System Administration Commands dladm(1M)
NAME
dladm - administer data links
SYNOPSIS
dladm show-link [-P] [-s [-i interval]] [[-p] -o field[,...]] [link]
dladm rename-link [-R root-dir] link new-link
dladm delete-phys phys-link
dladm show-phys [-P] [-m] [[-p] -o field[,...]] [-H] [phys-link]
dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] aggr-link
dladm delete-aggr [-t] [-R root-dir] aggr-link
dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
aggr-link
dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]
aggr-link
dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o field[,...]]
[aggr-link]
dladm create-bridge [-P protect] [-R root-dir] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
[-l link...] bridge-name
dladm modify-bridge [-P protect] [-R root-dir] [-p priority]
[-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]
bridge-name
dladm delete-bridge [-R root-dir] bridge-name
dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name
dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name
dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]
[bridge-name]
dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link]
dladm delete-vlan [-t] [-R root-dir] vlan-link
dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
dladm connect-wifi [-e essid] [-i bssid] [-k key,...]
[-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]
[-m a | b | g | n ] [-T time] [wifi-link]
dladm disconnect-wifi [-a] [wifi-link]
dladm show-wifi [[-p] -o field[,...]] [wifi-link]
SunOS 5.11 Last change: 24 Aug 2010 1
System Administration Commands dladm(1M)
dladm show-ether [-x] [[-p] -o field[,...]] [ether-link]
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
dladm show-linkprop [-P] [[-c] -o field[,...]] [-p prop[,...]] [link]
dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
dladm create-vnic [-t] -l link [-R root-dir] [-m value | auto |
{factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}
| {random [-r prefix]}] [-v vlan-id] [-p prop=value[,...]] vnic-link
dladm delete-vnic [-t] [-R root-dir] vnic-link
dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
[-l link] [vnic-link]
dladm create-etherstub [-t] [-R root-dir] etherstub
dladm delete-etherstub [-t] [-R root-dir] etherstub
dladm show-etherstub [etherstub]
dladm create-iptun [-t] [-R root-dir] -T type [-a {local|remote}=addr,...]
iptun-link
dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,...
iptun-link
dladm delete-iptun [-t] [-R root-dir] iptun-link
dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey
[-p prop=value[,...]] part-link
dladm delete-part [-t] [-R root-dir] part-link
dladm show-part [-pP] [-o field[,...]] [-l ib-link] [part-link]
dladm show-ib [-pP] [-o field[,...]] [ib-link]
dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time]
[-e time] [link]
DESCRIPTION
The dladm command is used to administer data-links. A data-
link is represented in the system as a STREAMS DLPI (v2)
interface which can be plumbed under protocol stacks such as
TCP/IP. Each data-link relies on either a single network
SunOS 5.11 Last change: 24 Aug 2010 2
System Administration Commands dladm(1M)
device or an aggregation of devices to send packets to or
receive packets from a network.
Each dladm subcommand operates on one of the following
objects:
link
A datalink, identified by a name. In general, the name
can use any alphanumeric characters (or the underscore,
_), but must start with an alphabetic character and end
with a number. A datalink name can be at most 31 charac-
ters, and the ending number must be between 0 and
4294967294 (inclusive). The ending number must not begin
with a zero. Datalink names between 3 and 8 characters
are recommended.
Some subcommands operate only on certain types or
classes of datalinks. For those cases, the following
object names are used:
aggr-link
An aggregation datalink (or a key; see NOTES).
ether-link
A physical Ethernet datalink.
iptun-link
An IP tunnel link.
part-link
An InfiniBand (IB) partition data link.
phys-link
A physical datalink.
vlan-link
A VLAN datalink.
SunOS 5.11 Last change: 24 Aug 2010 3
System Administration Commands dladm(1M)
vnic-link
A virtual network interface created on a link or an
etherstub. It is a pseudo device that can be treated
as if it were an network interface card on a
machine.
wifi-link
A WiFi datalink.
bridge
A bridge instance, identified by an administratively-
chosen name. The name may use any alphanumeric charac-
ters or the underscore, _, but must start and end with
an alphabetic character. A bridge name can be at most 31
characters. The name default is reserved, as are all
names starting with SUNW.
Note that appending a zero (0) to a bridge name produces
a valid link name, used for observability.
dev
A network device, identified by concatenation of a
driver name and an instance number.
etherstub
An Ethernet stub can be used instead of a physical NIC
to create VNICs. VNICs created on an etherstub will
appear to be connected through a virtual switch, allow-
ing complete virtual networks to be built without physi-
cal hardware.
part
An IB partition link created on a IB physical link.
secobj
A secure object, identified by an administratively-
chosen name. The name can use any alphanumeric charac-
ters, as well as underscore (_), period (.), and hyphen
SunOS 5.11 Last change: 24 Aug 2010 4
System Administration Commands dladm(1M)
(-). A secure object name can be at most 32 characters.
Options
Each dladm subcommand has its own set of options. However,
many of the subcommands have the following as a common
option:
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where the
operation-such as creation, deletion, or renaming-should
apply.
SUBCOMMANDS
The following subcommands are supported:
dladm show-link [-P] [-s [-i interval]] [[-p] -o
field[,...]][link]
Show link configuration information either for all
datalinks or for the specified link. By default, the
system is configured with one datalink for each known
network device. The option to print link statistics is
moved to dlstat(1M).
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. When not modified by the -s
option (described below), the field name must be one
of the fields listed below, or the special value all
to display all fields. By default (without -o),
show-link displays all fields.
LINK
The name of the datalink.
CLASS
The class of the datalink. dladm distinguishes
between the following classes:
aggr
An IEEE 802.3ad link aggregation. The show-
aggr subcommand displays more detail for
this class of datalink.
SunOS 5.11 Last change: 24 Aug 2010 5
System Administration Commands dladm(1M)
part
An IP-over-IB interface. The show-part sub-
command displays more detail for this class
of datalink.
phys
A physical datalink. The show-phys subcom-
mand displays more detail for this class of
datalink.
vlan
A VLAN datalink. The show-vlan subcommand
displays more detail for this class of
datalink.
vnic
A virtual network interface. The show-vnic
subcommand displays more detail for this
class of datalink.
MTU
The maximum transmission unit size for the
datalink being displayed.
STATE
The link state of the datalink. The state can be
up, down, or unknown.
BRIDGE
The name of the bridge to which this link is
assigned, if any.
OVER
The physical datalink(s) over which the datalink
is operating. This applies to aggr, bridge, and
vlan and part partition classes of datalinks. A
SunOS 5.11 Last change: 24 Aug 2010 6
System Administration Commands dladm(1M)
VLAN or IB partition is created over a single
physical datalink, a bridge has multiple
attached links, and an aggregation is comprised
of one or more physical datalinks.
When the -o option is used in conjunction with the
-s option, used to display link statistics, the
field name must be one of the fields listed below,
or the special value all to display all fields
LINK
The name of the datalink.
IPACKETS
Number of packets received on this link.
RBYTES
Number of bytes received on this link.
IERRORS
Number of input errors.
OPACKETS
Number of packets sent on this link.
OBYTES
Number of bytes received on this link.
OERRORS
Number of output errors.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
SunOS 5.11 Last change: 24 Aug 2010 7
System Administration Commands dladm(1M)
-P, --persistent
Display the persistent link configuration.
-s, --statistics
Display link statistics. This option is made
obsolete by dlstat(1M).
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed.
This option is made obsolete by dlstat(1M).
dladm rename-link [-R root-dir] link new-link
Rename link to new-link. This is used to give a link a
meaningful name, or to associate existing link confi-
guration such as link properties of a removed device
with a new device. See the EXAMPLES section for specific
examples of how this subcommand is used.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm delete-phys phys-link
This command is used to delete the persistent configura-
tion of a link associated with physical hardware which
has been removed from the system. See the EXAMPLES sec-
tion.
dladm show-phys [-P] [-m] [[-p] -o field[,...]] [-H] [phys-
link]
Show the physical device and attributes of all physical
links, or of the named physical link. Without -P, only
physical links that are available on the running system
are displayed.
-H
Show hardware resource usage, as returned by the NIC
SunOS 5.11 Last change: 24 Aug 2010 8
System Administration Commands dladm(1M)
driver. Output from -H displays the following ele-
ments:
LINK
A physical device corresponding to a NIC driver.
RINGTYPE
The type of the ring, either RX or TX.
RINGS
The ring index. A ring is an hardware resource,
which typically maps to a DMA channel, that can
be programmed for specific use. For example, an
RX ring can be programmed to receive only pack-
ets belonging to a specific MAC address.
CLIENTS
MAC clients that are using the rings.
-m
Display the list of factory MAC addresses, their
slot identifiers, and their availability.
-o field, --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all, to
display all fields. For each link, the following
fields can be displayed:
LINK
The name of the datalink.
MEDIA
The media type provided by the physical
datalink.
SunOS 5.11 Last change: 24 Aug 2010 9
System Administration Commands dladm(1M)
STATE
The state of the link. This can be up, down, or
unknown.
SPEED
The current speed of the link, in megabits per
second.
DUPLEX
For Ethernet links, the full/half duplex status
of the link is displayed if the link state is
up. The duplex is displayed as unknown in all
other cases.
DEVICE
The name of the physical device under this link.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
-P, --persistent
This option displays persistent configuration for
all links, including those that have been removed
from the system. The output provides a FLAGS column
in which the r flag indicates that the physical dev-
ice associated with a physical link has been
removed. For such links, delete-phys can be used to
purge the link's configuration from the system.
dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] -l ether-link1 [-l ether-link2...]
aggr-link
Combine a set of links into a single IEEE 802.3ad link
aggregation named aggr-link. The use of an integer key
to generate a link name for the aggregation is also
SunOS 5.11 Last change: 24 Aug 2010 10
System Administration Commands dladm(1M)
supported for backward compatibility. Many of the *-aggr
subcommands below also support the use of a key to refer
to a given aggregation, but use of the aggregation link
name is preferred. See the NOTES section for more infor-
mation on keys.
dladm supports a number of port selection policies for
an aggregation of ports. (See the description of the -P
option, below.) If you do not specify a policy, create-
aggr uses the default, the L4 policy, described under
the -P option.
