1.\" 2.\" Sun Microsystems, Inc. gratefully acknowledges The Open Group for 3.\" permission to reproduce portions of its copyrighted documentation. 4.\" Original documentation from The Open Group can be obtained online at 5.\" http://www.opengroup.org/bookstore/. 6.\" 7.\" The Institute of Electrical and Electronics Engineers and The Open 8.\" Group, have given us permission to reprint portions of their 9.\" documentation. 10.\" 11.\" In the following statement, the phrase ``this text'' refers to portions 12.\" of the system documentation. 13.\" 14.\" Portions of this text are reprinted and reproduced in electronic form 15.\" in the SunOS Reference Manual, from IEEE Std 1003.1, 2004 Edition, 16.\" Standard for Information Technology -- Portable Operating System 17.\" Interface (POSIX), The Open Group Base Specifications Issue 6, 18.\" Copyright (C) 2001-2004 by the Institute of Electrical and Electronics 19.\" Engineers, Inc and The Open Group. In the event of any discrepancy 20.\" between these versions and the original IEEE and The Open Group 21.\" Standard, the original IEEE and The Open Group Standard is the referee 22.\" document. The original Standard can be obtained online at 23.\" http://www.opengroup.org/unix/online.html. 24.\" 25.\" This notice shall appear on any product containing this material. 26.\" 27.\" The contents of this file are subject to the terms of the 28.\" Common Development and Distribution License (the "License"). 29.\" You may not use this file except in compliance with the License. 30.\" 31.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 32.\" or http://www.opensolaris.org/os/licensing. 33.\" See the License for the specific language governing permissions 34.\" and limitations under the License. 35.\" 36.\" When distributing Covered Code, include this CDDL HEADER in each 37.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE. 38.\" If applicable, add the following below this CDDL HEADER, with the 39.\" fields enclosed by brackets "[]" replaced with your own identifying 40.\" information: Portions Copyright [yyyy] [name of copyright owner] 41.\" 42.\" 43.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved 44.\" Copyright 2016 Joyent, Inc. 45.\" Copyright 2020 RackTop Systems, Inc. 46.\" Copyright 2023 Oxide Computer Company 47.\" Copyright 2024 OmniOS Community Edition (OmniOSce) Association. 48.\" 49.Dd January 14, 2024 50.Dt DLADM 8 51.Os 52.Sh NAME 53.Nm dladm 54.Nd administer data links 55.Sh SYNOPSIS 56.Nm 57.Cm help 58.\" Link 59.Pp 60.Nm 61.Cm show-link 62.Op Fl P 63.Op Fl s Op Fl i Ar interval 64.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 65.Op Ar link 66.Nm 67.Cm rename-link 68.Op Fl R Ar root-dir 69.Ar link new-link 70.\" Phys 71.Pp 72.Nm 73.Cm delete-phys 74.Ar phys-link 75.Nm 76.Cm show-phys 77.Op Fl m | H | P 78.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 79.Op Ar phys-link 80.\" Aggr 81.Pp 82.Nm 83.Cm create-aggr 84.Op Fl t 85.Op Fl R Ar root-dir 86.Op Fl P Ar policy 87.Op Fl L Ar mode 88.Op Fl T Ar time 89.Op Fl u Ar address 90.Fl l Ar ether-link 91.Oo Fl l Ar ether-link Oc Ns ... 92.Ar aggr-link 93.Nm 94.Cm modify-aggr 95.Op Fl t 96.Op Fl R Ar root-dir 97.Op Fl P Ar policy 98.Op Fl L Ar mode 99.Op Fl T Ar time 100.Op Fl u Ar address 101.Ar aggr-link 102.Nm 103.Cm delete-aggr 104.Op Fl t 105.Op Fl R Ar root-dir 106.Ar aggr-link 107.Nm 108.Cm add-aggr 109.Op Fl t 110.Op Fl R Ar root-dir 111.Fl l Ar ether-link 112.Oo Fl l Ar ether-link Oc Ns ... 113.Ar aggr-link 114.Nm 115.Cm remove-aggr 116.Op Fl t 117.Op Fl R Ar root-dir 118.Fl l Ar ether-link 119.Oo Fl l Ar ether-link Oc Ns ... 120.Ar aggr-link 121.Nm 122.Cm show-aggr 123.Op Fl PLx 124.Op Fl s Op Fl i Ar interval 125.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 126.Op Ar aggr-link 127.\" Bridge 128.Pp 129.Nm 130.Cm create-bridge 131.Op Fl R Ar root-dir 132.Op Fl P Ar protect 133.Op Fl p Ar priority 134.Op Fl m Ar max-age 135.Op Fl h Ar hello-time 136.Op Fl d Ar forward-delay 137.Op Fl f Ar force-protocol 138.Oo Fl l Ar link Oc Ns ... 139.Ar bridge-name 140.Nm 141.Cm modify-bridge 142.Op Fl R Ar root-dir 143.Op Fl P Ar protect 144.Op Fl p Ar priority 145.Op Fl m Ar max-age 146.Op Fl h Ar hello-time 147.Op Fl d Ar forward-delay 148.Op Fl f Ar force-protocol 149.Ar bridge-name 150.Nm 151.Cm delete-bridge 152.Op Fl R Ar root-dir 153.Ar bridge-name 154.Nm 155.Cm add-bridge 156.Op Fl R Ar root-dir 157.Fl l Ar link 158.Oo Fl l Ar link Oc Ns ... 159.Ar bridge-name 160.Nm 161.Cm remove-bridge 162.Op Fl R Ar root-dir 163.Fl l Ar link 164.Oo Fl l Ar link Oc Ns ... 165.Ar bridge-name 166.Nm 167.Cm show-bridge 168.Op Fl flt 169.Op Fl s Op Fl i Ar interval 170.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 171.Ar bridge-name 172.\" VLAN 173.Pp 174.Nm 175.Cm create-vlan 176.Op Fl ft 177.Op Fl R Ar root-dir 178.Fl l Ar ether-link 179.Fl v Ar vid 180.Op Ar vlan-link 181.Nm 182.Cm delete-vlan 183.Op Fl t 184.Op Fl R Ar root-dir 185.Ar vlan-link 186.Nm 187.Cm show-vlan 188.Op Fl P 189.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 190.Op Ar vlan-link 191.\" Wifi 192.Pp 193.Nm 194.Cm scan-wifi 195.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 196.Op Ar wifi-link 197.Nm 198.Cm connect-wifi 199.Op Fl e Ar essid 200.Op Fl i Ar bssid 201.Op Fl k Ar key Ns ,... 202.Sm off 203.Oo Fl s\~ Cm none | wep | wpa Oc \ \& 204.Oo Fl a\~ Cm open | shared Oc \ \& 205.Oo Fl b\~ Cm bss | ibss Oc 206.Sm on 207.Op Fl c 208.Sm off 209.Oo Fl m\~ Cm a | b | g Oc \ \& 210.Sm on 211.Op Fl T Ar time 212.Op Ar wifi-link 213.Nm 214.Cm disconnect-wifi 215.Op Fl a 216.Op Ar wifi-link 217.Nm 218.Cm show-wifi 219.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 220.Op Ar wifi-link 221.\" Ether 222.Pp 223.Nm 224.Cm show-ether 225.Op Fl x 226.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 227.Op Ar ether-link 228.\" Linkprop 229.Pp 230.Nm 231.Cm set-linkprop 232.Op Fl t 233.Op Fl R Ar root-dir 234.Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,... 235.Ar link 236.Nm 237.Cm reset-linkprop 238.Op Fl t 239.Op Fl R Ar root-dir 240.Op Fl p Ar prop Ns Op ,... 241.Ar link 242.Nm 243.Cm show-linkprop 244.Op Fl P 245.Op Oo Fl c Oc Fl o Ar field Ns Op ,... 246.Op Fl p Ar prop Ns Op ,... 247.Op Ar link 248.\" Secobj 249.Pp 250.Nm 251.Cm create-secobj 252.Op Fl t 253.Op Fl R Ar root-dir 254.Op Fl f Ar file 255.Fl c Ar class Ar secobj 256.Nm 257.Cm delete-secobj 258.Op Fl t 259.Op Fl R Ar root-dir 260.Ar secobj Ns Op ,... 261.Nm 262.Cm show-secobj 263.Op Fl P 264.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 265.Op Ar secobj Ns Op ,... 266.\" VNIC 267.Pp 268.Nm 269.Cm create-vnic 270.Op Fl t 271.Op Fl R Ar root-dir 272.Fl l Ar link 273.Oo 274.Fl m 275.Ar value | 276.Cm auto | 277.Cm factory Fl n Ar slot-identifier | 278.Cm random Op Fl r Ar prefix 279.Oc 280.Op Fl v Ar vlan-id 281.Op Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,... 282.Ar vnic-link 283.Nm 284.Cm delete-vnic 285.Op Fl t 286.Op Fl R Ar root-dir 287.Ar vnic-link 288.Nm 289.Cm show-vnic 290.Op Fl P 291.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 292.Op Fl s Op Fl i Ar interval 293.Op Fl l Ar link 294.Op Ar vnic-link 295.\" Etherstub 296.Pp 297.Nm 298.Cm create-etherstub 299.Op Fl t 300.Op Fl R Ar root-dir 301.Ar etherstub 302.Nm 303.Cm delete-etherstub 304.Op Fl t 305.Op Fl R Ar root-dir 306.Ar etherstub 307.Nm 308.Cm show-etherstub 309.Op Ar etherstub 310.\" IPTun 311.Pp 312.Nm 313.Cm create-iptun 314.Op Fl t 315.Op Fl R Ar root-dir 316.Fl T Ar type 317.Sm off 318.Oo Fl a\~ 319.Brq Cm local | remote 320.Cm = Ar addr Op ,... 321.Oc 322.Sm on 323.Ar iptun-link 324.Nm 325.Cm modify-iptun 326.Op Fl t 327.Op Fl R Ar root-dir 328.Sm off 329.Oo Fl a\~ 330.Brq Cm local | remote 331.Cm = Ar addr Op ,... 332.Oc 333.Sm on 334.Ar iptun-link 335.Nm 336.Cm delete-iptun 337.Op Fl t 338.Op Fl R Ar root-dir 339.Ar iptun-link 340.Nm 341.Cm show-iptun 342.Op Fl P 343.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 344.Op Ar iptun-link 345.\" Overlay 346.Pp 347.Nm 348.Cm create-overlay 349.Op Fl t 350.Fl e Ar encap 351.Fl s Ar search 352.Fl v Ar vnetid 353.Op Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,... 354.Ar overlay 355.Nm 356.Cm delete-overlay 357.Op Fl t 358.Ar overlay 359.Nm 360.Cm modify-overlay 361.Fl d Ar mac | 362.Fl f | 363.Sm off 364.Fl s\~ Ar mac Cm \&= Ar ip Cm \&: Ar port 365.Sm on 366.Ar overlay 367.Nm 368.Cm show-overlay 369.Op Fl f | t 370.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 371.Op Ar overlay 372.\" Usage 373.Pp 374.Nm 375.Cm show-usage 376.Op Fl a 377.Fl f Ar filename 378.Op Fl p Ar plotfile Fl F Ar format 379.Op Fl s Ar time 380.Op Fl e Ar time 381.Op Ar link 382.Sh DESCRIPTION 383The 384.Nm 385command is used to administer data-links. 386A data-link is represented in the system as a STREAMS DLPI 387.Pq v2 388interface which can be plumbed under protocol stacks such as TCP/IP. 389Each data-link relies on either a single network device or an aggregation of 390devices to send packets to or receive packets from a network. 391.Pp 392Each 393.Nm 394subcommand operates on one of the following objects: 395.Bl -tag -width etherstub 396.It Ar link 397A datalink, identified by a name. 398In general, the name can use any alphanumeric characters 399or underscore 400.Pq _ , 401but must start with an alphabetic character and end with a number. 402A datalink name can be at most 31 characters, and the ending number must be 403between 0 and 4294967294 404.Pq inclusive . 405The ending number must not begin with a zero. 406Datalink names between 3 and 8 characters are recommended. 407.Pp 408Some subcommands operate only on certain types or classes of datalinks. 409For those cases, the following object names are used: 410.Bl -tag -width iptun-link 411.It Ar phys-link 412A physical datalink. 413.It Ar vlan-link 414A VLAN datalink. 415.It Ar aggr-link 416An aggregation datalink 417.Po 418or a key; see 419.Sx NOTES 420.Pc . 421.It Ar ether-link 422A physical Ethernet datalink. 423.It Ar wifi-link 424A WiFi datalink. 425.It Ar vnic-link 426A virtual network interface created on a link, an etherstub, or an overlay. 427It is a pseudo device that can be treated as if it were an network interface 428card on a machine. 429.It Ar iptun-link 430An IP tunnel link. 431.El 432.It Ar dev 433A network device, identified by concatenation of a driver name and an instance 434number. 435.It Ar etherstub 436An Ethernet stub can be used instead of a physical NIC to create VNICs. 437VNICs created on an etherstub will appear to be connected through a virtual 438switch, allowing complete virtual networks to be built without physical 439hardware. 440.It Ar bridge 441A bridge instance, identified by an administratively-chosen name. 442The name may use any alphanumeric characters or the underscore, 443.Pq _ , 444but must start and end with an alphabetic character. 445A bridge name can be at most 31 characters. 446The name 447.Sq default 448is reserved, as are all names starting with 449.Sq SUNW . 450.Pp 451Note that appending a zero 452.Pq 0 453to a bridge name produces a valid link name, used for observability. 454.It Ar secobj 455A secure object, identified by an administratively-chosen name. 456The name can use any alphanumeric characters, as well as underscore 457.Pq _ , 458dot 459.Pq \&. , 460and hyphen 461.Pq \&- . 462A secure object name can be at most 32 characters. 463.It Ar overlay 464An overlay instance, identified by an administratively-chosen name. 465An overlay can be used to create or join an existing software defined network. 466VNICs created on an overlay will appear to be connected by a local virtual 467switch and will also be connected to interfaces on matching overlays provided by 468other hosts. 469For more information on overlay devices, see 470.Xr overlay 7 . 471.El 472.Ss Options 473Each 474.Nm 475subcommand has its own set of options. 476However, many of the subcommands have the following as a common option: 477.Bl -tag -width 4n 478.It Xo 479.Fl R Ar root-dir , 480.Fl \&-root-dir Ns Cm = Ns Ar root-dir 481.Xc 482Specifies an alternate root directory where the operation \(em such as creation, 483deletion, or renaming \(em should apply. 484.El 485.Ss SUBCOMMANDS 486When invoked with no arguments, 487.Nm 488shows the link configuration information, in the same way as 489.Nm 490.Cm show-link . 491.Pp 492The following subcommands are supported: 493.Bl -tag -width 4n 494.It Nm Cm help 495Display brief command usage. 496.It Xo 497.Nm Cm show-link 498.Op Fl P 499.Op Fl s Op Fl i Ar interval 500.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 501.Op Ar link 502.Xc 503.Pp 504Show link configuration information 505.Pq the default 506or statistics, either for all datalinks or for the 507.Ar link . 508By default, the system is configured with one datalink for each known network 509device. 510.Bl -tag -width 4n 511.It Xo 512.Fl o Ar field Ns Oo ,... Oc , 513.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 514.Xc 515A case-insensitive, comma-separated list of output fields to display. 516When not modified by the 517.Fl s 518option 519.Pq described below , 520the field name must be one of the fields listed below, or the special value 521.Cm all 522to display all fields. 523By default 524.Po without 525.Fl o 526.Pc , 527.Cm show-link 528displays all fields. 529.Bl -tag -width BRIDGE 530.It Sy LINK 531The name of the datalink. 532.It Sy CLASS 533The class of the datalink. 534.Nm 535distinguishes between the following classes: 536.Bl -tag -width etherstub 537.It Sy phys 538A physical datalink. 539The 540.Cm show-phys 541subcommand displays more detail for this class of datalink. 542.It Sy aggr 543An IEEE 802.3ad link aggregation. 544The 545.Cm show-aggr 546subcommand displays more detail for this class of datalink. 547.It Sy etherstub 548An Ethernet stub. 549The 550.Cm show-etherstub 551subcommand displays more detail for this class of datalink. 552.It Sy overlay 553An overlay. 554The 555.Cm show-overlay 556subcommand displays more detail for this class of datalink. 557.It Sy vlan 558A VLAN datalink. 559The 560.Cm show-vlan 561subcommand displays more detail for this class of datalink. 562.It Sy vnic 563A virtual network interface. 564The 565.Cm show-vnic 566subcommand displays more detail for this class of datalink. 567.It Sy misc 568A generic datalink without any other class-specific properties. 569Generally used to indicate a pseudo device that doesn't otherwise correspond to 570one of the above classes. 571.El 572.It Sy MTU 573The maximum transmission unit size for the datalink being displayed. 574.It Sy STATE 575The link state of the datalink. 576The state can be 577.Sq up , 578.Sq down , 579or 580.Sq unknown . 581.It Sy BRIDGE 582The name of the bridge to which this link is assigned, if any. 583.It Sy OVER 584The physical datalink(s) over which the datalink is operating. 585This applies to aggr, bridge, and vlan classes ov datalinks. 