IFCONFIG(1M) Maintenance Commands IFCONFIG(1M)


NAME


ifconfig - configure network interface parameters

SYNOPSIS


ifconfig interface [address_family] [address [/prefix_length]
[dest_address]] [addif address [/prefix_length]]
[removeif address [/prefix_length]] [arp | -arp]
[auth_algs authentication algorithm] [encr_algs encryption algorithm]
[encr_auth_algs authentication algorithm] [auto-revarp]
[broadcast address] [deprecated | -deprecated]
[preferred | -preferred] [destination dest_address]
[ether [address]] [failover | -failover] [group
[name | ""]] [index if_index] [ipmp] [metric n] [modlist]
[modinsert mod_name@pos] [modremove mod_name@pos]
[mtu n] [netmask mask] [plumb] [unplumb] [private
| -private] [nud | -nud] [set [address] [/netmask]]
[standby | -standby] [subnet subnet_address] [tdst
tunnel_dest_address] [token address/prefix_length]
[tsrc tunnel_src_address] [trailers | -trailers]
[up] [down] [usesrc [name | none]] [xmit | -xmit]
[encaplimit n | -encaplimit] [thoplimit n] [router
| -router] [zone zonename | -zone | -all-zones]


ifconfig [address_family] interface {auto-dhcp | dhcp} [primary]
[wait seconds] drop | extend | inform | ping
| release | start | status


DESCRIPTION


The command ifconfig is used to assign an address to a network interface
and to configure network interface parameters. The ifconfig command must
be used at boot time to define the network address of each interface
present on a machine; it may also be used at a later time to redefine an
interface's address or other operating parameters. If no option is
specified, ifconfig displays the current configuration for a network
interface. If an address family is specified, ifconfig reports only the
details specific to that address family. Only privileged users may modify
the configuration of a network interface. Options appearing within braces
({}) indicate that one of the options must be specified.

Network Interface Observability


Network interface observability with ifconfig is limited to those network
interfaces that have been prepared for use with the IP protocol suite.
The preferred method for configuring a network interface for use with
TCP/IP is with ipadm and alternatively with the use of the plumb option
as documented below. Network interfaces that have not been configured for
use with the IP protocol suite can only be observed by using the dladm
command.

DHCP Configuration


The forms of ifconfig that use the auto-dhcp or dhcp arguments are used
to control the Dynamic Host Configuration Protocol ("DHCP") configuration
of the interface. In this mode, ifconfig is used to control operation of
dhcpagent(1M), the DHCP client daemon. Once an interface is placed under
DHCP control by using the start operand, ifconfig should not, in normal
operation, be used to modify the address or characteristics of the
interface. If the address of an interface under DHCP is changed,
dhcpagent will remove the interface from its control.

OPTIONS


When the ifconfig command is executed without any options its behavior is
the same as when the -a option is supplied with no other options or
arguments.

The following options are supported:

addif address

Create the next unused logical interface on the specified physical
interface.


all-zones

Make the interface available to every shared-IP zone on the system.
The appropriate zone to which to deliver data is determined using the
tnzonecfg database. This option is available only if the system is
configured with the Solaris Trusted Extensions feature.

The tnzonecfg database is described in the tnzonecfg(4) man page,
which is part of the Solaris Trusted Extensions Reference Manual.


anycast

Marks the logical interface as an anycast address by setting the
ANYCAST flag. See "INTERFACE FLAGS," below, for more information on
anycast.


-anycast

Marks the logical interface as not an anycast address by clearing the
ANYCAST flag.


arp

Enable the use of the Address Resolution Protocol ("ARP") in mapping
between network level addresses and link level addresses (default).
This is currently implemented for mapping between IPv4 addresses and
MAC addresses.


-arp

Disable the use of the ARP on a physical interface. ARP cannot be
disabled on an IPMP IP interface.


auth_algs authentication algorithm

For a tunnel, enable IPsec AH with the authentication algorithm
specified. The algorithm can be either a number or an algorithm name,
including any to express no preference in algorithm. All IPsec tunnel
properties must be specified on the same command line. To disable
tunnel security, specify an auth_alg of none.

It is now preferable to use the ipsecconf(1M) command when
configuring a tunnel's security properties. If ipsecconf was used to
set a tunnel's security properties, this keyword will not affect the
tunnel.


auto-dhcp

Use DHCP to automatically acquire an address for this interface. This
option has a completely equivalent alias called dhcp.

For IPv6, the interface specified must be the zeroth logical
interface (the physical interface name), which has the link-local
address.

primary

Defines the interface as the primary. The interface is defined as
the preferred one for the delivery of client-wide configuration
data. Only one interface can be the primary at any given time. If
another interface is subsequently selected as the primary, it
replaces the previous one. Nominating an interface as the primary
one will not have much significance once the client work station
has booted, as many applications will already have started and
been configured with data read from the previous primary
interface.


wait seconds

The ifconfig command will wait until the operation either
completes or for the interval specified, whichever is the sooner.
If no wait interval is given, and the operation is one that
cannot complete immediately, ifconfig will wait 30 seconds for
the requested operation to complete. The symbolic value forever
may be used as well, with obvious meaning.


drop

Remove the specified interface from DHCP control without
notifying the DHCP server, and record the current lease for later
use. Additionally, for IPv4, set the IP address to zero. For
IPv6, unplumb all logical interfaces plumbed by dhcpagent.


extend

Attempt to extend the lease on the interface's IP address. This
is not required, as the agent will automatically extend the lease
well before it expires.


inform

Obtain network configuration parameters from DHCP without
obtaining a lease on IP addresses. This is useful in situations
where an IP address is obtained through mechanisms other than
DHCP.


ping

Check whether the interface given is under DHCP control, which
means that the interface is managed by the DHCP agent and is
working properly. An exit status of 0 means success.


release

Relinquish the IP addresses on the interface by notifying the
server and discard the current lease. For IPv4, set the IP
address to zero. For IPv6, all logical interfaces plumbed by
dhcpagent are unplumbed.


start

Start DHCP on the interface.


status

Display the DHCP configuration status of the interface.


auto-revarp

Use the Reverse Address Resolution Protocol (RARP) to automatically
acquire an address for this interface. This will fail if the
interface does not support RARP; for example, IPoIB (IP over
InfiniBand), and on IPv6 interfaces.


broadcast address

For IPv4 only. Specify the address to use to represent broadcasts to
the network. The default broadcast address is the address with a host
part of all 1's. A "+" (plus sign) given for the broadcast value
causes the broadcast address to be reset to a default appropriate for
the (possibly new) address and netmask. The arguments of ifconfig are
interpreted left to right. Therefore

example% ifconfig -a netmask + broadcast +


and

example% ifconfig -a broadcast + netmask +


may result in different values being assigned for the broadcast
addresses of the interfaces.


deprecated

Marks the logical interface as deprecated. An address associated with
a deprecated interface will not be used as source address for
outbound packets unless either there are no other addresses available
on the interface or the application has bound to this address
explicitly. The status display shows DEPRECATED as part of flags. See
for information on the flags supported by ifconfig.


-deprecated

Marks a logical interface as not deprecated. An address associated
with such an interface could be used as a source address for outbound
packets.


preferred

Marks the logical interface as preferred. This option is only valid
for IPv6 addresses. Addresses assigned to preferred logical
interfaces are preferred as source addresses over all other addresses
configured on the system, unless the address is of an inappropriate
scope relative to the destination address. Preferred addresses are
used as source addresses regardless of which physical interface they
are assigned to. For example, you can configure a preferred source
address on the loopback interface and advertise reachability of this
address by using a routing protocol.


-preferred

Marks the logical interface as not preferred.


destination dest_address

Set the destination address for a point-to point interface.


dhcp

This option is an alias for option auto-dhcp


down

Mark a logical interface as "down". (That is, turn off the IFF_UP
bit.) When a logical interface is marked "down," the system does not
attempt to use the address assigned to that interface as a source
address for outbound packets and will not recognize inbound packets
destined to that address as being addressed to this host.
Additionally, when all logical interfaces on a given physical
interface are "down," the physical interface itself is disabled.

When a logical interface is down, all routes that specify that
interface as the output (using the -ifp option in the route(1M)
command or RTA_IFP in a route(7P) socket) are removed from the
forwarding table. Routes marked with RTF_STATIC are returned to the
table if the interface is brought back up, while routes not marked
with RTF_STATIC are simply deleted.

When all logical interfaces that could possibly be used to reach a
particular gateway address are brought down (specified without the
interface option as in the previous paragraph), the affected gateway
routes are treated as though they had the RTF_BLACKHOLE flag set. All
matching packets are discarded because the gateway is unreachable.


encaplimit n

Set the tunnel encapsulation limit for the interface to n. This
option applies to IPv4-in-IPv6 and IPv6-in-IPv6 tunnels only, and it
simply modifies the encaplimit link property of the underlying IPv6
tunnel link (see dladm(1M)). The tunnel encapsulation limit controls
how many more tunnels a packet can enter before it leaves any tunnel,
that is, the tunnel nesting level.

This option is obsolete, superseded by the dladm(1M) encaplimit link
property.


-encaplimit

Disable generation of the tunnel encapsulation limit. This option
applies only to IPv4-in-IPv6 and IPv6-in-IPv6 tunnels. This simply
sets the encaplimit link property of the underlying IPv6 tunnel link
to 0 (see dladm(1M) encaplimit).

This option is obsolete, superseded by the dladm(1M) encaplimit link
property.


encr_auth_algs authentication algorithm

For a tunnel, enable IPsec ESP with the authentication algorithm
specified. It can be either a number or an algorithm name, including
any or none, to indicate no algorithm preference. If an ESP
encryption algorithm is specified but the authentication algorithm is
not, the default value for the ESP authentication algorithm will be
any.

It is now preferable to use the ipsecconf(1M) command when
configuring a tunnel's security properties. If ipsecconf was used to
set a tunnel's security properties, this keyword will not affect the
tunnel.


encr_algs encryption algorithm

For a tunnel, enable IPsec ESP with the encryption algorithm
specified. It can be either a number or an algorithm name. Note that
all IPsec tunnel properties must be specified on the same command
line. To disable tunnel security, specify the value of encr_alg as
none. If an ESP authentication algorithm is specified, but the
encryption algorithm is not, the default value for the ESP encryption
will be null.

It is now preferable to use the ipsecconf(1M) command when
configuring a tunnel's security properties. If ipsecconf was used to
set a tunnel's security properties, this keyword will not affect the
tunnel.


ether [ address ]

If no address is given and the user is root or has sufficient
privileges to open the underlying datalink, then display the current
Ethernet address information.

Otherwise, if the user is root or has sufficient privileges, set the
Ethernet address of the interfaces to address. The address is an
Ethernet address represented as x:x:x:x:x:x where x is a hexadecimal
number between 0 and FF. Similarly, for the IPoIB (IP over
InfiniBand) interfaces, the address will be 20 bytes of colon-
separated hex numbers between 0 and FF.

Some, though not all, Ethernet interface cards have their own
addresses. To use cards that do not have their own addresses, refer
to section 3.2.3(4) of the IEEE 802.3 specification for a definition
of the locally administered address space. Note that all IP
interfaces in an IPMP group must have unique hardware addresses; see
in.mpathd(1M).


-failover

Set NOFAILOVER on the logical interface. This makes the associated
address available for use by in.mpathd to perform probe-based failure
detection for the associated physical IP interface. As a side effect,
DEPRECATED will also be set on the logical interface. This operation
is not permitted on an IPMP IP interface.


failover

Clear NOFAILOVER on the logical interface. This is the default. These
logical interfaces are subject to migration when brought up (see IP
MULTIPATHING GROUPS).


group [ name |""]

When applied to a physical interface, it places the interface into
the named group. If the group does not exist, it will be created,
along with one or more IPMP IP interfaces (for IPv4, IPv6, or both).
Any UP addresses that are not also marked NOFAILOVER are subject to
migration to the IPMP IP interface (see IP MULTIPATHING GROUPS).
Specifying a group name of "" removes the physical IP interface from
the group.

When applied to a physical IPMP IP interface, it renames the IPMP
group to have the new name. If the name already exists, or a name of
"" is specified, it fails. Renaming IPMP groups is discouraged.
Instead, the IPMP IP interface should be given a meaningful name when
it is created by means of the ipmp subcommand, which the system will
also use as the IPMP group name.


index n

Change the interface index for the interface. The value of n must be
an interface index (if_index) that is not used on another interface.
if_index will be a non-zero positive number that uniquely identifies
the network interface on the system.


ipmp

Create an IPMP IP interface with the specified name. An interface
must be separately created for use by IPv4 and IPv6. The
address_family parameter controls whether the command applies to IPv4
or IPv6 (IPv4 if unspecified). All IPMP IP interfaces have the IPMP
flag set.


metric n

Set the routing metric of the interface to n; if no value is
specified, the default is 0. The routing metric is used by the
routing protocol. Higher metrics have the effect of making a route
less favorable. Metrics are counted as addition hops to the
destination network or host.


modinsert mod_name@pos

Insert a module with name mod_name to the stream of the device at
position pos. The position is relative to the stream head. Position 0
means directly under stream head.

Based upon the example in the modlist option, use the following
command to insert a module with name ipqos under the ip module and
above the firewall module:

example% ifconfig eri0 modinsert ipqos@2


A subsequent listing of all the modules in the stream of the device
follows:

example% ifconfig eri0 modlist
0 arp
1 ip
2 ipqos
3 firewall
4 eri


modlist

List all the modules in the stream of the device.

The following example lists all the modules in the stream of the
device:

example% ifconfig eri0 modlist
0 arp
1 ip
2 firewall
4 eri


modremove mod_name@pos

Remove a module with name mod_name from the stream of the device at
position pos. The position is relative to the stream head.

Based upon the example in the modinsert option, use the following
command to remove the firewall module from the stream after inserting
the ipqos module:

example% ifconfig eri0 modremove firewall@3


A subsequent listing of all the modules in the stream of the device
follows:

example% ifconfig eri0 modlist
0 arp
1 ip
2 ipqos
3 eri


Note that the core IP stack modules, for example, ip and tun modules,
cannot be removed.


mtu n

Set the maximum transmission unit of the interface to n. For many
types of networks, the mtu has an upper limit, for example, 1500 for
Ethernet. This option sets the FIXEDMTU flag on the affected
interface.


netmask mask

For IPv4 only. Specify how much of the address to reserve for
subdividing networks into subnetworks. The mask includes the network
part of the local address and the subnet part, which is taken from
the host field of the address. The mask contains 1's for the bit
positions in the 32-bit address which are to be used for the network
and subnet parts, and 0's for the host part. The mask should contain
at least the standard network portion, and the subnet field should be
contiguous with the network portion. The mask can be specified in one
of four ways:

1. with a single hexadecimal number with a leading 0x,

2. with a dot-notation address,

3. with a "+" (plus sign) address, or

4. with a pseudo host name/pseudo network name found in the
network database networks(4).
If a "+" (plus sign) is given for the netmask value, the mask is
looked up in the netmasks(4) database. This lookup finds the longest
matching netmask in the database by starting with the interface's
IPv4 address as the key and iteratively masking off more and more low
order bits of the address. This iterative lookup ensures that the
netmasks(4) database can be used to specify the netmasks when
variable length subnetmasks are used within a network number.

If a pseudo host name/pseudo network name is supplied as the netmask
value, netmask data may be located in the hosts or networks database.
Names are looked up by first using gethostbyname(3NSL). If not found
there, the names are looked up in getnetbyname(3SOCKET). These
interfaces may in turn use nsswitch.conf(4) to determine what data
store(s) to use to fetch the actual value.

For both inet and inet6, the same information conveyed by mask can be
specified as a prefix_length attached to the address parameter.


nud

Enables the neighbor unreachability detection mechanism on a point-
to-point physical interface.


-nud

Disables the neighbor unreachability detection mechanism on a point-
to-point physical interface.


plumb

For a physical IP interface, open the datalink associated with the
physical interface name and set up the plumbing needed for IP to use
the datalink. When used with a logical interface name, this command
is used to create a specific named logical interface on an existing
physical IP interface.

An interface must be separately plumbed for IPv4 and IPv6 according
to the address_family parameter (IPv4 if unspecified). Before an
interface has been plumbed, it will not be shown by ifconfig -a.

Note that IPMP IP interfaces are not tied to a specific datalink and
are instead created with the ipmp subcommand.


private

Tells the in.routed routing daemon that a specified logical interface
should not be advertised.


