Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Network Interfaces and Network Virtualization Oracle Solaris 11 Express 11/10 |
2. NWAM Configuration and Administration (Overview)
3. NWAM Profile Configuration (Tasks)
Creating Profiles in Command-Line Mode
Interactively Creating Profiles
Creating NCUs for a User-Defined NCP
How to Interactively Create a User-Defined NCP
Setting and Changing Property Values of a Profile
Querying the System for Profile Information
Listing All of the Profiles on a System
Listing All Property Values for a Specific Profile
Obtaining Values of a Specific Property
How to Interactively Obtain a Single Property Value
Interactively Viewing and Changing Property Values by Using the walkprop Subcommand
Exporting and Restoring a Profile Configuration
Managing the NWAM Service Through SMF
How to Switch From Autoconfiguration Mode to Traditional Networking Mode
How to Switch From Traditional Networking Mode to Autoconfiguration Mode
4. NWAM Profile Administration (Tasks)
5. About the NWAM Graphical User Interface
Part II Administering Single Interfaces
6. Overview of the Networking Stack
7. Datalink Configuration and Administration
8. Configuring an IP Interface
9. Configuring Wireless Interface Communications on Oracle Solaris
Part III Administering Interface Groups
11. Administering Link Aggregations
Part IV Network Virtualization and Resource Management
15. Introducing Network Virtualization and Resource Control (Overview)
16. Planning for Network Virtualization and Resource Control
17. Configuring Virtual Networks (Tasks)
18. Using Link Protection in Virtualized Environments
19. Managing Network Resources
The nwamcfg command, which is described in the nwamcfg(1M) man page, is one of two administrative commands in the NWAM command-line interface.
The nwamcfg command can be used by anyone who has Console User privileges. These privileges are automatically assigned to any user who is logged in to the system from /dev/console. For more information, see the Overview of NWAM Security.
You can use the nwamcfg command to select, create, modify, and destroy user-defined profiles. The command can be used in either interactive mode or command-line mode. The nwamcfg command also supports export of profile configuration to command files.
You can create, modify, and remove the following profiles and configuration objects:
Network Configuration Profiles (NCPs)
Location profiles
External Network Modifiers (ENMs)
Known wireless local area networks (WLANs)
Network Configuration Units (NCUs)
The basic command syntax to use to create a profile from the command line is as follows:
nwamcfg create -t template object-type class object-name
Creates an in-memory profile (or configuration object) of the specified type and name. For NCPs, only the User NCP can be created by using the create command.
Specifies that the new profile be identical to template, where template is the name of an existing profile of the same type. If the -t option is not used, the new profile is created with default values.
Specifies the type of profile to be created.
You can specify one of the following values for the object-type option:
ncp
ncu
loc
enm
wlan
All profiles that are specified by the object-type option, with the exception of an ncu, must be created at the global scope before you can use the nwamcfg select command to select the particular object.
Specifies the class of profile that is specified by object-type. This parameter is only used for the ncu object type, which consists of two possible values, phys or ip.
Specifies the name of the user-defined profile, for example net1 for a given NCU. For user-defined NCPs, the object-name can be any name that you choose.
Note - If you have customized your network configuration by using a previous NWAM version, a User NCP will be created by the system, based on that configuration.
For example, to create a User NCP you would type the following command:
$ nwamcfg create ncp User
where ncp is the object-type and User is the object-name.
Note - For the creation of NCPs, the class option is not required.
Optionally, you can use a copy of the Automatic NCP as your template, then make changes to that profile, as shown here:
$ nwamcfg create -t Automatic ncp
To create a Location profile with the name office, you would type the following command:
$ nwamcfg create loc office
You can use the nwamcfg command in interactive mode to perform the following tasks:
Create a user-defined profile.
Select and modify a user-defined profile.
Verify that all of the required information about a profile.
Commit the changes for a new user-defined profile.
Cancel the current profile configuration without committing any changes to persistent storage.
Revert the changes that you made for a profile.
Creating a profile in interactive mode results in the nwamcfg a command prompt that is in the NCP scope, if an NCP is created, or in the profile scope, if a Location profile or an ENM is created. Creating an NCP or an NCU, moves the focus into that object's scope, walking you through the default properties for the specified profile.
To interactively create a user-defined NCP, you would begin by initiating an nwamcfg interactive session. Then, you would use the create subcommand to create the new NCP, as follows:
$ nwamcfg nwamcfg> create ncp User nwamcfg>
Note - If you upgrade from an Oracle Solaris release that supports a previous NWAM implementation, and any of the default settings on your system have changed, an NCP representation of the legacy network configuration is created and activated as a “User NCP”.
The NCP is essentially a container that consists of a set of NCUs. All NCPs contain both link and interface NCUs. Link NCUs specify both link configuration and link selection policy. Interface NCUs specify interface configuration policy. If IP connectivity is required, both a link and an interface NCU are required. NCUs must be added or removed explicitly by using the nwamcfg command or by using the GUI.
Note - It is possible to add NCUs that do not correlate to any link that is currently installed on the system. Additionally, you can remove NCUs that map to a link that is currently present on the system. Policy for the how a user-defined NCP is activated is also determined by the properties of the NCUs that populate the NCP. Some examples include enabling multiple links and interfaces to be active at a given time, defining different dependency relationships between NCUs, and defining static IP addressing for an NCU, as required.
You can create NCUs by using the nwamcfg command in either interactive mode or command-line mode. Because creating an NCU involves several operations, it is easier and more efficient to create NCUs in interactive mode, rather than trying to construct a single-line command that creates the NCU and all of its properties to the NCP. NCUs can be created when you initially create an NCP or afterward. The process of creating or modifying an NCU involves setting general NCU properties, as well as setting properties that specifically apply to each NCU type.
The properties that you are presented with during the process of creating NCUs for an NCP make the most sense based on the choices that you made during the creation of that particular NCP.
The following table describes all of the NCU properties that you might specify when creating or modifying an NCU. Some properties apply to both NCU types. Other properties apply to either a link NCU or an interface NCU. For a complete description of all of the NCU properties, including rules and conditions that might apply when you specify these properties, see the nwamcfg(1M) man page.
|
The following procedure describes how to create a user-defined NCP in interactive mode.
Tip - The walk process that NWAM performs during the initial profile creation ensures that you are prompted for only those properties that make sense, given the choices that you made previously. Also, the verify subcommand that is described in this procedure verifies your configuration. If any required values are missing, you are notified. You can use the verify subcommand explicitly when creating or modifying a profile or implicitly by using the commit subcommand to save your changes.
$ nwamcfg nwamcfg>
nwamcfg> create ncp User nwamcfg:ncp:User
where ncp is the profile type and User is the profile name.
Creating the NCP automatically takes you into the NCP scope. If you were creating a location, an ENM, or a WLAN object, the command prompt would take you to the profile scope.
nwamcfg:ncp:User> create ncu phys e1000g0 Created ncu `e1000g0', Walking properties ...
where ncu is the object type, phy is the class, and e1000g0 (for example purposes only) is the object name.
Creating an NCU moves you into that object's scope and walks you through the default properties for the object.
nwamcfg:ncp:User> create ncu ip e1000g0 Created ncu `e1000g0'. walking properties ...
where ncu is the object type, ip is the class, and e1000g0 (for example purposes only) is the object name.
Creating an NCU moves you into that object's scope and walks you through the default properties for the object.
During the creation of an NCU, the class option is used to differentiate between the two types of NCUs. This option is especially valuable in situations where different NCU types share the same name. If the class option is omitted, it is much more difficult to distinguish NCUs that share the same name.
Note - Repeat Steps 3 and 4 until all of the required NCUs for the NCP are created.
nwamcfg:ncp:User:ncu:e1000g0> verify All properties verified
nwamcfg:ncp:User:ncu:e1000g0> commit committed changes.
Note - In interactive mode, changes are not saved to persistent storage until you commit them. When you use the commit subcommand, the entire profile is committed. To maintain the consistency of persistent storage, the commit operation also includes a verification step. If the verification fails, the commit also fails. If an implicit commit fails, you are given the option of ending or exiting the interactive session without committing the current changes. Or, you can remain in the current scope and continue making changes to the profile.
The cancel subcommand ends the current profile configuration without committing the current changes to persistent storage, then moves the interactive session up on level to the next higher scope. The revert subcommand undoes the changes that you made and rereads the previous configuration. When you use the revert subcommand, the interactive session remains in the same scope.
nwamcfg:ncp:User> exit
Any time that you use the exit subcommand to end the nwamcfg interactive session, the current profile is verified and committed. If either the verification or the commit operation fails, an appropriate error message is issued, and you are given the opportunity to exit without committing the current changes. Or, you can remain in the current scope and continue making changes to the profile.
nwamcfg:ncp:User> end nwamcfg>
Example 3-1 Interactively Creating a User NCP
In the following example, a user-defined NCP and two NCUs (one link and one interface) are created.