586A VLAN is created over a single physical datalink, a bridge has multiple 587attached links, and an aggregation is comprised of one or more physical 588datalinks. 589.El 590.Pp 591When the 592.Fl o 593option is used in conjunction with the 594.Fl s 595option, used to display link statistics, the field name must be one of the 596fields listed below, or the special value 597.Cm all 598to display all fields. 599.Bl -tag -width IPACKETS 600.It Sy LINK 601The name of the datalink. 602.It Sy IPACKETS 603Number of packets received on this link. 604.It Sy RBYTES 605Number of bytes received on this link. 606.It Sy IERRORS 607Number of input errors. 608.It Sy OPACKETS 609Number of packets sent on this link. 610.It Sy OBYTES 611Number of bytes sent on this link. 612.It Sy OERRORS 613Number of output errors. 614.El 615.It Fl p , \&-parsable 616Display using a stable machine-parsable format. 617The 618.Fl o 619option is required with 620.Fl p . 621See 622.Sx "Parsable Output Format" , 623below. 624.It Fl P , \&-persistent 625Display the persistent link configuration. 626.It Fl s , Fl \&-statistics 627Display link statistics. 628.It Fl i Ar interval , \&-interval Ns Cm \&= Ar interval 629Used with the 630.Fl s 631option to specify an interval, in seconds, at which statistics should be 632displayed. 633If this option is not specified, statistics will be displayed only once. 634.El 635.It Xo 636.Nm Cm rename-link 637.Op Fl R Ar root-dir 638.Ar link new-link 639.Xc 640.Pp 641Rename 642.Ar link 643to 644.Ar new-link . 645This is used to give a link a meaningful name, or to associate existing link 646configuration such as link properties of a removed device with a new device. 647See the 648.Sx EXAMPLES 649section for specific examples of how this subcommand is used. 650.Bl -tag -width 4n 651.It Xo 652.Fl R Ar root-dir , \&-root-dir Ns Cm = Ns Ar root-dir 653.Xc 654See 655.Sx Options , 656above. 657.El 658.It Xo 659.Nm Cm delete-phys 660.Ar phys-link 661.Xc 662.Pp 663This command is used to delete the persistent configuration of a link 664associated with physical hardware which has been removed from the system. 665See the 666.Sx EXAMPLES 667section. 668.It Xo 669.Nm Cm show-phys 670.Op Fl m | H | P 671.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 672.Op Ar phys-link 673.Xc 674.Pp 675Show the physical device and attributes of all physical links, or of the named 676physical link. 677Without 678.Fl P , 679only physical links that are available on the running system are displayed. 680.Bl -tag -width 4n 681.It Fl H 682Show hardware resource usage, as returned by the NIC driver. 683Output from 684.Fl H 685displays the following elements: 686.Bl -tag -width 9n 687.It Sy LINK 688A physical device corresponding to a NIC driver. 689.It Sy RINGTYPE 690RX or TX. 691All rings in a group are of the same group type. 692.It Sy RINGS 693A hardware resource used by a data link, subject to assignment by a driver to 694different groups. 695.It Sy CLIENTS 696MAC clients that are using the rings within a group. 697.El 698.It Fl m 699Show MAC addresses and related information. 700Output from 701.Fl m 702displays the following elements: 703.Bl -tag -width 9n 704.It Sy LINK 705A physical device corresponding to a NIC driver. 706.It Sy SLOT 707When a given physical device has multiple factory MAC addresses, this 708indicates the slot of the corresponding MAC address which can be used as 709part of a call to 710.Cm create-vnic . 711.It Sy ADDRESS 712Displays the MAC address of the device. 713.It Sy INUSE 714Displays whether or not a MAC Address is actively being used. 715.It Sy CLIENT 716MAC clients that are using the address. 717.El 718.It Xo 719.Fl o Ar field Ns Oo ,... Oc , 720.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 721.Xc 722A case-insensitive, comma-separated list of output fields to display. 723The field name must be one of the fields listed below, or the special value 724.Cm all , 725to display all fields. 726Note that if either 727.Fl H 728or 729.Fl m 730are specified, then the valid options are those described in their respective 731sections. 732For each link, the following fields can be displayed: 733.Bl -tag -width 9n 734.It Sy LINK 735The name of the datalink. 736.It Sy MEDIA 737The media type provided by the physical datalink. 738.It Sy STATE 739The state of the link. 740This can be 741.Sq up , 742.Sq down , 743or 744.Sq unknown . 745.It Sy SPEED 746The current speed of the link, in megabits per second. 747.It Sy DUPLEX 748For Ethernet links, the full/half duplex status of the link is displayed if the 749link state is up. 750The duplex is displayed as unknown in all other cases. 751.It Sy DEVICE 752The name of the physical device under this link. 753.El 754.It Fl p , \&-parsable 755Display using a stable machine-parsable format. 756The 757.Fl o 758option is required with 759.Fl p . 760See 761.Sx Parsable Output Format , 762below. 763.It Fl P , \&-persistent 764This option displays persistent configuration for all links, including those 765that have been removed from the system. 766The output provides a 767.Sy FLAGS 768column in which the 769.Sy r 770flag indicates that the physical device associated with a physical link has 771been removed. 772For such links, 773.Cm delete-phys 774can be used to purge the link's configuration from the system. 775.El 776.It Xo 777.Nm Cm create-aggr 778.Op Fl t 779.Op Fl R Ar root-dir 780.Op Fl P Ar policy 781.Op Fl L Ar mode 782.Op Fl T Ar time 783.Op Fl u\~ Ns Ar address 784.Fl l Ar ether-link 785.Oo Fl l ether-link Oc Ns ... 786.Ar aggr-link 787.Xc 788.Pp 789Combine a set of links into a single IEEE 802.3ad link aggregation named 790.Ar aggr-link . 791The use of an integer 792.Ar key 793to generate a link name for the aggregation is also supported for backward 794compatibility. 795Many of the 796.Cm -aggr 797subcommands below also support the use of a 798.Ar key 799to refer to a given aggregation, but use of the aggregation link name is 800preferred. 801See the 802.Sx NOTES 803section for more information on keys. 804.Pp 805.Nm 806supports a number of port selection policies for an aggregation of 807ports. 808.Po 809See the description of the 810.Fl P 811option, below 812.Pc . 813If you do not specify a policy, 814.Cm create-aggr 815uses the L4 policy, described under the 816.Fl P 817option. 818.Bl -tag -width 4n 819.It Fl l Ar ether-link , Fl \&-link Ns Cm = Ns Ar ether-link 820Each Ethernet link 821.Pq or port 822in the aggregation is specified using an 823.Fl l 824option followed by the name of the link to be included in the aggregation. 825Multiple links are included in the aggregation by specifying multiple 826.Fl l 827options. 828For backwards compatibility, the 829.Nm 830command also supports the using the 831.Fl d 832option 833.Po 834or 835.Fl \&-dev 836.Pc 837with a device name to specify links by their underlying device name. 838The other 839.Cm -aggr 840subcommands that take 841.Fl l 842options also accept 843.Fl d . 844.It Fl t , \&-temporary 845Specifies that the aggregation is temporary. 846Temporary aggregations last until the next reboot. 847.It Xo 848.Fl R Ar root-dir , 849.Fl \&-root-dir Ns Cm = Ns Ar root-dir 850.Xc 851See 852.Sx Options , 853above. 854.It Fl P Ar policy , Fl \&-policy Ns Cm = Ns Ar policy 855Specifies the port selection policy to use for load spreading of outbound 856traffic. 857The policy specifies which 858.Ar dev 859object is used to send packets. 860A policy is a list of one or more layers specifiers separated by commas. 861A layer specifier is one of the following: 862.Bl -tag -width 4n 863.It Sy L2 864Select outbound device according to source and destination MAC addresses of the 865packet. 866.It Sy L3 867Select outbound device according to source and destination IP addresses of the 868packet. 869.It Sy L4 870Select outbound device according to the upper layer protocol information 871contained in the packet. 872For TCP and UDP this includes source and destination ports. 873For IPsec, this includes the SPI 874.Pq Security Parameters Index . 875.El 876.Pp 877For example, to use upper layer protocol information, the following policy can 878be used: 879.Pp 880.D1 -P L4 881.Pp 882Note that policy L4 is the default. 883.Pp 884To use the source and destination MAC addresses as well as the source and 885destination IP addresses, the following policy can be used: 886.Pp 887.D1 -P L2,L3 888.It Fl L Ar mode , Fl \&-lacp-mode Ns Cm = Ns Ar mode 889Specifies whether LACP should be used and, if used, the mode in which it 890should operate. 891Supported values are 892.Cm off , 893.Cm active 894or 895.Cm passive . 896.It Fl T Ar time , Fl \&-lacp-timer Ns Cm = Ns Ar mode 897Specifies the LACP timer value. 898The supported values are 899.Cm short 900or 901.Cm long . 902.It Fl u Ar address , Fl \&-unicast Ns Cm = Ns Ar address 903Specifies a fixed unicast hardware address to be used for the aggregation. 904If this option is not specified, then an address is automatically chosen from 905the set of addresses of the component devices. 906.El 907.It Xo 908.Nm Cm modify-aggr 909.Op Fl t 910.Op Fl R Ar root-dir 911.Op Fl P Ar policy 912.Op Fl L Ar mode 913.Op Fl T Ar time 914.Op Fl u\~ Ns Ar address 915.Ar aggr-link 916.Xc 917.Pp 918Modify the parameters of the specified aggregation. 919.Bl -tag -width 4n 920.It Fl t , \&-temporary 921Specifies that the modification is temporary. 922Temporary modifications last until the next reboot. 923.It Xo 924.Fl R Ar root-dir , 925.Fl \&-root-dir Ns Cm = Ns Ar root-dir 926.Xc 927See 928.Sx Options , 929above. 930.It Fl P Ar policy , Fl \&-policy Ns Cm = Ns Ar policy 931Specifies the port selection policy to use for load spreading of outbound 932traffic. 933See 934.Nm Cm create-aggr 935for a description of valid policy values. 936.It Fl L Ar mode , Fl \&-lacp-mode Ns Cm = Ns Ar mode 937Specifies whether LACP should be used and, if used, the mode in which it 938should operate. 939Supported values are 940.Cm off , 941.Cm active , 942or 943.Cm passive . 944.It Fl T Ar time , Fl \&-lacp-timer Ns Cm = Ns Ar time 945Specifies the LACP timer value. 946The supported values are 947.Cm short 948or 949.Cm long . 950.It Fl u Ar address , Fl \&-unicast Ns Cm = Ns Ar address 951Specifies a fixed unicast hardware address to be used for the aggregation. 952If this option is not specified, then an address is automatically chosen from 953the set of addresses of the component devices. 954.El 955.It Xo 956.Nm Cm delete-aggr 957.Op Fl t 958.Op Fl R Ar root-dir 959.Ar aggr-link 960.Xc 961.Pp 962Deletes the specified aggregation. 963.Bl -tag -width 4n 964.It Fl t , \&-temporary 965Specifies that the deletion is temporary. 966Temporary deletions last until the next reboot. 967.It Xo 968.Fl R Ar root-dir , 969.Fl \&-root-dir Ns Cm = Ns Ar root-dir 970.Xc 971See 972.Sx Options , 973above. 974.El 975.It Xo 976.Nm Cm add-aggr 977.Op Fl t 978.Op Fl R Ar root-dir 979.Fl l Ar ether-link 980.Oo Fl l Ar ether-link Oc Ns ... 981.Ar aggr-link 982.Xc 983.Pp 984Adds links to the specified aggregation. 985.Bl -tag -width 4n 986.It Fl l Ar ether-link , Fl \&-link Ns Cm = Ns Ar ether-link 987Specifies an Ethernet link to add to the aggregation. 988Multiple links can be added by supplying multiple 989.Fl l 990options. 991.It Fl t , \&-temporary 992Specifies that the additions are temporary. 993Temporary additions last until the next reboot. 994.It Xo 995.Fl R Ar root-dir , 996.Fl \&-root-dir Ns Cm = Ns Ar root-dir 997.Xc 998See 999.Sx Options , 1000above. 1001.El 1002.It Xo 1003.Nm Cm remove-aggr 1004.Op Fl t 1005.Op Fl R Ar root-dir 1006.Fl l Ar ether-link 1007.Oo Fl l Ar ether-link Oc Ns ... 1008.Ar aggr-link 1009.Xc 1010.Pp 1011Removes links from the specified aggregation. 1012.Bl -tag -width 4n 1013.It Fl l Ar ether-link , Fl \&-link Ns Cm = Ns Ar ether-link 1014Specifies an Ethernet link to remove from the aggregation. 1015Multiple links can be removed by supplying multiple 1016.Fl l 1017options. 1018.It Fl t , \&-temporary 1019Specifies that the removals are temporary. 1020Temporary removals last until the next reboot. 1021.It Xo 1022.Fl R Ar root-dir , 1023.Fl \&-root-dir Ns Cm = Ns Ar root-dir 1024.Xc 1025See 1026.Sx Options , 1027above. 1028.El 1029.It Xo 1030.Nm Cm show-aggr 1031.Op Fl PLx 1032.Op Fl s Op Fl i Ar interval 1033.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 1034.Op Ar aggr-link 1035.Xc 1036.Pp 1037Show aggregation configuration 1038.Pq the default , 1039LACP information, or statistics, either for all aggregations or for the 1040specified aggregation. 1041.Pp 1042By default 1043.Pq with no options , 1044the following fields can be displayed: 1045.Bl -tag -width LACPACTIVITY 1046.It Sy LINK 1047The name of the aggregation link. 1048.It Sy POLICY 1049The LACP policy of the aggregation. 1050See the 1051.Cm create-aggr 1052.Fl P 1053option for a description of the possible values. 1054.It Sy ADDRPOLICY 1055Either 1056.Sq auto , 1057if the aggregation is configured to automatically configure its unicast MAC 1058address 1059.Po the default if the 1060.Fl u 1061option was not used to create or modify the aggregation 1062.Pc , 1063or 1064.Sq fixed , 1065if 1066.Fl u 1067was used to set a fixed MAC address. 1068.It Sy LACPACTIVITY 1069The LACP mode of the aggregation. 1070Possible values are 1071.Sq off , 1072.Sq active , 1073or 1074.Sq passive , 1075as set by the 1076.Fl l 1077option to 1078.Cm create-aggr 1079or 1080.Cm modify-aggr . 1081.It Sy LACPTIMER 1082The LACP timer value of the aggregation as set by the 1083.Fl T 1084option of 1085.Cm create-aggr 1086or 1087.Cm modify-aggr . 1088.It Sy FLAGS 1089A set of state flags associated with the aggregation. 1090The only possible flag is 1091.Sq f , 1092which is displayed if the administrator forced the creation the aggregation 1093using the 1094.Fl f 1095option to 1096.Cm create-aggr . 1097Other flags might be defined in the future. 1098.El 1099.Pp 1100The 1101.Cm show-aggr 1102command accepts the following options: 1103.Bl -tag -width 4n 1104.It Fl L , \&-lacp 1105Displays detailed LACP information for the aggregation link and each underlying 1106port. 1107Most of the state information displayed by this option is defined by IEEE 1108802.3. 1109With this option, the following fields can be displayed: 1110.Bl -tag -width AGGREGATABLE 1111.It Sy LINK 1112The name of the aggregation link. 1113.It Sy PORT 1114The name of one of the underlying aggregation ports. 1115.It Sy AGGREGATABLE 1116Whether the port can be added to the aggregation. 1117.It Sy SYNC 1118If 1119.Sq yes , 1120the system considers the port to be synchronized and part of the aggregation. 1121.It Sy COLL 1122If 1123.Sq yes , 1124collection of incoming frames is enabled on the associated port. 1125.It Sy DIST 1126If 1127.Sq yes , 1128distribution of outgoing frames is enabled on the associated port. 1129.It Sy DEFAULTED 1130If 1131.Sq yes , 1132the port is using defaulted partner information 1133.Pq that is, has not received LACP data from the LACP partner . 