System Administration Commands ipadm(1M)
NAME
ipadm - configure Internet Protocol network interfaces and
TCP/IP tunables
SYNOPSIS
ipadm create-if [-t] interface
ipadm delete-if interface
ipadm show-if [[-p] -o field[,...]] [interface]
ipadm disable-if -t interface
ipadm enable-if -t interface
ipadm set-ifprop [-t] -m protocol -p prop=value[,...] interface
ipadm reset-ifprop [-t] -m protocol -p prop interface
ipadm show-ifprop [[-c] -o field[,...]] [-p prop,...]
[-m protocol] [interface]
ipadm create-addr [-t] -T static [-d]
-a {local|remote}=addr[/prefixlen],... addrobj
ipadm create-addr [-t] -T dhcp [-w seconds | forever] addrobj
ipadm create-addr [-t] -T addrconf [-i interface-id]
[-p {stateful|stateless}={yes|no},..] addrobj
ipadm delete-addr [-r] addrobj
ipadm show-addr [[-p] -o field[,...]] [addrobj]
ipadm up-addr [-t] addrobj
ipadm down-addr [-t] addrobj
ipadm refresh-addr [-i] addrobj
ipadm disable-addr -t addrobj
ipadm enable-addr -t addrobj
ipadm set-addrprop [-t] -p prop=value[,...] addrobj
ipadm reset-addrprop [-t] -p prop=value[,...] addrobj
ipadm show-addrprop [[-c] -o field[,...]] [-p prop[,...]] [addrobj]
ipadm set-prop [-t] -p prop=value[,...] protocol
ipadm reset-prop [-t] -p prop protocol
ipadm show-prop [[-c] -o field[,...]] [-p prop[,...]] [protocol]
DESCRIPTION
The ipadmcommand provides a set of subcommands that can be
used to: manage interfaces: o create and delete interfacesSunOS 5.11 Last change: 21 Jul 2010 1
System Administration Commands ipadm(1M)
o modify interface properties o display interface configuration manage addresses: o create and delete addresses o modify address properties o display address configurationmanage TCP/IP protocol properties:
o modify TCP/IP properties
o display TCP/IP properties
The various operands to ipadm subcommands are described in
the "Operands" section, which follows "Subcommands".SUB-COMMANDS
The following subcommands are supported:create-if [-t] interface
Create an IP interface that handles both IPv4 and IPv6 packets. The address of the IPv4 interface will be set to 0.0.0.0 and the address of the IPv6 interface will be set to ::. This subcommand, by default, causes the information to persist, so that on the next reboot this interface will be instantiated. An interface is implicitly enabled for IPv4 and IPv6when it is created. See the disable-if and enable-if
subcommands below, to disable or enable an interface.Note that lo0 is a special interface, called the loop-
back interface. It is a virtual IP interface and is not associated with any physical hardware. It is one of the first IP interfaces to be created on the system, with IPv4 address of 127.0.0.1 and IPv6 address of ::/128.-t, --temporary
Specifies that the operation is temporary and mustSunOS 5.11 Last change: 21 Jul 2010 2
System Administration Commands ipadm(1M)
not persist. The operation affects only the active configuration.delete-if interface
Deletes the interface from active configuration. All addresses configured on the interface will be torn down. Further, all the persistent information related to the interface will be removed from the persistent data store and, for this reason, interface will not be instantiatedupon reboot. To disable an interface from active confi-
guration (rather than delete the interface), use thedisable-if subcommand.
show-if [[-p] -o field[,...]] [interface]
Show network interface configuration information, either for all the network interfaces configured on the system,including the ones that are only in the persistent con-
figuration, or for the specified network interface.-o field[,...], --output field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each network interface, the following fields can be displayed:IFNAME
The name of the IP interface. STATE Indicates one of the following for the displayed interface. ok Indicates that the required resources for an interface are allocated. For some interfaces this also indicates that the link is up. offline The interface is offline and thus cannotSunOS 5.11 Last change: 21 Jul 2010 3
System Administration Commands ipadm(1M)
send or receive IP data traffic. Seeif_mpadm(1M).
failed Indicates that the datalink is down. If the interface is part of an IPMP group it could also mean that the interface has failed(that is, IFF_FAILED is set). Failed inter-
faces will not be used to send or receive IP data traffic. If this is set on a physical IP interface in an IPMP group, IP data traffic will continue to flow over other usable IP interfaces in the IPMP group. If this is set on an IPMP IP interface, the entire group has failed and no data traffic can be sent or received over any interfaces in that group. See in.mpathd(1M). downIndicates that the interface is administra-
tively down, preventing any IP packets from being sent or received through it. disabledIndicates that the interface has been dis-
abled from the active configuration usingthe disable-if subcommand.
CURRENT For interface objects, in active configuration, it indicates any of the following flags. b interface supports broadcast m interface supports multicastSunOS 5.11 Last change: 21 Jul 2010 4
System Administration Commands ipadm(1M)
pinterface is a point-to-point link
vinterface is a virtual interface (for exam-
ple, vni(7D), loopback), that is, the physi-
cal interface has no underlying hardware. I IPMP meta interface sIPMP interface is marked standby administra-
tively. See in.mpathd(1M). i IPMP interface is inactive. See in.mpathd(1M). V interface is a VRRP interface a VRRP interface is in accept mode(~IFF_NOACCEPT)
ZLayer-3 protection of IP addresses for the
interface has been administratively enforced. 4 interface can handle IPv4 packetsSunOS 5.11 Last change: 21 Jul 2010 5
System Administration Commands ipadm(1M)
6 interface can handle IPv6 packets Note that b and p are mutually exclusive. PERSISTENT Specifies the configuration that will be applied when the interface object is instantiated onreboot or re-enabled using the enable-if subcom-
mand. It can be any or all of s, 4, and 6 (see above).-p, --parsable
Display using a stable machine-parsable format. The
-o option is required with this option. See "Pars-
able Output Format", below.disable-if -t interface
Disables the specified interface by removing it from the active configuration. All the addresses configured on the interface will be disabled. If the interface objectwas created persistently to begin with, then the per-
sistent configuration is unchanged. To re-enable this
interface, one should use enable-if.
