass (see net_kernel_bypass).
RG-INUSE-VNIC The number of ring groups being used by VNICs.
RG-INUSE-FLOW The number of ring groups being used by FLOWs.
-i
Display information for an implicitly created physical link.
The output shows:
LINK
The physical link name.
MEDIA
The media type provided by the physical datalink.
ID
The unique identifier for the implicitly created physical
datalink. Shows anet id for the Ethernet datalinks in the
format of "anet:<id>" within a solaris-kz brand zone.
DEVICE
The name of the physical device for this link.
ACTIVE
The underlying device actively in use.
STANDBY
The underlying device put as standby.
-o field, --output=field
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. For each link,
the following fields can be displayed:
LINK
The name of the datalink.
MEDIA
The media type provided by the physical datalink.
STATE
The physical link state of the datalink. This can be up,
down, or unknown. The physical link state identifies
whether the physical device has connectivity with the
external network (it does, if the cable is plugged in and
the state of the port on the other end of the cable is
"up").
SPEED
The current speed of the link, in megabits per second.
DUPLEX
For Ethernet links, the full/half duplex status of the link
is displayed if the link state is up. The duplex is dis‐
played as unknown in all other cases.
DEVICE
The name of the physical device under this link.
ALLOWED-ADDRESSES
Specifies the list of MAC prefixes that are 1 to 5 octets
long. This column is applicable in solaris-kz brand zone
for para-virtualized device, namely, zvnet. VNICs with MAC
addresses that start with any one of the prefixes in the
list can be created inside the solaris-kz(7) brand zone.
ALLOWED-VIDS
Specifies the list of VLAN ID ranges. This column is appli‐
cable in solaris-kz brand zone for para-virtualized device,
namely, zvnet. VNICs with VLAN IDs that are in the list can
be created inside the solaris-kz(7) brand zone.
RG-AVAIL
The number of ring groups available on a physical link.
RG-INUSE-UMAC
The number of ring groups being used by kernel data path
bypass (see net_kernel_bypass(3LIB)).
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P, --persistent
This option displays persistent configuration for all links,
including those that have been removed from the system. The
output provides a FLAGS column in which the r flag indicates
that the physical device associated with a physical link has
been removed. For such links, delete-phys can be used to purge
the link's configuration from the system.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
By default, Oracle Solaris assigns link names with the prefix of
net. Before installing Oracle Solaris, you can change this default
by modifying the value of the linkname-policy/phys-prefix SMF prop‐
erty of the service svc:/network/datalink-management:default. Spec‐
ify a new value for this property in the System Configuration mani‐
fests used the Automated Install (AI) program.
dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode]
[-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
Combine a set of links into a single link aggregation named aggr-
link. The aggregation could be Datalink Multipathing (dlmp) or IEEE
802.3ad compliant. The use of an integer key to generate a link
name for the aggregation is also supported for backward compatibil‐
ity. Many of the *-aggr subcommands below also support the use of a
key to refer to a given aggregation, but use of the aggregation
link name is preferred. See the NOTES section for more information
on keys.
dladm supports a number of port selection policies for an aggrega‐
tion of ports. (See the description of the -P option, below.) If
you do not specify a policy, create-aggr uses the default, the L4
policy, described under the -P option.
-l ether-link, --link=ether-link
Each Ethernet link (or port) in the aggregation is specified
using an -l option followed by the name of the link to be
included in the aggregation. Multiple links are included in the
aggregation by specifying multiple -l options. For backward
compatibility with previous versions of Oracle Solaris, the
dladm command also supports the using the -d option (or --dev)
with a device name to specify links by their underlying device
name. The other *-aggr subcommands that take -l options also
accept -d.
-t, --temporary
Specifies that the aggregation is temporary. Temporary aggrega‐
tions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-m mode
Mode must be set to one of the following:
trunk
IEEE 802.3ad compliant link aggregation. If unspecified,
mode is trunk.
dlmp
Datalink Multipathing mode. A layer 2 high availability
technology that can provide failover among multiple
switches, and does not require switch configuration. A dlmp
link aggregation can also aggregate ports connected to same
switch. However, it cannot be used in back-to-back setup.
An dlmp link aggregation is limited in its load-spreading
ability: MAC clients configured on plumbed dlmp aggr are
distributed across all aggr ports but an individual MAC
client cannot spread load across multiple ports.
This mode is not IEEE 802.3ad compliant. Setting policy,
lacpmode, time or MAC address is invalid in this mode.
-P policy, --policy=policy
Specifies the port selection policy to use for load spreading
of outbound traffic. The policy specifies which dev object is
used to send packets. A policy is a list of one or more layers
specifiers separated by commas. A layer specifier is one of the
following:
L2
Select outbound device according to source and destination
MAC addresses of the packet.
L3
Select outbound device according to source and destination
IP addresses of the packet.
L4
Select outbound device according to the upper layer proto‐
col information contained in the packet. For TCP and UDP,
this includes source and destination ports. For IPsec, this
includes the SPI (Security Parameters Index).
For example, to use upper layer protocol information, the fol‐
lowing policy can be used:
-P L4
Note that policy L4 is the default.
To use the source and destination MAC addresses as well as the
source and destination IP addresses, the following policy can
be used:
-P L2,L3
-L lacpmode, --lacp-mode=mode
Specifies whether LACP should be used and, if used, the mode in
which it should operate. Supported values are off, active or
passive.
-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values are short
or long.
-u address, --unicast=address
Specifies a fixed unicast hardware address to be used for the
aggregation. If this option is not specified, then an address
is automatically chosen from the set of addresses of the compo‐
nent devices.
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L lacpmode]
[-T time] [-u address] aggr-link
Modify the parameters of the specified aggregation.
-t, --temporary
Specifies that the modification is temporary. Temporary aggre‐
gations last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-m mode
This option is Obsolete. One can delete the aggregation of one
mode, and create a new with another mode.
-P policy, --policy=policy
Specifies the port selection policy to use for load spreading
of outbound traffic. See dladm create-aggr for a description of
valid policy values.
-L lacpmode, --lacp-mode=mode
Specifies whether LACP should be used and, if used, the mode in
which it should operate. Supported values are off, active, or
passive.
-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values are short
or long.
-u address, --unicast=address
Specifies a fixed unicast hardware address to be used for the
aggregation. If this option is not specified, then an address
is automatically chosen from the set of addresses of the compo‐
nent devices.
(Note that modification of the fixed unicast hardware address
will override any previously defined mac-address link property
defined for the aggregation. See "General Link Properties".)
dladm delete-aggr [-t] [-R root-dir] aggr-link
Deletes the specified aggregation.
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
aggr-link
Adds links to the specified aggregation.
-l ether-link, --link=ether-link
Specifies an Ethernet link to add to the aggregation. Multiple
links can be added by supplying multiple -l options.
-t, --temporary
Specifies that the additions are temporary. Temporary additions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
aggr-link
Removes links from the specified aggregation.
-l ether-link, --link=ether-link
Specifies an Ethernet link to remove from the aggregation. Mul‐
tiple links can be added by supplying multiple -l options.
-t, --temporary
Specifies that the removals are temporary. Temporary removal
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-aggr [-PLxZSCv] [[-p] -o field[,...]] [-z zone[,...]]
[aggr-link]
Show aggregation configuration (the default), LACP information, or
DLMP probe-based failure/recovery detection status either for all
aggregations or for the specified aggregation.
By default (with no options), the following fields can be dis‐
played:
LINK
The name of the aggregation link.
MODE
The aggregation mode, either trunk or dlmp.
POLICY
The LACP policy of the aggregation. See the create-aggr -P
option for a description of the possible values.
ADDRPOLICY
Either auto, if the aggregation is configured to automatically
configure its unicast MAC address (the default if the -u option
was not used to create or modify the aggregation), or fixed, if
-u was used to set a fixed MAC address.
LACPACTIVITY
The LACP mode of the aggregation. Possible values are off,
active, or passive, as set by the -l option to create-aggr or
modify-aggr.
LACPTIMER
The LACP timer value of the aggregation as set by the -T option
of create-aggr or modify-aggr.
The following field is not part of the default output, but can be
queried using -o.
FLAGS
A set of state flags associated with the aggregation. The only
possible flag is f, which is displayed if the administrator
forced the creation the aggregation using the -f option to cre‐
ate-aggr. Other flags might be defined in the future.
The show-aggr command accepts the following options:
-L, --lacp
Displays detailed LACP information for the aggregation link and
each underlying port. Most of the state information displayed
by this option is defined by IEEE 802.3. With this option, the
following fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation ports.
AGGREGATABLE
Whether the port can be added to the aggregation.
SYNC
If yes, the system considers the port to be synchronized
and part of the aggregation.
COLL
If yes, collection of incoming frames is enabled on the
associated port.
DIST
If yes, distribution of outgoing frames is enabled on the
associated port.
DEFAULTED
If yes, the port is using defaulted partner information
(that is, has not received LACP data from the LACP part‐
ner).
EXPIRED
If yes, the receive state of the port is in the EXPIRED
state.
-x, --extended
Display additional aggregation information including detailed
information on each underlying port. With -x, the following
fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation ports.
SPEED
The speed of the link or port in megabits per second.
DUPLEX
The full/half duplex status of the link or port is dis‐
played if the link state is up. The duplex status is dis‐
played as unknown in all other cases.
STATE
The link state. This can be up, down, or unknown.
ADDRESS
The MAC address of the link or port.
PORTSTATE
This indicates whether the individual aggregation port is
in the standby or attached state.
-C
Displays detailed clients information for the given DLMP aggre‐
gation link and each underlying port. With the -C option, the
following fields can be displayed:
LINK The name of the aggregation link.
PORT The name of one of the underlying aggregation ports.
SPEED The speed of the link or port in megabits per sec‐
ond.
DUPLEX The full/half duplex status of the link or port is
displayed if the link state is up. The duplex status
is displayed as unknown in all other cases.
STATE The link state. This can be up, down, or unknown.
CLIENTS VNIC or VLAN clients that are associated with this
port.
-v
Displays the list of VLAN IDs, their availability, and the
client by using the VLAN ID.
LINK The name of the aggregation link.
MODE The aggregation mode, either trunk or dlmp.
IDS The IPoIB pkeys supported on this DLMP aggregation.
Shows in the format of "PKEY:<pkey_1,...,pkey_n>" on
InfiniBand DLMP aggregation.
-S
Displays detailed probe information for the given DLMP aggrega‐
tion link and each underlying port. With -S, the following
fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation ports.
FLAGS
The four letters of the FLAGS field represent:
link state ´u' for link up, 'd' for link down or '-'
for unknown link state.
prober state ´p' for elected ICMP prober (in case all
ports are failed).
L2 state ´2' for "L2 active".
ICMP state ´3' for "ICMP active".
STATE
The state of the port. Possible values can be "active",
"failed" or "unknown".
TARGETS
The active ICMP targets for this port.
XTARGETS
The active transitive probe targets for this port.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed above,
or the special value all, to display all fields. The fields
applicable to the -o option are limited to those listed under
each output mode. For example, if using -L, only the fields
listed under -L, above, can be used with -o.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P, --persistent
Display the persistent aggregation configuration rather than
the state of the running system.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm create-bridge [-P protect] [-R root-dir] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay]
[-f force-protocol] [-l link...] bridge-name
Create an 802.1D bridge instance and optionally assign one or more
network links to the new bridge. By default, no bridge instances
are present on the system.
In order to bridge between links, you must create at least one
bridge instance. Each bridge instance is separate, and there is no
forwarding connection between bridges.
Note that, for both /usr/sbin and /sbin, virtual-switching link
property has an interface stability of Volatile.
Note that the bridge-related subcommands, create-bridge among them,
require installation of the pkg://solaris/network/bridging package.
-P protect, --protect=protect
Specifies a protection method. The defined protection methods
are stp for the Spanning Tree Protocol and trill for TRILL,
which is used on RBridges. The default value is stp.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p priority, --priority=priority
Specifies the Bridge Priority. This sets the IEEE STP priority
value for determining the root bridge node in the network. The
default value is 32768. Valid values are 0 (highest priority)
to 61440 (lowest priority), in increments of 4096.
If a value not evenly divisible by 4096 is used, the system
silently rounds downward to the next lower value that is divis‐
ible by 4096.
-m max-age, --max-age=max-age
Specifies the maximum age for configuration information in sec‐
onds. This sets the STP Bridge Max Age parameter. This value is
used for all nodes in the network if this node is the root
bridge. Bridge link information older than this time is dis‐
carded. It defaults to 20 seconds. Valid values are from 6 to
40 seconds. See the -d forward-delay parameter for additional
constraints.
-h hello-time, --hello-time=hello-time
Specifies the STP Bridge Hello Time parameter. When this node
is the root node, it sends Configuration BPDUs at this interval
throughout the network. The default value is 2 seconds. Valid
values are from 1 to 10 seconds. See the -d forward-delay
parameter for additional constraints.
-d forward-delay, --forward-delay=forward-delay
Specifies the STP Bridge Forward Delay parameter. When this
node is the root node, then all bridges in the network use this
timer to sequence the link states when a port is enabled. The
default value is 15 seconds. Valid values are from 4 to 30 sec‐
onds.
Bridges must obey the following two constraints:
2 * (forward-delay - 1.0) >= max-age
max-age >= 2 * (hello-time + 1.0)
Any parameter setting that would violate those constraints is
treated as an error and causes the command to fail with a diag‐
nostic message. The message provides valid alternatives to the
supplied values.
-f force-protocol, --force-protocol=force-protocol
Specifies the MSTP forced maximum supported protocol. The
default value is 3. Valid values are non-negative integers. The
current implementation does not support RSTP or MSTP, so this
currently has no effect. However, to prevent MSTP from being
used in the future, the parameter may be set to 0 for STP only
or 2 for STP and RSTP.
-l link, --link=link
Specifies one or more links to add to the newly-created bridge.
This is similar to creating the bridge and then adding one or
more links, as with the add-bridge subcommand. However, if any
of the links cannot be added, the entire command fails, and the
new bridge itself is not created. To add multiple links on the
same command line, repeat this option for each link. You are
permitted to create bridges without links. For more information
about link assignments, see the add-bridge subcommand.
Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG
privilege. Bridge creation might fail if the optional bridging fea‐
ture is not installed on the system.
dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay]
[-f force-protocol] bridge-name
Modify the operational parameters of an existing bridge. The
options are the same as for the create-bridge subcommand, except
that the -l option is not permitted. To add links to an existing
bridge, use the add-bridge subcommand.
Bridge parameter modification requires the PRIV_SYS_DL_CONFIG priv‐
ilege.
dladm delete-bridge [-R root-dir] bridge-name
Delete a bridge instance. The bridge being deleted must not have
any attached links. Use the remove-bridge subcommand to deactivate
links before deleting a bridge.
Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
The -R (--root-dir) option is the same as for the create-bridge
subcommand.
dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name
Add one or more links to an existing bridge. If multiple links are
specified, and adding any one of them results in an error, the com‐
mand fails and no changes are made to the system.
Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privi‐
lege.
A link may be a member of at most one bridge. An error occurs when
you attempt to add a link that already belongs to another bridge.
To move a link from one bridge instance to another, remove it from
the current bridge before adding it to a new one.
The links assigned to a bridge must not also be VLANs, VNICs, or
tunnels. Only physical Ethernet datalinks, aggregation datalinks,
and Ethernet stubs are permitted to be assigned to a bridge.
Links assigned to a bridge must all have the same MTU. This is
checked when the link is assigned. The link is added to the bridge
in a deactivated form if it is not the first link on the bridge and
it has a differing MTU.
Note that systems using bridging should not set the eeprom(8)
local-mac-address? variable to false.
The options are the same as for the create-bridge subcommand.
dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
Remove one or more links from a bridge instance. If multiple links
are specified, and removing any one of them would result in an
error, the command fails and none are removed.
Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privi‐
lege.
