xref: /illumos-gate/usr/src/man/man8/dladm.8 (revision 2833423dc59f4c35fe4713dbb942950c82df0437)
1.\"
2.\" Sun Microsystems, Inc. gratefully acknowledges The Open Group for
3.\" permission to reproduce portions of its copyrighted documentation.
4.\" Original documentation from The Open Group can be obtained online at
5.\" http://www.opengroup.org/bookstore/.
6.\"
7.\" The Institute of Electrical and Electronics Engineers and The Open
8.\" Group, have given us permission to reprint portions of their
9.\" documentation.
10.\"
11.\" In the following statement, the phrase ``this text'' refers to portions
12.\" of the system documentation.
13.\"
14.\" Portions of this text are reprinted and reproduced in electronic form
15.\" in the SunOS Reference Manual, from IEEE Std 1003.1, 2004 Edition,
16.\" Standard for Information Technology -- Portable Operating System
17.\" Interface (POSIX), The Open Group Base Specifications Issue 6,
18.\" Copyright (C) 2001-2004 by the Institute of Electrical and Electronics
19.\" Engineers, Inc and The Open Group.  In the event of any discrepancy
20.\" between these versions and the original IEEE and The Open Group
21.\" Standard, the original IEEE and The Open Group Standard is the referee
22.\" document.  The original Standard can be obtained online at
23.\" http://www.opengroup.org/unix/online.html.
24.\"
25.\" This notice shall appear on any product containing this material.
26.\"
27.\" The contents of this file are subject to the terms of the
28.\" Common Development and Distribution License (the "License").
29.\" You may not use this file except in compliance with the License.
30.\"
31.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
32.\" or http://www.opensolaris.org/os/licensing.
33.\" See the License for the specific language governing permissions
34.\" and limitations under the License.
35.\"
36.\" When distributing Covered Code, include this CDDL HEADER in each
37.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
38.\" If applicable, add the following below this CDDL HEADER, with the
39.\" fields enclosed by brackets "[]" replaced with your own identifying
40.\" information: Portions Copyright [yyyy] [name of copyright owner]
41.\"
42.\"
43.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
44.\" Copyright 2016 Joyent, Inc.
45.\" Copyright 2020 RackTop Systems, Inc.
46.\" Copyright 2023 Oxide Computer Company
47.\" Copyright 2024 OmniOS Community Edition (OmniOSce) Association.
48.\"
49.Dd January 14, 2024
50.Dt DLADM 8
51.Os
52.Sh NAME
53.Nm dladm
54.Nd administer data links
55.Sh SYNOPSIS
56.Nm
57.Cm help
58.\" Link
59.Pp
60.Nm
61.Cm show-link
62.Op Fl P
63.Op Fl s Op Fl i Ar interval
64.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
65.Op Ar link
66.Nm
67.Cm rename-link
68.Op Fl R Ar root-dir
69.Ar link new-link
70.\" Phys
71.Pp
72.Nm
73.Cm delete-phys
74.Ar phys-link
75.Nm
76.Cm show-phys
77.Op Fl m | H | P
78.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
79.Op Ar phys-link
80.\" Aggr
81.Pp
82.Nm
83.Cm create-aggr
84.Op Fl t
85.Op Fl R Ar root-dir
86.Op Fl P Ar policy
87.Op Fl L Ar mode
88.Op Fl T Ar time
89.Op Fl u Ar address
90.Fl l Ar ether-link
91.Oo Fl l Ar ether-link Oc Ns ...
92.Ar aggr-link
93.Nm
94.Cm modify-aggr
95.Op Fl t
96.Op Fl R Ar root-dir
97.Op Fl P Ar policy
98.Op Fl L Ar mode
99.Op Fl T Ar time
100.Op Fl u Ar address
101.Ar aggr-link
102.Nm
103.Cm delete-aggr
104.Op Fl t
105.Op Fl R Ar root-dir
106.Ar aggr-link
107.Nm
108.Cm add-aggr
109.Op Fl t
110.Op Fl R Ar root-dir
111.Fl l Ar ether-link
112.Oo Fl l Ar ether-link Oc Ns ...
113.Ar aggr-link
114.Nm
115.Cm remove-aggr
116.Op Fl t
117.Op Fl R Ar root-dir
118.Fl l Ar ether-link
119.Oo Fl l Ar ether-link Oc Ns ...
120.Ar aggr-link
121.Nm
122.Cm show-aggr
123.Op Fl PLx
124.Op Fl s Op Fl i Ar interval
125.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
126.Op Ar aggr-link
127.\" Bridge
128.Pp
129.Nm
130.Cm create-bridge
131.Op Fl R Ar root-dir
132.Op Fl P Ar protect
133.Op Fl p Ar priority
134.Op Fl m Ar max-age
135.Op Fl h Ar hello-time
136.Op Fl d Ar forward-delay
137.Op Fl f Ar force-protocol
138.Oo Fl l Ar link Oc Ns ...
139.Ar bridge-name
140.Nm
141.Cm modify-bridge
142.Op Fl R Ar root-dir
143.Op Fl P Ar protect
144.Op Fl p Ar priority
145.Op Fl m Ar max-age
146.Op Fl h Ar hello-time
147.Op Fl d Ar forward-delay
148.Op Fl f Ar force-protocol
149.Ar bridge-name
150.Nm
151.Cm delete-bridge
152.Op Fl R Ar root-dir
153.Ar bridge-name
154.Nm
155.Cm add-bridge
156.Op Fl R Ar root-dir
157.Fl l Ar link
158.Oo Fl l Ar link Oc Ns ...
159.Ar bridge-name
160.Nm
161.Cm remove-bridge
162.Op Fl R Ar root-dir
163.Fl l Ar link
164.Oo Fl l Ar link Oc Ns ...
165.Ar bridge-name
166.Nm
167.Cm show-bridge
168.Op Fl flt
169.Op Fl s Op Fl i Ar interval
170.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
171.Ar bridge-name
172.\" VLAN
173.Pp
174.Nm
175.Cm create-vlan
176.Op Fl ft
177.Op Fl R Ar root-dir
178.Fl l Ar ether-link
179.Fl v Ar vid
180.Op Ar vlan-link
181.Nm
182.Cm delete-vlan
183.Op Fl t
184.Op Fl R Ar root-dir
185.Ar vlan-link
186.Nm
187.Cm show-vlan
188.Op Fl P
189.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
190.Op Ar vlan-link
191.\" Wifi
192.Pp
193.Nm
194.Cm scan-wifi
195.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
196.Op Ar wifi-link
197.Nm
198.Cm connect-wifi
199.Op Fl e Ar essid
200.Op Fl i Ar bssid
201.Op Fl k Ar key Ns ,...
202.Sm off
203.Oo Fl s\~ Cm none | wep | wpa Oc \ \&
204.Oo Fl a\~ Cm open | shared Oc \ \&
205.Oo Fl b\~ Cm bss | ibss Oc
206.Sm on
207.Op Fl c
208.Sm off
209.Oo Fl m\~ Cm a | b | g Oc \ \&
210.Sm on
211.Op Fl T Ar time
212.Op Ar wifi-link
213.Nm
214.Cm disconnect-wifi
215.Op Fl a
216.Op Ar wifi-link
217.Nm
218.Cm show-wifi
219.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
220.Op Ar wifi-link
221.\" Ether
222.Pp
223.Nm
224.Cm show-ether
225.Op Fl x
226.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
227.Op Ar ether-link
228.\" Linkprop
229.Pp
230.Nm
231.Cm set-linkprop
232.Op Fl t
233.Op Fl R Ar root-dir
234.Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,...
235.Ar link
236.Nm
237.Cm reset-linkprop
238.Op Fl t
239.Op Fl R Ar root-dir
240.Op Fl p Ar prop Ns Op ,...
241.Ar link
242.Nm
243.Cm show-linkprop
244.Op Fl P
245.Op Oo Fl c Oc Fl o Ar field Ns Op ,...
246.Op Fl p Ar prop Ns Op ,...
247.Op Ar link
248.\" Secobj
249.Pp
250.Nm
251.Cm create-secobj
252.Op Fl t
253.Op Fl R Ar root-dir
254.Op Fl f Ar file
255.Fl c Ar class Ar secobj
256.Nm
257.Cm delete-secobj
258.Op Fl t
259.Op Fl R Ar root-dir
260.Ar secobj Ns Op ,...
261.Nm
262.Cm show-secobj
263.Op Fl P
264.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
265.Op Ar secobj Ns Op ,...
266.\" VNIC
267.Pp
268.Nm
269.Cm create-vnic
270.Op Fl t
271.Op Fl R Ar root-dir
272.Fl l Ar link
273.Oo
274.Fl m
275.Ar value |
276.Cm auto |
277.Cm factory Fl n Ar slot-identifier |
278.Cm random Op Fl r Ar prefix
279.Oc
280.Op Fl v Ar vlan-id
281.Op Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,...
282.Ar vnic-link
283.Nm
284.Cm delete-vnic
285.Op Fl t
286.Op Fl R Ar root-dir
287.Ar vnic-link
288.Nm
289.Cm show-vnic
290.Op Fl P
291.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
292.Op Fl s Op Fl i Ar interval
293.Op Fl l Ar link
294.Op Ar vnic-link
295.\" Etherstub
296.Pp
297.Nm
298.Cm create-etherstub
299.Op Fl t
300.Op Fl R Ar root-dir
301.Ar etherstub
302.Nm
303.Cm delete-etherstub
304.Op Fl t
305.Op Fl R Ar root-dir
306.Ar etherstub
307.Nm
308.Cm show-etherstub
309.Op Ar etherstub
310.\" IPTun
311.Pp
312.Nm
313.Cm create-iptun
314.Op Fl t
315.Op Fl R Ar root-dir
316.Fl T Ar type
317.Sm off
318.Oo Fl a\~
319.Brq Cm local | remote
320.Cm = Ar addr Op ,...
321.Oc
322.Sm on
323.Ar iptun-link
324.Nm
325.Cm modify-iptun
326.Op Fl t
327.Op Fl R Ar root-dir
328.Sm off
329.Oo Fl a\~
330.Brq Cm local | remote
331.Cm = Ar addr Op ,...
332.Oc
333.Sm on
334.Ar iptun-link
335.Nm
336.Cm delete-iptun
337.Op Fl t
338.Op Fl R Ar root-dir
339.Ar iptun-link
340.Nm
341.Cm show-iptun
342.Op Fl P
343.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
344.Op Ar iptun-link
345.\" Overlay
346.Pp
347.Nm
348.Cm create-overlay
349.Op Fl t
350.Fl e Ar encap
351.Fl s Ar search
352.Fl v Ar vnetid
353.Op Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,...
354.Ar overlay
355.Nm
356.Cm delete-overlay
357.Op Fl t
358.Ar overlay
359.Nm
360.Cm modify-overlay
361.Fl d Ar mac |
362.Fl f |
363.Sm off
364.Fl s\~ Ar mac Cm \&= Ar ip Cm \&: Ar port
365.Sm on
366.Ar overlay
367.Nm
368.Cm show-overlay
369.Op Fl f | t
370.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
371.Op Ar overlay
372.\" Usage
373.Pp
374.Nm
375.Cm show-usage
376.Op Fl a
377.Fl f Ar filename
378.Op Fl p Ar plotfile Fl F Ar format
379.Op Fl s Ar time
380.Op Fl e Ar time
381.Op Ar link
382.Sh DESCRIPTION
383The
384.Nm
385command is used to administer data-links.
386A data-link is represented in the system as a STREAMS DLPI
387.Pq v2
388interface which can be plumbed under protocol stacks such as TCP/IP.
389Each data-link relies on either a single network device or an aggregation of
390devices to send packets to or receive packets from a network.
391.Pp
392Each
393.Nm
394subcommand operates on one of the following objects:
395.Bl -tag -width etherstub
396.It Ar link
397A datalink, identified by a name.
398In general, the name can use any alphanumeric characters
399or underscore
400.Pq _ ,
401but must start with an alphabetic character and end with a number.
402A datalink name can be at most 31 characters, and the ending number must be
403between 0 and 4294967294
404.Pq inclusive .
405The ending number must not begin with a zero.
406Datalink names between 3 and 8 characters are recommended.
407.Pp
408Some subcommands operate only on certain types or classes of datalinks.
409For those cases, the following object names are used:
410.Bl -tag -width iptun-link
411.It Ar phys-link
412A physical datalink.
413.It Ar vlan-link
414A VLAN datalink.
415.It Ar aggr-link
416An aggregation datalink
417.Po
418or a key; see
419.Sx NOTES
420.Pc .
421.It Ar ether-link
422A physical Ethernet datalink.
423.It Ar wifi-link
424A WiFi datalink.
425.It Ar vnic-link
426A virtual network interface created on a link, an etherstub, or an overlay.
427It is a pseudo device that can be treated as if it were an network interface
428card on a machine.
429.It Ar iptun-link
430An IP tunnel link.
431.El
432.It Ar dev
433A network device, identified by concatenation of a driver name and an instance
434number.
435.It Ar etherstub
436An Ethernet stub can be used instead of a physical NIC to create VNICs.
437VNICs created on an etherstub will appear to be connected through a virtual
438switch, allowing complete virtual networks to be built without physical
439hardware.
440.It Ar bridge
441A bridge instance, identified by an administratively-chosen name.
442The name may use any alphanumeric characters or the underscore,
443.Pq _ ,
444but must start and end with an alphabetic character.
445A bridge name can be at most 31 characters.
446The name
447.Sq default
448is reserved, as are all names starting with
449.Sq SUNW .
450.Pp
451Note that appending a zero
452.Pq 0
453to a bridge name produces a valid link name, used for observability.
454.It Ar secobj
455A secure object, identified by an administratively-chosen name.
456The name can use any alphanumeric characters, as well as underscore
457.Pq _ ,
458dot
459.Pq \&. ,
460and hyphen
461.Pq \&- .
462A secure object name can be at most 32 characters.
463.It Ar overlay
464An overlay instance, identified by an administratively-chosen name.
465An overlay can be used to create or join an existing software defined network.
466VNICs created on an overlay will appear to be connected by a local virtual
467switch and will also be connected to interfaces on matching overlays provided by
468other hosts.
469For more information on overlay devices, see
470.Xr overlay 7 .
471.El
472.Ss Options
473Each
474.Nm
475subcommand has its own set of options.
476However, many of the subcommands have the following as a common option:
477.Bl -tag -width 4n
478.It Xo
479.Fl R Ar root-dir ,
480.Fl \&-root-dir Ns Cm = Ns Ar root-dir
481.Xc
482Specifies an alternate root directory where the operation \(em such as creation,
483deletion, or renaming \(em should apply.
484.El
485.Ss SUBCOMMANDS
486When invoked with no arguments,
487.Nm
488shows the link configuration information, in the same way as
489.Nm
490.Cm show-link .
491.Pp
492The following subcommands are supported:
493.Bl -tag -width 4n
494.It Nm Cm help
495Display brief command usage.
496.It Xo
497.Nm Cm show-link
498.Op Fl P
499.Op Fl s Op Fl i Ar interval
500.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
501.Op Ar link
502.Xc
503.Pp
504Show link configuration information
505.Pq the default
506or statistics, either for all datalinks or for the
507.Ar link .
508By default, the system is configured with one datalink for each known network
509device.
510.Bl -tag -width 4n
511.It Xo
512.Fl o Ar field Ns Oo ,... Oc ,
513.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
514.Xc
515A case-insensitive, comma-separated list of output fields to display.
516When not modified by the
517.Fl s
518option
519.Pq described below ,
520the field name must be one of the fields listed below, or the special value
521.Cm all
522to display all fields.
523By default
524.Po without
525.Fl o
526.Pc ,
527.Cm show-link
528displays all fields.
529.Bl -tag -width BRIDGE
530.It Sy LINK
531The name of the datalink.
532.It Sy CLASS
533The class of the datalink.
534.Nm
535distinguishes between the following classes:
536.Bl -tag -width etherstub
537.It Sy phys
538A physical datalink.
539The
540.Cm show-phys
541subcommand displays more detail for this class of datalink.
542.It Sy aggr
543An IEEE 802.3ad link aggregation.
544The
545.Cm show-aggr
546subcommand displays more detail for this class of datalink.
547.It Sy etherstub
548An Ethernet stub.
549The
550.Cm show-etherstub
551subcommand displays more detail for this class of datalink.
552.It Sy overlay
553An overlay.
554The
555.Cm show-overlay
556subcommand displays more detail for this class of datalink.
557.It Sy vlan
558A VLAN datalink.
559The
560.Cm show-vlan
561subcommand displays more detail for this class of datalink.