1134.It Sy EXPIRED 1135If 1136.Sq yes , 1137the receive state of the port is in the EXPIRED state. 1138.El 1139.It Fl x , \&-extended 1140Display additional aggregation information including detailed information on 1141each underlying port. 1142With 1143.Fl x , 1144the following fields can be displayed: 1145.Bl -tag -width AGGREGATABLE 1146.It Sy LINK 1147The name of the aggregation link. 1148.It Sy PORT 1149The name of one of the underlying aggregation ports. 1150.It Sy SPEED 1151The speed of the link or port in megabits per second. 1152.It Sy DUPLEX 1153The full/half duplex status of the link or port is displayed if the link state 1154is 1155.Sq up . 1156The duplex status is displayed as 1157.Sq unknown 1158in all other cases. 1159.It Sy STATE 1160The link state. 1161This can be 1162.Sq up , 1163.Sq down , 1164or 1165.Sq unknown . 1166.It Sy ADDRESS 1167The MAC address of the link or port. 1168.It Sy PORTSTATE 1169This indicates whether the individual aggregation port is in the 1170.Sq standby 1171or 1172.Sq attached 1173state. 1174.El 1175.It Xo 1176.Fl o Ar field Ns Oo ,... Oc , 1177.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 1178.Xc 1179A case-insensitive, comma-separated list of output fields to display. 1180The field name must be one of the fields listed above, or the special value 1181.Cm all , 1182to display all fields. 1183The fields applicable to the 1184.Fl o 1185option are limited to those listed under each output mode. 1186For example, if using 1187.Fl L , 1188only the fields listed under 1189.Fl L , 1190above, can be used with 1191.Fl o . 1192.It Fl p , \&-parsable 1193Display using a stable machine-parsable format. 1194The 1195.Fl o 1196option is required with 1197.Fl p . 1198See 1199.Sx Parsable Output Format , 1200below. 1201.It Fl p , \&-persistent 1202Display the persistent aggregation configuration rather than the state of the 1203running system. 1204.It Fl s , \&-statistics 1205Displays aggregation statistics. 1206.It Fl i Ar interval , Fl \&-interval Ns Cm = Ns Ar interval 1207Used with the 1208.Fl s 1209option to specify an interval, in seconds, at which statistics should be 1210displayed. 1211If this option is not specified, statistics will be displayed only once. 1212.El 1213.It Xo 1214.Nm Cm create-bridge 1215.Op Fl R Ar root-dir 1216.Op Fl P Ar protect 1217.Op Fl p Ar priority 1218.Op Fl m Ar max-age 1219.Op Fl h Ar hello-time 1220.Op Fl d Ar forward-delay 1221.Op Fl f Ar force-protocol 1222.Oo Fl l Ar link Oc Ns ... 1223.Ar bridge-name 1224.Xc 1225.Pp 1226Create an 802.1D bridge instance and optionally assign one or more network 1227links to the new bridge. 1228By default, no bridge instances are present on the system. 1229.Pp 1230In order to bridge between links, you must create at least one bridge instance. 1231Each bridge instance is separate, and there is no forwarding connection between 1232bridges. 1233.Bl -tag -width 4n 1234.It Fl P Ar protect , Fl \&-protect Ns Cm = Ns Ar protect 1235Specifies a protection method. 1236The defined protection methods are 1237.Cm stp 1238for the Spanning Tree Protocol and 1239.Cm trill 1240for TRILL, which is used on RBridges. 1241The default value is 1242.Cm stp . 1243.It Xo 1244.Fl R Ar root-dir , 1245.Fl \&-root-dir Ns Cm = Ns Ar root-dir 1246.Xc 1247See 1248.Sx Options , 1249above. 1250.It Fl p Ar priority , Fl \&-priority Ns Cm = Ns Ar priority 1251Specifies the Bridge Priority. 1252This sets the IEEE STP priority value for determining the root bridge node in 1253the network. 1254The default value is 32768. 1255Valid values are 0 1256.Pq highest priority 1257to 61440 1258.Pq lowest priority , 1259in increments of 4096. 1260.Pp 1261If a value not evenly divisible by 4096 is used, the system silently rounds 1262downwards to the next lower value that is divisible by 4096. 1263.It Fl m Ar max-age , Fl \&-max-age Ns Cm = Ns Ar max-age 1264Specifies the maximum age for configuration information in seconds. 1265This sets the STP Bridge Max Age parameter. 1266This value is used for all nodes in the network if this node is the root 1267bridge. 1268Bridge link information older than this time is discarded. 1269It defaults to 20 seconds. 1270Valid values are from 6 to 40 seconds. 1271See the 1272.Fl d Ar forward-delay 1273parameter for additional constraints. 1274.It Fl h Ar hello-time , Fl \&-hello-time Ns Cm = Ns Ar hello-time 1275Specifies the STP Bridge Hello Time parameter. 1276When this node is the root node, it sends Configuration BPDUs at this interval 1277throughout the network. 1278The default value is 2 seconds. 1279Valid values are from 1 to 10 seconds. 1280See the 1281.Fl d Ar forward-delay 1282parameter for additional constraints. 1283.It Fl d Ar forward-delay , Fl \&-forward-delay Ns Cm = Ns Ar forward-delay 1284Specifies the STP Bridge Forward Delay parameter. 1285When this node is the root node, then all bridges in the network use this timer 1286to sequence the link states when a port is enabled. 1287The default value is 15 seconds. 1288Valid values are from 4 to 30 seconds. 1289.Pp 1290Bridges must obey the following two constraints: 1291.Pp 1292.D1 2 * \&( Ns Ar forward-delay No - 1.0) >= Ar max-age 1293.Pp 1294.D1 Ar max-age No >= 2 * \&( Ns Ar hello-time No + 1.0\&) 1295.Pp 1296Any parameter setting that would violate those constraints is treated as an 1297error and causes the command to fail with a diagnostic message. 1298The message provides valid alternatives to the supplied values. 1299.It Xo 1300.Fl f Ar force-protocol , 1301.Fl \&-force-protocol Ns Cm = Ns Ar force-protocol 1302.Xc 1303Specifies the MSTP forced maximum supported protocol. 1304The default value is 3. 1305Valid values are non-negative integers. 1306The current implementation does not support RSTP or MSTP, so this currently has 1307no effect. 1308However, to prevent MSTP from being used in the future, the parameter may be 1309set to 0 for STP only or 2 for STP and RSTP. 1310.It Fl l Ar link , Fl \&-link Ns Cm = Ns Ar link 1311Specifies one or more links to add to the newly-created bridge. 1312This is similar to creating the bridge and then adding one or more links, as 1313with the 1314.Cm add-bridge 1315subcommand. 1316However, if any of the links cannot be added, the entire command fails, and the 1317new bridge itself is not created. 1318To add multiple links on the same command line, repeat this option for each 1319link. 1320You are permitted to create bridges without links. 1321For more information about link assignments, see the 1322.Cm add-bridge 1323subcommand. 1324.El 1325.Pp 1326Bridge creation and link assignment require the PRIV_SYS_DL_CONFIG privilege. 1327Bridge creation might fail if the optional bridging feature is not installed on 1328the system. 1329.It Xo 1330.Nm Cm modify-bridge 1331.Op Fl R Ar root-dir 1332.Op Fl P Ar protect 1333.Op Fl p Ar priority 1334.Op Fl m Ar max-age 1335.Op Fl h Ar hello-time 1336.Op Fl d Ar forward-delay 1337.Op Fl f Ar force-protocol 1338.Ar bridge-name 1339.Xc 1340.Pp 1341Modify the operational parameters of an existing bridge. 1342The options are the same as for the 1343.Cm create-bridge 1344subcommand, except that the 1345.Fl l 1346option is not permitted. 1347To add links to an existing bridge, use the 1348.Cm add-bridge 1349subcommand. 1350.Pp 1351Bridge parameter modification requires the PRIV_SYS_DL_CONFIG privilege. 1352.It Xo 1353.Nm Cm delete-bridge 1354.Op Fl R Ar root-dir 1355.Ar bridge-name 1356.Xc 1357Delete a bridge instance. 1358The bridge being deleted must not have any attached links. 1359Use the 1360.Cm remove-bridge 1361subcommand to deactivate links before deleting a bridge. 1362.Pp 1363Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege. 1364.Pp 1365The 1366.Fl R 1367.Pq Fl \&-root-dir 1368option is the same as for the 1369.Cm create-bridge 1370subcommand. 1371.It Xo 1372.Nm Cm add-bridge 1373.Op Fl R Ar root-dir 1374.Fl l Ar link 1375.Oo Fl l Ar link Oc Ns ... 1376.Ar bridge-name 1377.Xc 1378.Pp 1379Add one or more links to an existing bridge. 1380If multiple links are specified, and adding any one of them results in an 1381error, the command fails and no changes are made to the system. 1382.Pp 1383Link addition to a bridge requires the PRIV_SYS_DL_CONFIG privilege. 1384.Pp 1385A link may be a member of at most one bridge. 1386An error occurs when you attempt to add a link that already belongs to another 1387bridge. 1388To move a link from one bridge instance to another, remove it from the current 1389bridge before adding it to a new one. 1390.Pp 1391The links assigned to a bridge must not also be VLANs, VNICs, or tunnels. 1392Only physical Ethernet datalinks, aggregation datalinks, wireless links, and 1393Ethernet stubs are permitted to be assigned to a bridge. 1394.Pp 1395Links assigned to a bridge must all have the same MTU. 1396This is checked when the link is assigned. 1397The link is added to the bridge in a deactivated form if it is not the first 1398link on the bridge and it has a differing MTU. 1399.Pp 1400Note that systems using bridging should not set the 1401.Xr eeprom 8 1402.Dv local-mac-address?\& 1403variable to false. 1404.Pp 1405The options are the same as for the 1406.Cm create-bridge 1407subcommand. 1408.It Xo 1409.Nm Cm remove-bridge 1410.Op Fl R Ar root-dir 1411.Fl l Ar link 1412.Oo Fl l Ar link Oc Ns ... 1413.Ar bridge-name 1414.Xc 1415.Pp 1416Remove one or more links from a bridge instance. 1417If multiple links are specified, and removing any one of them would result in 1418an error, the command fails and none are removed. 1419.Pp 1420Link removal from a bridge requires the PRIV_SYS_DL_CONFIG privilege. 1421.Pp 1422The options are the same as for the 1423.Cm create-bridge 1424subcommand. 1425.It Xo 1426.Nm Cm show-bridge 1427.Op Fl flt 1428.Op Fl s Op Fl i Ar interval 1429.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 1430.Ar bridge-name 1431.Xc 1432.Pp 1433Show the running status and configuration of bridges, their attached links, 1434learned forwarding entries, and TRILL nickname databases. 1435When showing overall bridge status and configuration, the bridge name can be 1436omitted to show all bridges. 1437The other forms require a specified bridge. 1438.Pp 1439The show-bridge subcommand accepts the following options: 1440.Bl -tag -width 4n 1441.It Fl i Ar interval , Fl \&-interval Ns Cm \&= Ns Ar interval 1442Used with the 1443.Fl s 1444option to specify an interval, in seconds, at which statistics should be 1445displayed. 1446If this option is not specified, statistics will be displayed only once. 1447.It Fl s , \&-statistics 1448Display statistics for the specified bridges or for a given bridge's attached 1449links. 1450This option cannot be used with the 1451.Fl f 1452and 1453.Fl t 1454options. 1455.It Fl p , \&-parsable 1456Display using a stable machine-parsable format. 1457See 1458.Sx Parsable Output Format , 1459below. 1460.It Xo 1461.Fl o Ar field Ns Oo ,... Oc , 1462.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 1463.Xc 1464A case-insensitive, comma-separated list of output fields to display. 1465The field names are described below. 1466The special value 1467.Cm all 1468displays all fields. 1469Each set of fields has its own default set to display when 1470.Fl o 1471is not specified. 1472.El 1473.Pp 1474By default, the 1475.Cm show-bridge 1476subcommand shows bridge configuration. 1477The following fields can be shown: 1478.Bl -tag -width BHELLOTIME 1479.It Sy BRIDGE 1480The name of the bridge. 1481.It Sy ADDRESS 1482The Bridge Unique Identifier value 1483.Pq MAC address . 1484.It Sy PRIORITY 1485Configured priority value; set by 1486.Fl p 1487with 1488.Cm create-bridge 1489and 1490.Cm modify-bridge . 1491.It Sy BMAXAGE 1492Configured bridge maximum age; set by 1493.Fl m 1494with 1495.Cm create-bridge 1496and 1497.Cm modify-bridge . 1498.It Sy BHELLOTIME 1499Configured bridge hello time; set by 1500.Fl h 1501with 1502.Cm create-bridge 1503and 1504.Cm modify-bridge . 1505.It Sy BFWDDELAY 1506Configured forwarding delay; set by 1507.Fl d 1508with 1509.Cm create-bridge 1510and 1511.Cm modify-bridge . 1512.It Sy FORCEPROTO 1513Configured forced maximum protocol; set by 1514.Fl f 1515with 1516.Cm create-bridge 1517and 1518.Cm modify-bridge . 1519.It Sy TCTIME 1520Time, in seconds, since last topology change. 1521.It Sy TCCOUNT 1522Count of the number of topology changes. 1523.It Sy TCHANGE 1524This indicates that a topology change was detected. 1525.It Sy DESROOT 1526Bridge Identifier of the root node. 1527.It Sy ROOTCOST 1528Cost of the path to the root node. 1529.It Sy ROOTPORT 1530Port number used to reach the root node. 1531.It Sy MAXAGE 1532Maximum age value from the root node. 1533.It Sy HELLOTIME 1534Hello time value from the root node. 1535.It Sy FWDDELAY 1536Forward delay value from the root node. 1537.It Sy HOLDTIME 1538Minimum BPDU interval. 1539.El 1540.Pp 1541By default, when the 1542.Fl o 1543option is not specified, only the 1544.Sy BRIDGE , 1545.Sy ADDRESS , 1546.Sy PRIORITY , 1547and 1548.Sy DESROOT 1549fields are shown. 1550.Pp 1551When the 1552.Fl s 1553option is specified, the 1554.Cm show-bridge 1555subcommand shows bridge statistics. 1556The following fields can be shown: 1557.Bl -tag -width BHELLOTIME 1558.It Sy BRIDGE 1559Bridge name. 1560.It Sy DROPS 1561Number of packets dropped due to resource problems. 1562.It Sy FORWARDS 1563Number of packets forwarded from one link to another. 1564.It Sy MBCAST 1565Number of multicast and broadcast packets handled by the bridge. 1566.It Sy RECV 1567Number of packets received on all attached links. 1568.It Sy SENT 1569Number of packets sent on all attached links. 1570.It Sy UNKNOWN 1571Number of packets handled that have an unknown destination. 1572Such packets are sent to all links. 1573.El 1574.Pp 1575By default, when the 1576.Fl o 1577option is not specified, only the 1578.Sy BRIDGE , 1579.Sy DROPS , 1580and 1581.Sy FORWARDS 1582fields are shown. 1583.Pp 1584The 1585.Cm show-bridge 1586subcommand also accepts the following options: 1587.Bl -tag -width 4n 1588.It Fl l , \&-link 1589Displays link-related status and statistics information for all links attached 1590to a single bridge instance. 1591By using this option and without the 1592.Fl s 1593option, the following fields can be displayed for each link: 1594.Bl -tag -width DESBRIDGE 1595.It Sy LINK 1596The link name. 1597.It Sy INDEX 1598Port 1599.Pq link 1600index number on the bridge. 1601.It Sy STATE 1602State of the link. 1603The state can be 1604.Sq disabled , 1605.Sq discarding , 1606.Sq learning , 1607.Sq forwarding , 1608.Sq non-stp , 1609or 1610.Sq bad-mtu . 1611.It Sy UPTIME 1612Number of seconds since the last reset or initialization. 1613.It Sy OPERCOST 1614Actual cost in use 1615.Pq 1-65535 . 1616.It Sy OPERP2P 1617This indicates whether point-to-point 1618.Pq P2P 1619mode been detected. 1620.It Sy OPEREDGE 1621This indicates whether edge mode has been detected. 