The options are the same as for the create-bridge subcommand.
dladm show-bridge [-flt] [[-p] -o field,...] [bridge-name]
Show the running status and configuration of bridges, their
attached links, learned forwarding entries, and TRILL nickname
databases. When showing overall bridge status and configuration,
the bridge name can be omitted to show all bridges. The other forms
require a specified bridge.
The show-bridge subcommand accepts the following options:
-p, --parseable
Display using a stable machine-parseable format. See "Parseable
Output Format," below.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field names are described below. The special value
all displays all fields. Each set of fields has its own default
set to display when -o is not specified.
By default, the show-bridge subcommand shows bridge configuration.
The following fields can be shown:
BRIDGE
The name of the bridge.
ADDRESS
The Bridge Unique Identifier value (MAC address).
PRIORITY
Configured priority value; set by -p with create-bridge and
modify-bridge.
BMAXAGE
Configured bridge maximum age; set by -m with create-bridge and
modify-bridge.
BHELLOTIME
Configured bridge hello time; set by -h with create-bridge and
modify-bridge.
BFWDDELAY
Configured forwarding delay; set by -d with create-bridge and
modify-bridge.
FORCEPROTO
Configured forced maximum protocol; set by -f with create-
bridge and modify-bridge.
TCTIME
Time, in seconds, since last topology change.
TCCOUNT
Count of the number of topology changes.
TCHANGE
This indicates that a topology change was detected.
DESROOT
Bridge Identifier of the root node.
ROOTCOST
Cost of the path to the root node.
ROOTPORT
Port number used to reach the root node.
MAXAGE
Maximum age value from the root node.
HELLOTIME
Hello time value from the root node.
FWDDELAY
Forward delay value from the root node.
HOLDTIME
Minimum BPDU interval.
By default, when the -o option is not specified, only the BRIDGE,
ADDRESS, PRIORITY, and DESROOT fields are shown.
The show-bridge subcommand also accepts the following options:
dladm create-vlan [-ft] [-R root-dir] -l ether-link
-v vid[,pvlan-svid[,pvlan-type]] [vlan-link]
Create a tagged VLAN link with an ID of vid over Ethernet link
ether-link. The name of the VLAN link can be specified as vlan-
link. The name can be specified as zonename/linkname, which will
create the VLAN in the given zone's namespace. If the name is not
specified, a name will be automatically generated (assuming that
ether-link is namePPA) as:
<name><1000 * vlan-tag + PPA>
For example, if ether-link is bge1 and vid is 2, the name generated
is bge2001.
-f, --force
Force the creation of the VLAN link. Some devices do not allow
frame sizes large enough to include a VLAN header. When creat‐
ing a VLAN link over such a device, the -f option is needed,
and the MTU of the IP interfaces on the resulting VLAN must be
set to 1496 instead of 1500.
-l ether-link
Specifies Ethernet link over which VLAN is created.
-t, --temporary
Specifies that the VLAN link is temporary. Temporary VLAN links
last until the next reboot. The -t option must be specified if
the VLAN is created in a non-global zone's namespace.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm modify-vlan [-t] [-R root-dir] [-l ether-link]
[-v vid[,pvlan-svid[,pvlan-type]] [-f]]
{vlan-link,[vlan-link,...] | -L ether-link}
Modifies the underlying link and/or the VLAN-ID of the specified
VLAN link(s). The VLAN link(s) can be specified as a comma-delim‐
ited list or as -L source-ether-link to indicate "all VLANs on
source-ether-link".
-t, --temporary
Specifies that the VLAN modification is temporary.
-R root-dir, --root-dir=root-dir
See "Options," above.
-l ether-link
Specifies the Ethernet link to which to move the VLAN(s). The
Ethernet link must be different from the current one the
VLAN(s) is or are using.
-v vid[,pvlan-svid[,pvlan-type]] [-f]
Specifies the VLAN-ID to be used. This option can be used only
if a single VLAN link is specified. The purpose of the -f
option is the same as in create-vlan, above.
dladm delete-vlan [-t] [-R root-dir] vlan-link
Delete the VLAN link specified.
The delete-vlan subcommand accepts the following options:
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [vlan-link]
Display VLAN configuration for all VLAN links or for the specified
VLAN link.
The show-vlan subcommand accepts the following options:
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. For each VLAN
link, the following fields can be displayed:
LINK
The name of the VLAN link.
VID
The ID associated with the VLAN or the primary VID associ‐
ated with a PVLAN.
SVID
The PVLAN secondary VLAN ID associated with the VNIC.
PVLAN-TYPE
The PVLAN type associated with the VNIC.
OVER
The name of the physical link over which this VLAN is con‐
figured.
FLAGS
A set of flags associated with the VLAN link. Possible
flags are:
f
The VLAN was created using the -f option to create-
vlan.
i
The VLAN was implicitly created when the DLPI link was
opened. These VLAN links are automatically deleted on
last close of the DLPI link (for example, when the IP
interface associated with the VLAN link is unplumbed).
Additional flags might be defined in the future.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P, --persistent
Display the persistent VLAN configuration rather than the state
of the running system.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm create-wlan [-R root-dir] [-p prop=value[,...]] <wlan-name>
Creates a Known WLAN with the given name wlan-name. The wlan-name
represents the ESSID of the WiFi network whose properties can be
saved in this object.
-R root-dir, --root-dir=root-dir
See Options section above.
-p prop=value,..., --prop prop=value,...
A comma-separated list of properties to set to the specified
values.
dladm delete-wlan [-R root-dir] <wlan-name>
Deletes the specified Known WLAN.
-R root-dir, --root-dir=root-dir
See Options section above.
dladm set-wlan [-R root-dir] -p prop=value[,...] <wlan-name>
Sets the value of one of more properties on the Known WLAN speci‐
fied.
-R root-dir, --root-dir=root-dir
See Options section above.
-p prop=value,..., --prop prop=value,...
A comma-separated list of properties to set to the specified
values.
dladm reset-wlan [-R root-dir] -p prop=value[,...] <wlan-name>
Resets the value of one or more properties on the Known WLAN speci‐
fied.
-R root-dir, --root-dir=root-dir
See Options section above.
-p prop=value,..., --prop prop=value,...
A comma-separated list of properties to set to the specified
values.
dladm show-wlan [[-p] [-o field[,...]] [wlan-name]
Displays the Known WLAN configuration for all Known WLANs or the
specified Known WLAN.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p option. See the "Parseable Output Format"
section below.
-o field[,...] , --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. By default
(without the -o option), show-wlan displays all fields.
ESSID
The name of the Known WLAN.
PRIORITY
The relative priority of this Known WLAN; a smaller number rep‐
resents higher priority. If no priority is specified, the
default value of 0 is assigned.
BSSIDS
If a specific access point should be preferred over other the
same ESSID, this property allows the access point's BSSIDs to
be specified.
SECURITY-MODE
The encryption mode of this Known WLAN's WiFi network. The fol‐
lowing values are valid:
none No encryption is used by the WiFi network.
wpa Wi-Fi Protected Access (WPA) encryption is used by the
WiFi Network.
KEY
Secure object name to associate with this Known WLAN. If this
Known WLAN uses an encryption mode that supports multiple
keyslots, the slot to place the key is shown by a colon fol‐
lowed by an index. For example, mykey:3 places mykey in slot 3.
Valid values are 1 to 4. If unspecified, slot 1 is assumed and
used by default.
dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
Scans for WiFi networks, either on all WiFi links, or just on the
specified wifi-link.
By default, currently all fields but BSSTYPE are displayed.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. For each WiFi
network found, the following fields can be displayed:
LINK
The name of the link the WiFi network is on.
ESSID
The ESSID (name) of the WiFi network.
BSSID
Either the hardware address of the WiFi network's Access
Point (for BSS networks), or the WiFi network's randomly
generated unique token (for IBSS networks).
SEC
Either none for a WiFi network that uses no security, or
wpa for a WiFi network that requires WPA (Wi-Fi Protected
Access).
MODE
The supported connection modes: one or more of a, b, g, or
n.
STRENGTH
The strength of the signal: one of excellent, very good,
good, weak, or very weak.
SPEED
The maximum speed of the WiFi network, in megabits per sec‐
ond.
BSSTYPE
Either bss for BSS (infrastructure) networks, or ibss for
IBSS (ad-hoc) networks.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none | wpa ] [-a open | shared] [-b bss | ibss] [-c]
[-m a | b | g | n ] [-T time] [-w] [wifi-link]
Connects to a WiFi network. This consists of four steps: discovery,
filtration, prioritization, and association. However, to enable
connections to non-broadcast WiFi networks and to improve perfor‐
mance, if a BSSID or ESSID is specified using the -e or -i options,
then the first three steps are skipped and connect-wifi immediately
attempts to associate with a BSSID or ESSID that matches the rest
of the provided parameters. If this association fails, but there is
a possibility that other networks matching the specified criteria
exist, then the traditional discovery process begins as specified
below.
The discovery step finds all available WiFi networks on the speci‐
fied WiFi link, which must not yet be connected. For administrative
convenience, if there is only one WiFi link on the system, wifi-
link can be omitted.
Once discovery is complete, the list of networks is filtered
according to the value of the following options:
If no BSSID or ESSID is specified, the information from the Known
WLAN list is utilized to select a WiFi network to connect to. The
WiFi network with the highest priority (the lowest value) in the
Known WLAN list is selected to connect to. If Known WLAN list does
not have any available WiFi networks, the list of networks is fil‐
tered according to the value of the following options:
-e essid, --essid=essid
Networks that do not have the same essid are filtered out.
-b bss|ibss, --bsstype=bss|ibss
Networks that do not have the same bsstype are filtered out.
-m a|b|g, --mode=a|b|g|n
Networks not appropriate for the specified 802.11 mode are fil‐
tered out.
-k key,..., --key=key, ...
Use the specified secobj named by the key to connect to the
network. Networks not appropriate for the specified keys are
filtered out.
-s none|wpa, --sec=none|wpa
Networks not appropriate for the specified security mode are
filtered out.
Next, the remaining networks are prioritized, first by signal
strength, and then by maximum speed. Finally, an attempt is made to
associate with each network in the list, in order, until one suc‐
ceeds or no networks remain.
When the connection to the WiFi network is successful, the network
and any associated security key information is added to the Known
WLAN list, if it is not already on the list. This facilitates
reconnection if the WiFi connection is lost.
In addition to the options described above, the following options
also control the behavior of connect-wifi:
-a open|shared, --auth=open|shared
Connect using the specified authentication mode. By default,
open and shared are tried in order.
-c, --create-ibss
Used with -b ibss to create a new ad-hoc network if one match‐
ing the specified ESSID cannot be found. If no ESSID is speci‐
fied, then -c -b ibss always triggers the creation of a new ad-
hoc network.
-T time, --timeout=time
Specifies the number of seconds to wait for association to suc‐
ceed. If time is forever, then the associate will wait indefi‐
nitely. The current default is ten seconds, but this might
change in the future. Timeouts shorter than the default might
not succeed reliably.
-k key,..., --key=key,...
In addition to the filtering previously described, the speci‐
fied keys will be used to secure the association. The security
mode to use will be based on the key class; if a security mode
was explicitly specified, it must be compatible with the key
class. All keys must be of the same class.
For security modes that support multiple key slots, the slot to
place the key will be specified by a colon followed by an
index. Therefore, -k mykey:3 places mykey in slot 3. By
default, slot 1 is assumed. For security modes that support
multiple keys, a comma-separated list can be specified, with
the first key being the active key.
-w, --wlan-only
Only connect to a WiFi network that is also in the Known WLAN
list. If such a WiFi network is not found, then further connec‐
tion based on the heuristics mentioned above will not be
attempted. This option cannot be specified with other options.
dladm disconnect-wifi [-a] [-d] [wifi-link]
Disconnect from one or more WiFi networks. If wifi-link specifies a
connected WiFi link, then it is disconnected. For administrative
convenience, if only one WiFi link is connected, wifi-link can be
omitted.
-a, --all-links
Disconnects from all connected links. This is primarily
intended for use by scripts.
-d, --delete-wlan
Disconnects from the current WiFi network and also removes it
from the Known WLAN list. This option is for convenience and is
the same as running "dladm disconnect-wifi" followed by "dladm
delete-wlan" commands.
dladm show-wifi [-Z] [[-p] -o field,...] [-z zone[,...]] [wifi-link]
Shows WiFi configuration information either for all WiFi links or
for the specified link wifi-link.
-o field,..., --output=field
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. For each WiFi
link, the following fields can be displayed:
LINK
The name of the link being displayed.
STATUS
Either connected if the link is connected, or disconnected
if it is not connected. If the link is disconnected, all
remaining fields have the value --.
ESSID
The ESSID (name) of the connected WiFi network.
BSSID
Either the hardware address of the WiFi network's Access
Point (for BSS networks), or the WiFi network's randomly
generated unique token (for IBSS networks).
SEC
Either none for a WiFi network that uses no security, or
wpa for a WiFi network that requires WPA.
MODE
The supported connection modes: one or more of a, b, g, or
n.
STRENGTH
The connection strength: one of excellent, very good, good,
weak, or very weak.
SPEED
The connection speed, in megabits per second.
AUTH
Either open or shared (see connect-wifi).
BSSTYPE
Either bss for BSS (infrastructure) networks, or ibss for
IBSS (ad-hoc) networks.
By default, currently all fields but AUTH, BSSID, BSSTYPE are
displayed.
-p, --parseable
Displays using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm show-ether [-xZ] [[-p] -o field[,...]] [-z zone[,...]]
[-P protocol] [ether-link]
Shows state information either for all physical Ethernet links or
for a specified physical Ethernet link.
The show-ether subcommand accepts the following options:
-o field,..., --output=field
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. For each link,
the following fields can be displayed:
LINK
The name of the link being displayed.
PTYPE
Parameter type, where current indicates the negotiated
state of the link, capable indicates capabilities supported
by the device, adv indicates the advertised capabilities,
and peeradv indicates the capabilities advertised by the
link-partner.
STATE
The physical link state of the datalink. This can be up,
down, or unknown. The physical link state identifies
whether the physical device has connectivity with the
external network (it does, if the cable is plugged in and
the state of the port on the other end of the cable is
"up").
AUTO
A yes/no value indicating whether auto-negotiation is
advertised.
SPEED-DUPLEX
Combinations of speed and duplex values available. The
units of speed are encoded with a trailing suffix of G
(Gigabits/s) or M (Mb/s). Duplex values are encoded as f
(full-duplex) or h (half-duplex).
PAUSE
Flow control information. Can be no, indicating no flow
control is available; tx, indicating that the end-point can
transmit pause frames, but ignores any received pause
frames; rx, indicating that the end-point receives and acts
upon received pause frames; or bi, indicating bi-direc‐
tional flow control.
REM_FAULT
Fault detection information. Valid values are none or
fault.
By default, all fields except REM_FAULT are displayed for the
"current" PTYPE.
-p, --parseable
Displays using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P protocol
Displays information about supported Ethernet protocols. Sup‐
ported protocols include vdp, the VSI Discovery and Configura‐
tion protocol, and ecp, Edge Control Protocol.
VDP information is specific to a VNIC. Thus, if the link argu‐
ment is a phys-link, VDP information for all of the VNIC over
the phys-link is displayed.
ECP information is specific to a phys-link.
For VDP, following information is displayed:
VSI
The name of the Virtual Station Interface (VSI) or VNIC.
LINK
The name of the physical link over which this VNIC is con‐
figured.
VSI-STATE
The state of the VDP protocol state machine for the VNIC.
Supported states include ASSOC, DEASSOC, or TIMEDOUT.
VSIID
The identifier for the VSI or VNIC. This identifier is used
by the bridge to associate properties with VNICs. Supported
format for the VSIID is the MAC address. Thus, the VSIID
for a VNIC is its MAC address.
VSI-TYPE-ID
This is VSI Type ID and Version associated with a VNIC and
is of the form VSI Type ID/Version. The VSI Type identifies
the properties associated with the VNIC.
CMD-PENDING
The VDP command that is currently in progress. Supported
commands are: ASSOC, DEASSOC. The ASSOC command requests
the bridge to associate properties with a VSI (identified
by the VSIID), whereas the DEASSOC requests the bridge to
disassociate the properties from a given VSIID.