-private

Specify unadvertised interfaces.


removeif address

Remove the logical interface on the physical interface specified that
matches the address specified.


router

Enable IP forwarding on the interface. When enabled, the interface is
marked ROUTER, and IP packets can be forwarded to and from the
interface. Enabling ROUTER on any IP interface in an IPMP group
enables it on all IP interfaces in that IPMP group.


-router

Disable IP forwarding on the interface. IP packets are not forwarded
to and from the interface. Disabling ROUTER on any IP interface in an
IPMP group disables it on all IP interfaces in that IPMP group.


set

Set the address, prefix_length or both, for a logical interface.


standby

Mark the physical IP interface as a STANDBY interface. If an
interface is marked STANDBY and is part of an IPMP group, the
interface will not be used for data traffic unless another interface
in the IPMP group becomes unusable. When a STANDBY interface is
functional but not being used for data traffic, it will also be
marked INACTIVE. This operation is not permitted on an IPMP IP
interface.


-standby

Clear STANDBY on the interface. This is the default.


subnet

Set the subnet address for an interface.


tdst tunnel_dest_address

Set the destination address of a tunnel. The address should not be
the same as the dest_address of the tunnel, because no packets leave
the system over such a tunnel.

This option is obsolete, superseded by the dladm(1M) create-iptun and
modify-iptun subcommands.


thoplimit n

Set the hop limit for a tunnel interface. The hop limit value is used
as the TTL in the IPv4 header for the IPv6-in-IPv4 and IPv4-in-IPv4
tunnels. For IPv6-in-IPv6 and IPv4-in-IPv6 tunnels, the hop limit
value is used as the hop limit in the IPv6 header. This option simply
modifies the hoplimit link property of the underlying IP tunnel link
(see dladm(1M)).

This option is obsolete, superseded by the dladm(1M) hoplimit link
property.


token address/prefix_length

Set the IPv6 token of an interface to be used for address
autoconfiguration.

example% ifconfig eri0 inet6 token ::1/64


trailers

This flag previously caused a nonstandard encapsulation of IPv4
packets on certain link levels. Drivers supplied with this release no
longer use this flag. It is provided for compatibility, but is
ignored.


-trailers

Disable the use of a "trailer" link level encapsulation.


tsrc tunnel_src_address

Set the source address of a tunnel. This is the source address on an
outer encapsulating IP header. It must be an address of another
interface already configured using ifconfig.

This option is obsolete, superseded by the dladm(1M) create-iptun and
modify-iptun subcommands.


unplumb

For a physical or IPMP interface, remove all associated logical IP
interfaces and tear down any plumbing needed for IP to use the
interface. For an IPMP IP interface, this command will fail if the
group is not empty. For a logical interface, the logical interface is
removed.

An interface must be separately unplumbed for IPv4 and IPv6 according
to the address_family parameter (IPv4 if unspecified). Upon success,
the interface name will no longer appear in the output of ifconfig
-a.


up

Mark a logical interface UP. As a result, the IP module will accept
packets destined to the associated address (unless the address is
zero), along with any associated multicast and broadcast IP
addresses. Similarly, the IP module will allow packets to be sent
with the associated address as a source address. At least one logical
interface must be UP for the associated physical interface to send or
receive packets


usesrc [ name | none ]

Specify a physical interface to be used for source address selection.
If the keyword none is used, then any previous selection is cleared.

When an application does not choose a non-zero source address using
bind(3SOCKET), the system will select an appropriate source address
based on the outbound interface and the address selection rules (see
ipaddrsel(1M)).

When usesrc is specified and the specified interface is selected in
the forwarding table for output, the system looks first to the
specified physical interface and its associated logical interfaces
when selecting a source address. If no usable address is listed in
the forwarding table, the ordinary selection rules apply. For
example, if you enter:

# ifconfig eri0 usesrc vni0


...and vni0 has address 10.0.0.1 assigned to it, the system will
prefer 10.0.0.1 as the source address for any packets originated by
local connections that are sent through eri0. Further examples are
provided in the EXAMPLES section.

While you can specify any physical interface (or even loopback), be
aware that you can also specify the virtual IP interface (see
vni(7D)). The virtual IP interface is not associated with any
physical hardware and is thus immune to hardware failures. You can
specify any number of physical interfaces to use the source address
hosted on a single virtual interface. This simplifies the
configuration of routing-based multipathing. If one of the physical
interfaces were to fail, communication would continue through one of
the remaining, functioning physical interfaces. This scenario assumes
that the reachability of the address hosted on the virtual interface
is advertised in some manner, for example, through a routing
protocol.

Because the ifconfig preferred option is applied to all interfaces,
it is coarser-grained than the usesrc option. It will be overridden
by usesrc and setsrc (route subcommand), in that order.

IPMP and the usesrc option are mutually exclusive. That is, if an
interface is part of an IPMP group or marked STANDBY, then it cannot
be specified by means of usesrc, and vice-versa.


xmit

Enable a logical interface to transmit packets. This is the default
behavior when the logical interface is up.


-xmit

Disable transmission of packets on an interface. The interface will
continue to receive packets.


zone zonename

Place the logical interface in zone zonename. The named zone must be
active in the kernel in the ready or running state. The interface is
unplumbed when the zone is halted or rebooted. The zone must be
configure to be an shared-IP zone. zonecfg(1M) is used to assign
network interface names to exclusive-IP zones.


-zone

Place IP interface in the global zone. This is the default.


