xref: /freebsd/sbin/ifconfig/ifconfig.8 (revision f856af0466c076beef4ea9b15d088e1119a945b8)

.\" Copyright (c) 1983, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
.\" $FreeBSD$
.\"
.Dd November 27, 2006
.Dt IFCONFIG 8
.Os
.Sh NAME
.Nm ifconfig
.Nd configure network interface parameters
.Sh SYNOPSIS
.Nm
.Op Fl L
.Op Fl k
.Op Fl m
.Ar interface
.Op Cm create
.Op Ar address_family
.Oo
.Ar address
.Op Ar dest_address
.Oc
.Op Ar parameters
.Nm
.Ar interface
.Cm destroy
.Nm
.Fl a
.Op Fl L
.Op Fl d
.Op Fl m
.Op Fl u
.Op Fl v
.Op Ar address_family
.Nm
.Fl l
.Op Fl d
.Op Fl u
.Op Ar address_family
.Nm
.Op Fl L
.Op Fl d
.Op Fl k
.Op Fl m
.Op Fl u
.Op Fl v
.Op Fl C
.Nm
.Op Fl g Ar groupname
.Sh DESCRIPTION
The
.Nm
utility is used to assign an address
to a network interface and/or configure
network interface parameters.
The
.Nm
utility must be used at boot time to define the network address
of each interface present on a machine; it may also be used at
a later time to redefine an interface's address
or other operating parameters.
.Pp
The following options are available:
.Bl -tag -width indent
.It Ar address
For the
.Tn DARPA Ns -Internet
family,
the address is either a host name present in the host name data
base,
.Xr hosts 5 ,
or a
.Tn DARPA
Internet address expressed in the Internet standard
.Dq dot notation .
.Pp
It is also possible to use the CIDR notation (also known as the
slash notation) to include the netmask.
That is, one can specify an address like
.Li 192.168.0.1/16 .
.Pp
For
.Dq inet6
family, it is also possible to specify the prefix length using the slash
notation, like
.Li ::1/128 .
See the
.Cm prefixlen
parameter below for more information.
.\" For the Xerox Network Systems(tm) family,
.\" addresses are
.\" .Ar net:a.b.c.d.e.f ,
.\" where
.\" .Ar net
.\" is the assigned network number (in decimal),
.\" and each of the six bytes of the host number,
.\" .Ar a
.\" through
.\" .Ar f ,
.\" are specified in hexadecimal.
.\" The host number may be omitted on IEEE 802 protocol
.\" (Ethernet, FDDI, and Token Ring) interfaces,
.\" which use the hardware physical address,
.\" and on interfaces other than the first.
.\" For the
.\" .Tn ISO
.\" family, addresses are specified as a long hexadecimal string,
.\" as in the Xerox family.
.\" However, two consecutive dots imply a zero
.\" byte, and the dots are optional, if the user wishes to (carefully)
.\" count out long strings of digits in network byte order.
.Pp
The link-level
.Pq Dq link
address
is specified as a series of colon-separated hex digits.
This can be used to
e.g.\& set a new MAC address on an ethernet interface, though the
mechanism used is not ethernet-specific.
If the interface is already
up when this option is used, it will be briefly brought down and
then brought back up again in order to ensure that the receive
filter in the underlying ethernet hardware is properly reprogrammed.
.It Ar address_family
Specify the
address family
which affects interpretation of the remaining parameters.
Since an interface can receive transmissions in differing protocols
with different naming schemes, specifying the address family is recommended.
The address or protocol families currently
supported are
.Dq inet ,
.Dq inet6 ,
.Dq atalk ,
.Dq ipx ,
.\" .Dq iso ,
and
.Dq link .
.\" and
.\" .Dq ns .
The default is
.Dq inet .
.Dq ether
and
.Dq lladdr
are synonyms for
.Dq link .
.It Ar dest_address
Specify the address of the correspondent on the other end
of a point to point link.
.It Ar interface
This
parameter is a string of the form
.Dq name unit ,
for example,
.Dq Li ed0 .
.It Ar groupname
List the interfaces in the given group.
.El
.Pp
The following parameters may be set with
.Nm :
.Bl -tag -width indent
.It Cm add
Another name for the
.Cm alias
parameter.
Introduced for compatibility
with
.Bsx .
.It Cm alias
Establish an additional network address for this interface.
This is sometimes useful when changing network numbers, and
one wishes to accept packets addressed to the old interface.
If the address is on the same subnet as the first network address
for this interface, a non-conflicting netmask must be given.
Usually
.Li 0xffffffff
is most appropriate.
.It Fl alias
Remove the network address specified.
This would be used if you incorrectly specified an alias, or it
was no longer needed.
If you have incorrectly set an NS address having the side effect
of specifying the host portion, removing all NS addresses will
allow you to respecify the host portion.
.It Cm anycast
(Inet6 only.)
Specify that the address configured is an anycast address.
Based on the current specification,
only routers may configure anycast addresses.
Anycast address will not be used as source address of any of outgoing
IPv6 packets.
.It Cm arp
Enable the use of the Address Resolution Protocol
.Pq Xr arp 4
in mapping
between network level addresses and link level addresses (default).
This is currently implemented for mapping between
.Tn DARPA
Internet
addresses and
.Tn IEEE
802 48-bit MAC addresses (Ethernet, FDDI, and Token Ring addresses).
.It Fl arp
Disable the use of the Address Resolution Protocol
.Pq Xr arp 4 .
.It Cm staticarp
If the Address Resolution Protocol is enabled,
the host will only reply to requests for its addresses,
and will never send any requests.