-l ether-link, --link=ether-link
Each Ethernet link (or port) in the aggregation is
specified using an -l option followed by the name of
the link to be included in the aggregation. Multiple
links are included in the aggregation by specifying
multiple -l options. For backward compatibility with
previous versions of Solaris, the dladm command also
supports the using the -d option (or --dev) with a
device name to specify links by their underlying
device name. The other *-aggr subcommands that take
-loptions also accept -d.
-t, --temporary
Specifies that the aggregation is temporary. Tem-
porary aggregations last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-P policy, --policy=policy
Specifies the port selection policy to use for load
spreading of outbound traffic. The policy specifies
which dev object is used to send packets. A policy
is a list of one or more layers specifiers separated
by commas. A layer specifier is one of the follow-
ing:
L2
Select outbound device according to source and
destination MAC addresses of the packet.
SunOS 5.11 Last change: 24 Aug 2010 11
System Administration Commands dladm(1M)
L3
Select outbound device according to source and
destination IP addresses of the packet.
L4
Select outbound device according to the upper
layer protocol information contained in the
packet. For TCP and UDP, this includes source
and destination ports. For IPsec, this includes
the SPI (Security Parameters Index).
For example, to use upper layer protocol informa-
tion, the following policy can be used:
-P L4
Note that policy L4 is the default.
To use the source and destination MAC addresses as
well as the source and destination IP addresses, the
following policy can be used:
-P L2,L3
-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used,
the mode in which it should operate. Supported
values are off, active or passive.
-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values
are short or long.
-u address, --unicast=address
Specifies a fixed unicast hardware address to be
used for the aggregation. If this option is not
specified, then an address is automatically chosen
from the set of addresses of the component devices.
SunOS 5.11 Last change: 24 Aug 2010 12
System Administration Commands dladm(1M)
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] aggr-link
Modify the parameters of the specified aggregation.
-t, --temporary
Specifies that the modification is temporary. Tem-
porary aggregations last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-P policy, --policy=policy
Specifies the port selection policy to use for load
spreading of outbound traffic. See dladm create-aggr
for a description of valid policy values.
-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used,
the mode in which it should operate. Supported
values are off, active, or passive.
-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values
are short or long.
-u address, --unicast=address
Specifies a fixed unicast hardware address to be
used for the aggregation. If this option is not
specified, then an address is automatically chosen
from the set of addresses of the component devices.
dladm delete-aggr [-t] [-R root-dir] aggr-link
Deletes the specified aggregation.
-t, --temporary
SunOS 5.11 Last change: 24 Aug 2010 13
System Administration Commands dladm(1M)
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--
link=ether-link2...] aggr-link
Adds links to the specified aggregation.
-l ether-link, --link=ether-link
Specifies an Ethernet link to add to the aggrega-
tion. Multiple links can be added by supplying mul-
tiple -l options.
-t, --temporary
Specifies that the additions are temporary. Tem-
porary additions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--
l=ether-link2...] aggr-link
Removes links from the specified aggregation.
-l ether-link, --link=ether-link
Specifies an Ethernet link to remove from the aggre-
gation. Multiple links can be added by supplying
multiple -l options.
-t, --temporary
Specifies that the removals are temporary. Temporary
removal last until the next reboot.
SunOS 5.11 Last change: 24 Aug 2010 14
System Administration Commands dladm(1M)
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-aggr [-PLx] [-s [-i interval]] [[-p] -o
field[,...]] [aggr-link]
Show aggregation configuration (the default) or LACP
information either for all aggregations or for the
specified aggregation.
By default (with no options), the following fields can
be displayed:
LINK
The name of the aggregation link.
POLICY
The LACP policy of the aggregation. See the create-
aggr -P option for a description of the possible
values.
ADDRPOLICY
Either auto, if the aggregation is configured to
automatically configure its unicast MAC address (the
default if the -u option was not used to create or
modify the aggregation), or fixed, if -u was used to
set a fixed MAC address.
LACPACTIVITY
The LACP mode of the aggregation. Possible values
are off, active, or passive, as set by the -l option
to create-aggr or modify-aggr.
LACPTIMER
The LACP timer value of the aggregation as set by
the -T option of create-aggr or modify-aggr.
FLAGS
SunOS 5.11 Last change: 24 Aug 2010 15
System Administration Commands dladm(1M)
A set of state flags associated with the aggrega-
tion. The only possible flag is f, which is
displayed if the administrator forced the creation
the aggregation using the -f option to create-aggr.
Other flags might be defined in the future.
The show-aggr command accepts the following options:
-L, --lacp
Displays detailed LACP information for the aggrega-
tion link and each underlying port. Most of the
state information displayed by this option is
defined by IEEE 802.3. With this option, the follow-
ing fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation
ports.
AGGREGATABLE
Whether the port can be added to the aggrega-
tion.
SYNC
If yes, the system considers the port to be syn-
chronized and part of the aggregation.
COLL
If yes, collection of incoming frames is enabled
on the associated port.
DIST
If yes, distribution of outgoing frames is
enabled on the associated port.
SunOS 5.11 Last change: 24 Aug 2010 16
System Administration Commands dladm(1M)
DEFAULTED
If yes, the port is using defaulted partner
information (that is, has not received LACP data
from the LACP partner).
EXPIRED
If yes, the receive state of the port is in the
EXPIRED state.
-x, --extended
Display additional aggregation information including
detailed information on each underlying port. With
-x, the following fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation
ports.
SPEED
The speed of the link or port in megabits per
second.
DUPLEX
The full/half duplex status of the link or port
is displayed if the link state is up. The duplex
status is displayed as unknown in all other
cases.
STATE
The link state. This can be up, down, or
unknown.
SunOS 5.11 Last change: 24 Aug 2010 17
System Administration Commands dladm(1M)
ADDRESS
The MAC address of the link or port.
PORTSTATE
This indicates whether the individual aggrega-
tion port is in the standby or attached state.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed above, or the special value all, to
display all fields. The fields applicable to the -o
option are limited to those listed under each output
mode. For example, if using -L, only the fields
listed under -L, above, can be used with -o.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
-P, --persistent
Display the persistent aggregation configuration
rather than the state of the running system.
-s, --statistics
Displays aggregation statistics. This option is made
obsolete by dlstat(1M).
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed.
This option is made obsolete by dlstat(1M).
dladm create-bridge [ -P protect] [-R root-dir] [ -p prior-
ity] [ -m max-age] [ -h hello-time] [ -d forward-delay] [ -f
SunOS 5.11 Last change: 24 Aug 2010 18
System Administration Commands dladm(1M)
force-protocol] [-l link...] bridge-name
Create an 802.1D bridge instance and optionally assign
one or more network links to the new bridge. By default,
no bridge instances are present on the system.
In order to bridge between links, you must create at
least one bridge instance. Each bridge instance is
separate, and there is no forwarding connection between
bridges.
-P protect, --protect=protect
Specifies a protection method. The defined protec-
tion methods are stp for the Spanning Tree Protocol
and trill for TRILL, which is used on RBridges. The
default value is stp.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p priority, --priority=priority
Specifies the Bridge Priority. This sets the IEEE
STP priority value for determining the root bridge
node in the network. The default value is 32768.
Valid values are 0 (highest priority) to 61440
(lowest priority), in increments of 4096.
If a value not evenly divisible by 4096 is used, the
system silently rounds downward to the next lower
value that is divisible by 4096.
-m max-age, --max-age=max-age
Specifies the maximum age for configuration informa-
tion in seconds. This sets the STP Bridge Max Age
parameter. This value is used for all nodes in the
network if this node is the root bridge. Bridge link
information older than this time is discarded. It
defaults to 20 seconds. Valid values are from 6 to
40 seconds. See the -d forward-delay parameter for
additional constraints.
-h hello-time, --hello-time=hello-time
Specifies the STP Bridge Hello Time parameter. When
SunOS 5.11 Last change: 24 Aug 2010 19
System Administration Commands dladm(1M)
this node is the root node, it sends Configuration
BPDUs at this interval throughout the network. The
default value is 2 seconds. Valid values are from 1
to 10 seconds. See the -d forward-delay parameter
for additional constraints.
-d forward-delay, --forward-delay=forward-delay
Specifies the STP Bridge Forward Delay parameter.
When this node is the root node, then all bridges in
the network use this timer to sequence the link
states when a port is enabled. The default value is
15 seconds. Valid values are from 4 to 30 seconds.
Bridges must obey the following two constraints:
2 * (forward-delay - 1.0) >= max-age
max-age >= 2 * (hello-time + 1.0)
Any parameter setting that would violate those con-
straints is treated as an error and causes the com-
mand to fail with a diagnostic message. The message
provides valid alternatives to the supplied values.
-f force-protocol, --force-protocol=force-protocol
Specifies the MSTP forced maximum supported proto-
col. The default value is 3. Valid values are non-
negative integers. The current implementation does
not support RSTP or MSTP, so this currently has no
effect. However, to prevent MSTP from being used in
the future, the parameter may be set to 0 for STP
only or 2 for STP and RSTP.
-l link, --link=link
Specifies one or more links to add to the newly-
created bridge. This is similar to creating the
bridge and then adding one or more links, as with
the add-bridge subcommand. However, if any of the
links cannot be added, the entire command fails, and
the new bridge itself is not created. To add multi-
ple links on the same command line, repeat this
option for each link. You are permitted to create
bridges without links. For more information about
link assignments, see the add-bridge subcommand.
SunOS 5.11 Last change: 24 Aug 2010 20
System Administration Commands dladm(1M)
Bridge creation and link assignment require the
PRIV_SYS_DL_CONFIG privilege. Bridge creation might fail
if the optional bridging feature is not installed on the
system.
dladm modify-bridge [ -P protect] [-R root-dir] [ -p prior-
ity] [ -m max-age] [ -h hello-time] [ -d forward-delay] [ -f
force-protocol] [-l link...] bridge-name
Modify the operational parameters of an existing bridge.
The options are the same as for the create-bridge sub-
command, except that the -l option is not permitted. To
add links to an existing bridge, use the add-bridge sub-
command.
