dladm - administer data links
dladm
dladm show-link [–PZ] [[–p] –o field[,...]] [–z zone[,...]] [link] dladm rename-link [–R root-dir ] link new-link
dladm delete-phys phys-link dladm show-phys [–PZ] [–Lmv] [[–p] –o field[,...]] [–H] [–z zone[,...]] [[–D [dcb-feature]] [–lr]] [–G] [phys-link]
dladm create-aggr [–t] [–R root-dir] [–m mode ] [–P policy ] [–L lacpmode] [–T time] [–u address] –l ether-link1 [–l ether-link2...] aggr-link dladm modify-aggr [–t] [–R root-dir] [–P policy ] [–L lacpmode] [–T time] [–u address] aggr-link dladm delete-aggr [–t] [–R root-dir] aggr-link dladm add-aggr [–t] [–R root-dir] –l ether-link1 [–l ether-link2...] aggr-link dladm remove-aggr [–t] [–R root-dir] –l ether-link1 [–l ether-link2...] aggr-link dladm show-aggr [–PLxZSCv] [[–p ] –o field[,...]] [–z zone[,...]] [aggr-link]
dladm create-bridge [–P protect] [–R root-dir ] [–p priority] [–m max-age] [–h hello-time] [–d forward-delay ] [–f force-protocol ] [–l link ...] bridge-name dladm modify-bridge [–P protect ] [–R root-dir ] [–p priority] [–m max-age] [–h hello-time] [–d forward-delay ] [–f force-protocol ] bridge-name dladm delete-bridge [–R root-dir ] bridge-name dladm add-bridge [–R root-dir ] –l link [–l link...] bridge-name dladm remove-bridge [–R root-dir ] –l link [–l link ...] bridge-name dladm show-bridge [–flt] [[–p] –o field,...] [bridge-name]
dladm create-vlan [–ft] [–R root-dir] –l ether-link –v vid[,pvlan-svid[,pvlan-type]] [vlan-link] dladm modify-vlan [–t] [–R root-dir] [–l ether-link] [–v vid[,pvlan-svid[,pvlan-type]] [–f]] {vlan-link,[vlan-link,...] | –L ether-link} dladm delete-vlan [–t] [–R root-dir] vlan-link dladm show-vlan [–PZ] [[–p] –o field[,...]] [–z zone[,...]] [vlan-link]
dladm create-wlan [–R root-dir] [–p prop=value[,...]] <wlan-name> dladm delete-wlan [–R root-dir] <wlan-name> dladm set-wlan [–R root-dir] –p prop=value[,...] <wlan-name> dladm reset-wlan [–R root-dir] –p prop=value[,...] <wlan-name> dladm show-wlan [[–p] [–o field[,...]] [wlan-name]
dladm scan-wifi [[–p] –o field[,...]] [wifi-link] dladm connect-wifi [–e essid ] [–i bssid ] [–k key,...] [–s none | wpa ] [–a open | shared] [–b bss | ibss] [–c] [–m a | b | g | n ] [–T time ] [–w] [wifi-link] dladm disconnect-wifi [–a] [–d] [wifi-link ] dladm show-wifi [–Z] [[–p] –o field[,...]] [–z zone[,...]] [wifi-link]
dladm show-ether [–xZ] [[–p ] –o field[,...]] [–z zone[,...]] [–P protocol] [ether-link ]
dladm set-linkprop [–t] [–R root-dir] –p prop=value[,...] link dladm reset-linkprop [–t] [–R root-dir] [–p prop[,...]] link dladm show-linkprop [–HPZ] [[–c] –o field[,...]] [–p prop[,...]] [–z zone[,...]] [ link]
dladm create-secobj [–t] [–R root-dir] [–f file] –c class secobj dladm delete-secobj [–t] [–R root-dir] secobj[,...] dladm show-secobj [–P] [[–p] –o field[,...]] [secobj,...]
dladm create-vnic [–t] [–f] –l link [–R root-dir] [–m value | auto | {factory [–n slot-identifier]} | {vrrp –A {inet | inet6} –V vrid} | {random [–r prefix]}] [–v vlan-id][,pvlan-svid[,pvlan-type]] [–P pkey] [–p prop=value[,...]] vnic-link dladm create-vnic –t –c <evsname>[/<vportname>] [–T <tenant>] <vnic-link> dladm modify-vnic [–t] [–R root-dir] [–l link] [–m value | auto | {factory [–n slot-identifier]} | {vrrp –A {inet | inet6} –V vrid} | {random [–r prefix]}] [–v vlan-id[,pvlan-svid[,pvlan-type]]] {vnic-link,[vnic-link,...] | –L link} dladm delete-vnic [–t] [–R root-dir] vnic-link dladm show-vnic [–P | {–z zone[,..]}] [[–p] –o field[,..]] [–l link] [vnic-link] dladm show-vnic [–Zmv] [–l link] [vnic-link]
dladm create-etherstub [–t] [–R root-dir] etherstub dladm delete-etherstub [–t] [–R root-dir] etherstub dladm show-etherstub [–Z] [–z zone[,...]] [etherstub]
dladm create-iptun [–t] [–R root-dir] –T type [–a {local|remote}=addr,...] iptun-link dladm modify-iptun [–t] [–R root-dir] –a {local|remote}=addr,... iptun-link dladm delete-iptun [–t] [–R root-dir] iptun-link dladm show-iptun [–PZ] [[–p] –o field[,...]] [–z zone[,...]] [iptun-link]
dladm create-part [–t] [–f ] –l ib-link [–R root-dir] –P pkey [–p prop=value[,...]] part-link dladm delete-part [–t] [–R root-dir] part-link dladm show-part [–pP] [–o field[,...]] [–l ib-link] [ part-link]
dladm create-eoib [–t] [–R root-dir] –l ib-link –g gw-system-name –c gw-eth-port eoib-link dladm delete-eoib [–t] [–R root-dir] eoib-link dladm show-eoib [–PZ] [–g gw-system-name] [–l ib-link] [[–p ] –o field[,...]] [–z zone [,...]] [eoib-link] dladm show-ib [–pP] [–o field[,...]] [ib-link]
dladm create-vxlan [–t] [–R root-dir] –p vni=<vxlan-id>,addr=<ip_address>[,prop=value[,...]] vxlan-link dladm create-vxlan [–t] [–R root-dir] –p vni=<vxlan-id>,interface=<interface_name>[,prop=value[,...]] vxlan-link dladm show-vxlan [–pP] [–o field[,...]] [vxlan-link] dladm delete-vxlan [–t] [–R root-dir] vxlan-link
dladm create-cap [–t] [–R root-dir] cap-link dladm show-cap [–pP] [–o field[,...]] [cap-link] dladm delete-cap [–t] [–R root-dir] cap-link
dladm create-veth [–t] [–p {<prop>=<val>[,...]}[,...]] –r peer_veth_endpoint veth_endpoint dladm show-veth [–P] [veth_endpoint | peer_veth_endpoint] dladm delete-veth [–t] {veth_endpoint | peer_veth_endpoint}
dladm help [subcommand-name]
The dladm command is used to administer data-links. A data-link is represented in the system as a STREAMS DLPI (v2) interface which can be plumbed under protocol stacks such as TCP/IP. Each data-link relies on either a single network device or an aggregation of devices to send packets to or receive packets from a network.
Datalink configuration can also be specified at install time through the System Configuration profiles. For more information, on System Configuration profiles, see datalink-management(5) for details.
Each dladm subcommand operates on one of the following objects:
A datalink, identified by a name. The name can be at most 30 characters, and must start with an alphabetic character and end with a number between 0 and 4294967294 inclusive (leading zeroes are not permitted). The rest of the name can use any combination of alphanumeric characters, along with '.' and '_'. In addition, datalink names may also contain the special delimiter characters '/' and '-', as described below.
When viewed from the global zone, datalinks inside a zone will have a prefix (identifying the zone), followed by a '/' and the traditional datalink name. Thus, datalink "net0" inside zone "myzone" will appear as "myzone/net0" when viewed from the global zone. This ensures that the datalink names are always unique.
Datalinks automatically created to support a particular feature will contain a prefix identifying the feature followed by a '-' and a traditional datalink name (for example, ldoms-vsw1.port2). This ensures that such datalinks will not have naming conflicts. Accordingly, dladm cannot be used to create datalinks that contain '-'. The following are some of the prefixes that have been assigned:
Datalinks connected to service processors.
Datalinks used by LDOMs guest domains.
Datalinks used by L2 VRRP virtual routers.
Some subcommands operate only on certain types or classes of datalinks. For those cases, the following object names are used:
An aggregation datalink (or a key; see NOTES).
An Ethernet-over-InfiniBand (EoIB) datalink.
A physical Ethernet datalink.
An IP tunnel link.
An InfiniBand (IB) partition data link.
A physical datalink.
A VLAN datalink.
A virtual Ethernet datalink.
A virtual network interface created on a link or an etherstub. It is a pseudo device that can be treated as if it were an network interface card on a machine.
A WiFi datalink.
A bridge instance, identified by an administratively-chosen name. The name may use any alphanumeric characters or the underscore, _, but must start and end with an alphabetic character. A bridge name can be at most 31 characters. The name default is reserved, as are all names starting with SUNW.
Note that appending a zero (0) to a bridge name produces a valid link name, used for observability.
Also note that the bridge-related subcommands, described with dladm subcommands below, require installation of the pkg://solaris/network/bridging package.
A network device, identified by concatenation of a driver name and an instance number.
An Ethernet stub can be used instead of a physical NIC to create VNICs. VNICs created on an etherstub will appear to be connected through a virtual switch, allowing complete virtual networks to be built without physical hardware.
An IB partition link created on a IB physical link.
A secure object, identified by an administratively-chosen name. The name can use any alphanumeric characters, as well as underscore (_), period (.), and hyphen (–). A secure object name can be at most 32 characters.
Veth (Virtual Ethernet datalink) come in pairs and are always connected to form a full-duplex point-to-point link. The packets transmitted on one end will be received on the other end and vice-versa. They can be thought of as a physical cable with a NIC on each end.
A Known WLAN object, identified by the ESSID of a WiFi network. Known WLANs are a prioritized list that can be used by connect-wifi subcommand to automatically pick a WiFi network to connect to, if none is specified.
dladm is implemented as a set of subcommands with corresponding options. Options are described in the context of each subcommand. Many of the subcommands have the following as a common option:
Specifies an alternate root directory where the operation-such as creation, deletion, or renaming-should apply.
dladm also supports a command form with no arguments. When invoked this way, dladm displays basic configuration information for all datalinks on a system. See EXAMPLES.
The following subcommands are supported:
Show link configuration information either for all datalinks or for the specified link. By default, the system is configured with one datalink for each known network device. The option to print link statistics is moved to dlstat(8).
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without – o), show-link displays all fields.
The name of the datalink.
The current zone of the datalink.
The class of the datalink. dladm distinguishes between the following classes:
Link Aggregation either as Datalink Multipathing (dlmp) or IEEE 802.3ad trunk. The show-aggr subcommand displays more details for this class of datalink.
A bridge instance, identified by an administratively-chosen name.
An EoIB interface. The show-eoib subcommand displays more detail for this class of datalink.
Instance of an etherstub. An Ethernet stub can be used instead of a physical NIC to create VNICs. VNICs created on an etherstub will appear to be connected through a virtual switch, allowing complete virtual networks to be built without physical hardware.
An instance of an IP tunnel link.
An IP-over-IB interface. The show-part subcommand displays more detail for this class of datalink.
A physical datalink. The show-phys subcommand displays more detail for this class of datalink.
A VLAN datalink. The show-vlan subcommand displays more detail for this class of datalink.
A virtual network interface. The show-vnic subcommand displays more detail for this class of datalink.
The maximum transmission unit size for the datalink being displayed.
The virtual link state of the datalink. The state can be up, down, or unknown. When a NIC is carved up into multiple virtual NICs (VNICs), then a virtual switch is created internally to allow the VNICs and the primary datalink to communicate as long as they are on the same VLAN. These datalinks can talk to each other, even if the physical datalink has no connection with the external network. This forms the virtual link state of the datalink.
For IPoIB vnics, if the link is down, use show-ib subcommand to check the underlying port status and configured pkeys, and the show-linkprop subcommand to check the broadcast-group property.
The name of the bridge to which this link is assigned, if any.
The physical datalink(s) over which the datalink is operating. This applies to aggr, bridge, eoib, vlan and part classes of datalinks. A VLAN, IB partition, or EoIB datalink is created over a single physical datalink, a bridge has multiple attached links, and an aggregation is comprised of one or more physical datalinks.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display the persistent link configuration.
Display ZONE column in the output.
Display links from the specified zones. By default, dladm displays links in all the zones when it is run from the global zone. The links in other zones are displayed with the corresponding zonename as its prefix, followed by the slash (/) separator. For example, zone1/net0
When run from a non-global zone, this subcommand displays only links from that zone. A non-global zone cannot see links in other zones.
Rename link to new-link. This is used to give a link a meaningful name, or to associate existing link configuration such as link properties of a removed device with a new device. See the EXAMPLES section for specific examples of how this subcommand is used.
See “Options,” above.
This command is used to delete the persistent configuration of a link associated with physical hardware which has been removed from the system.
Layer 3 components such as ip interfaces should be deleted manually using the ipadm delete commands. See the EXAMPLES section.
dladm show-phys [–PZ] [–Lmv] [[–p] –o field[,...]] [–H] [–z zone[,...]] [[–D [dcb-feature]] [–lr]] [–G] [phys-link]
Show the physical device and attributes of all physical links, or of the named physical link. Without –P, only physical links that are available on the running system are displayed.
Show DCB (Data Center Bridging)-related configuration information on the phys-link. Supported dcb-features include ets (Enhanced Transmission Selection, IEEE 802.1Qaz) and pfc (Priority-based Flow Control, IEEE 802.1Qbb). The output for dcb-feature is unstable.
Output from –D ets displays the following elements for ETS DCB feature:
The name of the datalink.
802.1p priority value.
The effective ETS BW as a percentage for the CoS (802.1p priority) value.
The effective ETS BW as a percentage for the CoS (802.1p priority) value on the peer.
Indicates the source for ETSBW_LCL_EFFECT value. This could be either local (configured) or remote (recommended) value.
MAC clients that are using the CoS value.
For ETS DCB feature, this shows additional local information:
The configured ETS BW as a percentage for the CoS (802.1p priority) value.
The effective ETS BW as a percentage for the CoS (802.1p priority) value.
The ETS BW as a percentage for the CoS (802.1p priority) value that is recommended by the peer.
For ETS DCB feature, this shows additional remote information:
The effective ETS BW as a percentage for the CoS (802.1p priority) value on the peer.
The ETS BW as a percentage for the CoS (802.1p priority) value that is recommended to the peer.
Output from –D pfc displays the LINK, COS, and CLIENTS fields, just the same as the –D ets output. In addition, –D pfc displays the following elements specifically for PFC DCB feature:
If the configured PFC is enabled for the CoS (802.1p priority) value.
If the effective PFC is enabled for the CoS (802.1p priority) value.
Show hardware resource usage, as returned by the NIC driver. Output from –H displays the following elements:
The name of the datalink.
The type of the ring, either RX or TX.
The ring index. A ring is an hardware resource, which typically maps to a DMA channel, that can be programmed for specific use. For example, an RX ring can be programmed to receive only packets belonging to a specific MAC address.
MAC clients that are using the rings.
Display location information for the physical devices/links. Output is in location order — that is, onboard devices before expansion slots — and location information (for example, PCIexp Slot 2, MB) is supplied where available. Output from –L supports the following elements:
A physical device corresponding to a NIC driver.
The name of the physical device under this link.
Physical location description string (where available).
Display the list of factory MAC addresses, their slot identifiers, and their availability.
Display the list of VLAN IDs or PKEYS, their availability, and which client is using them.
The VLAN ID (PKEYS) supported on this Ethernet (IPoIB) device.
Whether the VLAN ID (PKEYS) is in use or not.
The list of clients who are using this VLAN ID (PKEYS).
The VLAN ID supported on this physical device. For IPoIB device, the output will show --.
The PKEYS supported on this physical device. For Ethernet device, the output will show --.
Display SR-IOV information for a physical link. The output shows:
The physical link name.