FILTER-INFO
The information used by the switch to filter packets for a
given VNIC. Supported format for Filter Info includes the
MAC/VLAN ID combination. Thus, the FilterInfo for a VNIC is
its MAC address and VLAN ID, if any.
KEEPALIVE-INTERVAL
The interval (in seconds) for Keep Alive messages to be
transmitted for existing associations. The default is 11.6
secs.
RESP-TIMEOUT
The time (in seconds) to wait for a response from the
bridge before timing out a request.
For ECP, following information is displayed:
LINK
The name of the physical link for the ECP instance.
MAC-RETRIES
The maximum number of transmission retries without receiv‐
ing an acknowledgment from the peer.
TIMEOUT
The interval of time (in milliseconds) to wait for an
acknowledgment from the peer.
-x, --extended
Extended output is displayed for PTYPE values of current, capa‐
ble, adv and peeradv.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
Sets the values of one or more properties on the link specified.
The list of properties and their possible values depend on the link
type, the network device driver, and networking hardware. These
properties can be retrieved using show-linkprop.
-t, --temporary
Specifies that the changes are temporary. Temporary changes
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the specified
values.
Note that when the persistent value is set, the temporary value
changes to the same value.
dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
Resets one or more properties to their values on the link speci‐
fied. Properties are reset to the values they had at startup. If no
properties are specified, all properties are reset. See show-
linkprop for a description of properties.
-t, --temporary
Specifies that the resets are temporary. Values are reset to
default values. Temporary resets last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p prop, ..., --prop=prop, ...
A comma-separated list of properties to reset.
Note that when the persistent value is reset, the temporary value
changes to the same value.
dladm show-linkprop [-HPZ] [[-c] -o field[,...]] [-p prop[,...]]
[-z zone[,...]] [link]
Show the current or persistent values of one or more properties,
either for all datalinks or for the specified link. By default,
current values are shown. If no properties are specified, all
available link properties are displayed. For each property, the
following fields are displayed:
-o field[,...], --output=field
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. For each link,
the following fields can be displayed:
LINK
The name of the datalink.
PROPERTY
The name of the property.
PERM
The read/write permissions of the property. The value shown
is one of ro or rw.
VALUE
The current (or persistent) property value. If the value is
not set, it is shown as --. If it is unknown, the value is
shown as ?. Persistent values that are not set or have been
reset will be shown as -- and will use the system DEFAULT
value (if any).
EFFECTIVE
The property value chosen by the system. For some proper‐
ties the value chosen by the system may not be the same as
the value configured by the user. This is because the prop‐
erty value is constrained by the resource availability,
capabilities of the underlying physical datalink, or in
some cases the datalink partner.
DEFAULT
The default value of the property. If the property has no
default value, -- is shown.
POSSIBLE
A comma-separated list of the values the property can have.
If the values span a numeric range, min - max might be
shown as shorthand. If the possible values are unknown or
unbounded, -- is shown.
HWPOSSIBLE
Shows a value if there is hardware support. This explains
that the physical NIC is capable of the property. A value
of -- means there is no support.
SWPOSSIBLE
Shows a value if there is software support in the network‐
ing stack for the property. A value of -- means there is no
support.
For both HWPOSSIBLE and SWPOSSIBLE, any granularity
requirement (step value) for the value is shown after the
number range followed by a :. Currently, only max-bw prop‐
erty shows a value for the step value.
MODE
Shows the current mode used for the data link to implement
the property. Possible values or sw for software only, hw
for hardware only and none for no support is possible for
the link. Note that MODE can be none even though there is
hardware or software support.
HWFLAGS and SWFLAGS currently show the flag o for outbound, i
for inbound and oi for inbound and outbound. Currently, it
shows a value only for the SLA properties, max-bw, bw-share and
priority.
The list of properties depends on the link type and network
device driver, and the available values for a given property
further depends on the underlying network hardware and its
state. General link properties are documented in the "General
Link Properties" section. However, link properties that begin
with "_" (underbar) are specific to a given link or its under‐
lying network device and subject to change or removal. See the
appropriate network device driver man page for details.
-c, --parseable
Display using a stable machine-parseable format. The -o option
is required with this option. See "Parseable Output Format",
below.
-H
Show-linkprop -H shows information on the underlying physical
link capabilities and the networking stack software capabili‐
ties for supporting the property. Also, shows which mode is
currently used for the data link.
-P, --persistent
Display persistent link property information
-p prop, ..., --prop=prop, ...
A comma-separated list of properties to show. See the sections
on link properties following subcommand descriptions.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
Create a secure object named secobj in the specified class to be
later used as a WEP or WPA key in connecting to an encrypted net‐
work. The value of the secure object can either be provided inter‐
actively or read from a file. The sequence of interactive prompts
and the file format depends on the class of the secure object.
Currently, the class wpa is supported. The WEP (Wired Equivalent
Privacy) was deprecated because of security issues. The WPA (Wi-Fi
Protected Access) key must be provided as an ASCII string with a
length between 8 and 63 bytes.
This subcommand is only usable by users or roles that belong to the
"Network Link Security" RBAC profile.
-c class, --class=class
class can only be wpa. See preceding discussion.
-t, --temporary
Specifies that the creation is temporary. Temporary creation
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-f file, --file=file
Specifies a file that should be used to obtain the secure
object's value. The format of this file depends on the secure
object class. See the EXAMPLES section for an example of using
this option to set a WEP key.
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
Delete one or more specified secure objects. This subcommand is
only usable by users or roles that belong to the "Network Link
Security" RBAC profile.
-t, --temporary
Specifies that the deletions are temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
Show current or persistent secure object information. If one or
more secure objects are specified, then information for each is
displayed. Otherwise, all current or persistent secure objects are
displayed.
By default, current secure objects are displayed, which are all
secure objects that have either been persistently created and not
temporarily deleted, or temporarily created.
For security reasons, it is not possible to show the value of a
secure object.
-o field[,...] , --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below.
For displayed secure object, the following fields can be shown:
OBJECT
The name of the secure object.
CLASS
The class of the secure object.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P, --persistent
Display persistent secure object information
dladm create-vnic [-t] [-f] -l link [-R root-dir] [-m value | auto |
{factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
| {random [-r prefix]}] [-v vlan-id][,pvlan-svid[,pvlan-type]]
[-P pkey] [-p prop=value[,...]] vnic-link
Create a VNIC with name vnic-link over the specified link. The
vnic-link can be specified as zonename/linkname, which will create
the VNIC in the given zone's namespace.
-t, --temporary
Specifies that the VNIC is temporary. Temporary VNICs last
until the next reboot. The -i option must be specified if the
VNIC is to be created in a non-global zone's namespace.
-f, --force
If the VNIC is a IPoIB VNIC, force the creation of the VNIC
even if pkey is absent on the port, the multicast group is
absent, or the port is down.
-R root-dir, --root-dir=root-dir
See "Options," above.
-l link, --link=link
link can be a physical link, an etherstub, or an aggregation
link (aggr-link).
-m value | keyword, --mac-address=value | keyword
This option only applies to Ethernet VNICs.
Sets the VNIC's MAC address based on the specified value or
keyword. If value is not a keyword, it is interpreted as a uni‐
cast MAC address, which must be valid for the underlying NIC. A
user-specified MAC address must be drawn from the ranges speci‐
fied by the Globally Unique and Locally Administered types of
MAC addresses.
The following special keywords can be used:
factory [-n slot-identifier],
factory [--slot=slot-identifier]
Assign a factory MAC address to the VNIC. When a factory
MAC address is requested, -m can be combined with the -n
option to specify a MAC address slot to be used. If -n is
not specified, the system will choose the next available
factory MAC address. The -m option of the show-phys subcom‐
mand can be used to display the list of factory MAC
addresses, their slot identifiers, and their availability.
random [-r prefix],
random [--mac-prefix=prefix]
Assign a random MAC address to the VNIC. A default prefix
consisting of a valid IEEE OUI with the local bit set will
be used. That prefix can be overridden with the -r option.
vrrp -A {inet | inet6} -V vrid
Assign a VRRP virtual MAC address to the VNIC base on the
specified address family and vrid.
auto
Try to assign random mac-address first if possible, if NIC
supports it, else try to assign a factory mac-address. auto
is the default action if the -m option is not specified.
-v vlan-id[,pvlan-svid[,pvlan-type]]
This option only applies to Ethernet VNICs.
Enable VLAN tagging for this VNIC. The VLAN tag will have
id vlan-id, or a PVLAN tag pair if pvlan-svid is specified.
Note -
dladm create-vnic may fail while creating a vNIC over an
EoIB (Ethernet-over-InfiniBand) data link, if executed
right after the InfiniBand gateway switch's disallowhost‐
config or allowhostconfig command. The commands restart
the bridge manager on the gateway, triggering a series of
asynchronous events between the gateway and the host. It
takes some time to finalize those events and vNIC cre‐
ation requests prematurely generated by the host get
rejected.
To avoid this, wait for after the disallowhostconfig or
allowhostconfig command returns and before executing the
create-vnic command.
-P, --pkey=pkey
Partition key to be used. This option is mandatory for IPoIB
VNICs and not applicable for other type of links. pkey speci‐
fied is always treated as hexadecimal, whether it has the 0x
prefix or not.
-p prop=value,..., --prop prop=value,...
A comma-separated list of properties to set to the specified
values.
dladm create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] <vnic-link>
Note -
You must install Elastic Virtual Switch (EVS) IPS packages to use
this form of create-vnic, and then configure EVS controller as
described in the evsadm(8) manpage and Managing Network Virtual‐
ization and Network Resources in Oracle Solaris 11.4.
Creates a VNIC with name vnic-link, by connecting to a EVS evsname
at optionally provided Virtual Port (VPort) vportname. If the ten‐
antname is provided, then the EVS will be searched in tenant's
namespace. If VPort is specified, then the SLA properties (max-bw,
cos, and priority), IP address, and MAC address of the VPort will
be inherited by the VNIC. If Vport is not specified, then the EVS
controller will generate a system VPort which will have IP address,
MAC address, and default SLA properties of EVS, and then the VNIC
will be connected to this system VPort.
VNICs when connected to EVS have the following limitations (in
terms of how they can be managed through dladm):
o They cannot be renamed through dladm rename-link
o Their properties cannot be changed by using dladm set-
linkprop or dladm reset-linkprop
o They cannot be modified by using dladm modify-vnic
For more information on EVS, VPorts, and tenants, see evsadm(8)
manpage.
The VNIC created is temporary and will be lost upon next reboot.
See EXAMPLES section below for an example usage.
-t, --temporary
Specifies that the VNIC is temporary. This is a required
option.
-T <tenantname>, --tenant <tenantname>
Specifies the name of the tenant that owns the EVS. If it is
not provided, then the default tenant sys-global will be
assumed.
-c <evsname>[/<vportname>], --connect <evsname>[/vportname]
Specifies the name of the EVS to which the VNIC must be con‐
nected. If vportname is provided, the VNIC will be connected to
that vport. If a vportname is not provided, then a vport will
be automatically generated and assigned to the VNIC.
The act of connecting a VNIC to EVS results in either the VNIC
inheriting the properties from EVS or a provided vport.
dladm modify-vnic [-t] [-R root-dir] [-l link] [-m value | auto |
{factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
| {random [-r prefix]}] [-v vlan-id[,pvlan-svid[,pvlan-type]]]
{vnic-link,[vnic-link,...] | -L link}
Modifies the underlying link and/or the MAC address/VLAN-ID of the
specified VNIC link(s). The VNIC link(s) can be specified as a
comma-delimited list or as -L source-link to indicate "all VNICs
on source-link".
-t, --temporary
Specifies that the VNIC modification is temporary.
-R root-dir, --root-dir=root-dir
See "Options," above.
-l link, --link=link
Specifies the link to which to move the VNIC(s). link can be of
any link type supported by create-vnic. link must be different
from the link the VNIC(s) are currently using. If the VNIC(s)
are using a factory MAC address and -m is not specified, a new
MAC address will be allocated on the target link, using the -m
auto scheme, and assigned to the VNIC(s).
-m value | keyword, --mac-address=value | keyword
This option only applies to Ethernet VNICs.
See create-vnic, above, for supported options. If multiple
VNICs are specified, only the auto, random, and factory (with‐
out -n) address assignment schemes will be supported.
dladm delete-vnic [-t] [-R root-dir] vnic-link
Deletes the specified VNIC.
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-vnic [-P | {-z zone[,..]}] [[-p] -o field[,..]] [-l link]
[vnic-link]
dladm show-vnic [-Zmv] [-l link] [vnic-link]
Show VNIC configuration information for all VNICs, all VNICs on a
link, or only the specified vnic-link.
-o field[,...] , --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. By default
(without -o), show-vnic displays all fields.
LINK
The name of the VNIC.
OVER
The name of the physical link over which this VNIC is con‐
figured.
SPEED
The maximum speed of the VNIC, in megabits per second.
MACADDRESS
MAC address of the VNIC.
For IPoIB VNICs, by default (without -o), first five bytes
of the mac address are shown, and ".." is shown in the
sixth byte position. To show the full mac address use the
-o option.
MACADDRESSES
If the VNIC is associated with more than one MAC addresses
then this column will display all the MAC addresses of a
VNIC.
For IPoIB VNICs, by default (without -o), first five bytes
of the mac address are shown, and ".." is shown in the
sixth byte position. To show the full mac address use the
-o option.
MACADDRTYPE
MAC address type of the VNIC. dladm distinguishes among the
following MAC address types:
random
A random address assigned to the VNIC.
factory
A factory MAC address used by the VNIC.
MACADDRTYPES
If the VNIC is associated with more than one MAC addresses
then this column will display the MAC address type for each
of the MAC address.
VID
The VLAN ID associated with the VNIC.
SVID
The Secondary VLAN ID associated with the VNIC.
PVLAN-TYPE
The PVLAN type associated with the VNIC.
VIDS
If the VNIC is associated with more than one VLAN ID, then
this column will display all the VLAN IDs.
EVS
Name of the EVS to which the VNIC is connected to.
VPORT
Name of the vport to which the VNIC is connected to and
inherits the properties from.
TENANT
Name of the tenant that owns the EVS.
PKEY
IB partition key associated with the VNIC. Applicable only
to IPoIB datalinks.
IDS
Shows VIDS for Ethernet datalinks and PKEY for IPoIB
datalinks in the format "VID:<value>" and "PKEY:<value>"
respectively.
See the create-vnic section above for more information on EVS,
VPORT, and TENANT.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-P, --persistent
Display the persistent VNIC configuration.
-l link, --link=link
Display information for all VNICs on the named link.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
-V
Display SR-IOV information for a VNIC. The output shows:
LINK The name of the VNIC.
VF_ASSIGNED The name of the VF device instance currently
assigned to the VNIC.
-c
Display the EVS information for the given vnic. This is a
shortcut for the following fields: LINK, TENANT, EVS, VPORT,
OVER, MACADDRESS, VIDS.
See the create-vnic section above for more information.
-m
Display all MAC addresses, MAC address types and VLAN IDs asso‐
ciated with the VNIC.
-v
Display all VLAN information associated with the VNIC.
dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey
[-p prop=value[,...]] part-link
Create an IP-over-IB link with the name part-link over the speci‐
fied link. This subcommand is supported only on InfiniBand physical
links. The part-link can be specified as zonename/linkname, which
will create the partition link in the given zone's namespace.
-f, --force
Forces the creation of the partition link even if pkey is
absent on the port, the multicast group is absent, or the port
is down.
-l ib-link, --link=ib-link
IP-over-IB physical link name.
-P, --pkey=pkey
Partition key to be used for creating the partition link. pkey
specified is always treated as hexadecimal, whether it has the
0x prefix or not.
-p prop=value[,..]
--prop prop=value[,..]
A comma-separated list of properties to set to the specified
values. Supported properties are given "General Link Proper‐
ties" section below.
-R root-dir, --root-dir=root-dir
See "Options," above.