562.It Sy vnic
563A virtual network interface.
564The
565.Cm show-vnic
566subcommand displays more detail for this class of datalink.
567.It Sy misc
568A generic datalink without any other class-specific properties.
569Generally used to indicate a pseudo device that doesn't otherwise correspond to
570one of the above classes.
571.El
572.It Sy MTU
573The maximum transmission unit size for the datalink being displayed.
574.It Sy STATE
575The link state of the datalink.
576The state can be
577.Sq up ,
578.Sq down ,
579or
580.Sq unknown .
581.It Sy BRIDGE
582The name of the bridge to which this link is assigned, if any.
583.It Sy OVER
584The physical datalink(s) over which the datalink is operating.
585This applies to aggr, bridge, and vlan classes ov datalinks.
586A VLAN is created over a single physical datalink, a bridge has multiple
587attached links, and an aggregation is comprised of one or more physical
588datalinks.
589.El
590.Pp
591When the
592.Fl o
593option is used in conjunction with the
594.Fl s
595option, used to display link statistics, the field name must be one of the
596fields listed below, or the special value
597.Cm all
598to display all fields.
599.Bl -tag -width IPACKETS
600.It Sy LINK
601The name of the datalink.
602.It Sy IPACKETS
603Number of packets received on this link.
604.It Sy RBYTES
605Number of bytes received on this link.
606.It Sy IERRORS
607Number of input errors.
608.It Sy OPACKETS
609Number of packets sent on this link.
610.It Sy OBYTES
611Number of bytes sent on this link.
612.It Sy OERRORS
613Number of output errors.
614.El
615.It Fl p , \&-parsable
616Display using a stable machine-parsable format.
617The
618.Fl o
619option is required with
620.Fl p .
621See
622.Sx "Parsable Output Format" ,
623below.
624.It Fl P , \&-persistent
625Display the persistent link configuration.
626.It Fl s , Fl \&-statistics
627Display link statistics.
628.It Fl i Ar interval , \&-interval Ns Cm \&= Ar interval
629Used with the
630.Fl s
631option to specify an interval, in seconds, at which statistics should be
632displayed.
633If this option is not specified, statistics will be displayed only once.
634.El
635.It Xo
636.Nm Cm rename-link
637.Op Fl R Ar root-dir
638.Ar link new-link
639.Xc
640.Pp
641Rename
642.Ar link
643to
644.Ar new-link .
645This is used to give a link a meaningful name, or to associate existing link
646configuration such as link properties of a removed device with a new device.
647See the
648.Sx EXAMPLES
649section for specific examples of how this subcommand is used.
650.Bl -tag -width 4n
651.It Xo
652.Fl R Ar root-dir , \&-root-dir Ns Cm = Ns Ar root-dir
653.Xc
654See
655.Sx Options ,
656above.
657.El
658.It Xo
659.Nm Cm delete-phys
660.Ar phys-link
661.Xc
662.Pp
663This command is used to delete the persistent configuration of a link
664associated with physical hardware which has been removed from the system.
665See the
666.Sx EXAMPLES
667section.
668.It Xo
669.Nm Cm show-phys
670.Op Fl m | H | P
671.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
672.Op Ar phys-link
673.Xc
674.Pp
675Show the physical device and attributes of all physical links, or of the named
676physical link.
677Without
678.Fl P ,
679only physical links that are available on the running system are displayed.
680.Bl -tag -width 4n
681.It Fl H
682Show hardware resource usage, as returned by the NIC driver.
683Output from
684.Fl H
685displays the following elements:
686.Bl -tag -width 9n
687.It Sy LINK
688A physical device corresponding to a NIC driver.
689.It Sy RINGTYPE
690RX or TX.
691All rings in a group are of the same group type.
692.It Sy RINGS
693A hardware resource used by a data link, subject to assignment by a driver to
694different groups.
695.It Sy CLIENTS
696MAC clients that are using the rings within a group.
697.El
698.It Fl m
699Show MAC addresses and related information.
700Output from
701.Fl m
702displays the following elements:
703.Bl -tag -width 9n
704.It Sy LINK
705A physical device corresponding to a NIC driver.
706.It Sy SLOT
707When a given physical device has multiple factory MAC addresses, this
708indicates the slot of the corresponding MAC address which can be used as
709part of a call to
710.Cm create-vnic .
711.It Sy ADDRESS
712Displays the MAC address of the device.
713.It Sy INUSE
714Displays whether or not a MAC Address is actively being used.
715.It Sy CLIENT
716MAC clients that are using the address.
717.El
718.It Xo
719.Fl o Ar field Ns Oo ,... Oc ,
720.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
721.Xc
722A case-insensitive, comma-separated list of output fields to display.
723The field name must be one of the fields listed below, or the special value
724.Cm all ,
725to display all fields.
726Note that if either
727.Fl H
728or
729.Fl m
730are specified, then the valid options are those described in their respective
731sections.
732For each link, the following fields can be displayed:
733.Bl -tag -width 9n
734.It Sy LINK
735The name of the datalink.
736.It Sy MEDIA
737The media type provided by the physical datalink.
738.It Sy STATE
739The state of the link.
740This can be
741.Sq up ,
742.Sq down ,
743or
744.Sq unknown .
745.It Sy SPEED
746The current speed of the link, in megabits per second.
747.It Sy DUPLEX
748For Ethernet links, the full/half duplex status of the link is displayed if the
749link state is up.
750The duplex is displayed as unknown in all other cases.
751.It Sy DEVICE
752The name of the physical device under this link.
753.El
754.It Fl p , \&-parsable
755Display using a stable machine-parsable format.
756The
757.Fl o
758option is required with
759.Fl p .
760See
761.Sx Parsable Output Format ,
762below.
763.It Fl P , \&-persistent
764This option displays persistent configuration for all links, including those
765that have been removed from the system.
766The output provides a
767.Sy FLAGS
768column in which the
769.Sy r
770flag indicates that the physical device associated with a physical link has
771been removed.
772For such links,
773.Cm delete-phys
774can be used to purge the link's configuration from the system.
775.El
776.It Xo
777.Nm Cm create-aggr
778.Op Fl t
779.Op Fl R Ar root-dir
780.Op Fl P Ar policy
781.Op Fl L Ar mode
782.Op Fl T Ar time
783.Op Fl u\~ Ns Ar address
784.Fl l Ar ether-link
785.Oo Fl l ether-link Oc Ns ...
786.Ar aggr-link
787.Xc
788.Pp
789Combine a set of links into a single IEEE 802.3ad link aggregation named
790.Ar aggr-link .
791The use of an integer
792.Ar key
793to generate a link name for the aggregation is also supported for backward
794compatibility.
795Many of the
796.Cm -aggr
797subcommands below also support the use of a
798.Ar key
799to refer to a given aggregation, but use of the aggregation link name is
800preferred.
801See the
802.Sx NOTES
803section for more information on keys.
804.Pp
805.Nm
806supports a number of port selection policies for an aggregation of
807ports.
808.Po
809See the description of the
810.Fl P
811option, below
812.Pc .
813If you do not specify a policy,
814.Cm create-aggr
815uses the L4 policy, described under the
816.Fl P
817option.
818.Bl -tag -width 4n
819.It Fl l Ar ether-link , Fl \&-link Ns Cm = Ns Ar ether-link
820Each Ethernet link
821.Pq or port
822in the aggregation is specified using an
823.Fl l
824option followed by the name of the link to be included in the aggregation.
825Multiple links are included in the aggregation by specifying multiple
826.Fl l
827options.
828For backwards compatibility, the
829.Nm
830command also supports the using the
831.Fl d
832option
833.Po
834or
835.Fl \&-dev
836.Pc
837with a device name to specify links by their underlying device name.
838The other
839.Cm -aggr
840subcommands that take
841.Fl l
842options also accept
843.Fl d .
844.It Fl t , \&-temporary
845Specifies that the aggregation is temporary.
846Temporary aggregations last until the next reboot.
847.It Xo
848.Fl R Ar root-dir ,
849.Fl \&-root-dir Ns Cm = Ns Ar root-dir
850.Xc
851See
852.Sx Options ,
853above.
854.It Fl P Ar policy , Fl \&-policy Ns Cm = Ns Ar policy
855Specifies the port selection policy to use for load spreading of outbound
856traffic.
857The policy specifies which
858.Ar dev
859object is used to send packets.
860A policy is a list of one or more layers specifiers separated by commas.
861A layer specifier is one of the following:
862.Bl -tag -width 4n
863.It Sy L2
864Select outbound device according to source and destination MAC addresses of the
865packet.
866.It Sy L3
867Select outbound device according to source and destination IP addresses of the
868packet.
869.It Sy L4
870Select outbound device according to the upper layer protocol information
871contained in the packet.
872For TCP and UDP this includes source and destination ports.
873For IPsec, this includes the SPI
874.Pq Security Parameters Index .
875.El
876.Pp
877For example, to use upper layer protocol information, the following policy can
878be used:
879.Pp
880.D1 -P L4
881.Pp
882Note that policy L4 is the default.
883.Pp
884To use the source and destination MAC addresses as well as the source and
885destination IP addresses, the following policy can be used:
886.Pp
887.D1 -P L2,L3
888.It Fl L Ar mode , Fl \&-lacp-mode Ns Cm = Ns Ar mode
889Specifies whether LACP should be used and, if used, the mode in which it
890should operate.
891Supported values are
892.Cm off ,
893.Cm active
894or
895.Cm passive .
896.It Fl T Ar time , Fl \&-lacp-timer Ns Cm = Ns Ar mode
897Specifies the LACP timer value.
898The supported values are
899.Cm short
900or
901.Cm long .
902.It Fl u Ar address , Fl \&-unicast Ns Cm = Ns Ar address
903Specifies a fixed unicast hardware address to be used for the aggregation.
904If this option is not specified, then an address is automatically chosen from
905the set of addresses of the component devices.
906.El
907.It Xo
908.Nm Cm modify-aggr
909.Op Fl t
910.Op Fl R Ar root-dir
911.Op Fl P Ar policy
912.Op Fl L Ar mode
913.Op Fl T Ar time
914.Op Fl u\~ Ns Ar address
915.Ar aggr-link
916.Xc
917.Pp
918Modify the parameters of the specified aggregation.
919.Bl -tag -width 4n
920.It Fl t , \&-temporary
921Specifies that the modification is temporary.
922Temporary modifications last until the next reboot.
923.It Xo
924.Fl R Ar root-dir ,
925.Fl \&-root-dir Ns Cm = Ns Ar root-dir
926.Xc
927See
928.Sx Options ,
929above.
930.It Fl P Ar policy , Fl \&-policy Ns Cm = Ns Ar policy
931Specifies the port selection policy to use for load spreading of outbound
932traffic.
933See
934.Nm Cm create-aggr
935for a description of valid policy values.
936.It Fl L Ar mode , Fl \&-lacp-mode Ns Cm = Ns Ar mode
937Specifies whether LACP should be used and, if used, the mode in which it
938should operate.
939Supported values are
940.Cm off ,
941.Cm active ,
942or
943.Cm passive .
944.It Fl T Ar time , Fl \&-lacp-timer Ns Cm = Ns Ar time
945Specifies the LACP timer value.
946The supported values are
947.Cm short
948or
949.Cm long .
950.It Fl u Ar address , Fl \&-unicast Ns Cm = Ns Ar address
951Specifies a fixed unicast hardware address to be used for the aggregation.
952If this option is not specified, then an address is automatically chosen from
953the set of addresses of the component devices.
954.El
955.It Xo
956.Nm Cm delete-aggr
957.Op Fl t
958.Op Fl R Ar root-dir
959.Ar aggr-link
960.Xc
961.Pp
962Deletes the specified aggregation.
963.Bl -tag -width 4n
964.It Fl t , \&-temporary
965Specifies that the deletion is temporary.
966Temporary deletions last until the next reboot.
967.It Xo
968.Fl R Ar root-dir ,
969.Fl \&-root-dir Ns Cm = Ns Ar root-dir
970.Xc
971See
972.Sx Options ,
973above.
974.El
975.It Xo
976.Nm Cm add-aggr
977.Op Fl t
978.Op Fl R Ar root-dir
979.Fl l Ar ether-link
980.Oo Fl l Ar ether-link Oc Ns ...
981.Ar aggr-link
982.Xc
983.Pp
984Adds links to the specified aggregation.
985.Bl -tag -width 4n
986.It Fl l Ar ether-link , Fl \&-link Ns Cm = Ns Ar ether-link
987Specifies an Ethernet link to add to the aggregation.
988Multiple links can be added by supplying multiple
989.Fl l
990options.
991.It Fl t , \&-temporary
992Specifies that the additions are temporary.
993Temporary additions last until the next reboot.
994.It Xo
995.Fl R Ar root-dir ,
996.Fl \&-root-dir Ns Cm = Ns Ar root-dir
997.Xc
998See
999.Sx Options ,
1000above.
1001.El
1002.It Xo
1003.Nm Cm remove-aggr
1004.Op Fl t
1005.Op Fl R Ar root-dir
1006.Fl l Ar ether-link
1007.Oo Fl l Ar ether-link Oc Ns ...
1008.Ar aggr-link
1009.Xc
1010.Pp
1011Removes links from the specified aggregation.
1012.Bl -tag -width 4n
1013.It Fl l Ar ether-link , Fl \&-link Ns Cm = Ns Ar ether-link
1014Specifies an Ethernet link to remove from the aggregation.
1015Multiple links can be removed by supplying multiple
1016.Fl l
1017options.
1018.It Fl t , \&-temporary
1019Specifies that the removals are temporary.
1020Temporary removals last until the next reboot.
1021.It Xo
1022.Fl R Ar root-dir ,
1023.Fl \&-root-dir Ns Cm = Ns Ar root-dir
1024.Xc
1025See
1026.Sx Options ,
1027above.
1028.El
1029.It Xo
1030.Nm Cm show-aggr
1031.Op Fl PLx
1032.Op Fl s Op Fl i Ar interval
1033.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
1034.Op Ar aggr-link
1035.Xc
1036.Pp
1037Show aggregation configuration
1038.Pq the default ,
1039LACP information, or statistics, either for all aggregations or for the
1040specified aggregation.
1041.Pp
1042By default
1043.Pq with no options ,
1044the following fields can be displayed:
1045.Bl -tag -width LACPACTIVITY
1046.It Sy LINK
1047The name of the aggregation link.
1048.It Sy POLICY
1049The LACP policy of the aggregation.
1050See the
1051.Cm create-aggr
1052.Fl P
1053option for a description of the possible values.
1054.It Sy ADDRPOLICY
1055Either
1056.Sq auto ,
1057if the aggregation is configured to automatically configure its unicast MAC
1058address
1059.Po the default if the
1060.Fl u
1061option was not used to create or modify the aggregation
1062.Pc ,
1063or
1064.Sq fixed ,
1065if
1066.Fl u
1067was used to set a fixed MAC address.
1068.It Sy LACPACTIVITY
1069The LACP mode of the aggregation.
1070Possible values are
1071.Sq off ,
1072.Sq active ,
1073or
1074.Sq passive ,
1075as set by the
1076.Fl l
1077option to
1078.Cm create-aggr
1079or
1080.Cm modify-aggr .
1081.It Sy LACPTIMER
1082The LACP timer value of the aggregation as set by the
1083.Fl T
1084option of
1085.Cm create-aggr
1086or
1087.Cm modify-aggr .
1088.It Sy FLAGS
1089A set of state flags associated with the aggregation.
1090The only possible flag is
1091.Sq f ,
1092which is displayed if the administrator forced the creation the aggregation
1093using the
1094.Fl f
1095option to
1096.Cm create-aggr .
1097Other flags might be defined in the future.
1098.El
1099.Pp
1100The
1101.Cm show-aggr
1102command accepts the following options:
1103.Bl -tag -width 4n
1104.It Fl L , \&-lacp
1105Displays detailed LACP information for the aggregation link and each underlying
1106port.
1107Most of the state information displayed by this option is defined by IEEE
1108802.3.
1109With this option, the following fields can be displayed:
1110.Bl -tag -width AGGREGATABLE
1111.It Sy LINK
1112The name of the aggregation link.
1113.It Sy PORT
1114The name of one of the underlying aggregation ports.
1115.It Sy AGGREGATABLE
1116Whether the port can be added to the aggregation.
1117.It Sy SYNC
1118If
1119.Sq yes ,
1120the system considers the port to be synchronized and part of the aggregation.
1121.It Sy COLL
1122If
1123.Sq yes ,
1124collection of incoming frames is enabled on the associated port.
1125.It Sy DIST
1126If
1127.Sq yes ,
1128distribution of outgoing frames is enabled on the associated port.