OPERANDS


The interface operand, as well as address parameters that affect it, are
described below.

interface

A string of one of the following forms:

o name physical-unit, for example, eri0 or ce1

o name physical-unit:logical-unit, for example, eri0:1

o ip.tunN, ip6.tunN, or ip6to4.tunN for implicit IP tunnel
links
If the interface name starts with a dash (-), it is interpreted as a
set of options which specify a set of interfaces. In such a case, -a
must be part of the options and any of the additional options below
can be added in any order. If one of these interface names is given,
the commands following it are applied to all of the interfaces that
match.

-a

Apply the command to all interfaces of the specified address
family. If no address family is supplied, either on the command
line or by means of /etc/default/inet_type, then all address
families will be selected.


-d

Apply the commands to all "down" interfaces in the system.


-D

Apply the commands to all interfaces not under DHCP (Dynamic Host
Configuration Protocol) control.


-u

Apply the commands to all "up" interfaces in the system.


-Z

Apply the commands to all interfaces in the user's zone.


-4

Apply the commands to all IPv4 interfaces.


-6

Apply the commands to all IPv6 interfaces.


address_family

The address family is specified by the address_family parameter. The
ifconfig command currently supports the following families: inet and
inet6. If no address family is specified, the default is inet.

ifconfig honors the DEFAULT_IP setting in the /etc/default/inet_type
file when it displays interface information . If DEFAULT_IP is set to
IP_VERSION4, then ifconfig will omit information that relates to IPv6
interfaces. However, when you explicitly specify an address family
(inet or inet6) on the ifconfig command line, the command line
overrides the DEFAULT_IP settings.


address

For the IPv4 family (inet), the address is either a host name present
in the host name data base (see hosts(4)) or in the Network
Information Service (NIS) map hosts, or an IPv4 address expressed in
the Internet standard "dot notation".

For the IPv6 family (inet6), the address is either a host name
present in the host name data base (see hosts(4)) or in the Network
Information Service (NIS) map ipnode, or an IPv6 address expressed in
the Internet standard colon-separated hexadecimal format represented
as x:x:x:x:x:x:x:x where x is a hexadecimal number between 0 and
FFFF.


prefix_length

For the IPv4 and IPv6 families (inet and inet6), the prefix_length is
a number between 0 and the number of bits in the address. For inet,
the number of bits in the address is 32; for inet6, the number of
bits in the address is 128. The prefix_length denotes the number of
leading set bits in the netmask.


dest_address

If the dest_address parameter is supplied in addition to the address
parameter, it specifies the address of the correspondent on the other
end of a point-to-point link.


tunnel_dest_address

An address that is or will be reachable through an interface other
than the tunnel being configured. This tells the tunnel where to send
the tunneled packets. This address must not be the same as the
interface destination address being configured.


tunnel_src_address

An address that is attached to an already configured interface that
has been configured "up" with ifconfig.


INTERFACE FLAGS


The ifconfig command supports the following interface flags. The term
"address" in this context refers to a logical interface, for example,
eri0:0, while "interface" refers to the physical interface, for example,
eri0.

ADDRCONF

The address is from stateless addrconf. The stateless mechanism
allows a host to generate its own address using a combination of
information advertised by routers and locally available information.
Routers advertise prefixes that identify the subnet associated with
the link, while the host generates an "interface identifier" that
uniquely identifies an interface in a subnet. In the absence of
information from routers, a host can generate link-local addresses.
This flag is specific to IPv6.


ANYCAST

Indicates an anycast address. An anycast address identifies the
nearest member of a group of systems that provides a particular type
of service. An anycast address is assigned to a group of systems.
Packets are delivered to the nearest group member identified by the
anycast address instead of being delivered to all members of the
group.


BROADCAST

This broadcast address is valid. This flag and POINTTOPOINT are
mutually exclusive


CoS

This interface supports some form of Class of Service (CoS) marking.
An example is the 802.1D user priority marking supported on VLAN
interfaces. For IPMP IP interfaces, this will only be set if all
interfaces in the group have CoS set.

Note that this flag is only set on interfaces over VLAN links and
over Ethernet links that have their dladm(1M) tagmode link property
set to normal.


DEPRECATED

This address is deprecated. This address will not be used as a source
address for outbound packets unless there are no other addresses on
this interface or an application has explicitly bound to this
address. An IPv6 deprecated address is part of the standard mechanism
for renumbering in IPv6 and will eventually be deleted when not used.
For both IPv4 and IPv6, DEPRECATED is also set on all NOFAILOVER
addresses, though this may change in a future release.


DHCPRUNNING

The logical interface is managed by dhcpagent(1M).


DUPLICATE

The logical interface has been disabled because the IP address
configured on the interface is a duplicate. Some other node on the
network is using this address. If the address was configured by DHCP
or is temporary, the system will choose another automatically, if
possible. Otherwise, the system will attempt to recover this address
periodically and the interface will recover when the conflict has
been removed from the network. Changing the address or netmask, or
setting the logical interface to up will restart duplicate detection.
Setting the interface to down terminates recovery and removes the
DUPLICATE flag.


FAILED

The in.mpathd daemon has determined that the interface has failed.
FAILED interfaces will not be used to send or receive IP data
traffic. If this is set on a physical IP interface in an IPMP group,
IP data traffic will continue to flow over other usable IP interfaces
in the IPMP group. If this is set on an IPMP IP interface, the entire
group has failed and no data traffic can be sent or received over any
interfaces in that group.


FIXEDMTU

The MTU has been set using the -mtu option. This flag is read-only.
Interfaces that have this flag set have a fixed MTU value that is
unaffected by dynamic MTU changes that can occur when drivers notify
IP of link MTU changes.


INACTIVE

The physical interface is functioning but is not used to send or
receive data traffic according to administrative policy. This flag is
initially set by the standby subcommand and is subsequently
controlled by in.mpathd. It also set when FAILBACK=no mode is enabled
(see in.mpathd(1M)) to indicate that the IP interface has repaired
but is not being used.