-t, --temporary
Specifies that the partition link creation is temporary. Tempo‐
rary partition links last until the next reboot. The -t option
must be specified if the partition link is to be created in a
non-global zone's namespace.
dladm delete-part [-R root-dir] part-link
Delete the specified partition link.
-R root-dir, --root-dir=root-dir
See "Options," above.
-t, --temporary
Specifies that the partition link deletion is temporary. Tempo‐
rary deletion last until the next reboot.
dladm show-part [-pP] [-l ib-link] [-o field[,...]] [part-link]
Displays IB partition link information for all partition links, for
all partitions on ib-link, or for only the specified part-link.
-l ib-link, --link=ib-link
Display information for all the partitions on the named link.
-o field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. By default
(without -o), show-part displays all fields.
LINK
The name of the partition link.
PKEY
Pkey associated with the partition link.
OVER
The name of the physical link over which this partition
link is created.
STATE
Current state of the partition link. Possible values are
up, down, or unknown. If the link is down, use the show-ib
subcommand to check the underlying port status and config‐
ured pkeys, and the show-linkprop subcommand to check the
broadcast-group property.
FLAGS
A set of state flags used for creating the partition link.
Possible values are:
f Partition was created forcibly (without checking
whether creating a partition were possible).
t Partition link is temporary, lasting only until the
next reboot.
-P, --persistent
Display the persistent IB partition link configuration.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
dladm show-ib [-pP] [-o field[,...]] [ib-link]
Display IB physical link information on all or the specified IB
links.
-o field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. By default
(without -o), show-ib displays all fields except HCA, GWID and
GWFLAGS.
LINK
The name of the physical link.
HCA
InfiniBand Host Channel Adapter (HCA) name as managed by
the ibadm(8) utility.
HCAGUID
Globally unique identifier of the HCA.
PORTGUID
Globally unique identifier of the port. If the PORTGUID is
not set, it is shown as unknown. For IB SR-IOV virtual
adapters, the PORTGUID is set when the link is up.
PORT
Port number.
STATE
Current state of the physical link. Possible values are up,
down, or unknown.
GWNAME
The configured system name of the IB-Ethernet gateway
switch that is discovered from this IB physical link.
GWPORT
The name of the connector associated with the gateway Eth‐
ernet port.
GWID
The identifier for the gateway instance associated with the
displayed gateway Ethernet port. The value is expected to
be unique even if multiple gateway switches share the same
InfiniBand fabric. The value of the gateway instance iden‐
tifier ranges from 0 to 1023.
GWFLAGS
A set of flags associated with the discovered gateway. Pos‐
sible flags are:
a The gateway has indicated its availability for logins
from this IB port in its advertisement.
H The gateway allows host-administered VNICs from this
IB port.
n The gateway has at least one macaddress assigned for
the EoIB datalink from this IB port.
PKEYS
Pkeys available on the port associated with the IP-over-IB
link specified in the LINK field.
-P, --persistent
Display the persistent IB physical link configuration.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
dladm create-eoib [-t] [-R root-dir] -l ib-link -g gw-system-name
-c gw-eth-port eoib-link
Create an EoIB link with the name eoib-link over the specified
link. This subcommand is supported only on InfiniBand physical
links.
-t, --temporary
Specifies that the EoIB link creation is temporary. Temporary
links will last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options" above.
-l ib-link,--link=ib-link
InfiniBand physical link name.
-g gw-system-name
Specifies the system name of the IB-Ethernet gateway switch.
-c gw-eth-port
Specifies the name of the connector associated with the gateway
switch's Ethernet port.
dladm delete-eoib [-t] [-R root-dir] eoib-link
Delete the specified EoIB link.
-t, --temporary
Specifies that the EoIB link creation is temporary. Temporary
links will last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options" above.
dladm show-eoib [-PZ] [-g gw-system-name] [-l ib-link] [[-p]
-o field[,...]] [-z zone [,...]] [eoib-link]
Displays information about all the EoIB datalinks on the system,
EoIB datalinks over a specific ib-link and/or a gw-system-name, or
information about a specific EoIB datalink.
-P, --persistent
Display the persistent EoIB link configuration.
-Z
Display ZONE column in the output.
-g gw-system-name
Display information about EoIB datalinks bound to Ethernet
ports on the specified gateway.
-l ib-link
Display information about EoIB datalinks built over the speci‐
fied IB link.
-o field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all to display all fields. By default
(without -o option) show-eoib displays all fields.
LINK
The name of the EoIB datalink.
GWNAME
The configured system name of the IB-Ethernet gateway
switch. For persistent links, if the gateway system name is
unknown (because the link is being migrated from the old
administration model) and if the gateway corresponding to
the GWID of the link is not discovered yet, the value is
shown as ?.
GWPORT
The name of the connector associated with the gateway Eth‐
ernet port. For persistent links, if the gateway system
name is unknown (because the link is being migrated from
the old model of administration) and if the gateway corre‐
sponding to the GWID of the link is not discovered yet, the
value is shown as ?.
GWID
The identifier for the gateway instance associated with the
displayed gateway Ethernet port. The value is expected to
be unique even if multiple gateway switches share the same
InfiniBand fabric. The value of the gateway instance iden‐
tifier ranges from 0 to 1023. If the gateway has not been
discovered yet, the value is shown as --.
SPEED
The maximum speed of the link, in megabits per second.
MACADDRESS
MAC address assigned for the EoIB link on the gateway. If
the underlying connection to the gateway has not been
established yet, the macaddress is shown as all zeros.
OVER
The name of the IB physical link over which this EoIB
datalink is created.
FLAGS
A set of flags associated with the EoIB link. In addition
to the flags listed earlier under show-ib description, two
additional flag values are possible:
D The Ethernet port associated with the link is cur‐
rently DOWN.
U The Ethernet port associated with the link is cur‐
rently UP.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format" below.
dladm create-etherstub [-t] [-R root-dir] etherstub
Create an etherstub with the specified name.
-t, --temporary
Specifies that the etherstub is temporary. Temporary etherstubs
do not persist across reboots.
-R root-dir, --root-dir=root-dir
See "Options," above.
VNICs can be created on top of etherstubs instead of physical NICs.
As with physical NICs, such a creation causes the stack to implic‐
itly create a virtual switch between the VNICs created on top of
the same etherstub.
dladm delete-etherstub [-t] [-R root-dir] etherstub
Delete the specified etherstub.
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]
Show all configured etherstubs by default, or the specified ether‐
stub if etherstub is specified.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm create-iptun [-t] [-R root-dir] -T type
[-a {local|remote}=addr,...] iptun-link
Create an IP tunnel link named iptun-link. Such links can addition‐
ally be protected with IPsec using ipsecconf(8).
An IP tunnel is conceptually comprised of two parts: a virtual link
between two or more IP nodes, and an IP interface above this link
that allows the system to transmit and receive IP packets encapsu‐
lated by the underlying link. This subcommand creates a virtual
link. The ipadm(8) command is used to configure IP interfaces above
the link.
-t, --temporary
Specifies that the IP tunnel link is temporary. Temporary tun‐
nels last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-T type, --tunnel-type=type
Specifies the type of tunnel to be created. The type must be
one of the following:
ipv4
A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
This type of tunnel requires IPv4 source and destination
addresses to function. IPv4 and IPv6 interfaces can be
plumbed above such a tunnel to create IPv4-over-IPv4 and
IPv6-over-IPv4 tunneling configurations.
ipv6
A point-to-point, IP-over-IP tunnel between two IPv6 nodes
as defined in IETF RFC 2473. This type of tunnel requires
IPv6 source and destination addresses to function. IPv4 and
IPv6 interfaces can be plumbed above such a tunnel to cre‐
ate IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configura‐
tions.
6to4
A 6to4, point-to-multipoint tunnel as defined in IETF RFC
3056. This type of tunnel requires an IPv4 source address
to function. An IPv6 interface is plumbed on such a tunnel
link to configure a 6to4 router.
-a {local|remote}=addr,...
--address {local|remote}=addr,...
Literal IP addresses or hostnames corresponding to the local or
remote tunnel addresses. Either local or remote can be speci‐
fied individually, or both can be specified separated by a
comma (for example, -a local=laddr,remote=raddr).
dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,...
iptun-link
Modify the parameters of the specified IP tunnel.
-t, --temporary
Specifies that the modification is temporary. Temporary modifi‐
cations last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-a {local|remote}=addr,...
--address {local|remote}=addr,...
Specify new local or remote addresses for the tunnel link. See
create-iptun for a description.
dladm delete-iptun [-t] [-R root-dir] iptun-link
Delete the specified IP tunnel link.
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [iptun-link]
Show IP tunnel link configuration for a single IP tunnel or all IP
tunnels.
-P, --persistent
Display the persistent IP tunnel configuration.
-p, --parseable
Display using a stable machine-parseable format. The -o option
is required with -p. See "Parseable Output Format", below.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. By default
(without -o), show-iptun displays all fields.
LINK
The name of the IP tunnel link.
TYPE
Type of tunnel as specified by the -T option of create-
iptun.
FLAGS
A set of flags associated with the IP tunnel link. Possible
flags are:
s
The IP tunnel link is protected by IPsec policy. To
display the IPsec policy associated with the tunnel
link, enter:
# ipsecconf -ln -i tunnel-link
See ipsecconf(8) for more details on how to configure
IPsec policy.
i
The IP tunnel link was implicitly created with
ipadm(8), and will be automatically deleted when it is
no longer referenced (that is, when the last IP inter‐
face over the tunnel is removed). See ipadm(8) for
details on implicit tunnel creation.
LOCAL
The local tunnel address.
REMOTE
The remote tunnel address.
-Z
Display ZONE column in the output.
-z zone[,...]
See description of -z option under dladm show-link, above.
dladm create-vxlan [-t] [-R root-dir]
-p vni=<vxlan-id>,addr=<ip_address>[,prop=value[,...]] vxlan-link
dladm create-vxlan [-t] [-R root-dir]
-p vni=<vxlan-id>,interface=<interface_name>[,prop=value[,...]]
vxlan-link
Creates a VXLAN link called vxlan-link. A VXLAN link is a virtual
link that is created over an IP interface, which will be used for
receiving and transmitting VXLAN packets.
-t, --temporary
Specifies that the modification is temporary. Temporary modifi‐
cations last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p prop=value[,...]
The properties of the VXLAN link to be created. See "General
Link Properties" for VXLAN related properties.
dladm delete-vxlan [-t] [-R root-dir] vxlan-link
Deletes the specified VXLAN link.
-t, --temporary
Specifies that the modification is temporary. Temporary modifi‐
cations last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-vxlan [-P] [[-p] -o field[,...]] [vxlan-link]
Displays VXLAN configuration for all VXLAN links or for the speci‐
fied VXLAN link.
The show-vxlan subcommand accepts the following options:
-P, --persistent
Displays the persistent IP tunnel configuration.
-p, --parseable
Displays using a stable machine-parseable format. The -o option
is required with -p option. See "Parseable Output Format",
below.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. For each VXLAN
link, the following fields can be displayed:
LINK The name of the VXLAN link.
ADDR The address of the IP interface associated with the
VXLAN link.
VNI The VXLAN segment number that the VXLAN link belongs
to.
MGROUP The multicast group associated with the VXLAN link.
dladm create-cap [-t] [-R root-dir] cap-link
Creates a capture datalink with name cap-link. The cap-link must be
unique in given zone namespace, where dladm command is running.
-t, --temporary
Specifies that the capture datalink is temporary. Temporary
capture last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options" above.
dladm delete-cap [-t] [-R root-dir] cap-link
Deletes the specified capture datalink.
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options" above.
dladm show-cap [-P] [[-p] -o <field>,...] [cap-link]
Shows all/individual cap-link capture interface(s) bound to the
zone, where dladm command is running.
-P, --persistent
Show persistent datalink configuration.
-p, --parseable
Displays using a stable machine-parseable format. The -o option
is required with -p option. See "Parseable Output Format"
below.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields to
display. The field name must be one of the fields listed below,
or the special value all, to display all fields. For each cap‐
ture link, the following fields can be displayed:
LINK The name of the capture link.
ZONE The current zone of the datalink.
TYPE Datalink type, currently pflog link type is the only
type supported.
MTU Link mtu.
dladm create-veth [-t] [-p {<prop>=<val>[,...]}[,...]]
-r peer_veth_endpoint veth_endpoint
Creates the veth pair using explicitly provided end points.
-t, --temporary
Specifies that the veth datalink is temporary. Temporary veths
last until the next reboot.
-p {<prop>=<val>[,...]}[,...]
A comma-separated list of properties to set to the specified
values.
-r peer_veth_endpoint
Specifies the name of the peer veth endpoint for the given
local veth endpoint.
dladm show-veth [-P] [veth_endpoint | peer_veth_endpoint]
Show veth configuration for a single veth or all veth datalinks.
-P, --persistent
Display the persistent veth configuration.
dladm delete-veth [-t] {veth_endpoint | peer_veth_endpoint}
Deletes the specified veth datalink.
-t, --temporary
Specifies that the deletion is temporary. Temporary deletions
last until the next reboot.
help [subcommand-name]
Displays all the supported dladm subcommands or usage for a given
subcommand. If you invoke help for a specific subcommand, the com‐
mand syntax is displayed, along with an example. Using dladm help
without any argument displays all of the subcommands.
Parseable Output Format
Many dladm subcommands have an option that displays output in a
machine-parseable format. The output format is one or more lines of
colon (:) delimited fields. The fields displayed are specific to the
subcommand used and are listed under the entry for the -o option for a
given subcommand. Output includes only those fields requested by means
of the -o option, in the order requested.
When you request multiple fields, any literal colon characters are
escaped by a backslash (\) before being output. Similarly, literal
backslash characters will also be escaped (\\). This escape format is
parseable by using shell read(1) functions with the environment vari‐
able IFS=: (see EXAMPLES, below). Note that escaping is not done when
you request only a single field.
General Link Properties
The following general link properties are supported:
authentication
Datalink authentication. Setting authentication to "off" will dis‐
able 802.1X authentication on the wired datalink, and WiFi authen‐
tication on wireless datalink. Setting it to a network name will
enable 802.1X or WiFi authentication on the datalink. Note that the
network name and its authentication parameters needs to be config‐
ured by nacadm(8) first. If the underneath NIC is being DRed, the
"authentication" property needs to be set to "off" first. Having it
enabled will cause the NIC DR to fail.
authentication-state
Datalink authentication state. This property is read-only property
used to show the state of authentication on a datalink. Possible
values include succeeded, failed, in-progress, and off.
autopush
Specifies the set of STREAMS modules to push on the stream associ‐
ated with a link when its DLPI device is opened. It is a space-
delimited list of modules.
The optional special character sequence [anchor] indicates that a
STREAMS anchor should be placed on the stream at the module previ‐
ously specified in the list. It is an error to specify more than
one anchor or to have an anchor first in the list.
The autopush property is preferred over the more general auto‐
push(8) command.
cos
The 802.1p priority associated with the link. This property, when
set, indicates the 802.1p priority on outbound packets on the link.
The values range from 0 to 7. When this property is set, all the
packets outbound on the link will have a VLAN tag with the priority
field set to the property value. When this property is set on a
physical NIC, only traffic for the primary client on that physical
NIC will have priority set and not any other datalinks on the NIC.
This property is only valid on Ethernet data link. The default cos
is 0 for VLAN data links or when the underlying device registers
DCB capabilities, otherwise the default is not to add a VLAN tag.
cpus
Bind the processing of packets for a given data link to a processor
or a set of processors. The value can be a comma-separated list of
one or more processor ids or a range of ids. If the list consists
of more than one processor, the processing will spread out to all
the processors. Connection to processor affinity and packet order‐
ing for any individual connection will be maintained.
The processor or set of processors are not exclusively reserved for
the link. Only the kernel threads and interrupts associated with
processing of the link are bound to the processor or the set of
processors specified. In case it is desired that processors be ded‐
icated to the link, psrset(8) can be used to create a processor set
and then specifying the processors from the processor set to bind
the link to.
