ipadm
ipadm create-ip [-t] IP-interface ipadm delete-ip IP-interface
ipadm create-vni [-t] VNI-interface ipadm delete-vni VNI-interface
ipadm create-ipmp [-t] [
-i interface,[...]...] IPMP-interface
ipadm delete-ipmp [-f] IPMP-interface
ipadm add-ipmp [-t] -i
interface,[...] [-i interface,[...]...]
IPMP-interface
ipadm remove-ipmp [-t] -i
interface,[...] [-i interface,[...]...]
IPMP-interface
ipadm show-if [[-p] -o field[,...]] [interface] ipadm disable-if -t interface ipadm enable-if -t interface
ipadm set-ifprop [-t] -m
protocol -p prop=
value[,...] interface
ipadm reset-ifprop [-t] -m
protocol -p prop
interface
ipadm show-ifprop [[-c] -o
field[,...]] [-p prop,...]
[-m protocol] [interface
]
ipadm create-addr [-t] [
-T static] [-d]
-a {local|remote}=addr[/
prefixlen],... addrobj | interface
ipadm create-addr [-t] -T dhcp [
-w seconds | forever]
[-h hostname] addrobj
| interface
ipadm create-addr [-t] -T addrconf [
-i {local|remote}=interface-id]
[-p {stateful|stateless}={yes|no},..] addrobj
| interface
ipadm create-addr [-t] -T vrrp [-a local=addr[/prefixlen]]
[-n routername].... addrobj | interface
ipadm delete-addr [-r]
addrobj
ipadm show-addr [[-p] -o
field[,...]] [-d]
[addrobj | interface/ |
interface]
ipadm up-addr [-t] addrobj
ipadm down-addr [-t] addrobj
ipadm refresh-addr [-i] addrobj
ipadm disable-addr -t addrobj
ipadm enable-addr -t addrobj
ipadm set-addrprop [-t]
-p prop=value[,...] addrobj
ipadm reset-addrprop [-t] -p prop=
value[,...] addrobj
ipadm show-addrprop [[-c] -o
field[,...]] [-p prop[,...]]
[addrobj | interface]
ipadm set-prop [-t] -p prop= value[,...] protocol ipadm reset-prop [-t] -p prop protocol ipadm show-prop [[-c] -o field[,...]] [-p prop[,...] protocol | protocol]
ipadm help [subcommand-name]
The ipadm command provides a set of subcommands that can be used to:
create and delete interfaces of interface classes ip, ipmp, and vni
modify interface properties
display interface configuration
create and delete addresses
modify address properties
display address configuration
modify TCP/IP properties
display TCP/IP properties
Note that ipadm is used to manage network configuration manually. The netadm(1M) DefaultFixed NCP should be enabled for these manual configurations. Many of the ipadm subcommands are not functional if the DefaultFixed NCP is not enabled. The ipadm subcommands that do not function unless the DefaultFixed NCP is enabled are:
create-ip, delete-ip, create-vni . delete-vni, create-ipmp, delete-ipmp, add-ipmp, remove-ipmp, disable-if, enable-if set-ifprop, reset-ifprop, create-addr, down-addr, up-addr, disable-addr, enable-addr, refresh-addr, delete-addr, set-addrprop, reset-addrprop
The following subcommands still continue to function when the DefaultFixed NCP is not enabled:
show-if, show-ifprop, refresh-addr , show-addr, show-addrprop, set-prop, reset-prop, show-prop
Refer to netadm(1M) for more information on how to list and enable NCPs.
The various operands to ipadm subcommands are described in the “Operands” section, which follows “Subcommands”.
All of the configuration that is managed by ipadm is part of a Network Configuration Profile (NCP). Any number of NCPs may be defined on a system, but there will always be one active NCP. Changes made using the ipadm command will be applied to the currently active NCP.
There is one exception: congestion control settings are NOT NCP-specific; they are global, and will be unaffected if the active NCP is changed.
NCPs may be 'fixed' or 'reactive'. There is one fixed NCP, called DefaultFixed. This NCP will have all of its configuration applied immediately upon activation, and the system will not make any changes, regardless of the success or failure of any part of the configuration.
There may be any number of reactive NCPs; the system defines one reactive NCP, named 'Automatic'. The user may define additional reactive NCPs using netcfg(1M). Refer to that man page and netadm(1M) for more information about NCPs in general and the Automatic NCP in particular. Reactive NCPs will be applied based on additional policy rules that are part of th profile, and the system configuration may be changed automatically in response to changes in the network conditions, based on the NCP's policy rules.
The ipadm command with no subcommands displays a concise summary of interface and address configuration on the system. The output contains all the interfaces (ip, loopback, vni, and ipmp) configured on the system along with the addresses configured on these interfaces. See EXAMPLES, below, for more information.
The following subcommands require solaris.network.interface.config authorization and PRIV_SYS_IP_CONFIG privilege.
create-ip create-addr delete-ip up-addr create-vni down-addr delete-vni refresh-addr create-ipmp disable-addr delete-ipmp enable-addr add-ipmp set-addrprop remove-ipmp reset-addrprop disable-if set-prop enable-if reset-prop set-ifprop reset-ifprop
In addition to the authorization and privilege specified above, the ipadm subcommands create-ip, create-vni, create-ipmp, and enable-if need PRIV_NET_RAWACCESS privilege.
The following subcommands are supported:
Create an IP interface that handles both IPv4 and IPv6 packets. The address of the IPv4 interface will be set to 0.0.0.0 and the address of the IPv6 interface will be set to ::. This subcommand, by default, causes the information to persist, so that on the next reboot this interface will be instantiated.
An interface is implicitly enabled for IPv4 and IPv6 when it is created. See the disable-if and enable-if subcommands below, to disable or enable an interface.
Note that lo0 is a special interface, called the loopback interface. It is a virtual IP interface and is not associated with any physical hardware. It is one of the first IP interfaces to be created on the system, with IPv4 address of 127.0.0.1 and IPv6 address of ::/128.
Specifies that the operation is temporary and must not persist. The operation affects only the active configuration.
Deletes the IP interface from active configuration. All addresses configured on the interface will be torn down. Further, all the persistent information related to the interface will be removed from the persistent data store and, for this reason, interface will not be instantiated upon reboot. To disable an interface from active configuration (rather than delete the interface), use the disable-if subcommand.
Create a VNI interface that handles both IPv4 and IPv6 packets. The address of the IPv4 interface will be set to 0.0.0.0 and the address of the IPv6 interface will be set to ::. This subcommand, by default, causes the information to persist, so that on the next reboot this interface will be instantiated.
The interface is implicitly enabled for IPv4 and IPv6 when it is created. See the disable-if and enable-if subcommands below, to disable or enable an interface.
Note that vni is a special interface, in that it is a virtual interface and does not have any hardware associated with it. See vni(7d).
Specifies that the operation is temporary and must not persist. The operation affects only the active configuration.
Deletes the VNI interface from active configuration. All addresses configured on the interface will be torn down. Further, all the persistent information related to the IP interface will be removed from the persistent data store and, for this reason, interface will not be instantiated upon reboot. To disable the interface from active configuration (rather than delete the interface), use the disable-if subcommand.
Create a IPMP interface that handles both IPv4 and IPv6 packets. The address of the IPv4 interface will be set to 0.0.0.0 and the address of the IPv6 interface will be set to ::. This subcommand, by default, causes the information to persist, so that on the next reboot this interface will be instantiated.
The interface is implicitly enabled for IPv4 and IPv6 when it is created. See the disable-if and enable-if subcommands below, to disable or enable an IPMP interface.
Specifies that the operation is temporary and must not persist. The operation affects only the active configuration.
A comma-separated list of interfaces to be added as underlying interfaces to the IPMP interface. The specified interfaces must exist in the active configuration to be successfully added to the IPMP group and must not be present in any other IPMP group. More than one –i option is allowed. The command returns with partial success if the IPMP interface was created but none of the given underlying interfaces were added successfully.
Deletes the IPMP interface from active configuration. All addresses configured on the interface will be torn down. The command fails if the IPMP interface has any underlying interfaces, unless the –f option is specified. Further, all the persistent information related to the IPMP interface will be removed from the persistent data store and, for this reason, interface will not be instantiated upon reboot. To disable the interface from active configuration only (rather than delete the interface), use the disable-if subcommand.
If the IPMP interface has any underlying interfaces, specifying this option removes all the underlying interfaces from the group first, before deleting the IPMP interface.
Adds one or more underlying IP interfaces to the given IPMP interface.
Specifies that the operation is temporary and must not persist. The operation affects only the active configuration.
A comma-separated list of interfaces to be added as underlying interfaces to the IPMP interface. The specified interfaces must exist in the active configuration to be successfully added to the IPMP group and must not be present in any other IPMP group. The command returns with partial success if at least one interface was added and adding the remaining interfaces failed. More than one –i option is allowed.
Removes one or more underlying IP interfaces from the IPMP interface.
Specifies that the operation is temporary and must not persist. The operation affects only the active configuration.
A comma-separated list of underlying interfaces to be removed from the IPMP interface. The specified interfaces must already be underlying interfaces for the given IPMP group. More than one –i option is allowed. The command returns with partial success if at least one interface was removed and removing the remaining interfaces failed.
Show network interface configuration information, either for all the network interfaces configured on the system, including the ones that are only in the persistent configuration, or for the specified network interface.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each network interface, the following fields can be displayed:
The name of the IP interface.
Indicates one of the following:
An interface that is plumbed over an underlying datalink.
An IPMP interface that is created over one or more underlying IP interfaces.
A loopback interface.
A virtual IP interface. See vni(7d).
Indicates one of the following for the displayed interface.
Indicates that the required resources for an interface are allocated. For some interfaces this also indicates that the link is up.
The interface is offline and thus cannot send or receive IP data traffic. See if_mpadm(1M).
Indicates that the datalink is down. If the interface is part of an IPMP group it could also mean that the interface has failed (that is, IFF_FAILED is set). Failed interfaces will not be used to send or receive IP data traffic. If this is set on a physical IP interface in an IPMP group, IP data traffic will continue to flow over other usable IP interfaces in the IPMP group. If this is set on an IPMP IP interface, the entire group has failed and no data traffic can be sent or received over any interfaces in that group. See in.ndpd(1M).
Indicates that the interface is administratively down, preventing any IP packets from being sent or received through it.
Indicates that the interface has been disabled from the active configuration using the disable-if subcommand.
Either yes or no, depending on whether the IP interface is being used by the system for IP data traffic.
For interface objects, in active configuration, it indicates any of the following flags.
interface supports broadcast
interface supports multicast
interface is a point-to-point link
interface is a virtual interface (for example, vni(7d), loopback), that is, the physical interface has no underlying hardware.
IPMP interface is marked standby administratively. See in.ndpd(1M).
interface is an underlying interface for an IPMP interface. See in.ndpd(1M).
Underlying interface is inactive. See in.ndpd(1M).
interface is a VRRP interface
VRRP interface is in accept mode (~IFF_NOACCEPT)
Layer-3 protection of IP addresses for the interface has been administratively enforced.
interface can handle IPv4 packets
interface can handle IPv6 packets
Note that b and p are mutually exclusive.
Specifies the configuration that will be applied when the interface object is instantiated on reboot or re-enabled using the enable-if subcommand. It can be any or all of s, l, 4, and 6 (see above). This field is not shown by default and will be shown only when all or persistent is specified with –o.
The underlying interface(s) over which the IPMP interface is created. This does not apply to other interface classes.
Display using a stable machine-parsable format. The –o option is required with this option. See “Parsable Output Format”, below.
Disables the specified interface by removing it from the active configuration. All the addresses configured on the interface will be disabled. If the interface object was created persistently to begin with, then the persistent configuration is unchanged. To re-enable this interface, one should use enable-if.
Specifies that the disable is temporary and changes apply only to the active configuration.
Enables the given interface by reading the configuration from the persistent store. All the persistent interface properties, if any, are applied and all the persistent addresses, if any, on the given interface will be enabled.
Specifies that the enable is temporary and changes apply only to the active configuration.
Modifies an interface property to the value specified by the user. If the property takes multiple values then the values should be specified with a comma as the delimiter. Only one property can be specified at a time. The properties supported on an interface and the property's possible values can be retrieved using show-ifprop subcommand. Only one property at a time can be modified.
Specifies that the changes are temporary and changes apply only to the active configuration.
Identifies whether property should be applied for IPv4 or IPv6 packets.
A property to set to the specified values.
Resets a property of the specified interface to its default value. If –t is not used, any persisted value of the property will be deleted. Only one property can be modified at a time.
Specifies that the resets are temporary and changes apply only to the active configuration.
Identifies whether the property being reset affects either IPv4 or IPv6 packets.
A property to set to the specified values.
Show the current and persistent values of one or more properties, either for all the created interfaces or for the specified interface. Several properties of interest can be retrieved at one time by providing comma-separated property names to –p option. If the –p option is not specified, all available interface properties are displayed.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each interface, the following fields can be displayed:
The name of the interface.
The name of the property.
The name of the protocol the property belongs to. The protocols currently supported are IPv4 and IPv6.
The read/write permissions of the property. The value shown will be r (read-only), w (write-only) or rw (read-and-write).
The current value of the property. For disabled interfaces, because a value is not set, it will be shown as --.
The persistent value of the property. Persistent values are the values that will be reapplied on reboot.
The default value of the property. If the property has no default value, -- is displayed.
A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be displayed as shorthand. If the possible values are unknown, ? is displayed or if they are unbounded, -- is displayed.
Display using a stable machine-parsable format. The –o option is required with this option. See “Parsable Output Format”, below.
A comma-separated list of properties to display. See the sections on interface properties following subcommand descriptions.
Displays properties matching the given protocol. Valid values are ipv4 and ipv6.
For the supported list of interface properties, see “Interface Properties” below.
Creates a static IPv4 or IPv6 address on an interface. The interface is either specified specifically as an argument or is derived from the addrobj argument. The interface on which the address is being created must already exist. The created static address will subsequently be identified by addrobj. When the command is invoked with an interface argument, then the command will automatically generate an addrobj for the address and will print the generated name to stdout.
interface/v4 interface/v6
interface/v4a interface/v6a
interface/v4b interface/v6b
. .
. .
. .
interface/v4z interface/v6z
interface/v4aa interface/v6aa
interface/v4ab interface/v4ab
. .
. .
. .
The IP address version is used in the automatic generation of names and names are made unique by increasingly appending one or more of the characters [a-z] to the v[46] prefix.
By default, a configured address will be marked up, so that it can be used as a source or destination of or for outbound and inbound packets.
All address objects are enabled when they are created. See the disable-addr and enable-addr subcommands for instructions on disabling or enabling an address object.
A persistent operation cannot be performed on a temporary object. That is, if the interface is temporarily created, then one cannot create the address object persistently.
If the interface specified in the addrobj name is an IPMP interface, a static data address is created on the IPMP interface. If the interface specifed in the addrobj name is an underlying interface for an IPMP group, a static test address is created on the underlying interface.
Specifies that the configured address is temporary and changes apply only to the active configuration.
Specifies that the configured address should be marked down , that is, the address will not be used as a source or destination of IP packets.
addr indicates a literal IP address or a hostname corresponding to the local or remote end-point (for point-to-point interfaces).
If a hostname is specified its numeric value is uniquely obtained using the entry in /etc/hosts. If no numeric IP address is defined in the file, then the numeric value is uniquely obtained using the resolver order specifed for hosts or ipnodes in nsswitch.conf(4). If there are multiple entries for a given hostname, an error will be generated. Because IP addresses are created before naming services have been brought online during the boot process, it is important that any hostname used be included in /etc/hosts.
If the prefixlen is not explicitly specified in the command-line, the netmask for the address is obtained by following the search in the order listed below:
using the order specified for netmasks in nsswitch.conf(4)
interpreting IPv4 address using Classful subnetting semantics defined in RFC 791, and interpreting IPv6 addresses using the definitions in RFC 4291.
For point-to-point interfaces, along with the address of the local end-point the address of the remote end-point must be specified (for example, –a local=laddr,remote= raddr). If prefixlen for the remote end-point is specified, an error will be returned.
Note that if the interface requires only a local address, specify it directly with the –a option as follows: –a addr[/prefixlen]. The address will automatically be considered a local address.
Creates a DHCP-controlled IPv4 address on an interface. The interface is either specified specifically as an argument or is derived from the addrobj argument. The created IPv4 address will subsequently be identified by addrobj. When the addrobj contains an underlying interface, this command creates a test address; when it contains an IPMP interface, it creates a data address.
When the command is invoked with an interface argument, then the command will automatically generate an addrobj name for the address and will print the generated name to stdout.
All the address objects are enabled when they are created. See the disable-addr and enable-addr subcommands for instructions on disabling and enabling an address object.
A persistent operation cannot be performed on a temporary object. That is, if the interface is temporarily created, one cannot create the address object persistently.
If the interface specified in the addrobj name is an IPMP interface, the address obtained through DHCP is created as a data address on the IPMP interface.
Specifies the hostname to which the client would like the DHCP server to map the client's leased IPv4 address. There is no guarantee that the DHCP server will be able to fulfill the hostname request.
Specifies that the configured address is temporary and changes apply only to the active configuration.
Specifies the amount of time, in seconds, to wait until the operation completes. If no wait interval is given, and the operation is one that cannot complete immediately, ipadm will, by default, wait 120 seconds for the requested operation to complete. Note that the default wait time is subject to change in future releases. The symbolic value forever can be used as well, with obvious meaning.
Creates an auto-configured IPv6 address on an interface. The interface is either specified specifically as an argument or is derived from the addrobj argument. The created IPv6 addresses will be identified by addrobj. When the command is invoked with an interface argument, then the command will automatically generate an addrobj name for the address and will print the generated name to stdout.
The system uses the default interface ID (for the media-type Ethernet, the Interface ID is the MAC address of the interface) to generate auto-configured addresses. This behavior can be overridden using –i option.
By default:
IPv6 addresses will be auto-configured based on prefixes advertised by routers as described in RFC 4862 and...
IPv6 addresses will be auto-configured on the specified interface using the IPv6 address offered by DHCPv6 server as described in RFC 3315. (That is, –p stateful=yes,stateless=yes is the default option.)
All the address objects are enabled when they are created. See the disable-addr and enable-addr subcommands for instructions on disabling and enabling an address object.
A persistent operation cannot be performed on a temporary object. That is, if the interface is temporarily created, then one cannot create the address object persistently.
If the interface specified in the addrobj name is an IPMP interface, the addresses obtained through IPv6 autoconfiguration are created as data addresses on the IPMP interface.
Specifies that the configured address is temporary and changes apply only to the active configuration.
Specifies the interface ID to be used for generating auto-configured addresses.
For point-to-point interfaces, the interface id of the remote end-point can be specified (for example, –i local= lid,remote=rid).
Note that if the interface requires only a local interface id, specify it directly with the –i option as follows: –i lid. The interface id will automatically be considered a local interface id.
Specifies if stateful or stateless or both methods of auto-configuration should be enabled or not.
If –p stateful=no is specified, then stateful auto-configuration based on DHCPv6–specified IPv6 addresses will not be performed.
If –p stateless=no is specified, then stateless auto-configuration based on the router-advertised prefixes will not be performed.
If –p stateful=no,stateless=no is specified, then both the methods of auto-configuration will not be performed.
With the –T addrconf option, –p stateful=yes,stateless=yes is used by default.
Creates a VRRP virtual IPv4 or IPv6 address on an interface. The interface is either specified as an argument or is derived from the addrobj argument. The interface on which the address is being created must already exist. The created vrrp address will be identified by addrobj. When the command is invoked with an interface argument, then the command will automatically generate an addrobj for the address and will print the generated name to stdout.
If no local address is specified, a IPv6 link-local vrrp IP address based on the VRID of the associated VRRP router will be configured.
By default, a configured vrrp address will be marked down, and it will be later brought up or down depends on the state of the VRRP router this vrrp address belongs to.
All address objects are enabled when they are created. See the disable-addr and enable-addr subcommands for instructions on disabling or enabling an address object.
A persistent operation cannot be performed on a temporary object. That is, if the interface is temporarily created, then one cannot create the address object persistently.
One cannot create vrrp addresses on the underlying interface for an IPMP group.
Specifies that the configured address is temporary and changes apply only to the active configuration.
addr indicates a literal IP address or a hostname.
If a hostname is specified its numeric value is uniquely obtained using the entry in /etc/hosts. If no numeric IP address is defined in the file, then the numeric value is uniquely obtained using the resolver order specifed for hosts or ipnodes in nsswitch.conf (4) . If there are multiple entries for a given hostname, an error will be generated. Because IP addresses are created before naming services have been brought online during the boot process, it is important that any hostname used be included in /etc/hosts.
If the prefixlen is not explicitly specified in the command-line, the netmask for the address is obtained by following the search in the order listed below:
Using the order specified for netmasks in nsswitch.conf (4)
Interpreting IPv4 address using Classful subnetting semantics defined in RFC 791, and interpreting IPv6 addresses using the definitions in RFC 4291.
Specifies the VRRP router name this vrrp address is created for. For l2 type VRRP router, 'routername' is optional as the VRRP router name can be directly derived from the interface (VRRP VNIC) this address is created on. But it will be validated if specified. For l3 type VRRP router, this option is mandatory.
Deletes all the addresses identified by addrobj on the interface specified in the addrobj. It also removes these addresses from the persistent data-store; thus, these addresses will not be instantiated on reboot.
If the address object is a DHCP-controlled address, delete-addr removes the address from the system without notifying the DHCP server, and records the current lease for later use.
If the addrobj is a DHCP-controlled address, this option brings about the relinquishing of the DHCP-controlled IP addresses on the interface by notifying the server and the discarding of the current lease.
Show address information, either for the given addrobj or all the address objects configured on the specified interface, including the address objects that are only in the persistent configuration.
Display using a stable machine-parsable format. The –o option is required with this option. See “Parsable Output Format”, below.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each interface, the following fields can be displayed:
The name of the address object.
Type of the address object. It will be one of: from-gz, static, dhcp, or addrconf. The static, dhcp, and addrconf types correspond to the type of the address object specified by the –T option of create-addr. The from-gz type will only be displayed in non-global zones, and indicates that the address was configured based on the allowed-address property configured for the non-global exclusive-IP zone from the global zone.
State of the address object. This field is shown only when all is specified with –o. This indicates one of the following values:
Address is not part of the active configuration (see disable-addr and disable-if).
Address is administratively down (see down-addr).
Address was found to conflict with another system's IP address by duplicate address detection (DAD) and cannot be used until the conflict is resolved. The system will periodically rerun DAD to determine if the conflict has been resolved. Alternatively, refresh-addr can be used to immediately rerun DAD.
Address cannot be used because the IP interface it is configured on has failed.
Address is enabled, up, and functioning properly. The system will accept IP packets destined to this address, and will originate IP packets with this address in accordance with the configured IP source address selection policy.
Address is currently undergoing duplicate address detection (for example, as part of up-addr or refresh-addr).
For address objects in active configuration, it indicates any of the following flags. This field is not shown by default and will be shown only when all or current is specified with –o.
Will not be used as source address for outbound packets unless either there are no other addresses available on the interface or the application has explicitly bound to this address.
Address not advertised by the routing daemon.
Temporary IPv6 address as defined in RFC 3041.
Address is marked up for use as a source/destination of outbound/inbound packets.
Address matches the local address of some other link in the system.
Specifies the configuration that will be applied when the address object is instantiated on reboot or re-enabled using the enable-addr subcommand. It can be any or all of U, p, and d (see above).
Numeric IPv4 or IPv6 address. In the case of point-to- point interfaces, the addresses of both the endpoints, are displayed (laddr -->raddr). For an address object of type dhcp, if the state of the address object is disabled , or if the address is 0.0.0.0 for IPv4 or :: for IPv6, then a question mark (?) is displayed.
The type of the Client ID used by the dhcpagent(1M), if the address is being obtained using DHCP. For IPv4, this shows the type of the DUID used in constructing the RFC 4361 Client ID. The type is one of DUID-LLT, DUID-EN, DUID-LL, other, or default. This field is not shown in the default output. It can be shown using –d or using cid-type or all with –o.
Type 1 RFC 3315 DUID is used in constructing CID-VALUE (for example, 1,1,63463777,0a:0b:0c:0d:0e:0f). Refer to the RFC for more details.
Type 2 RFC 3315 DUID is used in constructing CID-VALUE (for example, 1,1,63463777,0a:0b:0c:0d:0e:0f). Refer to the RFC for more details.
Type 3 RFC 3315 DUID is used in constructing CID-VALUE (for example, 1,1,63463777,0a:0b:0c:0d:0e:0f). Refer to the RFC for more details.
An RFC 3315 DUID of a Type in {0,4-65535} is used to derive the Client ID (for example, 4,0x734633) or the CID-VALUE is a raw Client ID (for example, Sun, 0xab3146 ) that does not conform to RFC 3315.
Indicates that the RFC 3315 DUID is not being used to construct the Client ID. Instead, Client ID is derived using the MAC address of the interface as per RFC 2132. CID-VALUE will contain the string 0x01 followed by the MAC address hex string. This is applicable only for IPv4.
Value of the Client ID used by the dhcpagent(1M), if the address is being obtained using DHCP. Format used follows that of the configuration parameter CLIENT_ID in file /etc/default/dhcpagent. Refer to the description of CLIENT_ID in dhcpagent(1M). When the CID-TYPE is default, the CID-VALUE contains the legacy CLIENT-ID, constructed as per RFC 2132. This field is not shown in the default output. It can be shown using –d or using cid-type or all with –o.
The time at which the lease began, if one is available, for the addresses obtained using DHCP. The time is displayed in the format dictated by the LC_TIME locale environment variable. For addresses not configured using DHCP or for DHCP addresses that do not have a lease yet, -- (two hyphens) will be displayed. This field is not shown in the default output. It can be shown using –d or using cid-type or all with –o.
The time at which the lease expires, if one is available, for the addresses obtained using DHCP. The time is displayed in the format dictated by the LC_TIME locale environment variable. For addresses not configured using DHCP or for DHCP addresses that do not have a lease yet, -- (two hyphens) will be displayed. This field is not shown in the default output. It can be shown using –d or using cid-type or all with –o.
The time at which the lease was last renewed for the addresses obtained using DHCP. The time is displayed in the format dictated by the LC_TIME locale environment variable. For addresses not configured using DHCP or for DHCP addresses that do not have a lease yet, -- (two hyphens) will be displayed. This field is not shown in the default output. It can be shown using –d or using cid-type or all with –o.
The name of the VRRP router that is associated with the vrrp type IP addresses, if it is known. Note that for a vrrp type IP address of a L2 type VRRP router, as the VRRP router can be later derived from the VNIC that the IP address resides on, it is possible that the VRRP router does not exist yet. A question mark (?) will be shown in that case. For IP addresses of other types other than vrrp type, the "VRRP-ROUTER" field does not apply and a double hyphen (--) will be shown.
Display the dhcp status fields for addresses acquired using DHCP. The fields displayed are ADDROBJ, STATE, ADDR, CID-TYPE, CID-VALUE , BEGIN, EXPIRE, and RENEW . This option displays only the human-readable output and cannot be used in conjunction with –p.
The address identified by addrobj is marked down, so that it cannot be used as a source/destination of outbound/inbound packets. This command has no effect if the address object was already marked down prior to the down-addr invocation. If the address object is of type addrconf, the command returns an error.
Specifies that the configured address is temporary and changes apply only to the active configuration. This option is mandatory if the address object type is dhcp.
The address identified by addrobj is marked up, so that it can be used as a source/destination of outbound/inbound packets. This subcommand has no effect if the address object has been marked down by the system because it is a duplicate address, or if the address was marked up prior to the up-addr invocation. If the address object is of type addrconf, the command returns an error.
Specifies that the configured address is temporary and changes apply only to the active configuration. This option is mandatory if the address object type is dhcp.
If the addrobj is of the type static then DAD (Duplicate Address Detection) will be restarted (if necessary) on the address identified by the address object.
If the addrobj is of the type dhcp, then the lease duration obtained on the address will be extended by the DHCP client daemon.
If the addrobj is of the type addrconf then the command returns an error.
For a specified IP address, obtains network configuration parameters from DHCP without obtaining a lease on it. This is useful in situations where an IP address is obtained through mechanisms other than DHCP.
Disables the address by removing it from the active configuration. If the address object was originally created persistently, then the persistent configuration is unchanged. To re-enable this addrobj, one should use enable-addr.
Specifies that the disabling is temporary and changes apply only to the active configuration.
Enables the given addrobj by reading the configuration from the persistent store. All the persistent address properties are applied to the address object. This subcommand requires that the interface on which the address object is being enabled be present. If the interface itself is missing in active configuration and is present in persistent store, that is, if the interface is disabled, then the user has to run enable-if before invoking enable-addr.
Specifies that the enabling is temporary and changes apply only to the active configuration.
Sets the value of a property on the addrobj specified. If the addrobj maps to several addresses, then property changes applies to all the addresses referenced by the addrobj . Only one property can be specified at a time. The properties supported on the addrobj and the property's possible values can be retrieved using show-addrprop subcommand. If the addrobj is of type addrconf, the command returns an error.
Specifies that the changes are temporary and changes apply only to the active configuration.
A property to set to the specified values.
Resets the given address property to its default value. If – t is not used, any persistent value of the property will be deleted. Only one property can be modified at a time. If the addrobj is of type addrconf, the command returns an error.
Specifies that the resets are temporary and changes apply only to the active configuration.
A property to be reset.
Show the current and persistent values of one or more properties, either for all the configured address objects or for the specified addrobj . Several properties of interest can be retrieved at one time by providing comma-separated property names to –p option. If the –p option is not specified, all available properties are displayed. If the addrobj is of type addrconf , the command returns an error.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each addrobj, the following fields can be displayed:
The name of the address object.
The name of the property.
The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read/write).
The current value of the property. For the disabled addresses, because the value is not set, the value displays as a double hyphen (--).
The persistent value of a property. Persistent values are the values that will be reapplied on reboot.
The default value of the property. If the property has no default value, double hyphen (--) is shown.
A comma-separated list of the values a property can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown, a question mark (?) is displayed or if they are unbounded, double hyphen (--) will be shown.
Display using a stable machine-parsable format. The –o option is required with this option. See “Parsable Output Format”, below.
A comma-separated list of properties to display. See the sections on address object properties following subcommand descriptions.
Modifies the value of a protocol property to the value specified. If the property takes multiple values, the values should be specified with a comma as the delimiter. Only one property can be specified at a time. By default, the value is persistent and will be reapplied on reboot. The properties supported on a protocol and the property's possible values can be retrieved using the show-prop subcommand
The following protocols are supported: ip, ipv4 , ipv6, icmp, tcp, udp and sctp.
Note that for some properties, it might be possible to set the value of the property both globally, and on a per-interface basis. The per-interface value can be set using the set-ifprop subcommand. In such cases, if the administrator chooses to customize the per-interface value of the property to be distinct from the global value, the per-interface value overrides the global setting for that interface.
Specifies that the changes to properties are temporary and changes apply only to the active configuration.
A property to set to the specified values. It also provides the following “qualifiers” to perform add and delete operations in addition to assignment.
Adds the given value to the current list of value(s).
Removes the given value from the current list of value(s).
Makes a new assignment and removes all the current value(s).
See EXAMPLES for more information on how to use the qualifiers.
Resets a property of the specified protocol to the default value of the property. If -t is not used, any persistent value of the property will be deleted. Only one property can be modified at a time.
Specifies that the resets are temporary and changes apply only to the active configuration.
A property to be reset.
Show the current and persistent values of one or more properties, either for all supported protocols or for the specified protocol. Several properties of interest can be retrieved at a time by providing comma-separated property names to –p option. If the –p option is not specified, all available properties are displayed.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each protocol, the following fields can be displayed:
The name of the protocol.
The name of the property.
The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read/write).
The current value of the property. For the disabled addresses, because the value is not set, the value displays as a double hyphen (--). If the value is unknown, it is displayed as a question mark (?). If the current value of the property is not in the set of listed POSSIBLE values, the keyword custom is displayed.
The persistent value of a property. Persistent values are the values that will be reapplied on reboot.
The default value of the property. If the property has no default value, double hyphen (--) is shown.
A comma-separated list of the values for the property setting to be used with the set-prop subcommand. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown, a question mark (?) is displayed or if they are unbounded, double hyphen (--) will be shown.
Display using a stable machine-parsable format. The –o option is required with this option. See “Parsable Output Format”, below.
A comma-separated list of properties to display. See the sections on protocol properties following subcommand descriptions.
For the supported list of properties for every protocol, see “Protocol Properties” below.
Displays all of the supported ipadm subcommands or usage for a given subcommand. If you display help for a specific subcommand, the command syntax is displayed, along with an example. Using ipadm help without any argument displays all of the subcommands.
The ipadm “show” subcommands have an – o option that displays output in a machine-parsable format. The output format is one or more lines of colon (:) delimited fields. The fields displayed are specific to the subcommand used and are listed under the entry for the – o option for a given subcommand. Output includes only those fields requested by means of the –o option, in the order requested. Note that the –o all option, which displays all the fields for a given subcommand, cannot be used with parsable output option.
When you request multiple fields, any literal colon characters are escaped by a backslash (\) before being output. Similarly, literal backslash characters are also escaped (\\). This escape format is parsable by using shell read(1) functions with the environment variable set as IFS=: Note that escaping is not done when you request only a single field.
The following protocol properties are supported:
This option defines how many gratuitous ARP messages are sent to announce local addresses.
This option defines the interval between gratuitous ARP messages which are sent to announce local addresses.
Specify the default congestion control algorithm used by the protocol when new connections are created. Applications can opt to choose a different algorithm at a later point in the connnection's lifetime. Only enabled algorithms can be set as default (see cong_enabled).
This option can be used to enable or disable congestion control algorithms. By default, all algorithms installed on the systems are enabled. Disabled algorithms cannot be set as default (see cong_default) or used by applications.
Algorithms can be added or removed using the set-prop subcommand and the modifiers + and -.
Explicit Congestion Control (see RFC 3168 for more information). Possible values are the same as above: never, passive , and active.
This option define additional privileged ports outside of the 1-1023 range. Any program that attempts to bind the ports listed here must run as root. This prevents normal users from starting server processes on specific ports.
These ports can be added, removed, or assigned using the set-prop subcommand and the modifiers +, -, and =. See EXAMPLES below on usage.
Enable/disable global IPv4 or IPv6 forwarding. All the configured interfaces will start/stop forwarding packets. Individual interfaces can override the global option using set-ifprop.
Control send/receive behavior for IP packets on a multi-homed system. The value of hostmodel can be set to strong or weak, corresponding to the equivalent end-system model definitions of RFC 1122. In addition, a third value of src-priority is also supported. In the src-priority hostmodel scenario, a packet will be accepted on any interface, as long as the packet's destination IP address is configured and marked UP on one of the host's interfaces. When transmitting a packet, if multiple routes for the IP destination in the packet are available, the system will prefer routes where the IP source address in the packet is configured on the outgoing interface. If no such route is available, the system will fall back to selecting the “best” route, as with the weak ES case.
Maximum size of the send or receive socket buffer. The current value of this property limits the maximum value of recv_buf and send_buf.
This option defines how many NDP advertisement messages are sent to announce local IPv6 addresses.
This option defines the interval between NDP advertisement messages which are sent to announce local IPv6 addresses.
Modifies the receive or send buffer sizes for the specified protocol. The maximum value of these properties is bound by the current value of the max_buf property.
Selective acknowledgment (SACK) allows recipients to selectively acknowledge out-of-sequence data and is intended to increase performance for data transfers over lossy links. See RFC 2018 for information on the SACK. Possible values and meanings:
Will neither accept SACK nor send out SACK information.
Will accept SACK but not send out.
Will both accept SACK and send out SACK information.
These options define the upper and lower bounds on ephemeral ports. Ephemeral (means short-lived) ports are used when establishing outbound network connections. Note that the current value of the smallest_anon_port should be always less than or equal to the current value of largest_anon_port .
This option define the start of non-privileged ports. The non-privileged port range normally starts at 1024. Any program that attempts to bind a non-privileged port does not have to run as root.
This option controls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages.
Specifies the value that will be set for ttl/hoplimit field of an IPv4 or IPv6 header. Can be used to prevent the system from reaching other systems more than N hops away where N was the value specified. See ipsec (7P) for IPsec related IP protocol properties.
The following interface properties are supported:
Enables/disables the use of the Address Resolution Protocol (ARP) on an interface. ARP is used in mapping between network level addresses and link level addresses. This is currently implemented for mapping between IPv4 addresses and MAC addresses. Possible values are on or off. Default is on.
Enables/disables exchanging of routing information on this interface. Possible values are on or off. Default is off.
Specifies the group name of the IPMP interface for which this interface is an underlying interface. If the interface is of class IPMP, this specifies the name of the IPMP group. It is a read-write property only on IPMP interfaces. For other interface classes, this property is read-only.
Enables/disables IP forwarding on an interface. When enabled, the IP packets can be forwarded to and from the interface. Possible values are on or off. Default is off.
Set the routing metric of the interface to n; if no value is specified, the default is 0. The routing metric is used by the routing protocol. Higher metrics have the effect of making a route less favorable. Metrics are counted as additional hops to the destination network or host.
Set the maximum transmission unit of the interface to n. For many types of networks, the MTU has an upper limit, for example, 1500 for Ethernet.
Enables/disables the neighbor unreachability detection mechanism on a point-to-point physical interface. Possible values are on or off. Default is on.
Specifies whether the interface is configured as a standby interface for an IPMP group. This property is not applicable to IPMP interfaces.
Specifies a physical or virtual interface to be used for source address selection. If the keyword none is used, then any previous selection is cleared. Default is none.
The address properties listed below are supported. Note that modifying address properties for addrconf address objects is not supported.
The address should no longer used as a source address in new communications, but packets addressed to this address are processed as expected. Possible values are on or off. Default is off. This property is not supported on an address object of type dhcp.
Specifies the number of left-most contiguous bits of the address that comprise the IPv6 prefix or IPv4 netmask of the address. The remaining low-order bits define the host part of the address. When prefixlen is converted to a text representation of the address, the address contain 1's for the bit positions that are to be used for the network part, and 0's for the host part. The prefixlen must be specified as a single decimal number. This property is not supported on an address object of type dhcp.
Specifies that the addresses should not be advertised by the in.routed routing daemon. Possible values are on or off. Default is off.
The hostname to which the client would like the DHCP server to map the client's leased IPv4. A hostname request is not guaranteed to be fulfilled.
Enables packets to be transmitted using the addresses referenced by the address object. This is the default behavior when the address is up. Possible values are on or off. Default is on.
Specifies the zone in which all the addresses referenced by the address object should be placed. The named zone must be active in the kernel in the ready or running state. The interface is unplumbed when the zone is halted or rebooted. The zone must be configured to be an shared-IP zone. zonecfg(1M) is used to assign network interface names to exclusive-IP zones. To modify the zone assignment such that it persists across reboots, please use zonecfg(1M). Possible values are the list of all the zones configured on the system. Default is global.
Each ipadm subcommand operates on one of the following objects:
An address configured on a network interface is identified by an addrobj. An addrobj consists of two parts. The first part is the name of the network interface on which the address is configured. The second part is a user-specified string that can use any of the alphanumeric characters and dash '-', and it can be maximum 32 characters in length and must begin with a letter. The dash is reserved for system use, in which case the name preceding it identifies the system component that created it. The two parts of the addrobj are delimited by a slash (/). An address object always represents a unique set of addresses in a system.
Name of the network interface on which network address is configured. In general, the name can use any alphanumeric characters, plus the underscore (_) and the period (.), but must start with an alphabetic character and end with a number.
Name of the TCP/IP Internet protocol family for which a property is to be configured. Following protocols are supported: ip, ipv4, ipv6, icmp, tcp, sctp and udp.
The following command displays a concise view of the interface and address configuration on a system.
# ipadm NAME CLASS/TYPE STATE UNDER ADDR ipmp0 ipmp degraded -- -- ipmp0/v6 static ok -- 2001:db8:1:2::4c08/128 lo0 loopback ok -- -- lo0/v4 static ok -- 127.0.0.1/8 lo0/v6 static ok -- ::1/128 net0 ip ok -- -- net0/dhcp dhcp ok -- 10.132.146.234/23 net0/v4 static ok -- 10.132.146.233/23 net1 ip failed ipmp0 -- net1/aconf addrconf ok -- fe80::214:4fff:fe58:1831/10 net2 ip ok ipmp0 -- net2/aconf addrconf ok -- fe80::214:4fff:fe58:1832/10Example 2 Creating IPv4 Static Addresses
The following command creates the address 10.2.3.4/24 on interface bge1 (linkname net1) and marks the address up, for use.
# ipadm create-ip net1 # ipadm create-addr -T static -a local=10.2.3.4/24 net1/v4static1
Alternatively automatic address object name generation can be used. The automatically generated name will be displayed to the console and can be used in any future ipadm commands requiring an address object name.
# ipadm create-ip net1 # ipadm create-addr -T static -a local=10.2.3.4/24 net1 net1/v4
The following command creates another address 10.2.3.5/24 on interface net1 but marks the address down until explicitly marked up.
# ipadm create-addr -T static -d -a 10.2.3.5/24 net1 net1/v4
Note that 10.2.3.5/24 is assumed to be the local address, because local was not used and there was only one address.
The following command marks the address object net1/v4a up that was previously marked down.
# ipadm up-addr net1/v4a
If the DUPLICATE flag was set on the address object, then refresh-addr will verify that the address is still a duplicate on the network. If it is not, the address will be marked up.
# ipadm refresh-addr net1/v4a
The following command lists the addresses that were configured. This shows that the address net1/v4a is not a duplicate.
# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::/128 net1/v4 static ok 10.2.3.4/24 net1/v4a static ok 10.2.3.10/24Example 3 Creating DHCPv4-controlled Addresses
The following command obtains a DHCPv4 address on interface bge1 (linkname net1).
# ipadm create-ip net1 # ipadm create-addr -T dhcp net1/dhaddr # ipadm show-addr net1/dhaddr ADDROBJ TYPE STATE ADDR net1/dhaddr dhcp ok 10.8.48.173/25
The following command extends the lease duration for the DHCPv4 address object net1/dhaddr.
# ipadm refresh-addr net1/dhaddrExample 4 Creating IPv6 Addresses
The following sequence of commands auto-configures IPv6 addresses on bge1 (linkname net1) using in.ndpd with the default interface ID. A link-local address is configured first, followed by in.ndpd adding the stateless and stateful auto-configured addresses.
# ipadm create-ip net1 # ipadm create-addr -T addrconf net1/v6addr
The following command creates a IPv6 static address. To be able to configure an IPv6 address that is not a link-local address, the interface should already have a link-local address configured on it. It was accomplished by the previous step with –T addrconf.
# ipadm create-addr -T static -a local=2ff0::f3ad/64 net1/v6static
The following command changes the prefix length of an IPv6 address.
# ipadm set-addrprop -p prefixlen=80 net1/v6static
All the auto-configured addresses and the updated prefix length can be viewed by listing the addresses:
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
lo0/v6 static ok ::/128
net1/v6addr addrconf ok fe80::203:baff:fe94:2f01/10
net1/v6addr addrconf ok 2002:a08:39f0:1:203:baff:\
fe94:2f00/64
net1/v6addr addrconf ok 2001:db8:1:2::402f/128
net1/v6static static ok 2ff0::f3ad/80
Example 5 Creating VRRP Addresses
The following command creates the IPv4 vrrp address 10.2.3.4/24 on the VRRP VNIC interface vrrpV4_vnic1.
# ipadm create-ip vrrpV4_vnic1 # ipadm create-addr -T vrrp -a local=10.2.3.4/24 vrrpV4_vnic1/v4vrrp1
The following command first creates a IPv6 link-local vrrp address then creates the IPv6 vrrp address 2ff0::f3ad/80 on the VRRP VNIC interface vrrpV6_vnic1:
# ipadm create-ip vrrpV6_vnic1 # ipadm create-addr -T vrrp vrrpV6_vnic1/v6vrrp1 # ipadm create-addr -T vrrp -a local=2ff0::f3ad/80 vrrpV6_vnic1/v6vrrp2
Note that the above vrrp addresses are VRRP virtual addresses for the l2 type VRRP routers, so no router name needs to be specified. On the another hand, the router name must be specified by the '–n' option for the vrrp addresses configured for l3 type VRRP routers:
The following command creates the IPv4 vrrp address 10.2.3.5/24 on the interface net1 for VRRP router vrrpV4_router1.
# ipadm create-ip net1 # ipadm create-addr -T vrrp -a local=10.2.3.5/24 -n vrrpV4_router1 \ net1/v4vrrp1
The following command first creates a IPv6 link-local vrrp address then creates the IPv6 vrrp address 2ff0::f3ad/80 on the interface net1 for VRRP router vrrpV6_router1.
# ipadm create-ip net1 # ipadm create-addr -T vrrp -n vrrpV6_router1 net1/v6vrrp1 # ipadm create-addr -T vrrp -a local=2ff0::f3ae/80 -n vrrpV6_router1 \ net1/v6vrrp2
The following command lists the addresses that were configured.
# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::/128 vrrpV4_vnic1/v4vrrp1 vrrp ok 10.2.3.4/24 net1/v4vrrp1 vrrp ok 10.2.3.5/24 vrrpV6_vnic1/v6vrrp1 vrrp ok fe80::200:5eff:fe00:20c/10 vrrpV6_vnic1/v6vrrp2 vrrp ok 2ff0::f3ad/80 net1/v4vrrp1 vrrp ok fe80::200:5eff:fe00:20e/10 net1/v6vrrp2 vrrp ok 2ff0::f3ae/80Example 6 Configuring an IPv4 Tunnel
The first command below (ipadm) creates the tunnel source address. Then, a dladm command creates the tunnel link. The final ipadm commands configure the IPv4 and IPv6 addresses on the tunnel IP interface.
# ipadm create-ip net1
# ipadm create-addr -T static -a local=10.2.3.4/24 net1/v4static
# dladm create-iptun -T ipv4 -a local=10.2.3.4,remote=10.2.3.5 tun0
# ipadm create-ip tun0
# ipadm create-addr -T static \
-a local=173.129.134.1,remote=173.129.134.2 tun0/v4tunaddr
# ipadm create-addr -T static \
-a local=2ff1::3344,remote=2ff1::3345 tun0/v6tunaddr
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
lo0/v6 static ok ::/128
net1/v4static static ok 10.2.3.4/24
tun0/v4tunaddr static ok 173.129.134.1-->173.129.134.2
tun0/v6tunaddr static ok 2ff1::3344-->2ff1::3345
Example 7 Viewing All of the Interfaces
The following command enables you to view all interfaces.
# ipadm show-if -o all IFNAME CLASS STATE ACTIVE CURRENT PERSISTENT OVER lo0 loopback ok yes -m-v------46 --46 -- net0 ip ok yes bm--------46 --46 -- e1000g0 ip ok yes bm---l----46 -l46 -- e1000g1 ip ok yes bm---l----46 -l46 -- ipmp0 ipmp down yes bm--------46 --46 e1000g0 e1000g1 tun0 ip failed no -mp-------46 --46 -- vni0 vni disabled no bm-v-------- --46 --Example 8 Displaying Interface Properties
The following command displays all interface properties for a specified interface.
# ipadm show-ifprop net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 arp ipv4 rw on -- on on,off net0 forwarding ipv4 rw off on off on,off net0 metric ipv4 rw 2 2 0 -- net0 mtu ipv4 rw 1500 -- 1500 68-1500 net0 exchange_routes ipv4 rw off -- off on,off net0 usesrc ipv4 rw none -- none -- net0 forwarding ipv6 rw off -- off on,off net0 metric ipv6 rw 2 2 0 -- net0 mtu ipv6 rw 1500 -- 1500 1280-1500 net0 nud ipv6 rw on -- on on,off net0 exchange_routes ipv6 rw off on off on,off net0 usesrc ipv6 rw none -- none -- net0 group ip rw grp0 -- -- -- net0 standby ip r- off -- off on,offExample 9 Configuring per-Interface Properties
The following command sets the IPv4 MTU of the interface net0 to 900.
# ipadm set-ifprop -m ipv4 -p mtu=900 net0
The following command sets the IPv6 MTU of the interface net0 to 1400.
# ipadm set-ifprop -m ipv6 -p mtu 1400 net0
View the results:
# ipadm show-ifprop -p mtu net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 mtu ipv4 rw 900 900 1500 68-1500 net0 mtu ipv6 rw 1400 1400 1500 1280-1500 # ipadm show-ifprop -m ipv6 -p mtu net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 mtu ipv6 rw 1400 1400 1500 1280-1500Example 10 Displaying Supported Properties
The following command displays the properties supported on TCP.
# ipadm show-prop tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
tcp ecn rw active active passive never,passive,
active
tcp extra_priv_ports rw -- 1,65535 2049,4045 1-65535
tcp largest_anon_port rw 32768 32768 65535 1024-65535
tcp sack rw active -- active never,passive,
active
tcp recv_buf rw 29567 -- 49152 2048-1073741824
tcp send_buf rw 21354 -- 49152 4096-1073741824
tcp max_buf ro 65536 -- 32768 4096-1073741824
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
Example 11 Configuring Global IPv4 Forwarding
The following command sequence configures global IPv4 forwarding and overrides that setting for interface net0.
# ipadm set-prop -p forwarding=on ipv4 # ipadm set-ifprop -p forwarding=off -m ipv4 net0 # ipadm show-prop -p forwarding ipv4 PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv4 forwarding rw on on off on,off # show-ifprop -p forwarding -m ipv4 net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 forwarding ipv4 rw off off off on,offExample 12 Using Qualifiers in set-prop Subcommand
The following command sequence uses the plus and minus (+, –) qualifiers to add 1047, 1048, and 1049 as extra privileged ports for TCP.
# ipadm set-prop -p extra_priv_ports=1047 tcp # ipadm set-prop -p extra_priv_ports+=1048 tcp # ipadm set-prop -p extra_priv_ports+=1049 tcp # ipadm set-prop -p extra_priv_ports+=1050 tcp
The following command deletes 1048 as extra privileged port.
# ipadm set-prop -p extra_priv_ports-=1048
The following command displays all the extra privileged ports for TCP.
# ipadm show-prop -p extra_priv_ports tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 extra_priv_ports rw 1047,1049, 1047,1049, 2049,4045 1-65535
1050 1050
Example 13 Enabling and Disabling Objects
The following command sequences enables and disables interface and address objects and display the results of those actions.
# ipadm create-ip net1 # ipadm create-addr -T static -a local=10.2.3.4/24 net1/v4static # ipadm set-addrprop -p private=yes net1/v4static # ipadm show-addr net1/v4static ADDROBJ TYPE STATE ADDR net1/v4static static ok 10.2.3.4/24
The following command disables the address object net1/v4static.
# ipadm disable-addr -t net1/v4static # ipadm show-addr net1/v4static ADDROBJ TYPE STATE ADDR net1/v4static static ok 10.2.3.4/24
The following command disables the interface object net1.
# ipadm disable-if -t net1 # ipadm show-if net1 -o all IFNAME CLASS STATE ACTIVE CURRENT PERSISTENT OVER net1 ip disabled no bm---------- --46 --
The following command enables the interface object from the persistent configuration.
# ipadm enable-if -t net1 # ipadm show-if net1 -o all IFNAME CLASS STATE ACTIVE CURRENT PERSISTENT OVER net1 ip ok yes bm--------46 --46 -- # ipadm show-addr net1/v4static ADDROBJ TYPE STATE ADDR net1/v4static static ok 10.2.3.4/24
Note that when the interface object is enabled all the address objects configured on that interface are enabled also.
The following command creates persistent configuration for the net0 interface in a non-global exclusive-IP zone so that the net0 interface will be configured with the set of addresses made available through the allowed-address resource from the global zone on the next reboot.
# ipadm create-ip net0
The net0 interface can also be configured with the available set of allowed-address values in the non-global exclusive-IP zone without a reboot by executing the following commands:
# ipadm disable-if -t net0 # ipadm enable-if -t net0Example 14 Creating IPMP Interfaces
The following command sequence creates an IPMP interface and adds underlying interfaces to it.
# ipadm create-ip e1000g0 # ipadm create-ip e1000g1 # ipadm create-ip e1000g2 # ipadm set-ifprop -p standby=on -m ip e1000g2 # ipadm create-ipmp testgroup0 # ipadm add-ipmp -i e1000g0 -i e1000g1 -i e1000g2 testgroup0 # ipadm create-addr -T static -a local=192.168.80.5/24 testgroup0/data1 # ipadm create-addr -T static -a local=192.168.80.6/24 testgroup0/data2 # ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -- net0 ip ok yes -- e1000g0 ip ok yes -- e1000g1 ip ok yes -- ipmp0 ipmp ok yes e1000g0 e1000g1
The following command sequence disables and subsequently enables the IPMP interface.
# ipadm disable-if -t testgroup0 ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -- net0 ip ok yes -- e1000g0 ip disabled no -- e1000g1 ip disabled no -- ipmp0 ipmp disabled no e1000g0 e1000g1 # ipadm enable-if -t testgroup0
The following command sequence removes underlying interface from the IPMP interface and then deletes the IPMP interface.
ipadm remove-ipmp -i e1000g0 -i e1000g1 testgroup0 ipadm delete-ipmp testgroup0Example 15 Displaying Help
The following command illustrates the use of the help subcommand without any arguments.
# ipadm help
The following subcommands are supported:
Address subcommands : create-addr, delete-addr, disable-addr,
down-addr, enable-addr, refresh-addr,
reset-addrprop, set-addrprop, show-addr,
show-addrprop, up-addr
Interface subcommands : disable-if, enable-if, reset-ifprop,
set-ifprop, show-if, show-ifprop
IP interface subcommands : create-ip, delete-ip
IPMP interface subcommands : add-ipmp, create-ipmp, delete-ipmp,
remove-ipmp
Protocol property subcommands : reset-prop, set-prop, show-prop
VNI interface subcommands : create-vni, delete-vni
For more info, run: ipadm help subcommand
The following command illustrates the use of the help subcommand with a subcommand argument.
# ipadm help create-ipmp
usage:
create-ipmp [-t] [-i under-interface[,...]]
... IPMP-interface
example:
# ipadm create-ipmp -i net0,net1 ipmp0
See attributes(5) for descriptions of the following attributes:
|
read(1), arp(1M), cfgadm(1M), dhcpagent(1M), dladm(1M), if_mpadm(1M), ifconfig(1M), in.ndpd(1M), in.mpathd(1M), ndd(1M), netadm(1M), netcfg(1M), zonecfg(1M), nsswitch.conf (4), attributes (5), dhcp(5) , vni(7d)
Oracle Solaris Tunable Parameters Reference Manual
Postel, J., RFC 791, Internet Protocol - DARPA Internet Program Protocol Specification, Information Sciences Institute, University of Southern California, September 1981.
Hinden, R. and S. Deering, IP Version 6 Addressing Architecture, RFC 4291, February 2006.
Thomson, S., Narten, T., and T. Jinmei, IPv6 Stateless Address AutoConfiguration, RFC 4862, September 2007.
Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, Dynamic Host Configuration Protocol for IPv6 (DHCPv6), RFC 3315, July 2003.
Narten, T., Draves, R., and S. Krishnan, Privacy Extensions for Stateless Address AutoConfiguration in IPv6, RFC 4941, September 2007.
S. Routhier, Ed., Management Information Base for the Internet Protocol (IP), RFC 4293, April 2006
Braden, R., RFC 1122, Requirements for Internet Hosts - Communication Layers, Information Sciences Institute, University of Southern California, October 1989.