-t, --temporary
Specifies that the disable is temporary and changes apply only to the active configuration.enable-if -t interface
Enables the given interface by reading the configuration from the persistent store. All the persistent interface properties, if any, are applied and all the persistent addresses, if any, on the given interface will be enabled.-t, --temporary
Specifies that the enable is temporary and changesSunOS 5.11 Last change: 21 Jul 2010 6
System Administration Commands ipadm(1M)
apply only to the active configuration.set-ifprop [-t] -m protocol -p prop=value[,...] interface
Modifies an interface property to the value specified by the user. If the property takes multiple values then thevalues should be specified with a comma as the delim-
iter. Only one property can be specified at a time. The properties supported on an interface and the property'spossible values can be retrieved using show-ifprop sub-
command. Only one property at a time can be modified.-t, --temporary
Specifies that the changes are temporary and changes apply only to the active configuration.-m protocol, --module protocol
Identifies whether property should be applied for IPv4 or IPv6 packets.-p prop=value[,...], -prop prop=value[,...]
A property to set to the specified values.reset-ifprop [-t] -m protocol -p prop interface
Resets a property of the specified interface to itsdefault value. If -t is not used, any persisted value of
the property will be deleted. Only one property can be modified at a time.-t, --temporary
Specifies that the resets are temporary and changes apply only to the active configuration.-m protocol, --module protocol
Identifies whether the property being reset affects either IPv4 or IPv6 packets.SunOS 5.11 Last change: 21 Jul 2010 7
System Administration Commands ipadm(1M)
-p prop, -prop prop
A property to set to the specified values.show-ifprop [[-c] -o field[,...]] [-p prop,...] [-m proto-
col] [interface] Show the current and persistent values of one or more properties, either for all the created interfaces or for the specified interface. Several properties of interestcan be retrieved at one time by providing comma-
separated property names to -p option. If the -p option
is not specified, all available interface properties are displayed.-o field[,...], --output field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the fields listed below, or the special value all todisplay all fields. For each interface, the follow-
ing fields can be displayed:IFNAME
The name of the interface. PROPERTY The name of the property. PROTO The name of the protocol the property belongs to. The protocols currently supported are IPv4 and IPv6. PERM The read/write permissions of the property. Thevalue shown will be r (read-only), w (write-
only) or rw (read-and-write).
CURRENT The current value of the property. For disabledSunOS 5.11 Last change: 21 Jul 2010 8
System Administration Commands ipadm(1M)
interfaces, because a value is not set, it willbe shown as --.
PERSISTENT The persistent value of the property. Persistent values are the values that will be reapplied on reboot. DEFAULTThe default value of the property. If the pro-
perty has no default value, -- is displayed.
POSSIBLEA comma-separated list of the values the pro-
perty can have. If the values span a numericrange, min - max might be displayed as short-
hand. If the possible values are unknown, ? isdisplayed or if they are unbounded, -- is
displayed.-c, --parsable
Display using a stable machine-parsable format. The
-o option is required with this option. See "Pars-
able Output Format", below.-p prop,..., --prop=prop
A comma-separated list of properties to display. See
the sections on interface properties following sub-
command descriptions.-m protocol, --module protocol
Displays properties matching the given protocol. Valid values are ipv4 and ipv6. For the supported list of interface properties, see "Interface Properties" below.SunOS 5.11 Last change: 21 Jul 2010 9
System Administration Commands ipadm(1M)
create-addr [-t] -T static [-d] -a {local |
remote}=addr[/prefixlen],... addrobj Creates a static IPv4 or IPv6 address on the interface specified in addrobj. If the interface on which the address is created is not plumbed, this subcommand will implicitly plumb the interface. The created static address will be identified by addrobj. By default, a configured address will be marked up, so that it can be used as a source or destination of or for outbound and inbound packets. All address objects are enabled when they are created.See the disable-addr and enable-addr subcommands for
instructions on disabling or enabling an address object.A persistent operation cannot be performed on a tem-
porary object. That is, if the interface is temporarilycreated, then one cannot create the address object per-
sistently.-t, --temporary
Specifies that the configured address is temporary and changes apply only to the active configuration.-d, --down
Specifies that the configured address should be marked down, that is, the address will not be used as a source or destination of IP packets.-a {local | remote}=addr[/prefixlen],...
--address {local | remote}=addr[/prefixlen],...
addr indicates a literal IP address or a hostnamecorresponding to the local or remote end-point (for
point-to-point interfaces).