If the link was already bound to processor or set of processors due
to a previous operation, the binding will be removed and the new
set of processors will be used instead.
The default is no CPU binding, which is to say that the processing
of packets is not bound to any specific processor or processor set.
Specification of the cpus property is not allowed on links with a
pool link property.
cpus-effective
The effective value of cpus property displays the list of CPUs used
for packet processing on the named data link. If the cpus property
has been set, the effective value will be the same as the set
value. If the pool property has been set, effective value will be
selected from the pool designated by the administrator. If neither
the pool nor cpus property is set, the system will select the
effective value for cpus property.
ets-bw-local
This indicates the ETS bandwidth configured on the TX side for a
link. This property can be configured on a data link only if the
underlying physical NIC registers DCB capability and supports ETS.
The value is a percentage of the physical NIC's bandwidth and the
sum of values of this property over all links on a physical NIC
cannot exceed 100. Aggregation of physical NIC that register DCB
capabilities is not supported currently, hence this property cannot
be set on aggregations. The effective value for this property could
be the ets-bw-local or ets-bw-local-advice depending on LLDP nego‐
tiations.
ets-bw-local-advice
This indicates the ETS bandwidth (as a percentage) recommended by
the remote end for this link. The value is obtained by means of
LLDP.
ets-bw-remote
This indicates the ETS bandwidth (in percentage) that is effective
on the remote end for this link. The value is obtained by means of
LLDP.
ets-bw-remote-advice
This indicates the ETS bandwidth (as a percentage) recommended to
the remote end for this link. This value is used by LLDP.
ip-interface
Applicable only for VXLAN links. This property specifies the under‐
lying IP interface for a VXLAN link. The VXLAN will be created
using an IP address that is available on the specified interface.
By default a IPv4 address will be selected for the VXLAN link which
can be changed using the ip-version property. This property can be
set only when creating a VXLAN link and cannot be modified there‐
after. This property may change in the future.
ip-version
Applicable only to VXLAN datalinks. This property indicates whether
an IPv4 or IPv6 address should be selected on an IP interface,
specified using interface property, for a VXLAN link. This property
can be set only when creating a VXLAN link and cannot be modified
thereafter. This property may change in the future.
local-ip
Applicable only for VXLAN links. This property specifies the IP
address, IPv4 or IPv6, that hosts a VXLAN link. A prefixlen may be
specified as part of the IPv4 or IPv6 address. A hostname may be
provided instead of an IP address. If a hostname is provided, its
numeric value is obtained from the entry in /etc/hosts or the
resolver specified for hosts or ipnodes in nsswitch.conf(5). As IP
addresses are created before naming services have been brought
online during boot process, it is important that any hostname used
be included in /etc/hosts. This property can be set only when cre‐
ating a VXLAN link and cannot be modified thereafter. This property
may change in the future.
rx-fanout
Allows you to specify the number of receive-side fanout threads.
Traffic received on a receive ring can be fanned out across multi‐
ple threads and processed in parallel. This is particularly useful
when the system has large number of CPUs. This property is a count
for the number of receive-side fanout threads for a particular
datalink. Note that this property lets an administrator specify the
desired rx-fanout. However, based on the number of available CPUs
and hardware RX rings, the system might choose a different (smaller
or even higher) value for fanout.
The number of CPUs is the upper bound on the receive side fanout
while the number of rx-rings is the lower bound. Thus, the actual
receive side fanout count can have a value different from the one
set by the user.
Receive side fanout could be disabled if zero is explicitly speci‐
fied by an administrator, that is, no fanout thread will be
involved in receive side packet processing. This might give better
latency in cases where the number of connections is less than the
number of hardware RX rings.
learn-limit
Limits the number of new or changed MAC sources to be learned over
a bridge link. When the number exceeds this value, learning on that
link is temporarily disabled. Only non-VLAN, non-VNIC type links
have this property.
The default value is 1000. Valid values are greater or equal to 0.
learn-decay
Specifies the decay rate for source changes limited by learn-limit.
This number is subtracted from the counter for a bridge link every
5 seconds. Only non-VLAN, non-VNIC type links have this property.
The default value is 200. Valid values are greater or equal to 0.
lro
Specifies the user's disposition of turning LRO on or off or using
system default LRO value on a data link.
Valid values are off, on, or auto. The default value is auto. The
value auto is set to off for physical NICs while it inherits the
lower link's lro disposition for virtual NICs.
Note -
The system might not turn LRO on if it determines it is unsafe to
do so. For instance, if IP is forwarding traffic using a data
link, then the system would deem it unsafe to turn on LRO for
that data link. So the effective value will be different from the
configured value in such cases.
tph
Applicable only for physical datalinks. TPH (Transaction processing
hints) is a performance feature in PCIe 3.0 specification and later
that allows I/O devices to populate data in the system cache hier‐
archy. TPH is proved very useful for high packet rates workload.
For workloads which are not latency sensitive, there is no differ‐
ence for applications that consume the data from L3 cache or DDR
memory.
auto Allows the OS to decide whether to enable tph mode on this
link. This is the default value.
on Turns the tph mode on. This will allow the physical link
leverage tph feature to improve the performance for certain
workload.
off Turns the tph mode off. This will disable the tph mode on
the physical link.
The user can display the current tph setting by using the show-
linkprop command. The EFFECTIVE column will show the value decided
by the OS. The VALUE column will show the user specified value. The
POSSIBLE column will show whether the feature is supported by the
datalink on the current platform.
mac-address
Sets the primary MAC address for the data link. When set, changes
the primary MAC address used by all current and future MAC clients
of the underlying data link.
max-bw
Sets the full duplex bandwidth for the link. The bandwidth is spec‐
ified as an integer with one of the scale suffixes (K, M, or G for
Kbps, Mbps, and Gbps). If no units are specified, the input value
will be read as Mbps. The default is no bandwidth limit.
bw-share
Bandwidth share for a VNIC is the minimum share of the bandwidth
the VNIC will get when there is competition from other VNICs on the
same data link. Note that the bandwidth is allocated among all the
active VNICs. The amount of allocation is proportional to their
share. For example,
# dladm set-linkprop -p bw-share=40 vnic1
# dladm set-linkprop -p bw-share=10 vnic2
Assuming a 1Gbps link and assuming these two are the only VNICs,
vnic1 can have up to 800 Mbps (1Gbps * 40/(40+10)) and vnic2 can
have up to 200 Mbps (1Gbps * 10/(40+10)).
The above example assumes both the VNICs have traffic to consume
their share of the bandwidth. However, if vnic1 consumes only 100
Mbps, then vnic2 can go up to 900 Mbps. The goal with bandwidth
shares is no wasted bandwidth when there is a VNIC that can use it
while assuring the allocated share when there is competition from
other VNICs.
This property is currently supported only on certain NICs. dladm
show-linkprop -H -p bw-share command can be used to determine if
bw-share property is supported on a given link. The value can range
from 1 to 100. The value is a relative share value and does not
indicate a percentage of the bandwidth. The effective value is
printed as a percentage of the physical link bandwidth. This is the
minimum % of the bandwidth assured to the VNIC when there is compe‐
tition. The effective value can keep changing depending on the
other VNICs or hardware network flows on the link.
For more details about hardware network flows, see the flowadm(8)
man page.
For example, datalink has exclusive ring-group vnic1, hardware
flows tcpflow1 and udpflow1.
# dladm show-linkprop -pbw-share vnic1
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
vnic1 bw-share rw 10 33.33% -- 1-100
# flowadm show-flowprop -pbw-share
FLOW PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
tcpflow1 bw-share rw 10 33.33% -- 1-100
udpflow1 bw-share rw 10 33.33% -- 1-100
multicast-group
Applicable only to VXLAN datalinks. This property that indicates
the multicast group a VXLAN link subscribes to. The VXLAN link will
use this address to discover other VXLAN links on the same VXLAN
segment. If this property is not set, the default all-host address
will be used by the VXLAN link. This property can be set only when
creating a VXLAN link and cannot be modified thereafter. This prop‐
erty may change in the future.
pool
Bind the processing of packets for a given data link to a pool of
processors defined and administered by poolcfg(8) and pooladm(8).
The binding of processes is similar to what occurs with the cpus
link property, except that the list of CPUs is not explicit and is
instead maintained by the pools facility.
If pools are enabled, and no pool is specified for the link,
pool_default will be used for packet processing.
For zones with ip-type=exclusive, if a pool is specified through a
pool zone property or dedicated-cpus allocation, that pool will
also be used for all data links associated with the zone.
Specification of the pool property is not allowed on links with a
cpus link property.
If the pools facility has been enabled, and if the administrator
has not assigned a pool to a data link, then the effective value of
pool will be pool_default. If the pools facility is disabled, there
is no pool and the effective value will be empty.
priority
Sets the relative priority for the link. The value can be given as
one of the tokens high, medium, or low. The default is medium. This
priority is not reflected in any protocol priority fields on the
wire, but used for packet processing scheduling within the system.
A high priority link offers a better latency depending on the
availability of system resources. Setting this property can cause
CPU utilization to go up for some workloads.
rx-rings-available
A read-only property that specifies the number of rings available
on the receive side.
rx-rings
Specifies the number of receive rings side for the MAC client. A
value of sw means this MAC client should not be assigned any RX
ring and will be software-based. A value of hw means this MAC
client can get one RX ring, if available, or will be software-
based. A non-zero value means reserve that many rings for this MAC
client, if available, and fail if not. If this property is not
specified, the MAC client can get one RX ring, if available, or
will be software-based.
rx-hw-client-available
A read-only property that specifies the number of additional RX
hardware-based MAC clients that can be created.
tx-rings-available
A read-only property that specifies the number of rings available
on the transmit side.
tx-rings
Specifies the number of transmit rings for the MAC client. A value
of sw means this MAC client should not be assigned any TX ring. A
value of hw means this MAC client can get one TX ring, if avail‐
able, or will be software-based. A non-zero value means reserve
that many rings for this MAC client, if available, and fail if not.
If this property is not specified, the MAC client can get one TX
ring, if available, or will be software-based.
tx-hw-client-available
A read-only property that specifics the number of additional TX
hardware-based MAC clients that can be created.
stp
Enables or disables Spanning Tree Protocol on a bridge link. Set‐
ting this value to 0 disables Spanning Tree, and puts the link into
forwarding mode with BPDU guarding enabled. This mode is appropri‐
ate for point-to-point links connected only to end nodes. Only non-
VLAN, non-VNIC type links have this property. The default value is
1, to enable STP.
forward
Enables or disables forwarding for a VLAN. Setting this value to 0
disables bridge forwarding for a VLAN link. Disabling bridge for‐
warding removes that VLAN from the "allowed set" for the bridge.
The default value is 1, to enable bridge forwarding for configured
VLANs.
default-tag
Sets the default VLAN ID that is assumed for untagged packets sent
to and received from this link. Only non-VLAN, non-VNIC type links
have this property. Setting this value to 0 disables the bridge
forwarding of untagged packets to and from the port. The default
value is VLAN ID 1. Valid values are from 0 to 4094. The default
VLAN ID is also referred to as the Port VLAN Identifier (PVID).
You cannot create a tagged VLAN or VLAN-tagged VNIC link with a
VLAN ID that matches the default VLAN value of the underlying link.
All untagged packets on the link are already associated with the
default VLAN (PVID). To successfully create a tagged VLAN or VLAN-
tagged VNIC link with VLAN ID equal to the default VLAN value, you
must first change the default-tag property of the underlying link
to a different VLAN value.
When default-tag=0, all untagged packets on the link are no longer
associated with any VLAN. As a result, you can create a VLAN link
with any VLAN ID from 1 to 4094. Note that any received packets
that are erroneously tagged with the PVID at an end-point might be
dropped. This situation occurs if all the end-points on a given
link do not agree on the PVID. All end-points on a link must use
the same PVID and must not tag traffic with the PVID.
stp-priority
Sets the STP and RSTP Port Priority value, which is used to deter‐
mine the preferred root port on a bridge. Lower numerical values
are higher priority. The default value is 128. Valid values range
from 0 to 255.
stp-cost
Sets the STP and RSTP cost for using the link. The default value is
auto, which sets the cost based on link speed, using 100 for
10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values
range from 1 to 65535.
stp-edge
Enables or disables bridge edge port detection. If set to 0
(false), the system assumes that the port is connected to other
bridges even if no bridge PDUs of any type are seen. The default
value is 1, which detects edge ports automatically.
stp-p2p
Sets bridge point-to-point operation mode. Possible values are
true, false, and auto. When set to auto, point-to-point connections
are automatically discovered. When set to true, the port mode is
forced to use point-to-point. When set to false, the port mode is
forced to use normal multipoint mode. The default value is auto.
stp-mcheck
Triggers the system to run the RSTP Force BPDU Migration Check pro‐
cedure on this link. The procedure is triggered by setting the
property value to 1. The property is automatically reset back to 0.
This value cannot be set unless the following are true:
o The link is bridged
o The bridge is protected by Spanning Tree
o The bridge force-protocol value is at least 2 (RSTP)
The default value is 0.
protection
Enables one or more types of link protection. Valid values are:
mac-nospoof
MAC address anti-spoof. An outbound packet's source MAC address
must match the link's configured MAC address. Non-matching
packets will be dropped. If the link belongs to a zone, turning
mac-nospoof on will prevent the zone's owner from modifying the
link's MAC address.
ip-nospoof
IP address anti-spoof. This protection type works in conjunc‐
tion with the link property allowed-ips.
allowed-ips is a list containing IP (IPv4 or IPv6) addresses.
This list is empty by default. Addresses that are implicitly in
this list are: the link local IPv6 address conforming to RFC
2464 (derived from the link's MAC address); IPv4/IPv6 addresses
learned from DHCP replies; the unspecified (all-zeros)
IPv4/IPv6 address.
An outbound IP packet can pass if its source address is in
allowed-ips.
An outbound ARP packet can pass if its sender protocol address
is in allowed-ips.
When a datalink has been protected by setting allowed-ips to a
set of one or more IP addresses, any attempts to configure IP
addresses that are not in this set will fail with an EPERM
error being returned to the user. Moreover, the interface may
not be used for forwarding IP packets, and attempts to set the
ipadm(8) forwarding property on the interface will encounter an
EPERM error.
dhcp-nospoof
DHCP client ID (DUID for DHCPv6) and hardware address anti-
spoof. This protection type works in conjunction with the link
property allowed-dhcp-cids.
Items in the allowed-dhcp-cids list should be formatted in the
same way as the "client-id" property in ipadm utility. The only
difference is that . (period) should be used in place of ,
(comma) when specifying DUIDs. For more information, see the
ipadm(8) man page.
An outbound DHCP (v4/v6) packet can pass only if these condi‐
tions are satisfied:
o If allowed-dhcp-cids is not configured and the
packet type is:
o DHCPv4, the client ID field must match the con‐
figured MAC address.
o DHCPv6, the DUID must be of type 1 or 3 and the
link layer address part of the DUID must match
the configured MAC address.
o If allowed-dhcp-cids is configured and the packet
type is:
o DHCPv4, the client ID field must match one of
the IDs on this list or the configured MAC
address.
o DHCPv6, the DUID field must match one of the IDs
on this list or, the DUID must be of type 1 or 3
and the link layer address part of the DUID
matches the configured MAC address.
restricted
This protection restricts outgoing packet types to just IPv4,
IPv6, and ARP.
vni
Applicable only to VXLAN datalinks. This property, with values
ranging between 0 and 16777215, that specifies the VXLAN segment
the link belongs to. This property is mandatory when creating a
VXLAN link and cannot be modified thereafter. This property may
change in the future.
vsi-manager-id
An IPv6 address.
When the VDP service is enabled on a VNIC, properties of the VNIC
are exchanged with the bridge using a 3-byte VSI Type ID and 1-byte
VSI Version. A VSI Manager maintains the mapping between the {VSI
Type ID-VSI Version} and the set of properties. The {VSI Manager
ID, VSI Type id, VSI Version} tuple identifies a specific set of
properties.
On a VNIC, the vsi-manager-id can be explicitly assigned. If the
vsi-manager-id is not explicitly assigned, the vsi-manager-id is
set to the vsi-manager-id value of the underlying link.