IPMP

Indicates that this is an IPMP IP interface.


LOOPBACK

Indicates that this is the loopback interface.


MULTI_BCAST

Indicates that the broadcast address is used for multicast on this
interface.


MULTICAST

The interface supports multicast. IP assumes that any interface that
supports hardware broadcast, or that is a point-to-point link, will
support multicast.


NOARP

There is no address resolution protocol (ARP) for this interface that
corresponds to all interfaces for a device without a broadcast
address. This flag is specific to IPv4.


NOFAILOVER

The address associated with this logical interface is available to
in.mpathd for probe-based failure detection of the associated
physical IP interface.


NOLOCAL

The interface has no address , just an on-link subnet.


NONUD

NUD is disabled on this interface. NUD (neighbor unreachability
detection) is used by a node to track the reachability state of its
neighbors, to which the node actively sends packets, and to perform
any recovery if a neighbor is detected to be unreachable. This flag
is specific to IPv6.


NORTEXCH

The interface does not exchange routing information. For RIP-2,
routing packets are not sent over this interface. Additionally,
messages that appear to come over this interface receive no response.
The subnet or address of this interface is not included in
advertisements over other interfaces to other routers.


NOXMIT

Indicates that the address does not transmit packets. RIP-2 also does
not advertise this address.


OFFLINE

The interface is offline and thus cannot send or receive IP data
traffic. This is only set on IP interfaces in an IPMP group. See
if_mpadm(1M) and cfgadm(1M).


POINTOPOINT

Indicates that the address is a point-to-point link. This flag and
BROADCAST are mutually exclusive


PREFERRED

This address is a preferred IPv6 source address. This address will be
used as a source address for IPv6 communication with all IPv6
destinations, unless another address on the system is of more
appropriate scope. The DEPRECATED flag takes precedence over the
PREFERRED flag.


PRIVATE

Indicates that this address is not advertised. For RIP-2, this
interface is used to send advertisements. However, neither the subnet
nor this address are included in advertisements to other routers.


PROMISC

A read-only flag indicating that an interface is in promiscuous mode.
All addresses associated with an interface in promiscuous mode will
display (in response to ifconfig -a, for example) the PROMISC flag.


ROUTER

Indicates that IP packets can be forwarded to and from the interface.


RUNNING

Indicates that the required resources for an interface are allocated.
For some interfaces this also indicates that the link is up. For IPMP
IP interfaces, RUNNING is set as long as one IP interface in the
group is active.


STANDBY

Indicates that this physical interface will not be used for data
traffic unless another interface in the IPMP group becomes unusable.
The INACTIVE and FAILED flags indicate whether it is actively being
used.


TEMPORARY

Indicates that this is a temporary IPv6 address as defined in RFC
3041.


UNNUMBERED

This flag is set when the local IP address on the link matches the
local address of some other link in the system


UP

Indicates that the logical interface (and the associated physical
interface) is up. The IP module will accept packets destined to UP
addresses (unless the address is zero), along with any associated
multicast and broadcast IP addresses. Similarly, the IP module will
allow packets to be sent with an UP address as a source address.


VIRTUAL

Indicates that the physical interface has no underlying hardware. It
is not possible to transmit or receive packets through a virtual
interface. These interfaces are useful for configuring local
addresses that can be used on multiple interfaces. (See also the
usesrc option.)


XRESOLV

Indicates that the interface uses an IPv6 external resolver.


LOGICAL INTERFACES


Solaris TCP/IP allows multiple logical interfaces to be associated with a
physical network interface. This allows a single machine to be assigned
multiple IP addresses, even though it may have only one network
interface. Physical network interfaces have names of the form driver-name
physical-unit-number, while logical interfaces have names of the form
driver-name physical-unit-number:logical-unit-number. A physical
interface is configured into the system using the plumb command. For
example:

example% ifconfig eri0 plumb


Once a physical interface has been "plumbed", logical interfaces
associated with the physical interface can be configured by separate
-plumb or -addif options to the ifconfig command.

example% ifconfig eri0:1 plumb


allocates a specific logical interface associated with the physical
interface eri0. The command

example% ifconfig eri0 addif 192.168.200.1/24 up


allocates the next available logical unit number on the eri0 physical
interface and assigns an address and prefix_length.


A logical interface can be configured with parameters (
address,prefix_length, and so on) different from the physical interface
with which it is associated. Logical interfaces that are associated with
the same physical interface can be given different parameters as well.
Each logical interface must be associated with an existing and "up"
physical interface. So, for example, the logical interface eri0:1 can
only be configured after the physical interface eri0 has been plumbed.


To delete a logical interface, use the unplumb or removeif options. For
example,

example% ifconfig eri0:1 down unplumb


will delete the logical interface eri0:1.

IP MULTIPATHING GROUPS


Physical interfaces that share the same link-layer broadcast domain must
be collected into a single IP Multipathing (IPMP) group using the group
subcommand. Each IPMP group has an associated IPMP IP interface, which
can either be explicitly created (the preferred method) by using the ipmp
subcommand or implicitly created by ifconfig in response to placing an IP
interface into a new IPMP group. Implicitly-created IPMP interfaces will
be named ipmpN where N is the lowest integer that does not conflict with
an existing IP interface name or IPMP group name.


Each IPMP IP interface is created with a matching IPMP group name, though
it can be changed using the group subcommand. Each IPMP IP interface
hosts a set of highly-available IP addresses. These addresses will remain
reachable so long as at least one interface in the group is active, where
"active" is defined as having at least one UP address and having
INACTIVE, FAILED, and OFFLINE clear. IP addresses hosted on the IPMP IP
interface may either be configured statically or configured through DHCP
by means of the dhcp subcommand.