1129.It Sy DEFAULTED
1130If
1131.Sq yes ,
1132the port is using defaulted partner information
1133.Pq that is, has not received LACP data from the LACP partner .
1134.It Sy EXPIRED
1135If
1136.Sq yes ,
1137the receive state of the port is in the EXPIRED state.
1138.El
1139.It Fl x , \&-extended
1140Display additional aggregation information including detailed information on
1141each underlying port.
1142With
1143.Fl x ,
1144the following fields can be displayed:
1145.Bl -tag -width AGGREGATABLE
1146.It Sy LINK
1147The name of the aggregation link.
1148.It Sy PORT
1149The name of one of the underlying aggregation ports.
1150.It Sy SPEED
1151The speed of the link or port in megabits per second.
1152.It Sy DUPLEX
1153The full/half duplex status of the link or port is displayed if the link state
1154is
1155.Sq up .
1156The duplex status is displayed as
1157.Sq unknown
1158in all other cases.
1159.It Sy STATE
1160The link state.
1161This can be
1162.Sq up ,
1163.Sq down ,
1164or
1165.Sq unknown .
1166.It Sy ADDRESS
1167The MAC address of the link or port.
1168.It Sy PORTSTATE
1169This indicates whether the individual aggregation port is in the
1170.Sq standby
1171or
1172.Sq attached
1173state.
1174.El
1175.It Xo
1176.Fl o Ar field Ns Oo ,... Oc ,
1177.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
1178.Xc
1179A case-insensitive, comma-separated list of output fields to display.
1180The field name must be one of the fields listed above, or the special value
1181.Cm all ,
1182to display all fields.
1183The fields applicable to the
1184.Fl o
1185option are limited to those listed under each output mode.
1186For example, if using
1187.Fl L ,
1188only the fields listed under
1189.Fl L ,
1190above, can be used with
1191.Fl o .
1192.It Fl p , \&-parsable
1193Display using a stable machine-parsable format.
1194The
1195.Fl o
1196option is required with
1197.Fl p .
1198See
1199.Sx Parsable Output Format ,
1200below.
1201.It Fl p , \&-persistent
1202Display the persistent aggregation configuration rather than the state of the
1203running system.
1204.It Fl s , \&-statistics
1205Displays aggregation statistics.
1206.It Fl i Ar interval , Fl \&-interval Ns Cm = Ns Ar interval
1207Used with the
1208.Fl s
1209option to specify an interval, in seconds, at which statistics should be
1210displayed.
1211If this option is not specified, statistics will be displayed only once.
1212.El
1213.It Xo
1214.Nm Cm create-bridge
1215.Op Fl R Ar root-dir
1216.Op Fl P Ar protect
1217.Op Fl p Ar priority
1218.Op Fl m Ar max-age
1219.Op Fl h Ar hello-time
1220.Op Fl d Ar forward-delay
1221.Op Fl f Ar force-protocol
1222.Oo Fl l Ar link Oc Ns ...
1223.Ar bridge-name
1224.Xc
1225.Pp
1226Create an 802.1D bridge instance and optionally assign one or more network
1227links to the new bridge.
1228By default, no bridge instances are present on the system.
1229.Pp
1230In order to bridge between links, you must create at least one bridge instance.
1231Each bridge instance is separate, and there is no forwarding connection between
1232bridges.
1233.Bl -tag -width 4n
1234.It Fl P Ar protect , Fl \&-protect Ns Cm = Ns Ar protect
1235Specifies a protection method.
1236The defined protection methods are
1237.Cm stp
1238for the Spanning Tree Protocol and
1239.Cm trill
1240for TRILL, which is used on RBridges.
1241The default value is
1242.Cm stp .
1243.It Xo
1244.Fl R Ar root-dir ,
1245.Fl \&-root-dir Ns Cm = Ns Ar root-dir
1246.Xc
1247See
1248.Sx Options ,
1249above.
1250.It Fl p Ar priority , Fl \&-priority Ns Cm = Ns Ar priority
1251Specifies the Bridge Priority.
1252This sets the IEEE STP priority value for determining the root bridge node in
1253the network.
1254The default value is 32768.
1255Valid values are 0
1256.Pq highest priority
1257to 61440
1258.Pq lowest priority ,
1259in increments of 4096.
1260.Pp
1261If a value not evenly divisible by 4096 is used, the system silently rounds
1262downwards to the next lower value that is divisible by 4096.
1263.It Fl m Ar max-age , Fl \&-max-age Ns Cm = Ns Ar max-age
1264Specifies the maximum age for configuration information in seconds.
1265This sets the STP Bridge Max Age parameter.
1266This value is used for all nodes in the network if this node is the root
1267bridge.
1268Bridge link information older than this time is discarded.
1269It defaults to 20 seconds.
1270Valid values are from 6 to 40 seconds.
1271See the
1272.Fl d Ar forward-delay
1273parameter for additional constraints.
1274.It Fl h Ar hello-time , Fl \&-hello-time Ns Cm = Ns Ar hello-time
1275Specifies the STP Bridge Hello Time parameter.
1276When this node is the root node, it sends Configuration BPDUs at this interval
1277throughout the network.
1278The default value is 2 seconds.
1279Valid values are from 1 to 10 seconds.
1280See the
1281.Fl d Ar forward-delay
1282parameter for additional constraints.
1283.It Fl d Ar forward-delay , Fl \&-forward-delay Ns Cm = Ns Ar forward-delay
1284Specifies the STP Bridge Forward Delay parameter.
1285When this node is the root node, then all bridges in the network use this timer
1286to sequence the link states when a port is enabled.
1287The default value is 15 seconds.
1288Valid values are from 4 to 30 seconds.
1289.Pp
1290Bridges must obey the following two constraints:
1291.Pp
1292.D1 2 * \&( Ns Ar forward-delay No - 1.0) >= Ar max-age
1293.Pp
1294.D1 Ar max-age No >= 2 * \&( Ns Ar hello-time No + 1.0\&)
1295.Pp
1296Any parameter setting that would violate those constraints is treated as an
1297error and causes the command to fail with a diagnostic message.
1298The message provides valid alternatives to the supplied values.
1299.It Xo
1300.Fl f Ar force-protocol ,
1301.Fl \&-force-protocol Ns Cm = Ns Ar force-protocol
1302.Xc
1303Specifies the MSTP forced maximum supported protocol.
1304The default value is 3.
1305Valid values are non-negative integers.
1306The current implementation does not support RSTP or MSTP, so this currently has
1307no effect.
1308However, to prevent MSTP from being used in the future, the parameter may be
1309set to 0 for STP only or 2 for STP and RSTP.
1310.It Fl l Ar link , Fl \&-link Ns Cm = Ns Ar link
1311Specifies one or more links to add to the newly-created bridge.
1312This is similar to creating the bridge and then adding one or more links, as
1313with the
1314.Cm add-bridge
1315subcommand.
1316However, if any of the links cannot be added, the entire command fails, and the
1317new bridge itself is not created.
1318To add multiple links on the same command line, repeat this option for each
1319link.
1320You are permitted to create bridges without links.
1321For more information about link assignments, see the
1322.Cm add-bridge
1323subcommand.
1324.El
1325.Pp
1326Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG privilege.
1327Bridge creation might fail if the optional bridging feature is not installed on
1328the system.
1329.It Xo
1330.Nm Cm modify-bridge
1331.Op Fl R Ar root-dir
1332.Op Fl P Ar protect
1333.Op Fl p Ar priority
1334.Op Fl m Ar max-age
1335.Op Fl h Ar hello-time
1336.Op Fl d Ar forward-delay
1337.Op Fl f Ar force-protocol
1338.Ar bridge-name
1339.Xc
1340.Pp
1341Modify the operational parameters of an existing bridge.
1342The options are the same as for the
1343.Cm create-bridge
1344subcommand, except that the
1345.Fl l
1346option is not permitted.
1347To add links to an existing bridge, use the
1348.Cm add-bridge
1349subcommand.
1350.Pp
1351Bridge parameter modification requires the PRIV_SYS_DL_CONFIG privilege.
1352.It Xo
1353.Nm Cm delete-bridge
1354.Op Fl R Ar root-dir
1355.Ar bridge-name
1356.Xc
1357Delete a bridge instance.
1358The bridge being deleted must not have any attached links.
1359Use the
1360.Cm remove-bridge
1361subcommand to deactivate links before deleting a bridge.
1362.Pp
1363Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege.
1364.Pp
1365The
1366.Fl R
1367.Pq Fl \&-root-dir
1368option is the same as for the
1369.Cm create-bridge
1370subcommand.
1371.It Xo
1372.Nm Cm add-bridge
1373.Op Fl R Ar root-dir
1374.Fl l Ar link
1375.Oo Fl l Ar link Oc Ns ...
1376.Ar bridge-name
1377.Xc
1378.Pp
1379Add one or more links to an existing bridge.
1380If multiple links are specified, and adding any one of them results in an
1381error, the command fails and no changes are made to the system.
1382.Pp
1383Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privilege.
1384.Pp
1385A link may be a member of at most one bridge.
1386An error occurs when you attempt to add a link that already belongs to another
1387bridge.
1388To move a link from one bridge instance to another, remove it from the current
1389bridge before adding it to a new one.
1390.Pp
1391The links assigned to a bridge must not also be VLANs, VNICs, or tunnels.
1392Only physical Ethernet datalinks, aggregation datalinks, wireless links, and
1393Ethernet stubs are permitted to be assigned to a bridge.
1394.Pp
1395Links assigned to a bridge must all have the same MTU.
1396This is checked when the link is assigned.
1397The link is added to the bridge in a deactivated form if it is not the first
1398link on the bridge and it has a differing MTU.
1399.Pp
1400Note that systems using bridging should not set the
1401.Xr eeprom 8
1402.Dv local-mac-address?\&
1403variable to false.
1404.Pp
1405The options are the same as for the
1406.Cm create-bridge
1407subcommand.
1408.It Xo
1409.Nm Cm remove-bridge
1410.Op Fl R Ar root-dir
1411.Fl l Ar link
1412.Oo Fl l Ar link Oc Ns ...
1413.Ar bridge-name
1414.Xc
1415.Pp
1416Remove one or more links from a bridge instance.
1417If multiple links are specified, and removing any one of them would result in
1418an error, the command fails and none are removed.
1419.Pp
1420Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privilege.
1421.Pp
1422The options are the same as for the
1423.Cm create-bridge
1424subcommand.
1425.It Xo
1426.Nm Cm show-bridge
1427.Op Fl flt
1428.Op Fl s Op Fl i Ar interval
1429.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
1430.Ar bridge-name
1431.Xc
1432.Pp
1433Show the running status and configuration of bridges, their attached links,
1434learned forwarding entries, and TRILL nickname databases.
1435When showing overall bridge status and configuration, the bridge name can be
1436omitted to show all bridges.
1437The other forms require a specified bridge.
1438.Pp
1439The show-bridge subcommand accepts the following options:
1440.Bl -tag -width 4n
1441.It Fl i Ar interval , Fl \&-interval Ns Cm \&= Ns Ar interval
1442Used with the
1443.Fl s
1444option to specify an interval, in seconds, at which statistics should be
1445displayed.
1446If this option is not specified, statistics will be displayed only once.
1447.It Fl s , \&-statistics
1448Display statistics for the specified bridges or for a given bridge's attached
1449links.
1450This option cannot be used with the
1451.Fl f
1452and
1453.Fl t
1454options.
1455.It Fl p , \&-parsable
1456Display using a stable machine-parsable format.
1457See
1458.Sx Parsable Output Format ,
1459below.
1460.It Xo
1461.Fl o Ar field Ns Oo ,... Oc ,
1462.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
1463.Xc
1464A case-insensitive, comma-separated list of output fields to display.
1465The field names are described below.
1466The special value
1467.Cm all
1468displays all fields.
1469Each set of fields has its own default set to display when
1470.Fl o
1471is not specified.
1472.El
1473.Pp
1474By default, the
1475.Cm show-bridge
1476subcommand shows bridge configuration.
1477The following fields can be shown:
1478.Bl -tag -width BHELLOTIME
1479.It Sy BRIDGE
1480The name of the bridge.
1481.It Sy ADDRESS
1482The Bridge Unique Identifier value
1483.Pq MAC address .
1484.It Sy PRIORITY
1485Configured priority value; set by
1486.Fl p
1487with
1488.Cm create-bridge
1489and
1490.Cm modify-bridge .
1491.It Sy BMAXAGE
1492Configured bridge maximum age; set by
1493.Fl m
1494with
1495.Cm create-bridge
1496and
1497.Cm modify-bridge .
1498.It Sy BHELLOTIME
1499Configured bridge hello time; set by
1500.Fl h
1501with
1502.Cm create-bridge
1503and
1504.Cm modify-bridge .
1505.It Sy BFWDDELAY
1506Configured forwarding delay; set by
1507.Fl d
1508with
1509.Cm create-bridge
1510and
1511.Cm modify-bridge .
1512.It Sy FORCEPROTO
1513Configured forced maximum protocol; set by
1514.Fl f
1515with
1516.Cm create-bridge
1517and
1518.Cm modify-bridge .
1519.It Sy TCTIME
1520Time, in seconds, since last topology change.
1521.It Sy TCCOUNT
1522Count of the number of topology changes.
1523.It Sy TCHANGE
1524This indicates that a topology change was detected.
1525.It Sy DESROOT
1526Bridge Identifier of the root node.
1527.It Sy ROOTCOST
1528Cost of the path to the root node.
1529.It Sy ROOTPORT
1530Port number used to reach the root node.
1531.It Sy MAXAGE
1532Maximum age value from the root node.
1533.It Sy HELLOTIME
1534Hello time value from the root node.
1535.It Sy FWDDELAY
1536Forward delay value from the root node.
1537.It Sy HOLDTIME
1538Minimum BPDU interval.
1539.El
1540.Pp
1541By default, when the
1542.Fl o
1543option is not specified, only the
1544.Sy BRIDGE ,
1545.Sy ADDRESS ,
1546.Sy PRIORITY ,
1547and
1548.Sy DESROOT
1549fields are shown.
1550.Pp
1551When the
1552.Fl s
1553option is specified, the
1554.Cm show-bridge
1555subcommand shows bridge statistics.
1556The following fields can be shown:
1557.Bl -tag -width BHELLOTIME
1558.It Sy BRIDGE
1559Bridge name.
1560.It Sy DROPS
1561Number of packets dropped due to resource problems.
1562.It Sy FORWARDS
1563Number of packets forwarded from one link to another.
1564.It Sy MBCAST
1565Number of multicast and broadcast packets handled by the bridge.
1566.It Sy RECV
1567Number of packets received on all attached links.
1568.It Sy SENT
1569Number of packets sent on all attached links.
1570.It Sy UNKNOWN
1571Number of packets handled that have an unknown destination.
1572Such packets are sent to all links.
1573.El
1574.Pp
1575By default, when the
1576.Fl o
1577option is not specified, only the
1578.Sy BRIDGE ,
1579.Sy DROPS ,
1580and
1581.Sy FORWARDS
1582fields are shown.
1583.Pp
1584The
1585.Cm show-bridge
1586subcommand also accepts the following options:
1587.Bl -tag -width 4n
1588.It Fl l , \&-link
1589Displays link-related status and statistics information for all links attached
1590to a single bridge instance.
1591By using this option and without the
1592.Fl s
1593option, the following fields can be displayed for each link:
1594.Bl -tag -width DESBRIDGE
1595.It Sy LINK
1596The link name.
1597.It Sy INDEX
1598Port
1599.Pq link
1600index number on the bridge.
1601.It Sy STATE
1602State of the link.
1603The state can be
1604.Sq disabled ,
1605.Sq discarding ,
1606.Sq learning ,
1607.Sq forwarding ,
1608.Sq non-stp ,
1609or
1610.Sq bad-mtu .
1611.It Sy UPTIME
1612Number of seconds since the last reset or initialization.
1613.It Sy OPERCOST
1614Actual cost in use
1615.Pq 1-65535 .
1616.It Sy OPERP2P
1617This indicates whether point-to-point
1618.Pq P2P
1619mode been detected.
1620.It Sy OPEREDGE
1621This indicates whether edge mode has been detected.
1622.It Sy DESROOT
1623The Root Bridge Identifier that has been seen on this port.
1624.It Sy DESCOST
1625Path cost to the network root node through the designated port.
1626.It Sy DESBRIDGE
1627Bridge Identifier for this port.
1628.It Sy DESPORT
1629The ID and priority of the port used to transmit configuration messages for
1630this port.
1631.It Sy TCACK
1632This indicates whether Topology Change Acknowledge has been seen.