If a hostname is specified its numeric value is uniquely obtained using the entry in /etc/hosts. If no numeric IP address is defined in the file, then the numeric value is uniquely obtained using the resolver order specifed for hosts or ipnodes in nsswitch.conf(4). If there are multiple entries for a given hostname, an error will be generated.Because IP addresses are created before naming ser-
vices have been brought online during the boot pro-
cess, it is important that any hostname used beSunOS 5.11 Last change: 21 Jul 2010 10
System Administration Commands ipadm(1M)
included in /etc/hosts. If the prefixlen is not explicitly specified in thecommand-line, the netmask for the address is
obtained by following the search in the order listed below: 1. using the order specified for netmasks in nsswitch.conf(4) 2. interpreting IPv4 address using Classful subnetting semantics defined in RFC 791, and interpreting IPv6 addresses using the definitions in RFC 4291.For point-to-point interfaces, along with the
address of the local end-point the address of the
remote end-point must be specified (for example, -a
local=laddr,remote=raddr). If prefixlen for theremote end-point is specified, an error will be
returned. Note that if the interface requires only a localaddress, specify it directly with the -a option as
follows: -a addr[/prefixlen]. The address will
automatically be considered a local address.create-addr [-t] -T dhcp [-w seconds | forever] addrobj
Creates a DHCP-controlled IPv4 address on an interface
specified in addrobj. The created IPv4 address will be identified by addrobj. All the address objects are enabled when they arecreated. See the disable-addr and enable-addr subcom-
mands for instructions on disabling and enabling an address object.A persistent operation cannot be performed on a tem-
porary object. That is, if the interface is temporarilycreated, one cannot create the address object per-
sistently.-t, --temporary
Specifies that the configured address is temporary and changes apply only to the active configuration.-w seconds | forever, --wait seconds | forever
SunOS 5.11 Last change: 21 Jul 2010 11
System Administration Commands ipadm(1M)
Specifies the amount of time, in seconds, to wait until the operation completes. If no wait intervalis given, and the operation is one that cannot com-
plete immediately, ipadm will, by default, wait 120
seconds for the requested operation to complete. Note that the default wait time is subject to change in future releases. The symbolic value forever can be used as well, with obvious meaning.create-addr [-t] -T addrconf [-i interface-id] [-p {stateful
| stateless}={yes | no},..] addrobjCreates an auto-configured IPv6 address on an interface
specified in addrobj. The created IPv6 addresses will be identified by addrobj. The system uses the default interface ID (for themedia-type Ethernet, the Interface ID is the MAC address
of the interface) to generate auto-configured addresses.
This behavior can be overridden using -i option.
By default:o IPv6 addresses will be auto-configured based on
prefixes advertised by routers as described in RFC 4862 and...o IPv6 addresses will be auto-configured on the
specified interface using the IPv6 address offered by DHCPv6 server as described in RFC3315. (That is, -p stateful=yes,stateless=yes
is the default option.) All the address objects are enabled when they arecreated. See the disable-addr and enable-addr subcom-
mands for instructions on disabling and enabling an address object.A persistent operation cannot be performed on a tem-
porary object. That is, if the interface is temporarilycreated, then one cannot create the address object per-
sistently.-t, --temporary
Specifies that the configured address is temporary and changes apply only to the active configuration.-i interface-id, --interface-id interface-id
SunOS 5.11 Last change: 21 Jul 2010 12
System Administration Commands ipadm(1M)
Specifies the interface ID to be used for generatingauto-configured addresses.
-p {stateful | stateless}={yes | no},..
--prop {stateful | stateless}={yes | no},..
Specifies if stateful or stateless or both methodsof auto-configuration should be enabled or not.
If -p stateful=no is specified, then stateful auto-
configuration based on DHCPv6-specified IPv6
addresses will not be performed.If -p stateless=no is specified, then stateless
auto-configuration based on the router-advertised
prefixes will not be performed.If -p stateful=no,stateless=no is specified, then
both the methods of auto-configuration will not be
performed.With the -T addrconf option, -p
stateful=yes,stateless=yes is used by default.delete-addr [-r] addrobj
Deletes all the addresses identified by addrobj on the interface specified in the addrobj. It also removesthese addresses from the persistent data-store; thus,
these addresses will not be instantiated on reboot.If the address object is a DHCP-controlled address,
delete-addr removes the address from the system without
notifying the DHCP server, and records the current lease for later use.-r, --release
If the addrobj is a DHCP-controlled address, this
option brings about the relinquishing of the DHCP-
controlled IP addresses on the interface by notify-
ing the server and the discarding of the current lease.show-addr [[-p] -o field[,...]] [addrobj | interface/]
Show address information, either for the given addrobjSunOS 5.11 Last change: 21 Jul 2010 13
System Administration Commands ipadm(1M)
or all the address objects configured on the specified interface, including the address objects that are only in the persistent configuration.-p, --parsable
Display using a stable machine-parsable format. The
-o option is required with this option. See "Pars-
able Output Format", below.-o field[,...], --output field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the fields listed below, or the special value all todisplay all fields. For each interface, the follow-
ing fields can be displayed: ADDROBJ The name of the address object. TYPE Type of the address object. It will be one of:from-gz, static, dhcp, or addrconf. The static,
dhcp, and addrconf types correspond to the typeof the address object specified by the -T option
of create-addr. The from-gz type will only be
displayed in non-global zones, and indicates
that the address was configured based on theallowed-address property configured for the
non-global exclusive-IP zone from the global
zone. STATE State of the address object. This field is shownonly when all is specified with -o. This indi-
cates one of the following values: disabledAddress is not part of the active configura-
tion (see disable-addr and disable-if).
downSunOS 5.11 Last change: 21 Jul 2010 14
System Administration Commands ipadm(1M)
Address is administratively down (see down-
addr). duplicate Address was found to conflict with another system's IP address by duplicate address detection (DAD) and cannot be used until the conflict is resolved. The system will periodically rerun DAD to determine if the conflict has been resolved. Alternatively,refresh-addr can be used to immediately
rerun DAD. inaccessibleAddress cannot be used because the IP inter-
face it is configured on has failed. ok Address is enabled, up, and functioning properly. The system will accept IP packets destined to this address, and will originate IP packets with this address in accordancewith the configured IP source address selec-
tion policy. tentative Address is currently undergoing duplicate address detection (for example, as part ofup-addr or refresh-addr).