Bridge parameter modification requires the
PRIV_SYS_DL_CONFIG privilege.
dladm delete-bridge [-R root-dir] bridge-name
Delete a bridge instance. The bridge being deleted must
not have any attached links. Use the remove-bridge sub-
command to deactivate links before deleting a bridge.
Bridge deletion requires the PRIV_SYS_DL_CONFIG
privilege.
The -R (--root-dir) option is the same as for the
create-bridge subcommand.
dladm add-bridge [-R root-dir] -l link [-l link...] bridge-
name
Add one or more links to an existing bridge. If multiple
links are specified, and adding any one of them results
in an error, the command fails and no changes are made
to the system.
Link addition to a bridge requires the
PRIV_SYS_DL_CONFIG privilege.
A link may be a member of at most one bridge. An error
occurs when you attempt to add a link that already
belongs to another bridge. To move a link from one
bridge instance to another, remove it from the current
bridge before adding it to a new one.
The links assigned to a bridge must not also be VLANs,
VNICs, or tunnels. Only physical Ethernet datalinks,
SunOS 5.11 Last change: 24 Aug 2010 21
System Administration Commands dladm(1M)
aggregation datalinks, and Ethernet stubs are permitted
to be assigned to a bridge.
Links assigned to a bridge must all have the same MTU.
This is checked when the link is assigned. The link is
added to the bridge in a deactivated form if it is not
the first link on the bridge and it has a differing MTU.
Note that systems using bridging should not set the
eeprom(1M) local-mac-address? variable to false.
The options are the same as for the create-bridge sub-
command.
dladm remove-bridge [-R root-dir] -l link [-l link...]
bridge-name
Remove one or more links from a bridge instance. If mul-
tiple links are specified, and removing any one of them
would result in an error, the command fails and none are
removed.
Link removal from a bridge requires the
PRIV_SYS_DL_CONFIG privilege.
The options are the same as for the create-bridge sub-
command.
dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o
field,...] [bridge-name]
Show the running status and configuration of bridges,
their attached links, learned forwarding entries, and
TRILL nickname databases. When showing overall bridge
status and configuration, the bridge name can be omitted
to show all bridges. The other forms require a specified
bridge.
The show-bridge subcommand accepts the following
options:
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed. If
this option is not specified, statistics will be
displayed only once.
SunOS 5.11 Last change: 24 Aug 2010 22
System Administration Commands dladm(1M)
-s, --statistics
Display statistics for the specified bridges or for
a given bridge's attached links. This option cannot
be used with the -f and -t options.
-p, --parseable
Display using a stable machine-parsable format. See
"Parsable Output Format," below.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field names are described
below. The special value all displays all fields.
Each set of fields has its own default set to
display when -o is not specified.
By default, the show-bridge subcommand shows bridge con-
figuration. The following fields can be shown:
BRIDGE
The name of the bridge.
ADDRESS
The Bridge Unique Identifier value (MAC address).
PRIORITY
Configured priority value; set by -p with create-
bridge and modify-bridge.
BMAXAGE
Configured bridge maximum age; set by -m with
create-bridge and modify-bridge.
BHELLOTIME
Configured bridge hello time; set by -h with
create-bridge and modify-bridge.
SunOS 5.11 Last change: 24 Aug 2010 23
System Administration Commands dladm(1M)
BFWDDELAY
Configured forwarding delay; set by -d with create-
bridge and modify-bridge.
FORCEPROTO
Configured forced maximum protocol; set by -f with
create-bridge and modify-bridge.
TCTIME
Time, in seconds, since last topology change.
TCCOUNT
Count of the number of topology changes.
TCHANGE
This indicates that a topology change was detected.
DESROOT
Bridge Identifier of the root node.
ROOTCOST
Cost of the path to the root node.
ROOTPORT
Port number used to reach the root node.
MAXAGE
Maximum age value from the root node.
HELLOTIME
Hello time value from the root node.
SunOS 5.11 Last change: 24 Aug 2010 24
System Administration Commands dladm(1M)
FWDDELAY
Forward delay value from the root node.
HOLDTIME
Minimum BPDU interval.
By default, when the -o option is not specified, only
the BRIDGE, ADDRESS, PRIORITY, and DESROOT fields are
shown.
When the -s option is specified, the show-bridge subcom-
mand shows bridge statistics. The following fields can
be shown:
BRIDGE
Bridge name.
DROPS
Number of packets dropped due to resource problems.
FORWARDS
Number of packets forwarded from one link to
another.
MBCAST
Number of multicast and broadcast packets handled by
the bridge.
RECV
Number of packets received on all attached links.
SENT
Number of packets sent on all attached links.
UNKNOWN
Number of packets handled that have an unknown
SunOS 5.11 Last change: 24 Aug 2010 25
System Administration Commands dladm(1M)
destination. Such packets are sent to all links.
By default, when the -o option is not specified, only
the BRIDGE, DROPS, and FORWARDS fields are shown.
The show-bridge subcommand also accepts the following
options:
-l, --link
Displays link-related status and statistics informa-
tion for all links attached to a single bridge
instance. By using this option and without the -s
option, the following fields can be displayed for
each link:
LINK
The link name.
INDEX
Port (link) index number on the bridge.
STATE
State of the link. The state can be disabled,
discarding, learning, forwarding, non-stp, or
bad-mtu.
UPTIME
Number of seconds since the last reset or ini-
tialization.
OPERCOST
Actual cost in use (1-65535).
OPERP2P
This indicates whether point-to-point (P2P) mode
been detected.
OPEREDGE
SunOS 5.11 Last change: 24 Aug 2010 26
System Administration Commands dladm(1M)
This indicates whether edge mode has been
detected.
DESROOT
The Root Bridge Identifier that has been seen on
this port.
DESCOST
Path cost to the network root node through the
designated port.
DESBRIDGE
Bridge Identifier for this port.
DESPORT
The ID and priority of the port used to transmit
configuration messages for this port.
TCACK
This indicates whether Topology Change Ack-
nowledge has been seen.
When the -l option is specified without the -o
option, only the LINK, STATE, UPTIME, and DESROOT
fields are shown.
When the -l option is specified, the -s option can
be used to display the following fields for each
link:
LINK
Link name.
CFGBPDU
Number of configuration BPDUs received.
TCNBPDU
SunOS 5.11 Last change: 24 Aug 2010 27
System Administration Commands dladm(1M)
Number of topology change BPDUs received.
RSTPBPDU
Number of Rapid Spanning Tree BPDUs received.
TXBPDU
Number of BPDUs transmitted.
DROPS
Number of packets dropped due to resource prob-
lems.
RECV
Number of packets received by the bridge.
XMIT
Number of packets sent by the bridge.
When the -o option is not specified, only the LINK,
DROPS, RECV, and XMIT fields are shown.
-f, --forwarding
Displays forwarding entries for a single bridge
instance. With this option, the following fields can
be shown for each forwarding entry:
DEST
Destination MAC address.
AGE
Age of entry in seconds and milliseconds. Omit-
ted for local entries.
FLAGS
The L (local) flag is shown if the MAC address
SunOS 5.11 Last change: 24 Aug 2010 28
System Administration Commands dladm(1M)
belongs to an attached link or to a VNIC on one
of the attached links.
OUTPUT
For local entries, this is the name of the
attached link that has the MAC address. Other-
wise, for bridges that use Spanning Tree Proto-
col, this is the output interface name. For
RBridges, this is the output TRILL nickname.
When the -o option is not specified, the DEST, AGE,
FLAGS, and OUTPUT fields are shown.
-t, --trill
Displays TRILL nickname entries for a single bridge
instance. With this option, the following fields can
be shown for each TRILL nickname entry:
NICK
TRILL nickname for this RBridge, which is a
number from 1 to 65535.
FLAGS
The L flag is shown if the nickname identifies
the local system.
LINK
Link name for output when sending messages to
this RBridge.
NEXTHOP
MAC address of the next hop RBridge that is used
to reach the RBridge with this nickname.
When the -o option is not specified, the NICK,
FLAGS, LINK, and NEXTHOP fields are shown.
dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid
[vlan-link]
SunOS 5.11 Last change: 24 Aug 2010 29
System Administration Commands dladm(1M)
Create a tagged VLAN link with an ID of vid over Ether-
net link ether-link. The name of the VLAN link can be
specified as vlan-link. If the name is not specified, a
name will be automatically generated (assuming that
ether-link is namePPA) as:
<1000 * vlan-tag + PPA>
For example, if ether-link is bge1 and vid is 2, the
name generated is bge2001.
-f, --force
Force the creation of the VLAN link. Some devices do
not allow frame sizes large enough to include a VLAN
header. When creating a VLAN link over such a dev-
ice, the -f option is needed, and the MTU of the IP
interfaces on the resulting VLAN must be set to 1496
instead of 1500.
-l ether-link
Specifies Ethernet link over which VLAN is created.
-t, --temporary
Specifies that the VLAN link is temporary. Temporary
VLAN links last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm delete-vlan [-t] [-R root-dir] vlan-link
Delete the VLAN link specified.
The delete-vlansubcommand accepts the following options:
-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
SunOS 5.11 Last change: 24 Aug 2010 30
System Administration Commands dladm(1M)
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link]
Display VLAN configuration for all VLAN links or for the
specified VLAN link.
The show-vlansubcommand accepts the following options:
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all, to
display all fields. For each VLAN link, the follow-
ing fields can be displayed:
LINK
The name of the VLAN link.
VID
The ID associated with the VLAN.
OVER
The name of the physical link over which this
VLAN is configured.
FLAGS
A set of flags associated with the VLAN link.
Possible flags are:
f
The VLAN was created using the -f option to
create-vlan.
i
The VLAN was implicitly created when the
DLPI link was opened. These VLAN links are
SunOS 5.11 Last change: 24 Aug 2010 31
System Administration Commands dladm(1M)
automatically deleted on last close of the
DLPI link (for example, when the IP inter-
face associated with the VLAN link is
unplumbed).
Additional flags might be defined in the future.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
-P, --persistent
Display the persistent VLAN configuration rather
than the state of the running system.
dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
Scans for WiFi networks, either on all WiFi links, or
just on the specified wifi-link.