$ nwamcfg mwamcfg> create ncp User nwamcfg:ncp:User> create ncu phys e1000g0 Created ncu `e1000g0', Walking properties ... activation-mode (manual) [manual|prioritized]> link-mac-addr> link-autopush> link-mtu> nwamcfg:ncp:User:ncu:e1000g0> commit Committed changes nwamcfg:ncp:User> create ncu ip e1000g0 Created ncu `e1000g0'. walking properties ... ip-version (ipv4,ipv6) [dhcp|static]> ipv4 ipv4-addrsrc (dhcp) [dhcp|static]> nwamcfg:ncp:User:ncu:e1000g0> verify All properties verified nwamcfg:ncp:User:ncu:e1000g0> commit Committed changes nwamcfg:ncp:User> list NCUs: phys e1000g0 ip e1000g0 nwamcfg:ncp:User> list ncu phys e1000g0 NCU:e1000g0 type link class phys parent "User" enabled true activation-mode manual nwamcfg:ncp:User> list ncu ip e1000g0 NCU:e1000g0 type interface class ip parent "User" enabled true ipv4-addrsrc dhcp ipv6-addrsrc dhcp,autoconf ip-version ipv4 nwamcfg:ncp:User> exit Nothing to commit $
In this example, because the value ipv4 is chosen, no prompt is displayed for the ipv6-addrsrc property, as this property is unused. Likewise, for the phys NCU, the default value (manual activation) for the priority-group property is accepted, so no other conditionally related properties are applied.
Example 3-2 Creating an NCU for an Existing User-Defined NCP
To create an NCU for an existing NCP or to modify the properties of any existing profile, use the nwamcfg command with the select subcommand.
In the following example, an IP NCU is created for an existing user-defined NCP. The process of modifying an existing profile in interactive mode is similar to creating a profile. The difference between the following example and Example 3-1 is that in this example, the select subcommand is used instead of the create subcommand because the User NCP already exists.
$ nwamcfg mwamcfg> select ncp User nwamcfg:ncp:User> list NCUs: phys e1000g02 nwamcfg:ncp:User> create ncu ip e1000g0 Created ncu `e1000g0'. walking properties ... ip-version (ipv4,ipv6) [dhcp|static]> nwamcfg:ncp:User:ncu:e1000g0> end Committed changes nwamcfg:ncp:User> list NCUs: phys e1000g0 ip e1000g0 nwamcfg:ncp:User> list ncu phys e1000g0 NCU:e1000g0 type link class phys parent "User" enabled true activation-mode manual nwamcfg:ncp:User> list ncu ip e1000g0 NCU:e1000g0 type interface class ip parent "User" enabled true ipv4-addrsrc dhcp ipv6-addrsrc dhcp,autoconf ip-version ipv4 nwamcfg:ncp:User> exit Nothing to commit dabble[6]
A Locations profile contains properties that define network configuration settings that are not directly related to basic link and IP connectivity. Some examples include name service and firewall settings that are applied together, when required. At any given time, one Location profile and one NCP must be active on the system. There are system-defined locations and user-defined locations. System locations are the default that NWAM chooses under certain conditions, for example, if you did not specify a location, or if no manually activated locations are enabled, and none of the conditions of the conditionally activated locations has been met. System-defined locations have a system activation mode. User-defined locations are those that are configured to be manually or conditionally activated, according to network conditions, for example, an IP address that is obtained by a network connection.
For information about manually activating (enabling) a Location profile, see Activating and Deactivating Profiles.
You can create user-defined locations by using the nwamcfg command in either interactive mode or command-line mode. When you create a Location profile, you must set the properties for the location by specifying values that define the particular configuration parameters for that location. Location properties are categorized by group, where the group signifies a particular class of configuration preferences.
Location properties are also stored by NWAM in a repository. When a particular Location profile is activated, NWAM autoconfigures the network, based on the properties that are set for that location. Creating or modifying user-defined locations involves setting the various properties that define how the profile is configured, which in turn, determines how NWAM autoconfigures your network. The properties that you are presented with during the configuration process are those that make the most sense, based on the choices that you made previously.
The following table describes all of the location properties that can be specified. Note that location properties are categorized by group. For a complete description of all of the location properties, including any rules, conditions, and dependencies that might apply when you specify any of these properties, see the nwamcfg(1M) man page.
Table 3-1 Location Properties and Their Descriptions
|
The following procedure describes how to create a Location profile.