1622.It Sy DESROOT 1623The Root Bridge Identifier that has been seen on this port. 1624.It Sy DESCOST 1625Path cost to the network root node through the designated port. 1626.It Sy DESBRIDGE 1627Bridge Identifier for this port. 1628.It Sy DESPORT 1629The ID and priority of the port used to transmit configuration messages for 1630this port. 1631.It Sy TCACK 1632This indicates whether Topology Change Acknowledge has been seen. 1633.El 1634.Pp 1635When the 1636.Fl l 1637option is specified without the 1638.Fl o 1639option, only the 1640.Sy LINK , 1641.Sy STATE , 1642.Sy UPTIME , 1643and 1644.Sy DESROOT 1645fields are shown. 1646.Pp 1647When the 1648.Fl l 1649option is specified, the 1650.Fl s 1651option can be used to display the following fields for each link: 1652.Bl -tag -width DESBRIDGE 1653.It Sy LINK 1654Link name. 1655.It Sy CFGBPDU 1656Number of configuration BPDUs received. 1657.It Sy TCNBPDU 1658Number of topology change BPDUs received. 1659.It Sy RSTPBPDU 1660Number of Rapid Spanning Tree BPDUs received. 1661.It Sy TXBPDU 1662Number of BPDUs transmitted. 1663.It Sy DROPS 1664Number of packets dropped due to resource problems. 1665.It Sy RECV 1666Number of packets received by the bridge. 1667.It Sy XMIT 1668Number of packets sent by the bridge. 1669.El 1670.Pp 1671When the 1672.Fl o 1673option is not specified, only the 1674.Sy LINK , 1675.Sy DROPS , 1676.Sy RECV , 1677and 1678.Sy XMIT 1679fields are shown. 1680.It Fl f , \&-forwarding 1681Displays forwarding entries for a single bridge instance. 1682With this option, the following fields can be shown for each forwarding entry: 1683.Bl -tag -width NEXTHOP 1684.It Sy DEST 1685Destination MAC address. 1686.It Sy AGE 1687Age of entry in seconds and milliseconds. 1688Omitted for local entries. 1689.It Sy FLAGS 1690The 1691.Sy L 1692.Pq local 1693flag is shown if the MAC address belongs to an attached link or to a VNIC on 1694one of the attached links. 1695.It Sy OUTPUT 1696For local entries, this is the name of the attached link that has the MAC 1697address. 1698Otherwise, for bridges that use Spanning Tree Protocol, this is the output 1699interface name. 1700For RBridges, this is the output TRILL nickname. 1701.El 1702.Pp 1703When the 1704.Fl o 1705option is not specified, the 1706.Sy DEST , 1707.Sy AGE , 1708.Sy FLAGS , 1709and 1710.Sy OUTPUT 1711fields are shown. 1712.It Fl t , \&-trill 1713Displays TRILL nickname entries for a single bridge instance. 1714With this option, the following fields can be shown for each TRILL nickname 1715entry: 1716.Bl -tag -width NEXTHOP 1717.It Sy NICK 1718TRILL nickname for this RBridge, which is a number from 1 to 65535. 1719.It Sy FLAGS 1720The 1721.Sy L 1722flag is shown if the nickname identifies the local system. 1723.It Sy LINK 1724Link name for output when sending messages to this RBridge. 1725.It Sy NEXTHOP 1726MAC address of the next hop RBridge that is used to reach the RBridge with this 1727nickname. 1728.El 1729.Pp 1730When the 1731.Fl o 1732option is not specified, the 1733.Sy NICK , 1734.Sy FLAGS , 1735.Sy LINK , 1736and 1737.Sy NEXTHOP 1738fields are shown. 1739.El 1740.It Xo 1741.Nm Cm create-vlan 1742.Op Fl ft 1743.Op Fl R Ar root-dir 1744.Fl l Ar ether-link 1745.Fl v Ar vid 1746.Op Ar vlan-link 1747.Xc 1748.Pp 1749Create a tagged VLAN link with an ID of 1750.Ar vid 1751over Ethernet link 1752.Ar ether-link . 1753The name of the VLAN link can be specified as 1754.Ar vlan Ns No \&- Ar link . 1755If the name is not specified, a name will be automatically generated 1756.Po assuming that 1757.Ar ether-link 1758is 1759.Em namePPA 1760.Pc 1761as: 1762.Pp 1763.D1 Cm < Ns Ar name Ns Cm >< Ns No 1000 Cm \&* Ar vid Cm \&+ Em PPA Ns Cm > 1764.Pp 1765For example, if 1766.Ar ether-link 1767is 1768.Em bge1 1769and 1770.Ar vid 1771is 2, the name generated is 1772.Em bge2001 . 1773.Bl -tag -width 4n 1774.It Fl f , \&-force 1775Force the creation of the VLAN link. 1776Some devices do not allow frame sizes large enough to include a VLAN header. 1777When creating a VLAN link over such a device, the 1778.Fl f 1779option is needed, and the MTU of the IP interfaces on the resulting VLAN must 1780be set to 1496 instead of 1500. 1781.It Fl l Ar ether-link 1782Specifies Ethernet link over which VLAN is created. 1783.It Fl t , \&-temporary 1784Specifies that the VLAN link is temporary. 1785Temporary VLAN links last until the next reboot. 1786.It Xo 1787.Fl R Ar root-dir , 1788.Fl \&-root-dir Ns Cm = Ns Ar root-dir 1789.Xc 1790See 1791.Sx Options , 1792above. 1793.El 1794.It Xo 1795.Nm Cm delete-vlan 1796.Op Fl t 1797.Op Fl R Ar root-dir 1798.Ar vlan-link 1799.Xc 1800.Pp 1801Delete the VLAN link specified. 1802.Pp 1803The 1804.Cm delete-vlan 1805subcommand accepts the following options: 1806.Bl -tag -width 4n 1807.It Fl t , \&-temporary 1808Specifies that the deletion is temporary. 1809Temporary deletions last until the next reboot. 1810.It Xo 1811.Fl R Ar root-dir , 1812.Fl \&-root-dir Ns Cm = Ns Ar root-dir 1813.Xc 1814See 1815.Sx Options , 1816above. 1817.El 1818.It Xo 1819.Nm Cm show-vlan 1820.Op Fl P 1821.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 1822.Op Ar vlan-link 1823.Xc 1824.Pp 1825Display VLAN configuration for all VLAN links or for the specified VLAN link. 1826.Pp 1827The 1828.Cm show-vlan 1829subcommand accepts the following options: 1830.Bl -tag -width 4n 1831.It Xo 1832.Fl o Ar field Ns Oo ,... Oc , 1833.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 1834.Xc 1835A case-insensitive, comma-separated list of output fields to display. 1836The field name must be one of the fields listed below, or the special value 1837.Cm all , 1838to display all fields. 1839For each VLAN link, the following fields can be displayed: 1840.Bl -tag -width FLAGS 1841.It Sy LINK 1842The name of the VLAN link. 1843.It Sy VID 1844The ID associated with the VLAN. 1845.It Sy OVER 1846The name of the physical link over which this VLAN is configured. 1847.It Sy FLAGS 1848A set of flags associated with the VLAN link. 1849Possible flags are: 1850.Bl -tag -width 4n 1851.It Fl f 1852The VLAN was created using the 1853.Fl f 1854option to 1855.Cm create-vlan . 1856.It Fl i 1857The VLAN was implicitly created when the DLPI link was opened. 1858These VLAN links are automatically deleted on last close of the DLPI link 1859.Po 1860for example, when the IP interface associated with the VLAN link is unplumbed 1861.Pc . 1862.El 1863.Pp 1864Additional flags may be defined in the future. 1865.El 1866.It Fl p , \&-parsable 1867Display using a stable machine-parsable format. 1868The 1869.Fl o 1870option is 1871required with 1872.Fl p . 1873See 1874.Sx Parsable Output Format , 1875below. 1876.It Fl P , \&-persistent 1877Display the persistent VLAN configuration rather than the state of the running 1878system. 1879.El 1880.It Xo 1881.Nm Cm scan-wifi 1882.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 1883.Op Ar wifi-link 1884.Xc 1885.Pp 1886Scans for WiFi networks, either on all WiFi links, or just on the 1887specified 1888.Ar wifi-link . 1889.Pp 1890By default, currently all fields but 1891.Sy BSSTYPE 1892are displayed. 1893.Bl -tag -width 4n 1894.It Xo 1895.Fl o Ar field Ns Oo ,... Oc , 1896.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 1897.Xc 1898A case-insensitive, comma-separated list of output fields to display. 1899The field name must be one of the fields listed below, or the special value 1900.Cm all 1901to display all fields. 1902For each WiFi network found, the following fields can be displayed: 1903.Bl -tag -width STRENGTH 1904.It Sy LINK 1905The name of the link the WiFi network is on. 1906.It Sy ESSID 1907The ESSID 1908.Pq name 1909of the WiFi network. 1910.It Sy BSSID 1911Either the hardware address of the WiFi network's Access Point 1912.Pq for BSS networks , 1913or the WiFi network's randomly generated unique token 1914.Pq for IBSS networks . 1915.It Sy SEC 1916Either 1917.Sq none 1918for a WiFi network that uses no security, 1919.Sq wep 1920for a WiFi network that requires WEP 1921.Pq Wired Equivalent Privacy , 1922or 1923.Sq wpa 1924for a WiFi network that requires WPA 1925.Pq Wi-Fi Protected Access . 1926.It Sy MODE 1927The supported connection modes: one or more of 1928.Sq a , 1929.Sq b , 1930or 1931.Sq g . 1932.It Sy STRENGTH 1933The strength of the signal: one of 1934.Sq excellent , 1935.Sq very good , 1936.Sq good , 1937.Sq weak , 1938or 1939.Sq very weak . 1940.It Sy SPEED 1941The maximum speed of the WiFi network, in megabits per second. 1942.It Sy BSSTYPE 1943Either 1944.Sq bss 1945for 1946.Sq BSS 1947.Pq infrastructure 1948networks, or 1949.Sq ibss 1950for 1951.Sq IBSS 1952.Pq ad-hoc 1953networks. 1954.El 1955.It Fl p , \&-parsable 1956Display using a stable machine-parsable format. 1957The 1958.Fl o 1959option is 1960required with 1961.Fl p . 1962See 1963.Sx Parsable Output Format , 1964below. 1965.El 1966.It Xo 1967.Nm Cm connect-wifi 1968.Op Fl e Ar essid 1969.Op Fl i Ar bssid 1970.Op Fl k Ar key Ns ,... 1971.Sm off 1972.Oo Fl s\~ Cm none | wep | wpa Oc \ \& 1973.Oo Fl a\~ Cm open | shared Oc \ \& 1974.Oo Fl b\~ Cm bss | ibss Oc 1975.Sm on 1976.Op Fl c 1977.Sm off 1978.Oo Fl m\~ Cm a | b | g Oc \ \& 1979.Sm on 1980.Op Fl T Ar time 1981.Op Ar wifi-link 1982.Xc 1983.Pp 1984Connects to a WiFi network. 1985This consists of four steps: 1986.Em discovery , 1987.Em filtration , 1988.Em prioritization , 1989and 1990.Em association . 1991However, to enable connections to non-broadcast WiFi networks and to improve 1992performance, if a BSSID or ESSID is specified using the 1993.Fl e 1994or 1995.Fl i 1996options, then the first three steps are skipped and 1997.Cm connect-wifi 1998immediately attempts to associate with a BSSID or ESSID that matches the rest 1999of the provided parameters. 2000If this association fails, but there is a possibility that other networks 2001matching the specified criteria exist, then the traditional discovery process 2002begins as specified below. 2003.Pp 2004The discovery step finds all available WiFi networks on the specified WiFi 2005link, which must not yet be connected. 2006For administrative convenience, if there is only one WiFi link on the system, 2007.Ar wifi-link 2008can be omitted. 2009.Pp 2010Once discovery is complete, the list of networks is filtered according to the 2011value of the following options: 2012.Bl -tag -width 4n 2013.It Fl e Ar essid , Fl \&-essid Ns Cm \&= Ns Ar essid 2014Networks that do not have the same 2015.Ar essid 2016are filtered out. 2017.It Xo 2018.Sm off 2019.Fl b\~ Cm bss | ibss No ,\~ 2020.Fl \&-bsstype Cm = Cm bss | ibss 2021.Sm on 2022.Xc 2023Networks that do not have the same bsstype are filtered out. 2024.It Xo 2025.Sm off 2026.Fl m\~ Cm a | b | g No ,\~ 2027.Fl \&-mode Cm = Cm a | b | g 2028.Sm on 2029.Xc 2030Networks not appropriate for the specified 802.11 mode are filtered out. 2031.It Xo 2032.Sm off 2033.Fl k\~ Ar key Oo ,... Oc No ,\~ 2034.Fl \&-key Cm = Ar key Op ,... 2035.Sm on 2036.Xc 2037Use the specified secobj named by the key to connect to the network. 2038Networks not appropriate for the specified keys are filtered out. 2039.It Xo 2040.Sm off 2041.Fl s\~ Cm none | wep | wpa No ,\~ 2042.Fl \&-sec Cm = Cm none | wep | wpa 2043.Sm on 2044.Xc 2045Networks not appropriate for the specified security mode are filtered out. 2046.El 2047.Pp 2048Next, the remaining networks are prioritized, first by signal strength, and 2049then by maximum speed. 2050Finally, an attempt is made to associate with each network in the list, in 2051order, until one succeeds or no networks remain. 2052.Pp 2053In addition to the options described above, the following options also control 2054the behavior of 2055.Cm connect-wifi : 2056.Bl -tag -width 4n 2057.It Xo 2058.Sm off 2059.Fl a\~ Cm open | shared No ,\~ 2060.Fl \&-auth Cm = Cm open | shared 2061.Sm on 2062.Xc 2063Connect using the specified authentication mode. 2064By default, 2065.Cm open 2066and 2067.Cm shared 2068are tried in order. 2069.It Fl c , \&-create-ibss 2070Used with 2071.Fl b Cm ibss 2072to create a new ad-hoc network if one matching the specified ESSID cannot be 2073found. 2074If no ESSID is specified, then 2075.Fl c Fl b Cm ibss 2076always triggers the creation of a new ad-hoc network. 2077.It Fl T Ar time , Fl \&-timeout Ns Cm \&= Ns Ar time 2078Specifies the number of seconds to wait for association to succeed. 2079If 2080.Ar time 2081is 2082.Cm forever , 2083then the associate will wait indefinitely. 2084The current default is ten seconds, but this might change in the future. 2085Timeouts shorter than the default might not succeed reliably. 2086.It Xo 2087.Sm off 2088.Fl k\~ Ar key Oo ,... Oc No ,\~ 2089.Fl \&-key Cm = Ar key Op ,... 2090.Sm on 2091.Xc 2092In addition to the filtering previously described, the specified keys will be 2093used to secure the association. 2094The security mode to use will be based on the key class; if a security mode was 2095explicitly specified, it must be compatible with the key class. 2096All keys must be of the same class. 2097.Pp 2098For security modes that support multiple key slots, the slot to place the key 2099will be specified by a colon followed by an index. 2100Therefore, 2101.Fl k Ar mykey:3 2102places 2103.Em mykey 2104in slot 3. 2105By default, slot 1 is assumed. 2106For security modes that support multiple keys, a comma-separated list can be 2107specified, with the first key being the active key. 2108.El 2109.It Xo 2110.Nm Cm disconnect-wifi 2111.Op Fl a 2112.Op Ar wifi-link 2113.Xc 2114.Pp 2115Disconnect from one or more WiFi networks. 2116If 2117.Ar wifi-link 2118specifies a connected WiFi link, then it is disconnected. 2119For administrative convenience, if only one WiFi link is connected, 2120.Ar wifi-link 2121can be omitted. 2122.Bl -tag -width 4n 2123.It Fl a , \&-all-links 2124Disconnects from all connected links. 2125This is primarily intended for use by scripts. 2126.El 2127.It Xo 2128.Nm Cm show-wifi 2129.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 2130.Op Ar wifi-link 2131.Xc 2132.Pp 2133Shows WiFi configuration information either for all WiFi links or for the 2134specified 2135.Ar wifi-link . 2136.Bl -tag -width 4n 2137.It Xo 2138.Fl o Ar field Ns Oo ,... Oc , 2139.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 2140.Xc 2141A case-insensitive, comma-separated list of output fields to display. 2142The field name must be one of the fields listed below, or the special value 2143.Cm all , 2144to display all fields. 2145For each WiFi link, the following fields can be displayed: 2146.Bl -tag -width STRENGTH 2147.It Sy LINK 2148The name of the link being displayed. 2149.It Sy STATUS 2150Either 2151.Sq connected 2152if the link is connected, or 2153.Sq disconnected 2154if it is 2155not connected. 2156If the link is disconnected, all remaining fields have the value 2157.Sq -- . 2158.It Sy ESSID 2159The ESSID 2160.Pq name 2161of the connected WiFi network. 2162.It Sy BSSID 2163Either the hardware address of the WiFi network's Access Point 2164.Pq for BSS networks , 2165or the WiFi network's randomly generated unique token 2166.Pq for IBSS networks . 