By default, currently all fields but BSSTYPE are
displayed.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. For each WiFi network found, the
following fields can be displayed:
LINK
The name of the link the WiFi network is on.
ESSID
The ESSID (name) of the WiFi network.
BSSID
Either the hardware address of the WiFi
SunOS 5.11 Last change: 24 Aug 2010 32
System Administration Commands dladm(1M)
network's Access Point (for BSS networks), or
the WiFi network's randomly generated unique
token (for IBSS networks).
SEC
Either none for a WiFi network that uses no
security, wep for a WiFi network that requires
WEP (Wired Equivalent Privacy), or wpa for a
WiFi network that requires WPA (Wi-Fi Protected
Access).
MODE
The supported connection modes: one or more of
a, b, g, or n.
STRENGTH
The strength of the signal: one of excellent,
very good, good, weak, or very weak.
SPEED
The maximum speed of the WiFi network, in mega-
bits per second.
BSSTYPE
Either bss for BSS (infrastructure) networks, or
ibss for IBSS (ad-hoc) networks.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s
none | wep | wpa] [-a open|shared] [-b bss|ibss] [-c] [-m
a|b|g|n] [-T time] [wifi-link]
Connects to a WiFi network. This consists of four steps:
SunOS 5.11 Last change: 24 Aug 2010 33
System Administration Commands dladm(1M)
discovery, filtration, prioritization, and association.
However, to enable connections to non-broadcast WiFi
networks and to improve performance, if a BSSID or ESSID
is specified using the -e or -i options, then the first
three steps are skipped and connect-wifi immediately
attempts to associate with a BSSID or ESSID that matches
the rest of the provided parameters. If this association
fails, but there is a possibility that other networks
matching the specified criteria exist, then the tradi-
tional discovery process begins as specified below.
The discovery step finds all available WiFi networks on
the specified WiFi link, which must not yet be con-
nected. For administrative convenience, if there is only
one WiFi link on the system, wifi-link can be omitted.
Once discovery is complete, the list of networks is fil-
tered according to the value of the following options:
-e essid, --essid=essid
Networks that do not have the same essid are fil-
tered out.
-b bss|ibss, --bsstype=bss|ibss
Networks that do not have the same bsstype are fil-
tered out.
-m a|b|g, --mode=a|b|g|n
Networks not appropriate for the specified 802.11
mode are filtered out.
-k key,..., --key=key, ...
Use the specified secobj named by the key to connect
to the network. Networks not appropriate for the
specified keys are filtered out.
-s none|wep|wpa, --sec=none|wep|wpa
Networks not appropriate for the specified security
mode are filtered out.
Next, the remaining networks are prioritized, first by
signal strength, and then by maximum speed. Finally, an
attempt is made to associate with each network in the
SunOS 5.11 Last change: 24 Aug 2010 34
System Administration Commands dladm(1M)
list, in order, until one succeeds or no networks
remain.
In addition to the options described above, the follow-
ing options also control the behavior of connect-wifi:
-a open|shared, --auth=open|shared
Connect using the specified authentication mode. By
default, open and shared are tried in order.
-c, --create-ibss
Used with -b ibss to create a new ad-hoc network if
one matching the specified ESSID cannot be found. If
no ESSID is specified, then -c -b ibss always
triggers the creation of a new ad-hoc network.
-T time, --timeout=time
Specifies the number of seconds to wait for associa-
tion to succeed. If time is forever, then the asso-
ciate will wait indefinitely. The current default is
ten seconds, but this might change in the future.
Timeouts shorter than the default might not succeed
reliably.
-k key,..., --key=key,...
In addition to the filtering previously described,
the specified keys will be used to secure the asso-
ciation. The security mode to use will be based on
the key class; if a security mode was explicitly
specified, it must be compatible with the key class.
All keys must be of the same class.
For security modes that support multiple key slots,
the slot to place the key will be specified by a
colon followed by an index. Therefore, -k mykey:3
places mykey in slot 3. By default, slot 1 is
assumed. For security modes that support multiple
keys, a comma-separated list can be specified, with
the first key being the active key.
dladm disconnect-wifi [-a] [wifi-link]
Disconnect from one or more WiFi networks. If wifi-link
SunOS 5.11 Last change: 24 Aug 2010 35
System Administration Commands dladm(1M)
specifies a connected WiFi link, then it is discon-
nected. For administrative convenience, if only one WiFi
link is connected, wifi-link can be omitted.
-a, --all-links
Disconnects from all connected links. This is pri-
marily intended for use by scripts.
dladm show-wifi [[-p] -o field,...] [wifi-link]
Shows WiFi configuration information either for all WiFi
links or for the specified link wifi-link.
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all, to
display all fields. For each WiFi link, the follow-
ing fields can be displayed:
LINK
The name of the link being displayed.
STATUS
Either connected if the link is connected, or
disconnected if it is not connected. If the link
is disconnected, all remaining fields have the
value --.
ESSID
The ESSID (name) of the connected WiFi network.
BSSID
Either the hardware address of the WiFi
network's Access Point (for BSS networks), or
the WiFi network's randomly generated unique
token (for IBSS networks).
SEC
SunOS 5.11 Last change: 24 Aug 2010 36
System Administration Commands dladm(1M)
Either none for a WiFi network that uses no
security, wep for a WiFi network that requires
WEP, or wpa for a WiFi network that requires
WPA.
MODE
The supported connection modes: one or more of
a, b, g, or n.
STRENGTH
The connection strength: one of excellent, very
good, good, weak, or very weak.
SPEED
The connection speed, in megabits per second.
AUTH
Either open or shared (see connect-wifi).
BSSTYPE
Either bss for BSS (infrastructure) networks, or
ibss for IBSS (ad-hoc) networks.
By default, currently all fields but AUTH, BSSID,
BSSTYPE are displayed.
-p, --parseable
Displays using a stable machine-parseable format.
The -o option is required with -p. See "Parseable
Output Format", below.
dladm show-ether [-x] [[-p] -o field,...] [ether-link]
Shows state information either for all physical Ethernet
links or for a specified physical Ethernet link.
The show-ether subcommand accepts the following options:
SunOS 5.11 Last change: 24 Aug 2010 37
System Administration Commands dladm(1M)
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. For each link, the following
fields can be displayed:
LINK
The name of the link being displayed.
PTYPE
Parameter type, where current indicates the
negotiated state of the link, capable indicates
capabilities supported by the device, adv indi-
cates the advertised capabilities, and peeradv
indicates the capabilities advertised by the
link-partner.
STATE
The state of the link.
AUTO
A yes/no value indicating whether auto-
negotiation is advertised.
SPEED-DUPLEX
Combinations of speed and duplex values avail-
able. The units of speed are encoded with a
trailing suffix of G (Gigabits/s) or M (Mb/s).
Duplex values are encoded as f (full-duplex) or
h (half-duplex).
PAUSE
Flow control information. Can be no, indicating
no flow control is available; tx, indicating
that the end-point can transmit pause frames,
but ignores any received pause frames; rx, indi-
cating that the end-point receives and acts upon
received pause frames; or bi, indicating bi-
directional flow-control.
SunOS 5.11 Last change: 24 Aug 2010 38
System Administration Commands dladm(1M)
REM_FAULT
Fault detection information. Valid values are
none or fault.
By default, all fields except REM_FAULT are
displayed for the "current" PTYPE.
-p, --parseable
Displays using a stable machine-parseable format.
The -o option is required with -p. See "Parseable
Output Format", below.
-x, --extended
Extended output is displayed for PTYPE values of
current, capable, adv and peeradv.
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...]
link
Sets the values of one or more properties on the link
specified. The list of properties and their possible
values depend on the link type, the network device
driver, and networking hardware. These properties can be
retrieved using show-linkprop.
-t, --temporary
Specifies that the changes are temporary. Temporary
changes last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the
specified values.
Note that when the persistent value is set, the tem-
porary value changes to the same value.
SunOS 5.11 Last change: 24 Aug 2010 39
System Administration Commands dladm(1M)
dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
Resets one or more properties to their values on the
link specified. Properties are reset to the values they
had at startup. If no properties are specified, all pro-
perties are reset. See show-linkprop for a description
of properties.
-t, --temporary
Specifies that the resets are temporary. Values are
reset to default values. Temporary resets last until
the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-p prop, ..., --prop=prop, ...
A comma-separated list of properties to reset.
Note that when the persistent value is reset, the tem-
porary value changes to the same value.
dladm show-linkprop [-P] [[-c] -o field[,...]][-p
prop[,...]] [link]
Show the current or persistent values of one or more
properties, either for all datalinks or for the speci-
fied link. By default, current values are shown. If no
properties are specified, all available link properties
are displayed. For each property, the following fields
are displayed:
-o field[,...], --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. For each link, the following
fields can be displayed:
LINK
The name of the datalink.
SunOS 5.11 Last change: 24 Aug 2010 40
System Administration Commands dladm(1M)
PROPERTY
The name of the property.
PERM
The read/write permissions of the property. The
value shown is one of ro or rw.
VALUE
The current (or persistent) property value. If
the value is not set, it is shown as --. If it
is unknown, the value is shown as ?. Persistent
values that are not set or have been reset will
be shown as -- and will use the system DEFAULT
value (if any).
DEFAULT
The default value of the property. If the pro-
perty has no default value, -- is shown.
POSSIBLE
A comma-separated list of the values the pro-
perty can have. If the values span a numeric
range, min - max might be shown as shorthand. If
the possible values are unknown or unbounded, --
is shown.
The list of properties depends on the link type and
network device driver, and the available values for
a given property further depends on the underlying
network hardware and its state. General link proper-
ties are documented in the "General Link Properties"
section. However, link properties that begin with
"_" (underbar) are specific to a given link or its
underlying network device and subject to change or
removal. See the appropriate network device driver
man page for details.
-c, --parseable
Display using a stable machine-parseable format. The
-o option is required with this option. See "Parse-
able Output Format", below.
SunOS 5.11 Last change: 24 Aug 2010 41
System Administration Commands dladm(1M)
-P, --persistent
Display persistent link property information
-p prop, ..., --prop=prop, ...