The number of VFs available on this physical link.
The number of VFs in use by this physical link.
The only possible flag is l, which stands for LDOMs-managed. If this flag is set, dladm will not be able to create VF VNICs on this physical link.
Display hardware ring group resource information for a physical link. Both transmit and receive hardware rings are DMA channels and can be exposed by device drivers. Rings are associated with ring groups. Receive ring groups are associated with one or more MAC addresses, and all network traffic matching any of the MAC addresses associated with a receive group must be delivered by the NIC through one of the rings of that group. The steering of traffic to the receive ring groups is enabled in the hardware through layer-2/3 classification. The output displays:
The physical link name.
The number of ring groups available on a physical link.
The number of ring groups being used by kernel data path bypass (see net_kernel_bypass).
The number of ring groups being used by VNICs.
The number of ring groups being used by FLOWs.
Display information for an implicitly created physical link. The output shows:
The physical link name.
The media type provided by the physical datalink.
The unique identifier for the implicitly created physical datalink. Shows anet id for the Ethernet datalinks in the format of "anet:<id>" within a solaris-kz brand zone.
The name of the physical device for this link.
The underlying device actively in use.
The underlying device put as standby.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each link, the following fields can be displayed:
The name of the datalink.
The media type provided by the physical datalink.
The physical link state of the datalink. This can be up, down, or unknown. The physical link state identifies whether the physical device has connectivity with the external network (it does, if the cable is plugged in and the state of the port on the other end of the cable is "up").
The current speed of the link, in megabits per second.
For Ethernet links, the full/half duplex status of the link is displayed if the link state is up. The duplex is displayed as unknown in all other cases.
The name of the physical device under this link.
Specifies the list of MAC prefixes that are 1 to 5 octets long. This column is applicable in solaris-kz brand zone for para-virtualized device, namely, zvnet. VNICs with MAC addresses that start with any one of the prefixes in the list can be created inside the solaris-kz(7) brand zone.
Specifies the list of VLAN ID ranges. This column is applicable in solaris-kz brand zone for para-virtualized device, namely, zvnet. VNICs with VLAN IDs that are in the list can be created inside the solaris-kz(7) brand zone.
The number of ring groups available on a physical link.
The number of ring groups being used by kernel data path bypass (see net_kernel_bypass(3LIB)).
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
This option displays persistent configuration for all links, including those that have been removed from the system. The output provides a FLAGS column in which the r flag indicates that the physical device associated with a physical link has been removed. For such links, delete-phys can be used to purge the link's configuration from the system.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
By default, Oracle Solaris assigns link names with the prefix of net. Before installing Oracle Solaris, you can change this default by modifying the value of the linkname-policy/phys-prefix SMF property of the service svc:/network/datalink-management:default. Specify a new value for this property in the System Configuration manifests used the Automated Install (AI) program.
dladm create-aggr [–t ] [–R root-dir ] [–m mode ] [–P policy ] [–L lacpmode] [–T time ] [–u address ] –l ether-link1 [–l ether-link2 ...] aggr-link
Combine a set of links into a single link aggregation named aggr-link. The aggregation could be Datalink Multipathing (dlmp) or IEEE 802.3ad compliant. The use of an integer key to generate a link name for the aggregation is also supported for backward compatibility. Many of the *-aggr subcommands below also support the use of a key to refer to a given aggregation, but use of the aggregation link name is preferred. See the NOTES section for more information on keys.
dladm supports a number of port selection policies for an aggregation of ports. (See the description of the –P option, below.) If you do not specify a policy, create-aggr uses the default, the L4 policy, described under the –P option.
Each Ethernet link (or port) in the aggregation is specified using an –l option followed by the name of the link to be included in the aggregation. Multiple links are included in the aggregation by specifying multiple –l options. For backward compatibility with previous versions of Oracle Solaris, the dladm command also supports the using the –d option (or –-dev) with a device name to specify links by their underlying device name. The other *-aggr subcommands that take –l options also accept –d.
Specifies that the aggregation is temporary. Temporary aggregations last until the next reboot.
See “Options,” above.
Mode must be set to one of the following:
IEEE 802.3ad compliant link aggregation. If unspecified, mode is trunk.
Datalink Multipathing mode. A layer 2 high availability technology that can provide failover among multiple switches, and does not require switch configuration. A dlmp link aggregation can also aggregate ports connected to same switch. However, it cannot be used in back-to-back setup.
An dlmp link aggregation is limited in its load-spreading ability: MAC clients configured on plumbed dlmp aggr are distributed across all aggr ports but an individual MAC client cannot spread load across multiple ports.
This mode is not IEEE 802.3ad compliant. Setting policy, lacpmode, time or MAC address is invalid in this mode.
Specifies the port selection policy to use for load spreading of outbound traffic. The policy specifies which dev object is used to send packets. A policy is a list of one or more layers specifiers separated by commas. A layer specifier is one of the following:
Select outbound device according to source and destination MAC addresses of the packet.
Select outbound device according to source and destination IP addresses of the packet.
Select outbound device according to the upper layer protocol information contained in the packet. For TCP and UDP, this includes source and destination ports. For IPsec, this includes the SPI (Security Parameters Index).
For example, to use upper layer protocol information, the following policy can be used:
-P L4
Note that policy L4 is the default.
To use the source and destination MAC addresses as well as the source and destination IP addresses, the following policy can be used:
-P L2,L3
Specifies whether LACP should be used and, if used, the mode in which it should operate. Supported values are off, active or passive.
Specifies the LACP timer value. The supported values are short or long.
Specifies a fixed unicast hardware address to be used for the aggregation. If this option is not specified, then an address is automatically chosen from the set of addresses of the component devices.
dladm modify-aggr [–t ] [–R root-dir ] [–P policy ] [–L lacpmode] [–T time ] [–u address ] aggr-link
Modify the parameters of the specified aggregation.
Specifies that the modification is temporary. Temporary aggregations last until the next reboot.
See “Options,” above.
This option is Obsolete. One can delete the aggregation of one mode, and create a new with another mode.
Specifies the port selection policy to use for load spreading of outbound traffic. See dladm create-aggr for a description of valid policy values.
Specifies whether LACP should be used and, if used, the mode in which it should operate. Supported values are off, active, or passive.
Specifies the LACP timer value. The supported values are short or long.
Specifies a fixed unicast hardware address to be used for the aggregation. If this option is not specified, then an address is automatically chosen from the set of addresses of the component devices.
(Note that modification of the fixed unicast hardware address will override any previously defined mac-address link property defined for the aggregation. See “General Link Properties”.)
Deletes the specified aggregation.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
dladm add-aggr [–t ] [–R root-dir ] –l ether-link1 [–l ether-link2...] aggr-link
Adds links to the specified aggregation.
Specifies an Ethernet link to add to the aggregation. Multiple links can be added by supplying multiple –l options.
Specifies that the additions are temporary. Temporary additions last until the next reboot.
See “Options,” above.
dladm remove-aggr [–t] [–R root-dir] –l ether-link1 [–l ether-link2...] aggr-link
Removes links from the specified aggregation.
Specifies an Ethernet link to remove from the aggregation. Multiple links can be added by supplying multiple –l options.
Specifies that the removals are temporary. Temporary removal last until the next reboot.
See “Options,” above.
dladm show-aggr [–PLxZSCv ] [[–p] –o field [,...]] [–z zone[,...]] [aggr-link]
Show aggregation configuration (the default), LACP information, or DLMP probe-based failure/recovery detection status either for all aggregations or for the specified aggregation.
By default (with no options), the following fields can be displayed:
The name of the aggregation link.
The aggregation mode, either trunk or dlmp.
The LACP policy of the aggregation. See the create-aggr – P option for a description of the possible values.
Either auto, if the aggregation is configured to automatically configure its unicast MAC address (the default if the –u option was not used to create or modify the aggregation), or fixed, if –u was used to set a fixed MAC address.
The LACP mode of the aggregation. Possible values are off, active, or passive, as set by the –l option to create-aggr or modify-aggr.
The LACP timer value of the aggregation as set by the –T option of create-aggr or modify-aggr.
The following field is not part of the default output, but can be queried using –o.
A set of state flags associated with the aggregation. The only possible flag is f, which is displayed if the administrator forced the creation the aggregation using the –f option to create-aggr. Other flags might be defined in the future.
The show-aggr command accepts the following options:
Displays detailed LACP information for the aggregation link and each underlying port. Most of the state information displayed by this option is defined by IEEE 802.3. With this option, the following fields can be displayed:
The name of the aggregation link.
The name of one of the underlying aggregation ports.
Whether the port can be added to the aggregation.
If yes, the system considers the port to be synchronized and part of the aggregation.
If yes, collection of incoming frames is enabled on the associated port.
If yes, distribution of outgoing frames is enabled on the associated port.
If yes, the port is using defaulted partner information (that is, has not received LACP data from the LACP partner).
If yes, the receive state of the port is in the EXPIRED state.
Display additional aggregation information including detailed information on each underlying port. With –x, the following fields can be displayed:
The name of the aggregation link.
The name of one of the underlying aggregation ports.
The speed of the link or port in megabits per second.
The full/half duplex status of the link or port is displayed if the link state is up. The duplex status is displayed as unknown in all other cases.
The link state. This can be up, down, or unknown.
The MAC address of the link or port.
This indicates whether the individual aggregation port is in the standby or attached state.
Displays detailed clients information for the given DLMP aggregation link and each underlying port. With the –C option, the following fields can be displayed:
The name of the aggregation link.
The name of one of the underlying aggregation ports.
The speed of the link or port in megabits per second.
The full/half duplex status of the link or port is displayed if the link state is up. The duplex status is displayed as unknown in all other cases.
The link state. This can be up, down, or unknown.
VNIC or VLAN clients that are associated with this port.
Displays the list of VLAN IDs, their availability, and the client by using the VLAN ID.
The name of the aggregation link.
The aggregation mode, either trunk or dlmp.
The IPoIB pkeys supported on this DLMP aggregation. Shows in the format of "PKEY:<pkey_1,...,pkey_n>" on InfiniBand DLMP aggregation.
Displays detailed probe information for the given DLMP aggregation link and each underlying port. With –S, the following fields can be displayed:
The name of the aggregation link.
The name of one of the underlying aggregation ports.
The four letters of the FLAGS field represent:
'u' for link up, 'd' for link down or '-' for unknown link state.
'p' for elected ICMP prober (in case all ports are failed).
'2' for "L2 active".
'3' for "ICMP active".
The state of the port. Possible values can be "active", "failed" or "unknown".
The active ICMP targets for this port.
The active transitive probe targets for this port.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed above, or the special value all, to display all fields. The fields applicable to the –o option are limited to those listed under each output mode. For example, if using –L, only the fields listed under – L, above, can be used with –o.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display the persistent aggregation configuration rather than the state of the running system.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
dladm create-bridge [–P protect] [–R root-dir] [–p priority] [–m max-age] [–h hello-time] [–d forward-delay] [–f force-protocol ] [–l link ...] bridge-name
Create an 802.1D bridge instance and optionally assign one or more network links to the new bridge. By default, no bridge instances are present on the system.
In order to bridge between links, you must create at least one bridge instance. Each bridge instance is separate, and there is no forwarding connection between bridges.
Note that, for both /usr/sbin and /sbin, virtual-switching link property has an interface stability of Volatile.
Note that the bridge-related subcommands, create-bridge among them, require installation of the pkg://solaris/network/bridging package.
Specifies a protection method. The defined protection methods are stp for the Spanning Tree Protocol and trill for TRILL, which is used on RBridges. The default value is stp.
See “Options,” above.
Specifies the Bridge Priority. This sets the IEEE STP priority value for determining the root bridge node in the network. The default value is 32768. Valid values are 0 (highest priority) to 61440 (lowest priority), in increments of 4096.
If a value not evenly divisible by 4096 is used, the system silently rounds downward to the next lower value that is divisible by 4096.
Specifies the maximum age for configuration information in seconds. This sets the STP Bridge Max Age parameter. This value is used for all nodes in the network if this node is the root bridge. Bridge link information older than this time is discarded. It defaults to 20 seconds. Valid values are from 6 to 40 seconds. See the –d forward-delay parameter for additional constraints.
Specifies the STP Bridge Hello Time parameter. When this node is the root node, it sends Configuration BPDUs at this interval throughout the network. The default value is 2 seconds. Valid values are from 1 to 10 seconds. See the –d forward-delay parameter for additional constraints.
Specifies the STP Bridge Forward Delay parameter. When this node is the root node, then all bridges in the network use this timer to sequence the link states when a port is enabled. The default value is 15 seconds. Valid values are from 4 to 30 seconds.
Bridges must obey the following two constraints:
2 * (forward-delay - 1.0) >= max-age max-age >= 2 * (hello-time + 1.0)
Any parameter setting that would violate those constraints is treated as an error and causes the command to fail with a diagnostic message. The message provides valid alternatives to the supplied values.
Specifies the MSTP forced maximum supported protocol. The default value is 3. Valid values are non-negative integers. The current implementation does not support RSTP or MSTP, so this currently has no effect. However, to prevent MSTP from being used in the future, the parameter may be set to 0 for STP only or 2 for STP and RSTP.
Specifies one or more links to add to the newly-created bridge. This is similar to creating the bridge and then adding one or more links, as with the add-bridge subcommand. However, if any of the links cannot be added, the entire command fails, and the new bridge itself is not created. To add multiple links on the same command line, repeat this option for each link. You are permitted to create bridges without links. For more information about link assignments, see the add-bridge subcommand.
Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG privilege. Bridge creation might fail if the optional bridging feature is not installed on the system.
dladm modify-bridge [–P protect ] [–R root-dir ] [–p priority] [–m max-age] [–h hello-time] [–d forward-delay ] [–f force-protocol ] bridge-name
Modify the operational parameters of an existing bridge. The options are the same as for the create-bridge subcommand, except that the –l option is not permitted. To add links to an existing bridge, use the add-bridge subcommand.
Bridge parameter modification requires the PRIV_SYS_DL_CONFIG privilege.
Delete a bridge instance. The bridge being deleted must not have any attached links. Use the remove-bridge subcommand to deactivate links before deleting a bridge.
Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
The –R (–-root-dir) option is the same as for the create-bridge subcommand.
Add one or more links to an existing bridge. If multiple links are specified, and adding any one of them results in an error, the command fails and no changes are made to the system.
Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privilege.
A link may be a member of at most one bridge. An error occurs when you attempt to add a link that already belongs to another bridge. To move a link from one bridge instance to another, remove it from the current bridge before adding it to a new one.
The links assigned to a bridge must not also be VLANs, VNICs, or tunnels. Only physical Ethernet datalinks, aggregation datalinks, and Ethernet stubs are permitted to be assigned to a bridge.
Links assigned to a bridge must all have the same MTU. This is checked when the link is assigned. The link is added to the bridge in a deactivated form if it is not the first link on the bridge and it has a differing MTU.
Note that systems using bridging should not set the eeprom(8) local-mac-address? variable to false.
The options are the same as for the create-bridge subcommand.
Remove one or more links from a bridge instance. If multiple links are specified, and removing any one of them would result in an error, the command fails and none are removed.
Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privilege.
The options are the same as for the create-bridge subcommand.
Show the running status and configuration of bridges, their attached links, learned forwarding entries, and TRILL nickname databases. When showing overall bridge status and configuration, the bridge name can be omitted to show all bridges. The other forms require a specified bridge.
The show-bridge subcommand accepts the following options:
Display using a stable machine-parseable format. See “Parseable Output Format,” below.
A case-insensitive, comma-separated list of output fields to display. The field names are described below. The special value all displays all fields. Each set of fields has its own default set to display when –o is not specified.
By default, the show-bridge subcommand shows bridge configuration. The following fields can be shown:
The name of the bridge.
The Bridge Unique Identifier value (MAC address).
Configured priority value; set by –p with create-bridge and modify-bridge.
Configured bridge maximum age; set by –m with create-bridge and modify-bridge.
Configured bridge hello time; set by –h with create-bridge and modify-bridge.
Configured forwarding delay; set by –d with create-bridge and modify-bridge.
Configured forced maximum protocol; set by –f with create-bridge and modify-bridge.
Time, in seconds, since last topology change.
Count of the number of topology changes.
This indicates that a topology change was detected.
Bridge Identifier of the root node.