Interfaces assigned to the same IPMP group are treated as equivalent and
monitored for failure by in.mpathd. Provided that active interfaces in
the group remain, IP interface failures (and any subsequent repairs) are
handled transparently to sockets-based applications. IPMP is also
integrated with the Dynamic Reconfiguration framework (see cfgadm(1M)),
which enables network adapters to be replaced in a way that is invisible
to sockets-based applications.


The IP module automatically load-spreads all outbound traffic across all
active interfaces in an IPMP group. Similarly, all UP addresses hosted on
the IPMP IP interface will be distributed across the active interfaces to
promote inbound load-spreading. The ipmpstat(1M) utility allows many
aspects of the IPMP subsystem to be observed, including the current
binding of IP data addresses to IP interfaces.


When an interface is placed into an IPMP group, any UP logical interfaces
are "migrated" to the IPMP IP interface for use by the group, unless:

o the logical interface is marked NOFAILOVER;

o the logical interface hosts an IPv6 link-local address;

o the logical interface hosts an IPv4 0.0.0.0 address.


Likewise, once an interface is in a group, if changes are made to a
logical interface such that it is UP and not exempted by one of the
conditions above, it will also migrate to the associated IPMP IP
interface. Logical interfaces never migrate back, even if the physical
interface that contributed the address is removed from the group.


Each interface placed into an IPMP group may be optionally configured
with a "test" address that in.mpathd will use for probe-based failure
detection; see in.mpathd(1M). These addresses must be marked NOFAILOVER
(using the -failover subcommand) prior to being marked UP. Test addresses
may also be acquired through DHCP by means of the dhcp subcommand.


For more background on IPMP, please see the IPMP-related chapters of the
System Administration Guide: Network Interfaces and Network
Virtualization.

CONFIGURING IPV6 INTERFACES
When an IPv6 physical interface is plumbed and configured "up" with
ifconfig, it is automatically assigned an IPv6 link-local address for
which the last 64 bits are calculated from the MAC address of the
interface.

example% ifconfig eri0 inet6 plumb up


The following example shows that the link-local address has a prefix of
fe80::/10.

example% ifconfig eri0 inet6
ce0: flags=2000841<UP,RUNNING,MULTICAST,IPv6>
mtu 1500 index 2 inet6 fe80::a00:20ff:fe8e:f3ad/10


Link-local addresses are only used for communication on the local subnet
and are not visible to other subnets.


If an advertising IPv6 router exists on the link advertising prefixes,
then the newly plumbed IPv6 interface will autoconfigure logical
interface(s) depending on the prefix advertisements. For example, for the
prefix advertisement 2001:0db8:3c4d:0:55::/64, the autoconfigured
interface will look like:

eri0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6>
mtu 1500 index 2
inet6 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64


Even if there are no prefix advertisements on the link, you can still
assign global addresses manually, for example:

example% ifconfig eri0 inet6 addif \
2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up


To configure boot-time defaults for the interface eri0, place the
following entry in the /etc/hostname6.eri0 file:

addif 2001:0db8:3c4d:55:a00:20ff:fe8e:f3ad/64 up


Configuring IP-over-IP Tunnel Interfaces
An IP tunnel is conceptually comprised of two parts: a virtual link
between two or more IP nodes, and an IP interface above this link which
allows the system to transmit and receive IP packets encapsulated by the
underlying link.


The dladm(1M) command is used to configure tunnel links, and ifconfig is
used to configure IP interfaces over those tunnel links. An IPv4-over-
IPv4 tunnel is created by plumbing an IPv4 interface over an IPv4 tunnel
link. An IPv6-over-IPv4 tunnel is created by plumbing an IPv6 interface
over an IPv6 tunnel link, and so forth.


When IPv6 interfaces are plumbed over IP tunnel links, their IPv6
addresses are automatically set. For IPv4 and IPv6 tunnels, source and
destination link-local addresses of the form fe80::interface-id are
configured. For IPv4 tunnels, the interface-id is the IPv4 tunnel source
or destination address. For IPv6 tunnels, the interface-id is the last 64
bits of the IPv6 tunnel source or destination address. For example, for
an IPv4 tunnel between 10.1.2.3 and 10.4.5.6, the IPv6 link-local source
and destination addresses of the IPv6 interface would be fe80::a01:203
and fe80::a04:506. For an IPv6 tunnel between 2000::1234:abcd and
3000::5678:abcd, the IPv6 link-local source and destination addresses of
the interface would be fe80::1234:abcd and fe80::5678:abcd. These default
link-local addresses can be overridden by specifying the addresses
explicitly, as with any other point-to-point interface.


For 6to4 tunnels, a 6to4 global address of the form 2002:tsrc::1/16 is
configured. The tsrc portion is the tunnel source IPv4 address. The
prefix length of the 6to4 interface is automatically set to 16, as all
6to4 packets (destinations in the 2002::/16 range) are forwarded to the
6to4 tunnel interface. For example, for a 6to4 link with a tunnel source
of 75.1.2.3, the IPv6 interface would have an address of
2002:4b01:203::1/16.


Additional IPv6 addresses can be added using the addif option or by
plumbing additional logical interfaces.