On physical link, vsi-manager-id specifies the default vsi-manager-
id for all the VNICs over it. The default value of the vsi-manager-
id on a physical link is 0.
The default VSI Manager ID on a physical link is associated with
the Oracle VSI Manager (oracle_v1). The Oracle VSI Manager is
defined as a 3-byte encoding using the following link properties:
Bits Properties
--------------------------------------------------
0-4 Link Bandwidth Limit
00000-10100 : 0-100% of link speed
in increments of 5%
rest : reserved
5-7 Link Speed
000 - Unknown
001 - 10 Mbps
010 - 100 Mbps
011 - 1 Gbps
100 - 10 Gbps
101 - 40 Gbps
110 - 100 Gbps
111 - Reserved
8-12 Reserved
13-15 Traffic Class (0-7)
16-17 Link MTU
00 - 1500 bytes
01 - 9000 bytes
10 - Custom
11 - Reserved
18-23 Reserved
vsi-manager-id-encoding
The encoding associated with the physical link's vsi-manager-id.
Supported values include oracle_v1 and none. If this property is
set to none, the vsi-type-id and vsi-version are not automatically
generated over this link for VNICs that do not have their vsi-man‐
ager-id explicitly set.
vsi-type-id
A 3-byte value that is used to determine the properties associated
with a VNIC. The vsi-type-id is used along with the vsi-version and
vsi-manager-id to obtain the actual properties associated with the
VNIC. When the vsi-manager-id is not explicitly on the VNIC, the
vsi-type-id is automatically generated using the properties of the
VNIC and the above encoding (oracle_v1).
vsi-version
A 1-byte value that is used to determine the properties associated
with a VNIC. The vsi-version is used along with the vsi-type-id and
vsi-manager-id to obtain the actual properties associated with the
VNIC. When the vsi-manager-id is not explicitly on the VNIC, the
vsi-version is set to 0.
vsi-version-effective
A read-only property. The effective VSI Version on a link.
virtual-switching
This property determines if switching between VNICs or MAC clients
over a physical link happens through the virtual switch associated
with the link or on the external switch. This property is applica‐
ble only to physical and aggregated links. By default switching
happens through the virtual switch associated with the link. Valid
values include:
local Switching between MAC clients or VNICs over the link hap‐
pens internally through the link's virtual switch. This
is referred to as Virtual Ethernet Bridge (VEB).
remote Switching between MAC clients or VNICs over the link hap‐
pens externally through the external switch. This is
referred to as Virtual Ethernet Port Aggregator (VEPA).
Setting this value assumes that Reflective Relay is con‐
figured on the external switch.
auto Switching is determined through Link Layer Discovery Pro‐
tocol (LLDP) protocol. This value initiates LLDP exchange
with the external switch to enable Reflective Relay. If
LLDP successfully enables Reflective Relay on the switch,
the effective value is remote (that is, switching happens
on the external switch), else it is local (that is,
switching happens locally through the link's virtual
switch).
iov
This property behaves differently depending on whether it is used
on a physical link or a VNIC.
Setting this link property on a physical link allows the user to
enable/disable SR-IOV mode. The possible values for iov on a physi‐
cal link are:
auto Allows the OS decide whether to enable SR-IOV mode on this
link. This is the default value.
on Turns SR-IOV mode on. This will allow the creation of VF
VNICS.
off Turns SR-IOV mode off. This will disable the ability to
create VF VNICs.
The user can display the current iov setting by using show-
linkprop. The EFFECTIVE column will show the value decided by the
OS. The VALUE column will show the user specified value.
This property may also be specified during VNIC creation via the -p
option. This option allows the user to choose whether to create a
VF VNIC or not. For this case, the possible values for iov are:
inherit
Inherit the EFFECTIVE iov setting from the VNIC's underlying
link. For example, if the underlying link has -iov on, specify‐
ing inherit during VNIC creation means, allowing the OS allo‐
cate a VF if possible; If a VF is not found, create a regular
VNIC instead. If the underlying link has iov off, it means a VF
will not be allocated.
If -p iov is not specified during create-vnic, this is the
assumed default value.
on
A VF must be allocated for this VNIC. If a VF cannot be found,
fail the VNIC creation.
off
Do not allocate a VF for this VNIC. The created VNIC will
always be a regular VNIC regardless of the underlying iov set‐
ting.
Unlike the physical link case, the VNIC's iov property cannot be
modified by set-linkprop. It can only be specified during create-
vnic. Displaying this property through show-linkprop is allowed.
ring-group
This property behaves differently depending on whether it is used
on a physical link or a VNIC. The user can display the current
ring-group by using show-linkprop command. For physical links,
ring-group is just a read-only property to indicate if the driver
supports this feature. The user may not enable/disable this fea‐
ture. Valid values are exclusive and shared.
For VNICs, ring-group is a property that may only be specified at
VNIC creation time. The valid values are: auto (OS decides whether
exclusive or shared used on a particular physical link), exclusive
(VNIC creation fails if exclusive ring-group unavailable), shared
(does not allocate dedicated resources) The default value is
shared.
This property can also be specified during VNIC creation through
the -p option. This option allows the user to choose whether to
create a exclusive hardware ring group VNIC or not.
After VNIC creation, ring-group may not be modified through the
set-linkprop command. Exclusive ring-group VNICs can be supported
in SRIOV mode. In SRIOV mode, the VNIC needs to set the iov prop‐
erty to "off" for exclusive ring-group VNIC creation.
pvlan-tagmode
This property determines how the outgoing packets should be tagged.
This property applies to physical links and the valid values are:
primary The outgoing packets will be tagged with the VNIC's
Primary VID.
secondary The outgoing packets will be tagged with the VNIC's
Secondary VID. This is the default value.
poll
Allows you to enable/disable polling mechanism based on per-
datalink basis.
Polling is a feature meant for reducing interrupt overhead under
high network load. Polling is not desirable for latency-sensitive
workloads because it may incur some delays in the receive path.
The network stack auto-tunes its polling algorithm to minimize such
delays. To avoid delays that may be caused by polling, that feature
can be disabled on a per-datalink basis. Note that this can result
in an increased interrupt rate and CPU utilization.
Note that polling is also disabled automatically when disabling
receive-side fanout by setting rx-fanout property to zero.
zone
Specifies the zone to which the link belongs. This property can be
modified only temporarily through dladm, and thus the -t option
must be specified. To modify the zone assignment such that it per‐
sists across reboots, please use zonecfg(8). Possible values con‐
sist of any exclusive-IP zone currently running on the system. By
default, the zone binding is as per zonecfg(8).
firmware-version
Applicable only for physical datalinks. A read-only property that
specifies the firmware version information for the physical NIC.
This property is only shown when explicitly requested through the
-p option. The format, meaning, and stability of its value is up to
each individual driver and optionally documented in the driver's
manual page.
On IPoIB VNICs, only the following link properties are supported: auto‐
push, zone, max-bw, cpus, rx-fanout, pool, priority, protection,
allowed-ips, and allowed-dhcp-cids.
Wifi Link Properties
The following WiFi link properties are supported. Note that the ability
to set a given property to a given value depends on the driver and
hardware.
channel
Specifies the channel to use. This property can be modified only by
certain WiFi links when in IBSS mode. The default value and allowed
range of values varies by regulatory domain.
power-mode
Specifies the power management mode of the WiFi link. Possible val‐
ues are off (disable power management), max (maximum power sav‐
ings), and fast (performance-sensitive power management). Default
is off.
radio
Specifies the radio mode of the WiFi link. Possible values are on
or off. Default is on.
speed
Specifies a fixed speed for the WiFi link, in megabits per second.
The set of possible values depends on the driver and hardware (but
is shown by show-linkprop); common speeds include 1, 2, 11, and 54.
By default, there is no fixed speed.
Ethernet Link Properties
The following MII Properties, as documented in ieee802.3(7), are sup‐
ported in read-only mode:
o duplex
o state
Formerly, read-only adv_<speed><duplex>_cap properties
reflecting the advertised speed-duplex values (1 meaning on
and 0 being off), and writable en_<speed><duplex>_cap prop‐
erties were provided to enable or disable specific speed-
duplex combinations. These have been replaced with a single
speed-duplex value that can be set to any combination of
(assuming the speeds are supported by the underlying hard‐
ware):
o 100g-f (100 GigaBit Full-Duplex)
o 50g-f (50 GigaBit Full-Duplex)
o 40g-f (40 GigaBit Full-Duplex)
o 25g-f (25 GigaBit Full-Duplex)
o 10g-f (10 GigaBit Full-Duplex)
o 1g-f (1 GigaBit Full-Duplex)
o 1g-h (1 Gigabit Half-Duplex)
o 100m-f (100 MegaBit Full-Duplex)
o 100m-h (100 MegaBit Half-Duplex)
o 10m-f (10 Megabit Full-Duplex)
o 10m-h (10 MegaBit Half-Duplex)
o auto-negotiation
Auto-negotiation was previously supported through the adv-
autoneg-cap property. It is now specified through the auto-
negotiation property.
In the absence of Power Management, the possible speed-
duplex values provide the values that are both negotiated
and currently effective in hardware. However, with Power
Management enabled, the speed/duplex capabilities currently
exposed in the hardware might be a subset of the set of bits
that were used in initial link parameter negotiation. Chang‐
ing the current set of speed-duplex values configures speed
and duplex properties at initial negotiation.
Auto-negotiation is a 0/1 switch that turns off/on auto-
negotiation, and therefore cannot be impacted by Power Man‐
agement.
In addition, the following Ethernet properties are reported:
flow-control
Establishes flow-control modes that will be advertised by the
device. Valid input is one of:
auto
Flow control mode on the device is dynamically determined. To
see the actual flow control mode set on the device, check the
effective value of flow-control property.
no
No flow-control enabled.
rx
Receive, and act upon incoming pause frames.
tx
Transmit pause frames to the peer when congestion occurs, but
ignore received pause frames.
pfc
Transmit pause frames including the priority value of the traf‐
fic that should be paused. Receive pause frames, and act upon
the traffic whose priority values are specified in the frame.
bi
Bidirectional flow control.
Note that the actual settings for this value are constrained by the
capabilities allowed by the device and the link partner. As such
the effective value of flow-control indicates the system chosen
value.
gvrp-timeout
Specifies wait period between VID announcement broadcasts, in mil‐
liseconds.
mtu
The maximum client SDU (Send Data Unit) supported by the device.
Valid range is 68-65536.
num-tcs
The number of Traffic Classes supported on the device. A device
supporting extensions for DCB (Data Center Bridging) can support
multiple traffic classes. This property can be used to determine if
the device supports DCB extensions. This is a read-only property.
pfcmap
This property is used to indicate the 802.1p priority values for
which PFC (Priority-based flow control) is enabled. This is an
8-bit mask, in which an individual bit signifies whether PFC is
enabled for the corresponding priority. For priorities that have
PFC enabled, the device will transmit a pause frame for that prior‐
ity in the event of congestion. This is relevant only if num-tcs is
greater than zero and flow-ctrl-effective is pfc.
The effective value of pfcmap can either be the user configured
value or the effective value of pfcmap-remote depending on LLDP
DCBx negotiations.
pfcmap-remote
This property is used to indicate the PFC configuration of the
remote peer, usually an adjacent switch.
ptp
(read-only) This property is used to indicate the availability of
PTP hardware assistance in the device.
speed
(read-only) The operating speed of the device, in Mbps.
tag-mode
This link property controls the conditions in which 802.1Q VLAN
tags will be inserted in packets being transmitted on the link. Two
mode values can be assigned to this property:
normal
Insert a VLAN tag in outgoing packets under the following con‐
ditions:
o The packet belongs to a VLAN.
o The user requested priority tagging.
vlanonly
Insert a VLAN tag only when the outgoing packet belongs to a
VLAN. If a tag is being inserted in this mode and the user has
also requested a non-zero priority, the priority is honored and
included in the VLAN tag.
The default value is vlanonly.
vlan-announce
This property controls automatic VLAN ID announcement. When
enabled, it broadcasts the VIDs of any VNICs or VLANs configured on
the device. It supports both physical links and aggregations. Pos‐
sible values are:
off
No VID announcements will be sent.
gvrp
Announcements sent using GVRP protocol, as defined in 802.1D.
See gvrp-timeout to configure broadcast frequency.
InfiniBand Link Properties
The following properties are supported only on IB partition object
datalinks and IPoIB VNIC datalinks.
link-mode
Sets the link transport service type on an IB partition datalink.
The default value is cm. Valid values are:
cm
Connected Mode. This mode uses a default MTU of 65520 and sup‐
ports a maximum MTU of 65535 bytes. If Connected Mode is not
available for a remote node, Unreliable Datagram mode will
automatically be used instead.
ud
Unreliable Datagram Mode. This mode uses a default MTU of 2044
and supports a maximum MTU of 4092 bytes.
broadcast-group
The broadcast group state of an IB partition object datalink.
The default value is unknown. Valid values are:
unknown
Initial state of an IB partition object datalink after cre‐
ation and before creating IP instance.
absent
Broadcast group is not configured by the Subnet Manager.
joined
Broadcast group is configured and IB partition object
datalink successfully joined the broadcast group.
unsuccessful
Broadcast group is configured but IPoIB failed to join the
broadcast group. This can occur if one or parameters such
as MTU, srate and Q key is/are different from broadcast
group created on the Subnet Manager (SM). See SM log for
exact reason for the join failure.
IP Tunnel Link Properties
The following IP tunnel link properties are supported.
hop-limit
Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating
outer IP header of a tunnel link. This property exists for all tun‐
nel types. The default value is 64.
encap-limit
Specifies the IPv6 encapsulation limit for an IPv6 tunnel as
defined in RFC 2473. This value is the tunnel nesting limit for a
given tunneled packet. The default value is 4. A value of 0 dis‐
ables the encapsulation limit.
Aggregation Link Properties
The following properties are supported only on DLMP mode aggregations.
probe-enabled
This property controls whether the probe-based failure/recovery
detection is enabled for the given aggregation. When disabled, the
health detection of the underlying port will be solely relying on
the port's link state. Possible values are:
true Probe-based failure/recovery detection is enabled. This is
the default value.
false Probe-based failure/recovery detection is disabled.
probe-ip
This property is a comma separated list of IP addresses allowed for
use as source IP addresses for ICMP probing. IP addresses from this
list, if configured (as plumbed primary or as VNICs) will be used
for ICMP probing. These IP addresses will continue to carry data
traffic like usual. Thus, there is no need to reserve exclusive IP
addresses for probing.
Each field in the list consists of "source IP" followed by optional
target configuration information. The target information, if speci‐
fied, can either be the target IP address or the string "rt". If it
is the latter, the in.dlmpd daemon will consult the routing table
for routes on the same subnet as the specified "source IP" address,
and uses the specified next-hop as the target IP address.
If no target is specified, the DLMP probing service will try to
discover potential targets IP addresses by sending the ICMP multi‐
cast packet.
Regardless the sources of the target IP address (discovered, speci‐
fied or come from the routing table), the target IP address must be
in the same subnetwork as the specified source IP address, or, it
will not take effect.
The following forms are accepted:
<IP address>[/prefixlen][+<target address> |"rt"]
Explicitly specify the IP address and its prefix length
(optional). For example, 10.134.8.0/24+.
<addrobj_name>[+<target address> | "rt"]
Specify the specific addrobj name, which can be seen in the
ipadm show-addr output. For example, vnic1/addr1+169.156.0.1.
<interface_name>[+<target address> | "rt"]
Specify a specific interface name. It can be either the name of
the aggregation interface itself or any VNIC configured over
the aggregation in the global zone. All the IPv4 addresses and
IPv6 addresses configured on the specified interface will be
used for ICMP probing.