2167.It Sy SEC 2168Either 2169.Sq none 2170for a WiFi network that uses no security, 2171.Sq wep 2172for a WiFi network that requires WEP, or 2173.Sq wpa 2174for a WiFi network that requires WPA. 2175.It Sy MODE 2176The supported connection modes: one or more of 2177.Sq a , 2178.Sq b , 2179or 2180.Sq g . 2181.It Sy STRENGTH 2182The connection strength: one of 2183.Sq excellent , 2184.Sq very good , 2185.Sq good , 2186.Sq weak , 2187or 2188.Sq very weak . 2189.It Sy SPEED 2190The connection speed, in megabits per second. 2191.It Sy AUTH 2192Either 2193.Sq open 2194or 2195.Sq shared 2196.Po see 2197.Cm connect-wifi 2198.Pc . 2199.It Sy BSSTYPE 2200Either 2201.Sq bss 2202for 2203.Sq BSS 2204.Pq infrastructure 2205networks, or 2206.Sq ibss 2207for 2208.Sq IBSS 2209.Pq ad-hoc 2210networks. 2211.El 2212.Pp 2213By default, currently all fields but 2214.Sy AUTH , 2215.Sy BSSID , 2216and 2217.Sy BSSTYPE 2218are displayed. 2219.It Fl p , \&-parsable 2220Displays using a stable machine-parsable format. 2221The 2222.Fl o 2223option is required with 2224.Fl p . 2225See 2226.Sx Parsable Output Format , 2227below. 2228.El 2229.It Xo 2230.Nm Cm show-ether 2231.Op Fl x 2232.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 2233.Op Ar ether-link 2234.Xc 2235.Pp 2236Shows state information either for all physical Ethernet links or for a 2237specified physical Ethernet link. 2238.Pp 2239The 2240.Cm show-ether 2241subcommand accepts the following options: 2242.Bl -tag -width 4n 2243.It Xo 2244.Fl o Ar field Ns Oo ,... Oc , 2245.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 2246.Xc 2247A case-insensitive, comma-separated list of output fields to display. 2248The field name must be one of the fields listed below, or the special value 2249.Cm all 2250to display all fields. 2251For each link, the following fields can be displayed: 2252.Bl -tag -width STATE 2253.It Sy LINK 2254The name of the link being displayed. 2255.It Sy PTYPE 2256Parameter type, where 2257.Sq current 2258indicates the negotiated state of the link, 2259.Sq capable 2260indicates capabilities supported by the device, 2261.Sq adv 2262indicates the advertised capabilities, and 2263.Sq peeradv 2264indicates the capabilities advertised by the link-partner. 2265.It Sy STATE 2266The state of the link. 2267.It Sy AUTO 2268A yes/no value indicating whether auto-negotiation is advertised. 2269.It Sy SPEED-DUPLEX 2270Combinations of speed and duplex values available. 2271The units of speed are encoded with a trailing suffix of 2272.Sq G 2273.Pq Gigabits/s 2274or 2275.Sq M 2276.Pq Mb/s . 2277Duplex values are encoded as 2278.Sq f 2279.Pq full-duplex 2280or 2281.Sq h 2282.Pq half-duplex . 2283.It Sy PAUSE 2284Flow control information. 2285Can be 2286.Sq no , 2287indicating no flow control is available; 2288.Sq tx , 2289indicating that the end-point can transmit pause frames, but ignores any 2290received pause frames; 2291.Sq rx , 2292indicating that the end-point receives and acts upon received pause frames; or 2293.Sq bi , 2294indicating bi-directional flow-control. 2295.It Sy REM_FAULT 2296Fault detection information. 2297Valid values are 2298.Sq none 2299or 2300.Sq fault . 2301.El 2302.Pp 2303By default, all fields except 2304.Sy REM_FAULT 2305are displayed for the 2306.Dq current 2307.Sy PTYPE . 2308.It Fl p , \&-parsable 2309Displays using a stable machine-parsable format. 2310The 2311.Fl o 2312option is 2313required with 2314.Fl p . 2315See 2316.Sx Parsable Output Format , 2317below. 2318.It Fl x , \&-extended 2319Extended output is displayed for 2320.Sy PTYPE 2321values of 2322.Sq current , 2323.Sq capable , 2324.Sq adv 2325and 2326.Sq peeradv . 2327.El 2328.It Xo 2329.Nm Cm set-linkprop 2330.Op Fl t 2331.Op Fl R Ar root-dir 2332.Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,... 2333.Ar link 2334.Xc 2335.Pp 2336Sets the values of one or more properties on the link specified. 2337The list of properties and their possible values depend on the link type, the 2338network device driver, and networking hardware. 2339These properties can be retrieved using 2340.Cm show-linkprop . 2341.Bl -tag -width 4n 2342.It Fl t , \&-temporary 2343Specifies that the changes are temporary. 2344Temporary changes last until the next reboot. 2345.It Xo 2346.Fl R Ar root-dir , 2347.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2348.Xc 2349See 2350.Sx Options , 2351above. 2352.It Xo 2353.Sm off 2354.Fl p\~ Ar prop Cm = Ar value Oo ,... Oc \&,\~ 2355.Fl \&-prop\~ Ar prop Cm = Ar value Op ,... 2356.Sm on 2357.Xc 2358A comma-separated list of properties to set to the specified values. 2359.El 2360.Pp 2361Note that when the persistent value is set, the temporary value changes to the 2362same value. 2363.It Xo 2364.Nm Cm reset-linkprop 2365.Op Fl t 2366.Op Fl R Ar root-dir 2367.Op Fl p Ar prop Ns Op ,... 2368.Ar link 2369.Xc 2370.Pp 2371Resets one or more properties to their values on the link specified. 2372Properties are reset to the values they had at startup. 2373If no properties are specified, all properties are reset. 2374See 2375.Cm show-linkprop 2376for a description of properties. 2377.Bl -tag -width 4n 2378.It Fl t , \&-temporary 2379Specifies that the resets are temporary. 2380Values are reset to default values. 2381Temporary resets last until the next reboot. 2382.It Xo 2383.Fl R Ar root-dir , 2384.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2385.Xc 2386See 2387.Sx Options , 2388above. 2389.It Xo 2390.Fl p Ar prop Ns Oo ,... Oc , 2391.Fl \&-prop Ns Cm = Ns Ar prop Ns Op ,... 2392.Xc 2393A comma-separated list of properties to reset. 2394.El 2395.Pp 2396Note that when the persistent value is reset, the temporary value changes to 2397the same value. 2398.It Xo 2399.Nm Cm show-linkprop 2400.Op Fl P 2401.Op Oo Fl c Oc Fl o Ar field Ns Op ,... 2402.Op Fl p Ar prop Ns Op ,... 2403.Op Ar link 2404.Xc 2405.Pp 2406Show the current or persistent values of one or more properties, either for all 2407datalinks or for the specified link. 2408By default, current values are shown. 2409If no properties are specified, all available link properties are displayed. 2410For each property, the following fields are displayed: 2411.Bl -tag -width 4n 2412.It Xo 2413.Fl o Ar field Ns Oo ,... Oc , 2414.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 2415.Xc 2416A case-insensitive, comma-separated list of output fields to display. 2417The field name must be one of the fields listed below, or the special value 2418.Cm all 2419to display all fields. 2420For each link, the following fields can be displayed: 2421.Bl -tag -width POSSIBLE 2422.It Sy LINK 2423The name of the datalink. 2424.It Sy PROPERTY 2425The name of the property. 2426.It Sy PERM 2427The read/write permissions of the property. 2428The value shown is one of 2429.Sq ro 2430or 2431.Sq rw . 2432.It Sy VALUE 2433The current 2434.Pq or persistent 2435property value. 2436If the value is not set, it is shown as 2437.Sq -- . 2438If it is unknown, the value is shown as 2439.Sq ? . 2440Persistent values that are not set or have been reset will be shown as 2441.Sq -- 2442and will use the system DEFAULT value 2443.Pq if any . 2444.It Sy DEFAULT 2445The default value of the property. 2446If the property has no default value, 2447.Sq -- 2448is shown. 2449.It Sy POSSIBLE 2450A comma-separated list of the values the property can have. 2451If the values span a numeric range, 2452.Sq min-max 2453might be shown as shorthand. 2454If the possible values are unknown or unbounded, 2455.Sq -- 2456is shown. 2457.El 2458.Pp 2459The list of properties depends on the link type and network device driver, and 2460the available values for a given property further depends on the underlying 2461network hardware and its state. 2462General link properties are documented in the 2463.Sx LINK PROPERTIES 2464section. 2465However, link properties that begin with underscore 2466.Pq _ 2467are specific to a given link or its underlying network device and subject to 2468change or removal. 2469See the appropriate network device driver man page for details. 2470.It Fl c , \&-parsable 2471Display using a stable machine-parsable format. 2472The 2473.Fl o 2474option is required with this option. 2475See 2476.Sx Parsable Output Format , 2477below. 2478.It Fl P , \&-persistent 2479Display persistent link property information. 2480.It Xo 2481.Fl p Ar prop Ns Oo ,... Oc , 2482.Fl \&-prop Ns Cm = Ns Ar prop Ns Op ,... 2483.Xc 2484A comma-separated list of properties to show. 2485See the sections on link properties following subcommand descriptions. 2486.El 2487.It Xo 2488.Nm Cm create-secobj 2489.Op Fl t 2490.Op Fl R Ar root-dir 2491.Op Fl f Ar file 2492.Fl c Ar class Ar secobj 2493.Xc 2494.Pp 2495Create a secure object named 2496.Ar secobj 2497in the specified 2498.Ar class 2499to be later used as a WEP or WPA key in connecting to an encrypted network. 2500The value of the secure object can either be provided interactively or read 2501from a file. 2502The sequence of interactive prompts and the file format depends on the class of 2503the secure object. 2504.Pp 2505Currently, the classes 2506.Sq wep 2507and 2508.Sq wpa 2509are supported. 2510The 2511.Sq WEP 2512.Pq Wired Equivalent Privacy 2513key can be either 5 or 13 bytes long. 2514It can be provided either as an ASCII or hexadecimal string \(em thus, 251512345 and 0x3132333435 are equivalent 5-byte keys 2516.Pq the 0x prefix can be omitted . 2517A file containing a 2518.Sq WEP 2519key must consist of a single line using either 2520.Sq WEP 2521key format. 2522The WPA 2523.Pq Wi-Fi Protected Access 2524key must be provided as an ASCII string with a length between 8 and 63 bytes. 2525.Pp 2526This subcommand is only usable by users or roles that belong to the 2527"Network Link Security" RBAC profile. 2528.Bl -tag -width 4n 2529.It Fl c Ar class , Fl \&-class Ns Cm \&= Ns Ar class 2530.Ar class 2531can be 2532.Sq wep 2533or 2534.Sq wpa . 2535See preceding discussion. 2536.It Fl t , \&-temporary 2537Specifies that the creation is temporary. 2538Temporary creation lasts until the next reboot. 2539.It Xo 2540.Fl R Ar root-dir , 2541.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2542.Xc 2543See 2544.Sx Options , 2545above. 2546.It Fl f Ar file , Fl \&-file Ns Cm \&= Ns Ar file 2547Specifies a file that should be used to obtain the secure object's value. 2548The format of this file depends on the secure object class. 2549See the 2550.Sx EXAMPLES 2551section for an example of using this option to set a WEP key. 2552.El 2553.It Xo 2554.Nm Cm delete-secobj 2555.Op Fl t 2556.Op Fl R Ar root-dir 2557.Ar secobj Ns Op ,... 2558.Xc 2559.Pp 2560Delete one or more specified secure objects. 2561This subcommand is only usable by users or roles that belong to the 2562"Network Link Security" RBAC profile. 2563.Bl -tag -width 4n 2564.It Fl t , \&-temporary 2565Specifies that the deletions are temporary. 2566Temporary deletions last until the next reboot. 2567.It Xo 2568.Fl R Ar root-dir , 2569.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2570.Xc 2571See 2572.Sx Options , 2573above. 2574.El 2575.It Xo 2576.Nm Cm show-secobj 2577.Op Fl P 2578.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 2579.Op Ar secobj Ns Op ,... 2580.Xc 2581.Pp 2582Show current or persistent secure object information. 2583If one or more secure objects are specified, then information for each is 2584displayed. 2585Otherwise, all current or persistent secure objects are displayed. 2586.Pp 2587By default, current secure objects are displayed, which are all secure objects 2588that have either been persistently created and not temporarily deleted, or 2589temporarily created. 2590.Pp 2591For security reasons, it is not possible to show the value of a secure object. 2592.Bl -tag -width 4n 2593.It Xo 2594.Fl o Ar field Ns Oo ,... Oc , 2595.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 2596.Xc 2597A case-insensitive, comma-separated list of output fields to display. 2598The field name must be one of the fields listed below. 2599For displayed secure object, the following fields can be shown: 2600.Bl -tag -width OBJECT 2601.It Sy OBJECT 2602The name of the secure object. 2603.It Sy CLASS 2604The class of the secure object. 2605.El 2606.It Fl p , \&-parsable 2607Display using a stable machine-parsable format. 2608The 2609.Fl o 2610option is required with 2611.Fl p . 2612See 2613.Sx Parsable Output Format , 2614below. 2615.It Fl P , \&-persistent 2616Display persistent secure object information 2617.El 2618.It Xo 2619.Nm Cm create-vnic 2620.Op Fl t 2621.Op Fl R Ar root-dir 2622.Fl l Ar link 2623.Oo 2624.Fl m 2625.Ar value | 2626.Cm auto | 2627.Cm factory Fl n Ar slot-identifier | 2628.Cm random Op Fl r Ar prefix 2629.Oc 2630.Op Fl v Ar vlan-id 2631.Op Fl p Ar prop Ns Cm \&= Ns Ar value Ns Op ,... 2632.Ar vnic-link 2633.Xc 2634.Pp 2635Create a VNIC with name 2636.Ar vnic-link 2637over the specified link. 2638.Bl -tag -width 4n 2639.It Fl t , \&-temporary 2640Specifies that the VNIC is temporary. 2641Temporary VNICs last until the next reboot. 2642.It Xo 2643.Fl R Ar root-dir , 2644.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2645.Xc 2646See 2647.Sx Options , 2648above. 2649.It Fl l Ar link , Fl \&-link Ns Cm \&= Ns Ar link 2650.Ar link 2651can be a physical link, an etherstub or an overlay. 2652.It Xo 2653.Sm off 2654.Fl m\~ Ar value | keyword No \&,\~ Fl \&-mac-address Cm = Ar value | Ar keyword 2655.Sm on 2656.Xc 2657Sets the VNIC's MAC address based on the specified value or keyword. 2658If 2659.Ar value 2660is not a keyword, it is interpreted as a unicast MAC address, which must be 2661valid for the underlying NIC. 2662The following special keywords can be used: 2663.Pp 2664.Bl -tag -width 4n -compact 2665.It Cm factory Op Fl n Ar slot-identifier 2666.It Cm factory Op Fl \&-slot Ns Cm = Ns Ar slot-identifier 2667Assign a factory MAC address to the VNIC. 2668When a factory MAC address is requested, 2669.Fl m 2670can be combined with the 2671.Fl n 2672option to specify a MAC address slot to be used. 2673If 2674.Fl n 2675is not specified, the system will choose the next available factory MAC 2676address. 2677The 2678.Fl m 2679option of the 2680.Cm show-phys 2681subcommand can be used to display the list of factory MAC addresses, their slot 2682identifiers, and their availability. 2683.It Cm random Op Fl r Ar prefix 2684.It Cm random Op Fl \&-mac-prefix Ns Cm = Ns Ar prefix 2685Assign a random MAC address to the VNIC. 2686A default prefix consisting of a valid IEEE OUI with the local bit set will be 2687used. 2688That prefix can be overridden with the 2689.Fl r 2690option. 2691.It Cm auto 2692Try and use a factory MAC address first. 2693If none is available, assign a random MAC address. 2694.Cm auto 2695is the default action if the 2696.Fl m 2697option is not specified. 2698.It Fl v Ar vlan-id 2699Enable VLAN tagging for this VNIC. 2700The VLAN tag will have id 2701.Ar vlan-id . 2702.El 2703.It Xo 2704.Fl p Ar prop Ns Oo ,... Oc , 2705.Fl \&-prop Ns Cm = Ns Ar prop Ns Op ,... 2706.Xc 2707A comma-separated list of properties to set to the specified values. 2708.El 2709.It Xo 2710.Nm Cm delete-vnic 2711.Op Fl t 2712.Op Fl R Ar root-dir 2713.Ar vnic-link 2714.Xc 2715.Pp 2716Deletes the specified VNIC. 2717.Bl -tag -width 4n 2718.It Fl t , \&-temporary 2719Specifies that the deletion is temporary. 2720Temporary deletions last until the next reboot. 2721.It Xo 2722.Fl R Ar root-dir , 2723.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2724.Xc 2725See 2726.Sx Options , 2727above. 2728.El 2729.It Xo 2730.Nm Cm show-vnic 2731.Op Fl P 2732.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 2733.Op Fl s Op Fl i Ar interval 2734.Op Fl l Ar link 2735.Op Ar vnic-link 2736.Xc 2737.Pp 2738Show VNIC configuration information 2739.Pq the default 2740or statistics, for all VNICs, all VNICs on a link, or only the specified 2741.Ar vnic-link . 2742.Bl -tag -width 4n 2743.It Xo 2744.Fl o Ar field Ns Oo ,... Oc , 2745.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 2746.Xc 2747A case-insensitive, comma-separated list of output fields to display. 2748The field name must be one of the fields listed below. 2749The field name must be one of the fields listed below, or the special value 2750.Cm all 2751to display all fields. 2752By default 2753.Po without 2754.Fl o 2755.Pc , 2756.Cm show-vnic 2757displays all fields. 2758.Bl -tag -width MACADDRTYPE 2759.It Sy LINK 2760The name of the VNIC. 2761.It Sy OVER 2762The name of the physical link over which this VNIC is configured. 2763.It Sy SPEED 2764The maximum speed of the VNIC, in megabits per second. 2765.It Sy MACADDRESS 2766MAC address of the VNIC. 2767.It Sy MACADDRTYPE 2768MAC address type of the VNIC. 2769.Nm 2770distinguishes among the following MAC address types: 2771.Bl -tag -width factory 2772.It Sy random 2773A random address assigned to the VNIC. 2774.It Sy factory 2775A factory MAC address used by the VNIC. 2776.El 2777.It Sy VID 2778The VLAN ID for the VNIC. 2779.It Sy ZONE 2780The zone to which the VNIC is currently assigned. 2781.El 2782.It Fl p , \&-parsable 2783Display using a stable machine-parsable format. 2784The 2785.Fl o 2786option is required with 2787.Fl p . 2788See 2789.Sx Parsable Output Format , 2790below. 2791.It Fl P , \&-persistent 2792Display the persistent VNIC configuration. 2793.It Fl s , \&-statistics 2794Displays VNIC statistics. 2795.It Fl i Ar interval , Fl \&-interval Ns Cm \&= Ns Ar interval 2796Used with the 2797.Fl s 2798option to specify an interval, in seconds, at which statistics should be 2799displayed. 2800If this option is not specified, statistics will be displayed only once. 2801.It Fl l Ar link , Fl \&-link Ns Cm \&= Ns Ar link 2802Display information for all VNICs on the named link. 2803.El 2804.It Xo 2805.Nm Cm create-etherstub 2806.Op Fl t 2807.Op Fl R Ar root-dir 2808.Ar etherstub 2809.Xc 2810.Pp 2811Create an etherstub with the specified name. 2812.Bl -tag -width 4n 2813.It Fl t , \&-temporary 2814Specifies that the etherstub is temporary. 2815Temporary etherstubs do not persist across reboots. 2816.It Xo 2817.Fl R Ar root-dir , 2818.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2819.Xc 2820See 2821.Sx Options , 2822above. 2823.El 2824.Pp 2825VNICs can be created on top of etherstubs instead of physical NICs. 2826As with physical NICs, such a creation causes the stack to implicitly create a 2827virtual switch between the VNICs created on top of the same etherstub. 2828.It Xo 2829.Nm Cm delete-etherstub 2830.Op Fl t 2831.Op Fl R Ar root-dir 2832.Ar etherstub 2833.Xc 2834.Pp 2835Delete the specified etherstub. 2836.Bl -tag -width 4n 2837.It Fl t , \&-temporary 2838Specifies that the deletion is temporary. 2839Temporary deletions last until the next reboot. 2840.It Xo 2841.Fl R Ar root-dir , 2842.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2843.Xc 2844See 2845.Sx Options , 2846above. 2847.El 2848.It Xo 2849.Nm Cm show-etherstub 2850.Op Ar etherstub 2851.Xc 2852.Pp 2853Show all configured etherstubs by default, or the specified etherstub if 2854.Ar etherstub 2855is specified. 2856.It Xo 2857.Nm Cm create-iptun 2858.Op Fl t 2859.Op Fl R Ar root-dir 2860.Fl T Ar type 2861.Sm off 2862.Oo Fl a\~ 2863.Brq Cm local | remote 2864.Cm = Ar addr Op ,... 2865.Oc 2866.Sm on 2867.Ar iptun-link 2868.Xc 2869.Pp 2870Create an IP tunnel link named 2871.Ar iptun-link . 2872Such links can additionally be protected with IPsec using 2873.Xr ipsecconf 8 . 2874.Pp 2875An IP tunnel is conceptually comprised of two parts: a virtual link between two 2876or more IP nodes, and an IP interface above this link that allows the system to 2877transmit and receive IP packets encapsulated by the underlying link. 2878This subcommand creates a virtual link. 2879The 2880.Xr ifconfig 8 2881command is used to configure IP interfaces above the link. 2882.Bl -tag -width 4n 2883.It Fl t , \&-temporary 2884Specifies that the IP tunnel link is temporary. 2885Temporary tunnels last until the next reboot. 2886.It Xo 2887.Fl R Ar root-dir , 2888.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2889.Xc 2890See 2891.Sx Options , 2892above. 2893.It Fl T Ar type , Fl \&-tunnel-type Ns Cm \&= Ns Ar type 2894Specifies the type of tunnel to be created. 2895The type must be one of the following: 2896.Bl -tag -width 4n 2897.It Sy ipv4 2898A point-to-point, IP-over-IP tunnel between two IPv4 nodes. 2899This type of tunnel requires IPv4 source and destination addresses to function. 2900IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create 2901IPv4-over-IPv4 and IPv6-over-IPv4 tunneling configurations. 2902.It Sy ipv6 2903A point-to-point, IP-over-IP tunnel between two IPv6 nodes as defined in IETF 2904RFC 2473. 2905This type of tunnel requires IPv6 source and destination addresses to function. 2906IPv4 and IPv6 interfaces can be plumbed above such a tunnel to create 2907IPv4-over-IPv6 and IPv6-over-IPv6 tunneling configurations. 2908.It Sy 6to4 2909A 6to4, point-to-multipoint tunnel as defined in IETF RFC 3056. 2910This type of tunnel requires an IPv4 source address to function. 2911An IPv6 interface is plumbed on such a tunnel link to configure a 6to4 router. 2912.El 2913.It Fl a Cm local= Ns Ar addr 2914Literal IP address or hostname corresponding to the tunnel source. 2915If a hostname is specified, it will be resolved to IP addresses, and one of 2916those IP addresses will be used as the tunnel source. 2917As IP tunnels are created before naming services have been brought online 2918during the boot process, it is important that any hostname used be included in 2919.Pa /etc/inet/hosts . 2920.Fl a Cm remote= Ns Ar addr 2921Literal IP address or hostname corresponding to the tunnel destination. 2922.El 2923.It Xo 2924.Nm Cm modify-iptun 2925.Op Fl t 2926.Op Fl R Ar root-dir 2927.Sm off 2928.Oo Fl a\~ 2929.Brq Cm local | remote 2930.Cm = Ar addr Op ,... 2931.Oc 2932.Sm on 2933.Ar iptun-link 2934.Xc 2935.Pp 2936Modify the parameters of the specified IP tunnel. 2937.Bl -tag -width 4n 2938.It Fl t , \&-temporary 2939Specifies that the modification is temporary. 2940Temporary modifications last until the next reboot. 2941.It Xo 2942.Fl R Ar root-dir , 2943.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2944.Xc 2945See 2946.Sx Options , 2947above. 2948.It Fl a Cm local= Ns Ar addr 2949Specifies a new tunnel source address. 2950See 2951.Cm create-iptun 2952for a description. 2953.It Fl a Cm remote= Ns Ar addr 2954Specifies a new tunnel destination address. 2955See 2956.Cm create-iptun 2957for a description. 2958.El 2959.It Xo 2960.Cm delete-iptun 2961.Op Fl t 2962.Op Fl R Ar root-dir 2963.Ar iptun-link 2964.Xc 2965.Pp 2966Delete the specified IP tunnel link. 2967.Bl -tag -width 4n 2968.It Fl t , \&-temporary 2969Specifies that the deletion is temporary. 2970Temporary deletions last until the next reboot. 2971.It Xo 2972.Fl R Ar root-dir , 2973.Fl \&-root-dir Ns Cm = Ns Ar root-dir 2974.Xc 2975See 2976.Sx Options , 2977above. 2978.El 2979.It Xo 2980.Nm Cm show-iptun 2981.Op Fl P 2982.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 2983.Op Ar iptun-link 2984.Xc 2985.Pp 2986Show IP tunnel link configuration for a single IP tunnel or all IP tunnels. 2987.Bl -tag -width 4n 2988.It Fl P , \&-persistent 2989Display the persistent IP tunnel configuration. 2990.It Fl p , \&-parsable 2991Display using a stable machine-parsable format. 2992The 2993.Fl o 2994option is required with 2995.Fl p . 2996See 2997.Sx Parsable Output Format , 2998below. 2999.It Xo 3000.Fl o Ar field Ns Oo ,... Oc , 3001.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 3002.Xc 3003A case-insensitive, comma-separated list of output fields to display. 3004The field name must be one of the fields listed below, or the special value 3005.Cm all , 3006to display all fields. 3007By default 3008.Po without 3009.Fl o 3010.Pc , 3011.Cm show-iptun 3012displays all fields. 3013.Bl -tag -width SOURCE 3014.It Sy LINK 3015The name of the IP tunnel link. 3016.It Sy TYPE 3017Type of tunnel as specified by the 3018.Fl T 3019option of 3020.Cm create-iptun . 3021.It Sy FLAGS 3022A set of flags associated with the IP tunnel link. 3023Possible flags are: 3024.Bl -tag -width 4n 3025.It Sy s 3026The IP tunnel link is protected by IPsec policy. 3027To display the IPsec policy associated with the tunnel link, enter: 3028.Pp 3029.D1 ipsecconf -ln -i tunnel-link 3030.Pp 3031See 3032.Xr ipsecconf 8 3033for more details on how to configure IPsec policy. 3034.It Sy i 3035The IP tunnel link was implicitly created with 3036.Xr ifconfig 8 , 3037and will be automatically deleted when it is no longer referenced 3038.Pq that is, when the last IP interface over the tunnel is unplumbed . 3039See 3040.Xr ifconfig 8 3041for details on implicit tunnel creation. 3042.El 3043.It Sy SOURCE 3044The tunnel source address. 3045.It Sy DESTINATION 3046The tunnel destination address. 3047.El 3048.El 3049.It Xo 3050.Nm Cm create-overlay 3051.Op Fl t 3052.Fl e Ar encap 3053.Fl s Ar search 3054.Fl v Ar vnetid 3055.Sm off 3056.Op Fl p\~ Ar prop Cm \&= Ar value Op ,... 3057.Sm on 3058.Ar overlay 3059.Xc 3060.Pp 3061Create an overlay device named 3062.Ar overlay . 3063.Pp 3064Overlay devices are similar to etherstubs. 3065VNICs can be created on top of them. 3066However, unlike an etherstub which is local to the system, an overlay device 3067can be configured to communicate to remote hosts, providing a means for network 3068virtualization. 3069The way in which it does this is described by the encapsulation module and the 3070search plugin. 3071For more information on these, see 3072.Xr overlay 7 . 3073.Pp 3074An overlay device has a series of required and optional properties. 3075These properties vary based upon the search and encapsulation modules and are 3076fully specified in 3077.Xr overlay 7 . 3078Not every property needs to be specified \(em some have default values which 3079will be used if nothing specific is specified. 3080For example, the default port for VXLAN comes from its IANA standard. 3081If a required property is missing, the command will fail and inform you of the 3082missing properties. 3083.Bl -tag -width 4n 3084.It Fl t , \&-temporary 3085Specifies that the overlay is temporary. 3086Temporary overlays last until the next reboot. 3087.It Fl e Ar encap , Fl \&-encap Ns Cm \&= Ns Ar encap 3088Use 3089.Ar encap 3090as the encapsulation plugin for the overlay device 3091.Ar overlay . 3092The encapsulation plugin determines how packets are transformed before being 3093put on the wire. 3094.It Fl s Ar search , Fl \&-search Ns Cm \&= Ns Ar search 3095Use 3096.Ar search 3097as the search plugin for 3098.Ar overlay . 3099The search plugin determines how non-local targets are found and where packets 3100are directed to. 3101.It Xo 3102.Sm off 3103.Fl p\~ Ar prop Cm = Ar value Oo ,... Oc \&,\~ 3104.Fl \&-prop\~ Ar prop Cm = Ar value Op ,... 3105.Sm on 3106.Xc 3107A comma-separated list of properties to set to the specified values. 3108.It Fl v Ar vnetid , Fl \&-vnetid Ns Cm \&= Ns Ar vnetid 3109Sets the virtual networking identifier to 3110.Ar vnetid . 3111A virtual network identifier determines is similar to a VLAN identifier, in 3112that it identifies a unique virtual network. 3113All overlay devices on the system share the same space for the virtual network 3114identifier. 3115However, the valid range of identifiers is determined by the encapsulation 3116plugin specified by 3117.Fl e . 3118.El 3119.It Xo 3120.Nm Cm delete-overlay 3121.Op Fl t 3122.Ar overlay 3123.Xc 3124.Pp 3125Delete the specified overlay. 3126This will fail if there are VNICs on top of the device. 3127.Bl -tag -width 4n 3128.It Fl t , \&-temporary 3129Specifies that the deletion is temporary. 3130Temporary deletions last until the next reboot. 3131.El 3132.It Xo 3133.Nm Cm modify-overlay 3134.Fl d Ar mac | 3135.Fl f | 3136.Sm off 3137.Fl s\~ Ar mac Cm \&= Ar ip Cm \&: Ar port 3138.Sm on 3139.Ar overlay 3140.Xc 3141.Pp 3142Modifies the target tables for the specified overlay. 3143.Pp 3144The different options allow for different ways of modifying the target table. 3145One of 3146.Fl d , 3147.Fl f , 3148and 3149.Fl s 3150is required. 3151This is not applicable for all kinds of overlay devices. 3152For more information, see 3153.Xr overlay 7 . 3154.Bl -tag -width 4n 3155.It Fl d Ar mac , Fl \&-delete-entry Ns Cm \&= Ns Ar mac 3156Deletes the entry for 3157.Ar mac 3158from the target table for 3159.Ar overlay . 3160Note, if a lookup is pending or outstanding, this does not cancel it or stop it 3161from updating the value. 3162.It Fl f , \&-flush-table 3163Flushes all values in the target table for 3164.Ar overlay . 3165.It Xo 3166.Fl s Ar mac Ns Cm = Ns Ar value , 3167.Fl \&-set-entry Ns Cm = Ns Ar mac Ns Cm = Ns Ar value 3168.Xc 3169Sets the value of 3170.Ar overlay Ns No 's 3171target table entry for 3172.Ar mac 3173to the specified value. 3174The specified value varies upon the encapsulation plugin. 3175The value may be a combination of a MAC address, IP address, and port. 3176Generally, 3177this looks like 3178.Sm off 3179.Oo Em mac Cm \&, Oc Oo Em IP Cm \&: Oc Op Em port . 3180.Sm on 3181If a component is the last one, then there is no need for a separator. 3182eg. 3183if just the MAC address or IP is needed, it would look like 3184.Em mac 3185and 3186.Em IP 3187respectively. 3188.El 3189.It Xo 3190.Nm Cm show-overlay 3191.Op Fl f | t 3192.Op Oo Fl p Oc Fl o Ar field Ns Op ,... 3193.Op Ar overlay 3194.Xc 3195.Pp 3196Shows overlay configuration 3197.Pq the default , 3198internal target tables 3199.Pq Fl t , 3200or 3201the FMA state 3202.Pq Fl f , 3203either for all overlays or the specified overlay. 3204.Pp 3205By default 3206.Po with neither 3207.Fl f 3208or 3209.Fl t 3210specified 3211.Pc , 3212the following fields will be displayed: 3213.Bl -tag -width PROPERTY 3214.It Sy LINK 3215The name of the overlay. 3216.It Sy PROPERTY 3217The name of the property. 3218.It Sy PERM 3219The read/write permissions of the property. 3220The value shown is one of 3221.Sq r- 3222or 3223.Sq rw . 3224.It Sy VALUE 3225The current property value. 3226If the value is not set, it is shown as 3227.Sq -- . 3228If it is unknown, the value is shown as 3229.Sq \&? . 3230.It Sy DEFAULT 3231The default value of the property. 3232If the property has no default value, 3233.Sq -- 3234is shown. 3235.It Sy POSSIBLE 3236A comma-separated list of the values the property can have. 3237If the values span a numeric range, 3238.Sq min-max 3239If the possible values are unknown or unbounded, 3240.Sq -- 3241is shown. 3242.El 3243.Pp 3244When the 3245.Fl f 3246option is used, the following fields will be displayed: 3247.Bl -tag -width PROPERTY 3248.It Sy LINK 3249The name of the overlay. 3250.It Sy STATUS 3251Either 3252.Sq ONLINE 3253or 3254.Sq DEGRADED . 3255.It Sy DETAILS 3256When the overlay's status is 3257.Sq ONLINE , 3258then this has the value 3259.Sq -- . 3260Otherwise, when it is 3261.Sq DEGRADED , 3262this field provides a more detailed explanation as to why it's degraded. 3263.El 3264.Pp 3265When the 3266.Fl t 3267option is used, the following fields will be displayed: 3268.Bl -tag -width PROPERTY 3269.It Sy LINK 3270The name of the overlay. 3271.It Sy TARGET 3272The target MAC address of a table entry. 3273.It Sy DESTINATION 3274The address that an encapsulated packet will be sent to when a packet has the 3275address specified by 3276.Sq TARGET . 3277.El 3278.Pp 3279The 3280.Cm show-overlay 3281command supports the following options: 3282.Bl -tag -width 4n 3283.It Fl f , \&-fma 3284Displays information about an overlay device's FMA state. 3285.It Xo 3286.Fl o Ar field Ns Oo ,... Oc , 3287.Fl \&-output Ns Cm \&= Ns Ar field Ns Op ,... 3288.Xc 3289A case-insensitive, comma-separated list of output fields to display. 3290The field name must be one of the fields listed above, or the special value 3291.Cm all , 3292to display all fields. 3293The fields applicable to the 3294.Fl o 3295option are limited to those listed under each output mode. 3296For example, if using 3297.Fl L , 3298only the fields listed under 3299.Fl L , 3300above, can be used with 3301.Fl o . 3302.It Fl p , \&-parsable 3303Display using a stable machine-parsable format. 3304The 3305.Fl o 3306option is required with 3307.Fl p . 3308See 3309.Sx Parsable Output Format , 3310below. 3311.It Fl t , \&-target 3312Displays information about an overlay device's target table. 3313For more information on the target table, see 3314.Xr overlay 7 . 3315.El 3316.It Xo 3317.Nm Cm show-usage 3318.Op Fl a 3319.Fl f Ar filename 3320.Op Fl p Ar plotfile Fl F Ar format 3321.Sm off 3322.Op Fl s\~ Ar time\ \& 3323.Op Fl e\~ Ar time 3324.Sm on 3325.Op Ar link 3326.Xc 3327.Pp 3328Show the historical network usage from a stored extended accounting file. 3329Configuration and enabling of network accounting through 3330.Xr acctadm 8 3331is required. 3332The default output will be the summary of network usage for the entire period 3333of time in which extended accounting was enabled. 3334.Bl -tag -width 4n -compact 3335.It Fl a 3336Display all historical network usage for the specified period of time during 3337which extended accounting is enabled. 3338This includes the usage information for the links that have already been 3339deleted. 3340.Pp 3341.It Fl f Ar filename , Fl \&-file Ns Cm \&= Ns Ar filename 3342Read extended accounting records of network usage from 3343.Ar filename . 3344.Pp 3345.It Fl F Ar format , Fl \&-format Ns Cm \&= Ns Ar format 3346Specifies the format of 3347.Ar plotfile 3348that is specified by the 3349.Fl p 3350option. 3351.Cm gnuplot 3352is the only currently supported format. 3353.Pp 3354.It Fl p Ar plotfile , Fl \&-plot Ns Cm \&= Ns Ar plotfile 3355Write network usage data to a file of the format specified by the 3356.Fl F 3357option, which is required. 3358.Pp 3359.It Fl s Ar time , Fl \&-start Ns Cm \&= Ns Ar time 3360.It Fl e Ar time , Fl \&-stop Ns Cm \&= Ns Ar time 3361Start and stop times for data display. 3362Time is in the format MM/DD/YYYY,hh:mm:ss 3363.Pp 3364.It Ar link 3365If specified, display the network usage only for the named link. 3366Otherwise, display network usage for all links. 3367.El 3368.El 3369.Ss "Parsable Output Format" 3370Many 3371.Nm 3372subcommands have an option that displays output in a machine-parsable format. 3373The output format is one or more lines of colon 3374.Pq \&: 3375delimited fields. 3376The fields displayed are specific to the subcommand used and are listed under 3377the entry for the 3378.Fl o 3379option for a given subcommand. 3380Output includes only those fields requested by means of the 3381.Fl o 3382option, in the order requested. 3383.Pp 3384When you request multiple fields, any literal colon characters are escaped by a 3385backslash 3386.Pq \e 3387before being output. 3388Similarly, literal backslash characters will also be escaped 3389.Pq \e\e . 3390This escape format is parsable by using shell 3391.Xr read 1 3392functions with the environment variable 3393.Em IFS=:\& 3394.Po 3395see 3396.Sx EXAMPLES , 3397below 3398.Pc . 3399Note that escaping is not done when you request only a single field. 3400.Ss "General Link Properties" 3401The following general link properties are supported: 3402.Bl -tag -width 4n 3403.It Sy allowed-ips 3404A comma-separated list of IP addresses that are allowed on the interface. 3405.Pp 3406An address in CIDR format with no host address specified is used to indicate 3407that any address on that subnet is allowed 3408.Po 3409e.g. 192.168.10.0/24 means any address in the range 192.168.10.0 - 3410192.168.10.255 is allowed 3411.Pc . 3412.It Sy autopush 3413Specifies the set of STREAMS modules to push on the stream associated with a 3414link when its DLPI device is opened. 3415It is a space-delimited list of modules. 3416.Pp 3417The optional special character sequence 3418.Sq [anchor] 3419indicates that a STREAMS anchor should be placed on the stream at the module 3420previously specified in the list. 3421It is an error to specify more than one anchor or to have an anchor first in 3422the list. 3423.Pp 3424The autopush property is preferred over the more general 3425.Xr autopush 8 3426command. 3427.It Sy cpus 3428Bind the processing of packets for a given data link to a processor or a set of 3429processors. 3430The value can be a comma-separated list of one or more processor ids. 3431If the list consists of more than one processor, the processing will spread out 3432to all the processors. 3433Connection to processor affinity and packet ordering for any individual 3434connection will be maintained. 3435.Pp 3436The processor or set of processors are not exclusively reserved for the link. 3437Only the kernel threads and interrupts associated with processing of the link 3438are bound to the processor or the set of processors specified. 3439In case it is desired that processors be dedicated to the link, 3440.Xr psrset 8 3441can be used to create a processor set and then specifying the processors from 3442the processor set to bind the link to. 3443.Pp 3444If the link was already bound to processor or set of processors due to a 3445previous operation, the binding will be removed and the new set of processors 3446will be used instead. 3447.Pp 3448The default is no CPU binding, which is to say that the processing of packets 3449is not bound to any specific processor or processor set. 3450.It Sy learn_limit 3451Limits the number of new or changed MAC sources to be learned over a bridge 3452link. 3453When the number exceeds this value, learning on that link is temporarily 3454disabled. 3455Only non-VLAN, non-VNIC type links have this property. 3456.Pp 3457The default value is 1000. 3458Valid values are greater or equal to 0. 3459.It Sy learn_decay 3460Specifies the decay rate for source changes limited by 3461.Sy learn_limit . 3462This number is subtracted from the counter for a bridge link every 5 seconds. 3463Only non-VLAN, non-VNIC type links have this property. 3464.Pp 3465The default value is 200. 3466Valid values are greater or equal to 0. 3467.It Sy maxbw 3468Sets the full duplex bandwidth for the link. 3469The bandwidth is specified as an integer with one of the scale suffixes 3470.Po 3471.Sy K , 3472.Sy M , 3473or 3474.Sy G 3475for Kbps, Mbps, and Gbps 3476.Pc . 3477If no units are specified, the input value will be read as Mbps. 3478The default is no bandwidth limit. 3479.It Sy priority 3480Sets the relative priority for the link. 3481The value can be given as one of the tokens 3482.Cm high , 3483.Cm medium , 3484or 3485.Cm low . 3486The default is 3487.Cm high . 3488.It Sy stp 3489Enables or disables Spanning Tree Protocol on a bridge link. 3490Setting this value to 3491.Sq 0 3492disables Spanning Tree, and puts the link into forwarding mode with 3493BPDU guarding enabled. 3494This mode is appropriate for point-to-point links connected only to end nodes. 3495Only non-VLAN, non-VNIC type links have this property. 3496The default value is 3497.Sq 1 , 3498to enable STP. 3499.It Sy forward 3500Enables or disables forwarding for a VLAN. 3501Setting this value to 3502.Sq 0 3503disables bridge forwarding for a VLAN link. 3504Disabling bridge forwarding removes that VLAN from the "allowed set" for the 3505bridge. 3506The default value is 3507.Sq 1 , 3508to enable bridge forwarding for configured VLANs. 3509.It Sy default_tag 3510Sets the default VLAN ID that is assumed for untagged packets sent to and 3511received from this link. 3512Only non-VLAN, non-VNIC type links have this property. 3513Setting this value to 3514.Sq 0 3515disables the bridge forwarding of untagged packets to and from the port. 3516The default value is 3517.Sq 1 . 3518Valid values values are from 0 to 4094. 3519.It Sy promisc-filtered 3520Enables or disables the default filtering of promiscuous mode for certain 3521classes of links. 3522By default, VNICs will only see unicast traffic destined for it in promiscuous 3523mode. 3524Not all the unicast traffic from the underlying device makes it to the VNIC. 3525Disabling this would cause a VNIC, for example, to be able to see all unicast 3526traffic from the device it is created over. 3527The default value is on. 3528.It Sy stp_priority 3529Sets the STP and RSTP Port Priority value, which is used to determine the 3530preferred root port on a bridge. 3531Lower numerical values are higher priority. 3532The default value is 128. 3533Valid values range from 0 to 255. 3534.It Sy stp_cost 3535Sets the STP and RSTP cost for using the link. 3536The default value is 3537.Cm auto , 3538which sets the cost based on link speed, using 3539.Sq 100 3540for 10Mbps, 3541.Sq 19 3542for 100Mbps, 3543.Sq 4 3544for 1Gbps, and 3545.Sq 2 3546for 10Gbps. 3547Valid values range from 1 to 65535. 3548.It Sy stp_edge 3549Enables or disables bridge edge port detection. 3550If set to 3551.Sq 0 3552.Pq false , 3553the system assumes that the port is connected to other bridges even if no 3554bridge PDUs of any type are seen. 3555The default value is 3556.Sq 1 , 3557which detects edge ports automatically. 3558.It Sy stp_p2p 3559Sets bridge point-to-point operation mode. 3560Possible values are 3561.Cm true , 3562.Cm false , 3563and 3564.Cm auto . 3565When set to 3566.Cm auto , 3567point-to-point connections are automatically discovered. 3568When set to 3569.Cm true , 3570the port mode is forced to use point-to-point. 3571When set to 3572.Cm false , 3573the port mode is forced to use normal multipoint mode. 3574The default value is 3575.Cm auto . 3576.It Sy stp_mcheck 3577Triggers the system to run the RSTP 3578.Em Force BPDU Migration Check 3579procedure on this link. 3580The procedure is triggered by setting the property value to 3581.Sq 1 . 3582The property is automatically reset back to 3583.Sq 0 . 3584This value cannot be set unless the following are true: 3585.Bl -bullet 3586.It 3587The link is bridged 3588.It 3589The bridge is protected by Spanning Tree 3590.It 3591The bridge force-protocol value is at least 2 3592.Pq RSTP 3593.El 3594.Pp 3595The default value is 0. 3596.It Sy zone 3597Specifies the zone to which the link belongs. 3598This property can be modified only temporarily through 3599.Nm , 3600and thus the 3601.Fl t 3602option must be specified. 3603To modify the zone assignment such that it persists across reboots, 3604use 3605.Xr zonecfg 8 . 3606Possible values consist of any exclusive-IP zone currently running on the 3607system. 3608By default, the zone binding is as per 3609.Xr zonecfg 8 . 3610.El 3611.Ss "Wifi Link Properties" 3612The following WiFi link properties are supported. 3613Note that the ability to set a given property to a given value depends on the 3614driver and hardware. 3615.Bl -tag -width 4n 3616.It Sy channel 3617Specifies the channel to use. 3618This property can be modified only by certain WiFi links when in IBSS mode. 3619The default value and allowed range of values varies by regulatory domain. 3620.It Sy powermode 3621Specifies the power management mode of the WiFi link. 3622Possible values are 3623.Cm off 3624.Cm disable power management , 3625.Cm max 3626.Cm maximum power savings , 3627and 3628.Cm fast 3629.Pq performance-sensitive power management . 3630Default is 3631.Cm off . 3632.It Sy radio 3633Specifies the radio mode of the WiFi link. 3634Possible values are 3635.Cm on 3636or 3637.Cm off . 3638Default is 3639.Cm on . 3640.It Sy speed 3641Specifies a fixed speed for the WiFi link, in megabits per second. 3642The set of possible values depends on the driver and hardware 3643.Po 3644but is shown by 3645.Cm show-linkprop 3646.Pc ; 3647common speeds include 1, 2, 11, and 54. 3648By default, there is no fixed speed. 3649.El 3650.Ss "Ethernet Link Properties" 3651The following MII Properties, as documented in 3652.Xr ieee802.3 7 , 3653are supported in read-only mode: 3654.Pp 3655.Bl -bullet -offset 4n -compact 3656.It 3657duplex 3658.It 3659state 3660.It 3661adv_autoneg_cap 3662.It 3663adv_10gfdx_cap 3664.It 3665adv_1000fdx_cap 3666.It 3667adv_1000hdx_cap 3668.It 3669adv_100fdx_cap 3670.It 3671adv_100hdx_cap 3672.It 3673adv_10fdx_cap 3674.It 3675adv_10hdx_cap 3676.El 3677.Pp 3678Each 3679.Sq adv_ 3680property 3681.Po 3682for example, 3683.Sq adv_10fdx_cap 3684.Pc 3685also has a read/write counterpart 3686.Sq en_ 3687property 3688.Po for example, 3689.Sq en_10fdx_cap 3690.Pc 3691controlling parameters used at auto-negotiation. 3692In the absence of Power Management, the 3693.Sq adv_* 3694speed/duplex parameters provide the values that are both negotiated and 3695currently effective in hardware. 3696However, with Power Management enabled, the speed/duplex capabilities currently 3697exposed in hardware might be a subset of the set of bits that were used in 3698initial link parameter negotiation. 3699Thus the MII 3700.Sq adv_* 3701parameters are marked read-only, with an additional set of 3702.Sq en_* 3703parameters for configuring speed and duplex properties at initial negotiation. 