Tip - The walk process that NWAM performs during an initial profile creation only prompts you for those properties that make sense, given the values that you entered previously. Also, the verify subcommand checks to make sure your configuration is correct. If any required values are missing, you are notified. Note that you can use the verify subcommand explicitly when you creating or modifying a profile configuration or implicitly by using the commit subcommand to save your changes.
$ nwamcfg
nwamcfg> create loc office nwamcfg:loc:office
In the previous example, the location office is created.
where loc is the profile type and office is the profile name.
Creating the location automatically moves you to into the profile scope for this location.
For example, the following output displays the properties for the location office:
nwamcfg:loc:office> list LOC:office enabled false nameservices dns dns-nameservice-configsrc dhcp nameservices-config-file "/etc/nsswitch.dns" activation-mode conditional-any conditions "ncu ip:wpi0 is active" ipfilter-config-file "/export/home/test/wifi.ipf.conf"
In the following example, the configuration for the location office is verified:
nwamcfg:loc:office> verify All properties verified
nwamcfg:object-type:office> commit Committed changes
Note - In interactive mode, changes are not saved to persistent storage until you commit them. When you use the commit subcommand, the entire profile is committed. To maintain the consistency of persistent storage, the commit operation also includes a verification step. If the verification fails, the commit also fails. If an implicit commit fails, you are given the option of ending or exiting the interactive session without committing the current changes. Or, you can remain in the current scope and continue making changes to the profile.
nwamcfg:loc:office> end Committed changes
The cancel subcommand ends the current profile configuration without committing the current changes to persistent storage, then moves the interactive session up one level to the next higher scope.
nwamcfg> exit
Example 3-3 Interactively Creating a Location Profile
In the following example, a location named office is created.
$ nwamcfg nwamcfg> create loc office Created loc 'office'. Walking properties ... activation-mode (manual) [manual|conditional-any|conditional-all]> conditional-any conditions> ncu ip:wpi0 is active nameservices (dns) [dns|files|nis|ldap]> nameservices-config-file ("/etc/nsswitch.dns")> dns-nameservice-configsrc (dhcp) [manual|dhcp]> nfsv4-domain> ipfilter-config-file> /export/home/test/wifi.ipf.conf ipfilter-v6-config-file> ipnat-config-file> ippool-config-file> ike-config-file> ipsecpolicy-config-file> nwamcfg:loc:office> list LOC:office enabled false nameservices dns dns-nameservice-configsrc dhcp nameservices-config-file "/etc/nsswitch.dns" activation-mode conditional-any conditions "ncu ip:wpi0 is active" ipfilter-config-file "/export/home/test/wifi.ipf.conf" nwamcfg:loc:office> verify All properties verified nwamcfg:loc:office> commit Committed changes nwamcfg> list NCPs: User Automatic Locations: Automatic NoNet Legacy test-loc WLANs: sunwifi ibahn gogoinflight admiralsclub hhonors sjcfreewifi nwamcfg> exit Nothing to commit dabble[14]
In this example, the following properties were specified for the office location:
The activation-mode property was set to conditional-any, which resulted in a command prompt that enabled the conditions for activation to be specified.
The condition for activation was specified as: ncu ip:wpi0 is active.
Note - The conditions property was required because the conditional-any property was specified in the previous step. If, for example, the manual property had been specified, the conditions property would not be required.
The following default values were accepted by pressing Return:
nameservices
nameservices-config-file
dns-nameservice-configsrc
nfsv4-domain
For the ipfilter-config-file property, the /export/home/test/wifi.ipf.conf file was specified.
The following default values were accepted by pressing Return:
ipfilter-v6-config-file
ipnat-config-file
ippool-config-file
ike-config-file
ipsecpolicy-config-file
The list subcommand was used to view the properties of the Location profile.
The verify subcommand was used to perform a verification of the configuration.
The commit subcommand was used to commit the changes to persistent storage.
The list subcommand was used again to ensure that the new location was created correctly and that it contains the correct information.
The exit subcommand was used to exit the nwamcfg interactive session.
For instructions on which values can be specified for these properties, see the nwamcfg(1M) man page.
ENMs pertain to the configuration of applications that are external to NWAM, for example, a VPN application. These applications can create and modify network configuration. ENMs can also be defined as services or applications that directly modify network configuration when they are activated or deactivated. You can configure NWAM to activate and deactivate ENMs under conditions that you specify. Unlike an NCP or a Location profile, where only one of each profile type can be active on a system at any given time, multiple ENMs can potentially be active on a system at the same time. The ENMs that are active on a system at any given time do not necessarily depend on the NCP or Location profile that is also active on the system at the same time.
You can create an ENM by using the nwamcfg command in either interactive mode or command-line mode.