CURRENT For address objects in active configuration, it indicates any of the following flags. This field is not shown by default and will be shown onlywhen all or current is specified with -o.
d (deprecated)Will not be used as source address for out-
bound packets unless either there are no other addresses available on the interfaceSunOS 5.11 Last change: 21 Jul 2010 15
System Administration Commands ipadm(1M)
or the application has explicitly bound to this address. p (private)Address not advertised by the routing dae-
mon. t (temporary) Temporary IPv6 address as defined in RFC 3041. U (up) Address is marked up for use as asource/destination of outbound/inbound pack-
ets. u (unnumbered) Address matches the local address of some other link in the system. PERSISTENT Specifies the configuration that will be applied when the address object is instantiated onreboot or re-enabled using the enable-addr sub-
command. It can be any or all of U, p, and d (see above). ADDR Numeric IPv4 or IPv6 address. In the case ofpoint-to- point interfaces, the addresses of
both the endpoints, are displayed (laddr--
>raddr). For an address object of type dhcp, if the state of the address object is disabled, or if the address is 0.0.0.0 for IPv4 or :: for IPv6, then a question mark (?) is displayed.SunOS 5.11 Last change: 21 Jul 2010 16
System Administration Commands ipadm(1M)
down-addr [-t] addrobj
The address identified by addrobj is marked down, so that it cannot be used as a source/destination of outbound/inbound packets. This command has no effect if the address object was already marked down prior to thedown-addr invocation. If the address object is of type
addrconf, the command returns an error.-t, --temporary
Specifies that the configured address is temporary and changes apply only to the active configuration. This option is mandatory if the address object type is dhcp.up-addr [-t] addrobj
The address identified by addrobj is marked up, so that it can be used as a source/destination of outbound/inbound packets. This subcommand has no effect if the address object has been marked down by the system because it is a duplicate address, or if the address wasmarked up prior to the up-addr invocation. If the
address object is of type addrconf, the command returns an error.-t, --temporary
Specifies that the configured address is temporary and changes apply only to the active configuration. This option is mandatory if the address object type is dhcp.refresh-addr [-i] addrobj
If the addrobj is of the type static then DAD (Duplicate Address Detection) will be restarted (if necessary) on the address identified by the address object.If the addrobj is of the type dhcp, then the lease dura-
tion obtained on the address will be extended by the DHCP client daemon. If the addrobj is of the type addrconf then the command returns an error.SunOS 5.11 Last change: 21 Jul 2010 17
System Administration Commands ipadm(1M)
-i, --inform
For a specified IP address, obtains network confi-
guration parameters from DHCP without obtaining a lease on it. This is useful in situations where an IP address is obtained through mechanisms other than DHCP.disable-addr -t addrobj
Disables the address by removing it from the active con-
figuration. If the address object was originally created persistently, then the persistent configuration isunchanged. To re-enable this addrobj, one should use
enable-addr.
-t, --temporary
Specifies that the disabling is temporary and changes apply only to the active configuration.enable-addr -t addrobj
Enables the given addrobj by reading the configuration from the persistent store. All the persistent addressproperties are applied to the address object. This sub-
command requires that the interface on which the address object is being enabled be present. If the interface itself is missing in active configuration and is presentin persistent store, that is, if the interface is dis-
abled, then the user has to run enable-if before invok-
ing enable-addr.
-t, --temporary
Specifies that the enabling is temporary and changes apply only to the active configuration.set-addrprop [-t] -p prop=value[,...] addrobj
Sets the value of a property on the addrobj specified. If the addrobj maps to several addresses, then property changes applies to all the addresses referenced by the addrobj. Only one property can be specified at a time. The properties supported on the addrobj and theproperty's possible values can be retrieved using show-
SunOS 5.11 Last change: 21 Jul 2010 18
System Administration Commands ipadm(1M)
addrprop subcommand. If the addrobj is of type addrconf, the command returns an error.-t, --temporary
Specifies that the changes are temporary and changes apply only to the active configuration.-p prop=value[,...], --prop prop=value[,...]
A property to set to the specified values.reset-addrprop [-t] -p prop addrobj
Resets the given address property to its default value.If -t is not used, any persistent value of the property
will be deleted. Only one property can be modified at a time. If the addrobj is of type addrconf, the command returns an error.-t, --temporary
Specifies that the resets are temporary and changes apply only to the active configuration.-p prop, --prop prop
A property to be reset.show-addrprop [[-c] -o field[,...]] [-p prop,...] [addrobj]
Show the current and persistent values of one or more properties, either for all the configured address objects or for the specified addrobj. Several properties of interest can be retrieved at one time by providingcomma-separated property names to -p option. If the -p
option is not specified, all available properties aredisplayed. If the addrobj is of type addrconf, the com-
mand returns an error.-o field[,...], --output field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each addrobj, the followingSunOS 5.11 Last change: 21 Jul 2010 19
System Administration Commands ipadm(1M)
fields can be displayed: ADDROBJ The name of the address object. PROPERTY The name of the property. PERM The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read/write). CURRENTThe current value of the property. For the dis-
abled addresses, because the value is not set,the value displays as a double hyphen (--).
PERSISTENT The persistent value of a property. Persistent values are the values that will be reapplied on reboot. DEFAULTThe default value of the property. If the pro-
perty has no default value, double hyphen (--)
is shown. POSSIBLEA comma-separated list of the values a property
can have. If the values span a numeric range,min - max might be shown as shorthand. If the
possible values are unknown, a question mark (?) is displayed or if they are unbounded, doublehyphen (--) will be shown.
