Configure the Network Interfaces in Trusted Extensions

In this task, you configure the networking in the global zone. You must create exactly one all-zones interface. An all-zones interface is shared by the labeled zones and the global zone. The shared interface is used to route traffic between the labeled zones and the global zone. To configure this interface, do one of the following:

• Create a logical interface from a physical interface, then share the physical interface.

  This configuration is the simplest to administer. Choose this configuration when your system has been assigned two IP addresses. In this procedure, the logical interface becomes the global zone's specific address, and the physical interface is shared between the global zone and the labeled zones.

• Share a physical interface

  Choose this configuration when your system has been assigned one IP address. In this configuration, the physical interface is shared between the global zone and the labeled zones.

• Share a virtual network interface, vni0

  Choose this configuration when you are configuring DHCP, or when each subnetwork is at a different label. For a sample procedure, refer to the laptop instructions in the Trusted Extensions section of OpenSolaris Community: Security web page.

  In the Solaris Express Community Edition, the loopback interface in Trusted Extensions is created as an all-zones interface. Therefore, you do not need to create a vni0 shared interface.

To add zone-specific network interfaces, finish and verify zone creation before adding the interfaces. For the procedure, see Add a Network Interface to Route an Existing Labeled Zone.

Before You Begin

The public zone is halted.

The Labeled Zone Manager is displayed. To open this GUI, see Run the txzonemgr Script.

From the public zone options list, you have clicked Select another zone...

1. In the Labeled Zone Manager, select the global zone.

2. Select Configure Network Interfaces.

   A list of interfaces is displayed. Look for an interface that is listed with the following characteristics:

   • Type of physical

   • IP address of your hostname

   • Template of cipso

   • State of Up

3. Select the interface that corresponds to your hostname.

4. From the list of commands, select Share with Shared-IP Zones.

5. Click Cancel to return to the global zone command list

6. To connect to other systems on your network that are running Trusted Extensions, select Add Multilevel Access to Remote Host...

   1. Type the IP address of another Trusted Extensions system.

   2. Run the corresponding commands on the other Trusted Extensions system.