Note that to avoid ambiguity between the hostname and the
interface name, the interface names will be enclosed by square
brackets. For example:
[dlmp1]+
+[<target>]
[*|*v4|*v6][:<target address> | "rt"]
The special strings "*", "*v4", and "*v6" can also be used. All
the IP addresses (or the IPv4/link-local-IPv6 IP addresses)
configured on the aggregation and the VNICs will be potential
source IP address of ICMP probes.
probe-vlan-id
This link property specifies the VLAN-ID to be used for both ICMP
and transitive probing. Valid values are from 0 to 4094. The value
0 indicates that the probes are untagged. The default value is 0.
probe-fdt
This link property defines the failure detection time. It config‐
ures the expected failure detection time value in seconds. The
default value is 10s.
Known WLAN Properties
The following Known WLAN properties are supported: priority, bssids,
security-mode, key. These properties are described in the show-wlan
subcommand section above.
EXAMPLES
Example 1 Display Datalink Configuration
The following command shows the effect of invoking dladm with no argu‐
ments.
# dladm
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
net1 phys 1500 up --
net2 phys 1500 unknown --
net3 phys 1500 up --
vnic1 vnic 1500 up net1
vlan1 vlan 1500 up net1
aggr1 aggr 1500 up net2 net3
stub1 etherstub 9000 unknown --
Example 2 Configuring an Aggregation
To configure a data-link over an aggregation of devices bge0 (linkname
net0) and bge1 (linkname net1) with key 1, enter the following command:
# dladm create-aggr -l net0 -l net1 1
To configure an IEEE 802.3ad link aggregation of devices e1000g1
(linkname net0) and e1000g2 (linkname net1) with the name aggr1, enter
following command:
# dladm create-aggr -l net0 -l net1 aggr1
To configure an Datalink Multipathing (dlmp) link aggregation of
devices ixgbe1 (linkame net2) and ixgbe2 (linkname net3) with the name
aggr2 enter following command:
# dladm create-aggr -m dlmp -l net2 -l net3 aggr2
To list aggregations, enter following command:
# dladm show-aggr
LINK MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER
aggr1 trunk L4 auto off short
aggr2 dlmp -- -- -- --
Example 3 Connecting to a WiFi Link
To connect to the most optimal available unsecured network on a system
with a single WiFi link (as per the prioritization rules specified for
connect-wifi), enter the following command:
# dladm connect-wifi
Alternatively, to connect to an available network with the highest pri‐
ority in the Known WLAN list, enter the following command:
# dladm connect-wifi -w
Example 4 Creating a WiFi Key
To interactively create the WPA key mykey, enter the following command:
# dladm create-secobj -c wpa mykey
Alternatively, to non-interactively create the WPA key mykey using the
contents of a file:
# umask 077
# cat >/tmp/mykey.$$ <<EOF
12345678
EOF
# dladm create-secobj -c wpa -f /tmp/mykey.$$ mykey
# rm /tmp/mykey.$$
Example 5 Connecting to a Specified Encrypted WiFi Link
To use key mykey to connect to ESSID wlan on link ath0, enter the fol‐
lowing command:
# dladm connect-wifi -k mykey -e wlan ath0
Example 6 Changing a Link Property
To set power-mode to the value fast on link pcwl0, enter the following
command:
# dladm set-linkprop -p power-mode=fast pcwl0
Example 7 Connecting to a WPA-Protected WiFi Link
Create a WPA key psk and enter the following command:
# dladm create-secobj -c wpa psk
To then use key psk to connect to ESSID wlan on link ath0, enter the
following command:
# dladm connect-wifi -k psk -e wlan ath0
Example 8 Renaming a Link
To rename the bge0 link to mgmt0, enter the following command:
# dladm rename-link bge0 mgmt0
Example 9 Replacing a Network Card
Consider that the bge0 device, whose link was named mgmt0 as shown in
the previous example, needs to be replaced with a ce0 device because of
a hardware failure. The bge0 NIC is physically removed, and replaced
with a new ce0 NIC. To associate the newly added ce0 device with the
mgmt0 configuration previously associated with bge0, enter the follow‐
ing command:
# dladm rename-link ce0 mgmt0
Example 10 Removing a Network Card
Suppose that in the previous example, the intent is not to replace the
bge0 NIC with another NIC, but rather to remove and not replace the
hardware. In that case, the mgmt0 datalink configuration is not slated
to be associated with a different physical device as shown in the pre‐
vious example, but needs to be deleted. Enter the following command to
delete the datalink configuration associated with the mgmt0 datalink,
whose physical hardware (bge0 in this case) has been removed:
# dladm delete-phys mgmt0
Example 11 Using Parseable Output to Capture a Single Field
The following assignment saves the MTU of link net0 to a variable named
mtu.
# mtu=`dladm show-link -p -o mtu net0`
Example 12 Using Parsable Output to Iterate over Links
The following script displays the state of each link on the system.
# dladm show-link -p -o link,state | while IFS=: read link state; do
print "Link $link is in state $state"
done
Example 13 Configuring VNICs
Create two VNICs with names hello0 and test1 over a single physical
link net0:
# dladm create-vnic -l net0 hello0
# dladm create-vnic -l net0 test1
Example 14 Configuring VNICs and Allocating Bandwidth and Priority
Create two VNICs with names hello0 and test1 over a single physical
link net0 and make hello0 a high priority VNIC with a factory-assigned
MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low pri‐
ority VNIC with a random MAC address and a maximum bandwidth of
100Mbps.
# dladm create-vnic -l net0 -m factory -p max-bw=50,priority=high hello0
# dladm create-vnic -l net0 -m random -p max-bw=100M,priority=low test1
Example 15 Configuring a VNIC with a Factory MAC Address
First, list the available factory MAC addresses and choose one of them:
# dladm show-phys -m net0
LINK SLOT ADDRESS INUSE CLIENT
net0 primary 0:e0:81:27:d4:47 yes net0
net0 1 8:0:20:fe:4e:a5 no
net0 2 8:0:20:fe:4e:a6 no
net0 3 8:0:20:fe:4e:a7 no
Create a VNIC named hello0 and use slot 1's address:
# dladm create-vnic -l net0 -m factory -n 1 hello0
# dladm show-phys -m net0
LINK SLOT ADDRESS INUSE CLIENT
net0 primary 0:e0:81:27:d4:47 yes net0
net0 1 8:0:20:fe:4e:a5 yes hello0
net0 2 8:0:20:fe:4e:a6 no
net0 3 8:0:20:fe:4e:a7 no
Example 16 Creating a VNIC with User-Specified MAC Address, Binding it
to Set of Processors
Create a VNIC with name hello0, with a user specified MAC address, and
a processor binding 0, 2, 4-6.
# dladm create-vnic -l net0 -m 8:0:20:fe:4e:b8 -p cpus=0,2,4-6 hello0
Example 17 Creating a Virtual Network Without a Physical NIC
First, create an etherstub with name stub1:
# dladm create-etherstub stub1
Create two VNICs with names hello0 and test1 on the etherstub. This
operation implicitly creates a virtual switch connecting hello0 and
test1.
# dladm create-vnic -l stub1 hello0
# dladm create-vnic -l stub1 test1
Example 18 Displaying Bridge Information
The following commands use the show-bridge subcommand with no and vari‐
ous options.
# dladm show-bridge
BRIDGE PROTECT ADDRESS PRIORITY DESROOT
foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
# dladm show-bridge -l foo
LINK STATE UPTIME DESROOT
hme0 forwarding 117 8192/0:d0:0:76:14:38
qfe1 forwarding 117 8192/0:d0:0:76:14:38
# dladm show-bridge -f foo
DEST AGE FLAGS OUTPUT
8:0:20:bc:a7:dc 10.860 -- hme0
8:0:20:bf:f9:69 -- L hme0
8:0:20:c0:20:26 17.420 -- hme0
8:0:20:e5:86:11 -- L qfe1
Example 19 Creating an IPv4 Tunnel
The following sequence of commands creates and then displays a persis‐
tent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:
# dladm create-iptun -T ipv4 -a local=66.1.2.3,remote=192.4.5.6 mytunnel0
# dladm show-iptun mytunnel0
LINK TYPE FLAGS SOURCE DESTINATION
mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
A point-to-point IP interface can then be created over this tunnel
link:
# ipadm create-ip mytunnel0
# ipadm create-addr -T static -a local=10.1.0.1,remote=10.1.0.2 \
mytunnel0/addr
# ipadm show-addr mytunnel0/addr
ADDROBJ TYPE STATE ADDR
mytunnel0/addr static ok 10.1.0.1->10.1.0.2
Example 20 Creating a 6to4 Tunnel
The following command creates a 6to4 tunnel link. The IPv4 address of
the 6to4 router is 75.10.11.12.
# dladm create-iptun -T 6to4 -a local=75.10.11.12 sitetunnel0
# dladm show-iptun sitetunnel0
LINK TYPE FLAGS SOURCE DESTINATION
sitetunnel0 6to4 -- 75.10.11.12 --
The following command creates an IPv6 interface on this tunnel:
# ipadm create-ip sitetunnel0
# ipadm show-addr sitetunnel0/_a
ADDROBJ TYPE STATE ADDR
sitetunnel0/_a static ok 2002:4b0a:b0c::1/16
Note that the system automatically configures the IPv6 address on the
6to4 IP interface. See ipadm(8) for a description of how IPv6 addresses
are configured on 6to4 tunnel links.
Example 21 Using Link Protection
To enable link protection:
# dladm set-linkprop \
-p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0
To disable link protection:
# dladm reset-linkprop -p protection vnic0
To modify the allowed-ips list:
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0
To modify the allowed-dhcp-cids list:
# dladm set-linkprop -p allowed-dhcp-cids=hello vnic0
To display the resulting configuration:
# dladm show-linkprop -p protection,allowed-ips vnic0
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
vnic0 protection rw mac-nospoof, mac-nospoof, -- mac-nospoof,
restricted, restricted, restricted,
ip-nospoof, ip-nospoof, ip-nospoof,
dhcp-nospoof dhcp-nospoof dhcp-nospoof
vnic0 allowed-ips rw 10.0.0.1, 10.0.0.1, -- --
10.0.0.2 10.0.0.2
vnic0 allowed-dhcp-cids rw hello hello -- --
Example 22 Creating an IB Partition
The following command creates a partition ffff.ibp0 with partition key
0xffff on the physical link ibp0.
# dladm create-part -P ffff -l ibp0 ffff.ibp0
Example 23 Displaying IB Partition Information
The following command displays IB partition information.
# dladm show-part
LINK PKEY OVER STATE FLAGS
ffff.ibp0 FFFF ibp0 up ----
Example 24 Displaying IB Data Links Information
The following command displays IB data links information.
# dladm show-ib
LINK HCAGUID PORTGUID PORT STATE GWNAME GWPORT PKEYS
net0 3BA000100CD7C 3BA000100CD7D 1 down -- -- FFFF
net1 3BA000100CD7C 3BA000100CD7E 2 down -- -- FFFF
net3 5AD0000033634 5AD0000033636 2 up -- -- FFFF,8001
net2 5AD0000033634 5AD0000033635 1 up -- -- FFFF,8001
Example 25 Displaying IB HCA mapping
The following command displays IB HCA name as managed by ibadm(8) that
each IB link runs over.
# dladm show-ib -o link,hca,port,hcaguid,portguid,pkeys
LINK HCA PORT HCAGUID PORTGUID PKEYS
net0 hermon0 1 3BA000100CD7C 3BA000100CD7D FFFF,8001
net1 hermon0 2 3BA000100CD7C 3BA000100CD7E FFFF,8001
net3 hermon0.vhca0 2 5AD0000033634 5AD0000033636 FFFF,8001
net2 hermon0.vhca1 1 5AD0000033634 5AD0000033635 FFFF,8001
Example 26 Deleting a Partition
The following command deletes the partition ffff.ibp0.
# dladm delete-part ffff.ibp0
Example 27 Using show-link to Display Partition Information
The following command uses the show-link subcommand to display parti‐
tion information.
# dladm show-link
LINK CLASS MTU STATE OVER
e1000g0 phys 1500 up --
e1000g1 phys 1500 unknown --
net0 phys 65520 down --
net3 phys 65520 up --
net2 phys 65520 up --
net1 phys 65520 down --
pffff.ibp0 part 2044 down ibp0
p8001.ibp2 part 65520 unknown ibp2
Example 28 Displaying Links in All Zones from the Global Zone
The show-link command shown below displays data links in all zones from
the global zone. Links that are not in the global zone are displayed
with the zonename prefix followed by the slash (/) separator.
In this example, net0 is a VNIC created in the global zone, zone1/net0
is an automatically created VNIC for zone1, and zone2/net0 is an auto‐
matically created VNIC for zone2.
# dladm show-link
LINK CLASS MTU STATE OVER
e1000g0 phys 1500 up --
e1000g1 phys 8170 unknown --
e1000g2 phys 1500 unknown --
e1000g3 phys 1500 unknown --
net0 vnic 1500 up e1000g0
zone1/net0 vnic 1500 up e1000g0
zone2/net0 vnic 1500 up e1000g0
Example 29 Displaying Links in the Global Zone
The following show-link command displays data links in the global zone
only.
# dladm show-link -z global
LINK CLASS MTU STATE OVER
e1000g0 phys 1500 up --
e1000g1 phys 8170 unknown --
e1000g2 phys 1500 unknown --
e1000g3 phys 1500 unknown --
net0 vnic 1500 up e1000g0
Example 30 Displaying Links for a Specified Zone
The following show-link command displays data links in a specific, non-
global zone.
# dladm show-link -z zone1
LINK CLASS MTU STATE OVER
zone1/net0 vnic 1500 up e1000g0
Example 31 Displaying Links for a Specified Zone from the Global Zone
The following show-link command displays, from the global zone, data
links in a specific, non-global zone.
# dladm show-link -z zone1
LINK CLASS MTU STATE OVER
zone1/net0 vnic 1500 up e1000g0
Example 32 Displaying Links in a Non-Global Zone
The following show-link shown below is invoked from zone1 and displays
only data links for that zone.
Note that, in show-link output, the zone1/ prefix is not displayed. The
prefix is not displayed because the command was invoked from within the
zone.
# zlogin zone1
# dladm show-link -z zone1
LINK CLASS MTU STATE OVER
net0 vnic 1500 up ?
Example 33 Using -Z Option to Display the Current Zone
The command below presumes the following conditions:
o The link net1 is currently assigned to zoneA. The entries
net1 and zoneA/net1 represents the same link. The ZONE col‐
umn for these two entries is the same and is the name of the
zone to which the link is currently assigned.
o The link net2 is not assigned to any non-global zone.
o The link zoneB/net2 is an automatic VNIC created for zoneB.
o The link zoneC/net2 is an automatic VNIC created for zoneC.
o The link zoneD/net2 is an IP tunnel created inside zoneD.
Unlike for net1, each entry for net2 represents a different
link. The ZONE column for these entries is different.
# dladm show-link -Z
LINK ZONE CLASS MTU STATE OVER
e1000g0 global phys 1500 up --
e1000g1 global phys 1500 up --
net1 zoneA vnic 1500 up e1000g0
zoneA/net1 zoneA vnic 1500 up e1000g0
net2 global vnic 1500 up e1000g1
zoneB/net2 zoneB vnic 1500 up e1000g1
zoneC/net2 zoneC vnic 1500 up e1000g1
zoneD/net2 zoneD iptun 65515 up --
Example 34 Displaying VDP Information
The following command displays VDP information for vnic1.
# dladm show-ether -P vdp vnic1
LINK VSI VSIID VSI-TYPE-ID VSI-STATE CMD-PENDING
ixgbe1 vnic1 2:8:20:3:2:b 0x58/0 ASSOC DEASSOC
Example 35 Displaying ECP Information
The following command displays ECP information for ixgbe1.
# dladm show-ether -P ecp ixgbe1
LINK SEQNO ACKNO LAST-ACK MAX-RETRIES TIMEOUTS
ixgbe1 65535 25660 0 3 164
Example 36 Setting the VSI Manager ID, VSI Type, and VSI Version
The following commands set the VSI Manager ID, VSI Type, and VSI Ver‐
sion on vnic1.