1633.El
1634.Pp
1635When the
1636.Fl l
1637option is specified without the
1638.Fl o
1639option, only the
1640.Sy LINK ,
1641.Sy STATE ,
1642.Sy UPTIME ,
1643and
1644.Sy DESROOT
1645fields are shown.
1646.Pp
1647When the
1648.Fl l
1649option is specified, the
1650.Fl s
1651option can be used to display the following fields for each link:
1652.Bl -tag -width DESBRIDGE
1653.It Sy LINK
1654Link name.
1655.It Sy CFGBPDU
1656Number of configuration BPDUs received.
1657.It Sy TCNBPDU
1658Number of topology change BPDUs received.
1659.It Sy RSTPBPDU
1660Number of Rapid Spanning Tree BPDUs received.
1661.It Sy TXBPDU
1662Number of BPDUs transmitted.
1663.It Sy DROPS
1664Number of packets dropped due to resource problems.
1665.It Sy RECV
1666Number of packets received by the bridge.
1667.It Sy XMIT
1668Number of packets sent by the bridge.
1669.El
1670.Pp
1671When the
1672.Fl o
1673option is not specified, only the
1674.Sy LINK ,
1675.Sy DROPS ,
1676.Sy RECV ,
1677and
1678.Sy XMIT
1679fields are shown.
1680.It Fl f , \&-forwarding
1681Displays forwarding entries for a single bridge instance.
1682With this option, the following fields can be shown for each forwarding entry:
1683.Bl -tag -width NEXTHOP
1684.It Sy DEST
1685Destination MAC address.
1686.It Sy AGE
1687Age of entry in seconds and milliseconds.
1688Omitted for local entries.
1689.It Sy FLAGS
1690The
1691.Sy L
1692.Pq local
1693flag is shown if the MAC address belongs to an attached link or to a VNIC on
1694one of the attached links.
1695.It Sy OUTPUT
1696For local entries, this is the name of the attached link that has the MAC
1697address.
1698Otherwise, for bridges that use Spanning Tree Protocol, this is the output
1699interface name.
1700For RBridges, this is the output TRILL nickname.
1701.El
1702.Pp
1703When the
1704.Fl o
1705option is not specified, the
1706.Sy DEST ,
1707.Sy AGE ,
1708.Sy FLAGS ,
1709and
1710.Sy OUTPUT
1711fields are shown.
1712.It Fl t , \&-trill
1713Displays TRILL nickname entries for a single bridge instance.
1714With this option, the following fields can be shown for each TRILL nickname
1715entry:
1716.Bl -tag -width NEXTHOP
1717.It Sy NICK
1718TRILL nickname for this RBridge, which is a number from 1 to 65535.
1719.It Sy FLAGS
1720The
1721.Sy L
1722flag is shown if the nickname identifies the local system.
1723.It Sy LINK
1724Link name for output when sending messages to this RBridge.
1725.It Sy NEXTHOP
1726MAC address of the next hop RBridge that is used to reach the RBridge with this
1727nickname.
1728.El
1729.Pp
1730When the
1731.Fl o
1732option is not specified, the
1733.Sy NICK ,
1734.Sy FLAGS ,
1735.Sy LINK ,
1736and
1737.Sy NEXTHOP
1738fields are shown.
1739.El
1740.It Xo
1741.Nm Cm create-vlan
1742.Op Fl ft
1743.Op Fl R Ar root-dir
1744.Fl l Ar ether-link
1745.Fl v Ar vid
1746.Op Ar vlan-link
1747.Xc
1748.Pp
1749Create a tagged VLAN link with an ID of
1750.Ar vid
1751over Ethernet link
1752.Ar ether-link .
1753The name of the VLAN link can be specified as
1754.Ar vlan Ns No \&- Ar link .
1755If the name is not specified, a name will be automatically generated
1756.Po assuming that
1757.Ar ether-link
1758is
1759.Em namePPA
1760.Pc
1761as:
1762.Pp
1763.D1 Cm < Ns Ar name Ns Cm >< Ns No 1000 Cm \&* Ar vid Cm \&+ Em PPA Ns Cm >
1764.Pp
1765For example, if
1766.Ar ether-link
1767is
1768.Em bge1
1769and
1770.Ar vid
1771is 2, the name generated is
1772.Em bge2001 .
1773.Bl -tag -width 4n
1774.It Fl f , \&-force
1775Force the creation of the VLAN link.
1776Some devices do not allow frame sizes large enough to include a VLAN header.
1777When creating a VLAN link over such a device, the
1778.Fl f
1779option is needed, and the MTU of the IP interfaces on the resulting VLAN must
1780be set to 1496 instead of 1500.
1781.It Fl l Ar ether-link
1782Specifies Ethernet link over which VLAN is created.
1783.It Fl t , \&-temporary
1784Specifies that the VLAN link is temporary.
1785Temporary VLAN links last until the next reboot.
1786.It Xo
1787.Fl R Ar root-dir ,
1788.Fl \&-root-dir Ns Cm = Ns Ar root-dir
1789.Xc
1790See
1791.Sx Options ,
1792above.
1793.El
1794.It Xo
1795.Nm Cm delete-vlan
1796.Op Fl t
1797.Op Fl R Ar root-dir
1798.Ar vlan-link
1799.Xc
1800.Pp
1801Delete the VLAN link specified.
1802.Pp
1803The
1804.Cm delete-vlan
1805subcommand accepts the following options:
1806.Bl -tag -width 4n
1807.It Fl t , \&-temporary
1808Specifies that the deletion is temporary.
1809Temporary deletions last until the next reboot.
1810.It Xo
1811.Fl R Ar root-dir ,
1812.Fl \&-root-dir Ns Cm = Ns Ar root-dir
1813.Xc
1814See
1815.Sx Options ,
1816above.
1817.El
1818.It Xo
1819.Nm Cm show-vlan
1820.Op Fl P
1821.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
1822.Op Ar vlan-link
1823.Xc
1824.Pp
1825Display VLAN configuration for all VLAN links or for the specified VLAN link.
1826.Pp
1827The
1828.Cm show-vlan
1829subcommand accepts the following options:
1830.Bl -tag -width 4n
1831.It Xo
1832.Fl o Ar field Ns Oo ,... Oc ,
1833.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
1834.Xc
1835A case-insensitive, comma-separated list of output fields to display.
1836The field name must be one of the fields listed below, or the special value
1837.Cm all ,
1838to display all fields.
1839For each VLAN link, the following fields can be displayed:
1840.Bl -tag -width FLAGS
1841.It Sy LINK
1842The name of the VLAN link.
1843.It Sy VID
1844The ID associated with the VLAN.
1845.It Sy OVER
1846The name of the physical link over which this VLAN is configured.
1847.It Sy FLAGS
1848A set of flags associated with the VLAN link.
1849Possible flags are:
1850.Bl -tag -width 4n
1851.It Fl f
1852The VLAN was created using the
1853.Fl f
1854option to
1855.Cm create-vlan .
1856.It Fl i
1857The VLAN was implicitly created when the DLPI link was opened.
1858These VLAN links are automatically deleted on last close of the DLPI link
1859.Po
1860for example, when the IP interface associated with the VLAN link is unplumbed
1861.Pc .
1862.El
1863.Pp
1864Additional flags may be defined in the future.
1865.El
1866.It Fl p , \&-parsable
1867Display using a stable machine-parsable format.
1868The
1869.Fl o
1870option is
1871required with
1872.Fl p .
1873See
1874.Sx Parsable Output Format ,
1875below.
1876.It Fl P , \&-persistent
1877Display the persistent VLAN configuration rather than the state of the running
1878system.
1879.El
1880.It Xo
1881.Nm Cm scan-wifi
1882.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
1883.Op Ar wifi-link
1884.Xc
1885.Pp
1886Scans for WiFi networks, either on all WiFi links, or just on the
1887specified
1888.Ar wifi-link .
1889.Pp
1890By default, currently all fields but
1891.Sy BSSTYPE
1892are displayed.
1893.Bl -tag -width 4n
1894.It Xo
1895.Fl o Ar field Ns Oo ,... Oc ,
1896.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
1897.Xc
1898A case-insensitive, comma-separated list of output fields to display.
1899The field name must be one of the fields listed below, or the special value
1900.Cm all
1901to display all fields.
1902For each WiFi network found, the following fields can be displayed:
1903.Bl -tag -width STRENGTH
1904.It Sy LINK
1905The name of the link the WiFi network is on.
1906.It Sy ESSID
1907The ESSID
1908.Pq name
1909of the WiFi network.
1910.It Sy BSSID
1911Either the hardware address of the WiFi network's Access Point
1912.Pq for BSS networks ,
1913or the WiFi network's randomly generated unique token
1914.Pq for IBSS networks .
1915.It Sy SEC
1916Either
1917.Sq none
1918for a WiFi network that uses no security,
1919.Sq wep
1920for a WiFi network that requires WEP
1921.Pq Wired Equivalent Privacy ,
1922or
1923.Sq wpa
1924for a WiFi network that requires WPA
1925.Pq Wi-Fi Protected Access .
1926.It Sy MODE
1927The supported connection modes: one or more of
1928.Sq a ,
1929.Sq b ,
1930or
1931.Sq g .
1932.It Sy STRENGTH
1933The strength of the signal: one of
1934.Sq excellent ,
1935.Sq very good ,
1936.Sq good ,
1937.Sq weak ,
1938or
1939.Sq very weak .
1940.It Sy SPEED
1941The maximum speed of the WiFi network, in megabits per second.
1942.It Sy BSSTYPE
1943Either
1944.Sq bss
1945for
1946.Sq BSS
1947.Pq infrastructure
1948networks, or
1949.Sq ibss
1950for
1951.Sq IBSS
1952.Pq ad-hoc
1953networks.
1954.El
1955.It Fl p , \&-parsable
1956Display using a stable machine-parsable format.
1957The
1958.Fl o
1959option is
1960required with
1961.Fl p .
1962See
1963.Sx Parsable Output Format ,
1964below.
1965.El
1966.It Xo
1967.Nm Cm connect-wifi
1968.Op Fl e Ar essid
1969.Op Fl i Ar bssid
1970.Op Fl k Ar key Ns ,...
1971.Sm off
1972.Oo Fl s\~ Cm none | wep | wpa Oc \ \&
1973.Oo Fl a\~ Cm open | shared Oc \ \&
1974.Oo Fl b\~ Cm bss | ibss Oc
1975.Sm on
1976.Op Fl c
1977.Sm off
1978.Oo Fl m\~ Cm a | b | g Oc \ \&
1979.Sm on
1980.Op Fl T Ar time
1981.Op Ar wifi-link
1982.Xc
1983.Pp
1984Connects to a WiFi network.
1985This consists of four steps:
1986.Em discovery ,
1987.Em filtration ,
1988.Em prioritization ,
1989and
1990.Em association .
1991However, to enable connections to non-broadcast WiFi networks and to improve
1992performance, if a BSSID or ESSID is specified using the
1993.Fl e
1994or
1995.Fl i
1996options, then the first three steps are skipped and
1997.Cm connect-wifi
1998immediately attempts to associate with a BSSID or ESSID that matches the rest
1999of the provided parameters.
2000If this association fails, but there is a possibility that other networks
2001matching the specified criteria exist, then the traditional discovery process
2002begins as specified below.
2003.Pp
2004The discovery step finds all available WiFi networks on the specified WiFi
2005link, which must not yet be connected.
2006For administrative convenience, if there is only one WiFi link on the system,
2007.Ar wifi-link
2008can be omitted.
2009.Pp
2010Once discovery is complete, the list of networks is filtered according to the
2011value of the following options:
2012.Bl -tag -width 4n
2013.It Fl e Ar essid , Fl \&-essid Ns Cm \&= Ns Ar essid
2014Networks that do not have the same
2015.Ar essid
2016are filtered out.
2017.It Xo
2018.Sm off
2019.Fl b\~ Cm bss | ibss No ,\~
2020.Fl \&-bsstype Cm = Cm bss | ibss
2021.Sm on
2022.Xc
2023Networks that do not have the same bsstype are filtered out.
2024.It Xo
2025.Sm off
2026.Fl m\~ Cm a | b | g No ,\~
2027.Fl \&-mode Cm = Cm a | b | g
2028.Sm on
2029.Xc
2030Networks not appropriate for the specified 802.11 mode are filtered out.
2031.It Xo
2032.Sm off
2033.Fl k\~ Ar key Oo ,... Oc No ,\~
2034.Fl \&-key Cm = Ar key Op ,...
2035.Sm on
2036.Xc
2037Use the specified secobj named by the key to connect to the network.
2038Networks not appropriate for the specified keys are filtered out.
2039.It Xo
2040.Sm off
2041.Fl s\~ Cm none | wep | wpa No ,\~
2042.Fl \&-sec Cm = Cm none | wep | wpa
2043.Sm on
2044.Xc
2045Networks not appropriate for the specified security mode are filtered out.
2046.El
2047.Pp
2048Next, the remaining networks are prioritized, first by signal strength, and
2049then by maximum speed.
2050Finally, an attempt is made to associate with each network in the list, in
2051order, until one succeeds or no networks remain.
2052.Pp
2053In addition to the options described above, the following options also control
2054the behavior of
2055.Cm connect-wifi :
2056.Bl -tag -width 4n
2057.It Xo
2058.Sm off
2059.Fl a\~ Cm open | shared No ,\~
2060.Fl \&-auth Cm = Cm open | shared
2061.Sm on
2062.Xc
2063Connect using the specified authentication mode.
2064By default,
2065.Cm open
2066and
2067.Cm shared
2068are tried in order.
2069.It Fl c , \&-create-ibss
2070Used with
2071.Fl b Cm ibss
2072to create a new ad-hoc network if one matching the specified ESSID cannot be
2073found.
2074If no ESSID is specified, then
2075.Fl c Fl b Cm ibss
2076always triggers the creation of a new ad-hoc network.
2077.It Fl T Ar time , Fl \&-timeout Ns Cm \&= Ns Ar time
2078Specifies the number of seconds to wait for association to succeed.
2079If
2080.Ar time
2081is
2082.Cm forever ,
2083then the associate will wait indefinitely.
2084The current default is ten seconds, but this might change in the future.
2085Timeouts shorter than the default might not succeed reliably.
2086.It Xo
2087.Sm off
2088.Fl k\~ Ar key Oo ,... Oc No ,\~
2089.Fl \&-key Cm = Ar key Op ,...
2090.Sm on
2091.Xc
2092In addition to the filtering previously described, the specified keys will be
2093used to secure the association.
2094The security mode to use will be based on the key class; if a security mode was
2095explicitly specified, it must be compatible with the key class.
2096All keys must be of the same class.
2097.Pp
2098For security modes that support multiple key slots, the slot to place the key
2099will be specified by a colon followed by an index.
2100Therefore,
2101.Fl k Ar mykey:3
2102places
2103.Em mykey
2104in slot 3.
2105By default, slot 1 is assumed.
2106For security modes that support multiple keys, a comma-separated list can be
2107specified, with the first key being the active key.
2108.El
2109.It Xo
2110.Nm Cm disconnect-wifi
2111.Op Fl a
2112.Op Ar wifi-link
2113.Xc
2114.Pp
2115Disconnect from one or more WiFi networks.
2116If
2117.Ar wifi-link
2118specifies a connected WiFi link, then it is disconnected.
2119For administrative convenience, if only one WiFi link is connected,
2120.Ar wifi-link
2121can be omitted.
2122.Bl -tag -width 4n
2123.It Fl a , \&-all-links
2124Disconnects from all connected links.
2125This is primarily intended for use by scripts.
2126.El
2127.It Xo
2128.Nm Cm show-wifi
2129.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
2130.Op Ar wifi-link
2131.Xc
2132.Pp
2133Shows WiFi configuration information either for all WiFi links or for the
2134specified
2135.Ar wifi-link .
2136.Bl -tag -width 4n
2137.It Xo
2138.Fl o Ar field Ns Oo ,... Oc ,
2139.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
2140.Xc
2141A case-insensitive, comma-separated list of output fields to display.
2142The field name must be one of the fields listed below, or the special value
2143.Cm all ,
2144to display all fields.
2145For each WiFi link, the following fields can be displayed:
2146.Bl -tag -width STRENGTH
2147.It Sy LINK
2148The name of the link being displayed.
2149.It Sy STATUS
2150Either
2151.Sq connected
2152if the link is connected, or
2153.Sq disconnected
2154if it is
2155not connected.
2156If the link is disconnected, all remaining fields have the value
2157.Sq -- .
2158.It Sy ESSID
2159The ESSID
2160.Pq name
2161of the connected WiFi network.
2162.It Sy BSSID
2163Either the hardware address of the WiFi network's Access Point
2164.Pq for BSS networks ,
2165or the WiFi network's randomly generated unique token
2166.Pq for IBSS networks .
2167.It Sy SEC
2168Either
2169.Sq none
2170for a WiFi network that uses no security,
2171.Sq wep
2172for a WiFi network that requires WEP, or
2173.Sq wpa
2174for a WiFi network that requires WPA.
2175.It Sy MODE
2176The supported connection modes: one or more of
2177.Sq a ,
2178.Sq b ,
2179or
2180.Sq g .
2181.It Sy STRENGTH
2182The connection strength: one of
2183.Sq excellent ,
2184.Sq very good ,
2185.Sq good ,
2186.Sq weak ,
2187or
2188.Sq very weak .
2189.It Sy SPEED
2190The connection speed, in megabits per second.
2191.It Sy AUTH
2192Either
2193.Sq open
2194or
2195.Sq shared
2196.Po see
2197.Cm connect-wifi
2198.Pc .
2199.It Sy BSSTYPE
2200Either
2201.Sq bss
2202for
2203.Sq BSS
2204.Pq infrastructure
2205networks, or
2206.Sq ibss
2207for
2208.Sq IBSS
2209.Pq ad-hoc
2210networks.
2211.El
2212.Pp
2213By default, currently all fields but
2214.Sy AUTH ,
2215.Sy BSSID ,
2216and
2217.Sy BSSTYPE
2218are displayed.
2219.It Fl p , \&-parsable
2220Displays using a stable machine-parsable format.
2221The
2222.Fl o
2223option is required with
2224.Fl p .
2225See
2226.Sx Parsable Output Format ,
2227below.
2228.El
2229.It Xo
2230.Nm Cm show-ether
2231.Op Fl x
2232.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
2233.Op Ar ether-link
2234.Xc
2235.Pp
2236Shows state information either for all physical Ethernet links or for a
2237specified physical Ethernet link.
2238.Pp
2239The
2240.Cm show-ether
2241subcommand accepts the following options:
2242.Bl -tag -width 4n
2243.It Xo
2244.Fl o Ar field Ns Oo ,... Oc ,
2245.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
2246.Xc
2247A case-insensitive, comma-separated list of output fields to display.
2248The field name must be one of the fields listed below, or the special value
2249.Cm all
2250to display all fields.
2251For each link, the following fields can be displayed:
2252.Bl -tag -width STATE
2253.It Sy LINK
2254The name of the link being displayed.
2255.It Sy PTYPE
2256Parameter type, where
2257.Sq current
2258indicates the negotiated state of the link,
2259.Sq capable
2260indicates capabilities supported by the device,
2261.Sq adv
2262indicates the advertised capabilities, and
2263.Sq peeradv
2264indicates the capabilities advertised by the link-partner.
2265.It Sy STATE
2266The state of the link.
2267.It Sy AUTO
2268A yes/no value indicating whether auto-negotiation is advertised.
2269.It Sy SPEED-DUPLEX
2270Combinations of speed and duplex values available.
2271The units of speed are encoded with a trailing suffix of
2272.Sq G
2273.Pq Gigabits/s
2274or
2275.Sq M
2276.Pq Mb/s .
2277Duplex values are encoded as
2278.Sq f
2279.Pq full-duplex
2280or
2281.Sq h
2282.Pq half-duplex .
2283.It Sy PAUSE
2284Flow control information.
2285Can be
2286.Sq no ,
2287indicating no flow control is available;
2288.Sq tx ,
2289indicating that the end-point can transmit pause frames, but ignores any
2290received pause frames;
2291.Sq rx ,
2292indicating that the end-point receives and acts upon received pause frames; or
2293.Sq bi ,
2294indicating bi-directional flow-control.
2295.It Sy REM_FAULT
2296Fault detection information.
2297Valid values are
2298.Sq none
2299or
2300.Sq fault .
2301.El
2302.Pp
2303By default, all fields except
2304.Sy REM_FAULT
2305are displayed for the
2306.Dq current
2307.Sy PTYPE .
2308.It Fl p , \&-parsable
2309Displays using a stable machine-parsable format.
2310The
2311.Fl o
2312option is
2313required with
2314.Fl p .
2315See
2316.Sx Parsable Output Format ,
2317below.
2318.It Fl x , \&-extended
2319Extended output is displayed for
2320.Sy PTYPE
2321values of
2322.Sq current ,
2323.Sq capable ,
2324.Sq adv
2325and
2326.Sq peeradv .
2327.El
2328.It Xo
2329.Nm Cm set-linkprop
2330.Op Fl t
2331.Op Fl R Ar root-dir
2332.Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,...
2333.Ar link
2334.Xc
2335.Pp
2336Sets the values of one or more properties on the link specified.
2337The list of properties and their possible values depend on the link type, the
2338network device driver, and networking hardware.
2339These properties can be retrieved using
2340.Cm show-linkprop .
2341.Bl -tag -width 4n
2342.It Fl t , \&-temporary
2343Specifies that the changes are temporary.
2344Temporary changes last until the next reboot.
2345.It Xo
2346.Fl R Ar root-dir ,
2347.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2348.Xc
2349See
2350.Sx Options ,
2351above.
2352.It Xo
2353.Sm off
2354.Fl p\~ Ar prop Cm = Ar value Oo ,... Oc \&,\~
2355.Fl \&-prop\~ Ar prop Cm = Ar value Op ,...
2356.Sm on
2357.Xc
2358A comma-separated list of properties to set to the specified values.
2359.El
2360.Pp
2361Note that when the persistent value is set, the temporary value changes to the
2362same value.
2363.It Xo
2364.Nm Cm reset-linkprop
2365.Op Fl t
2366.Op Fl R Ar root-dir
2367.Op Fl p Ar prop Ns Op ,...
2368.Ar link
2369.Xc
2370.Pp
2371Resets one or more properties to their values on the link specified.
2372Properties are reset to the values they had at startup.
2373If no properties are specified, all properties are reset.
2374See
2375.Cm show-linkprop
2376for a description of properties.
2377.Bl -tag -width 4n
2378.It Fl t , \&-temporary
2379Specifies that the resets are temporary.
2380Values are reset to default values.
2381Temporary resets last until the next reboot.
2382.It Xo
2383.Fl R Ar root-dir ,
2384.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2385.Xc
2386See
2387.Sx Options ,
2388above.
2389.It Xo
2390.Fl p Ar prop Ns Oo ,... Oc ,
2391.Fl \&-prop Ns Cm = Ns Ar prop Ns Op ,...
2392.Xc
2393A comma-separated list of properties to reset.
2394.El
2395.Pp
2396Note that when the persistent value is reset, the temporary value changes to
2397the same value.
2398.It Xo
2399.Nm Cm show-linkprop
2400.Op Fl P
2401.Op Oo Fl c Oc Fl o Ar field Ns Op ,...
2402.Op Fl p Ar prop Ns Op ,...
2403.Op Ar link
2404.Xc
2405.Pp
2406Show the current or persistent values of one or more properties, either for all
2407datalinks or for the specified link.
2408By default, current values are shown.
2409If no properties are specified, all available link properties are displayed.
2410For each property, the following fields are displayed:
2411.Bl -tag -width 4n
2412.It Xo
2413.Fl o Ar field Ns Oo ,... Oc ,
2414.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
2415.Xc
2416A case-insensitive, comma-separated list of output fields to display.
2417The field name must be one of the fields listed below, or the special value
2418.Cm all
2419to display all fields.
2420For each link, the following fields can be displayed:
2421.Bl -tag -width POSSIBLE
2422.It Sy LINK
2423The name of the datalink.
2424.It Sy PROPERTY
2425The name of the property.
2426.It Sy PERM
2427The read/write permissions of the property.
2428The value shown is one of
2429.Sq ro
2430or
2431.Sq rw .
2432.It Sy VALUE
2433The current
2434.Pq or persistent
2435property value.
2436If the value is not set, it is shown as
2437.Sq -- .
2438If it is unknown, the value is shown as
2439.Sq ? .
2440Persistent values that are not set or have been reset will be shown as
2441.Sq --
2442and will use the system DEFAULT value
2443.Pq if any .
2444.It Sy DEFAULT
2445The default value of the property.
2446If the property has no default value,
2447.Sq --
2448is shown.
2449.It Sy POSSIBLE
2450A comma-separated list of the values the property can have.
2451If the values span a numeric range,
2452.Sq min-max
2453might be shown as shorthand.
2454If the possible values are unknown or unbounded,
2455.Sq --
2456is shown.
2457.El
2458.Pp
2459The list of properties depends on the link type and network device driver, and
2460the available values for a given property further depends on the underlying
2461network hardware and its state.
2462General link properties are documented in the
2463.Sx LINK PROPERTIES
2464section.
2465However, link properties that begin with underscore
2466.Pq _
2467are specific to a given link or its underlying network device and subject to
2468change or removal.
2469See the appropriate network device driver man page for details.
2470.It Fl c , \&-parsable
2471Display using a stable machine-parsable format.
2472The
2473.Fl o
2474option is required with this option.
2475See
2476.Sx Parsable Output Format ,
2477below.
2478.It Fl P , \&-persistent
2479Display persistent link property information.
2480.It Xo
2481.Fl p Ar prop Ns Oo ,... Oc ,
2482.Fl \&-prop Ns Cm = Ns Ar prop Ns Op ,...
2483.Xc
2484A comma-separated list of properties to show.
2485See the sections on link properties following subcommand descriptions.
2486.El
2487.It Xo
2488.Nm Cm create-secobj
2489.Op Fl t
2490.Op Fl R Ar root-dir
2491.Op Fl f Ar file
2492.Fl c Ar class Ar secobj
2493.Xc
2494.Pp
2495Create a secure object named
2496.Ar secobj
2497in the specified
2498.Ar class
2499to be later used as a WEP or WPA key in connecting to an encrypted network.
2500The value of the secure object can either be provided interactively or read
2501from a file.
2502The sequence of interactive prompts and the file format depends on the class of
2503the secure object.
2504.Pp
2505Currently, the classes
2506.Sq wep
2507and
2508.Sq wpa
2509are supported.
2510The
2511.Sq WEP
2512.Pq Wired Equivalent Privacy
2513key can be either 5 or 13 bytes long.
2514It can be provided either as an ASCII or hexadecimal string \(em thus,
251512345 and 0x3132333435 are equivalent 5-byte keys
2516.Pq the 0x prefix can be omitted .
2517A file containing a
2518.Sq WEP
2519key must consist of a single line using either
2520.Sq WEP
2521key format.
2522The WPA
2523.Pq Wi-Fi Protected Access
2524key must be provided as an ASCII string with a length between 8 and 63 bytes.
2525.Pp
2526This subcommand is only usable by users or roles that belong to the
2527"Network Link Security" RBAC profile.
2528.Bl -tag -width 4n
2529.It Fl c Ar class , Fl \&-class Ns Cm \&= Ns Ar class
2530.Ar class
2531can be
2532.Sq wep
2533or
2534.Sq wpa .
2535See preceding discussion.
2536.It Fl t , \&-temporary
2537Specifies that the creation is temporary.
2538Temporary creation lasts until the next reboot.
2539.It Xo
2540.Fl R Ar root-dir ,
2541.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2542.Xc
2543See
2544.Sx Options ,
2545above.
2546.It Fl f Ar file , Fl \&-file Ns Cm \&= Ns Ar file
2547Specifies a file that should be used to obtain the secure object's value.
2548The format of this file depends on the secure object class.
2549See the
2550.Sx EXAMPLES
2551section for an example of using this option to set a WEP key.
2552.El
2553.It Xo
2554.Nm Cm delete-secobj
2555.Op Fl t
2556.Op Fl R Ar root-dir
2557.Ar secobj Ns Op ,...
2558.Xc
2559.Pp
2560Delete one or more specified secure objects.
2561This subcommand is only usable by users or roles that belong to the
2562"Network Link Security" RBAC profile.
2563.Bl -tag -width 4n
2564.It Fl t , \&-temporary
2565Specifies that the deletions are temporary.
2566Temporary deletions last until the next reboot.
2567.It Xo
2568.Fl R Ar root-dir ,
2569.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2570.Xc
2571See
2572.Sx Options ,
2573above.
2574.El
2575.It Xo
2576.Nm Cm show-secobj
2577.Op Fl P
2578.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
2579.Op Ar secobj Ns Op ,...
2580.Xc
2581.Pp
2582Show current or persistent secure object information.
2583If one or more secure objects are specified, then information for each is
2584displayed.
2585Otherwise, all current or persistent secure objects are displayed.
2586.Pp
2587By default, current secure objects are displayed, which are all secure objects
2588that have either been persistently created and not temporarily deleted, or
2589temporarily created.
2590.Pp
2591For security reasons, it is not possible to show the value of a secure object.
2592.Bl -tag -width 4n
2593.It Xo
2594.Fl o Ar field Ns Oo ,... Oc ,
2595.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
2596.Xc
2597A case-insensitive, comma-separated list of output fields to display.
2598The field name must be one of the fields listed below.
2599For displayed secure object, the following fields can be shown:
2600.Bl -tag -width OBJECT
2601.It Sy OBJECT
2602The name of the secure object.
2603.It Sy CLASS
2604The class of the secure object.
2605.El
2606.It Fl p , \&-parsable
2607Display using a stable machine-parsable format.
2608The
2609.Fl o
2610option is required with
2611.Fl p .
2612See
2613.Sx Parsable Output Format ,
2614below.
2615.It Fl P , \&-persistent
2616Display persistent secure object information
2617.El
2618.It Xo
2619.Nm Cm create-vnic
2620.Op Fl t
2621.Op Fl R Ar root-dir
2622.Fl l Ar link
2623.Oo
2624.Fl m
2625.Ar value |
2626.Cm auto |
2627.Cm factory Fl n Ar slot-identifier |
2628.Cm random Op Fl r Ar prefix
2629.Oc
2630.Op Fl v Ar vlan-id
2631.Op Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,...
2632.Ar vnic-link
2633.Xc
2634.Pp
2635Create a VNIC with name
2636.Ar vnic-link
2637over the specified link.
2638.Bl -tag -width 4n
2639.It Fl t , \&-temporary
2640Specifies that the VNIC is temporary.
2641Temporary VNICs last until the next reboot.
2642.It Xo
2643.Fl R Ar root-dir ,
2644.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2645.Xc
2646See
2647.Sx Options ,
2648above.
2649.It Fl l Ar link , Fl \&-link Ns Cm \&= Ns Ar link
2650.Ar link
2651can be a physical link, an etherstub or an overlay.
2652.It Xo
2653.Sm off
2654.Fl m\~ Ar value | keyword No \&,\~ Fl \&-mac-address Cm = Ar value | Ar keyword
2655.Sm on
2656.Xc
2657Sets the VNIC's MAC address based on the specified value or keyword.
2658If
2659.Ar value
2660is not a keyword, it is interpreted as a unicast MAC address, which must be
2661valid for the underlying NIC.
2662The following special keywords can be used:
2663.Pp
2664.Bl -tag -width 4n -compact
2665.It Cm factory Op Fl n Ar slot-identifier
2666.It Cm factory Op Fl \&-slot Ns Cm = Ns Ar slot-identifier
2667Assign a factory MAC address to the VNIC.
2668When a factory MAC address is requested,
2669.Fl m
2670can be combined with the
2671.Fl n
2672option to specify a MAC address slot to be used.
2673If
2674.Fl n
2675is not specified, the system will choose the next available factory MAC
2676address.
2677The
2678.Fl m
2679option of the
2680.Cm show-phys
2681subcommand can be used to display the list of factory MAC addresses, their slot
2682identifiers, and their availability.
2683.It Cm random Op Fl r Ar prefix
2684.It Cm random Op Fl \&-mac-prefix Ns Cm = Ns Ar prefix
2685Assign a random MAC address to the VNIC.
2686A default prefix consisting of a valid IEEE OUI with the local bit set will be
2687used.
2688That prefix can be overridden with the
2689.Fl r
2690option.
2691.It Cm auto
2692Try and use a factory MAC address first.
2693If none is available, assign a random MAC address.
2694.Cm auto
2695is the default action if the
2696.Fl m
2697option is not specified.
2698.It Fl v Ar vlan-id
2699Enable VLAN tagging for this VNIC.
2700The VLAN tag will have id
2701.Ar vlan-id .
2702.El
2703.It Xo
2704.Fl p Ar prop Ns Oo ,... Oc ,
2705.Fl \&-prop Ns Cm = Ns Ar prop Ns Op ,...
