JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Network Interfaces and Network Virtualization     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Overview of the Networking Stack

Network Configuration in This Oracle Solaris Release

The Network Stack in Oracle Solaris

Network Devices and Datalink Names

Administration of Other Link Types

Part I Network Auto-Magic

2.  Introduction to NWAM

3.  NWAM Configuration and Administration (Overview)

Overview of NWAM Configuration

What Are Network Profiles?

Description of an NCP

Description of an NCU

Description of the Automatic and User-Defined NCPs

Description of a Location Profile

Description of an ENM

About Known WLANs

NWAM Configuration Data

NCU Property Values

Property Values of System-Defined Locations

How NWAM Profiles Are Activated

NCP Activation Policy

Example of an NCP Policy

NCU Activation Properties

Location Activation Selection Criteria

Configuring Profiles by Using the netcfg Command

netcfg Interactive Mode

netcfg Command-Line Mode

netcfg Command-File Mode

netcfg Supported Subcommands

Administering Profiles by Using the netadm Command

Overview of the NWAM Daemons

Description of the NWAM Policy Engine Daemon (nwamd)

Description of the NWAM Repository Daemon (netcfgd)

SMF Network Services

Overview of NWAM Security

Authorizations and Profiles That Are Related to NWAM

Authorizations That Are Required to Use the NWAM User Interfaces

4.  NWAM Profile Configuration (Tasks)

5.  NWAM Profile Administration (Tasks)

6.  About the NWAM Graphical User Interface

Part II Datalink and Interface Configuration

7.  Using Datalink and Interface Configuration Commands on Profiles

8.  Datalink Configuration and Administration

9.  Configuring an IP Interface

10.  Configuring Wireless Interface Communications on Oracle Solaris

11.  Administering Bridges

12.  Administering Link Aggregations

13.  Administering VLANs

14.  Introducing IPMP

15.  Administering IPMP

16.  Exchanging Network Connectivity Information With LLDP

Part III Network Virtualization and Resource Management

17.  Introducing Network Virtualization and Resource Control (Overview)

18.  Planning for Network Virtualization and Resource Control

19.  Configuring Virtual Networks (Tasks)

20.  Using Link Protection in Virtualized Environments

21.  Managing Network Resources

22.  Monitoring Network Traffic and Resource Usage



Overview of NWAM Security

Security for NWAM is designed to encompass the following components:

The netcfgd daemon controls the repository where all of the network configuration information is stored. The netcfg command, the NWAM GUI, and the nwamd daemon all send requests to the netcfgd daemon to access the repository. These functional components make requests through the NWAM library, libnwam.

The nwamd daemon is the policy engine that receives system events, configures the network, and reads network configuration information. The NWAM GUI and the netcfg command are configuration tools that can be used to view and modify the network configuration. These components are also used to refresh the NWAM service when a new configuration needs to be applied to the system.

Authorizations and Profiles That Are Related to NWAM

The current NWAM implementation uses the following authorizations to perform specific tasks:

These authorizations are registered in the auth_attr database. For more information, see the auth_attr(4) man page.

Two security profiles are provided: Network Autoconf User and Network Autoconf Admin. The User profile has read, select, and wlan authorizations. The Admin profile adds the write authorization. The Network Autoconf User profile is assigned to the Console User profile. Therefore, by default, anyone who logged in to the console can view, enable, and disable profiles. Because the Console User is not assigned the authorization, this user cannot create or modify NCPs, NCUs, locations, or ENMs. However, the Console User can view, create, and modify WLANs.

Authorizations That Are Required to Use the NWAM User Interfaces

The NWAM commands, netcfg and netadm, can be used to view and enable NWAM profiles by anyone who has Console User privileges. These privileges are automatically assigned to any user who is logged in to the system from /dev/console.

To modify NWAM profiles by using the netcfg command, you need the authorization or the Network Autoconf Admin profile.

You can determine the privileges that are associated with a rights profile by using the profiles command with the profile name. For more information, see the profiles(1)man page.

For example, to determine privileges that are associated with the Console User rights profile, use the following command.

$ profiles -p "Console User" info
Found profile in files repository.
    name=Console User
    desc=Manage System as the Console User
    profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management,
    Network Autoconf User,Desktop Removable Media User

The NWAM GUI includes the following three components, which are not privileged. These components are granted authorizations, depending on how they are started and the tasks they need to perform:

You can obtain additional authorizations in one of the following ways: