You must also be assigned the Network Management rights profile to run the dladm command. The root role has all of these rights.
For more information, see Assigning Rights to Non-Root Users to Manage Zones in Creating and Using Oracle Solaris Zones.
Using zonecfg, enable iov on a selected anet.
$ zonecfg -z kernel-zone zonecfg:kernel-zone> set lower-link=network-interface zonecfg:kernel-zone> select anet id=id-number zonecfg:kernel-zone:anet> set lower-link=network-interface zonecfg:kernel-zone:anet> set iov=iov-value zonecfg:kernel-zone:anet> end zonecfg:kernel-zone exit
The following example demonstrates enabling the iov property on an anet belonging to the kernel zone kzone1.
global$ zonecfg -z kzone1 zonecfg:kzone1> select anet id=0 zonecfg:kzone1:anet> set lower-link=net1 zonecfg:kzone1:anet> set iov=auto zonecfg:kzone1:anet> end zonecfg:kzone1> exit
$ zonecfg -z kernel-zone info anet id=id-number
For example, on the system global and the anet 0 of kernel zone kzone1:
$ zonecfg -z kzone1 info anet id=0 anet: lower-link: net1 allowed-address not specified configure-allowed-address: true ... iov: auto lro: auto id: 0
$ dladm show-linkprop -p iov network-interface
For example, on the system global and the network interface net1:
global$ dladm show-linkprop -p iov net1 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE net1 iov rw on on auto auto,on,off
$ zoneadm -z kernel-zone boot
For example, to boot the kernel zone kzone1 on the system global:
global$ zoneadm -z kzone1 boot
$ zlogin kernel-zone kernel-zone# dladm show-phys
For example:
global$ zlogin kzone1 kzone1# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet down 0 unknown ixgbevf0
The following example shows the iov value on anet 0. The value is set to off, the default value.
global$ zonecfg -z kzone1 zonecfg:kzone1> select anet id=0 zonecfg:kzone1:anet> info anet: lower-link: net1 allowed-address not specified configure-allowed-address: true ... iov: off lro: auto id: 0 zonecfg:kzone1:anet> end zonecfg:kzone1> exitExample 12 Configuring iov and VLAN Tagging on an anet
This example shows how to explicitly set a VLAN ID to enable VLAN tagging on an anet, which allows untagged and potentially malicious frames to be dropped.
global$ zonecfg -z kzone1 zonecfg:kzone1> select anet id=0 zonecfg:kzone1:anet> set iov=auto zonecfg:kzone1:anet> set vlan-id=11 zonecfg:kzone1:anet> end zonecfg:kzone1> exit