Cost of the path to the root node.
Port number used to reach the root node.
Maximum age value from the root node.
Hello time value from the root node.
Forward delay value from the root node.
Minimum BPDU interval.
By default, when the –o option is not specified, only the BRIDGE, ADDRESS, PRIORITY, and DESROOT fields are shown.
The show-bridge subcommand also accepts the following options:
dladm create-vlan [–ft ] [–R root-dir] –l ether-link –v vid[,pvlan-svid [,pvlan-type]] [vlan-link ]
Create a tagged VLAN link with an ID of vid over Ethernet link ether-link. The name of the VLAN link can be specified as vlan-link. The name can be specified as zonename/linkname, which will create the VLAN in the given zone's namespace. If the name is not specified, a name will be automatically generated (assuming that ether-link is namePPA) as:
<name><1000 * vlan-tag + PPA>
For example, if ether-link is bge1 and vid is 2, the name generated is bge2001.
Force the creation of the VLAN link. Some devices do not allow frame sizes large enough to include a VLAN header. When creating a VLAN link over such a device, the –f option is needed, and the MTU of the IP interfaces on the resulting VLAN must be set to 1496 instead of 1500.
Specifies Ethernet link over which VLAN is created.
Specifies that the VLAN link is temporary. Temporary VLAN links last until the next reboot. The –t option must be specified if the VLAN is created in a non-global zone's namespace.
See “Options,” above.
dladm modify-vlan [–t] [–R root-dir] [–l ether-link] [–v vid[,pvlan-svid[,pvlan-type]] [–f]] {vlan-link,[vlan-link,...] | –L ether-link}
Modifies the underlying link and/or the VLAN-ID of the specified VLAN link(s). The VLAN link(s) can be specified as a comma-delimited list or as –L source-ether-link to indicate “all VLANs on source-ether-link”.
Specifies that the VLAN modification is temporary.
See “Options,” above.
Specifies the Ethernet link to which to move the VLAN(s). The Ethernet link must be different from the current one the VLAN(s) is or are using.
Specifies the VLAN-ID to be used. This option can be used only if a single VLAN link is specified. The purpose of the –f option is the same as in create-vlan, above.
Delete the VLAN link specified.
The delete-vlan subcommand accepts the following options:
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Display VLAN configuration for all VLAN links or for the specified VLAN link.
The show-vlan subcommand accepts the following options:
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each VLAN link, the following fields can be displayed:
The name of the VLAN link.
The ID associated with the VLAN or the primary VID associated with a PVLAN.
The PVLAN secondary VLAN ID associated with the VNIC.
The PVLAN type associated with the VNIC.
The name of the physical link over which this VLAN is configured.
A set of flags associated with the VLAN link. Possible flags are:
The VLAN was created using the –f option to create-vlan.
The VLAN was implicitly created when the DLPI link was opened. These VLAN links are automatically deleted on last close of the DLPI link (for example, when the IP interface associated with the VLAN link is unplumbed).
Additional flags might be defined in the future.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display the persistent VLAN configuration rather than the state of the running system.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
Creates a Known WLAN with the given name wlan-name. The wlan-name represents the ESSID of the WiFi network whose properties can be saved in this object.
See Options section above.
A comma-separated list of properties to set to the specified values.
Deletes the specified Known WLAN.
See Options section above.
Sets the value of one of more properties on the Known WLAN specified.
See Options section above.
A comma-separated list of properties to set to the specified values.
Resets the value of one or more properties on the Known WLAN specified.
See Options section above.
A comma-separated list of properties to set to the specified values.
Displays the Known WLAN configuration for all Known WLANs or the specified Known WLAN.
Display using a stable machine-parseable format. The –o option is required with –p option. See the "Parseable Output Format" section below.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. By default (without the –o option), show-wlan displays all fields.
The name of the Known WLAN.
The relative priority of this Known WLAN; a smaller number represents higher priority. If no priority is specified, the default value of 0 is assigned.
If a specific access point should be preferred over other the same ESSID, this property allows the access point's BSSIDs to be specified.
The encryption mode of this Known WLAN's WiFi network. The following values are valid:
No encryption is used by the WiFi network.
Wi-Fi Protected Access (WPA) encryption is used by the WiFi Network.
Secure object name to associate with this Known WLAN. If this Known WLAN uses an encryption mode that supports multiple keyslots, the slot to place the key is shown by a colon followed by an index. For example, mykey:3 places mykey in slot 3. Valid values are 1 to 4. If unspecified, slot 1 is assumed and used by default.
Scans for WiFi networks, either on all WiFi links, or just on the specified wifi-link.
By default, currently all fields but BSSTYPE are displayed.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each WiFi network found, the following fields can be displayed:
The name of the link the WiFi network is on.
The ESSID (name) of the WiFi network.
Either the hardware address of the WiFi network's Access Point (for BSS networks), or the WiFi network's randomly generated unique token (for IBSS networks).
Either none for a WiFi network that uses no security, or wpa for a WiFi network that requires WPA (Wi-Fi Protected Access).
The supported connection modes: one or more of a, b, g, or n.
The strength of the signal: one of excellent, very good, good, weak, or very weak.
The maximum speed of the WiFi network, in megabits per second.
Either bss for BSS (infrastructure) networks, or ibss for IBSS (ad-hoc) networks.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
dladm connect-wifi [–e essid ] [–i bssid ] [–k key,...] [–s none | wpa ] [–a open | shared] [–b bss | ibss] [–c] [–m a | b | g | n ] [–T time ] [–w] [wifi-link ]
Connects to a WiFi network. This consists of four steps: discovery, filtration, prioritization, and association. However, to enable connections to non-broadcast WiFi networks and to improve performance, if a BSSID or ESSID is specified using the –e or –i options, then the first three steps are skipped and connect-wifi immediately attempts to associate with a BSSID or ESSID that matches the rest of the provided parameters. If this association fails, but there is a possibility that other networks matching the specified criteria exist, then the traditional discovery process begins as specified below.
The discovery step finds all available WiFi networks on the specified WiFi link, which must not yet be connected. For administrative convenience, if there is only one WiFi link on the system, wifi-link can be omitted.
Once discovery is complete, the list of networks is filtered according to the value of the following options:
If no BSSID or ESSID is specified, the information from the Known WLAN list is utilized to select a WiFi network to connect to. The WiFi network with the highest priority (the lowest value) in the Known WLAN list is selected to connect to. If Known WLAN list does not have any available WiFi networks, the list of networks is filtered according to the value of the following options:
Networks that do not have the same essid are filtered out.
Networks that do not have the same bsstype are filtered out.
Networks not appropriate for the specified 802.11 mode are filtered out.
Use the specified secobj named by the key to connect to the network. Networks not appropriate for the specified keys are filtered out.
Networks not appropriate for the specified security mode are filtered out.
Next, the remaining networks are prioritized, first by signal strength, and then by maximum speed. Finally, an attempt is made to associate with each network in the list, in order, until one succeeds or no networks remain.
When the connection to the WiFi network is successful, the network and any associated security key information is added to the Known WLAN list, if it is not already on the list. This facilitates reconnection if the WiFi connection is lost.
In addition to the options described above, the following options also control the behavior of connect-wifi:
Connect using the specified authentication mode. By default, open and shared are tried in order.
Used with -b ibss to create a new ad-hoc network if one matching the specified ESSID cannot be found. If no ESSID is specified, then -c -b ibss always triggers the creation of a new ad-hoc network.
Specifies the number of seconds to wait for association to succeed. If time is forever, then the associate will wait indefinitely. The current default is ten seconds, but this might change in the future. Timeouts shorter than the default might not succeed reliably.
In addition to the filtering previously described, the specified keys will be used to secure the association. The security mode to use will be based on the key class; if a security mode was explicitly specified, it must be compatible with the key class. All keys must be of the same class.
For security modes that support multiple key slots, the slot to place the key will be specified by a colon followed by an index. Therefore, -k mykey:3 places mykey in slot 3. By default, slot 1 is assumed. For security modes that support multiple keys, a comma-separated list can be specified, with the first key being the active key.
Only connect to a WiFi network that is also in the Known WLAN list. If such a WiFi network is not found, then further connection based on the heuristics mentioned above will not be attempted. This option cannot be specified with other options.
Disconnect from one or more WiFi networks. If wifi-link specifies a connected WiFi link, then it is disconnected. For administrative convenience, if only one WiFi link is connected, wifi-link can be omitted.
Disconnects from all connected links. This is primarily intended for use by scripts.
Disconnects from the current WiFi network and also removes it from the Known WLAN list. This option is for convenience and is the same as running "dladm disconnect-wifi" followed by "dladm delete-wlan" commands.
Shows WiFi configuration information either for all WiFi links or for the specified link wifi-link .
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each WiFi link, the following fields can be displayed:
The name of the link being displayed.
Either connected if the link is connected, or disconnected if it is not connected. If the link is disconnected, all remaining fields have the value --.
The ESSID (name) of the connected WiFi network.
Either the hardware address of the WiFi network's Access Point (for BSS networks), or the WiFi network's randomly generated unique token (for IBSS networks).
Either none for a WiFi network that uses no security, or wpa for a WiFi network that requires WPA.
The supported connection modes: one or more of a, b, g, or n.
The connection strength: one of excellent, very good, good, weak, or very weak.
The connection speed, in megabits per second.
Either open or shared (see connect-wifi).
Either bss for BSS (infrastructure) networks, or ibss for IBSS (ad-hoc) networks.
By default, currently all fields but AUTH, BSSID, BSSTYPE are displayed.
Displays using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
dladm show-ether [–xZ] [[–p ] –o field[,...]] [–z zone[,...]] [–P protocol] [ether-link ]
Shows state information either for all physical Ethernet links or for a specified physical Ethernet link.
The show-ether subcommand accepts the following options:
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each link, the following fields can be displayed:
The name of the link being displayed.
Parameter type, where current indicates the negotiated state of the link, capable indicates capabilities supported by the device, adv indicates the advertised capabilities, and peeradv indicates the capabilities advertised by the link-partner.
The physical link state of the datalink. This can be up, down, or unknown. The physical link state identifies whether the physical device has connectivity with the external network (it does, if the cable is plugged in and the state of the port on the other end of the cable is "up").
A yes/no value indicating whether auto-negotiation is advertised.
Combinations of speed and duplex values available. The units of speed are encoded with a trailing suffix of G (Gigabits/s) or M (Mb/s). Duplex values are encoded as f (full-duplex) or h (half-duplex).
Flow control information. Can be no, indicating no flow control is available; tx, indicating that the end-point can transmit pause frames, but ignores any received pause frames; rx, indicating that the end-point receives and acts upon received pause frames; or bi, indicating bi-directional flow control.
Fault detection information. Valid values are none or fault.
By default, all fields except REM_FAULT are displayed for the “current” PTYPE.
Displays using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Displays information about supported Ethernet protocols. Supported protocols include vdp, the VSI Discovery and Configuration protocol, and ecp, Edge Control Protocol.
VDP information is specific to a VNIC. Thus, if the link argument is a phys-link, VDP information for all of the VNIC over the phys-link is displayed.
ECP information is specific to a phys-link.
For VDP, following information is displayed:
The name of the Virtual Station Interface (VSI) or VNIC.
The name of the physical link over which this VNIC is configured.
The state of the VDP protocol state machine for the VNIC. Supported states include ASSOC, DEASSOC, or TIMEDOUT.
The identifier for the VSI or VNIC. This identifier is used by the bridge to associate properties with VNICs. Supported format for the VSIID is the MAC address. Thus, the VSIID for a VNIC is its MAC address.
This is VSI Type ID and Version associated with a VNIC and is of the form VSI Type ID/Version. The VSI Type identifies the properties associated with the VNIC.
The VDP command that is currently in progress. Supported commands are: ASSOC, DEASSOC. The ASSOC command requests the bridge to associate properties with a VSI (identified by the VSIID), whereas the DEASSOC requests the bridge to disassociate the properties from a given VSIID.
The information used by the switch to filter packets for a given VNIC. Supported format for Filter Info includes the MAC/VLAN ID combination. Thus, the FilterInfo for a VNIC is its MAC address and VLAN ID, if any.
The interval (in seconds) for Keep Alive messages to be transmitted for existing associations. The default is 11.6 secs.
The time (in seconds) to wait for a response from the bridge before timing out a request.
For ECP, following information is displayed:
The name of the physical link for the ECP instance.
The maximum number of transmission retries without receiving an acknowledgment from the peer.
The interval of time (in milliseconds) to wait for an acknowledgment from the peer.
Extended output is displayed for PTYPE values of current, capable, adv and peeradv.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
Sets the values of one or more properties on the link specified. The list of properties and their possible values depend on the link type, the network device driver, and networking hardware. These properties can be retrieved using show-linkprop.
Specifies that the changes are temporary. Temporary changes last until the next reboot.
See “Options,” above.
A comma-separated list of properties to set to the specified values.
Note that when the persistent value is set, the temporary value changes to the same value.
Resets one or more properties to their values on the link specified. Properties are reset to the values they had at startup. If no properties are specified, all properties are reset. See show-linkprop for a description of properties.
Specifies that the resets are temporary. Values are reset to default values. Temporary resets last until the next reboot.
See “Options,” above.
A comma-separated list of properties to reset.
Note that when the persistent value is reset, the temporary value changes to the same value.
dladm show-linkprop [–HPZ] [[–c] –o field[,...]] [–p prop[,...]] [–z zone[,...]] [ link]
Show the current or persistent values of one or more properties, either for all datalinks or for the specified link. By default, current values are shown. If no properties are specified, all available link properties are displayed. For each property, the following fields are displayed:
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. For each link, the following fields can be displayed:
The name of the datalink.
The name of the property.
The read/write permissions of the property. The value shown is one of ro or rw.
The current (or persistent) property value. If the value is not set, it is shown as --. If it is unknown, the value is shown as ?. Persistent values that are not set or have been reset will be shown as -- and will use the system DEFAULT value (if any).
The property value chosen by the system. For some properties the value chosen by the system may not be the same as the value configured by the user. This is because the property value is constrained by the resource availability, capabilities of the underlying physical datalink, or in some cases the datalink partner.
The default value of the property. If the property has no default value, -- is shown.
A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown or unbounded, -- is shown.
Shows a value if there is hardware support. This explains that the physical NIC is capable of the property. A value of -- means there is no support.
Shows a value if there is software support in the networking stack for the property. A value of -- means there is no support.
For both HWPOSSIBLE and SWPOSSIBLE, any granularity requirement (step value) for the value is shown after the number range followed by a :. Currently, only max-bw property shows a value for the step value.
Shows the current mode used for the data link to implement the property. Possible values or sw for software only, hw for hardware only and none for no support is possible for the link. Note that MODE can be none even though there is hardware or software support.
HWFLAGS and SWFLAGS currently show the flag o for outbound, i for inbound and oi for inbound and outbound. Currently, it shows a value only for the SLA properties, max-bw, bw-share and priority.
The list of properties depends on the link type and network device driver, and the available values for a given property further depends on the underlying network hardware and its state. General link properties are documented in the “General Link Properties” section. However, link properties that begin with “_” (underbar) are specific to a given link or its underlying network device and subject to change or removal. See the appropriate network device driver man page for details.
Display using a stable machine-parseable format. The –o option is required with this option. See “Parseable Output Format”, below.
Show-linkprop –H shows information on the underlying physical link capabilities and the networking stack software capabilities for supporting the property. Also, shows which mode is currently used for the data link.
Display persistent link property information
A comma-separated list of properties to show. See the sections on link properties following subcommand descriptions.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
Create a secure object named secobj in the specified class to be later used as a WEP or WPA key in connecting to an encrypted network. The value of the secure object can either be provided interactively or read from a file. The sequence of interactive prompts and the file format depends on the class of the secure object.
Currently, the class wpa is supported. The WEP (Wired Equivalent Privacy) was deprecated because of security issues. The WPA (Wi-Fi Protected Access) key must be provided as an ASCII string with a length between 8 and 63 bytes.
This subcommand is only usable by users or roles that belong to the “Network Link Security” RBAC profile.
class can only be wpa. See preceding discussion.
Specifies that the creation is temporary. Temporary creation last until the next reboot.
See “Options,” above.