# dladm set-linkprop -p vsi-manager-id=fe80::214:4fff:fec2:67c8 vnic1
# dladm set-linkprop -p vsi-type-id=0x64,vsi-version=1 vnic1
Example 37 Migrating a VLAN, Modifying its VLAN-ID
The following command sequence shows how you migrate a VLAN and modify
its VLAN-ID.
# dladm show-vlan vlan0
LINK VID SVID PVLAN-TYPE FLAGS OVER
vlan0 100 -- -- ----- net0
# dladm modify-vlan -l net1 -v 200 vlan0
# dladm show-vlan vlan0
LINK VID SVID PVLAN-TYPE FLAGS OVER
vlan0 200 -- -- ----- net1
Example 38 Migrating Multiple VNICs
The following command sequence shows how you migrate multiple VNICs.
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
vnic0 net0 1000 2:8:20:ec:c4:1d random VID:0
vnic1 net0 1000 2:8:20:ec:c4:1e random VID:0
# dladm modify-vnic -l net1 -L net0
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
vnic0 net1 1000 2:8:20:ec:c4:1d random VID:0
vnic1 net1 1000 2:8:20:ec:c4:1e random VID:0
Example 39 Migrating a VNIC and Modifying its MAC Address
The following command sequence shows how you migrate a VNIC and modify
its MAC address.
# dladm show-vnic vnic0
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
vnic0 net0 1000 2:8:20:ec:c4:1d random VID:0
# dladm modify-vnic -l net1 -m 2:8:20:00:01:02 vnic0
# dladm show-vnic vnic0
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
vnic0 net1 1000 2:8:20:0:1:2 fixed VID:0
Example 40 Configuring cos and ETS Bandwidth
The following example creates a VNIC with name vnic1 over the physical
link net1 and assigns to it a cos value of 3.
# dladm create-vnic -p cos=3 -l net1 vnic1
All packets transmitted by vnic1 will have a VLAN header with the pri‐
ority field set to 3.
Additionally, if the underlying physical NIC has registered DCB capa‐
bility, an ETS bandwidth can be assigned to vnic1. The following com‐
mands assume the LLDP package is not installed or enabled.
Check if the underlying NIC has registered DCB capability using the
num-tcs link property. If the value of num-tcs is non-zero, the under‐
lying NIC has registered DCB capability.
# dladm show-linkprop -p num-tcs net1
The following command assigns an ETS bandwidth of 10% of the link's
bandwidth to vnic1.
# dladm set-linkprop -p ets-bw-local=10 vnic1
Note if the max-bw link property has also been set, then the traffic is
limited by the max-bw value.
With the LLDP package (service/network/lldp) installed and enabled, the
ETS bandwidth configuration will follow the IEEE 802.1Qaz specifica‐
tion.
The LLDP ETS TLV willing property determines whether the local or the
remote's configuration is applied or used.
The ets-bw-local-advice link property indicates the value recommended
by the remote, if available. The effective value of ets-bw-local link
property will indicate the actual ETS bandwidth assigned to vnic1, as
shown below.
# dladm show-linkprop -p ets-bw-local-advice, ets-bw-local-effective vnic1
The following command is used to advice the peer to assign 10% of the
link's bandwidth for vnic1.
# dladm set-linkprop -p ets-bw-remote-advice=10 vnic1
Example 41 Configuring an EoIB datalink
Inspect the list of all gateways reachable from a specific IB port
'ibp1'.
# dladm show-ib ibp1
LINK HCAGUID PORTGUID PORT STATE GWNAME GWPORT PKEYS
ibp1 212800013F2F5A 212800013F2F5B 1 up nm2gw-1 0a-eth-1 FFFF
nm2gw-1 0a-eth-2
nm2gw-1 0a-eth-3
nm2gw-1 0a-eth-4
Create an EoIB datalink elink1 binding the host IB port 'ibp1' to the
Ethernet port '0a-eth-2' on the EoIB Gateway 'nm2gw-1'.
# dladm create-eoib -l ibp1 -g nm2gw-1 -c 0a-eth-2 elink1
Verify that an IP interface may be created over the newly created EoIB
datalink elink1.
# ipadm create-ip elink1
# ipadm create-addr -T static -a local=192.168.99.142/24 elink1/v4
# dladm show-eoib
LINK GWNAME GWPORT GWID FLAGS SPEED MACADDRESS OVER
elink1 nm2gw-1 0a-eth-2 1A8 aHnU-- 10000 0:25:8b:60:2:3 ibp1
If the EoIB datalink elink1 is no longer required and may be removed,
delete any IP interfaces (or VNICs) built over the datalink and then
delete the datalink itself using the delete-eoib subcommand.
# ipadm delete-ip elink1
# dladm delete-eoib elink1
# dladm show-eoib
Example 42 Configuring an EoIB datalink Over an IB Port That is Down
# dladm show-ib -p -o state ibp2
down
# dladm create-eoib -l ibp2 -g nm2gw-1 -c 0a-eth-1 elink2
# ipadm create-ip elink2
# dladm show-link elink2
LINK CLASS MTU STATE OVER
elink2 eoib 1500 down ibp2
Now, enable the IB port for ibp2 and check the datalink state.
# dladm show-ib -p -o state ibp2
up
# dladm show-link elink2
LINK CLASS MTU STATE OVER
elink2 eoib 1500 up ibp2
Example 43 Configuring an EoIB Datalink When IB Subnet Manager is Down
nm2gw-2# disablesm
Stopping partitiond-daemon. [ OK ]
Stopping IB Subnet Manager..-. [ OK ]
ib-host# sminfo
ibwarn: [2488] _do_madrpc: recv failed: Connection timed out
ibwarn: [2488] mad_rpc: _do_madrpc failed; dport (Lid 1)
sminfo: iberror: failed: query
ib-host# dladm create-eoib -l ibp2 -g nm2gw-2 -c 0a-eth-1 elink3
ib-host# ipadm create-ip elink3
ib-host# dladm show-link elink3
LINK CLASS MTU STATE OVER
elink3 eoib 1500 down ibp2
Now, enable the IB Subnet Manager on the Gateway and check the state of
the datalink again.
ib-host# dladm show-link elink3
LINK CLASS MTU STATE OVER
elink3 eoib 1500 up ibp2
Example 44 Displaying the Probe State of the DLMP Mode Aggregation
The following command displays the probe state of the DLMP mode aggre‐
gation.
# dladm show-aggr -S aggr1
LINK PORT FLAGS STATE TARGETS XTARGETS
aggr1 s1 u--3 active 192.169.0.2 s0
-- s0 u-2- active -- s1
Example 45 Creating a Known WLAN
The following command creates a Known WLAN with a default priority of
0.
# dladm create-wlan home
To create a Known WLAN for a WiFi network that uses WPA encryption and
associate a secure object with it, enter the following command:
# dladm create-wlan -p security-mode=wpa,key=office-key office
If the office Known WLAN already exists, the properties can be set with
the following command:
# dladm set-wlan -p security-mode=wpa,key=office-key office
Example 46 Changing the priority of a Known WLAN
The following displays how to change the priority of a Known WLAN to 5.
# dladm set-wlan -p priority=5 home
Example 47 Displaying all Known WLANs
The following command displays the Known WLANs configured on the sys‐
tem.
# dladm show-wlan
ESSID PRIORITY SECURITY-MODE KEY
home 5 -- --
office 0 wpa office-key
Example 48 Displaying Help
The following command illustrates the use of invoking the help subcom‐
mand without arguments.
# dladm help
The following subcommands are supported:
Bridge : add-bridge create-bridge delete-bridge
modify-bridge remove-bridge show-bridge
Etherstub : create-etherstub delete-etherstub show-etherstub
EoIB : create-eoib delete-eoib show-eoib
IB : create-part delete-part show-ib
show-part
IP tunnel : create-iptun delete-iptun modify-iptun
show-iptun
Link Aggregation: add-aggr create-aggr delete-aggr
modify-aggr remove-aggr show-aggr
Link : rename-link reset-linkprop set-linkprop
show-link show-linkprop
Secure Object : create-secobj delete-secobj show-secobj
VLAN : create-vlan delete-vlan modify-vlan
show-vlan
VNIC : create-vnic delete-vnic modify-vnic
show-vnic
VXLAN : create-vxlan delete-vxlan show-vxlan
Wifi : connect-wifi disconnect-wifi scan-wifi
show-wifi
Known WLAN : create-wlan delete-wlan show-wlan
set-wlan reset-wlan
Miscellaneous : delete-phys show-ether show-phys
For more info, run: dladm help <subcommand>
The following command illustrates the use of invoking the help subcom‐
mand with a specific subcommand.
# dladm help create-vnic
usage:
create-vnic [-t] -l link [-m value | auto |
{factory [-n slot-id]} | {random [-r prefix]} |
{vrrp -V vrid -A {inet | inet6}} [-v vid [-f]]
[-p prop=value[,...]] [-R root-dir] vnic-link
create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] vnic-link>
Example 49 Creating a VNIC in a Non-Global Zone
The following example creates a VNIC v1 in non-global zones zone1 and
zone2 from the global zone. zone1/net0 and zone2/net0 are automatically
created VNICs for zone1 and zone2 respectively.
# dladm create-vnic -t -l net1 zone1/v1
# dladm create-vnic -t -l net1 zone2/v1
# dladm show-link -Z
LINK ZONE CLASS MTU STATE OVER
net1 global phys 1500 unknown --
net0 global phys 1500 up --
zone1/net0 zone1 vnic 1500 up net0
zone2/net0 zone2 vnic 1500 up net0
zone1/v1 zone1 vnic 1500 up net1
zone2/v1 zone2 vnic 1500 up net1
Example 50 Using -m to Display a VNIC
The following command shows how to use the -m option to display a VNIC.
# dladm show-vnic -m
LINK OVER SPEED MACADDRESSES MACADDRTYPES IDS
vnic0 net5 10000 0:14:4f:fb:87:ee fixed VID:0
vnic1 net5 10000 0:14:4f:87:13:7a fixed VID:0
0:14:4f:87:13:7e fixed
0:14:4f:f8:7e:a fixed
Example 51 Enabling SR-IOV mode and creating a VF VNIC
The following commands show how to enable SR-IOV mode and create a VF
VNIC.
# dladm set-linkprop -p iov=on net0
# dladm show-linkprop -p iov net0
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
net0 iov rw auto on auto auto,on,off
# dladm create-vnic -lnet0 v1
# dladm show-linkprop -p iov v1
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
v1 iov r- inherit on inherit inherit,on,off
Example 52 Displaying SR-IOV information
The following commands can be used to show additional SR-IOV informa‐
tion (continuing from the previous example).
# dladm show-phys -V
LINK VFS-AVAIL VFS-INUSE FLAGS
net0 30 1 -----
# dladm show-vnic -V
LINK VF-ASSIGNED
v1 ixgbevf0
Alternatively, the above fields can specified through the -o option:
# dladm show-phys -o LINK,VFS-INUSE
LINK VFS-INUSE
net0 1
# dladm show-vnic -o VF-ASSIGNED
VF-ASSIGNED
ixgbevf0
Example 53 Creating a regular VNIC on a physical link with iov enabled
The following command can be used to create a regular VNIC on a link
with iov=on.
# dladm create-vnic -lnet0 -piov=off v1
These commands can be used to verify that the VNIC does not have a VF:
# dladm show-linkprop -p iov v1
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
v1 iov r- off off inherit inherit,on,off
# dladm show-vnic -V
LINK VF-ASSIGNED
v1 --
Example 54 Creating a VNIC by connecting it to an Elastic Virtual
Switch (EVS)
The following example creates a VNIC by connecting to an EVS.
# dladm create-vnic -t -c HR/vport0 vnic0
# dladm show-vnic -c
LINK TENANT EVS VPORT OVER MACADDRESS IDS
vnic0 sys-global HR vport0 net2 2:8:20:c1:df:14 VID:100
HR is an EVS and has a port vport0 to which vnic0 will be connected.
vnic0 will inherit all the properties of vport0. HR and vport0 are man‐
aged through evsadm(8).
Example 55 Creating IPoIB VNICs
The following example creates IPoIB VNIC with name ipoib_vnic0 over
physical link net4 with pkey of 0xffff.
# dladm create-vnic -l net4 -P 0xffff ipoib_vnic0
To see the VNIC information:
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
ipoib_vnic0 net4 32000 80:0:0:4a:fe:.. fixed PKEY:0xFFFF
# dladm show-vnic -o link,macaddress
LINK MACADDRESS
ipoib_vnic0 80:0:0:4a:fe:80:0:0:0:0:0:0:0:21:28:0:1:a0:a5:8e
Example 56 Creating a Veth Pair
The following command creates a veth pair with veth's name veth1 and
peer's name veth0.
# dladm create-veth -r veth0 veth1
The following command displays the veth information.
# dladm show-veth
LINK MTU MACADDRESS PEER
veth1 1500 a:0:20:ab:48:64 veth0
veth0 1500 a:0:20:df:e9:d2 veth1
Example 57 Deleting a Veth
The following command deletes the veth veth1 and its peer.
# dladm delete-veth veth1
Example 58 Changing a Veth Property
The following command sets mtu to 2000 on veth0 and veth1.
#dladm set-linkprop -p mtu=2000 veth0
#dladm set-linkprop -p mtu=2000 veth1
#dladm show-veth
LINK MTU MACADDRESS PEER
veth1 2000 a:0:20:ab:48:64 veth0
veth0 2000 a:0:20:df:e9:d2 veth1
Example 59 Creating IPoIB VNICs on InfiniBand DLMP Aggregation
The following example creates InfiniBand DLMP aggregation over two HCA
ports, then creates IPoIB VNIC with name ipoib_vnic0 over the DLMP
aggregation.
# dladm create-aggr -l net4 -l net5 -m dlmp dlmp_ib0
# dladm show-aggr -x dlmp_ib0
LINK PORT SPEED DUPLEX STATE ADDRESS PORTSTATE
dlmp_ib0 -- 32000Mb full up unknown --
net4 32000Mb full up unknown attached
net5 32000Mb full up unknown attached
# dladm create-vnic -l dlmp_ib0 -P ffff ipoib_vnic0
# dladm show-vnic ipoib_vnic0
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
ipoib_vnic0 dlmp_ib0 32000 80:0:0:4a:fe:.. fixed PKEY:0xffff
# dladm show-aggr -C dlmp_ib0
LINK PORT SPEED DUPLEX STATE CLIENTS
dlmp_ib0 -- 32000Mb full up --
net4 32000Mb full up ipoib_vnic0
net5 32000Mb full up --
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
/usr/sbin
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/network _ Interface StabilityCommit‐
ted
/sbin
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
ted
Note that, for both /usr/sbin and /sbin, the -s and -i options to the
show-aggr, show-link and show-vnic subcommands are Committed Obsolete.
These options will be removed in a future release.
Note that, for both /usr/sbin and /sbin, the virtual-switching link
property has an interface stability of Volatile.
Note that the bridge-related subcommands, described with dladm subcom‐
mands above, require installation of the pkg://solaris/network/bridging
package.
Note that, the -H option in dladm show-linkprop -H and the associated
fields: HWPOSSIBLE, SWPOSSIBLE, HWFLAGS, SWFLAGS and MODE have an
interface stability of Volatile.
SEE ALSO
dlpi(4P), attributes(7), ieee802.3(7), acctadm(8), autopush(8),
datalink-management(5), dlstat(8), evsadm(8), ibadm(8), ifconfig(8),
in.dlmpd(8), ipadm(8), ipsecconf(8), lldpadm(8), ndd(8), netadm(8),
netcfg(8), pooladm(8), poolcfg(8), psrset(8), vrrpadm(8), zonecfg(8),
dhcpagent(8)
Configuring and Managing Network Components in Oracle Solaris 11.4
NOTES
The preferred method of referring to an aggregation in the aggregation
subcommands is by its link name. Referring to an aggregation by its
integer key is supported for backward compatibility, but is not neces‐
sary. When creating an aggregation, if a key is specified instead of a
link name, the aggregation's link name will be automatically generated
by dladm as aggrkey.
Oracle Solaris 11.4 11 May 2021 dladm(8)