3704.Pp 3705Note that the 3706.Sq adv_autoneg_cap 3707does not have an 3708.Sq en_autoneg_cap 3709counterpart: the 3710.Sq adv_autoneg_cap 3711is a 0/1 switch that turns off/on auto-negotiation itself, and therefore cannot 3712be impacted by Power Management. 3713.Pp 3714In addition, the following Ethernet properties are reported: 3715.Bl -tag -width 4n 3716.It Sy speed 3717.Pq read-only 3718The operating speed of the device, in Mbps. 3719.It Sy mtu 3720The maximum client SDU 3721.Pq Send Data Unit 3722supported by the device. 3723Valid range is 68-65536. 3724.It Sy flowctrl 3725Establishes flow-control modes that will be advertised by the device. 3726Valid input is one of: 3727.Bl -tag -width 4n 3728.It Sy no 3729No flow control enabled. 3730.It Sy rx 3731Receive, and act upon incoming pause frames. 3732.It Sy tx 3733Transmit pause frames to the peer when congestion occurs, but ignore received 3734pause frames. 3735.It Sy bi 3736Bidirectional flow control. 3737.El 3738.Pp 3739Note that the actual settings for this value are constrained by the 3740capabilities allowed by the device and the link partner. 3741.It Sy en_fec_cap 3742Sets the Forward Error Correct 3743.Pq FEC 3744code(s) to be advertised by the device. 3745Valid values are: 3746.Bl -tag -width 4n 3747.It Sy none 3748Allow the device not to use FEC. 3749.It Sy auto 3750The device will automatically decide which FEC code to use. 3751.It Sy rs 3752Allow Reed-Solomon FEC code. 3753.It Sy base-r 3754Allow Base-R 3755.Pq also known as FireCode 3756code. 3757.El 3758.Pp 3759Valid input is either 3760.Cm auto 3761as a single value, or a comma separated combination of 3762.Cm none , 3763.Cm rs 3764and 3765.Cm base-r . 3766The default value is 3767.Cm auto . 3768.Pp 3769Note the actual FEC settings and combinations are constrained by the 3770capabilities allowed by the device and the link partner. 3771.It Sy adv_fec_cap 3772.Pq read-only 3773The current negotiated Forward Error Correction code. 3774.It Sy secondary-macs 3775A comma-separated list of additional MAC addresses that are allowed on the 3776interface. 3777.It Sy tagmode 3778This link property controls the conditions in which 802.1Q VLAN tags will be 3779inserted in packets being transmitted on the link. 3780Two mode values can be assigned to this property: 3781.Bl -tag -width 4n 3782.It Sy normal 3783Insert a VLAN tag in outgoing packets under the following conditions: 3784.Bl -bullet -offset 4n 3785.It 3786The packet belongs to a VLAN. 3787.It 3788The user requested priority tagging. 3789.El 3790.It Sy vlanonly 3791Insert a VLAN tag only when the outgoing packet belongs to a VLAN. 3792If a tag is being inserted in this mode and the user has also requested a 3793non-zero priority, the priority is honored and included in the VLAN tag. 3794.El 3795.Pp 3796The default value is 3797.Cm vlanonly . 3798.It Sy media 3799.Pq read-only 3800The current type of media that the Ethernet link is using, if known. 3801For example, this would be something like 1000BASE-T, 25GBASE-CR, 100GBASE-KR4, 3802etc. 3803.El 3804.Ss "IP Tunnel Link Properties" 3805The following IP tunnel link properties are supported. 3806.Bl -tag -width 4n 3807.It Sy hoplimit 3808Specifies the IPv4 TTL or IPv6 hop limit for the encapsulating outer IP header 3809of a tunnel link. 3810This property exists for all tunnel types. 3811The default value is 64. 3812.It Sy encaplimit 3813Specifies the IPv6 encapsulation limit for an IPv6 tunnel as defined in RFC 38142473. 3815This value is the tunnel nesting limit for a given tunneled packet. 3816The default value is 4. 3817A value of 0 disables the encapsulation limit. 3818.El 3819.Sh EXAMPLES 3820.Sy Example 1 3821Configuring an Aggregation 3822.Pp 3823To configure a data-link over an aggregation of devices 3824.Em bge0 3825and 3826.Em bge1 3827with key 1, enter the following command: 3828.Bd -literal -offset indent 3829# dladm create-aggr -d bge0 -d bge1 1 3830.Ed 3831.Pp 3832.Sy Example 2 3833Connecting to a WiFi Link 3834.Pp 3835To connect to the most optimal available unsecured network on a system with a 3836single WiFi link 3837.Po 3838as per the prioritization rules specified for 3839.Cm connect-wifi 3840.Pc , 3841enter the following command: 3842.Bd -literal -offset indent 3843# dladm connect-wifi 3844.Ed 3845.Pp 3846.Sy Example 3 3847Creating a WiFi Key 3848.Pp 3849To interactively create the WEP key 3850.Sq mykey , 3851enter the following command: 3852.Bd -literal -offset indent 3853# dladm create-secobj -c wep mykey 3854.Ed 3855.Pp 3856Alternatively, to non-interactively create the WEP key 3857.Sq mykey 3858using the contents of a file: 3859.Bd -literal -offset indent 3860# umask 077 3861# cat >/tmp/mykey.$$ <<EOF 386212345 3863EOF 3864# dladm create-secobj -c wep -f /tmp/mykey.$$ mykey 3865# rm /tmp/mykey.$$ 3866.Ed 3867.Pp 3868.Sy Example 4 3869Connecting to a Specified Encrypted WiFi Link 3870.Pp 3871To use key 3872.Sq mykey 3873to connect to ESSID 3874.Sq wlan 3875on link 3876.Sq ath0 , 3877enter the following command: 3878.Bd -literal -offset indent 3879# dladm connect-wifi -k mykey -e wlan ath0 3880.Ed 3881.Pp 3882.Sy Example 5 3883Changing a Link Property 3884.Pp 3885To set powermode to the value 3886.Sq fast 3887on link 3888.Sq pcwl0 , 3889enter the following command: 3890.Bd -literal -offset indent 3891# dladm set-linkprop -p powermode=fast pcwl0 3892.Ed 3893.Pp 3894.Sy Example 6 3895Connecting to a WPA-Protected WiFi Link 3896.Pp 3897Create a WPA key 3898.Sq psk 3899and enter the following command: 3900.Bd -literal -offset indent 3901# dladm create-secobj -c wpa psk 3902.Ed 3903.Pp 3904To then use key 3905.Sq psk 3906to connect to ESSID 3907.Sq wlan 3908on link 3909.Sq ath0 , 3910enter the following command: 3911.Bd -literal -offset indent 3912# dladm connect-wifi -k psk -e wlan ath0 3913.Ed 3914.Pp 3915.Sy Example 7 3916Renaming a Link 3917.Pp 3918To rename the 3919.Sq bge0 3920link to 3921.Sq mgmt0 , 3922enter the following command: 3923.Bd -literal -offset indent 3924# dladm rename-link bge0 mgmt0 3925.Ed 3926.Pp 3927.Sy Example 8 3928Replacing a Network Card 3929.Pp 3930Consider that the bge0 device, whose link was named mgmt0 as shown in the 3931previous example, needs to be replaced with a ce0 device because of a hardware 3932failure. 3933The bge0 NIC is physically removed, and replaced 3934with a new ce0 NIC. 3935To associate the newly added ce0 device with the mgmt0 configuration previously 3936associated with bge0, enter the following command: 3937.Bd -literal -offset indent 3938# dladm rename-link ce0 mgmt0 3939.Ed 3940.Pp 3941.Sy Example 9 3942Removing a Network Card 3943.Pp 3944Suppose that in the previous example, the intent is not to replace the 3945bge0 NIC with another NIC, but rather to remove and not replace the 3946hardware. 3947In that case, the mgmt0 datalink configuration is not slated to be associated 3948with a different physical device as shown in the previous example, but needs to 3949be deleted. 3950Enter the following command to delete the datalink configuration associated 3951with the mgmt0 datalink, whose physical hardware 3952.Pq bge0 in this case 3953has been removed: 3954.Bd -literal -offset indent 3955# dladm delete-phys mgmt0 3956.Ed 3957.Pp 3958.Sy Example 10 3959Using Parsable Output to Capture a Single Field 3960.Pp 3961The following assignment saves the MTU of link net0 3962to a variable named 3963.Sq mtu . 3964.Bd -literal -offset indent 3965# mtu=`dladm show-link -p -o mtu net0` 3966.Ed 3967.Pp 3968.Sy Example 11 3969Using Parsable Output to Iterate over Links 3970.Pp 3971The following script displays the state of each link on the system. 3972.Bd -literal -offset indent 3973# dladm show-link -p -o link,state | \e 3974 while IFS=: read link state; do 3975 print "Link $link is in state $state" 3976done 3977.Ed 3978.Pp 3979.Sy Example 12 3980Configuring VNICs 3981.Pp 3982Create two VNICs with names 3983.Sq hello0 3984and 3985.Sq test1 3986over a single physical link 3987.Sq bge0 : 3988.Bd -literal -offset indent 3989# dladm create-vnic -l bge0 hello0 3990# dladm create-vnic -l bge0 test1 3991.Ed 3992.Pp 3993.Sy Example 13 3994Configuring VNICs and Allocating Bandwidth and Priority 3995.Pp 3996Create two VNICs with names 3997.Sq hello0 3998and 3999.Sq test1 4000over a single physical link 4001.Sq bge0 4002and make 4003.Sq hello0 4004a high priority VNIC with a factory-assigned MAC address with a maximum 4005bandwidth of 50 Mbps. 4006Make 4007.Sq test1 4008a low priority VNIC with a random MAC address and a maximum bandwidth of 4009100Mbps. 4010.Bd -literal -offset indent 4011# dladm create-vnic -l bge0 -m factory \e 4012 -p maxbw=50,priority=high hello0 4013# dladm create-vnic -l bge0 -m random \e 4014 -p maxbw=100M,priority=low test1 4015.Ed 4016.Pp 4017.Sy Example 14 4018Configuring a VNIC with a Factory MAC Address 4019.Pp 4020First, list the available factory MAC addresses and choose one of them: 4021.Bd -literal -offset indent 4022# dladm show-phys -m bge0 4023LINK SLOT ADDRESS INUSE CLIENT 4024bge0 primary 0:e0:81:27:d4:47 yes bge0 4025bge0 1 8:0:20:fe:4e:a5 no 4026bge0 2 8:0:20:fe:4e:a6 no 4027bge0 3 8:0:20:fe:4e:a7 no 4028.Ed 4029.Pp 4030Create a VNIC named 4031.Sq hello0 4032and use slot 1's address: 4033.Bd -literal -offset indent 4034# dladm create-vnic -l bge0 -m factory -n 1 hello0 4035# dladm show-phys -m bge0 4036LINK SLOT ADDRESS INUSE CLIENT 4037bge0 primary 0:e0:81:27:d4:47 yes bge0 4038bge0 1 8:0:20:fe:4e:a5 yes hello0 4039bge0 2 8:0:20:fe:4e:a6 no 4040bge0 3 8:0:20:fe:4e:a7 no 4041.Ed 4042.Pp 4043.Sy Example 15 4044Creating a VNIC with User-Specified MAC Address, Binding it to Set of 4045Processors 4046.Pp 4047Create a VNIC with name 4048.Sq hello0 , 4049with a user specified MAC address, and a processor binding 0, 1, 2, 3. 4050.Bd -literal -offset indent 4051# dladm create-vnic -l bge0 -m 8:0:20:fe:4e:b8 \e 4052 -p cpus=0,1,2,3 hello0 4053.Ed 4054.Pp 4055.Sy Example 16 4056Creating a Virtual Network Without a Physical NIC 4057.Pp 4058First, create an etherstub with name 4059.Sq stub1 : 4060.Bd -literal -offset indent 4061# dladm create-etherstub stub1 4062.Ed 4063.Pp 4064Create two VNICs with names 4065.Sq hello0 4066and 4067.Sq test1 4068on the etherstub. 4069This operation implicitly creates a virtual switch connecting 4070.Sq hello0 4071and 4072.Sq test1 . 4073.Bd -literal -offset indent 4074# dladm create-vnic -l stub1 hello0 4075# dladm create-vnic -l stub1 test1 4076.Ed 4077.Pp 4078.Sy Example 17 4079Showing Network Usage 4080.Pp 4081Network usage statistics can be stored using the extended accounting facility, 4082.Xr acctadm 8 . 4083.Bd -literal -offset indent 4084# acctadm -e basic -f /var/log/net.log net 4085# acctadm net 4086Network accounting: active 4087Network accounting file: /var/log/net.log 4088Tracked Network resources: basic 4089Untracked Network resources: src_ip,dst_ip,src_port,dst_port,... 4090.Ed 4091.Pp 4092The saved historical data can be retrieved in summary form using the 4093.Cm show-usage 4094subcommand: 4095.Bd -literal -offset indent 4096# dladm show-usage -f /var/log/net.log 4097LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH 4098e1000g0 80 1031 546908 0 0 2.44 Kbps 4099.Ed 4100.Pp 4101.Sy Example 18 4102Displaying Bridge Information 4103.Pp 4104The following commands use the 4105.Cm show-bridge 4106subcommand with no and various options. 4107.Bd -literal -offset indent 4108# dladm show-bridge 4109BRIDGE PROTECT ADDRESS PRIORITY DESROOT 4110foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38 4111bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38 4112 4113# dladm show-bridge -l foo 4114LINK STATE UPTIME DESROOT 4115hme0 forwarding 117 8192/0:d0:0:76:14:38 4116qfe1 forwarding 117 8192/0:d0:0:76:14:38 4117 4118# dladm show-bridge -s foo 4119BRIDGE DROPS FORWARDS 4120foo 0 302 4121 4122# dladm show-bridge -ls foo 4123LINK DROPS RECV XMIT 4124hme0 0 360832 31797 4125qfe1 0 322311 356852 4126 4127# dladm show-bridge -f foo 4128DEST AGE FLAGS OUTPUT 41298:0:20:bc:a7:dc 10.860 -- hme0 41308:0:20:bf:f9:69 -- L hme0 41318:0:20:c0:20:26 17.420 -- hme0 41328:0:20:e5:86:11 -- L qfe1 4133.Ed 4134.Pp 4135.Sy Example 19 4136Creating an IPv4 Tunnel 4137.Pp 4138The following sequence of commands creates and then displays a persistent IPv4 4139tunnel link named 4140.Sq mytunnel0 4141between 66.1.2.3 and 192.4.5.6: 4142.Bd -literal -offset indent 4143# dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0 4144# dladm show-iptun mytunnel0 4145LINK TYPE FLAGS SOURCE DESTINATION 4146mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6 4147.Ed 4148.Pp 4149A point-to-point IP interface can then be created over this tunnel link: 4150.Bd -literal -offset indent 4151# ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up 4152.Ed 4153.Pp 4154As with any other IP interface, configuration persistence for this IP interface 4155is achieved by placing the desired 4156.Xr ifconfig 8 4157commands 4158.Pq in this case, the command for "10.1.0.1 10.1.0.2" 4159into 4160.Pa /etc/hostname.mytunnel0 . 4161.Pp 4162.Sy Example 20 4163Creating a 6to4 Tunnel 4164.Pp 4165The following command creates a 6to4 tunnel link. 4166The IPv4 address of the 6to4 router is 75.10.11.12. 4167.Bd -literal -offset indent 4168# dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0 4169# dladm show-iptun sitetunnel0 4170LINK TYPE FLAGS SOURCE DESTINATION 4171sitetunnel0 6to4 -- 75.10.11.12 -- 4172.Ed 4173.Pp 4174The following command plumbs an IPv6 interface on this tunnel: 4175.Bd -literal -offset indent 4176# ifconfig sitetunnel0 inet6 plumb up 4177# ifconfig sitetunnel0 inet6 4178sitetunnel0: flags=2200041 <UP,RUNNING,NONUD,IPv6> mtu 65515 index 3 4179inet tunnel src 75.10.11.12 4180tunnel hop limit 64 4181inet6 2002:4b0a:b0c::1/16 4182.Ed 4183.Pp 4184Note that the system automatically configures the IPv6 address on the 6to4 IP 4185interface. 4186See 4187.Xr ifconfig 8 4188for a description of how IPv6 addresses are configured on 6to4 tunnel links. 4189.Sh INTERFACE STABILITY 4190The command line interface of 4191.Nm 4192is 4193.Sy Committed . 4194The output of 4195.Nm 4196is 4197.Sy Committed 4198.Sh SEE ALSO 4199.Xr read 1 , 4200.Xr attributes 7 , 4201.Xr ieee802.3 7 , 4202.Xr overlay 7 , 4203.Xr dlpi 7P , 4204.Xr acctadm 8 , 4205.Xr autopush 8 , 4206.Xr eeprom 8 , 4207.Xr ifconfig 8 , 4208.Xr ipadm 8 , 4209.Xr ipsecconf 8 , 4210.Xr ndd 8 , 4211.Xr psrset 8 , 4212.Xr wpad 8 , 4213.Xr zonecfg 8 4214.Sh NOTES 4215The preferred method of referring to an aggregation in the aggregation 4216subcommands is by its link name. 4217Referring to an aggregation by its integer 4218.Ar key 4219is supported for backward compatibility, but is not necessary. 4220When creating an aggregation, if a 4221.Ar key 4222is specified instead of a link name, the aggregation's link name will be 4223automatically generated by 4224.Nm 4225as 4226.Sy aggr Ns Ar key . 4227