2706.Xc
2707A comma-separated list of properties to set to the specified values.
2708.El
2709.It Xo
2710.Nm Cm delete-vnic
2711.Op Fl t
2712.Op Fl R Ar root-dir
2713.Ar vnic-link
2714.Xc
2715.Pp
2716Deletes the specified VNIC.
2717.Bl -tag -width 4n
2718.It Fl t , \&-temporary
2719Specifies that the deletion is temporary.
2720Temporary deletions last until the next reboot.
2721.It Xo
2722.Fl R Ar root-dir ,
2723.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2724.Xc
2725See
2726.Sx Options ,
2727above.
2728.El
2729.It Xo
2730.Nm Cm show-vnic
2731.Op Fl P
2732.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
2733.Op Fl s Op Fl i Ar interval
2734.Op Fl l Ar link
2735.Op Ar vnic-link
2736.Xc
2737.Pp
2738Show VNIC configuration information
2739.Pq the default
2740or statistics, for all VNICs, all VNICs on a link, or only the specified
2741.Ar vnic-link .
2742.Bl -tag -width 4n
2743.It Xo
2744.Fl o Ar field Ns Oo ,... Oc ,
2745.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
2746.Xc
2747A case-insensitive, comma-separated list of output fields to display.
2748The field name must be one of the fields listed below.
2749The field name must be one of the fields listed below, or the special value
2750.Cm all
2751to display all fields.
2752By default
2753.Po without
2754.Fl o
2755.Pc ,
2756.Cm show-vnic
2757displays all fields.
2758.Bl -tag -width MACADDRTYPE
2759.It Sy LINK
2760The name of the VNIC.
2761.It Sy OVER
2762The name of the physical link over which this VNIC is configured.
2763.It Sy SPEED
2764The maximum speed of the VNIC, in megabits per second.
2765.It Sy MACADDRESS
2766MAC address of the VNIC.
2767.It Sy MACADDRTYPE
2768MAC address type of the VNIC.
2769.Nm
2770distinguishes among the following MAC address types:
2771.Bl -tag -width factory
2772.It Sy random
2773A random address assigned to the VNIC.
2774.It Sy factory
2775A factory MAC address used by the VNIC.
2776.El
2777.It Sy VID
2778The VLAN ID for the VNIC.
2779.It Sy ZONE
2780The zone to which the VNIC is currently assigned.
2781.El
2782.It Fl p , \&-parsable
2783Display using a stable machine-parsable format.
2784The
2785.Fl o
2786option is required with
2787.Fl p .
2788See
2789.Sx Parsable Output Format ,
2790below.
2791.It Fl P , \&-persistent
2792Display the persistent VNIC configuration.
2793.It Fl s , \&-statistics
2794Displays VNIC statistics.
2795.It Fl i Ar interval , Fl \&-interval Ns Cm \&= Ns Ar interval
2796Used with the
2797.Fl s
2798option to specify an interval, in seconds, at which statistics should be
2799displayed.
2800If this option is not specified, statistics will be displayed only once.
2801.It Fl l Ar link , Fl \&-link Ns Cm \&= Ns Ar link
2802Display information for all VNICs on the named link.
2803.El
2804.It Xo
2805.Nm Cm create-etherstub
2806.Op Fl t
2807.Op Fl R Ar root-dir
2808.Ar etherstub
2809.Xc
2810.Pp
2811Create an etherstub with the specified name.
2812.Bl -tag -width 4n
2813.It Fl t , \&-temporary
2814Specifies that the etherstub is temporary.
2815Temporary etherstubs do not persist across reboots.
2816.It Xo
2817.Fl R Ar root-dir ,
2818.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2819.Xc
2820See
2821.Sx Options ,
2822above.
2823.El
2824.Pp
2825VNICs can be created on top of etherstubs instead of physical NICs.
2826As with physical NICs, such a creation causes the stack to implicitly create a
2827virtual switch between the VNICs created on top of the same etherstub.
2828.It Xo
2829.Nm Cm delete-etherstub
2830.Op Fl t
2831.Op Fl R Ar root-dir
2832.Ar etherstub
2833.Xc
2834.Pp
2835Delete the specified etherstub.
2836.Bl -tag -width 4n
2837.It Fl t , \&-temporary
2838Specifies that the deletion is temporary.
2839Temporary deletions last until the next reboot.
2840.It Xo
2841.Fl R Ar root-dir ,
2842.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2843.Xc
2844See
2845.Sx Options ,
2846above.
2847.El
2848.It Xo
2849.Nm Cm show-etherstub
2850.Op Ar etherstub
2851.Xc
2852.Pp
2853Show all configured etherstubs by default, or the specified etherstub if
2854.Ar etherstub
2855is specified.
2856.It Xo
2857.Nm Cm create-iptun
2858.Op Fl t
2859.Op Fl R Ar root-dir
2860.Fl T Ar type
2861.Sm off
2862.Oo Fl a\~
2863.Brq Cm local | remote
2864.Cm = Ar addr Op ,...
2865.Oc
2866.Sm on
2867.Ar iptun-link
2868.Xc
2869.Pp
2870Create an IP tunnel link named
2871.Ar iptun-link .
2872Such links can additionally be protected with IPsec using
2873.Xr ipsecconf 8 .
2874.Pp
2875An IP tunnel is conceptually comprised of two parts: a virtual link between two
2876or more IP nodes, and an IP interface above this link that allows the system to
2877transmit and receive IP packets encapsulated by the underlying link.
2878This subcommand creates a virtual link.
2879The
2880.Xr ifconfig 8
2881command is used to configure IP interfaces above the link.
2882.Bl -tag -width 4n
2883.It Fl t , \&-temporary
2884Specifies that the IP tunnel link is temporary.
2885Temporary tunnels last until the next reboot.
2886.It Xo
2887.Fl R Ar root-dir ,
2888.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2889.Xc
2890See
2891.Sx Options ,
2892above.
2893.It Fl T Ar type , Fl \&-tunnel-type Ns Cm \&= Ns Ar type
2894Specifies the type of tunnel to be created.
2895The type must be one of the following:
2896.Bl -tag -width 4n
2897.It Sy ipv4
2898A point-to-point, IP-over-IP tunnel between two IPv4 nodes.
2899This type of tunnel requires IPv4 source and destination addresses to function.
2900IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create
2901IPv4-over-IPv4 and IPv6-over-IPv4 tunneling configurations.
2902.It Sy ipv6
2903A point-to-point, IP-over-IP tunnel between two IPv6 nodes as defined in IETF
2904RFC 2473.
2905This type of tunnel requires IPv6 source and destination addresses to function.
2906IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create
2907IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configurations.
2908.It Sy 6to4
2909A 6to4, point-to-multipoint tunnel as defined in IETF RFC 3056.
2910This type of tunnel requires an IPv4 source address to function.
2911An IPv6 interface is plumbed on such a tunnel link to configure a 6to4 router.
2912.El
2913.It Fl a Cm local= Ns Ar addr
2914Literal IP address or hostname corresponding to the tunnel source.
2915If a hostname is specified, it will be resolved to IP addresses, and one of
2916those IP addresses will be used as the tunnel source.
2917As IP tunnels are created before naming services have been brought online
2918during the boot process, it is important that any hostname used be included in
2919.Pa /etc/inet/hosts .
2920.Fl a Cm remote= Ns Ar addr
2921Literal IP address or hostname corresponding to the tunnel destination.
2922.El
2923.It Xo
2924.Nm Cm modify-iptun
2925.Op Fl t
2926.Op Fl R Ar root-dir
2927.Sm off
2928.Oo Fl a\~
2929.Brq Cm local | remote
2930.Cm = Ar addr Op ,...
2931.Oc
2932.Sm on
2933.Ar iptun-link
2934.Xc
2935.Pp
2936Modify the parameters of the specified IP tunnel.
2937.Bl -tag -width 4n
2938.It Fl t , \&-temporary
2939Specifies that the modification is temporary.
2940Temporary modifications last until the next reboot.
2941.It Xo
2942.Fl R Ar root-dir ,
2943.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2944.Xc
2945See
2946.Sx Options ,
2947above.
2948.It Fl a Cm local= Ns Ar addr
2949Specifies a new tunnel source address.
2950See
2951.Cm create-iptun
2952for a description.
2953.It Fl a Cm remote= Ns Ar addr
2954Specifies a new tunnel destination address.
2955See
2956.Cm create-iptun
2957for a description.
2958.El
2959.It Xo
2960.Cm delete-iptun
2961.Op Fl t
2962.Op Fl R Ar root-dir
2963.Ar iptun-link
2964.Xc
2965.Pp
2966Delete the specified IP tunnel link.
2967.Bl -tag -width 4n
2968.It Fl t , \&-temporary
2969Specifies that the deletion is temporary.
2970Temporary deletions last until the next reboot.
2971.It Xo
2972.Fl R Ar root-dir ,
2973.Fl \&-root-dir Ns Cm = Ns Ar root-dir
2974.Xc
2975See
2976.Sx Options ,
2977above.
2978.El
2979.It Xo
2980.Nm Cm show-iptun
2981.Op Fl P
2982.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
2983.Op Ar iptun-link
2984.Xc
2985.Pp
2986Show IP tunnel link configuration for a single IP tunnel or all IP tunnels.
2987.Bl -tag -width 4n
2988.It Fl P , \&-persistent
2989Display the persistent IP tunnel configuration.
2990.It Fl p , \&-parsable
2991Display using a stable machine-parsable format.
2992The
2993.Fl o
2994option is required with
2995.Fl p .
2996See
2997.Sx Parsable Output Format ,
2998below.
2999.It Xo
3000.Fl o Ar field Ns Oo ,... Oc ,
3001.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
3002.Xc
3003A case-insensitive, comma-separated list of output fields to display.
3004The field name must be one of the fields listed below, or the special value
3005.Cm all ,
3006to display all fields.
3007By default
3008.Po without
3009.Fl o
3010.Pc ,
3011.Cm show-iptun
3012displays all fields.
3013.Bl -tag -width SOURCE
3014.It Sy LINK
3015The name of the IP tunnel link.
3016.It Sy TYPE
3017Type of tunnel as specified by the
3018.Fl T
3019option of
3020.Cm create-iptun .
3021.It Sy FLAGS
3022A set of flags associated with the IP tunnel link.
3023Possible flags are:
3024.Bl -tag -width 4n
3025.It Sy s
3026The IP tunnel link is protected by IPsec policy.
3027To display the IPsec policy associated with the tunnel link, enter:
3028.Pp
3029.D1 ipsecconf -ln -i tunnel-link
3030.Pp
3031See
3032.Xr ipsecconf 8
3033for more details on how to configure IPsec policy.
3034.It Sy i
3035The IP tunnel link was implicitly created with
3036.Xr ifconfig 8 ,
3037and will be automatically deleted when it is no longer referenced
3038.Pq that is, when the last IP interface over the tunnel is unplumbed .
3039See
3040.Xr ifconfig 8
3041for details on implicit tunnel creation.
3042.El
3043.It Sy SOURCE
3044The tunnel source address.
3045.It Sy DESTINATION
3046The tunnel destination address.
3047.El
3048.El
3049.It Xo
3050.Nm Cm create-overlay
3051.Op Fl t
3052.Fl e Ar encap
3053.Fl s Ar search
3054.Fl v Ar vnetid
3055.Sm off
3056.Op Fl p\~ Ar prop Cm \&= Ar value Op ,...
3057.Sm on
3058.Ar overlay
3059.Xc
3060.Pp
3061Create an overlay device named
3062.Ar overlay .
3063.Pp
3064Overlay devices are similar to etherstubs.
3065VNICs can be created on top of them.
3066However, unlike an etherstub which is local to the system, an overlay device
3067can be configured to communicate to remote hosts, providing a means for network
3068virtualization.
3069The way in which it does this is described by the encapsulation module and the
3070search plugin.
3071For more information on these, see
3072.Xr overlay 7 .
3073.Pp
3074An overlay device has a series of required and optional properties.
3075These properties vary based upon the search and encapsulation modules and are
3076fully specified in
3077.Xr overlay 7 .
3078Not every property needs to be specified \(em some have default values which
3079will be used if nothing specific is specified.
3080For example, the default port for VXLAN comes from its IANA standard.
3081If a required property is missing, the command will fail and inform you of the
3082missing properties.
3083.Bl -tag -width 4n
3084.It Fl t , \&-temporary
3085Specifies that the overlay is temporary.
3086Temporary overlays last until the next reboot.
3087.It Fl e Ar encap , Fl \&-encap Ns Cm \&= Ns Ar encap
3088Use
3089.Ar encap
3090as the encapsulation plugin for the overlay device
3091.Ar overlay .
3092The encapsulation plugin determines how packets are transformed before being
3093put on the wire.
3094.It Fl s Ar search , Fl \&-search Ns Cm \&= Ns Ar search
3095Use
3096.Ar search
3097as the search plugin for
3098.Ar overlay .
3099The search plugin determines how non-local targets are found and where packets
3100are directed to.
3101.It Xo
3102.Sm off
3103.Fl p\~ Ar prop Cm = Ar value Oo ,... Oc \&,\~
3104.Fl \&-prop\~ Ar prop Cm = Ar value Op ,...
3105.Sm on
3106.Xc
3107A comma-separated list of properties to set to the specified values.
3108.It Fl v Ar vnetid , Fl \&-vnetid Ns Cm \&= Ns Ar vnetid
3109Sets the virtual networking identifier to
3110.Ar vnetid .
3111A virtual network identifier determines is similar to a VLAN identifier, in
3112that it identifies a unique virtual network.
3113All overlay devices on the system share the same space for the virtual network
3114identifier.
3115However, the valid range of identifiers is determined by the encapsulation
3116plugin specified by
3117.Fl e .
3118.El
3119.It Xo
3120.Nm Cm delete-overlay
3121.Op Fl t
3122.Ar overlay
3123.Xc
3124.Pp
3125Delete the specified overlay.
3126This will fail if there are VNICs on top of the device.
3127.Bl -tag -width 4n
3128.It Fl t , \&-temporary
3129Specifies that the deletion is temporary.
3130Temporary deletions last until the next reboot.
3131.El
3132.It Xo
3133.Nm Cm modify-overlay
3134.Fl d Ar mac |
3135.Fl f |
3136.Sm off
3137.Fl s\~ Ar mac Cm \&= Ar ip Cm \&: Ar port
3138.Sm on
3139.Ar overlay
3140.Xc
3141.Pp
3142Modifies the target tables for the specified overlay.
3143.Pp
3144The different options allow for different ways of modifying the target table.
3145One of
3146.Fl d ,
3147.Fl f ,
3148and
3149.Fl s
3150is required.
3151This is not applicable for all kinds of overlay devices.
3152For more information, see
3153.Xr overlay 7 .
3154.Bl -tag -width 4n
3155.It Fl d Ar mac , Fl \&-delete-entry Ns Cm \&= Ns Ar mac
3156Deletes the entry for
3157.Ar mac
3158from the target table for
3159.Ar overlay .
3160Note, if a lookup is pending or outstanding, this does not cancel it or stop it
3161from updating the value.
3162.It Fl f , \&-flush-table
3163Flushes all values in the target table for
3164.Ar overlay .
3165.It Xo
3166.Fl s Ar mac Ns Cm = Ns Ar value ,
3167.Fl \&-set-entry Ns Cm = Ns Ar mac Ns Cm = Ns Ar value
3168.Xc
3169Sets the value of
3170.Ar overlay Ns No 's
3171target table entry for
3172.Ar mac
3173to the specified value.
3174The specified value varies upon the encapsulation plugin.
3175The value may be a combination of a MAC address, IP address, and port.
3176Generally,
3177this looks like
3178.Sm off
3179.Oo Em mac Cm \&, Oc Oo Em IP Cm \&: Oc Op Em port .
3180.Sm on
3181If a component is the last one, then there is no need for a separator.
3182eg.
3183if just the MAC address or IP is needed, it would look like
3184.Em mac
3185and
3186.Em IP
3187respectively.
3188.El
3189.It Xo
3190.Nm Cm show-overlay
3191.Op Fl f | t
3192.Op Oo Fl p Oc Fl o Ar field Ns Op ,...
3193.Op Ar overlay
3194.Xc
3195.Pp
3196Shows overlay configuration
3197.Pq the default ,
3198internal target tables
3199.Pq Fl t ,
3200or
3201the FMA state
3202.Pq Fl f ,
3203either for all overlays or the specified overlay.
3204.Pp
3205By default
3206.Po with neither
3207.Fl f
3208or
3209.Fl t
3210specified
3211.Pc ,
3212the following fields will be displayed:
3213.Bl -tag -width PROPERTY
3214.It Sy LINK
3215The name of the overlay.