Specifies a file that should be used to obtain the secure object's value. The format of this file depends on the secure object class. See the EXAMPLES section for an example of using this option to set a WEP key.
Delete one or more specified secure objects. This subcommand is only usable by users or roles that belong to the “Network Link Security” RBAC profile.
Specifies that the deletions are temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Show current or persistent secure object information. If one or more secure objects are specified, then information for each is displayed. Otherwise, all current or persistent secure objects are displayed.
By default, current secure objects are displayed, which are all secure objects that have either been persistently created and not temporarily deleted, or temporarily created.
For security reasons, it is not possible to show the value of a secure object.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below. For displayed secure object, the following fields can be shown:
The name of the secure object.
The class of the secure object.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display persistent secure object information
dladm create-vnic [–t] [–f] –l link [–R root-dir] [–m value | auto | {factory [–n slot-identifier]} | {vrrp –A {inet | inet6} –V vrid} | {random [–r prefix]}] [–v vlan-id][,pvlan-svid[,pvlan-type]] [–P pkey] [–p prop=value[,...]] vnic-link
Create a VNIC with name vnic-link over the specified link. The vnic-link can be specified as zonename/linkname, which will create the VNIC in the given zone's namespace.
Specifies that the VNIC is temporary. Temporary VNICs last until the next reboot. The –i option must be specified if the VNIC is to be created in a non-global zone's namespace.
If the VNIC is a IPoIB VNIC, force the creation of the VNIC even if pkey is absent on the port, the multicast group is absent, or the port is down.
See “Options,” above.
link can be a physical link, an etherstub, or an aggregation link (aggr-link).
This option only applies to Ethernet VNICs.
Sets the VNIC's MAC address based on the specified value or keyword. If value is not a keyword, it is interpreted as a unicast MAC address, which must be valid for the underlying NIC. A user-specified MAC address must be drawn from the ranges specified by the Globally Unique and Locally Administered types of MAC addresses.
The following special keywords can be used:
Assign a factory MAC address to the VNIC. When a factory MAC address is requested, –m can be combined with the –n option to specify a MAC address slot to be used. If –n is not specified, the system will choose the next available factory MAC address. The –m option of the show-phys subcommand can be used to display the list of factory MAC addresses, their slot identifiers, and their availability.
Assign a random MAC address to the VNIC. A default prefix consisting of a valid IEEE OUI with the local bit set will be used. That prefix can be overridden with the –r option.
Assign a VRRP virtual MAC address to the VNIC base on the specified address family and vrid.
Try to assign random mac-address first if possible, if NIC supports it, else try to assign a factory mac-address. auto is the default action if the –m option is not specified.
This option only applies to Ethernet VNICs.
Enable VLAN tagging for this VNIC. The VLAN tag will have id vlan-id, or a PVLAN tag pair if pvlan-svid is specified.
To avoid this, wait for after the disallowhostconfig or allowhostconfig command returns and before executing the create-vnic command.
Partition key to be used. This option is mandatory for IPoIB VNICs and not applicable for other type of links. pkey specified is always treated as hexadecimal, whether it has the 0x prefix or not.
A comma-separated list of properties to set to the specified values.
dladm create-vnic –t –c <evsname>[/<vportname>] [–T <tenant>] <vnic-link>
Creates a VNIC with name vnic-link, by connecting to a EVS evsname at optionally provided Virtual Port (VPort) vportname. If the tenantname is provided, then the EVS will be searched in tenant's namespace. If VPort is specified, then the SLA properties (max-bw, cos, and priority), IP address, and MAC address of the VPort will be inherited by the VNIC. If Vport is not specified, then the EVS controller will generate a system VPort which will have IP address, MAC address, and default SLA properties of EVS, and then the VNIC will be connected to this system VPort.
VNICs when connected to EVS have the following limitations (in terms of how they can be managed through dladm):
They cannot be renamed through dladm rename-link
Their properties cannot be changed by using dladm set-linkprop or dladm reset-linkprop
They cannot be modified by using dladm modify-vnic
For more information on EVS, VPorts, and tenants, see evsadm(8) manpage.
The VNIC created is temporary and will be lost upon next reboot. See EXAMPLES section below for an example usage.
Specifies that the VNIC is temporary. This is a required option.
Specifies the name of the tenant that owns the EVS. If it is not provided, then the default tenant sys-global will be assumed.
Specifies the name of the EVS to which the VNIC must be connected. If vportname is provided, the VNIC will be connected to that vport. If a vportname is not provided, then a vport will be automatically generated and assigned to the VNIC.
The act of connecting a VNIC to EVS results in either the VNIC inheriting the properties from EVS or a provided vport.
dladm modify-vnic [–t] [–R root-dir] [–l link] [–m value | auto | {factory [–n slot-identifier]} | {vrrp –A {inet | inet6} –V vrid} | {random [–r prefix]}] [–v vlan-id[,pvlan-svid[,pvlan-type]]] {vnic-link,[vnic-link,...] | –L link}
Modifies the underlying link and/or the MAC address/VLAN-ID of the specified VNIC link(s). The VNIC link(s) can be specified as a comma-delimited list or as –L source-link to indicate “all VNICs on source-link”.
Specifies that the VNIC modification is temporary.
See “Options,” above.
Specifies the link to which to move the VNIC(s). link can be of any link type supported by create-vnic. link must be different from the link the VNIC(s) are currently using. If the VNIC(s) are using a factory MAC address and –m is not specified, a new MAC address will be allocated on the target link, using the –m auto scheme, and assigned to the VNIC(s).
This option only applies to Ethernet VNICs.
See create-vnic, above, for supported options. If multiple VNICs are specified, only the auto, random, and factory (without –n) address assignment schemes will be supported.
Deletes the specified VNIC.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
dladm show-vnic [–P | {–z zone[,..]}] [[–p] –o field[,..]] [–l link] [vnic-link] dladm show-vnic [–Zmv] [–l link] [vnic-link]
Show VNIC configuration information for all VNICs, all VNICs on a link, or only the specified vnic-link.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without – o), show-vnic displays all fields.
The name of the VNIC.
The name of the physical link over which this VNIC is configured.
The maximum speed of the VNIC, in megabits per second.
MAC address of the VNIC.
For IPoIB VNICs, by default (without –o), first five bytes of the mac address are shown, and ".." is shown in the sixth byte position. To show the full mac address use the –o option.
If the VNIC is associated with more than one MAC addresses then this column will display all the MAC addresses of a VNIC.
For IPoIB VNICs, by default (without –o), first five bytes of the mac address are shown, and ".." is shown in the sixth byte position. To show the full mac address use the –o option.
MAC address type of the VNIC. dladm distinguishes among the following MAC address types:
A random address assigned to the VNIC.
A factory MAC address used by the VNIC.
If the VNIC is associated with more than one MAC addresses then this column will display the MAC address type for each of the MAC address.
The VLAN ID associated with the VNIC.
The Secondary VLAN ID associated with the VNIC.
The PVLAN type associated with the VNIC.
If the VNIC is associated with more than one VLAN ID, then this column will display all the VLAN IDs.
Name of the EVS to which the VNIC is connected to.
Name of the vport to which the VNIC is connected to and inherits the properties from.
Name of the tenant that owns the EVS.
IB partition key associated with the VNIC. Applicable only to IPoIB datalinks.
Shows VIDS for Ethernet datalinks and PKEY for IPoIB datalinks in the format "VID:<value>" and "PKEY:<value>" respectively.
See the create-vnic section above for more information on EVS, VPORT, and TENANT.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display the persistent VNIC configuration.
Display information for all VNICs on the named link.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
Display SR-IOV information for a VNIC. The output shows:
The name of the VNIC.
The name of the VF device instance currently assigned to the VNIC.
Display the EVS information for the given vnic. This is a shortcut for the following fields: LINK, TENANT, EVS, VPORT, OVER, MACADDRESS, VIDS.
See the create-vnic section above for more information.
Display all MAC addresses, MAC address types and VLAN IDs associated with the VNIC.
Display all VLAN information associated with the VNIC.
dladm create-part [–t] [–f ] –l ib-link [–R root-dir] –P pkey [–p prop=value[,...]] part-link
Create an IP-over-IB link with the name part-link over the specified link. This subcommand is supported only on InfiniBand physical links. The part-link can be specified as zonename/linkname, which will create the partition link in the given zone's namespace.
Forces the creation of the partition link even if pkey is absent on the port, the multicast group is absent, or the port is down.
IP-over-IB physical link name.
Partition key to be used for creating the partition link. pkey specified is always treated as hexadecimal, whether it has the 0x prefix or not.
A comma-separated list of properties to set to the specified values. Supported properties are given “General Link Properties” section below.
See “Options,” above.
Specifies that the partition link creation is temporary. Temporary partition links last until the next reboot. The –t option must be specified if the partition link is to be created in a non-global zone's namespace.
Delete the specified partition link.
See “Options,” above.
Specifies that the partition link deletion is temporary. Temporary deletion last until the next reboot.
Displays IB partition link information for all partition links, for all partitions on ib-link, or for only the specified part-link.
Display information for all the partitions on the named link.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without – o), show-part displays all fields.
The name of the partition link.
Pkey associated with the partition link.
The name of the physical link over which this partition link is created.
Current state of the partition link. Possible values are up, down, or unknown. If the link is down, use the show-ib subcommand to check the underlying port status and configured pkeys, and the show-linkprop subcommand to check the broadcast-group property.
A set of state flags used for creating the partition link. Possible values are:
Partition was created forcibly (without checking whether creating a partition were possible).
Partition link is temporary, lasting only until the next reboot.
Display the persistent IB partition link configuration.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
Display IB physical link information on all or the specified IB links.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without –o), show-ib displays all fields except HCA, GWID and GWFLAGS.
The name of the physical link.
InfiniBand Host Channel Adapter (HCA) name as managed by the ibadm(8) utility.
Globally unique identifier of the HCA.
Globally unique identifier of the port. If the PORTGUID is not set, it is shown as unknown. For IB SR-IOV virtual adapters, the PORTGUID is set when the link is up.
Port number.
Current state of the physical link. Possible values are up, down, or unknown.
The configured system name of the IB-Ethernet gateway switch that is discovered from this IB physical link.
The name of the connector associated with the gateway Ethernet port.
The identifier for the gateway instance associated with the displayed gateway Ethernet port. The value is expected to be unique even if multiple gateway switches share the same InfiniBand fabric. The value of the gateway instance identifier ranges from 0 to 1023.
A set of flags associated with the discovered gateway. Possible flags are:
The gateway has indicated its availability for logins from this IB port in its advertisement.
The gateway allows host-administered VNICs from this IB port.
The gateway has at least one macaddress assigned for the EoIB datalink from this IB port.
Pkeys available on the port associated with the IP-over-IB link specified in the LINK field.
Display the persistent IB physical link configuration.
Display using a stable machine-parseable format. The –o option is required with –p. See “Parseable Output Format”, below.
dladm create-eoib [–t] [–R root-dir] –l ib-link –g gw-system-name –c gw-eth-port eoib-link
Create an EoIB link with the name eoib-link over the specified link. This subcommand is supported only on InfiniBand physical links.
Specifies that the EoIB link creation is temporary. Temporary links will last until the next reboot.
See "Options" above.
InfiniBand physical link name.
Specifies the system name of the IB-Ethernet gateway switch.
Specifies the name of the connector associated with the gateway switch's Ethernet port.
Delete the specified EoIB link.
Specifies that the EoIB link creation is temporary. Temporary links will last until the next reboot.
See "Options" above.
dladm show-eoib [–PZ] [–g gw-system-name] [–l ib-link] [[–p ] –o field[,...]] [–z zone [,...]] [eoib-link]
Displays information about all the EoIB datalinks on the system, EoIB datalinks over a specific ib-link and/or a gw-system-name, or information about a specific EoIB datalink.
Display the persistent EoIB link configuration.
Display ZONE column in the output.
Display information about EoIB datalinks bound to Ethernet ports on the specified gateway.
Display information about EoIB datalinks built over the specified IB link.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all to display all fields. By default (without –o option) show-eoib displays all fields.
The name of the EoIB datalink.
The configured system name of the IB-Ethernet gateway switch. For persistent links, if the gateway system name is unknown (because the link is being migrated from the old administration model) and if the gateway corresponding to the GWID of the link is not discovered yet, the value is shown as ?.
The name of the connector associated with the gateway Ethernet port. For persistent links, if the gateway system name is unknown (because the link is being migrated from the old model of administration) and if the gateway corresponding to the GWID of the link is not discovered yet, the value is shown as ?.
The identifier for the gateway instance associated with the displayed gateway Ethernet port. The value is expected to be unique even if multiple gateway switches share the same InfiniBand fabric. The value of the gateway instance identifier ranges from 0 to 1023. If the gateway has not been discovered yet, the value is shown as --.
The maximum speed of the link, in megabits per second.
MAC address assigned for the EoIB link on the gateway. If the underlying connection to the gateway has not been established yet, the macaddress is shown as all zeros.
The name of the IB physical link over which this EoIB datalink is created.
A set of flags associated with the EoIB link. In addition to the flags listed earlier under show-ib description, two additional flag values are possible:
The Ethernet port associated with the link is currently DOWN.
The Ethernet port associated with the link is currently UP.
Display using a stable machine-parseable format. The –o option is required with –p. See "Parseable Output Format" below.
Create an etherstub with the specified name.
Specifies that the etherstub is temporary. Temporary etherstubs do not persist across reboots.
See “Options,” above.
VNICs can be created on top of etherstubs instead of physical NICs. As with physical NICs, such a creation causes the stack to implicitly create a virtual switch between the VNICs created on top of the same etherstub.
Delete the specified etherstub.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
Show all configured etherstubs by default, or the specified etherstub if etherstub is specified.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
dladm create-iptun [–t] [–R root-dir] –T type [–a {local|remote}=addr,...] iptun-link
Create an IP tunnel link named iptun-link. Such links can additionally be protected with IPsec using ipsecconf(8).
An IP tunnel is conceptually comprised of two parts: a virtual link between two or more IP nodes, and an IP interface above this link that allows the system to transmit and receive IP packets encapsulated by the underlying link. This subcommand creates a virtual link. The ipadm(8) command is used to configure IP interfaces above the link.
Specifies that the IP tunnel link is temporary. Temporary tunnels last until the next reboot.
See “Options,” above.
Specifies the type of tunnel to be created. The type must be one of the following:
A point-to-point, IP-over-IP tunnel between two IPv4 nodes. This type of tunnel requires IPv4 source and destination addresses to function. IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create IPv4-over-IPv4 and IPv6-over-IPv4 tunneling configurations.
A point-to-point, IP-over-IP tunnel between two IPv6 nodes as defined in IETF RFC 2473. This type of tunnel requires IPv6 source and destination addresses to function. IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configurations.
A 6to4, point-to-multipoint tunnel as defined in IETF RFC 3056. This type of tunnel requires an IPv4 source address to function. An IPv6 interface is plumbed on such a tunnel link to configure a 6to4 router.
Literal IP addresses or hostnames corresponding to the local or remote tunnel addresses. Either local or remote can be specified individually, or both can be specified separated by a comma (for example, –a local=laddr,remote= raddr).
dladm modify-iptun [–t] [–R root-dir] –a {local|remote}=addr,... iptun-link
Modify the parameters of the specified IP tunnel.
Specifies that the modification is temporary. Temporary modifications last until the next reboot.
See “Options,” above.
Specify new local or remote addresses for the tunnel link. See create-iptun for a description.
Delete the specified IP tunnel link.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See “Options,” above.
dladm show-iptun [–PZ] [[–p] –o field[,...]] [–z zone[,...]] [iptun-link]
Show IP tunnel link configuration for a single IP tunnel or all IP tunnels.
Display the persistent IP tunnel configuration.
Display using a stable machine-parseable format. The -o option is required with -p. See “Parseable Output Format”, below.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. By default (without – o), show-iptun displays all fields.
The name of the IP tunnel link.
Type of tunnel as specified by the –T option of create-iptun.
A set of flags associated with the IP tunnel link. Possible flags are:
The IP tunnel link is protected by IPsec policy. To display the IPsec policy associated with the tunnel link, enter:
# ipsecconf -ln -i tunnel-link
See ipsecconf(8) for more details on how to configure IPsec policy.
