Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Network Interfaces and Network Virtualization Oracle Solaris 11 Express 11/10 |
2. NWAM Configuration and Administration (Overview)
3. NWAM Profile Configuration (Tasks)
4. NWAM Profile Administration (Tasks)
5. About the NWAM Graphical User Interface
Part II Administering Single Interfaces
6. Overview of the Networking Stack
7. Datalink Configuration and Administration
8. Configuring an IP Interface
About IP Interface Configuration
IP Interface Configuration (Tasks)
SPARC: How to Ensure That the MAC Address of an Interface Is Unique
How to Configure an IP Interface
How to Set the Property of an IP Address
Administering Protocol Properties
How to Restrict a Port's Access to root User Only
How to Implement Symmetric Routing on Multihomed Hosts
Monitoring IP Interfaces and Addresses
How to Obtain Information About Network Interfaces
Comparison Tables: ipadm Command and Other Networking Commands
ifconfig Command Options and ipadm Command Options
ndd Command Options and ipadm Command Options
9. Configuring Wireless Interface Communications on Oracle Solaris
Part III Administering Interface Groups
11. Administering Link Aggregations
Part IV Network Virtualization and Resource Management
15. Introducing Network Virtualization and Resource Control (Overview)
16. Planning for Network Virtualization and Resource Control
17. Configuring Virtual Networks (Tasks)
18. Using Link Protection in Virtualized Environments
19. Managing Network Resources
The ipadm command performs the same functionalities as the ifconfig command and will eventually replace the ifconfig command for all IP interface-related tasks. For an overview of the ipadm command and its benefits, see The ipadm Command.
Note - Typically, IP interface configuration and datalink configuration occur together. Thus, where applicable, procedures that follow include datalink configuration steps with the use of the dladm command. For more information about using the dladm command to configure and administer datalinks, see Chapter 7, Datalink Configuration and Administration.
The following procedure provides an example of performing a basic configuration of an IP interface.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# dladm show-phys
This command shows the physical network cards that are installed on your system and some of their properties. For more information about this command, see How to Display Information About Physical Attributes of Datalinks.
# dladm show-link
This command shows the datalinks and certain properties that have been set for them, including the physical cards over which the links have been created.
For example, if the IP interface over the link is created, then remove the interface.
If a datalink is in use, then STATE field in the output of the dladm show-link will indicate that the link is up.
# dladm show-link LINK CLASS MTU STATE BRIDGE OVER bge0 phys 1500 up -- --
If the datalink is in use, then the IP interface over that link will be included in the output of the ipadm show-if syntax.
# ipadm show-if IFNAME STATE CURRENT PERSISTENT lo0 ok -m-v-----46 --- bge0 down bm-------46 -46
Note - Even if the output displays a down status, the datalink is still in use because an IP interface exists over the link.
# ipadm delete-if interface
where interface specifies the IP interface that is created over the link.
# dladm rename-link old-linkname new-linkname
Refers to the current name of the datalink. When a NIC is installed for the first time, by default, the NIC's link name is hardware-based, such as bge0.
Refers to the name that you want to assign to the datalink. For rules for assigning link names, refer to Rules for Valid Link Names.
Note - Although this step is optional, assigning a customized name to a link offers certain advantages. For more information, see Working With Flexible Link Names.
The following syntax assigns a static address to an interface. Refer to the ipadm(1M) man page for other options for assigning IP addresses.
# ipadm create-addr -T address-type -a address/prefixlen addrobj
Specifies the type of IP address that is assigned to the interface, which is one of the following: static, dhcp, or addrconf. Addrconf refers to automatically generated IPv6 addresses.
Specifies the IP address to configure on the interface. You can specify either just a local address, or both a local address and a remote address in the case of tunnel configuration. Typically, you assign only a local address. In this case, you specify the address directly with the -a option, such as: -a address. The address is automatically considered a local address.
If you are configuring tunnels, you might be required to provide both the local address of the system and the remote address of the destination system. In this case, you must specify local and remote to distinguish the two addresses, as follows: -a local=local-addr,remote=remote-addr. For more information about configuring tunnels, see Chapter 7, Configuring IP Tunnels, in System Administration Guide: IP Services.
If you are using a numeric IP address, use the format address/prefixlen for addresses in CIDR notation, for example, 1.2.3.4/24. See the explanation for the prefixlen option.
Optionally, you can specify a host name for address instead of a numeric IP address. Using a host name is valid if a corresponding numeric IP address is defined for that host name in the /etc/hosts file. If no numeric IP address is defined in the file, then the numeric value is uniquely obtained by using the resolver order that is specified for hosts or ipnodes in the /etc/nsswitch.conf. If multiple entries exist for a given host name, then an error is generated.
Note - During the boot process, the creation of IP addresses precedes naming services being brought online. Therefore you must ensure that any host name that is used in the network configuration must be defined in the /etc/hosts file.