A comma-separated list of properties to show. See
the sections on link properties following subcommand
descriptions.
dladm create-secobj [-t] [-R root-dir] [-f file] -c class
secobj
Create a secure object named secobj in the specified
class to be later used as a WEP or WPA key in connecting
to an encrypted network. The value of the secure object
can either be provided interactively or read from a
file. The sequence of interactive prompts and the file
format depends on the class of the secure object.
Currently, the classes wep and wpa are supported. The
WEP (Wired Equivalent Privacy) key can be either 5 or 13
bytes long. It can be provided either as an ASCII or
hexadecimal string -- thus, 12345 and 0x3132333435 are
equivalent 5-byte keys (the 0x prefix can be omitted). A
file containing a WEP key must consist of a single line
using either WEP key format. The WPA (Wi-Fi Protected
Access) key must be provided as an ASCII string with a
length between 8 and 63 bytes.
This subcommand is only usable by users or roles that
belong to the "Network Link Security" RBAC profile.
-c class, --class=class
class can be wep or wpa. See preceding discussion.
-t, --temporary
Specifies that the creation is temporary. Temporary
creation last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
SunOS 5.11 Last change: 24 Aug 2010 42
System Administration Commands dladm(1M)
-f file, --file=file
Specifies a file that should be used to obtain the
secure object's value. The format of this file
depends on the secure object class. See the EXAMPLES
section for an example of using this option to set a
WEP key.
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
Delete one or more specified secure objects. This sub-
command is only usable by users or roles that belong to
the "Network Link Security" RBAC profile.
-t, --temporary
Specifies that the deletions are temporary. Tem-
porary deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
Show current or persistent secure object information. If
one or more secure objects are specified, then informa-
tion for each is displayed. Otherwise, all current or
persistent secure objects are displayed.
By default, current secure objects are displayed, which
are all secure objects that have either been per-
sistently created and not temporarily deleted, or tem-
porarily created.
For security reasons, it is not possible to show the
value of a secure object.
-o field[,...] , --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below. For displayed secure object,
the following fields can be shown:
OBJECT
SunOS 5.11 Last change: 24 Aug 2010 43
System Administration Commands dladm(1M)
The name of the secure object.
CLASS
The class of the secure object.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
-P, --persistent
Display persistent secure object information
dladm create-vnic [-t] -l link [-R root-dir] [-m value |
auto | {factory [-n slot-identifier]} | {vrrp -A {inet |
inet6} -V vrid} | {random [-r prefix]}] [-v vlan-id] [-p
prop=value[,...]] vnic-link
Create a VNIC with name vnic-link over the specified
link.
-t, --temporary
Specifies that the VNIC is temporary. Temporary
VNICs last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-l link, --link=link
link can be a physical link or an etherstub.
-m value | keyword, --mac-address=value | keyword
Sets the VNIC's MAC address based on the specified
value or keyword. If value is not a keyword, it is
interpreted as a unicast MAC address, which must be
valid for the underlying NIC. The following special
SunOS 5.11 Last change: 24 Aug 2010 44
System Administration Commands dladm(1M)
keywords can be used:
factory [-n slot-identifier],
factory [--slot=slot-identifier]
Assign a factory MAC address to the VNIC. When a
factory MAC address is requested, -m can be com-
bined with the -n option to specify a MAC
address slot to be used. If -n is not specified,
the system will choose the next available fac-
tory MAC address. The -m option of the show-phys
subcommand can be used to display the list of
factory MAC addresses, their slot identifiers,
and their availability.
random [-r prefix],
random [--mac-prefix=prefix]
Assign a random MAC address to the VNIC. A
default prefix consisting of a valid IEEE OUI
with the local bit set will be used. That prefix
can be overridden with the -r option.
vrrp -A {inet | inet6} -V vrid
Assign a VRRP virtual MAC address to the VNIC
base on the specified address family and vrid.
auto
Try and use a factory MAC address first. If none
is available, assign a random MAC address. auto
is the default action if the -m option is not
specified.
-v vlan-id
Enable VLAN tagging for this VNIC. The VLAN tag
will have id vlan-id.
-p prop=value,..., --prop prop=value,...
A comma-separated list of properties to set to the
specified values.
SunOS 5.11 Last change: 24 Aug 2010 45
System Administration Commands dladm(1M)
dladm delete-vnic [-t] [-R root-dir] vnic-link
Deletes the specified VNIC.
-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]]
[-l link] [vnic-link]
Show VNIC configuration information for all VNICs, all
VNICs on a link, or only the specified vnic-link.
-o field[,...] , --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. By default (without -o), show-
vnic displays all fields.
LINK
The name of the VNIC.
OVER
The name of the physical link over which this
VNIC is configured.
SPEED
The maximum speed of the VNIC, in megabits per
second.
MACADDRESS
MAC address of the VNIC.
SunOS 5.11 Last change: 24 Aug 2010 46
System Administration Commands dladm(1M)
MACADDRTYPE
MAC address type of the VNIC. dladm distin-
guishes among the following MAC address types:
random
A random address assigned to the VNIC.
factory
A factory MAC address used by the VNIC.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
-P, --persistent
Display the persistent VNIC configuration.
-s, --statistics
Displays VNIC statistics. This option is made
obsolete by dlstat(1M).
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed.
This option is made obsolete by dlstat(1M).
-l link, --link=link
Display information for all VNICs on the named link.
dladm create-part [-t] [-f] [-R root-dir] -l ib-link [-p
prop=value[,..]] -P pkey part-link
Create an IP-over-IB link with the name part-link over
SunOS 5.11 Last change: 24 Aug 2010 47
System Administration Commands dladm(1M)
the specified link. This subcommand is supported only on
InfiniBand physical links.
-f, --force
Forces the creation of the partition link even if
pkey is absent on the port, the multicast group is
absent, or the port is down.
-l ib-link, --link=ib-link
IP-over-IB physical link name.
-P, --pkey=pkey
Partition key to be used for creating the partition
link. pkey specified is always treated as hexade-
cimal, whether it has the 0x prefix or not.
-p prop=value[,..]
--prop prop=value[,..]
A comma-separated list of properties to set to the
specified values. Supported properties are given
"General Link Properties" section below.
-R root-dir, --root-dir=root-dir
See "Options," above.
-t, --temporary
Specifies that the partition link creation is tem-
porary. Temporary partition links last until the
next reboot.
dladm delete-part [-R root-dir] part-link
Delete the specified partition link.
-R root-dir, --root-dir=root-dir
See "Options," above.
SunOS 5.11 Last change: 24 Aug 2010 48
System Administration Commands dladm(1M)
-t, --temporary
Specifies that the partition link deletion is tem-
porary. Temporary deletion last until the next
reboot.
dladm show-part [-pP] [-l ib-link] [-o field[,...]] [part-
link]
Displays IB partition link information for all partition
links, for all partitions on ib-link, or for only the
specified part-link.
-l ib-link, --link=ib-link
Display information for all the partitions on the
named link.
-o field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. By default (without -o), show-
part displays all fields.
LINK
The name of the partition link.
PKEY
Pkey associated with the partition link.
OVER
The name of the physical link over which this
partition link is created.
STATE
Current state of the partition link. Possible
values are up, down, or unknown.
SunOS 5.11 Last change: 24 Aug 2010 49
System Administration Commands dladm(1M)
FLAGS
A set of state flags used for creating the par-
tition link. Possible values are:
f Partition was created forcibly (without
checking whether creating a partition were
possible).
t Partition link is temporary, lasting only
until the next reboot.
-P, --persistent
Display the persistent IB partition link configura-
tion.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
dladm show-ib [-pP] [-o field[,...]] [ib-link]
Display IB physical link information on all or the
specified IB links.
-o field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. By default (without -o), show-ib
displays all fields.
LINK
The name of the physical link.
HCAGUID
Globally unique identifier of the HCA.
SunOS 5.11 Last change: 24 Aug 2010 50
System Administration Commands dladm(1M)
PORTGUID
Globally unique identifier of the port.
PORT
Port number.
STATE
Current state of the physical link. Possible
values are up, down, or unknown.
PKEYS
Pkeys available on the port associated with the
IP-over-IB link specified in the LINK field.
-P, --persistent
Display the persistent IB physical link configura-
tion.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
dladm create-etherstub [-t] [-R root-dir] etherstub
Create an etherstub with the specified name.
-t, --temporary
Specifies that the etherstub is temporary. Temporary
etherstubs do not persist across reboots.
-R root-dir, --root-dir=root-dir
See "Options," above.
VNICs can be created on top of etherstubs instead of
SunOS 5.11 Last change: 24 Aug 2010 51
System Administration Commands dladm(1M)
physical NICs. As with physical NICs, such a creation
causes the stack to implicitly create a virtual switch
between the VNICs created on top of the same etherstub.
dladm delete-etherstub [-t] [-R root-dir] etherstub
Delete the specified etherstub.
-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-etherstub [etherstub]
Show all configured etherstubs by default, or the speci-
fied etherstub if etherstub is specified.
dladm create-iptun [-t] [-R root-dir] -T type [-a
{local|remote}=addr,...] iptun-link
Create an IP tunnel link named iptun-link. Such links
can additionally be protected with IPsec using
ipsecconf(1M).
An IP tunnel is conceptually comprised of two parts: a
virtual link between two or more IP nodes, and an IP
interface above this link that allows the system to
transmit and receive IP packets encapsulated by the
underlying link. This subcommand creates a virtual link.
The ifconfig(1M) command is used to configure IP inter-
faces above the link.
-t, --temporary
Specifies that the IP tunnel link is temporary. Tem-
porary tunnels last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
SunOS 5.11 Last change: 24 Aug 2010 52
System Administration Commands dladm(1M)
-T type, --tunnel-type=type
Specifies the type of tunnel to be created. The type
must be one of the following:
ipv4
A point-to-point, IP-over-IP tunnel between two
IPv4 nodes. This type of tunnel requires IPv4
source and destination addresses to function.