The IP tunnel link was implicitly created with ipadm(8), and will be automatically deleted when it is no longer referenced (that is, when the last IP interface over the tunnel is removed). See ipadm(8) for details on implicit tunnel creation.
The local tunnel address.
The remote tunnel address.
Display ZONE column in the output.
See description of –z option under dladm show-link, above.
dladm create-vxlan [–t] [–R root-dir] –p vni=<vxlan-id>,addr=<ip_address>[,prop=value[,...]] vxlan-link dladm create-vxlan [–t] [–R root-dir] –p vni=<vxlan-id>,interface=<interface_name>[,prop=value[,...]] vxlan-link
Creates a VXLAN link called vxlan-link. A VXLAN link is a virtual link that is created over an IP interface, which will be used for receiving and transmitting VXLAN packets.
Specifies that the modification is temporary. Temporary modifications last until the next reboot.
See "Options," above.
The properties of the VXLAN link to be created. See "General Link Properties" for VXLAN related properties.
Deletes the specified VXLAN link.
Specifies that the modification is temporary. Temporary modifications last until the next reboot.
See "Options," above.
Displays VXLAN configuration for all VXLAN links or for the specified VXLAN link.
The show-vxlan subcommand accepts the following options:
Displays the persistent IP tunnel configuration.
Displays using a stable machine-parseable format. The –o option is required with –p option. See "Parseable Output Format", below.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each VXLAN link, the following fields can be displayed:
The name of the VXLAN link.
The address of the IP interface associated with the VXLAN link.
The VXLAN segment number that the VXLAN link belongs to.
The multicast group associated with the VXLAN link.
Creates a capture datalink with name cap-link. The cap-link must be unique in given zone namespace, where dladm command is running.
Specifies that the capture datalink is temporary. Temporary capture last until the next reboot.
See "Options" above.
Deletes the specified capture datalink.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
See "Options" above.
Shows all/individual cap-link capture interface(s) bound to the zone, where dladm command is running.
Show persistent datalink configuration.
Displays using a stable machine-parseable format. The –o option is required with –p option. See "Parseable Output Format" below.
A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value all, to display all fields. For each capture link, the following fields can be displayed:
The name of the capture link.
The current zone of the datalink.
Datalink type, currently pflog link type is the only type supported.
Link mtu.
dladm create-veth [–t] [–p {<prop>=<val>[,...]}[,...]] –r peer_veth_endpoint veth_endpoint
Creates the veth pair using explicitly provided end points.
Specifies that the veth datalink is temporary. Temporary veths last until the next reboot.
A comma-separated list of properties to set to the specified values.
Specifies the name of the peer veth endpoint for the given local veth endpoint.
Show veth configuration for a single veth or all veth datalinks.
Display the persistent veth configuration.
Deletes the specified veth datalink.
Specifies that the deletion is temporary. Temporary deletions last until the next reboot.
Displays all the supported dladm subcommands or usage for a given subcommand. If you invoke help for a specific subcommand, the command syntax is displayed, along with an example. Using dladm help without any argument displays all of the subcommands.
Many dladm subcommands have an option that displays output in a machine-parseable format. The output format is one or more lines of colon (:) delimited fields. The fields displayed are specific to the subcommand used and are listed under the entry for the –o option for a given subcommand. Output includes only those fields requested by means of the –o option, in the order requested.
When you request multiple fields, any literal colon characters are escaped by a backslash (\) before being output. Similarly, literal backslash characters will also be escaped (\\). This escape format is parseable by using shell read(1) functions with the environment variable IFS=: (see EXAMPLES, below). Note that escaping is not done when you request only a single field.
The following general link properties are supported:
Datalink authentication. Setting authentication to "off" will disable 802.1X authentication on the wired datalink, and WiFi authentication on wireless datalink. Setting it to a network name will enable 802.1X or WiFi authentication on the datalink. Note that the network name and its authentication parameters needs to be configured by nacadm(8) first. If the underneath NIC is being DRed, the "authentication" property needs to be set to "off" first. Having it enabled will cause the NIC DR to fail.
Datalink authentication state. This property is read-only property used to show the state of authentication on a datalink. Possible values include succeeded, failed, in-progress, and off.
Specifies the set of STREAMS modules to push on the stream associated with a link when its DLPI device is opened. It is a space-delimited list of modules.
The optional special character sequence [anchor] indicates that a STREAMS anchor should be placed on the stream at the module previously specified in the list. It is an error to specify more than one anchor or to have an anchor first in the list.
The autopush property is preferred over the more general autopush(8) command.
The 802.1p priority associated with the link. This property, when set, indicates the 802.1p priority on outbound packets on the link. The values range from 0 to 7. When this property is set, all the packets outbound on the link will have a VLAN tag with the priority field set to the property value. When this property is set on a physical NIC, only traffic for the primary client on that physical NIC will have priority set and not any other datalinks on the NIC. This property is only valid on Ethernet data link. The default cos is 0 for VLAN data links or when the underlying device registers DCB capabilities, otherwise the default is not to add a VLAN tag.
Bind the processing of packets for a given data link to a processor or a set of processors. The value can be a comma-separated list of one or more processor ids or a range of ids. If the list consists of more than one processor, the processing will spread out to all the processors. Connection to processor affinity and packet ordering for any individual connection will be maintained.
The processor or set of processors are not exclusively reserved for the link. Only the kernel threads and interrupts associated with processing of the link are bound to the processor or the set of processors specified. In case it is desired that processors be dedicated to the link, psrset(8) can be used to create a processor set and then specifying the processors from the processor set to bind the link to.
If the link was already bound to processor or set of processors due to a previous operation, the binding will be removed and the new set of processors will be used instead.
The default is no CPU binding, which is to say that the processing of packets is not bound to any specific processor or processor set.
Specification of the cpus property is not allowed on links with a pool link property.
The effective value of cpus property displays the list of CPUs used for packet processing on the named data link. If the cpus property has been set, the effective value will be the same as the set value. If the pool property has been set, effective value will be selected from the pool designated by the administrator. If neither the pool nor cpus property is set, the system will select the effective value for cpus property.
This indicates the ETS bandwidth configured on the TX side for a link. This property can be configured on a data link only if the underlying physical NIC registers DCB capability and supports ETS. The value is a percentage of the physical NIC's bandwidth and the sum of values of this property over all links on a physical NIC cannot exceed 100. Aggregation of physical NIC that register DCB capabilities is not supported currently, hence this property cannot be set on aggregations. The effective value for this property could be the ets-bw-local or ets-bw-local-advice depending on LLDP negotiations.
This indicates the ETS bandwidth (as a percentage) recommended by the remote end for this link. The value is obtained by means of LLDP.
This indicates the ETS bandwidth (in percentage) that is effective on the remote end for this link. The value is obtained by means of LLDP.
This indicates the ETS bandwidth (as a percentage) recommended to the remote end for this link. This value is used by LLDP.
Applicable only for VXLAN links. This property specifies the underlying IP interface for a VXLAN link. The VXLAN will be created using an IP address that is available on the specified interface. By default a IPv4 address will be selected for the VXLAN link which can be changed using the ip-version property. This property can be set only when creating a VXLAN link and cannot be modified thereafter. This property may change in the future.
Applicable only to VXLAN datalinks. This property indicates whether an IPv4 or IPv6 address should be selected on an IP interface, specified using interface property, for a VXLAN link. This property can be set only when creating a VXLAN link and cannot be modified thereafter. This property may change in the future.
Applicable only for VXLAN links. This property specifies the IP address, IPv4 or IPv6, that hosts a VXLAN link. A prefixlen may be specified as part of the IPv4 or IPv6 address. A hostname may be provided instead of an IP address. If a hostname is provided, its numeric value is obtained from the entry in /etc/hosts or the resolver specified for hosts or ipnodes in nsswitch.conf(5). As IP addresses are created before naming services have been brought online during boot process, it is important that any hostname used be included in /etc/hosts. This property can be set only when creating a VXLAN link and cannot be modified thereafter. This property may change in the future.
Allows you to specify the number of receive-side fanout threads.
Traffic received on a receive ring can be fanned out across multiple threads and processed in parallel. This is particularly useful when the system has large number of CPUs. This property is a count for the number of receive-side fanout threads for a particular datalink. Note that this property lets an administrator specify the desired rx-fanout. However, based on the number of available CPUs and hardware RX rings, the system might choose a different (smaller or even higher) value for fanout.
The number of CPUs is the upper bound on the receive side fanout while the number of rx-rings is the lower bound. Thus, the actual receive side fanout count can have a value different from the one set by the user.
Receive side fanout could be disabled if zero is explicitly specified by an administrator, that is, no fanout thread will be involved in receive side packet processing. This might give better latency in cases where the number of connections is less than the number of hardware RX rings.
Limits the number of new or changed MAC sources to be learned over a bridge link. When the number exceeds this value, learning on that link is temporarily disabled. Only non-VLAN, non-VNIC type links have this property.
The default value is 1000. Valid values are greater or equal to 0.
Specifies the decay rate for source changes limited by learn-limit. This number is subtracted from the counter for a bridge link every 5 seconds. Only non-VLAN, non-VNIC type links have this property.
The default value is 200. Valid values are greater or equal to 0.
Specifies the user's disposition of turning LRO on or off or using system default LRO value on a data link.
Valid values are off, on, or auto. The default value is auto. The value auto is set to off for physical NICs while it inherits the lower link's lro disposition for virtual NICs.
Applicable only for physical datalinks. TPH (Transaction processing hints) is a performance feature in PCIe 3.0 specification and later that allows I/O devices to populate data in the system cache hierarchy. TPH is proved very useful for high packet rates workload. For workloads which are not latency sensitive, there is no difference for applications that consume the data from L3 cache or DDR memory.
Allows the OS to decide whether to enable tph mode on this link. This is the default value.
Turns the tph mode on. This will allow the physical link leverage tph feature to improve the performance for certain workload.
Turns the tph mode off. This will disable the tph mode on the physical link.
The user can display the current tph setting by using the show-linkprop command. The EFFECTIVE column will show the value decided by the OS. The VALUE column will show the user specified value. The POSSIBLE column will show whether the feature is supported by the datalink on the current platform.
Sets the primary MAC address for the data link. When set, changes the primary MAC address used by all current and future MAC clients of the underlying data link.
Sets the full duplex bandwidth for the link. The bandwidth is specified as an integer with one of the scale suffixes (K, M, or G for Kbps, Mbps, and Gbps). If no units are specified, the input value will be read as Mbps. The default is no bandwidth limit.
Bandwidth share for a VNIC is the minimum share of the bandwidth the VNIC will get when there is competition from other VNICs on the same data link. Note that the bandwidth is allocated among all the active VNICs. The amount of allocation is proportional to their share. For example,
# dladm set-linkprop -p bw-share=40 vnic1 # dladm set-linkprop -p bw-share=10 vnic2
Assuming a 1Gbps link and assuming these two are the only VNICs, vnic1 can have up to 800 Mbps (1Gbps * 40/(40+10)) and vnic2 can have up to 200 Mbps (1Gbps * 10/(40+10)).
The above example assumes both the VNICs have traffic to consume their share of the bandwidth. However, if vnic1 consumes only 100 Mbps, then vnic2 can go up to 900 Mbps. The goal with bandwidth shares is no wasted bandwidth when there is a VNIC that can use it while assuring the allocated share when there is competition from other VNICs.
This property is currently supported only on certain NICs. dladm show-linkprop -H -p bw-share command can be used to determine if bw-share property is supported on a given link. The value can range from 1 to 100. The value is a relative share value and does not indicate a percentage of the bandwidth. The effective value is printed as a percentage of the physical link bandwidth. This is the minimum % of the bandwidth assured to the VNIC when there is competition. The effective value can keep changing depending on the other VNICs or hardware network flows on the link.
For more details about hardware network flows, see the flowadm(8) man page.
For example, datalink has exclusive ring-group vnic1, hardware flows tcpflow1 and udpflow1.
# dladm show-linkprop -pbw-share vnic1 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic1 bw-share rw 10 33.33% -- 1-100 # flowadm show-flowprop -pbw-share FLOW PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE tcpflow1 bw-share rw 10 33.33% -- 1-100 udpflow1 bw-share rw 10 33.33% -- 1-100
Applicable only to VXLAN datalinks. This property that indicates the multicast group a VXLAN link subscribes to. The VXLAN link will use this address to discover other VXLAN links on the same VXLAN segment. If this property is not set, the default all-host address will be used by the VXLAN link. This property can be set only when creating a VXLAN link and cannot be modified thereafter. This property may change in the future.
Bind the processing of packets for a given data link to a pool of processors defined and administered by poolcfg(8) and pooladm(8). The binding of processes is similar to what occurs with the cpus link property, except that the list of CPUs is not explicit and is instead maintained by the pools facility.
If pools are enabled, and no pool is specified for the link, pool_default will be used for packet processing.
For zones with ip-type=exclusive, if a pool is specified through a pool zone property or dedicated-cpus allocation, that pool will also be used for all data links associated with the zone.
Specification of the pool property is not allowed on links with a cpus link property.
If the pools facility has been enabled, and if the administrator has not assigned a pool to a data link, then the effective value of pool will be pool_default. If the pools facility is disabled, there is no pool and the effective value will be empty.
Sets the relative priority for the link. The value can be given as one of the tokens high, medium, or low. The default is medium. This priority is not reflected in any protocol priority fields on the wire, but used for packet processing scheduling within the system. A high priority link offers a better latency depending on the availability of system resources. Setting this property can cause CPU utilization to go up for some workloads.
A read-only property that specifies the number of rings available on the receive side.
Specifies the number of receive rings side for the MAC client. A value of sw means this MAC client should not be assigned any RX ring and will be software-based. A value of hw means this MAC client can get one RX ring, if available, or will be software-based. A non-zero value means reserve that many rings for this MAC client, if available, and fail if not. If this property is not specified, the MAC client can get one RX ring, if available, or will be software-based.
A read-only property that specifies the number of additional RX hardware-based MAC clients that can be created.
A read-only property that specifies the number of rings available on the transmit side.
Specifies the number of transmit rings for the MAC client. A value of sw means this MAC client should not be assigned any TX ring. A value of hw means this MAC client can get one TX ring, if available, or will be software-based. A non-zero value means reserve that many rings for this MAC client, if available, and fail if not. If this property is not specified, the MAC client can get one TX ring, if available, or will be software-based.
A read-only property that specifics the number of additional TX hardware-based MAC clients that can be created.
Enables or disables Spanning Tree Protocol on a bridge link. Setting this value to 0 disables Spanning Tree, and puts the link into forwarding mode with BPDU guarding enabled. This mode is appropriate for point-to-point links connected only to end nodes. Only non-VLAN, non-VNIC type links have this property. The default value is 1, to enable STP.
Enables or disables forwarding for a VLAN. Setting this value to 0 disables bridge forwarding for a VLAN link. Disabling bridge forwarding removes that VLAN from the “allowed set” for the bridge. The default value is 1, to enable bridge forwarding for configured VLANs.
Sets the default VLAN ID that is assumed for untagged packets sent to and received from this link. Only non-VLAN, non-VNIC type links have this property. Setting this value to 0 disables the bridge forwarding of untagged packets to and from the port. The default value is VLAN ID 1. Valid values are from 0 to 4094. The default VLAN ID is also referred to as the Port VLAN Identifier (PVID).
You cannot create a tagged VLAN or VLAN-tagged VNIC link with a VLAN ID that matches the default VLAN value of the underlying link. All untagged packets on the link are already associated with the default VLAN (PVID). To successfully create a tagged VLAN or VLAN-tagged VNIC link with VLAN ID equal to the default VLAN value, you must first change the default-tag property of the underlying link to a different VLAN value.
When default-tag=0, all untagged packets on the link are no longer associated with any VLAN. As a result, you can create a VLAN link with any VLAN ID from 1 to 4094. Note that any received packets that are erroneously tagged with the PVID at an end-point might be dropped. This situation occurs if all the end-points on a given link do not agree on the PVID. All end-points on a link must use the same PVID and must not tag traffic with the PVID.
Sets the STP and RSTP Port Priority value, which is used to determine the preferred root port on a bridge. Lower numerical values are higher priority. The default value is 128. Valid values range from 0 to 255.