SunOS 5.11 Last change: 21 Jul 2010 20
System Administration Commands ipadm(1M)
-c, --parsable
Display using a stable machine-parsable format. The
-o option is required with this option. See "Pars-
able Output Format", below.-p prop,..., --prop=prop
A comma-separated list of properties to display. See
the sections on address object properties following subcommand descriptions.set-prop [-t] -p prop[+ | -]=value[,...] protocol
Modifies the value of a protocol property to the value specified. If the property takes multiple values, thevalues should be specified with a comma as the delim-
iter. Only one property can be specified at a time. By default, the value is persistent and will be reapplied on reboot. The properties supported on a protocol and the property's possible values can be retrieved usingthe show-prop subcommand
The following protocols are supported: ip, ipv4, ipv6, icmp, tcp, udp and sctp. Note that for some properties, it might be possible to set the value of the property both globally, and on aper-interface basis. The per-interface value can be set
using the set-ifprop subcommand. In such cases, if the
administrator chooses to customize the per-interface
value of the property to be distinct from the globalvalue, the per-interface value overrides the global set-
ting for that interface.-t, --temporary
Specifies that the changes to properties are tem-
porary and changes apply only to the active confi-
guration.-p prop[+|-]=value[,...], --prop prop[+|-]=value[,...]
A property to set to the specified values. It also provides the following "qualifiers" to perform add and delete operations in addition to assignment.SunOS 5.11 Last change: 21 Jul 2010 21
System Administration Commands ipadm(1M)
+ Adds the given value to the current list of value(s).-
Removes the given value from the current list of value(s). = Makes a new assignment and removes all the current value(s).See EXAMPLES for more information on how to use the
qualifiers.reset-prop [-t] -p prop protocol
Resets a property of the specified protocol to thedefault value of the property. If -t is not used, any
persistent value of the property will be deleted. Only one property can be modified at a time.-t, --temporary
Specifies that the resets are temporary and changes apply only to the active configuration.-p prop, --prop prop
A property to be reset.show-prop [[-c] -o field[,...]] [-p prop,...] [protocol]
Show the current and persistent values of one or more properties, either for all supported protocols or for the specified protocol. Several properties of interestcan be retrieved at a time by providing comma-separated
property names to -p option. If the -p option is not
specified, all available properties are displayed.-o field[,...], --output field[,...]
SunOS 5.11 Last change: 21 Jul 2010 22
System Administration Commands ipadm(1M)
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each protocol, the following fields can be displayed: PROTO The name of the protocol. PROPERTY The name of the property. PERM The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read/write). CURRENTThe current value of the property. For the dis-
abled addresses, because the value is not set,the value displays as a double hyphen (--). If
the value is unknown, it is displayed as a ques-
tion mark (?). If the current value of the pro-
perty is not in the set of listed POSSIBLE values, the keyword custom is displayed. PERSISTENT The persistent value of a property. Persistent values are the values that will be reapplied on reboot. DEFAULTThe default value of the property. If the pro-
perty has no default value, double hyphen (--)
is shown. POSSIBLEA comma-separated list of the values for the
property setting to be used with the set-prop
SunOS 5.11 Last change: 21 Jul 2010 23
System Administration Commands ipadm(1M)
subcommand. If the values span a numeric range,min - max might be shown as shorthand. If the
possible values are unknown, a question mark (?) is displayed or if they are unbounded, doublehyphen (--) will be shown.
-c, --parsable
Display using a stable machine-parsable format. The
-o option is required with this option. See "Pars-
able Output Format", below.-p prop,..., --prop=prop
A comma-separated list of properties to display. See
the sections on protocol properties following sub-
command descriptions. For the supported list of properties for every protocol, see "Protocol Properties" below. Parsable Output FormatThe ipadm "show" subcommands have an -o option that displays
output in a machine-parsable format. The output format is
one or more lines of colon (:) delimited fields. The fields displayed are specific to the subcommand used and are listedunder the entry for the -o option for a given subcommand.
Output includes only those fields requested by means of the-o option, in the order requested. Note that the -o all
option, which displays all the fields for a given subcom-
mand, cannot be used with parsable output option.When you request multiple fields, any literal colon charac-
ters are escaped by a backslash (\fR) before being output. Similarly, literal backslash characters are also escaped (\). This escape format is parsable by using shell read(1) functions with the environment variable set as IFS=: Note that escaping is not done when you request only a single field. Protocol Properties The following protocol properties are supported: hostmodel (IPv4), hostmodel (IPv6) Control send/receive behavior for IP packets on amulti-homed system. The value of hostmodel can be set to
SunOS 5.11 Last change: 21 Jul 2010 24
System Administration Commands ipadm(1M)
strong or weak, corresponding to the equivalent end-
system model definitions of RFC 1122. In addition, athird value of src-priority is also supported. In the
src-priority hostmodel scenario, a packet will be
accepted on any interface, as long as the packet's des-
tination IP address is configured and marked UP on one of the host's interfaces. When transmitting a packet, if multiple routes for the IP destination in the packet are available, the system will prefer routes where the IPsource address in the packet is configured on the outgo-
ing interface. If no such route is available, the system will fall back to selecting the "best" route, as with the weak ES case. ttl (IPv4), hoplimit (IPv6) Specifies the value that will be set for ttl/hoplimit field of an IPv4 or IPv6 header. Can be used to prevent the system from reaching other systems more than N hops away where N was the value specified. forwarding (IPv4), forwarding (IPv6) Enable/disable global IPv4 or IPv6 forwarding. All theconfigured interfaces will start/stop forwarding pack-
ets. Individual interfaces can override the globaloption using set-ifprop.