Note - NWAM does not automatically recognize an application for which you might create an ENM. These applications must first be installed and then configured on your system before you can use the nwamcfg command-line utility to create an ENM for them.
To create an ENM, type the following command:
$ nwamcfg create enm object-name
The process of creating the ENM results in an nwamcfg interactive prompt that is in the profile scope for the newly created ENM. From here, you can set properties for the ENM that dictate when and how the ENM is activated, as well as other conditions, including the ENM's start and stop method.
For further instructions on specifying ENM properties, see the nwamcfg(1M) man page.
The following table describes the properties that you might specify when creating or modifying an ENM.
|
Example 3-4 Interactively Creating an ENM Profile
In the following example, an ENM named test-enm is created in interactive mode.
$ nwamcfg nwamcfg> create enm test-enm Created enm 'testenm'. Walking properties ... activation-mode (manual) [manual|conditional-any|conditional-all]> fmri> svc:/application/test-app:default start> stop> nwamcfg:enm:test-enm> list ENM:test-enm activation-mode manual enabled false fmri "svc:/application/test-enm:default" nwamcfg:enm:test-enm> verify All properties verified nwamcfg:enm:test-enm> end Committed changes nwamcfg> list NCPs: User Automatic Locations: Automatic NoNet Legacy test-loc ENMs: test-enm WLANs: sunwifi ibahn gogoinflight admiralsclub hhonors sjcfreewifi nwamcfg> end $
In this example an ENM named test-enm was created with the following property values:
The default value (manual) for the activation-mode property was accepted by pressing the Return key.
The SMF FMRI property "svc:/application/test-enm:default" was specified as the method to use for activating and deactivating the application.
Note that because an FMRI was specified, the start and stop method properties were bypassed.
The list subcommand was used to view the properties of the ENM.
The verify subcommand was used to ensure that the profile configuration is correct.
The end subcommand was used to implicitly save the configuration.
The send subcommand was used again to end the interactive session.
NWAM maintains a system-wide list of known WLANs. WLANs are configuration objects that contain history and configuration information for the wireless networks that you connect to from your system. This list is used to determine the order in which NWAM attempts to connect to available wireless networks. If a wireless network that exists in the Known WLAN list is available, NWAM automatically connects to that network. If two or more known networks are available, NWAM connects to the wireless network that has the highest priority (lowest number). Any new wireless network that NWAM connects to is added to the top of the Known WLAN list and becomes the new highest priority wireless network.
You can create WLANs by using the nwamcfg command in either interactive mode or command-line mode. For detailed instructions on how to interactively create a profile, see Creating Profiles.
To create a WLAN object by using the nwamcfg command-line utility, you would type the following command:
$ nwamcfg create wlan object-name
The process of creating a WLAN object results in an nwamcfg interactive prompt that is in the profile scope for the newly created WLAN. From here, you can set properties for the WLAN that define its configuration.
The following table describes the properties that you might specify when creating or modifying WLANs.
|
Example 3-5 Creating a WLAN
In the following example, a WLAN object named mywifi is created.
This example assumes that a secure object for the key that is specified by the keyname property, has been created prior to adding the WLAN.
The priority number can change as other WLANs are added or removed. Note that no two WLANs can be assigned the same priority number. Lower numbers indicate a higher priority, in terms of which WLANs are preferred. In this example, the WLAN is assigned the priority number 100 to ensure that it has a lower priority than any other known WLANs.
When the list subcommand is used at the end of the procedure, the new WLAN is added to the bottom of the list, indicating that it has the lowest priority of all the existing known WLANs. If the WLAN was assigned a priority number of zero (0), which is the default, it would have been displayed at the top of the list, indicating the highest priority. Subsequently, the priority of all other existing WLANs would have shifted down in priority and would have been displayed in the list after the newly added WLAN.
$ nwamcfg nwamcfg> create wlan mywifi Created wlan 'mywifi'. Walking properties ... priority (0)> 100 bssids> keyname> mywifi-key keyslot> security-mode [none|wep|wpa]> wpa nwamcfg:wlan:mywifi> list WLAN:mywifi priority 100 keyname "mywifi-key" security-mode wpa nwamcfg:wlan:mywifi> verify All properties verified nwamcfg:wlan:mywifi> end Committed changes nwamcfg> list NCPs: User Automatic Locations: Automatic NoNet Legacy test-loc ENMs: test-enm WLANs: sunwifi ibahn gogoinflight admiralsclub hhonors sjcfreewifi mywifi nwamcfg> exit Nothing to commit