IPv4 and IPv6 interfaces can be plumbed above
such a tunnel to create IPv4-over-IPv4 and
IPv6-over-IPv4 tunneling configurations.
ipv6
A point-to-point, IP-over-IP tunnel between two
IPv6 nodes as defined in IETF RFC 2473. This
type of tunnel requires IPv6 source and destina-
tion addresses to function. IPv4 and IPv6 inter-
faces can be plumbed above such a tunnel to
create IPv4-over-IPv6 and IPv6-over-IPv6 tunnel-
ing configurations.
6to4
A 6to4, point-to-multipoint tunnel as defined in
IETF RFC 3056. This type of tunnel requires an
IPv4 source address to function. An IPv6 inter-
face is plumbed on such a tunnel link to config-
ure a 6to4 router.
-a {local|remote}=addr,...
--address {local|remote}=addr,...
Literal IP addresses or hostnames corresponding to
the local or remote tunnel addresses. Either local
or remote can be specified individually, or both can
be specified separated by a comma (for example, -a
local=laddr,remote=raddr).
dladm modify-iptun [-t] [-R root-dir] -a
{local|remote}=addr,... iptun-link
Modify the parameters of the specified IP tunnel.
SunOS 5.11 Last change: 24 Aug 2010 53
System Administration Commands dladm(1M)
-t, --temporary
Specifies that the modification is temporary. Tem-
porary modifications last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
-a {local|remote}=addr,...
--address {local|remote}=addr,...
Specify new local or remote addresses for the tunnel
link. See create-iptun for a description.
dladm delete-iptun [-t] [-R root-dir] iptun-link
Delete the specified IP tunnel link.
-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
See "Options," above.
dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link]
Show IP tunnel link configuration for a single IP tunnel
or all IP tunnels.
-P, --persistent
Display the persistent IP tunnel configuration.
-p, --parseable
Display using a stable machine-parseable format. The
-o option is required with -p. See "Parseable Output
Format", below.
SunOS 5.11 Last change: 24 Aug 2010 54
System Administration Commands dladm(1M)
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all, to
display all fields. By default (without -o), show-
iptun displays all fields.
LINK
The name of the IP tunnel link.
TYPE
Type of tunnel as specified by the -T option of
create-iptun.
FLAGS
A set of flags associated with the IP tunnel
link. Possible flags are:
s
The IP tunnel link is protected by IPsec
policy. To display the IPsec policy associ-
ated with the tunnel link, enter:
# ipsecconf -ln -i tunnel-link
See ipsecconf(1M) for more details on how to
configure IPsec policy.
i
The IP tunnel link was implicitly created
with ifconfig(1M), and will be automatically
deleted when it is no longer referenced
(that is, when the last IP interface over
the tunnel is unplumbed). See ifconfig(1M)
for details on implicit tunnel creation.
LOCAL
The local tunnel address.
SunOS 5.11 Last change: 24 Aug 2010 55
System Administration Commands dladm(1M)
REMOTE
The remote tunnel address.
dladm show-usage [-a] -f filename [-p plotfile -F format]
[-s time] [-e time] [link]
This subcommand is made obsolete by the dlstat(1M)
show-link -h command.
Parseable Output Format
Many dladm subcommands have an option that displays output
in a machine-parseable format. The output format is one or
more lines of colon (:) delimited fields. The fields
displayed are specific to the subcommand used and are listed
under the entry for the -o option for a given subcommand.
Output includes only those fields requested by means of the
-o option, in the order requested.
When you request multiple fields, any literal colon charac-
ters are escaped by a backslash (\) before being output.
Similarly, literal backslash characters will also be escaped
(\\). This escape format is parseable by using shell read(1)
functions with the environment variable IFS=: (see EXAMPLES,
below). Note that escaping is not done when you request only
a single field.
General Link Properties
The following general link properties are supported:
autopush
Specifies the set of STREAMS modules to push on the
stream associated with a link when its DLPI device is
opened. It is a space-delimited list of modules.
The optional special character sequence [anchor] indi-
cates that a STREAMS anchor should be placed on the
stream at the module previously specified in the list.
It is an error to specify more than one anchor or to
have an anchor first in the list.
The autopush property is preferred over the more general
autopush(1M) command.
SunOS 5.11 Last change: 24 Aug 2010 56
System Administration Commands dladm(1M)
cpus
Bind the processing of packets for a given data link to
a processor or a set of processors. The value can be a
comma-separated list of one or more processor ids or a
range of ids. If the list consists of more than one pro-
cessor, the processing will spread out to all the pro-
cessors. Connection to processor affinity and packet
ordering for any individual connection will be main-
tained.
The processor or set of processors are not exclusively
reserved for the link. Only the kernel threads and
interrupts associated with processing of the link are
bound to the processor or the set of processors speci-
fied. In case it is desired that processors be dedicated
to the link, psrset(1M) can be used to create a proces-
sor set and then specifying the processors from the pro-
cessor set to bind the link to.
If the link was already bound to processor or set of
processors due to a previous operation, the binding will
be removed and the new set of processors will be used
instead.
The default is no CPU binding, which is to say that the
processing of packets is not bound to any specific pro-
cessor or processor set.
Specification of the cpus property is not allowed on
links with a pool link property.
cpus-effective
This read-only property displays the list of CPUs used
for packet processing on the named data link.
If the cpus property has been set, cpus-effective will
be the same.
If the pool property has been set, the cpus-effective
will be selected from the pool designated by the
administrator.
If neither the pool nor cpus property is set, the system
will select the appropriate value for cpus-effective.
learn_limit
Limits the number of new or changed MAC sources to be
SunOS 5.11 Last change: 24 Aug 2010 57
System Administration Commands dladm(1M)
learned over a bridge link. When the number exceeds this
value, learning on that link is temporarily disabled.
Only non-VLAN, non-VNIC type links have this property.
The default value is 1000. Valid values are greater or
equal to 0.
learn_decay
Specifies the decay rate for source changes limited by
learn_limit. This number is subtracted from the counter
for a bridge link every 5 seconds. Only non-VLAN, non-
VNIC type links have this property.
The default value is 200. Valid values are greater or
equal to 0.
maxbw
Sets the full duplex bandwidth for the link. The
bandwidth is specified as an integer with one of the
scale suffixes (K, M, or G for Kbps, Mbps, and Gbps). If
no units are specified, the input value will be read as
Mbps. The default is no bandwidth limit.
pool
Bind the processing of packets for a given data link to
a pool of processors defined and administered by
poolcfg(1M) and pooladm(1M). The binding of processes is
similar to what occurs with the cpus link property,
except that the list of CPUs is not explicit and is
instead maintained by the pools facility.
If pools are enabled, and no pool is specified for the
link, pool_default will be used for packet processing.
For zones with ip-type=exclusive, if a pool is specified
through a pool zone property or dedicated-cpus alloca-
tion, that pool will also be used for all data links
associated with the zone.
Specification of the pool property is not allowed on
links with a cpus link property.
pool-effective
If the pools facility has been enabled, this read-only
SunOS 5.11 Last change: 24 Aug 2010 58
System Administration Commands dladm(1M)
property displays the pool that is being used for packet
processing. If the administrator has not assigned a pool
to a data link, the pool will be pool_default.
If the pools facility is disabled, there is no effective
pool and the value will be empty.
priority
Sets the relative priority for the link. The value can
be given as one of the tokens high, medium, or low. The
default is high.
rxringsavail
A read-only property that specifies the number of rings
available on the receive side.
rxrings
Specifies the number of receive rings side for the MAC
client. A value of 0 means this MAC client should not be
assigned any RX ring. A non-0 value means reserve that
many rings for this MAC client, if available, and fail
if not. If this property is not specified, the MAC
client can get one RX ring, if available, or will be
software-based.
rxhwclntavail
A read-only property that specifies the number of addi-
tional RX hardware-based MAC clients that can be
created.
txringsavail
A read-only property that specifies the number of rings
available on the transmit side.
txrings
Specifies the number of transmit rings for the MAC
client. A value of 0 means this MAC client should not be
assigned any TX ring. A non-0 value means reserve that
many rings for this MAC client, if available, and fail
if not. If this property is not specified the MAC client
SunOS 5.11 Last change: 24 Aug 2010 59
System Administration Commands dladm(1M)
can get one TX ring, if available, or will be software-
based.
txhwclntavail
A read-only property that specifics the number of addi-
tional TX hardware-based MAC clients that can be
created.
stp
Enables or disables Spanning Tree Protocol on a bridge
link. Setting this value to 0 disables Spanning Tree,
and puts the link into forwarding mode with BPDU guard-
ing enabled. This mode is appropriate for point-to-point
links connected only to end nodes. Only non-VLAN, non-
VNIC type links have this property. The default value is
1, to enable STP.
forward
Enables or disables forwarding for a VLAN. Setting this
value to 0 disables bridge forwarding for a VLAN link.
Disabling bridge forwarding removes that VLAN from the
"allowed set" for the bridge. The default value is 1, to
enable bridge forwarding for configured VLANs.
default_tag
Sets the default VLAN ID that is assumed for untagged
packets sent to and received from this link. Only non-
VLAN, non-VNIC type links have this property. Setting
this value to 0 disables the bridge forwarding of
untagged packets to and from the port. The default value
is VLAN ID 1. Valid values values are from 0 to 4094.
The default VLAN ID is also referred to as the Port VLAN
Identifier (PVID).
You cannot create a tagged VLAN or VLAN-tagged VNIC link
with a VLAN ID that matches the default VLAN value of
the underlying link. All untagged packets on the link
are already associated with the default VLAN (PVID). To
successfully create a tagged VLAN or VLAN-tagged VNIC
link with VLAN ID equal to the default VLAN value, you
must first change the default_tag property of the under-
lying link to a different VLAN value.