3216.It Sy PROPERTY
3217The name of the property.
3218.It Sy PERM
3219The read/write permissions of the property.
3220The value shown is one of
3221.Sq r-
3222or
3223.Sq rw .
3224.It Sy VALUE
3225The current property value.
3226If the value is not set, it is shown as
3227.Sq -- .
3228If it is unknown, the value is shown as
3229.Sq \&? .
3230.It Sy DEFAULT
3231The default value of the property.
3232If the property has no default value,
3233.Sq --
3234is shown.
3235.It Sy POSSIBLE
3236A comma-separated list of the values the property can have.
3237If the values span a numeric range,
3238.Sq min-max
3239If the possible values are unknown or unbounded,
3240.Sq --
3241is shown.
3242.El
3243.Pp
3244When the
3245.Fl f
3246option is used, the following fields will be displayed:
3247.Bl -tag -width PROPERTY
3248.It Sy LINK
3249The name of the overlay.
3250.It Sy STATUS
3251Either
3252.Sq ONLINE
3253or
3254.Sq DEGRADED .
3255.It Sy DETAILS
3256When the overlay's status is
3257.Sq ONLINE ,
3258then this has the value
3259.Sq -- .
3260Otherwise, when it is
3261.Sq DEGRADED ,
3262this field provides a more detailed explanation as to why it's degraded.
3263.El
3264.Pp
3265When the
3266.Fl t
3267option is used, the following fields will be displayed:
3268.Bl -tag -width PROPERTY
3269.It Sy LINK
3270The name of the overlay.
3271.It Sy TARGET
3272The target MAC address of a table entry.
3273.It Sy DESTINATION
3274The address that an encapsulated packet will be sent to when a packet has the
3275address specified by
3276.Sq TARGET .
3277.El
3278.Pp
3279The
3280.Cm show-overlay
3281command supports the following options:
3282.Bl -tag -width 4n
3283.It Fl f , \&-fma
3284Displays information about an overlay device's FMA state.
3285.It Xo
3286.Fl o Ar field Ns Oo ,... Oc ,
3287.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,...
3288.Xc
3289A case-insensitive, comma-separated list of output fields to display.
3290The field name must be one of the fields listed above, or the special value
3291.Cm all ,
3292to display all fields.
3293The fields applicable to the
3294.Fl o
3295option are limited to those listed under each output mode.
3296For example, if using
3297.Fl L ,
3298only the fields listed under
3299.Fl L ,
3300above, can be used with
3301.Fl o .
3302.It Fl p , \&-parsable
3303Display using a stable machine-parsable format.
3304The
3305.Fl o
3306option is required with
3307.Fl p .
3308See
3309.Sx Parsable Output Format ,
3310below.
3311.It Fl t , \&-target
3312Displays information about an overlay device's target table.
3313For more information on the target table, see
3314.Xr overlay 7 .
3315.El
3316.It Xo
3317.Nm Cm show-usage
3318.Op Fl a
3319.Fl f Ar filename
3320.Op Fl p Ar plotfile Fl F Ar format
3321.Sm off
3322.Op Fl s\~ Ar time\ \&
3323.Op Fl e\~ Ar time
3324.Sm on
3325.Op Ar link
3326.Xc
3327.Pp
3328Show the historical network usage from a stored extended accounting file.
3329Configuration and enabling of network accounting through
3330.Xr acctadm 8
3331is required.
3332The default output will be the summary of network usage for the entire period
3333of time in which extended accounting was enabled.
3334.Bl -tag -width 4n -compact
3335.It Fl a
3336Display all historical network usage for the specified period of time during
3337which extended accounting is enabled.
3338This includes the usage information for the links that have already been
3339deleted.
3340.Pp
3341.It Fl f Ar filename , Fl \&-file Ns Cm \&= Ns Ar filename
3342Read extended accounting records of network usage from
3343.Ar filename .
3344.Pp
3345.It Fl F Ar format , Fl \&-format Ns Cm \&= Ns Ar format
3346Specifies the format of
3347.Ar plotfile
3348that is specified by the
3349.Fl p
3350option.
3351.Cm gnuplot
3352is the only currently supported format.
3353.Pp
3354.It Fl p Ar plotfile , Fl \&-plot Ns Cm \&= Ns Ar plotfile
3355Write network usage data to a file of the format specified by the
3356.Fl F
3357option, which is required.
3358.Pp
3359.It Fl s Ar time , Fl \&-start Ns Cm \&= Ns Ar time
3360.It Fl e Ar time , Fl \&-stop Ns Cm \&= Ns Ar time
3361Start and stop times for data display.
3362Time is in the format MM/DD/YYYY,hh:mm:ss
3363.Pp
3364.It Ar link
3365If specified, display the network usage only for the named link.
3366Otherwise, display network usage for all links.
3367.El
3368.El
3369.Ss "Parsable Output Format"
3370Many
3371.Nm
3372subcommands have an option that displays output in a machine-parsable format.
3373The output format is one or more lines of colon
3374.Pq \&:
3375delimited fields.
3376The fields displayed are specific to the subcommand used and are listed under
3377the entry for the
3378.Fl o
3379option for a given subcommand.
3380Output includes only those fields requested by means of the
3381.Fl o
3382option, in the order requested.
3383.Pp
3384When you request multiple fields, any literal colon characters are escaped by a
3385backslash
3386.Pq \e
3387before being output.
3388Similarly, literal backslash characters will also be escaped
3389.Pq \e\e .
3390This escape format is parsable by using shell
3391.Xr read 1
3392functions with the environment variable
3393.Em IFS=:\&
3394.Po
3395see
3396.Sx EXAMPLES ,
3397below
3398.Pc .
3399Note that escaping is not done when you request only a single field.
3400.Ss "General Link Properties"
3401The following general link properties are supported:
3402.Bl -tag -width 4n
3403.It Sy allowed-ips
3404A comma-separated list of IP addresses that are allowed on the interface.
3405.Pp
3406An address in CIDR format with no host address specified is used to indicate
3407that any address on that subnet is allowed
3408.Po
3409e.g. 192.168.10.0/24 means any address in the range 192.168.10.0 -
3410192.168.10.255 is allowed
3411.Pc .
3412.It Sy autopush
3413Specifies the set of STREAMS modules to push on the stream associated with a
3414link when its DLPI device is opened.
3415It is a space-delimited list of modules.
3416.Pp
3417The optional special character sequence
3418.Sq [anchor]
3419indicates that a STREAMS anchor should be placed on the stream at the module
3420previously specified in the list.
3421It is an error to specify more than one anchor or to have an anchor first in
3422the list.
3423.Pp
3424The autopush property is preferred over the more general
3425.Xr autopush 8
3426command.
3427.It Sy cpus
3428Bind the processing of packets for a given data link to a processor or a set of
3429processors.
3430The value can be a comma-separated list of one or more processor ids.
3431If the list consists of more than one processor, the processing will spread out
3432to all the processors.
3433Connection to processor affinity and packet ordering for any individual
3434connection will be maintained.
3435.Pp
3436The processor or set of processors are not exclusively reserved for the link.
3437Only the kernel threads and interrupts associated with processing of the link
3438are bound to the processor or the set of processors specified.
3439In case it is desired that processors be dedicated to the link,
3440.Xr psrset 8
3441can be used to create a processor set and then specifying the processors from
3442the processor set to bind the link to.
3443.Pp
3444If the link was already bound to processor or set of processors due to a
3445previous operation, the binding will be removed and the new set of processors
3446will be used instead.
3447.Pp
3448The default is no CPU binding, which is to say that the processing of packets
3449is not bound to any specific processor or processor set.
3450.It Sy learn_limit
3451Limits the number of new or changed MAC sources to be learned over a bridge
3452link.
3453When the number exceeds this value, learning on that link is temporarily
3454disabled.
3455Only non-VLAN, non-VNIC type links have this property.
3456.Pp
3457The default value is 1000.
3458Valid values are greater or equal to 0.
3459.It Sy learn_decay
3460Specifies the decay rate for source changes limited by
3461.Sy learn_limit .
3462This number is subtracted from the counter for a bridge link every 5 seconds.
3463Only non-VLAN, non-VNIC type links have this property.
3464.Pp
3465The default value is 200.
3466Valid values are greater or equal to 0.
3467.It Sy maxbw
3468Sets the full duplex bandwidth for the link.
3469The bandwidth is specified as an integer with one of the scale suffixes
3470.Po
3471.Sy K ,
3472.Sy M ,
3473or
3474.Sy G
3475for Kbps, Mbps, and Gbps
3476.Pc .
3477If no units are specified, the input value will be read as Mbps.
3478The default is no bandwidth limit.
3479.It Sy priority
3480Sets the relative priority for the link.
3481The value can be given as one of the tokens
3482.Cm high ,
3483.Cm medium ,
3484or
3485.Cm low .
3486The default is
3487.Cm high .
3488.It Sy stp
3489Enables or disables Spanning Tree Protocol on a bridge link.
3490Setting this value to
3491.Sq 0
3492disables Spanning Tree, and puts the link into forwarding mode with
3493BPDU guarding enabled.
3494This mode is appropriate for point-to-point links connected only to end nodes.
3495Only non-VLAN, non-VNIC type links have this property.
3496The default value is
3497.Sq 1 ,
3498to enable STP.
3499.It Sy forward
3500Enables or disables forwarding for a VLAN.
3501Setting this value to
3502.Sq 0
3503disables bridge forwarding for a VLAN link.
3504Disabling bridge forwarding removes that VLAN from the "allowed set" for the
3505bridge.
3506The default value is
3507.Sq 1 ,
3508to enable bridge forwarding for configured VLANs.
3509.It Sy default_tag
3510Sets the default VLAN ID that is assumed for untagged packets sent to and
3511received from this link.
3512Only non-VLAN, non-VNIC type links have this property.
3513Setting this value to
3514.Sq 0
3515disables the bridge forwarding of untagged packets to and from the port.
3516The default value is
3517.Sq 1 .
3518Valid values values are from 0 to 4094.
3519.It Sy promisc-filtered
3520Enables or disables the default filtering of promiscuous mode for certain
3521classes of links.
3522By default, VNICs will only see unicast traffic destined for it in promiscuous
3523mode.
3524Not all the unicast traffic from the underlying device makes it to the VNIC.
3525Disabling this would cause a VNIC, for example, to be able to see all unicast
3526traffic from the device it is created over.
3527The default value is on.
3528.It Sy stp_priority
3529Sets the STP and RSTP Port Priority value, which is used to determine the
3530preferred root port on a bridge.
3531Lower numerical values are higher priority.
3532The default value is 128.
3533Valid values range from 0 to 255.
3534.It Sy stp_cost
3535Sets the STP and RSTP cost for using the link.
3536The default value is
3537.Cm auto ,
3538which sets the cost based on link speed, using
3539.Sq 100
3540for 10Mbps,
3541.Sq 19
3542for 100Mbps,
3543.Sq 4
3544for 1Gbps, and
3545.Sq 2
3546for 10Gbps.
3547Valid values range from 1 to 65535.
3548.It Sy stp_edge
3549Enables or disables bridge edge port detection.
3550If set to
3551.Sq 0
3552.Pq false ,
3553the system assumes that the port is connected to other bridges even if no
3554bridge PDUs of any type are seen.
3555The default value is
3556.Sq 1 ,
3557which detects edge ports automatically.
3558.It Sy stp_p2p
3559Sets bridge point-to-point operation mode.
3560Possible values are
3561.Cm true ,
3562.Cm false ,
3563and
3564.Cm auto .
3565When set to
3566.Cm auto ,
3567point-to-point connections are automatically discovered.
3568When set to
3569.Cm true ,
3570the port mode is forced to use point-to-point.
3571When set to
3572.Cm false ,
3573the port mode is forced to use normal multipoint mode.
3574The default value is
3575.Cm auto .
3576.It Sy stp_mcheck
3577Triggers the system to run the RSTP
3578.Em Force BPDU Migration Check
3579procedure on this link.
3580The procedure is triggered by setting the property value to
3581.Sq 1 .
3582The property is automatically reset back to
3583.Sq 0 .
3584This value cannot be set unless the following are true:
3585.Bl -bullet
3586.It
3587The link is bridged
3588.It
3589The bridge is protected by Spanning Tree
3590.It
3591The bridge force-protocol value is at least 2
3592.Pq RSTP
3593.El
3594.Pp
3595The default value is 0.
3596.It Sy zone
3597Specifies the zone to which the link belongs.
3598This property can be modified only temporarily through
3599.Nm ,
3600and thus the
3601.Fl t
3602option must be specified.
3603To modify the zone assignment such that it persists across reboots,
3604use
3605.Xr zonecfg 8 .
3606Possible values consist of any exclusive-IP zone currently running on the
3607system.
3608By default, the zone binding is as per
3609.Xr zonecfg 8 .
3610.El
3611.Ss "Wifi Link Properties"
3612The following WiFi link properties are supported.
3613Note that the ability to set a given property to a given value depends on the
3614driver and hardware.
3615.Bl -tag -width 4n
3616.It Sy channel
3617Specifies the channel to use.
3618This property can be modified only by certain WiFi links when in IBSS mode.
3619The default value and allowed range of values varies by regulatory domain.
3620.It Sy powermode
3621Specifies the power management mode of the WiFi link.
3622Possible values are
3623.Cm off
3624.Cm disable power management ,
3625.Cm max
3626.Cm maximum power savings ,
3627and
3628.Cm fast
3629.Pq performance-sensitive power management .
3630Default is
3631.Cm off .
3632.It Sy radio
3633Specifies the radio mode of the WiFi link.
3634Possible values are
3635.Cm on
3636or
3637.Cm off .
3638Default is
3639.Cm on .
3640.It Sy speed
3641Specifies a fixed speed for the WiFi link, in megabits per second.
3642The set of possible values depends on the driver and hardware
3643.Po
3644but is shown by
3645.Cm show-linkprop
3646.Pc ;
3647common speeds include 1, 2, 11, and 54.
3648By default, there is no fixed speed.
3649.El
3650.Ss "Ethernet Link Properties"
3651The following MII Properties, as documented in
3652.Xr ieee802.3 7 ,
3653are supported in read-only mode:
3654.Pp
3655.Bl -bullet -offset 4n -compact
3656.It
3657duplex
3658.It
3659state
3660.It
3661adv_autoneg_cap
3662.It
3663adv_10gfdx_cap
3664.It
3665adv_1000fdx_cap
3666.It
3667adv_1000hdx_cap
3668.It
3669adv_100fdx_cap
3670.It
3671adv_100hdx_cap
3672.It
3673adv_10fdx_cap
3674.It
3675adv_10hdx_cap
3676.El
3677.Pp
3678Each
3679.Sq adv_
3680property
3681.Po
3682for example,
3683.Sq adv_10fdx_cap
3684.Pc
3685also has a read/write counterpart
3686.Sq en_
3687property
3688.Po for example,
3689.Sq en_10fdx_cap
3690.Pc
3691controlling parameters used at auto-negotiation.
3692In the absence of Power Management, the
3693.Sq adv_*
3694speed/duplex parameters provide the values that are both negotiated and
3695currently effective in hardware.
3696However, with Power Management enabled, the speed/duplex capabilities currently
3697exposed in hardware might be a subset of the set of bits that were used in
3698initial link parameter negotiation.
3699Thus the MII
3700.Sq adv_*
3701parameters are marked read-only, with an additional set of
3702.Sq en_*
3703parameters for configuring speed and duplex properties at initial negotiation.
3704.Pp
3705Note that the
3706.Sq adv_autoneg_cap
3707does not have an
3708.Sq en_autoneg_cap
3709counterpart: the
3710.Sq adv_autoneg_cap
3711is a 0/1 switch that turns off/on auto-negotiation itself, and therefore cannot
3712be impacted by Power Management.
3713.Pp
3714In addition, the following Ethernet properties are reported:
3715.Bl -tag -width 4n
3716.It Sy speed
3717.Pq read-only
3718The operating speed of the device, in Mbps.
3719.It Sy mtu
3720The maximum client SDU
3721.Pq Send Data Unit
3722supported by the device.
3723Valid range is 68-65536.
3724.It Sy flowctrl
3725Establishes flow-control modes that will be advertised by the device.
3726Valid input is one of:
3727.Bl -tag -width 4n
3728.It Sy no
3729No flow control enabled.
3730.It Sy rx
3731Receive, and act upon incoming pause frames.
3732.It Sy tx
3733Transmit pause frames to the peer when congestion occurs, but ignore received
3734pause frames.
3735.It Sy bi
3736Bidirectional flow control.