.It Fl staticarp
If the Address Resolution Protocol is enabled,
the host will perform normally,
sending out requests and listening for replies.
.It Cm broadcast
(Inet only.)
Specify the address to use to represent broadcasts to the
network.
The default broadcast address is the address with a host part of all 1's.
.It Cm debug
Enable driver dependent debugging code; usually, this turns on
extra console error logging.
.It Fl debug
Disable driver dependent debugging code.
.It Cm promisc
Put interface into permanently promiscuous mode.
.It Fl promisc
Disable permanently promiscuous mode.
.It Cm delete
Another name for the
.Fl alias
parameter.
.It Cm down
Mark an interface
.Dq down .
When an interface is marked
.Dq down ,
the system will not attempt to
transmit messages through that interface.
If possible, the interface will be reset to disable reception as well.
This action does not automatically disable routes using the interface.
.It Cm group Ar group-name
Assign the interface to a
.Dq group .
Any interface can be in multiple groups.
.Pp
Cloned interfaces are members of their interface family group by default.
For example, a PPP interface such as
.Em ppp0
is a member of the PPP interface family group,
.Em ppp .
.\" The interface(s) the default route(s) point to are members of the
.\" .Em egress
.\" interface group.
.It Cm -group Ar group-name
Remove the interface from the given
.Dq group .
.It Cm eui64
(Inet6 only.)
Fill interface index
(lowermost 64bit of an IPv6 address)
automatically.
.It Cm ipdst
This is used to specify an Internet host who is willing to receive
IP packets encapsulating IPX packets bound for a remote network.
An apparent point to point link is constructed, and
the address specified will be taken as the IPX address and network
of the destination.
.It Cm maclabel Ar label
If Mandatory Access Control support is enabled in the kernel,
set the MAC label to
.Ar label .
.\" (see
.\" .Xr maclabel 7 ) .
.It Cm media Ar type
If the driver supports the media selection system, set the media type
of the interface to
.Ar type .
Some interfaces support the mutually exclusive use of one of several
different physical media connectors.
For example, a 10Mbit/s Ethernet
interface might support the use of either
.Tn AUI
or twisted pair connectors.
Setting the media type to
.Cm 10base5/AUI
would change the currently active connector to the AUI port.
Setting it to
.Cm 10baseT/UTP
would activate twisted pair.
Refer to the interfaces' driver
specific documentation or man page for a complete list of the
available types.
.It Cm mediaopt Ar opts
If the driver supports the media selection system, set the specified
media options on the interface.
The
.Ar opts
argument
is a comma delimited list of options to apply to the interface.
Refer to the interfaces' driver specific man page for a complete
list of available options.
.It Fl mediaopt Ar opts
If the driver supports the media selection system, disable the
specified media options on the interface.
.It Cm mode Ar mode
If the driver supports the media selection system, set the specified
operating mode on the interface to
.Ar mode .
For IEEE 802.11 wireless interfaces that support multiple operating modes
this directive is used to select between 802.11a
.Pq Cm 11a ,
802.11b
.Pq Cm 11b ,
and 802.11g
.Pq Cm 11g
operating modes.
.It Cm name Ar name
Set the interface name to
.Ar name .
.It Cm rxcsum , txcsum
If the driver supports user-configurable checksum offloading,
enable receive (or transmit) checksum offloading on the interface.
Some drivers may not be able to enable these flags independently
of each other, so setting one may also set the other.
The driver will offload as much checksum work as it can reliably
support, the exact level of offloading varies between drivers.
.It Fl rxcsum , txcsum
If the driver supports user-configurable checksum offloading,
disable receive (or transmit) checksum offloading on the interface.
These settings may not always be independent of each other.
.It Cm tso
If the driver supports
.Xr tcp 4
segmentation offloading, enable TSO on the interface.
Some drivers may not be able to support TSO for
.Xr ip 4
and
.Xr ip6 4
packets, so they may enable only one of them.
.It Fl tso
If the driver supports
.Xr tcp 4
segmentation offloading, disable TSO on the interface.
It will always disable TSO for
.Xr ip 4
and
.Xr ip6 4 .
.It Cm vlanmtu , vlanhwtag
If the driver offers user-configurable VLAN support, enable
reception of extended frames or tag processing in hardware,
respectively.
Note that this must be issued on a physical interface associated with
.Xr vlan 4 ,
not on a
.Xr vlan 4
interface itself.
.It Fl vlanmtu , vlanhwtag
If the driver offers user-configurable VLAN support, disable
reception of extended frames or tag processing in hardware,
respectively.
.It Cm polling
Turn on
.Xr polling 4
feature and disable interrupts on the interface, if driver supports
this mode.
.It Fl polling
Turn off
.Xr polling 4
feature and enable interrupt mode on the interface.
.It Cm create
Create the specified network pseudo-device.
If the interface is given without a unit number, try to create a new
device with an arbitrary unit number.
If creation of an arbitrary device is successful, the new device name is
printed to standard output unless the interface is renamed or destroyed
in the same
.Nm
invocation.
.It Cm destroy
Destroy the specified network pseudo-device.
.It Cm plumb
Another name for the
.Cm create
parameter.
Included for
.Tn Solaris
compatibility.
.It Cm unplumb
Another name for the
.Cm destroy
parameter.
Included for
.Tn Solaris
compatibility.
.It Cm metric Ar n
Set the routing metric of the interface to
.Ar n ,
default 0.
The routing metric is used by the routing protocol
.Pq Xr routed 8 .
Higher metrics have the effect of making a route
less favorable; metrics are counted as additional hops
to the destination network or host.