recv_maxbuf (TCP, SCTP, UDP, ICMP)
send_maxbuf (TCP, SCTP, UDP, ICMP)
Modifies the receive or send buffer sizes for the speci-
fied protocol. sack (TCP) Selective acknowledgment (SACK) allows recipients toselectively acknowledge out-of-sequence data and is
intended to increase performance for data transfers over lossy links. See RFC 2018 for information on the SACK. Possible values and meanings: neverWill neither accept SACK nor send out SACK informa-
tion.SunOS 5.11 Last change: 21 Jul 2010 25
System Administration Commands ipadm(1M)
passive Will accept SACK but not send out. active Will both accept SACK and send out SACK information. ecn (TCP) Explicit Congestion Control (see RFC 3168 for more information). Possible values are the same as above: never, passive, and active.smallest_anon_port (TCP, SCTP, UDP)
largest_anon_port (TCP, SCTP, UDP)
These options define the upper and lower bounds onephemeral ports. Ephemeral (means short-lived) ports are
used when establishing outbound network connections.smallest_nonpriv_port (TCP, SCTP, UDP)
This option define the start of non-privileged ports.
The non-privileged port range normally starts at 1024.
Any program that attempts to bind a non-privileged port
does not have to run as root.extra_priv_ports (TCP, SCTP, UDP)
This option define additional privileged ports outsideof the 1-1023 range. Any program that attempts to bind
the ports listed here must run as root. This prevents normal users from starting server processes on specific ports. These ports can be added, removed, or assigned using theset-prop subcommand and the modifiers +, -, and =. See
EXAMPLES below on usage.
Interface Properties The following interface properties are supported: arpSunOS 5.11 Last change: 21 Jul 2010 26
System Administration Commands ipadm(1M)
Enables/disables the use of the Address Resolution Pro-
tocol (ARP) on an interface. ARP is used in mapping between network level addresses and link level addresses. This is currently implemented for mapping between IPv4 addresses and MAC addresses. Possible values are on or off. Default is on. forwarding Enables/disables IP forwarding on an interface. When enabled, the IP packets can be forwarded to and from the interface. Possible values are on or off. Default is off. metric Set the routing metric of the interface to n; if no value is specified, the default is 0. The routing metric is used by the routing protocol. Higher metrics have the effect of making a route less favorable. Metrics are counted as additional hops to the destination network or host. mtu Set the maximum transmission unit of the interface to n. For many types of networks, the MTU has an upper limit, for example, 1500 for Ethernet. nud Enables/disables the neighbor unreachability detectionmechanism on a point-to-point physical interface. Possi-
ble values are on or off. Default is on. usesrc Specifies a physical or virtual interface to be used for source address selection. If the keyword none is used, then any previous selection is cleared. Default is Specifies a physical or virtual interface to be used for source address selection. If the keyword none is used, any previous selection is cleared. Default is none.exchange_routes
SunOS 5.11 Last change: 21 Jul 2010 27
System Administration Commands ipadm(1M)
Enables/disables exchanging of routing information on this interface. Possible values are on or off. Default is off. Address Properties The address properties listed below are supported. Note that modifying address properties for addrconf address objects is not supported. deprecated The address should no longer used as a source address in new communications, but packets addressed to this address are processed as expected. Possible values areon or off. Default is off. This property is not sup-
ported on an address object of type dhcp. prefixlenSpecifies the number of left-most contiguous bits of the
address that comprise the IPv6 prefix or IPv4 netmask ofthe address. The remaining low-order bits define the
host part of the address. When prefixlen is converted toa text representation of the address, the address con-
tain 1's for the bit positions that are to be used forthe network part, and 0's for the host part. The prefix-
len must be specified as a single decimal number. This property is not supported on an address object of type dhcp. private Specifies that the addresses should not be advertised by the in.routed routing daemon. Possible values are on or off. Default is off. transmit Enables packets to be transmitted using the addresses referenced by the address object. This is the default behavior when the address is up. Possible values are on or off. Default is on. zone Specifies the zone in which all the addresses referenced by the address object should be placed. The named zoneSunOS 5.11 Last change: 21 Jul 2010 28
System Administration Commands ipadm(1M)
must be active in the kernel in the ready or running state. The interface is unplumbed when the zone is halted or rebooted. The zone must be configured to be anshared-IP zone. zonecfg(1M) is used to assign network
interface names to exclusive-IP zones. To modify the
zone assignment such that it persists across reboots, please use zonecfg(1M). Possible values are the list ofall the zones configured on the system. Default is glo-
bal. OPERANDSEach ipadm subcommand operates on one of the following
objects: addrobjAn address configured on a network interface is identi-
fied by an addrobj. An addrobj consists of two parts. The first part is the name of the network interface on which the address is configured. The second part is auser-specified string that can use any of the
alphanumeric characters and can be at-most 32 characters
in length and must begin with a letter. The two parts of the addrobj are delimited by a slash (/). An address object always represents a unique set of address(es) in a system. interface Name of the underlying IP interface on which network address is configured. protocolName of the TCP/IP Internet protocol family for which a property is to be configured. Following protocols are supported: ip, ipv4, ipv6, icmp, tcp, sctp and udp.