When default_tag=0, all untagged packets on the link are
SunOS 5.11 Last change: 24 Aug 2010 60
System Administration Commands dladm(1M)
no longer associated with any VLAN. As a result, you can
create a VLAN link with any VLAN ID from 1 to 4094. Note
that any received packets that are erroneously tagged
with the PVID at an end-point might be dropped. This
situation occurs if all the end-points on a given link
do not agree on the PVID. All end-points on a link must
use the same PVID and must not tag traffic with the
PVID.
stp_priority
Sets the STP and RSTP Port Priority value, which is used
to determine the preferred root port on a bridge. Lower
numerical values are higher priority. The default value
is 128. Valid values range from 0 to 255.
stp_cost
Sets the STP and RSTP cost for using the link. The
default value is auto, which sets the cost based on link
speed, using 100 for 10Mbps, 19 for 100Mbps, 4 for
1Gbps, and 2 for 10Gbps. Valid values range from 1 to
65535.
stp_edge
Enables or disables bridge edge port detection. If set
to 0 (false), the system assumes that the port is con-
nected to other bridges even if no bridge PDUs of any
type are seen. The default value is 1, which detects
edge ports automatically.
stp_p2p
Sets bridge point-to-point operation mode. Possible
values are true, false, and auto. When set to auto,
point-to-point connections are automatically discovered.
When set to true, the port mode is forced to use point-
to-point. When set to false, the port mode is forced to
use normal multipoint mode. The default value is auto.
stp_mcheck
Triggers the system to run the RSTP Force BPDU Migration
Check procedure on this link. The procedure is triggered
by setting the property value to 1. The property is
automatically reset back to 0. This value cannot be set
SunOS 5.11 Last change: 24 Aug 2010 61
System Administration Commands dladm(1M)
unless the following are true:
o The link is bridged
o The bridge is protected by Spanning Tree
o The bridge force-protocol value is at least 2
(RSTP)
The default value is 0.
protection
Enables one or more types of link protection. Valid
values are:
mac-nospoof
MAC address anti-spoof. An outbound packet's source
MAC address must match the link's configured MAC
address. Non-matching packets will be dropped. If
the link belongs to a zone, turning mac-nospoof on
will prevent the zone's owner from modifying the
link's MAC address.
ip-nospoof
IP address anti-spoof. This protection type works in
conjunction with the link property allowed-ips.
allowed-ips is a list containing IP (IPv4 or IPv6)
addresses. This list is empty by default. Addresses
that are implicitly in this list are: the link local
IPv6 address conforming to RFC 2464 (derived from
the link's MAC address); IPv4/IPv6 addresses learned
from DHCP replies; the unspecified (all-zeros)
IPv4/IPv6 address.
An outbound IP packet can pass if its source address
is in allowed-ips.
An outbound ARP packet can pass if its sender proto-
col address is in allowed-ips.
When a datalink has been protected by setting
allowed-ips to a set of one or more IP addresses,
any attempts to configure IP addresses that are not
in this set will fail with an EPERM error being
returned to the user. Moreover, the interface may
not be used for forwarding IP packets, and attempts
to set the ipadm(1M) forwarding property on the
SunOS 5.11 Last change: 24 Aug 2010 62
System Administration Commands dladm(1M)
interface will encounter an EPERM error.
dhcp-nospoof
DHCP client ID (DUID for DHCPv6) and hardware
address anti-spoof. This protection type works in
conjunction with the link property allowed-dhcp-
cids.
Items in the allowed-dhcp-cids list should be for-
matted in the same way as the CLIENT_ID field in the
/etc/default/dhcpagent file. The only difference is
that . (period) should be used in place of , (comma)
when specifying DUIDs. See dhcpagent(1M) for
details.
An outbound DHCP (v4/v6) packet can pass only if
these conditions are satisfied:
o If allowed-dhcp-cids is not configured and
the packet type is:
o DHCPv4, the client ID field must match
the configured MAC address.
o DHCPv6, the DUID must be of type 1 or 3
and the link layer address part of the
DUID must match the configured MAC
address.
o If allowed-dhcp-cids is configured and the
packet type is:
o DHCPv4, the client ID field must match
one of the IDs on this list or the con-
figured MAC address.
o DHCPv6, the DUID field must match one
of the IDs on this list or, the DUID
must be of type 1 or 3 and the link
layer address part of the DUID matches
the configured MAC address.
restricted
This protection restricts outgoing packet types to
just IPv4, IPv6, and ARP.
SunOS 5.11 Last change: 24 Aug 2010 63
System Administration Commands dladm(1M)
zone
Specifies the zone to which the link belongs. This pro-
perty can be modified only temporarily through dladm,
and thus the -t option must be specified. To modify the
zone assignment such that it persists across reboots,
please use zonecfg(1M). Possible values consist of any
exclusive-IP zone currently running on the system. By
default, the zone binding is as per zonecfg(1M).
Wifi Link Properties
The following WiFi link properties are supported. Note that
the ability to set a given property to a given value depends
on the driver and hardware.
channel
Specifies the channel to use. This property can be modi-
fied only by certain WiFi links when in IBSS mode. The
default value and allowed range of values varies by
regulatory domain.
powermode
Specifies the power management mode of the WiFi link.
Possible values are off (disable power management), max
(maximum power savings), and fast (performance-sensitive
power management). Default is off.
radio
Specifies the radio mode of the WiFi link. Possible
values are on or off. Default is on.
speed
Specifies a fixed speed for the WiFi link, in megabits
per second. The set of possible values depends on the
driver and hardware (but is shown by show-linkprop);
common speeds include 1, 2, 11, and 54. By default,
there is no fixed speed.
Ethernet Link Properties
The following MII Properties, as documented in ieee802.3(5),
are supported in read-only mode:
o duplex
SunOS 5.11 Last change: 24 Aug 2010 64
System Administration Commands dladm(1M)
o state
o adv_autoneg_cap
o adv_10gfdx_cap
o adv_1000fdx_cap
o adv_1000hdx_cap
o adv_100fdx_cap
o adv_100hdx_cap
o adv_10fdx_cap
o adv_10hdx_cap
Each adv_ property (for example, adv_10fdx_cap) also has a
read/write counterpart en_ property (for example,
en_10fdx_cap) controlling parameters used at auto-
negotiation. In the absence of Power Management, the adv*
speed/duplex parameters provide the values that are both
negotiated and currently effective in hardware. However,
with Power Management enabled, the speed/duplex capabilities
currently exposed in hardware might be a subset of the set
of bits that were used in initial link parameter negotia-
tion. Thus the MII adv_* parameters are marked read-only,
with an additional set of en_* parameters for configuring
speed and duplex properties at initial negotiation.
Note that the adv_autoneg_cap does not have an
en_autoneg_cap counterpart: the adv_autoneg_cap is a 0/1
switch that turns off/on autonegotiation itself, and there-
fore cannot be impacted by Power Management.
In addition, the following Ethernet properties are reported:
flowctrl
Establishes flow-control modes that will be advertised
by the device. Valid input is one of:
no
No flow control enabled.
SunOS 5.11 Last change: 24 Aug 2010 65
System Administration Commands dladm(1M)
rx
Receive, and act upon incoming pause frames.
tx
Transmit pause frames to the peer when congestion
occurs, but ignore received pause frames.
bi
Bidirectional flow control.
Note that the actual settings for this value are con-
strained by the capabilities allowed by the device and
the link partner.
mtu
The maximum client SDU (Send Data Unit) supported by the
device. Valid range is 68-65536.
speed
(read-only) The operating speed of the device, in Mbps.
tagmode
This link property controls the conditions in which
802.1Q VLAN tags will be inserted in packets being
transmitted on the link. Two mode values can be assigned
to this property:
normal Insert a VLAN tag in outgoing packets under
the following conditions:
o The packet belongs to a VLAN.
o The user requested priority tag-
ging.
vlanonly Insert a VLAN tag only when the outgoing
packet belongs to a VLAN. If a tag is being
inserted in this mode and the user has also
requested a non-zero priority, the priority
is honored and included in the VLAN tag.
SunOS 5.11 Last change: 24 Aug 2010 66
System Administration Commands dladm(1M)
The default value is vlanonly.
InfiniBand Link Properties
The following properties are supported only on IB partition
object links.
linkmode
Sets the link transport service type on an IB partition
datalink. The default value is cm. Valid values are:
cm
Connected Mode. This mode uses a default MTU of
65520 and supports a maximum MTU of 65535 bytes. If
Connected Mode is not available for a remote node,
Unreliable Datagram mode will automatically be used
instead.
ud
Unreliable Datagram Mode. This mode uses a default
MTU of 2044 and supports a maximum MTU of 4092
bytes.
IP Tunnel Link Properties
The following IP tunnel link properties are supported.
hoplimit
Specifies the IPv4 TTL or IPv6 hop limit for the encap-
sulating outer IP header of a tunnel link. This property
exists for all tunnel types. The default value is 64.
encaplimit
Specifies the IPv6 encapsulation limit for an IPv6 tun-
nel as defined in RFC 2473. This value is the tunnel
nesting limit for a given tunneled packet. The default
value is 4. A value of 0 disables the encapsulation
limit.
EXAMPLES
Example 1 Configuring an Aggregation
SunOS 5.11 Last change: 24 Aug 2010 67
System Administration Commands dladm(1M)
To configure a data-link over an aggregation of devices bge0
and bge1 with key 1, enter the following command:
# dladm create-aggr -d bge0 -d bge1 1
Example 2 Connecting to a WiFi Link
To connect to the most optimal available unsecured network
on a system with a single WiFi link (as per the prioritiza-
tion rules specified for connect-wifi), enter the following
command:
# dladm connect-wifi
Example 3 Creating a WiFi Key
To interactively create the WEP key mykey, enter the follow-
ing command:
# dladm create-secobj -c wep mykey
Alternatively, to non-interactively create the WEP key mykey
using the contents of a file:
# umask 077
# cat >/tmp/mykey.$$ < 12345
EOF
# dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
# rm /tmp/mykey.$$
Example 4 Connecting to a Specified Encrypted WiFi Link
To use key mykey to connect to ESSID wlan on link ath0,
enter the following command:
SunOS 5.11 Last change: 24 Aug 2010 68
System Administration Commands dladm(1M)
# dladm connect-wifi -k mykey -e wlan ath0
Example 5 Changing a Link Property
To set powermode to the value fast on link pcwl0, enter the
following command:
# dladm set-linkprop -p powermode=fast pcwl0
Example 6 Connecting to a WPA-Protected WiFi Link
Create a WPA key psk and enter the following command:
# dladm create-secobj -c wpa psk
To then use key psk to connect to ESSID wlan on link ath0,
enter the following command:
# dladm connect-wifi -k psk -e wlan ath0
Example 7 Renaming a Link
To rename the bge0 link to mgmt0, enter the following com-
mand:
# dladm rename-link bge0 mgmt0
Example 8 Replacing a Network Card
Consider that the bge0 device, whose link was named mgmt0 as
shown in the previous example, needs to be replaced with a
ce0 device because of a hardware failure. The bge0 NIC is
physically removed, and replaced with a new ce0 NIC. To
SunOS 5.11 Last change: 24 Aug 2010 69
System Administration Commands dladm(1M)
associate the newly added ce0 device with the mgmt0 confi-
guration previously associated with bge0, enter the follow-
ing command:
# dladm rename-link ce0 mgmt0
Example 9 Removing a Network Card
Suppose that in the previous example, the intent is not to
replace the bge0 NIC with another NIC, but rather to remove
and not replace the hardware. In that case, the mgmt0
datalink configuration is not slated to be associated with a
different physical device as shown in the previous example,
but needs to be deleted. Enter the following command to
delete the datalink configuration associated with the mgmt0
datalink, whose physical hardware (bge0 in this case) has
been removed:
# dladm delete-phys mgmt0
Example 10 Using Parseable Output to Capture a Single Field
The following assignment saves the MTU of link net0 to a
variable named mtu.