Sets the STP and RSTP cost for using the link. The default value is auto, which sets the cost based on link speed, using 100 for 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for 10Gbps. Valid values range from 1 to 65535.
Enables or disables bridge edge port detection. If set to 0 (false), the system assumes that the port is connected to other bridges even if no bridge PDUs of any type are seen. The default value is 1, which detects edge ports automatically.
Sets bridge point-to-point operation mode. Possible values are true, false, and auto. When set to auto, point-to-point connections are automatically discovered. When set to true, the port mode is forced to use point-to-point. When set to false, the port mode is forced to use normal multipoint mode. The default value is auto.
Triggers the system to run the RSTP Force BPDU Migration Check procedure on this link. The procedure is triggered by setting the property value to 1. The property is automatically reset back to 0. This value cannot be set unless the following are true:
The link is bridged
The bridge is protected by Spanning Tree
The bridge force-protocol value is at least 2 (RSTP)
The default value is 0.
Enables one or more types of link protection. Valid values are:
MAC address anti-spoof. An outbound packet's source MAC address must match the link's configured MAC address. Non-matching packets will be dropped. If the link belongs to a zone, turning mac-nospoof on will prevent the zone's owner from modifying the link's MAC address.
IP address anti-spoof. This protection type works in conjunction with the link property allowed-ips.
allowed-ips is a list containing IP (IPv4 or IPv6) addresses. This list is empty by default. Addresses that are implicitly in this list are: the link local IPv6 address conforming to RFC 2464 (derived from the link's MAC address); IPv4/IPv6 addresses learned from DHCP replies; the unspecified (all-zeros) IPv4/IPv6 address.
An outbound IP packet can pass if its source address is in allowed-ips.
An outbound ARP packet can pass if its sender protocol address is in allowed-ips.
When a datalink has been protected by setting allowed-ips to a set of one or more IP addresses, any attempts to configure IP addresses that are not in this set will fail with an EPERM error being returned to the user. Moreover, the interface may not be used for forwarding IP packets, and attempts to set the ipadm(8) forwarding property on the interface will encounter an EPERM error.
DHCP client ID (DUID for DHCPv6) and hardware address anti-spoof. This protection type works in conjunction with the link property allowed-dhcp-cids.
Items in the allowed-dhcp-cids list should be formatted in the same way as the "client-id" property in ipadm utility. The only difference is that . (period) should be used in place of , (comma) when specifying DUIDs. For more information, see the ipadm(8) man page.
An outbound DHCP (v4/v6) packet can pass only if these conditions are satisfied:
If allowed-dhcp-cids is not configured and the packet type is:
DHCPv4, the client ID field must match the configured MAC address.
DHCPv6, the DUID must be of type 1 or 3 and the link layer address part of the DUID must match the configured MAC address.
If allowed-dhcp-cids is configured and the packet type is:
DHCPv4, the client ID field must match one of the IDs on this list or the configured MAC address.
DHCPv6, the DUID field must match one of the IDs on this list or, the DUID must be of type 1 or 3 and the link layer address part of the DUID matches the configured MAC address.
This protection restricts outgoing packet types to just IPv4, IPv6, and ARP.
Applicable only to VXLAN datalinks. This property, with values ranging between 0 and 16777215, that specifies the VXLAN segment the link belongs to. This property is mandatory when creating a VXLAN link and cannot be modified thereafter. This property may change in the future.
An IPv6 address.
When the VDP service is enabled on a VNIC, properties of the VNIC are exchanged with the bridge using a 3-byte VSI Type ID and 1-byte VSI Version. A VSI Manager maintains the mapping between the {VSI Type ID-VSI Version} and the set of properties. The {VSI Manager ID, VSI Type id, VSI Version} tuple identifies a specific set of properties.
On a VNIC, the vsi-manager-id can be explicitly assigned. If the vsi-manager-id is not explicitly assigned, the vsi-manager-id is set to the vsi-manager-id value of the underlying link.
On physical link, vsi-manager-id specifies the default vsi-manager-id for all the VNICs over it. The default value of the vsi-manager-id on a physical link is 0.
The default VSI Manager ID on a physical link is associated with the Oracle VSI Manager (oracle_v1). The Oracle VSI Manager is defined as a 3-byte encoding using the following link properties:
Bits Properties -------------------------------------------------- 0-4 Link Bandwidth Limit 00000-10100 : 0-100% of link speed in increments of 5% rest : reserved 5-7 Link Speed 000 - Unknown 001 - 10 Mbps 010 - 100 Mbps 011 - 1 Gbps 100 - 10 Gbps 101 - 40 Gbps 110 - 100 Gbps 111 - Reserved 8-12 Reserved 13-15 Traffic Class (0-7) 16-17 Link MTU 00 - 1500 bytes 01 - 9000 bytes 10 - Custom 11 - Reserved 18-23 Reserved
The encoding associated with the physical link's vsi-manager-id. Supported values include oracle_v1 and none. If this property is set to none, the vsi-type-id and vsi-version are not automatically generated over this link for VNICs that do not have their vsi-manager-id explicitly set.
A 3-byte value that is used to determine the properties associated with a VNIC. The vsi-type-id is used along with the vsi-version and vsi-manager-id to obtain the actual properties associated with the VNIC. When the vsi-manager-id is not explicitly on the VNIC, the vsi-type-id is automatically generated using the properties of the VNIC and the above encoding (oracle_v1).
A 1-byte value that is used to determine the properties associated with a VNIC. The vsi-version is used along with the vsi-type-id and vsi-manager-id to obtain the actual properties associated with the VNIC. When the vsi-manager-id is not explicitly on the VNIC, the vsi-version is set to 0.
A read-only property. The effective VSI Version on a link.
This property determines if switching between VNICs or MAC clients over a physical link happens through the virtual switch associated with the link or on the external switch. This property is applicable only to physical and aggregated links. By default switching happens through the virtual switch associated with the link. Valid values include:
Switching between MAC clients or VNICs over the link happens internally through the link's virtual switch. This is referred to as Virtual Ethernet Bridge (VEB).
Switching between MAC clients or VNICs over the link happens externally through the external switch. This is referred to as Virtual Ethernet Port Aggregator (VEPA). Setting this value assumes that Reflective Relay is configured on the external switch.
Switching is determined through Link Layer Discovery Protocol (LLDP) protocol. This value initiates LLDP exchange with the external switch to enable Reflective Relay. If LLDP successfully enables Reflective Relay on the switch, the effective value is remote (that is, switching happens on the external switch), else it is local (that is, switching happens locally through the link's virtual switch).
This property behaves differently depending on whether it is used on a physical link or a VNIC.
Setting this link property on a physical link allows the user to enable/disable SR-IOV mode. The possible values for iov on a physical link are:
Allows the OS decide whether to enable SR-IOV mode on this link. This is the default value.
Turns SR-IOV mode on. This will allow the creation of VF VNICS.
Turns SR-IOV mode off. This will disable the ability to create VF VNICs.
The user can display the current iov setting by using show-linkprop. The EFFECTIVE column will show the value decided by the OS. The VALUE column will show the user specified value.
This property may also be specified during VNIC creation via the –p option. This option allows the user to choose whether to create a VF VNIC or not. For this case, the possible values for iov are:
Inherit the EFFECTIVE iov setting from the VNIC's underlying link. For example, if the underlying link has –iov on, specifying inherit during VNIC creation means, allowing the OS allocate a VF if possible; If a VF is not found, create a regular VNIC instead. If the underlying link has iov off, it means a VF will not be allocated.
If –p iov is not specified during create-vnic, this is the assumed default value.
A VF must be allocated for this VNIC. If a VF cannot be found, fail the VNIC creation.
Do not allocate a VF for this VNIC. The created VNIC will always be a regular VNIC regardless of the underlying iov setting.
Unlike the physical link case, the VNIC's iov property cannot be modified by set-linkprop. It can only be specified during create-vnic. Displaying this property through show-linkprop is allowed.
This property behaves differently depending on whether it is used on a physical link or a VNIC. The user can display the current ring-group by using show-linkprop command. For physical links, ring-group is just a read-only property to indicate if the driver supports this feature. The user may not enable/disable this feature. Valid values are exclusive and shared.
For VNICs, ring-group is a property that may only be specified at VNIC creation time. The valid values are: auto (OS decides whether exclusive or shared used on a particular physical link), exclusive (VNIC creation fails if exclusive ring-group unavailable), shared (does not allocate dedicated resources) The default value is shared.
This property can also be specified during VNIC creation through the –p option. This option allows the user to choose whether to create a exclusive hardware ring group VNIC or not.
After VNIC creation, ring-group may not be modified through the set-linkprop command. Exclusive ring-group VNICs can be supported in SRIOV mode. In SRIOV mode, the VNIC needs to set the iov property to "off" for exclusive ring-group VNIC creation.
This property determines how the outgoing packets should be tagged. This property applies to physical links and the valid values are:
The outgoing packets will be tagged with the VNIC's Primary VID.
The outgoing packets will be tagged with the VNIC's Secondary VID. This is the default value.
Allows you to enable/disable polling mechanism based on per-datalink basis.
Polling is a feature meant for reducing interrupt overhead under high network load. Polling is not desirable for latency-sensitive workloads because it may incur some delays in the receive path.
The network stack auto-tunes its polling algorithm to minimize such delays. To avoid delays that may be caused by polling, that feature can be disabled on a per-datalink basis. Note that this can result in an increased interrupt rate and CPU utilization.
Note that polling is also disabled automatically when disabling receive-side fanout by setting rx-fanout property to zero.
Specifies the zone to which the link belongs. This property can be modified only temporarily through dladm, and thus the –t option must be specified. To modify the zone assignment such that it persists across reboots, please use zonecfg(8). Possible values consist of any exclusive-IP zone currently running on the system. By default, the zone binding is as per zonecfg(8).
Applicable only for physical datalinks. A read-only property that specifies the firmware version information for the physical NIC. This property is only shown when explicitly requested through the –p option. The format, meaning, and stability of its value is up to each individual driver and optionally documented in the driver's manual page.
On IPoIB VNICs, only the following link properties are supported: autopush, zone, max-bw, cpus, rx-fanout, pool, priority, protection, allowed-ips, and allowed-dhcp-cids.
The following WiFi link properties are supported. Note that the ability to set a given property to a given value depends on the driver and hardware.
Specifies the channel to use. This property can be modified only by certain WiFi links when in IBSS mode. The default value and allowed range of values varies by regulatory domain.
Specifies the power management mode of the WiFi link. Possible values are off (disable power management), max (maximum power savings), and fast (performance-sensitive power management). Default is off.
Specifies the radio mode of the WiFi link. Possible values are on or off. Default is on.
Specifies a fixed speed for the WiFi link, in megabits per second. The set of possible values depends on the driver and hardware (but is shown by show-linkprop); common speeds include 1, 2, 11, and 54. By default, there is no fixed speed.
The following MII Properties, as documented in ieee802.3(7), are supported in read-only mode:
duplex
state
Formerly, read-only adv_<speed><duplex>_cap properties reflecting the advertised speed-duplex values (1 meaning on and 0 being off), and writable en_<speed><duplex>_cap properties were provided to enable or disable specific speed-duplex combinations. These have been replaced with a single speed-duplex value that can be set to any combination of (assuming the speeds are supported by the underlying hardware):
100g-f (100 GigaBit Full-Duplex)
50g-f (50 GigaBit Full-Duplex)
40g-f (40 GigaBit Full-Duplex)
25g-f (25 GigaBit Full-Duplex)
10g-f (10 GigaBit Full-Duplex)
1g-f (1 GigaBit Full-Duplex)
1g-h (1 Gigabit Half-Duplex)
100m-f (100 MegaBit Full-Duplex)
100m-h (100 MegaBit Half-Duplex)
10m-f (10 Megabit Full-Duplex)
10m-h (10 MegaBit Half-Duplex)
auto-negotiation
Auto-negotiation was previously supported through the adv-autoneg-cap property. It is now specified through the auto-negotiation property.
In the absence of Power Management, the possible speed-duplex values provide the values that are both negotiated and currently effective in hardware. However, with Power Management enabled, the speed/duplex capabilities currently exposed in the hardware might be a subset of the set of bits that were used in initial link parameter negotiation. Changing the current set of speed-duplex values configures speed and duplex properties at initial negotiation.
Auto-negotiation is a 0/1 switch that turns off/on auto-negotiation, and therefore cannot be impacted by Power Management.
In addition, the following Ethernet properties are reported:
Establishes flow-control modes that will be advertised by the device. Valid input is one of:
Flow control mode on the device is dynamically determined. To see the actual flow control mode set on the device, check the effective value of flow-control property.
No flow-control enabled.
Receive, and act upon incoming pause frames.
Transmit pause frames to the peer when congestion occurs, but ignore received pause frames.
Transmit pause frames including the priority value of the traffic that should be paused. Receive pause frames, and act upon the traffic whose priority values are specified in the frame.
Bidirectional flow control.
Note that the actual settings for this value are constrained by the capabilities allowed by the device and the link partner. As such the effective value of flow-control indicates the system chosen value.
Specifies wait period between VID announcement broadcasts, in milliseconds.
The maximum client SDU (Send Data Unit) supported by the device. Valid range is 68-65536.
The number of Traffic Classes supported on the device. A device supporting extensions for DCB (Data Center Bridging) can support multiple traffic classes. This property can be used to determine if the device supports DCB extensions. This is a read-only property.
This property is used to indicate the 802.1p priority values for which PFC (Priority-based flow control) is enabled. This is an 8-bit mask, in which an individual bit signifies whether PFC is enabled for the corresponding priority. For priorities that have PFC enabled, the device will transmit a pause frame for that priority in the event of congestion. This is relevant only if num-tcs is greater than zero and flow-ctrl-effective is pfc.
The effective value of pfcmap can either be the user configured value or the effective value of pfcmap-remote depending on LLDP DCBx negotiations.
This property is used to indicate the PFC configuration of the remote peer, usually an adjacent switch.
(read-only) This property is used to indicate the availability of PTP hardware assistance in the device.
(read-only) The operating speed of the device, in Mbps.
This link property controls the conditions in which 802.1Q VLAN tags will be inserted in packets being transmitted on the link. Two mode values can be assigned to this property:
Insert a VLAN tag in outgoing packets under the following conditions:
The packet belongs to a VLAN.
The user requested priority tagging.
Insert a VLAN tag only when the outgoing packet belongs to a VLAN. If a tag is being inserted in this mode and the user has also requested a non-zero priority, the priority is honored and included in the VLAN tag.
The default value is vlanonly.
This property controls automatic VLAN ID announcement. When enabled, it broadcasts the VIDs of any VNICs or VLANs configured on the device. It supports both physical links and aggregations. Possible values are:
No VID announcements will be sent.
Announcements sent using GVRP protocol, as defined in 802.1D. See gvrp-timeout to configure broadcast frequency.
The following properties are supported only on IB partition object datalinks and IPoIB VNIC datalinks.
Sets the link transport service type on an IB partition datalink. The default value is cm. Valid values are:
Connected Mode. This mode uses a default MTU of 65520 and supports a maximum MTU of 65535 bytes. If Connected Mode is not available for a remote node, Unreliable Datagram mode will automatically be used instead.
Unreliable Datagram Mode. This mode uses a default MTU of 2044 and supports a maximum MTU of 4092 bytes.
The broadcast group state of an IB partition object datalink. The default value is unknown. Valid values are:
Initial state of an IB partition object datalink after creation and before creating IP instance.
Broadcast group is not configured by the Subnet Manager.
Broadcast group is configured and IB partition object datalink successfully joined the broadcast group.
Broadcast group is configured but IPoIB failed to join the broadcast group. This can occur if one or parameters such as MTU, srate and Q key is/are different from broadcast group created on the Subnet Manager (SM). See SM log for exact reason for the join failure.
The following IP tunnel link properties are supported.
Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating outer IP header of a tunnel link. This property exists for all tunnel types. The default value is 64.
Specifies the IPv6 encapsulation limit for an IPv6 tunnel as defined in RFC 2473. This value is the tunnel nesting limit for a given tunneled packet. The default value is 4. A value of 0 disables the encapsulation limit.
The following properties are supported only on DLMP mode aggregations.
This property controls whether the probe-based failure/recovery detection is enabled for the given aggregation. When disabled, the health detection of the underlying port will be solely relying on the port's link state. Possible values are:
Probe-based failure/recovery detection is enabled. This is the default value.