.It Cm mtu Ar n
Set the maximum transmission unit of the interface to
.Ar n ,
default is interface specific.
The MTU is used to limit the size of packets that are transmitted on an
interface.
Not all interfaces support setting the MTU, and some interfaces have
range restrictions.
.It Cm netmask Ar mask
.\" (Inet and ISO.)
(Inet only.)
Specify how much of the address to reserve for subdividing
networks into sub-networks.
The mask includes the network part of the local address
and the subnet part, which is taken from the host field of the address.
The mask can be specified as a single hexadecimal number
with a leading
.Ql 0x ,
with a dot-notation Internet address,
or with a pseudo-network name listed in the network table
.Xr networks 5 .
The mask contains 1's for the bit positions in the 32-bit address
which are to be used for the network and subnet parts,
and 0's for the host part.
The mask should contain at least the standard network portion,
and the subnet field should be contiguous with the network
portion.
.Pp
The netmask can also be specified in CIDR notation after the address.
See the
.Ar address
option above for more information.
.It Cm prefixlen Ar len
(Inet6 only.)
Specify that
.Ar len
bits are reserved for subdividing networks into sub-networks.
The
.Ar len
must be integer, and for syntactical reason it must be between 0 to 128.
It is almost always 64 under the current IPv6 assignment rule.
If the parameter is omitted, 64 is used.
.Pp
The prefix can also be specified using the slash notation after the address.
See the
.Ar address
option above for more information.
.\" see
.\" Xr eon 5 .
.\" .It Cm nsellength Ar n
.\" .Pf ( Tn ISO
.\" only)
.\" This specifies a trailing number of bytes for a received
.\" .Tn NSAP
.\" used for local identification, the remaining leading part of which is
.\" taken to be the
.\" .Tn NET
.\" (Network Entity Title).
.\" The default value is 1, which is conformant to US
.\" .Tn GOSIP .
.\" When an ISO address is set in an ifconfig command,
.\" it is really the
.\" .Tn NSAP
.\" which is being specified.
.\" For example, in
.\" .Tn US GOSIP ,
.\" 20 hex digits should be
.\" specified in the
.\" .Tn ISO NSAP
.\" to be assigned to the interface.
.\" There is some evidence that a number different from 1 may be useful
.\" for
.\" .Tn AFI
.\" 37 type addresses.
.It Cm range Ar netrange
Under appletalk, set the interface to respond to a
.Ar netrange
of the form
.Ar startnet Ns - Ns Ar endnet .
Appletalk uses this scheme instead of
netmasks though
.Fx
implements it internally as a set of netmasks.
.It Cm remove
Another name for the
.Fl alias
parameter.
Introduced for compatibility
with
.Bsx .
.It Cm phase
The argument following this specifies the version (phase) of the
Appletalk network attached to the interface.
Values of 1 or 2 are permitted.
.Sm off
.It Cm link Op Cm 0 No - Cm 2
.Sm on
Enable special processing of the link level of the interface.
These three options are interface specific in actual effect, however,
they are in general used to select special modes of operation.
An example
of this is to enable SLIP compression, or to select the connector type
for some Ethernet cards.
Refer to the man page for the specific driver
for more information.
.Sm off
.It Fl link Op Cm 0 No - Cm 2
.Sm on
Disable special processing at the link level with the specified interface.
.It Cm monitor
Put the interface in monitor mode.
No packets are transmitted, and received packets are discarded after
.Xr bpf 4
processing.
.It Fl monitor
Take the interface out of monitor mode.
.It Cm up
Mark an interface
.Dq up .
This may be used to enable an interface after an
.Dq Nm Cm down .
It happens automatically when setting the first address on an interface.
If the interface was reset when previously marked down,
the hardware will be re-initialized.
.El
.Pp
The following parameters are specific to IEEE 802.11 wireless interfaces:
.Bl -tag -width indent
.It Cm apbridge
When operating as an access point, pass packets between
wireless clients directly (default).
To instead let them pass up through the
system and be forwarded using some other mechanism, use
.Fl apbridge .
Disabling the internal bridging
is useful when traffic is to be processed with
packet filtering.
.It Cm authmode Ar mode
Set the desired authentication mode in infrastructure mode.
Not all adaptors support all modes.
The set of
valid modes is
.Cm none , open , shared
(shared key),
.Cm 8021x
(IEEE 802.1x),
and
.Cm wpa
(IEEE WPA/WPA2/802.11i).
The
.Cm 8021x
and
.Cm wpa
modes are only useful when using an authentication service
(a supplicant for client operation or an authenticator when
operating as an access point).
Modes are case insensitive.
.It Cm bintval Ar interval
Set the interval at which beacon frames are sent when operating in
ad-hoc or ap mode.
The
.Ar interval
parameter is specified in TU's (1/1024 msecs).
By default beacon frames are transmitted every 100 TU's.
.It Cm bmissthreshold Ar count
Set the number of consecutive missed beacons at which the station
will attempt to roam (i.e., search for a new access point).
The
.Ar count
parameter must be in the range 1 to 255; though the
upper bound may be reduced according to device capabilities.
The default threshold is 7 consecutive missed beacons; but
this may be overridden by the device driver.
Another name for the
.Cm bmissthreshold
parameter is
.Cm bmiss .
.It Cm bssid Ar address
Specify the MAC address of the access point to use when operating
as a station in a BSS network.
This overrides any automatic selection done by the system.
To disable a previously selected access point, supply
.Cm any , none ,
or
.Cm -
for the address.
This option is useful when more than one access point uses the same SSID.
Another name for the
.Cm bssid
parameter is
.Cm ap .
.It Cm burst
Enable packet bursting.
Packet bursting is a transmission technique whereby the wireless
medium is acquired once to send multiple frames and the interframe
spacing is reduced.
This technique can significantly increase throughput by reducing
transmission overhead.
Packet bursting is supported by the 802.11e QoS specification
and some devices that do not support QoS may still be capable.
By default packet bursting is enabled if a device is capable
of doing it.
To disable packet bursting, use
.Fl burst .
.It Cm chanlist Ar channels
Set the desired channels to use when scanning for access
points, neighbors in an IBSS network, or looking for unoccupied
channels when operating as an access point.
The set of channels is specified as a comma-separated list with
each element in the list representing either a single channel number or a range
of the form
.Dq Li a-b .
Channel numbers must be in the range 1 to 255 and be permissible
according to the operating characteristics of the device.
.It Cm channel Ar number
Set a single desired channel.
Channels range from 1 to 255, but the exact selection available
depends on the region your adaptor was manufactured for.
Setting
the channel to
.Li 0 ,
.Cm any ,
or
.Cm -
will give you the default for your adaptor.
Some
adaptors ignore this setting unless you are in ad-hoc mode.
Alternatively the frequency, in megahertz, may be specified
instead of the channel number.
.It Cm deftxkey Ar index
Set the default key to use for transmission.
Typically this is only set when using WEP encryption.
The
.Cm weptxkey
is an alias for this request; it is provided for backwards compatibility.
.It Cm dtimperiod Ar period
Set the
DTIM
period for transmitting buffered multicast data frames when
operating in ap mode.
The
.Ar period
specifies the number of beacon intervals between DTIM
and must be in the range 1 to 15.
By default DTIM is 1 (i.e., DTIM occurs at each beacon).
.It Cm fragthreshold Ar length
Set the threshold for which transmitted frames are broken into fragments.
The
.Ar length
argument is the frame size in bytes and must be in the range 256 to 2346.
Setting
.Ar length
to
.Li 2346 ,
.Cm any ,
or
.Cm -
disables transmit fragmentation.
Not all adaptors honor the fragmentation threshold.
.It Cm hidessid
When operating as an access point, do not broadcast the SSID
in beacon frames or respond to probe request frames unless
they are directed to the ap (i.e., they include the ap's SSID).
By default, the SSID is included in beacon frames and
undirected probe request frames are answered.
To re-enable the broadcast of the SSID etc., use
.Fl hidessid .
.It Cm list active
Display the list of channels available for use taking into account
any restrictions set with the
.Cm chanlist
directive.
See the description of
.Cm list chan
for more information.
.It Cm list caps
Display the adaptor's capabilities, including the operating
modes supported.
.It Cm list chan
Display the list of channels available for use.
Channels are shown with their IEEE channel number, equivalent
frequency, and usage modes.
Channels identified as
.Ql 11g
are also usable in
.Ql 11b
mode.
Channels identified as
.Ql 11a Turbo
may be used only for Atheros' Static Turbo mode
(specified with
. Cm mediaopt turbo ) .
Channels marked with a
.Ql *
have a regulatory constraint that they be passively scanned.
This means a station is not permitted to transmit on the channel until
it identifies the channel is being used for 802.11 communication;
typically by hearing a beacon frame from an access point operating
on the channel.
.Cm list freq
is another way of requesting this information.
.It Cm list mac
Display the current MAC Access Control List state.
Each address is prefixed with a character that indicates the
current policy applied to it:
.Ql +
indicates the address is allowed access,
.Ql -
indicates the address is denied access,
.Ql *
indicates the address is present but the current policy open
(so the ACL is not consulted).
.It Cm list scan
Display the access points and/or ad-hoc neighbors
located in the vicinity.
The
.Fl v
flag may be used to display long SSIDs.
This information may be updated automatically by the adaptor
and/or with a
.Cm scan
request.
.Cm list ap
is another way of requesting this information.
.It Cm list sta
When operating as an access point display the stations that are
currently associated.
When operating in ad-hoc mode display stations identified as
neighbors in the IBSS.
Capabilities advertised by the stations are described under
the
.Cm scan
request.
Depending on the capabilities of the stations the following
flags can be included in the output:
.Bl -tag -width 3n
.It Li A
Authorized.
Indicates that the station is permitted to send/receive data frames.
.It Li E
Extended Rate Phy (ERP).
Indicates that the station is operating in an 802.11g network
using extended transmit rates.
.It Li P
Power Save.
Indicates that the station is operating in power save mode.
.It Li Q
Quality of Service (QoS).
Indicates that the station is using QoS encapsulation for
data frame.
QoS encapsulation is enabled only when WME mode is enabled.
.El
.It Cm list wme
Display the current parameters to use when operating in WME mode.
When WME mode is enabled for an adaptor this information will be
displayed with the regular status; this command is mostly useful
for examining parameters when WME mode is disabled.
See the description of the
.Cm wme
directive for information on the various parameters.
.It Cm mcastrate Ar rate
Set the rate for transmitting multicast/broadcast frames.
Rates are specified as megabits/second in decimal; e.g.\& 5.5 for 5.5 Mb/s.
This rate should be valid for the current operating conditions;
if an invalid rate is specified drivers are free to chose an
appropriate rate.
.It Cm powersave
Enable powersave operation.
When operating as a client, the station will conserve power by
periodically turning off the radio and listening for
messages from the access point telling it there are packets waiting.
The station must then retrieve the packets.
When operating as an access point, the station must honor power
save operation of associated clients.
Not all devices support power save operation, either as a client
or as an access point.
Use
.Fl powersave
to disable powersave operation.
.It Cm powersavesleep Ar sleep
Set the desired max powersave sleep time in milliseconds.
.It Cm protmode Ar technique
For interfaces operating in 802.11g, use the specified
.Ar technique
for protecting OFDM frames in a mixed 11b/11g network.
The set of valid techniques is
.Cm off , cts
(CTS to self),
and
.Cm rtscts
(RTS/CTS).
Technique names are case insensitive.
.It Cm pureg
When operating as an access point in 802.11g mode allow only
11g-capable stations to associate (11b-only stations are not
permitted to associate).
To allow both 11g and 11b-only stations to associate, use
.Fl pureg .
.It Cm roaming Ar mode
When operating as a station, control how the system will
behave when communication with the current access point
is broken.
The
.Ar mode
argument may be one of
.Cm device
(leave it to the hardware device to decide),
.Cm auto
(handle either in the device or the operating system\[em]as appropriate),
.Cm manual
(do nothing until explicitly instructed).
By default, the device is left to handle this if it is
capable; otherwise, the operating system will automatically
attempt to reestablish communication.
Manual mode is mostly useful when an application wants to
control the selection of an access point.
.It Cm rtsthreshold Ar length
Set the threshold for which
transmitted frames are preceded by transmission of an
RTS
control frame.
The
.Ar length
argument
is the frame size in bytes and must be in the range 1 to 2346.
Setting
.Ar length
to
.Li 2346 ,
.Cm any ,
or
.Cm -
disables transmission of RTS frames.
Not all adaptors support setting the RTS threshold.
.It Cm ssid Ar ssid
Set the desired Service Set Identifier (aka network name).
The SSID is a string up to 32 characters
in length and may be specified as either a normal string or in
hexadecimal when preceded by
.Ql 0x .
Additionally, the SSID may be cleared by setting it to
.Ql - .
.It Cm scan
Initiate a scan of neighboring stations, wait for it to complete, and
display all stations found.
Only the super-user can initiate a scan.
Depending on the capabilities of the APs, the following
flags can be included in the output:
.Bl -tag -width 3n
.It Li A
Channel Agility.
Indicates that the station support channel hopping as described by the
IEEE 802.11b specification.
.It Li B
Packet Binary Convolution Code (PBCC).
A modulation alternative to the standard OFDM method.
.It Dv C
Pollreq
.It Dv c
Pollable
.It Dv D
Direct Sequence Spread Spectrum (DSSSOFDM).
Indicates the the station supports DSSS modulation.
.It Li E
Extended Service Set (ESS).
Indicates that the station is part of an infrastructure network
(in contrast to an IBSS/ad-hoc network).
.It Li I
IBSS/ad-hoc network.
Indicates that the station is part of an ad-hoc network
(in contrast to an ESS network).
.It Li P
Privacy.
Data confidentiality is required for all data frames
exchanged within the BSS.
This means that this BSS requires the station to
use cryptographic means such as WEP, TKIP or AES-CCMP to
encrypt/decrypt data frames being exchanged with others.
.It Dv R
Robust Security Network (RSN).
Indicates that the station supports the IEEE 802.11i authentication
and key management protocol.
.It Li S
Short Preamble.
Indicates that the network is using short preambles (defined
in 802.11b High Rate/DSSS PHY, short preamble utilizes a
56 bit sync field in contrast to a 128 bit field used in long
preamble mode).
.It Li s
Short slot time.
Indicates that the network is using a short slot time.
.El
.Pp
The
.Cm list scan
request can be used to show recent scan results without
initiating a new scan.
.Pp
The
.Fl v
flag may be used to prevent the shortening of long SSIDs.
.It Cm stationname Ar name
Set the name of this station.
It appears that the station name is not really part of the IEEE 802.11
protocol though all interfaces seem to support it.
As such it only
seems to be meaningful to identical or virtually identical equipment.
Setting the station name is identical in syntax to setting the SSID.
.It Cm txpower Ar power
Set the power used to transmit frames.
The
.Ar power
argument
is a unitless value in the range 0 to 100 that is interpreted
by drivers to derive a device-specific value.
Out of range values are truncated.
Typically only a few discreet power settings are available and
the driver will use the setting closest to the specified value.
Not all adaptors support changing the transmit power.
.It Cm wepmode Ar mode
Set the desired WEP mode.
Not all adaptors support all modes.
The set of valid modes is
.Cm off , on ,
and
.Cm mixed .
The
.Cm mixed
mode explicitly tells the adaptor to allow association with access
points which allow both encrypted and unencrypted traffic.
On these adaptors,
.Cm on
means that the access point must only allow encrypted connections.
On other adaptors,
.Cm on
is generally another name for
.Cm mixed .
Modes are case insensitive.
.It Cm weptxkey Ar index
Set the WEP key to be used for transmission.
This is the same as setting the default transmission key with
.Cm deftxkey .
.It Cm wepkey Ar key Ns | Ns Ar index : Ns Ar key
Set the selected WEP key.
If an
.Ar index
is not given, key 1 is set.
A WEP key will be either 5 or 13
characters (40 or 104 bits) depending of the local network and the
capabilities of the adaptor.
It may be specified either as a plain
string or as a string of hexadecimal digits preceded by
.Ql 0x .
For maximum portability, hex keys are recommended;
the mapping of text keys to WEP encryption is usually driver-specific.
In particular, the
.Tn Windows
drivers do this mapping differently to
.Fx .
A key may be cleared by setting it to
.Ql - .
If WEP is supported then there are at least four keys.
Some adaptors support more than four keys.
If that is the case, then the first four keys
(1-4) will be the standard temporary keys and any others will be adaptor
specific keys such as permanent keys stored in NVRAM.
.It Cm wme
Enable Wireless Multimedia Extensions (WME) support, if available,
for the specified interface.
WME is a subset of the IEEE 802.11e standard to support the
efficient communication of realtime and multimedia data.
To disable WME support, use
.Fl wme .
.Pp
The following parameters are meaningful only when WME support is in use.
Parameters are specified per-AC (Access Category) and
split into those that are used by a station when acting
as an access point and those for client stations in the BSS.
The latter are received from the access point and may not be changed
(at the station).
The following Access Categories are recognized:
.Pp
.Bl -tag -width ".Cm AC_BK" -compact
.It Cm AC_BE
(or
.Cm BE )
best effort delivery,
.It Cm AC_BK
(or
.Cm BK )
background traffic,
.It Cm AC_VI
(or
.Cm VI )
video traffic,
.It Cm AC_VO
(or
.Cm VO )
voice traffic.
.El
.Pp
AC parameters are case-insensitive.
Traffic classification is done in the operating system using the
vlan priority associated with data frames or the
ToS (Type of Service) indication in IP-encapsulated frames.
If neither information is present, traffic is assigned to the
Best Effort (BE) category.
.Bl -tag -width indent
.It Cm ack Ar ac
Set the ACK policy for QoS transmissions by the local station;
this controls whether or not data frames transmitted by a station
require an ACK response from the receiving station.
To disable waiting for an ACK use
.Fl ack .
This parameter is applied only to the local station.
.It Cm acm Ar ac
Enable the Admission Control Mandatory (ACM) mechanism
for transmissions by the local station.
To disable the ACM use
.Fl acm .
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
NB: ACM is not supported right now.
.It Cm aifs Ar ac Ar count
Set the Arbitration Inter Frame Spacing (AIFS)
channel access parameter to use for transmissions
by the local station.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm cwmin Ar ac Ar count
Set the CWmin channel access parameter to use for transmissions
by the local station.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm cwmax Ar ac Ar count
Set the CWmax channel access parameter to use for transmissions
by the local station.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm txoplimit Ar ac Ar limit
Set the Transmission Opportunity Limit channel access parameter
to use for transmissions by the local station.
This parameter defines an interval of time when a WME station
has the right to initiate transmissions onto the wireless medium.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm bss:aifs Ar ac Ar count
Set the AIFS channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in ap mode.
.It Cm bss:cwmin Ar ac Ar count
Set the CWmin channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in ap mode.
.It Cm bss:cwmax Ar ac Ar count
Set the CWmax channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in ap mode.
.It Cm bss:txoplimit Ar ac Ar limit
Set the TxOpLimit channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in ap mode.
.El
.El
.Pp
The following parameters support an optional access control list
feature available with some adaptors when operating in ap mode; see
.Xr wlan_acl 4 .
This facility allows an access point to accept/deny association
requests based on the MAC address of the station.
Note that this feature does not significantly enhance security
as MAC address spoofing is easy to do.
.Bl -tag -width indent
.It Cm mac:add Ar address
Add the specified MAC address to the database.
Depending on the policy setting association requests from the
specified station will be allowed or denied.
.It Cm mac:allow
Set the ACL policy to permit association only by
stations registered in the database.
.It Cm mac:del Ar address
Delete the specified MAC address from the database.
.It Cm mac:deny
Set the ACL policy to deny association only by
stations registered in the database.
.It Cm mac:kick Ar address
Force the specified station to be deauthenticated.
This typically is done to block a station after updating the
address database.
.It Cm mac:open
Set the ACL policy to allow all stations to associate.
.It Cm mac:flush
Delete all entries in the database.
.El
.Pp
The following parameters are for compatibility with other systems:
.Bl -tag -width indent
.It Cm nwid Ar ssid
Another name for the
.Cm ssid
parameter.
Included for
.Nx
compatibility.
.It Cm station Ar name
Another name for the
.Cm stationname
parameter.
Included for
.Bsx
compatibility.
.It Cm wep
Another way of saying
.Cm wepmode on .
Included for
.Bsx
compatibility.
.It Fl wep
Another way of saying
.Cm wepmode off .
Included for
.Bsx
compatibility.
.It Cm nwkey key
Another way of saying:
.Dq Li "wepmode on weptxkey 1 wepkey 1:key wepkey 2:- wepkey 3:- wepkey 4:-" .
Included for
.Nx
compatibility.
.It Cm nwkey Xo
.Sm off
.Ar n : k1 , k2 , k3 , k4
.Sm on
.Xc
Another way of saying
.Dq Li "wepmode on weptxkey n wepkey 1:k1 wepkey 2:k2 wepkey 3:k3 wepkey 4:k4" .
Included for
.Nx
compatibility.
.It Fl nwkey
Another way of saying
.Cm wepmode off .
Included for
.Nx
compatibility.
.El
.Pp
The following parameters are specific to bridge interfaces:
.Bl -tag -width indent
.It Cm addm Ar interface
Add the interface named by
.Ar interface
as a member of the bridge.
The interface is put into promiscuous mode
so that it can receive every packet sent on the network.
.It Cm deletem Ar interface
Remove the interface named by
.Ar interface
from the bridge.
Promiscuous mode is disabled on the interface when
it is removed from the bridge.
.It Cm maxaddr Ar size
Set the size of the bridge address cache to
.Ar size .
The default is 100 entries.
.It Cm timeout Ar seconds
Set the timeout of address cache entries to
.Ar seconds
seconds.
If
.Ar seconds
is zero, then address cache entries will not be expired.
The default is 240 seconds.
.It Cm addr
Display the addresses that have been learned by the bridge.
.It Cm static Ar interface-name Ar address
Add a static entry into the address cache pointing to
.Ar interface-name .
Static entries are never aged out of the cache or re-placed, even if the
address is seen on a different interface.
.It Cm deladdr Ar address
Delete
.Ar address
from the address cache.
.It Cm flush
Delete all dynamically-learned addresses from the address cache.
.It Cm flushall
Delete all addresses, including static addresses, from the address cache.
.It Cm discover Ar interface
Mark an interface as a
.Dq discovering
interface.
When the bridge has no address cache entry
(either dynamic or static)
for the destination address of a packet,
the bridge will forward the packet to all
member interfaces marked as
.Dq discovering .
This is the default for all interfaces added to a bridge.
.It Cm -discover Ar interface
Clear the
.Dq discovering
attribute on a member interface.
For packets without the
.Dq discovering
attribute, the only packets forwarded on the interface are broadcast
or multicast packets and packets for which the destination address
is known to be on the interface's segment.
.It Cm learn Ar interface
Mark an interface as a
.Dq learning
interface.
When a packet arrives on such an interface, the source
address of the packet is entered into the address cache as being a
destination address on the interface's segment.
This is the default for all interfaces added to a bridge.
.It Cm -learn Ar interface
Clear the
.Dq learning
attribute on a member interface.
.It Cm sticky Ar interface
Mark an interface as a
.Dq sticky
interface.
Dynamically learned address entries are treated at static once entered into
the cache.
Sticky entries are never aged out of the cache or replaced, even if the
address is seen on a different interface.
.It Cm -sticky Ar interface
Clear the
.Dq sticky
attribute on a member interface.
.It Cm span Ar interface
Add the interface named by
.Ar interface
as a span port on the bridge.
Span ports transmit a copy of every frame received by the bridge.
This is most useful for snooping a bridged network passively on
another host connected to one of the span ports of the bridge.
.It Cm -span Ar interface
Delete the interface named by
.Ar interface
from the list of span ports of the bridge.
.It Cm stp Ar interface
Enable Spanning Tree protocol on
.Ar interface .
The
.Xr if_bridge 4
driver has support for the IEEE 802.1D Spanning Tree protocol (STP).
Spanning Tree is used to detect and remove loops in a network topology.
.It Cm -stp Ar interface
Disable Spanning Tree protocol on
.Ar interface .
This is the default for all interfaces added to a bridge.
.It Cm edge Ar interface
Set
.Ar interface
as an edge port.
An edge port connects directly to end stations cannot create bridging
loops in the network, this allows it to transition straight to forwarding.
.It Cm -edge Ar interface
Disable edge status on
.Ar interface .
.It Cm autoedge Ar interface
Allow
.Ar interface
to automatically detect edge status.
This is the default for all interfaces added to a bridge.
.It Cm -autoedge Ar interface
Disable automatic edge status on
.Ar interface .
.It Cm ptp Ar interface
Set the
.Ar interface
as a point to point link.
This is required for straight transitions to forwarding and
should be enabled on a direct link to another RSTP capable switch.
.It Cm -ptp Ar interface
Disable point to point link status on
.Ar interface .
This should be disabled for a half duplex link and for an interface
connected to a shared network segment,
like a hub or a wireless network.
.It Cm autoptp Ar interface
Automatically detect the point to point status on
.Ar interface
by checking the full duplex link status.
This is the default for interfaces added to the bridge.
.It Cm -autoptp Ar interface
Disable automatic point to point link detection on
.Ar interface .
.It Cm maxage Ar seconds
Set the time that a Spanning Tree protocol configuration is valid.
The default is 20 seconds.
The minimum is 6 seconds and the maximum is 40 seconds.
.It Cm fwddelay Ar seconds
Set the time that must pass before an interface begins forwarding
packets when Spanning Tree is enabled.
The default is 15 seconds.
The minimum is 4 seconds and the maximum is 30 seconds.
.It Cm hellotime Ar seconds
Set the time between broadcasting of Spanning Tree protocol
configuration messages.
The hello time may only be changed when operating in legacy stp mode.
The default is 2 seconds.
The minimum is 1 second and the maximum is 2 seconds.
.It Cm priority Ar value
Set the bridge priority for Spanning Tree.
The default is 32768.
The minimum is 0 and the maximum is 61440.
.It Cm protocol Ar value
Set the Spanning Tree protocol.
The default is rstp.
The available options are stp and rstp.
.It Cm holdcnt Ar value
Set the transmit hold count for Spanning Tree.
This is the number of packets transmitted before being rate limited.
The default is 6.
The minimum is 1 and the maximum is 10.
.It Cm ifpriority Ar interface Ar value
Set the Spanning Tree priority of
.Ar interface
to
.Ar value .
The default is 128.
The minimum is 0 and the maximum is 240.
.It Cm ifpathcost Ar interface Ar value
Set the Spanning Tree path cost of
.Ar interface
to
.Ar value .
The default is calculated from the link speed.
To change a previously selected path cost back to automatic, set the
cost to 0.
The minimum is 1 and the maximum is 200000000.
.El
.Pp
The following parameters are specific to IP tunnel interfaces,
.Xr gif 4 :
.Bl -tag -width indent
.It Cm tunnel Ar src_addr dest_addr
Configure the physical source and destination address for IP tunnel
interfaces.
The arguments
.Ar src_addr
and
.Ar dest_addr
are interpreted as the outer source/destination for the encapsulating
IPv4/IPv6 header.
