Do only one of the following tasks. For the trade-offs, see Planning for Multilevel Access.
Task |
Description |
For Instructions |
---|---|---|
Share a logical interface. |
Map the global zone to one IP address, and map the labeled zones to a different IP address. |
Specify Two IP Addresses for the System by Using a CDE Action |
Share a physical interface. |
Map all zones to one IP address. |
In this configuration, the host's address applies only to the global zone. Labeled zones share a second IP address with the global zone.
You are superuser in the global zone. The system has already been assigned two IP addresses. You are in a Trusted CDE workspace.
Navigate to the Trusted_Extensions folder.
Double-click the Share Logical Interface action and answer the prompts.
The system must already have been assigned two IP addresses. For this action, provide the second address and a host name for that address. The second address is the shared address.
Hostname: Type the name for your labeled zones interface IP Address: Type the IP address for the interface |
This action configures a host with more than one IP address. The IP address for the global zone is the name of the host. The IP address for a labeled zone has a different host name. In addition, the IP address for the labeled zones is shared with the global zone. When this configuration is used, labeled zones are able to reach a network printer.
Use a standard naming convention for labeled zones. For example, add -zones to the host name.
(Optional) In a terminal window, verify the results of the action.
# ifconfig -a |
For example, the following output shows a shared logical interface, hme0:3 on network interface 192.168.0.12 for the labeled zones. The hme0 interface is the unique IP address of the global zone.
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ether 0:0:00:00:00:0 hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.11 netmask fffffe00 broadcast 192.168.0.255 hme0:3 flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 all-zones inet 192.168.0.12 netmask fffffe00 broadcast 192.168.0.255 |
In this configuration, the host's address applies to all the zones, including the labeled zones.
You are superuser in the global zone. You are in a Trusted CDE workspace.
Navigate to the Trusted_Extensions folder.
Double-click the Share Physical Interface action.
This action configures a host with one IP address. The global zone does not have a unique address. This system cannot be used as a multilevel print server or NFS server.
(Optional) In a terminal window, verify the results of the action.
# ifconfig -a |
The Share Physical Interface action configures all zones to have logical NICs. These logical NICs share a single physical NIC in the global zone.
For example, the following output shows the shared physical interface, hme0 on network interface 192.168.0.11 for all the zones.
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ether 0:0:00:00:00:0 hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 all-zones inet 192.168.0.11 netmask fffffe00 broadcast 192.168.0.255 |