3737.El
3738.Pp
3739Note that the actual settings for this value are constrained by the
3740capabilities allowed by the device and the link partner.
3741.It Sy en_fec_cap
3742Sets the Forward Error Correct
3743.Pq FEC
3744code(s) to be advertised by the device.
3745Valid values are:
3746.Bl -tag -width 4n
3747.It Sy none
3748Allow the device not to use FEC.
3749.It Sy auto
3750The device will automatically decide which FEC code to use.
3751.It Sy rs
3752Allow Reed-Solomon FEC code.
3753.It Sy base-r
3754Allow Base-R
3755.Pq also known as FireCode
3756code.
3757.El
3758.Pp
3759Valid input is either
3760.Cm auto
3761as a single value, or a comma separated combination of
3762.Cm none ,
3763.Cm rs
3764and
3765.Cm base-r .
3766The default value is
3767.Cm auto .
3768.Pp
3769Note the actual FEC settings and combinations are constrained by the
3770capabilities allowed by the device and the link partner.
3771.It Sy adv_fec_cap
3772.Pq read-only
3773The current negotiated Forward Error Correction code.
3774.It Sy secondary-macs
3775A comma-separated list of additional MAC addresses that are allowed on the
3776interface.
3777.It Sy tagmode
3778This link property controls the conditions in which 802.1Q VLAN tags will be
3779inserted in packets being transmitted on the link.
3780Two mode values can be assigned to this property:
3781.Bl -tag -width 4n
3782.It Sy normal
3783Insert a VLAN tag in outgoing packets under the following conditions:
3784.Bl -bullet -offset 4n
3785.It
3786The packet belongs to a VLAN.
3787.It
3788The user requested priority tagging.
3789.El
3790.It Sy vlanonly
3791Insert a VLAN tag only when the outgoing packet belongs to a VLAN.
3792If a tag is being inserted in this mode and the user has also requested a
3793non-zero priority, the priority is honored and included in the VLAN tag.
3794.El
3795.Pp
3796The default value is
3797.Cm vlanonly .
3798.It Sy media
3799.Pq read-only
3800The current type of media that the Ethernet link is using, if known.
3801For example, this would be something like 1000BASE-T, 25GBASE-CR, 100GBASE-KR4,
3802etc.
3803.El
3804.Ss "IP Tunnel Link Properties"
3805The following IP tunnel link properties are supported.
3806.Bl -tag -width 4n
3807.It Sy hoplimit
3808Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating outer IP header
3809of a tunnel link.
3810This property exists for all tunnel types.
3811The default value is 64.
3812.It Sy encaplimit
3813Specifies the IPv6 encapsulation limit for an IPv6 tunnel as defined in RFC
38142473.
3815This value is the tunnel nesting limit for a given tunneled packet.
3816The default value is 4.
3817A value of 0 disables the encapsulation limit.
3818.El
3819.Sh EXAMPLES
3820.Sy Example 1
3821Configuring an Aggregation
3822.Pp
3823To configure a data-link over an aggregation of devices
3824.Em bge0
3825and
3826.Em bge1
3827with key 1, enter the following command:
3828.Bd -literal -offset indent
3829# dladm create-aggr -d bge0 -d bge1 1
3830.Ed
3831.Pp
3832.Sy Example 2
3833Connecting to a WiFi Link
3834.Pp
3835To connect to the most optimal available unsecured network on a system with a
3836single WiFi link
3837.Po
3838as per the prioritization rules specified for
3839.Cm connect-wifi
3840.Pc ,
3841enter the following command:
3842.Bd -literal -offset indent
3843# dladm connect-wifi
3844.Ed
3845.Pp
3846.Sy Example 3
3847Creating a WiFi Key
3848.Pp
3849To interactively create the WEP key
3850.Sq mykey ,
3851enter the following command:
3852.Bd -literal -offset indent
3853# dladm create-secobj -c wep mykey
3854.Ed
3855.Pp
3856Alternatively, to non-interactively create the WEP key
3857.Sq mykey
3858using the contents of a file:
3859.Bd -literal -offset indent
3860# umask 077
3861# cat >/tmp/mykey.$$ <<EOF
386212345
3863EOF
3864# dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
3865# rm /tmp/mykey.$$
3866.Ed
3867.Pp
3868.Sy Example 4
3869Connecting to a Specified Encrypted WiFi Link
3870.Pp
3871To use key
3872.Sq mykey
3873to connect to ESSID
3874.Sq wlan
3875on link
3876.Sq ath0 ,
3877enter the following command:
3878.Bd -literal -offset indent
3879# dladm connect-wifi -k mykey -e wlan ath0
3880.Ed
3881.Pp
3882.Sy Example 5
3883Changing a Link Property
3884.Pp
3885To set powermode to the value
3886.Sq fast
3887on link
3888.Sq pcwl0 ,
3889enter the following command:
3890.Bd -literal -offset indent
3891# dladm set-linkprop -p powermode=fast pcwl0
3892.Ed
3893.Pp
3894.Sy Example 6
3895Connecting to a WPA-Protected WiFi Link
3896.Pp
3897Create a WPA key
3898.Sq psk
3899and enter the following command:
3900.Bd -literal -offset indent
3901# dladm create-secobj -c wpa psk
3902.Ed
3903.Pp
3904To then use key
3905.Sq psk
3906to connect to ESSID
3907.Sq wlan
3908on link
3909.Sq ath0 ,
3910enter the following command:
3911.Bd -literal -offset indent
3912# dladm connect-wifi -k psk -e wlan ath0
3913.Ed
3914.Pp
3915.Sy Example 7
3916Renaming a Link
3917.Pp
3918To rename the
3919.Sq bge0
3920link to
3921.Sq mgmt0 ,
3922enter the following command:
3923.Bd -literal -offset indent
3924# dladm rename-link bge0 mgmt0
3925.Ed
3926.Pp
3927.Sy Example 8
3928Replacing a Network Card
3929.Pp
3930Consider that the bge0 device, whose link was named mgmt0 as shown in the
3931previous example, needs to be replaced with a ce0 device because of a hardware
3932failure.
3933The bge0 NIC is physically removed, and replaced
3934with a new ce0 NIC.
3935To associate the newly added ce0 device with the mgmt0 configuration previously
3936associated with bge0, enter the following command:
3937.Bd -literal -offset indent
3938# dladm rename-link ce0 mgmt0
3939.Ed
3940.Pp
3941.Sy Example 9
3942Removing a Network Card
3943.Pp
3944Suppose that in the previous example, the intent is not to replace the
3945bge0 NIC with another NIC, but rather to remove and not replace the
3946hardware.
3947In that case, the mgmt0 datalink configuration is not slated to be associated
3948with a different physical device as shown in the previous example, but needs to
3949be deleted.
3950Enter the following command to delete the datalink configuration associated
3951with the mgmt0 datalink, whose physical hardware
3952.Pq bge0 in this case
3953has been removed:
3954.Bd -literal -offset indent
3955# dladm delete-phys mgmt0
3956.Ed
3957.Pp
3958.Sy Example 10
3959Using Parsable Output to Capture a Single Field
3960.Pp
3961The following assignment saves the MTU of link net0
3962to a variable named
3963.Sq mtu .
3964.Bd -literal -offset indent
3965# mtu=`dladm show-link -p -o mtu net0`
3966.Ed
3967.Pp
3968.Sy Example 11
3969Using Parsable Output to Iterate over Links
3970.Pp
3971The following script displays the state of each link on the system.
3972.Bd -literal -offset indent
3973# dladm show-link -p -o link,state | \e
3974    while IFS=: read link state; do
3975        print "Link $link is in state $state"
3976done
3977.Ed
3978.Pp
3979.Sy Example 12
3980Configuring VNICs
3981.Pp
3982Create two VNICs with names
3983.Sq hello0
3984and
3985.Sq test1
3986over a single physical link
3987.Sq bge0 :
3988.Bd -literal -offset indent
3989# dladm create-vnic -l bge0 hello0
3990# dladm create-vnic -l bge0 test1
3991.Ed
3992.Pp
3993.Sy Example 13
3994Configuring VNICs and Allocating Bandwidth and Priority
3995.Pp
3996Create two VNICs with names
3997.Sq hello0
3998and
3999.Sq test1
4000over a single physical link
4001.Sq bge0
4002and make
4003.Sq hello0
4004a high priority VNIC with a factory-assigned MAC address with a maximum
4005bandwidth of 50 Mbps.
4006Make
4007.Sq test1
4008a low priority VNIC with a random MAC address and a maximum bandwidth of
4009100Mbps.
4010.Bd -literal -offset indent
4011# dladm create-vnic -l bge0 -m factory \e
4012    -p maxbw=50,priority=high hello0
4013# dladm create-vnic -l bge0 -m random \e
4014    -p maxbw=100M,priority=low test1
4015.Ed
4016.Pp
4017.Sy Example 14
4018Configuring a VNIC with a Factory MAC Address
4019.Pp
4020First, list the available factory MAC addresses and choose one of them:
4021.Bd -literal -offset indent
4022# dladm show-phys -m bge0
4023LINK            SLOT         ADDRESS              INUSE    CLIENT
4024bge0            primary      0:e0:81:27:d4:47     yes      bge0
4025bge0            1            8:0:20:fe:4e:a5      no
4026bge0            2            8:0:20:fe:4e:a6      no
4027bge0            3            8:0:20:fe:4e:a7      no
4028.Ed
4029.Pp
4030Create a VNIC named
4031.Sq hello0
4032and use slot 1's address:
4033.Bd -literal -offset indent
4034# dladm create-vnic -l bge0 -m factory -n 1 hello0
4035# dladm show-phys -m bge0
4036LINK            SLOT         ADDRESS              INUSE    CLIENT
4037bge0            primary      0:e0:81:27:d4:47     yes      bge0
4038bge0            1            8:0:20:fe:4e:a5      yes      hello0
4039bge0            2            8:0:20:fe:4e:a6      no
4040bge0            3            8:0:20:fe:4e:a7      no
4041.Ed
4042.Pp
4043.Sy Example 15
4044Creating a VNIC with User-Specified MAC Address, Binding it to Set of
4045Processors
4046.Pp
4047Create a VNIC with name
4048.Sq hello0 ,
4049with a user specified MAC address, and a processor binding 0, 1, 2, 3.
4050.Bd -literal -offset indent
4051# dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 \e
4052    -p cpus=0,1,2,3 hello0
4053.Ed
4054.Pp
4055.Sy Example 16
4056Creating a Virtual Network Without a Physical NIC
4057.Pp
4058First, create an etherstub with name
4059.Sq stub1 :
4060.Bd -literal -offset indent
4061# dladm create-etherstub stub1
4062.Ed
4063.Pp
4064Create two VNICs with names
4065.Sq hello0
4066and
4067.Sq test1
4068on the etherstub.
4069This operation implicitly creates a virtual switch connecting
4070.Sq hello0
4071and
4072.Sq test1 .
4073.Bd -literal -offset indent
4074# dladm create-vnic -l stub1 hello0
4075# dladm create-vnic -l stub1 test1
4076.Ed
4077.Pp
4078.Sy Example 17
4079Showing Network Usage
4080.Pp
4081Network usage statistics can be stored using the extended accounting facility,
4082.Xr acctadm 8 .
4083.Bd -literal -offset indent
4084# acctadm -e basic -f /var/log/net.log net
4085# acctadm net
4086Network accounting: active
4087Network accounting file: /var/log/net.log
4088Tracked Network resources: basic
4089Untracked Network resources: src_ip,dst_ip,src_port,dst_port,...
4090.Ed
4091.Pp
4092The saved historical data can be retrieved in summary form using the
4093.Cm show-usage
4094subcommand:
4095.Bd -literal -offset indent
4096# dladm show-usage -f /var/log/net.log
4097LINK      DURATION  IPACKETS RBYTES   OPACKETS OBYTES  BANDWIDTH
4098e1000g0   80        1031     546908   0        0       2.44 Kbps
4099.Ed
4100.Pp
4101.Sy Example 18
4102Displaying Bridge Information
4103.Pp
4104The following commands use the
4105.Cm show-bridge
4106subcommand with no and various options.
4107.Bd -literal -offset indent
4108# dladm show-bridge
4109BRIDGE    PROTECT ADDRESS           PRIORITY DESROOT
4110foo       stp     32768/8:0:20:bf:f 32768    8192/0:d0:0:76:14:38
4111bar       stp     32768/8:0:20:e5:8 32768    8192/0:d0:0:76:14:38
4112
4113# dladm show-bridge -l foo
4114LINK      STATE        UPTIME   DESROOT
4115hme0      forwarding   117      8192/0:d0:0:76:14:38
4116qfe1      forwarding   117      8192/0:d0:0:76:14:38
4117
4118# dladm show-bridge -s foo
4119BRIDGE    DROPS        FORWARDS
4120foo       0            302
4121
4122# dladm show-bridge -ls foo
4123LINK      DROPS     RECV      XMIT
4124hme0      0         360832    31797
4125qfe1      0         322311    356852
4126
4127# dladm show-bridge -f foo
4128DEST              AGE     FLAGS  OUTPUT
41298:0:20:bc:a7:dc   10.860  --     hme0
41308:0:20:bf:f9:69   --      L      hme0
41318:0:20:c0:20:26   17.420  --     hme0
41328:0:20:e5:86:11   --      L      qfe1
4133.Ed
4134.Pp
4135.Sy Example 19
4136Creating an IPv4 Tunnel
4137.Pp
4138The following sequence of commands creates and then displays a persistent IPv4
4139tunnel link named
4140.Sq mytunnel0
4141between 66.1.2.3 and 192.4.5.6:
4142.Bd -literal -offset indent
4143# dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0
4144# dladm show-iptun mytunnel0
4145LINK            TYPE  FLAGS  SOURCE              DESTINATION
4146mytunnel0       ipv4  --     66.1.2.3            192.4.5.6
4147.Ed
4148.Pp
4149A point-to-point IP interface can then be created over this tunnel link:
4150.Bd -literal -offset indent
4151# ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up
4152.Ed
4153.Pp
4154As with any other IP interface, configuration persistence for this IP interface
4155is achieved by placing the desired
4156.Xr ifconfig 8
4157commands
4158.Pq in this case, the command for "10.1.0.1 10.1.0.2"
4159into
4160.Pa /etc/hostname.mytunnel0 .
4161.Pp
4162.Sy Example 20
4163Creating a 6to4 Tunnel
4164.Pp
4165The following command creates a 6to4 tunnel link.
4166The IPv4 address of the 6to4 router is 75.10.11.12.
4167.Bd -literal -offset indent
4168# dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0
4169# dladm show-iptun sitetunnel0
4170LINK            TYPE  FLAGS  SOURCE              DESTINATION
4171sitetunnel0     6to4  --     75.10.11.12         --
4172.Ed
4173.Pp
4174The following command plumbs an IPv6 interface on this tunnel:
4175.Bd -literal -offset indent
4176# ifconfig sitetunnel0 inet6 plumb up
4177# ifconfig sitetunnel0 inet6
4178sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3
4179inet tunnel src 75.10.11.12
4180tunnel hop limit 64
4181inet6 2002:4b0a:b0c::1/16
4182.Ed
4183.Pp
4184Note that the system automatically configures the IPv6 address on the 6to4 IP
4185interface.
4186See
4187.Xr ifconfig 8
4188for a description of how IPv6 addresses are configured on 6to4 tunnel links.
4189.Sh INTERFACE STABILITY
4190The command line interface of
4191.Nm
4192is
4193.Sy Committed .
4194The output of
4195.Nm
4196is
4197.Sy Committed
4198.Sh SEE ALSO
4199.Xr read 1 ,
4200.Xr dlpi 4P ,
4201.Xr attributes 7 ,
4202.Xr ieee802.3 7 ,
4203.Xr overlay 7 ,
4204.Xr acctadm 8 ,
4205.Xr autopush 8 ,
4206.Xr eeprom 8 ,
4207.Xr ifconfig 8 ,
4208.Xr ipadm 8 ,
4209.Xr ipsecconf 8 ,
4210.Xr ndd 8 ,
4211.Xr psrset 8 ,
4212.Xr wpad 8 ,
4213.Xr zonecfg 8
4214.Sh NOTES
4215The preferred method of referring to an aggregation in the aggregation
4216subcommands is by its link name.
4217Referring to an aggregation by its integer
4218.Ar key
4219is supported for backward compatibility, but is not necessary.
4220When creating an aggregation, if a
4221.Ar key
4222is specified instead of a link name, the aggregation's link name will be
4223automatically generated by
4224.Nm
4225as
4226.Sy aggr Ns Ar key .
4227