.It Fl tunnel
Unconfigure the physical source and destination address for IP tunnel
interfaces previously configured with
.Cm tunnel .
.It Cm deletetunnel
Another name for the
.Fl tunnel
parameter.
.El
.Pp
The following parameters are specific to
.Xr pfsync 4
interfaces:
.Bl -tag -width indent
.It Cm maxupd Ar n
Set the maximum number of updates for a single state which
can be collapsed into one.
This is an 8-bit number; the default value is 128.
.El
.Pp
The following parameters are specific to
.Xr vlan 4
interfaces:
.Bl -tag -width indent
.It Cm vlan Ar vlan_tag
Set the VLAN tag value to
.Ar vlan_tag .
This value is a 16-bit number which is used to create an 802.1Q
VLAN header for packets sent from the
.Xr vlan 4
interface.
Note that
.Cm vlan
and
.Cm vlandev
must both be set at the same time.
.It Cm vlandev Ar iface
Associate the physical interface
.Ar iface
with a
.Xr vlan 4
interface.
Packets transmitted through the
.Xr vlan 4
interface will be
diverted to the specified physical interface
.Ar iface
with 802.1Q VLAN encapsulation.
Packets with 802.1Q encapsulation received
by the parent interface with the correct VLAN tag will be diverted to
the associated
.Xr vlan 4
pseudo-interface.
The
.Xr vlan 4
interface is assigned a
copy of the parent interface's flags and the parent's ethernet address.
The
.Cm vlandev
and
.Cm vlan
must both be set at the same time.
If the
.Xr vlan 4
interface already has
a physical interface associated with it, this command will fail.
To
change the association to another physical interface, the existing
association must be cleared first.
.Pp
Note: if the hardware tagging capability
is set on the parent interface, the
.Xr vlan 4
pseudo
interface's behavior changes:
the
.Xr vlan 4
interface recognizes that the
parent interface supports insertion and extraction of VLAN tags on its
own (usually in firmware) and that it should pass packets to and from
the parent unaltered.
.It Fl vlandev Op Ar iface
If the driver is a
.Xr vlan 4
pseudo device, disassociate the parent interface from it.
This breaks the link between the
.Xr vlan 4
interface and its parent,
clears its VLAN tag, flags and its link address and shuts the interface down.
The
.Ar iface
argument is useless and hence deprecated.
.El
.Pp
The following parameters are specific to
.Xr carp 4
interfaces:
.Bl -tag -width indent
.It Cm advbase Ar seconds
Specifies the base of the advertisement interval in seconds.
The acceptable values are 1 to 255.
The default value is 1.
.\" The default value is
.\" .Dv CARP_DFLTINTV .
.It Cm advskew Ar interval
Specifies the skew to add to the base advertisement interval to
make one host advertise slower than another host.
It is specified in 1/256 of seconds.
The acceptable values are 1 to 254.
The default value is 0.
.It Cm pass Ar phrase
Set the authentication key to
.Ar phrase .
.It Cm vhid Ar n
Set the virtual host ID.
This is a required setting.
Acceptable values are 1 to 255.
.El
.Pp
The
.Nm
utility displays the current configuration for a network interface
when no optional parameters are supplied.
If a protocol family is specified,
.Nm
will report only the details specific to that protocol family.
.Pp
If the
.Fl m
flag is passed before an interface name,
.Nm
will display the capability list and all
of the supported media for the specified interface.
If
.Fl L
flag is supplied, address lifetime is displayed for IPv6 addresses,
as time offset string.
.Pp
Optionally, the
.Fl a
flag may be used instead of an interface name.
This flag instructs
.Nm
to display information about all interfaces in the system.
The
.Fl d
flag limits this to interfaces that are down, and
.Fl u
limits this to interfaces that are up.
When no arguments are given,
.Fl a
is implied.
.Pp
The
.Fl l
flag may be used to list all available interfaces on the system, with
no other additional information.
Use of this flag is mutually exclusive
with all other flags and commands, except for
.Fl d
(only list interfaces that are down)
and
.Fl u
(only list interfaces that are up).
.Pp
The
.Fl v
flag may be used to get more verbose status for an interface.
.Pp
The
.Fl C
flag may be used to list all of the interface cloners available on
the system, with no additional information.
Use of this flag is mutually exclusive with all other flags and commands.
.Pp
The
.Fl k
flag causes keying information for the interface, if available, to be
printed.
For example, the values of 802.11 WEP keys will be printed, if accessible to
the current user.
This information is not printed by default, as it may be considered
sensitive.
.Pp
Only the super-user may modify the configuration of a network interface.
.Sh NOTES
The media selection system is relatively new and only some drivers support
it (or have need for it).
.Sh DIAGNOSTICS
Messages indicating the specified interface does not exist, the
requested address is unknown, or the user is not privileged and
tried to alter an interface's configuration.
.Sh SEE ALSO
.Xr netstat 1 ,
.Xr carp 4 ,
.Xr netintro 4 ,
.Xr pfsync 4 ,
.Xr polling 4 ,
.Xr vlan 4 ,
.\" .Xr eon 5 ,
.Xr rc 8 ,
.Xr routed 8 ,
.Xr sysctl 8
.Sh HISTORY
The
.Nm
utility appeared in
.Bx 4.2 .
.Sh BUGS
Basic IPv6 node operation requires a link-local address on each
interface configured for IPv6.
Normally, such an address is automatically configured by the
kernel on each interface added to the system; this behaviour may
be disabled by setting the sysctl MIB variable
.Va net.inet6.ip6.auto_linklocal
to 0.
.Pp
If you delete such an address using
.Nm ,
the kernel may act very odd.
Do this at your own risk.