Specifies the length of the network ID that is part of the IPv4 address when you use CIDR notation. In the address 12.34.56.78/24, 24 is the prefixlen. If you do not include prefixlen, then the netmask is computed according to the sequence listed for netmasks in the /etc/nsswitch.conf file or by using classful address semantics.
Specifies an identifier for the unique IP address or set of addresses that is used in the system. The addresses can be either IPv4 or IPv6 types. The identifier uses the format interface/user_specified_string.
The interface refers to the IP interface to which the address is assigned. The interface variable must reflect the name of the datalink on which the IP interface is configured.
user-specified-string refers to a string of alphanumeric characters that begins with an alphabet letter and has a maximum length of 32 characters. Subsequently, you can refer to the addrobj instead of the numeric IP address when you use any ipadm subcommand that manages addresses in the system, such as ipadm show-addr, or ipadm delete-addr.
You can use the following commands, depending on the information that you want to check:
Display the general status of the interface.
# ipadm show-if [interface]
If you do not specify the interface, then information for all interfaces in the system is displayed.
Display the interface's address information.
# ipadm show-addr [addrobj]
If you do not specify the addrobj, then information for all address objects in the system is displayed.
For more information about the output of the ipadm show-* subcommand, see Monitoring IP Interfaces and Addresses.
The entries in this file consist of IP addresses and the corresponding host names.
Note - This step applies only if you are configuring static IP addresses that use hostnames. If you are configuring DHCP addresses, you do not need to update the /etc/hosts file.
Additionally, all configuration by the ipadm command is persistent, provided the -t option is not used. Therefore, the /etc/hostname.interface is no longer required.
Example 8-1 Configuring a Network Interface With a Static Address
# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE bge3 Ethernet up 100Mb full bge3 # dladm show-link LINK CLASS MTU STATE BRIDGE OVER bge3 phys 1500 up -- -- # ipadm delete-if bge3 # dladm rename-link bge3 subitops1 # ipadm create-addr -T static -a 192.168.84.3/24 subitops1/v4static # ipadm show-if IFNAME STATE CUTTENT PERSISTENT lo0 ok -m-v-----46 --- subitops1 ok bm-------46 -46 # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/? static ok 127.0.0.1/8 subitops1/v4 static ok 192.168.84.3/24 # vi /etc/hosts # Internet host table # 127.0.0.1 localhost 10.0.0.14 myhost 192.168.84.3 campus01
Note that if campus01 is already defined in the /etc/hosts file, you can use that host name when assigning the following address:
# ipadm create-addr -T static -a campus01 subitops1/v4static
Example 8-2 Automatically Configuring a Network Interface With an IP Address
This example uses the same network device as the previous example but configures the IP interface to receive its address from a DHCP server.
# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE bge3 Ethernet up 100Mb full bge3 # dladm show-link LINK CLASS MTU STATE BRIDGE OVER bge3 phys 1500 up -- -- # ipadm delete-if bge3 # dladm rename-link bge3 subitops1 # ipadm create-addr -T dhcp subitops1/dhcp # ipadm show-if IFNAME STATE CUTTENT PERSISTENT lo0 ok -m-v-----4- --- subitops1 ok bm-------4- -46 # ipadm show-addr subitops1/dhcp ADDROBJ TYPE STATE ADDR subitops1/dhcp dhcp ok 10.8.48.242/24 # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/? static ok 127.0.0.1/8 subitops1/dhcp dhcp ok 10.8.48.242/24
The ipadm command enables you to set address–specific properties after these addresses are assigned to interfaces. By setting these properties, you can determine the following:
The prefixlen of an address.
Whether an IP address can be used as a source address for outbound packets.
Whether the address belongs to a global or non–global zone.
Whether the address is a private address.
To list the properties of an IP address, use the following syntax:
# ipadm show-addrprop [-p property] [addrobj]
The information that is displayed depends on the options that you use.
If you do not specify a property nor an address object, then all properties of all existing addresses are displayed.
If you specify only the property, then that property for all the addresses is displayed.
If you specify only the address object, then all the properties of that address object are displayed.
Note - You can only set address properties one at a time.
This procedure shows the general steps to configure a property for an IP address.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# ipadm show-addr
# ipadm show-addrprop -p property addrobj
If you do not know the property, you can issue a general ipadm show-addrprop command. When you display IP addresses with this command, the addresses are displayed with the current settings of all their properties.
# ipadm set-addrprop -p property=value addrobj
# ipadm show-addrprop -p property addrobj
Example 8-3 Setting the prefixlen Property of an Address
The prefixlen property refers to the netmask of an IP address. The following example changes the length of the prefixlen property of subitops1's IP address. In this example, the -t option is used to create only a temporary change in the property. If the system is rebooted, the property's value reverts to the default setting.
# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/? static ok 127.0.0.1/8 subitops1/v4 static ok 192.168.84.3/24 # ipadm show-addrprop -p prefixlen subitops/v4 ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE subitops1/v4 prefixlen rw 24 24 24 1-30,32 # ipadm set-addrprop -t -p prefixlen=8 subitops/v4 # ipadm show-addrprop -p prefixlen subitops/v4 ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE subitops1/v4 prefixlen rw 8 24 24 1-30,32
IP interfaces, like datalinks, have properties that you can customize for your specific network setting. For each interface, two sets of properties exist that apply to IPv4 and IPv6 protocols, respectively. Some properties, such as MTU, are common to both datalinks and the IP interface. Thus, you can have one MTU setting for a datalink and a different MTU setting for the interface configured over that link. Further, you can have different MTU settings that apply to IPv4 and IPv6 packets, respectively, that traverse that IP interface.
IP forwarding is an IP interface property that is typically configured in networking scenarios. The following procedure shows the steps.
In a network, a host can receive data packets that are destined for another host system. By enabling packet forwarding in the receiving local system, that system can forward the data packet to the destination host. By default, IP forwarding is disabled. The following two procedures describe how to enable this functionality. In previous Oracle Solaris releases, the routeadm command was used to enable packet forwarding. The ipadm syntax in this procedure replaces the routeadm command.
Consider the following to determine whether to use the interface–based or protocol–based procedure.
If you want to be selective in how packets are forwarded, then you enable packet forwarding on the interface. For example, you might have a system that has multiple NICs. Some NICs are connected to the external network, while other NICs are connected to the private network. You would therefore enable packet forwarding only on some of the interfaces, rather than on all interfaces. See How to Enable IP Packet Forwarding by Setting an Interface Property.
If you want to implement packet forwarding globally within the system, then you enable the forwarding property of the protocol. For this second method, see How to Enable Packet Forwarding by Setting the Protocol Property.
Note - The two methods of forwarding packets are not mutually exclusive. For example, you can enable packet forwarding globally, and then customize the forwarding property for each interface. Thus, packet forwarding can still be selective for that particular system.
This procedure shows how to enable packet forwarding selectively by configuring the IP forwarding property on specific interfaces.
Note - Packet forwarding involves the IP protocol. Thus, distinguishing between IP protocol versions is also included in the steps.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# ipadm show-ifprop -p forwarding [-m protocol-version] interface
where protocol-version can either be ipv4 or ipv6. If you do not specify the version, then the settings for both IPv4 and IPv6 protocols are displayed.
Note - To display all the valid protocol properties of a given interface, do not specify a property, as follows:
# ipadm show-ifprop interface
This syntax is also shown in Example 8-4.
# ipadm set-ifprop forwarding=on -m protocol-version interface
# ipadm show-ifprop -p forwarding interface
# ipadm reset-ifprop -p forwarding -m protocol-version interface
Example 8-4 Enabling an Interface to Forward Only IPv4 Packets
The following example shows how to implement selective packet forwarding, where forwarding of IPv4 packets is enabled only in the net0 interface. In the other remaining interfaces of the system, packet forwarding is disabled, which is the default setting.
# ipadm show-ifprop -p forwarding net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 forwarding ipv4 rw off off off on,off net0 forwarding ipv6 rw off -- off on,off
The ipadm show-ifprop command syntax that uses the -p property option provides information only about a specific property.
# ipadm set-ifprop -p forwarding=on -m ipv4 net0 # ipadm show-ifprop net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE ... net0 forwarding ipv4 rw on on off on,off ...
The ipadm show-ifprop command syntax without the -p property option displays all the properties of an interface and their corresponding settings.
# ipadm reset-ifprop -p forwarding -m ipv4 net0 # ipadm show-ifprop -p forwarding -m ipv4 net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 forwarding ipv4 rw off off off on,off
The ipadm reset-ifprop command syntax resets the specified property to the default setting.
This procedure shows how to enable packet forwarding globally in the system.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# ipadm show-prop -p forwarding protocol-version
where protocol-version can either be ipv4 or ipv6.
Note - To display all the valid tunable properties for a given protocol and their current settings, type the following command:
# ipadm show-prop protocol
where protocol can be ip, ipv4, ipv6, udp, tcp, icmp, and sctp.
This syntax is shown in Example 8-5.
# ipadm set-prop forwarding=on protocol-version
To display all the properties and current settings of a protocol, type the following:
# ipadm show-prop protocol
To display a specific property of a protocol, type the following:
# ipadm show-prop -p property protocol
To display a specific property of a specific protocol version, type the following:
# ipadm show-prop -p property protocol-version
# ipadm reset-prop -p property protocol-version
Example 8-5 Enabling Forwarding for IPv4 and IPv6 Packets
The following example parallels the previous example about forwarding packets on interfaces. The two uses of ipadm show-prop display the settings of a specified property or all the properties of a protocol and their corresponding settings.
# ipadm show-prop -p forwarding ip PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv4 forwarding rw off -- off on,off ipv6 forwarding rw off -- off on,off # # ipadm set-prop -p forwarding=on ipv4 # ipadm set-prop -p forwarding=on ipv6 # # ipadm show-prop ip PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv4 forwarding rw on on off on,off ipv4 ttl rw 255 -- 255 1-255 ipv6 forwarding rw on on off on,off ipv6 hoplimit rw 255 -- 255 1-255#