Probe-based failure/recovery detection is disabled.
This property is a comma separated list of IP addresses allowed for use as source IP addresses for ICMP probing. IP addresses from this list, if configured (as plumbed primary or as VNICs) will be used for ICMP probing. These IP addresses will continue to carry data traffic like usual. Thus, there is no need to reserve exclusive IP addresses for probing.
Each field in the list consists of "source IP" followed by optional target configuration information. The target information, if specified, can either be the target IP address or the string "rt". If it is the latter, the in.dlmpd daemon will consult the routing table for routes on the same subnet as the specified "source IP" address, and uses the specified next-hop as the target IP address.
If no target is specified, the DLMP probing service will try to discover potential targets IP addresses by sending the ICMP multicast packet.
Regardless the sources of the target IP address (discovered, specified or come from the routing table), the target IP address must be in the same subnetwork as the specified source IP address, or, it will not take effect.
The following forms are accepted:
Explicitly specify the IP address and its prefix length (optional). For example, 10.134.8.0/24+.
Specify the specific addrobj name, which can be seen in the ipadm show-addr output. For example, vnic1/addr1+169.156.0.1.
Specify a specific interface name. It can be either the name of the aggregation interface itself or any VNIC configured over the aggregation in the global zone. All the IPv4 addresses and IPv6 addresses configured on the specified interface will be used for ICMP probing.
Note that to avoid ambiguity between the hostname and the interface name, the interface names will be enclosed by square brackets. For example:
[dlmp1]+
+[<target>]
The special strings "*", "*v4", and "*v6" can also be used. All the IP addresses (or the IPv4/link-local-IPv6 IP addresses) configured on the aggregation and the VNICs will be potential source IP address of ICMP probes.
This link property specifies the VLAN-ID to be used for both ICMP and transitive probing. Valid values are from 0 to 4094. The value 0 indicates that the probes are untagged. The default value is 0.
This link property defines the failure detection time. It configures the expected failure detection time value in seconds. The default value is 10s.
The following Known WLAN properties are supported: priority, bssids, security-mode, key. These properties are described in the show-wlan subcommand section above.
The following command shows the effect of invoking dladm with no arguments.
# dladm LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- net2 phys 1500 unknown -- net3 phys 1500 up -- vnic1 vnic 1500 up net1 vlan1 vlan 1500 up net1 aggr1 aggr 1500 up net2 net3 stub1 etherstub 9000 unknown --Example 2 Configuring an Aggregation
To configure a data-link over an aggregation of devices bge0 (linkname net0) and bge1 (linkname net1) with key 1, enter the following command:
# dladm create-aggr -l net0 -l net1 1
To configure an IEEE 802.3ad link aggregation of devices e1000g1 (linkname net0) and e1000g2 (linkname net1) with the name aggr1, enter following command:
# dladm create-aggr -l net0 -l net1 aggr1
To configure an Datalink Multipathing (dlmp) link aggregation of devices ixgbe1 (linkame net2) and ixgbe2 (linkname net3) with the name aggr2 enter following command:
# dladm create-aggr -m dlmp -l net2 -l net3 aggr2
To list aggregations, enter following command:
# dladm show-aggr LINK MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER aggr1 trunk L4 auto off short aggr2 dlmp -- -- -- --Example 3 Connecting to a WiFi Link
To connect to the most optimal available unsecured network on a system with a single WiFi link (as per the prioritization rules specified for connect-wifi), enter the following command:
# dladm connect-wifi
Alternatively, to connect to an available network with the highest priority in the Known WLAN list, enter the following command:
# dladm connect-wifi -wExample 4 Creating a WiFi Key
To interactively create the WPA key mykey, enter the following command:
# dladm create-secobj -c wpa mykey
Alternatively, to non-interactively create the WPA key mykey using the contents of a file:
# umask 077 # cat >/tmp/mykey.$$ <<EOF 12345678 EOF # dladm create-secobj -c wpa -f /tmp/mykey.$$ mykey # rm /tmp/mykey.$$Example 5 Connecting to a Specified Encrypted WiFi Link
To use key mykey to connect to ESSID wlan on link ath0, enter the following command:
# dladm connect-wifi -k mykey -e wlan ath0Example 6 Changing a Link Property
To set power-mode to the value fast on link pcwl0, enter the following command:
# dladm set-linkprop -p power-mode=fast pcwl0Example 7 Connecting to a WPA-Protected WiFi Link
Create a WPA key psk and enter the following command:
# dladm create-secobj -c wpa psk
To then use key psk to connect to ESSID wlan on link ath0, enter the following command:
# dladm connect-wifi -k psk -e wlan ath0Example 8 Renaming a Link
To rename the bge0 link to mgmt0, enter the following command:
# dladm rename-link bge0 mgmt0Example 9 Replacing a Network Card
Consider that the bge0 device, whose link was named mgmt0 as shown in the previous example, needs to be replaced with a ce0 device because of a hardware failure. The bge0 NIC is physically removed, and replaced with a new ce0 NIC. To associate the newly added ce0 device with the mgmt0 configuration previously associated with bge0, enter the following command:
# dladm rename-link ce0 mgmt0Example 10 Removing a Network Card
Suppose that in the previous example, the intent is not to replace the bge0 NIC with another NIC, but rather to remove and not replace the hardware. In that case, the mgmt0 datalink configuration is not slated to be associated with a different physical device as shown in the previous example, but needs to be deleted. Enter the following command to delete the datalink configuration associated with the mgmt0 datalink, whose physical hardware (bge0 in this case) has been removed:
# dladm delete-phys mgmt0Example 11 Using Parseable Output to Capture a Single Field
The following assignment saves the MTU of link net0 to a variable named mtu.
# mtu=`dladm show-link -p -o mtu net0`Example 12 Using Parsable Output to Iterate over Links
The following script displays the state of each link on the system.
# dladm show-link -p -o link,state | while IFS=: read link state; do print "Link $link is in state $state" doneExample 13 Configuring VNICs
Create two VNICs with names hello0 and test1 over a single physical link net0:
# dladm create-vnic -l net0 hello0 # dladm create-vnic -l net0 test1Example 14 Configuring VNICs and Allocating Bandwidth and Priority
Create two VNICs with names hello0 and test1 over a single physical link net0 and make hello0 a high priority VNIC with a factory-assigned MAC address with a maximum bandwidth of 50 Mbps. Make test1 a low priority VNIC with a random MAC address and a maximum bandwidth of 100Mbps.
# dladm create-vnic -l net0 -m factory -p max-bw=50,priority=high hello0 # dladm create-vnic -l net0 -m random -p max-bw=100M,priority=low test1Example 15 Configuring a VNIC with a Factory MAC Address
First, list the available factory MAC addresses and choose one of them:
# dladm show-phys -m net0 LINK SLOT ADDRESS INUSE CLIENT net0 primary 0:e0:81:27:d4:47 yes net0 net0 1 8:0:20:fe:4e:a5 no net0 2 8:0:20:fe:4e:a6 no net0 3 8:0:20:fe:4e:a7 no
Create a VNIC named hello0 and use slot 1's address:
# dladm create-vnic -l net0 -m factory -n 1 hello0 # dladm show-phys -m net0 LINK SLOT ADDRESS INUSE CLIENT net0 primary 0:e0:81:27:d4:47 yes net0 net0 1 8:0:20:fe:4e:a5 yes hello0 net0 2 8:0:20:fe:4e:a6 no net0 3 8:0:20:fe:4e:a7 noExample 16 Creating a VNIC with User-Specified MAC Address, Binding it to Set of Processors
Create a VNIC with name hello0, with a user specified MAC address, and a processor binding 0, 2, 4-6.
# dladm create-vnic -l net0 -m 8:0:20:fe:4e:b8 -p cpus=0,2,4-6 hello0Example 17 Creating a Virtual Network Without a Physical NIC
First, create an etherstub with name stub1:
# dladm create-etherstub stub1
Create two VNICs with names hello0 and test1 on the etherstub. This operation implicitly creates a virtual switch connecting hello0 and test1.
# dladm create-vnic -l stub1 hello0 # dladm create-vnic -l stub1 test1Example 18 Displaying Bridge Information
The following commands use the show-bridge subcommand with no and various options.
# dladm show-bridge BRIDGE PROTECT ADDRESS PRIORITY DESROOT foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38 bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38 # dladm show-bridge -l foo LINK STATE UPTIME DESROOT hme0 forwarding 117 8192/0:d0:0:76:14:38 qfe1 forwarding 117 8192/0:d0:0:76:14:38 # dladm show-bridge -f foo DEST AGE FLAGS OUTPUT 8:0:20:bc:a7:dc 10.860 -- hme0 8:0:20:bf:f9:69 -- L hme0 8:0:20:c0:20:26 17.420 -- hme0 8:0:20:e5:86:11 -- L qfe1Example 19 Creating an IPv4 Tunnel
The following sequence of commands creates and then displays a persistent IPv4 tunnel link named mytunnel0 between 66.1.2.3 and 192.4.5.6:
# dladm create-iptun -T ipv4 -a local=66.1.2.3,remote=192.4.5.6 mytunnel0 # dladm show-iptun mytunnel0 LINK TYPE FLAGS SOURCE DESTINATION mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6
A point-to-point IP interface can then be created over this tunnel link:
# ipadm create-ip mytunnel0 # ipadm create-addr -T static -a local=10.1.0.1,remote=10.1.0.2 \ mytunnel0/addr # ipadm show-addr mytunnel0/addr ADDROBJ TYPE STATE ADDR mytunnel0/addr static ok 10.1.0.1->10.1.0.2Example 20 Creating a 6to4 Tunnel
The following command creates a 6to4 tunnel link. The IPv4 address of the 6to4 router is 75.10.11.12.
# dladm create-iptun -T 6to4 -a local=75.10.11.12 sitetunnel0 # dladm show-iptun sitetunnel0 LINK TYPE FLAGS SOURCE DESTINATION sitetunnel0 6to4 -- 75.10.11.12 --
The following command creates an IPv6 interface on this tunnel:
# ipadm create-ip sitetunnel0 # ipadm show-addr sitetunnel0/_a ADDROBJ TYPE STATE ADDR sitetunnel0/_a static ok 2002:4b0a:b0c::1/16
Note that the system automatically configures the IPv6 address on the 6to4 IP interface. See ipadm(8) for a description of how IPv6 addresses are configured on 6to4 tunnel links.
Example 21 Using Link ProtectionTo enable link protection:
# dladm set-linkprop \ -p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0
To disable link protection:
# dladm reset-linkprop -p protection vnic0
To modify the allowed-ips list:
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0
To modify the allowed-dhcp-cids list:
# dladm set-linkprop -p allowed-dhcp-cids=hello vnic0
To display the resulting configuration:
# dladm show-linkprop -p protection,allowed-ips vnic0 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 protection rw mac-nospoof, mac-nospoof, -- mac-nospoof, restricted, restricted, restricted, ip-nospoof, ip-nospoof, ip-nospoof, dhcp-nospoof dhcp-nospoof dhcp-nospoof vnic0 allowed-ips rw 10.0.0.1, 10.0.0.1, -- -- 10.0.0.2 10.0.0.2 vnic0 allowed-dhcp-cids rw hello hello -- --Example 22 Creating an IB Partition
The following command creates a partition ffff.ibp0 with partition key 0xffff on the physical link ibp0.
# dladm create-part -P ffff -l ibp0 ffff.ibp0Example 23 Displaying IB Partition Information
The following command displays IB partition information.
# dladm show-part LINK PKEY OVER STATE FLAGS ffff.ibp0 FFFF ibp0 up ----Example 24 Displaying IB Data Links Information
The following command displays IB data links information.
# dladm show-ib LINK HCAGUID PORTGUID PORT STATE GWNAME GWPORT PKEYS net0 3BA000100CD7C 3BA000100CD7D 1 down -- -- FFFF net1 3BA000100CD7C 3BA000100CD7E 2 down -- -- FFFF net3 5AD0000033634 5AD0000033636 2 up -- -- FFFF,8001 net2 5AD0000033634 5AD0000033635 1 up -- -- FFFF,8001Example 25 Displaying IB HCA mapping
The following command displays IB HCA name as managed by ibadm(8) that each IB link runs over.
# dladm show-ib -o link,hca,port,hcaguid,portguid,pkeys LINK HCA PORT HCAGUID PORTGUID PKEYS net0 hermon0 1 3BA000100CD7C 3BA000100CD7D FFFF,8001 net1 hermon0 2 3BA000100CD7C 3BA000100CD7E FFFF,8001 net3 hermon0.vhca0 2 5AD0000033634 5AD0000033636 FFFF,8001 net2 hermon0.vhca1 1 5AD0000033634 5AD0000033635 FFFF,8001Example 26 Deleting a Partition
The following command deletes the partition ffff.ibp0.
# dladm delete-part ffff.ibp0Example 27 Using show-link to Display Partition Information
The following command uses the show-link subcommand to display partition information.
# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 1500 unknown -- net0 phys 65520 down -- net3 phys 65520 up -- net2 phys 65520 up -- net1 phys 65520 down -- pffff.ibp0 part 2044 down ibp0 p8001.ibp2 part 65520 unknown ibp2Example 28 Displaying Links in All Zones from the Global Zone
The show-link command shown below displays data links in all zones from the global zone. Links that are not in the global zone are displayed with the zonename prefix followed by the slash (/) separator.
In this example, net0 is a VNIC created in the global zone, zone1/net0 is an automatically created VNIC for zone1, and zone2/net0 is an automatically created VNIC for zone2.
# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 8170 unknown -- e1000g2 phys 1500 unknown -- e1000g3 phys 1500 unknown -- net0 vnic 1500 up e1000g0 zone1/net0 vnic 1500 up e1000g0 zone2/net0 vnic 1500 up e1000g0Example 29 Displaying Links in the Global Zone
The following show-link command displays data links in the global zone only.
# dladm show-link -z global LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 8170 unknown -- e1000g2 phys 1500 unknown -- e1000g3 phys 1500 unknown -- net0 vnic 1500 up e1000g0Example 30 Displaying Links for a Specified Zone
The following show-link command displays data links in a specific, non-global zone.
# dladm show-link -z zone1 LINK CLASS MTU STATE OVER zone1/net0 vnic 1500 up e1000g0Example 31 Displaying Links for a Specified Zone from the Global Zone
The following show-link command displays, from the global zone, data links in a specific, non-global zone.
# dladm show-link -z zone1 LINK CLASS MTU STATE OVER zone1/net0 vnic 1500 up e1000g0Example 32 Displaying Links in a Non-Global Zone
The following show-link shown below is invoked from zone1 and displays only data links for that zone.
Note that, in show-link output, the zone1/ prefix is not displayed. The prefix is not displayed because the command was invoked from within the zone.
# zlogin zone1 # dladm show-link -z zone1 LINK CLASS MTU STATE OVER net0 vnic 1500 up ?Example 33 Using -Z Option to Display the Current Zone
The command below presumes the following conditions:
The link net1 is currently assigned to zoneA. The entries net1 and zoneA/net1 represents the same link. The ZONE column for these two entries is the same and is the name of the zone to which the link is currently assigned.
The link net2 is not assigned to any non-global zone.
The link zoneB/net2 is an automatic VNIC created for zoneB.
The link zoneC/net2 is an automatic VNIC created for zoneC.
The link zoneD/net2 is an IP tunnel created inside zoneD. Unlike for net1, each entry for net2 represents a different link. The ZONE column for these entries is different.
# dladm show-link -Z LINK ZONE CLASS MTU STATE OVER e1000g0 global phys 1500 up -- e1000g1 global phys 1500 up -- net1 zoneA vnic 1500 up e1000g0 zoneA/net1 zoneA vnic 1500 up e1000g0 net2 global vnic 1500 up e1000g1 zoneB/net2 zoneB vnic 1500 up e1000g1 zoneC/net2 zoneC vnic 1500 up e1000g1 zoneD/net2 zoneD iptun 65515 up --Example 34 Displaying VDP Information
The following command displays VDP information for vnic1.
# dladm show-ether -P vdp vnic1 LINK VSI VSIID VSI-TYPE-ID VSI-STATE CMD-PENDING ixgbe1 vnic1 2:8:20:3:2:b 0x58/0 ASSOC DEASSOCExample 35 Displaying ECP Information
The following command displays ECP information for ixgbe1.