# mtu=`dladm show-link -p -o mtu net0`
Example 11 Using Parseable Output to Iterate over Links
The following script displays the state of each link on the
system.
# dladm show-link -p -o link,state | while IFS=: read link state; do
print "Link $link is in state $state"
done
SunOS 5.11 Last change: 24 Aug 2010 70
System Administration Commands dladm(1M)
Example 12 Configuring VNICs
Create two VNICs with names hello0 and test1 over a single
physical link bge0:
# dladm create-vnic -l bge0 hello0
# dladm create-vnic -l bge0 test1
Example 13 Configuring VNICs and Allocating Bandwidth and
Priority
Create two VNICs with names hello0 and test1 over a single
physical link bge0 and make hello0 a high priority VNIC with
a factory-assigned MAC address with a maximum bandwidth of
50 Mbps. Make test1 a low priority VNIC with a random MAC
address and a maximum bandwidth of 100Mbps.
# dladm create-vnic -l bge0 -m factory -p maxbw=50,priority=high hello0
# dladm create-vnic -l bge0 -m random -p maxbw=100M,priority=low test1
Example 14 Configuring a VNIC with a Factory MAC Address
First, list the available factory MAC addresses and choose
one of them:
# dladm show-phys -m bge0
LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
bge0 1 8:0:20:fe:4e:a5 no
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no
Create a VNIC named hello0 and use slot 1's address:
# dladm create-vnic -l bge0 -m factory -n 1 hello0
# dladm show-phys -m bge0
LINK SLOT ADDRESS INUSE CLIENT
bge0 primary 0:e0:81:27:d4:47 yes bge0
SunOS 5.11 Last change: 24 Aug 2010 71
System Administration Commands dladm(1M)
bge0 1 8:0:20:fe:4e:a5 yes hello0
bge0 2 8:0:20:fe:4e:a6 no
bge0 3 8:0:20:fe:4e:a7 no
Example 15 Creating a VNIC with User-Specified MAC Address,
Binding it to Set of Processors
Create a VNIC with name hello0, with a user specified MAC
address, and a processor binding 0, 2, 4-6.
# dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 -p cpus=0,2,4-6 hello0
Example 16 Creating a Virtual Network Without a Physical NIC
First, create an etherstub with name stub1:
# dladm create-etherstub stub1
Create two VNICs with names hello0 and test1 on the ether-
stub. This operation implicitly creates a virtual switch
connecting hello0 and test1.
# dladm create-vnic -l stub1 hello0
# dladm create-vnic -l stub1 test1
Example 17 Displaying Bridge Information
The following commands use the show-bridge subcommand with
no and various options.
# dladm show-bridge
BRIDGE PROTECT ADDRESS PRIORITY DESROOT
foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38
bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38
# dladm show-bridge -l foo
SunOS 5.11 Last change: 24 Aug 2010 72
System Administration Commands dladm(1M)
LINK STATE UPTIME DESROOT
hme0 forwarding 117 8192/0:d0:0:76:14:38
qfe1 forwarding 117 8192/0:d0:0:76:14:38
# dladm show-bridge -s foo
BRIDGE DROPS FORWARDS
foo 0 302
# dladm show-bridge -ls foo
LINK DROPS RECV XMIT
hme0 0 360832 31797
qfe1 0 322311 356852
# dladm show-bridge -f foo
DEST AGE FLAGS OUTPUT
8:0:20:bc:a7:dc 10.860 -- hme0
8:0:20:bf:f9:69 -- L hme0
8:0:20:c0:20:26 17.420 -- hme0
8:0:20:e5:86:11 -- L qfe1
Example 18 Creating an IPv4 Tunnel
The following sequence of commands creates and then displays
a persistent IPv4 tunnel link named mytunnel0 between
66.1.2.3 and 192.4.5.6:
# dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
# dladm show-iptun mytunnel0
LINK TYPE FLAGS SOURCE DESTINATION
mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
A point-to-point IP interface can then be created over this
tunnel link:
# ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
As with any other IP interface, configuration persistence
for this IP interface is achieved by placing the desired
ifconfig commands (in this case, the command for "10.1.0.1
10.1.0.2") into /etc/hostname.mytunnel0.
SunOS 5.11 Last change: 24 Aug 2010 73
System Administration Commands dladm(1M)
Example 19 Creating a 6to4 Tunnel
The following command creates a 6to4 tunnel link. The IPv4
address of the 6to4 router is 75.10.11.12.
# dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
# dladm show-iptun sitetunnel0
LINK TYPE FLAGS SOURCE DESTINATION
sitetunnel0 6to4 -- 75.10.11.12 --
The following command plumbs an IPv6 interface on this tun-
nel:
# ifconfig sitetunnel0 inet6 plumb up
# ifconfig sitetunnel0 inet6
sitetunnel0: flags=2200041 mtu 65515 index 3
inet tunnel src 75.10.11.12
tunnel hop limit 64
inet6 2002:4b0a:b0c::1/16
Note that the system automatically configures the IPv6
address on the 6to4 IP interface. See ifconfig(1M) for a
description of how IPv6 addresses are configured on 6to4
tunnel links.
Example 20 Using Link Protection
To enable link protection:
# dladm set-linkprop \
-p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0
To disable link protection:
# dladm reset-linkprop -p protection vnic0
SunOS 5.11 Last change: 24 Aug 2010 74
System Administration Commands dladm(1M)
To modify the allowed-ips list:
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0
To modify the allowed-dhcp-cids list:
# dladm set-linkprop -p allowed-dhcp-cids=hello vnic0
To display the resulting configuration:
# dladm show-linkprop -p protection,allowed-ips vnic0
LINK PROPERTY PERM VALUE DEFAULT POSSIBLE
vnic0 protection rw mac-nospoof, -- mac-nospoof,
restricted, restricted,
ip-nospoof, ip-nospoof,
dhcp-nospoof dhcp-nospoof
vnic0 allowed-ips rw 10.0.0.1, -- --
10.0.0.2
vnic0 allowed-dhcp-cids rw hello -- --
Example 21 Creating an IB Partition
The following command creates a partition ffff.ibp0 with
partition key 0xffff on the physical link ibp0.
# dladm create-part -P ffff -l ibp0 ffff.ibp0
Example 22 Displaying IB Partition Information
The following command displays IB partition information.
# dladm show-part
SunOS 5.11 Last change: 24 Aug 2010 75
System Administration Commands dladm(1M)
LINK PKEY OVER STATE FLAGS
ffff.ibp0 FFFF ibp0 up ----
Example 23 Displaying IB Data Links Information
The following command displays IB data links information.
# dladm show-ib
LINK HCAGUID PORTGUID PORT STATE PKEYS
ibp0 3BA000100CD7C 3BA000100CD7D 1 down FFFF
ibp1 3BA000100CD7C 3BA000100CD7E 2 down FFFF
ibp3 5AD0000033634 5AD0000033636 2 up FFFF,8001
ibp2 5AD0000033634 5AD0000033635 1 up FFFF,8001
Example 24 Deleting a Partition
The following command deletes the partition ffff.ibp0.
# dladm delete-part ffff.ibp0
Example 25 Using show-link to Display Partition Information
The following command uses the show-link subcommand to
display partition information.
# dladm show-link
LINK CLASS MTU STATE BRIDGE OVER
e1000g0 phys 1500 up -- --
e1000g1 phys 1500 unknown -- --
ibp0 phys 65520 down -- --
ibp3 phys 65520 up -- --
ibp2 phys 65520 up -- --
ibp1 phys 65520 down -- --
pffff.ibp0 part 2044 down -- ibp0
p8001.ibp2 part 65520 unknown -- ibp2
ATTRIBUTES
SunOS 5.11 Last change: 24 Aug 2010 76
System Administration Commands dladm(1M)
See attributes(5) for descriptions of the following attri-
butes:
/usr/sbin
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcs |
|_____________________________|_____________________________|
| Interface Stability | Committed |
|_____________________________|_____________________________|
/sbin
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsr |
|_____________________________|_____________________________|
| Interface Stability | Committed |
|_____________________________|_____________________________|
Note that, for both /usr/sbin and /sbin, the -s and -i
options to the show-aggr, show-link and show-vnic subcom-
mands are Committed Obsolete.
SEE ALSO
acctadm(1M), autopush(1M), dhcpagent(1M), dlstat(1M),
ifconfig(1M), ipadm(1M), ipsecconf(1M), ndd(1M),
pooladm(1M), poolcfg(1M), psrset(1M), vrrpadm(1M), wpad(1M),
zonecfg(1M), attributes(5), ieee802.3(5), dlpi(7P)
NOTES
The preferred method of referring to an aggregation in the
aggregation subcommands is by its link name. Referring to an
aggregation by its integer key is supported for backward
compatibility, but is not necessary. When creating an aggre-
gation, if a key is specified instead of a link name, the
aggregation's link name will be automatically generated by
dladm as aggrkey.
SunOS 5.11 Last change: 24 Aug 2010 77