EXAMPLES
Example 1 Creating IPv4 Static Addresses The following command creates the address 10.2.3.4/24 on interface bge1 and marks the address up, for use.# ipadm create-addr -T static -a local=10.2.3.4/24 bge1/v4static1
SunOS 5.11 Last change: 21 Jul 2010 29
System Administration Commands ipadm(1M)
The following command creates the address 10.2.3.5/24 on interface bge1 but marks the address down until explicitly marked up.# ipadm create-addr -T static -d -a 10.2.3.5/24 bge1/v4static2
Note that 10.2.3.5/24 is assumed to be the local address, because local was not used and there was only one address. The following command marks the address object bge1/v4static2 up that was previously marked down.# ipadm up-addr bge1/v4static2
If the DUPLICATE flag was set on the address object, thenrefresh-addr will verify that the address is still a dupli-
cate on the network. If it is not, the address will be marked up.# ipadm refresh-addr bge1/v4static2
The following command lists the addresses that were config-
ured. This shows that the address bge1/v4static2 is not a duplicate.# ipadm show-addr
ADDROBJ TYPE CURRENT PERSISTENT ADDRlo0/v4 static eU------- --- 127.0.0.1/8
lo0/v6 static eU------- --- ::/128
bge1/v4static1 static eU------- U-- 10.2.3.4/24
bge1/v4static2 static eU------- U-- 10.2.3.10/24
Example 2 Creating DHCPv4-controlled Addresses
SunOS 5.11 Last change: 21 Jul 2010 30
System Administration Commands ipadm(1M)
The following command obtains a DHCPv4 address on interface bge1.# ipadm create-addr -T dhcp bge1/dhaddr
# ipadm show-addr bge1/dhaddr
ADDROBJ TYPE CURRENT PERSISTENT ADDRbge1/dhaddr dhcp eU------- --- 10.8.48.173/25
The following command extends the lease duration for the DHCPv4 address object bge1/dhaddr.# ipadm refresh-addr bge1/dhaddr
Example 3 Creating IPv6 AddressesThe following sequence of commands auto-configures IPv6
addresses on bge1 using in.ndpd with the default interfaceID. A link-local address is configured first, followed by
in.ndpd adding the stateless and stateful auto-configured
addresses.# ipadm create-addr -T addrconf bge1/v6addr
The following command creates a IPv6 static address. To beable to configure an IPv6 address that is not a link-local
address, the interface should already have a link-local
address configured on it. It was accomplished by the previ-
ous step with -T addrconf.
# ipadm create-addr -T static -a local=2ff0::f3ad/64 bge1/v6static
The following command changes the prefix length of an IPv6 address.# ipadm set-addrprop -p prefixlen=80 bge1/v6static
SunOS 5.11 Last change: 21 Jul 2010 31
System Administration Commands ipadm(1M)
All the auto-configured addresses and the updated prefix
length can be viewed by listing the addresses:# ipadm show-addr
ADDROBJ TYPE CURRENT PERSISTENT ADDRlo0/v4 static eU------- --- 127.0.0.1/8
lo0/v6 static eU------- --- ::/128
bge1/v6addr addrconf eU------- --- fe80::203:baff:fe94:2f01/10
bge1/v6addr addrconf eU------- --- 2002:a08:39f0:1:203:baff:fe94:2f00/64
bge1/v6addr addrconf eU------- --- 2001:db8:1:2::402f/128
bge1/v6static static eU------- U-- 2ff0::f3ad/80
Example 4 Configuring an IPv4 TunnelThe first command below (ipadm) creates the tunnel source
address. Then, a dladm command creates the tunnel link. Thefinal ipadm commands configure the IPv4 and IPv6 addresses
on the tunnel IP interface.# ipadm create-addr -T static -a local=10.2.3.4/24 bge1/v4static
# dladm create-iptun -T ipv4 -a local=10.2.3.4,remote=10.2.3.5 tun0
# ipadm create-addr -T static \
-a local=173.129.134.1,remote=173.129.134.2 tun0/v4tunaddr
# ipadm create-addr -T static \
-a local=2ff1::3344,remote=2ff1::3345 tun0/v6tunaddr
# ipadm show-addr
ADDROBJ TYPE CURRENT PERSISTENT ADDRlo0/v4 static eU------- --- 127.0.0.1/8
lo0/v6 static eU------- --- ::/128
bge1/v4static static eU------- U-- 10.2.3.4/24
tun0/v4tunaddr static eU------- U-- 173.129.134.1-->173.129.134.2
tun0/v6tunaddr static eU------- U-- 2ff1::3344-->2ff1::3345
Example 5 Viewing all of the Interfaces The following command enables you to view all interfaces.# ipadm show-if
IFNAME STATE CURRENT PERSISTENT
lo0 ok -m-v-----46 ---
e1000g0 ok bm-------4- -46
e1000g1 disabled ----------- -46
ipmp0 failed bm--I----46 -46
SunOS 5.11 Last change: 21 Jul 2010 32
System Administration Commands ipadm(1M)
tun0 disabled ----------- --6
vni0 disabled ---v-----46 -46
Example 6 Displaying Interface Properties The following command displays all interface properties for a specified interface.# ipadm show-ifprop net0
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
net0 arp ipv4 rw on -- on on,off
net0 forwarding ipv4 rw off on off on,offnet0 metric ipv4 rw 2 2 0 --
net0 mtu ipv4 rw 1500 -- 1500 68-1500
net0 exchange_routes ipv4 rw off -- off on,off
net0 usesrc ipv4 rw none -- none --
net0 forwarding ipv6 rw off -- off on,off
net0 metric ipv6 rw 2 2 0 --
net0 mtu ipv6 rw 1500 -- 1500 1280-1500
net0 nud ipv6 rw on -- on on,off
net0 exchange_routes ipv6 rw off on off on,off
net0 usesrc ipv6 rw none -- none --
Example 7 Configuring per-Interface Properties
The following command sets the IPv4 MTU of the interface net0 to 900.# ipadm set-ifprop -m ipv4 -p mtu=900 net0
The following command sets the IPv6 MTU of the interface net0 to 1400.# ipadm set-ifprop -m ipv6 -p mtu 1400 net0
View the results:SunOS 5.11 Last change: 21 Jul 2010 33
System Administration Commands ipadm(1M)
# ipadm show-ifprop -p mtu net0
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
net0 mtu ipv4 rw 900 900 1500 68-1500
net0 mtu ipv6 rw 1400 1400 1500 1280-1500
# ipadm show-ifprop -m ipv6 -p mtu net0
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
net0 mtu ipv6 rw 1400 1400 1500 1280-1500
Example 8 Displaying Supported Properties The following command displays the properties supported on TCP.# ipadm show-prop tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp ecn rw active active passive never,passive, activetcp extra_priv_ports rw -- 1,65535 2049,4045 1-65535
tcp largest_anon_port rw 32768 32768 65535 1024-65535
tcp sack rw active -- active never,passive,
activetcp recv_maxbuf rw 29567 -- 49152 2048-1073741824
tcp send_maxbuf rw 21354 -- 49152 4096-1073741824
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
Example 9 Configuring Global IPv4 ForwardingThe following command sequence configures global IPv4 for-
warding and overrides that setting for interface net0.# ipadm set-prop -p forwarding=on ipv4
# ipadm set-ifprop -p forwarding=off -m ipv4 net0
# ipadm show-prop -p forwarding ipv4
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv4 forwarding rw on on off on,off# show-ifprop -p forwarding -m ipv4 net0
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
net0 forwarding ipv4 rw off off off on,offSunOS 5.11 Last change: 21 Jul 2010 34
System Administration Commands ipadm(1M)
Example 10 Using Qualifiers in set-prop Subcommand
The following command sequence uses the plus and minus (+,-) qualifiers to add 1047, 1048, and 1049 as extra
privileged ports for TCP.# ipadm set-prop -p extra_priv_ports=1047 tcp
# ipadm set-prop -p extra_priv_ports+=1048 tcp
# ipadm set-prop -p extra_priv_ports+=1049 tcp
# ipadm set-prop -p extra_priv_ports+=1050 tcp
The following command deletes 1048 as extra privileged port.# ipadm set-prop -p extra_priv_ports-=1048
The following command displays all the extra privileged ports for TCP.# ipadm show-prop -p extra_priv_ports tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLEipv4 extra_priv_ports rw 1047,1049, 1047,1049, 2049,4045 1-65535
1050 1050 Example 11 Enabling and Disabling ObjectsThe following command sequences enables and disables inter-
face and address objects and display the results of those actions.# ipadm create-addr -T static -a local=10.2.3.4/24 bge1/v4static
# ipadm set-addrprop -p private=yes bge1/v4static
# ipadm show-addr bge1/v4static
ADDROBJ TYPE CURRENT PERSISTENT ADDRbge1/v4static static eU-p----- Up- 10.2.3.4/24
SunOS 5.11 Last change: 21 Jul 2010 35
System Administration Commands ipadm(1M)
The following command disables the address object bge1/v4static.# ipadm disable-addr -t bge1/v4static
# ipadm show-addr bge1/v4static
ADDROBJ TYPE CURRENT PERSISTENT ADDRbge1/v4static static --------- Up- 10.2.3.4/24
The following command disables the interface object bge1.# ipadm disable-if -t bge1
# ipadm show-if bge1
IFNAME STATE CURRENT PERSISTENT
bge1 disabled ----------- -46
The following command enables the interface object from the persistent configuration.# ipadm enable-if -t bge1
# ipadm show-if bge1
IFNAME STATE CURRENT PERSISTENT
bge1 ok bm-------46 -46
# ipadm show-addr bge1/v4static
ADDROBJ TYPE CURRENT PERSISTENT ADDRbge1/v4static static eU-p----- Up- 10.2.3.4/24
Note that when the interface object is enabled all the address objects configured on that interface are enabled also. The following command creates persistent configuration forthe net0 interface in a non-global exclusive-IP zone so that
the net0 interface will be configured with the set ofaddresses made available through the allowed-address
resource from the global zone on the next reboot.SunOS 5.11 Last change: 21 Jul 2010 36
System Administration Commands ipadm(1M)
# ipadm create-if net0
The net0 interface can also be configured with the availableset of allowed-address values in the non-global exclusive-IP
zone without a reboot by executing the following commands:# ipadm disable-if -t net0
# ipadm enable-if -t net0
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsr ||_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
SEE ALSO
read(1), arp(1M), cfgadm(1M), dladm(1M), if_mpadm(1M),
ifconfig(1M), in.mpathd(1M), in.ndpd(1M), ndd(1M), zonecfg(1M), nsswitch.conf(4), attributes(5), dhcp(5), vni(7D)Postel, J., RFC 791, Internet Protocol - DARPA Internet Pro-
gram Protocol Specification, Information Sciences Institute, University of Southern California, September 1981.Hinden, R. and S. Deering, IP Version 6 Addressing Architec-
ture, RFC 4291, February 2006. Thomson, S., Narten, T., and T. Jinmei, IPv6 Stateless Address AutoConfiguration, RFC 4862, September 2007. Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, Dynamic Host Configuration Protocol for IPv6SunOS 5.11 Last change: 21 Jul 2010 37
System Administration Commands ipadm(1M)
(DHCPv6), RFC 3315, July 2003. Narten, T., Draves, R., and S. Krishnan, Privacy Extensions for Stateless Address AutoConfiguration in IPv6, RFC 4941, September 2007.S. Routhier, Ed., Management Information Base for the Inter-
net Protocol (IP), RFC 4293, April 2006Braden, R., RFC 1122, Requirements for Internet Hosts -
Communication Layers, Information Sciences Institute, University of Southern California, October 1989.SunOS 5.11 Last change: 21 Jul 2010 38