# dladm show-ether -P ecp ixgbe1 LINK SEQNO ACKNO LAST-ACK MAX-RETRIES TIMEOUTS ixgbe1 65535 25660 0 3 164Example 36 Setting the VSI Manager ID, VSI Type, and VSI Version
The following commands set the VSI Manager ID, VSI Type, and VSI Version on vnic1.
# dladm set-linkprop -p vsi-manager-id=fe80::214:4fff:fec2:67c8 vnic1 # dladm set-linkprop -p vsi-type-id=0x64,vsi-version=1 vnic1Example 37 Migrating a VLAN, Modifying its VLAN-ID
The following command sequence shows how you migrate a VLAN and modify its VLAN-ID.
# dladm show-vlan vlan0 LINK VID SVID PVLAN-TYPE FLAGS OVER vlan0 100 -- -- ----- net0 # dladm modify-vlan -l net1 -v 200 vlan0 # dladm show-vlan vlan0 LINK VID SVID PVLAN-TYPE FLAGS OVER vlan0 200 -- -- ----- net1Example 38 Migrating Multiple VNICs
The following command sequence shows how you migrate multiple VNICs.
# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE IDS vnic0 net0 1000 2:8:20:ec:c4:1d random VID:0 vnic1 net0 1000 2:8:20:ec:c4:1e random VID:0 # dladm modify-vnic -l net1 -L net0 # dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE IDS vnic0 net1 1000 2:8:20:ec:c4:1d random VID:0 vnic1 net1 1000 2:8:20:ec:c4:1e random VID:0Example 39 Migrating a VNIC and Modifying its MAC Address
The following command sequence shows how you migrate a VNIC and modify its MAC address.
# dladm show-vnic vnic0 LINK OVER SPEED MACADDRESS MACADDRTYPE IDS vnic0 net0 1000 2:8:20:ec:c4:1d random VID:0 # dladm modify-vnic -l net1 -m 2:8:20:00:01:02 vnic0 # dladm show-vnic vnic0 LINK OVER SPEED MACADDRESS MACADDRTYPE IDS vnic0 net1 1000 2:8:20:0:1:2 fixed VID:0Example 40 Configuring cos and ETS Bandwidth
The following example creates a VNIC with name vnic1 over the physical link net1 and assigns to it a cos value of 3.
# dladm create-vnic -p cos=3 -l net1 vnic1
All packets transmitted by vnic1 will have a VLAN header with the priority field set to 3.
Additionally, if the underlying physical NIC has registered DCB capability, an ETS bandwidth can be assigned to vnic1. The following commands assume the LLDP package is not installed or enabled.
Check if the underlying NIC has registered DCB capability using the num-tcs link property. If the value of num-tcs is non-zero, the underlying NIC has registered DCB capability.
# dladm show-linkprop -p num-tcs net1
The following command assigns an ETS bandwidth of 10% of the link's bandwidth to vnic1.
# dladm set-linkprop -p ets-bw-local=10 vnic1
Note if the max-bw link property has also been set, then the traffic is limited by the max-bw value.
With the LLDP package (service/network/lldp) installed and enabled, the ETS bandwidth configuration will follow the IEEE 802.1Qaz specification.
The LLDP ETS TLV willing property determines whether the local or the remote's configuration is applied or used.
The ets-bw-local-advice link property indicates the value recommended by the remote, if available. The effective value of ets-bw-local link property will indicate the actual ETS bandwidth assigned to vnic1, as shown below.
# dladm show-linkprop -p ets-bw-local-advice, ets-bw-local-effective vnic1
The following command is used to advice the peer to assign 10% of the link's bandwidth for vnic1.
# dladm set-linkprop -p ets-bw-remote-advice=10 vnic1Example 41 Configuring an EoIB datalink
Inspect the list of all gateways reachable from a specific IB port 'ibp1'.
# dladm show-ib ibp1 LINK HCAGUID PORTGUID PORT STATE GWNAME GWPORT PKEYS ibp1 212800013F2F5A 212800013F2F5B 1 up nm2gw-1 0a-eth-1 FFFF nm2gw-1 0a-eth-2 nm2gw-1 0a-eth-3 nm2gw-1 0a-eth-4
Create an EoIB datalink elink1 binding the host IB port 'ibp1' to the Ethernet port '0a-eth-2' on the EoIB Gateway 'nm2gw-1'.
# dladm create-eoib -l ibp1 -g nm2gw-1 -c 0a-eth-2 elink1
Verify that an IP interface may be created over the newly created EoIB datalink elink1.
# ipadm create-ip elink1 # ipadm create-addr -T static -a local=192.168.99.142/24 elink1/v4
# dladm show-eoib LINK GWNAME GWPORT GWID FLAGS SPEED MACADDRESS OVER elink1 nm2gw-1 0a-eth-2 1A8 aHnU-- 10000 0:25:8b:60:2:3 ibp1
If the EoIB datalink elink1 is no longer required and may be removed, delete any IP interfaces (or VNICs) built over the datalink and then delete the datalink itself using the delete-eoib subcommand.
# ipadm delete-ip elink1 # dladm delete-eoib elink1 # dladm show-eoibExample 42 Configuring an EoIB datalink Over an IB Port That is Down
# dladm show-ib -p -o state ibp2 down # dladm create-eoib -l ibp2 -g nm2gw-1 -c 0a-eth-1 elink2 # ipadm create-ip elink2 # dladm show-link elink2 LINK CLASS MTU STATE OVER elink2 eoib 1500 down ibp2
Now, enable the IB port for ibp2 and check the datalink state.
# dladm show-ib -p -o state ibp2 up # dladm show-link elink2 LINK CLASS MTU STATE OVER elink2 eoib 1500 up ibp2Example 43 Configuring an EoIB Datalink When IB Subnet Manager is Down
nm2gw-2# disablesm Stopping partitiond-daemon. [ OK ] Stopping IB Subnet Manager..-. [ OK ] ib-host# sminfo ibwarn: [2488] _do_madrpc: recv failed: Connection timed out ibwarn: [2488] mad_rpc: _do_madrpc failed; dport (Lid 1) sminfo: iberror: failed: query ib-host# dladm create-eoib -l ibp2 -g nm2gw-2 -c 0a-eth-1 elink3 ib-host# ipadm create-ip elink3 ib-host# dladm show-link elink3 LINK CLASS MTU STATE OVER elink3 eoib 1500 down ibp2
Now, enable the IB Subnet Manager on the Gateway and check the state of the datalink again.
ib-host# dladm show-link elink3 LINK CLASS MTU STATE OVER elink3 eoib 1500 up ibp2Example 44 Displaying the Probe State of the DLMP Mode Aggregation
The following command displays the probe state of the DLMP mode aggregation.
# dladm show-aggr -S aggr1 LINK PORT FLAGS STATE TARGETS XTARGETS aggr1 s1 u--3 active 192.169.0.2 s0 -- s0 u-2- active -- s1Example 45 Creating a Known WLAN
The following command creates a Known WLAN with a default priority of 0.
# dladm create-wlan home
To create a Known WLAN for a WiFi network that uses WPA encryption and associate a secure object with it, enter the following command:
# dladm create-wlan -p security-mode=wpa,key=office-key office
If the office Known WLAN already exists, the properties can be set with the following command:
# dladm set-wlan -p security-mode=wpa,key=office-key officeExample 46 Changing the priority of a Known WLAN
The following displays how to change the priority of a Known WLAN to 5.
# dladm set-wlan -p priority=5 homeExample 47 Displaying all Known WLANs
The following command displays the Known WLANs configured on the system.
# dladm show-wlan ESSID PRIORITY SECURITY-MODE KEY home 5 -- -- office 0 wpa office-keyExample 48 Displaying Help
The following command illustrates the use of invoking the help subcommand without arguments.
# dladm help The following subcommands are supported: Bridge : add-bridge create-bridge delete-bridge modify-bridge remove-bridge show-bridge Etherstub : create-etherstub delete-etherstub show-etherstub EoIB : create-eoib delete-eoib show-eoib IB : create-part delete-part show-ib show-part IP tunnel : create-iptun delete-iptun modify-iptun show-iptun Link Aggregation: add-aggr create-aggr delete-aggr modify-aggr remove-aggr show-aggr Link : rename-link reset-linkprop set-linkprop show-link show-linkprop Secure Object : create-secobj delete-secobj show-secobj VLAN : create-vlan delete-vlan modify-vlan show-vlan VNIC : create-vnic delete-vnic modify-vnic show-vnic VXLAN : create-vxlan delete-vxlan show-vxlan Wifi : connect-wifi disconnect-wifi scan-wifi show-wifi Known WLAN : create-wlan delete-wlan show-wlan set-wlan reset-wlan Miscellaneous : delete-phys show-ether show-phys For more info, run: dladm help <subcommand>
The following command illustrates the use of invoking the help subcommand with a specific subcommand.
# dladm help create-vnic usage: create-vnic [-t] -l link [-m value | auto | {factory [-n slot-id]} | {random [-r prefix]} | {vrrp -V vrid -A {inet | inet6}} [-v vid [-f]] [-p prop=value[,...]] [-R root-dir] vnic-link create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] vnic-link>Example 49 Creating a VNIC in a Non-Global Zone
The following example creates a VNIC v1 in non-global zones zone1 and zone2 from the global zone. zone1/net0 and zone2/net0 are automatically created VNICs for zone1 and zone2 respectively.
# dladm create-vnic -t -l net1 zone1/v1 # dladm create-vnic -t -l net1 zone2/v1 # dladm show-link -Z LINK ZONE CLASS MTU STATE OVER net1 global phys 1500 unknown -- net0 global phys 1500 up -- zone1/net0 zone1 vnic 1500 up net0 zone2/net0 zone2 vnic 1500 up net0 zone1/v1 zone1 vnic 1500 up net1 zone2/v1 zone2 vnic 1500 up net1Example 50 Using –m to Display a VNIC
The following command shows how to use the –m option to display a VNIC.
# dladm show-vnic -m LINK OVER SPEED MACADDRESSES MACADDRTYPES IDS vnic0 net5 10000 0:14:4f:fb:87:ee fixed VID:0 vnic1 net5 10000 0:14:4f:87:13:7a fixed VID:0 0:14:4f:87:13:7e fixed 0:14:4f:f8:7e:a fixedExample 51 Enabling SR-IOV mode and creating a VF VNIC
The following commands show how to enable SR-IOV mode and create a VF VNIC.
# dladm set-linkprop -p iov=on net0 # dladm show-linkprop -p iov net0 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE net0 iov rw auto on auto auto,on,off
# dladm create-vnic -lnet0 v1 # dladm show-linkprop -p iov v1 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE v1 iov r- inherit on inherit inherit,on,offExample 52 Displaying SR-IOV information
The following commands can be used to show additional SR-IOV information (continuing from the previous example).
# dladm show-phys -V LINK VFS-AVAIL VFS-INUSE FLAGS net0 30 1 -----
# dladm show-vnic -V LINK VF-ASSIGNED v1 ixgbevf0
Alternatively, the above fields can specified through the –o option:
# dladm show-phys -o LINK,VFS-INUSE LINK VFS-INUSE net0 1
# dladm show-vnic -o VF-ASSIGNED VF-ASSIGNED ixgbevf0Example 53 Creating a regular VNIC on a physical link with iov enabled
The following command can be used to create a regular VNIC on a link with iov=on.
# dladm create-vnic -lnet0 -piov=off v1
These commands can be used to verify that the VNIC does not have a VF:
# dladm show-linkprop -p iov v1 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE v1 iov r- off off inherit inherit,on,off
# dladm show-vnic -V LINK VF-ASSIGNED v1 --Example 54 Creating a VNIC by connecting it to an Elastic Virtual Switch (EVS)
The following example creates a VNIC by connecting to an EVS.
# dladm create-vnic -t -c HR/vport0 vnic0 # dladm show-vnic -c LINK TENANT EVS VPORT OVER MACADDRESS IDS vnic0 sys-global HR vport0 net2 2:8:20:c1:df:14 VID:100
HR is an EVS and has a port vport0 to which vnic0 will be connected. vnic0 will inherit all the properties of vport0. HR and vport0 are managed through evsadm(8).
Example 55 Creating IPoIB VNICsThe following example creates IPoIB VNIC with name ipoib_vnic0 over physical link net4 with pkey of 0xffff.
# dladm create-vnic -l net4 -P 0xffff ipoib_vnic0
To see the VNIC information:
# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE IDS ipoib_vnic0 net4 32000 80:0:0:4a:fe:.. fixed PKEY:0xFFFF # dladm show-vnic -o link,macaddress LINK MACADDRESS ipoib_vnic0 80:0:0:4a:fe:80:0:0:0:0:0:0:0:21:28:0:1:a0:a5:8eExample 56 Creating a Veth Pair
The following command creates a veth pair with veth's name veth1 and peer's name veth0.
# dladm create-veth -r veth0 veth1
The following command displays the veth information.
# dladm show-veth LINK MTU MACADDRESS PEER veth1 1500 a:0:20:ab:48:64 veth0 veth0 1500 a:0:20:df:e9:d2 veth1Example 57 Deleting a Veth
The following command deletes the veth veth1 and its peer.
# dladm delete-veth veth1Example 58 Changing a Veth Property
The following command sets mtu to 2000 on veth0 and veth1.
#dladm set-linkprop -p mtu=2000 veth0 #dladm set-linkprop -p mtu=2000 veth1 #dladm show-veth LINK MTU MACADDRESS PEER veth1 2000 a:0:20:ab:48:64 veth0 veth0 2000 a:0:20:df:e9:d2 veth1Example 59 Creating IPoIB VNICs on InfiniBand DLMP Aggregation
The following example creates InfiniBand DLMP aggregation over two HCA ports, then creates IPoIB VNIC with name ipoib_vnic0 over the DLMP aggregation.
# dladm create-aggr -l net4 -l net5 -m dlmp dlmp_ib0 # dladm show-aggr -x dlmp_ib0 LINK PORT SPEED DUPLEX STATE ADDRESS PORTSTATE dlmp_ib0 -- 32000Mb full up unknown -- net4 32000Mb full up unknown attached net5 32000Mb full up unknown attached # dladm create-vnic -l dlmp_ib0 -P ffff ipoib_vnic0 # dladm show-vnic ipoib_vnic0 LINK OVER SPEED MACADDRESS MACADDRTYPE IDS ipoib_vnic0 dlmp_ib0 32000 80:0:0:4a:fe:.. fixed PKEY:0xffff # dladm show-aggr -C dlmp_ib0 LINK PORT SPEED DUPLEX STATE CLIENTS dlmp_ib0 -- 32000Mb full up -- net4 32000Mb full up ipoib_vnic0 net5 32000Mb full up --
See attributes(7) for descriptions of the following attributes:
/usr/sbin
|
/sbin
|
Note that, for both /usr/sbin and /sbin, the –s and –i options to the show-aggr, show-link and show-vnic subcommands are Committed Obsolete. These options will be removed in a future release.
Note that, for both /usr/sbin and /sbin, the virtual-switching link property has an interface stability of Volatile.
Note that the bridge-related subcommands, described with dladm subcommands above, require installation of the pkg://solaris/network/bridging package.
Note that, the –H option in dladm show-linkprop -H and the associated fields: HWPOSSIBLE, SWPOSSIBLE, HWFLAGS, SWFLAGS and MODE have an interface stability of Volatile.
dlpi(4P), attributes(7), ieee802.3(7), acctadm(8), autopush(8), datalink-management(5), dlstat(8), evsadm(8), ibadm(8), ifconfig(8), in.dlmpd(8), ipadm(8), ipsecconf(8), lldpadm(8), ndd(8), netadm(8), netcfg(8), pooladm(8), poolcfg(8), psrset(8), vrrpadm(8), zonecfg(8), dhcpagent(8)
Configuring and Managing Network Components in Oracle Solaris 11.4
The preferred method of referring to an aggregation in the aggregation subcommands is by its link name. Referring to an aggregation by its integer key is supported for backward compatibility, but is not necessary. When creating an aggregation, if a key is specified instead of a link name, the aggregation's link name will be automatically generated by dladm as aggrkey.