For backward compatibility, the plumbing of tunnel IP interfaces with
special names will implicitly result in the creation of tunnel links
without invoking dladm create-iptun. These tunnel names are:

ip.tunN
An IPv4 tunnel


ip6.tunN
An IPv6 tunnel


ip.6to4tunN
A 6to4 tunnel


These tunnels are "implicit tunnels", denoted with the i flag in dladm
show-iptun output. The tunnel links over which these special IP
interfaces are plumbed are automatically created, and they are
automatically deleted when the last reference is released (that is, when
the last IP interface is unplumbed).


The tsrc, tdst, encaplim, and hoplimit options to ifconfig are obsolete
and maintained only for backward compatibility. They are equivalent to
their dladm(1M) counterparts.

Display of Tunnel Security Settings


The ifconfig output for IP tunnel interfaces indicates whether IPsec
policy is configured for the underlying IP tunnel link. For example, a
line of the following form will be displayed if IPsec policy is present:

tunnel security settings --> use 'ipsecconf -ln -i ip.tun1'


If you do net set security policy, using either ifconfig or
ipsecconf(1M), there is no tunnel security setting displayed.

EXAMPLES


Example 1: Using the ifconfig Command




If your workstation is not attached to an Ethernet, the network
interface, for example, eri0, should be marked "down" as follows:


example% ifconfig eri0 down


Example 2: Printing Addressing Information




To print out the addressing information for each interface, use the
following command:


example% ifconfig -a


Example 3: Resetting the Broadcast Address




To reset each interface's broadcast address after the netmasks have been
correctly set, use the next command:


example% ifconfig -a broadcast +


Example 4: Changing the Ethernet Address




To change the Ethernet address for interface ce0, use the following
command:


example% ifconfig ce0 ether aa:1:2:3:4:5


Example 5: Configuring an IP-in-IP Tunnel




To configure an IP-in-IP tunnel, first create an IP tunnel link (tunsrc
and tundst are hostnames with corresponding IPv4 entries in /etc/hosts):


example% dladm create-iptun -T ipv4 -s tunsrc -d tundst tun0


Then plumb a point-to-point interface, supplying the source and
destination addresses (mysrc and thedst are hostnames with corresponding
IPv4 entries in /etc/hosts):


example% ifconfig tun0 plumb mysrc thedst up


Use ipsecconf(1M), as described above, to configure tunnel security
properties.


Configuring IPv6 tunnels is done by using a tunnel type of ipv6 with
create-iptun. IPv6 interfaces can also be plumbed over either type of
tunnel.


Example 6: Configuring 6to4 Tunnels




To configure 6to4 tunnels, first create a 6to4 tunnel link (myv4addr is a
hostname with a corresponding IPv4 entry in /etc/hosts):


example% dladm create-iptun -T 6to4 -s myv4addr my6to4tun0


Then an IPv6 interface is plumbed over this link:


example% ifconfig my6to4tun0 inet6 plumb up


The IPv6 address of the interface is automatically set as described
above.


Example 7: Configuring IP Forwarding on an Interface




To enable IP forwarding on a single interface, use the following command:


example% ifconfig eri0 router


To disable IP forwarding on a single interface, use the following
command:


example% ifconfig eri0 -router


Example 8: Configuring Source Address Selection Using a Virtual Interface




The following command configures source address selection such that every
packet that is locally generated with no bound source address and going
out on qfe2 prefers a source address hosted on vni0.


example% ifconfig qfe2 usesrc vni0


The ifconfig -a output for the qfe2 and vni0 interfaces displays as
follows:


qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
1500 index 4
usesrc vni0
inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
ether 0:3:ba:17:4b:e1
vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
mtu 0 index 5
srcof qfe2
inet 3.4.5.6 netmask ffffffff


Observe, above, the usesrc and srcof keywords in the ifconfig output.
These keywords also appear on the logical instances of the physical
interface, even though this is a per-physical interface parameter. There
is no srcof keyword in ifconfig for configuring interfaces. This
information is determined automatically from the set of interfaces that
have usesrc set on them.


The following command, using the none keyword, undoes the effect of the
preceding ifconfig usesrc command.


example% ifconfig qfe2 usesrc none


Following this command, ifconfig -a output displays as follows:


qfe2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu
1500 index 4
inet 1.2.3.4 netmask ffffff00 broadcast 1.2.3.255
ether 0:3:ba:17:4b:e1
vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
mtu 0 index 5
inet 3.4.5.6 netmask ffffffff


Note the absence of the usesrc and srcof keywords in the output above.


Example 9: Configuring Source Address Selection for an IPv6 Address




The following command configures source address selection for an IPv6
address, selecting a source address hosted on vni0.


example% ifconfig qfe1 inet6 usesrc vni0


Following this command, ifconfig -a output displays as follows:


qfe1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
usesrc vni0
inet6 fe80::203:baff:fe17:4be0/10
ether 0:3:ba:17:4b:e0
vni0: flags=2002210041<UP,RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
index 5
srcof qfe1
inet6 fe80::203:baff:fe17:4444/128
vni0:1: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
index 5
srcof qfe1
inet6 fec0::203:baff:fe17:4444/128
vni0:2: flags=2002210040<RUNNING,NOXMIT,NONUD,IPv6,VIRTUAL> mtu 0
index 5
srcof qfe1
inet6 2000::203:baff:fe17:4444/128


Depending on the scope of the destination of the packet going out on
qfe1, the appropriately scoped source address is selected from vni0 and
its aliases.


Example 10: Using Source Address Selection with Shared-IP Zones




The following is an example of how the usesrc feature can be used with
the zones(5) facility in Solaris. The following commands are invoked in
the global zone:


example% ifconfig hme0 usesrc vni0
example% ifconfig eri0 usesrc vni0
example% ifconfig qfe0 usesrc vni0


Following the preceding commands, the ifconfig -a output for the virtual
interfaces would display as:


vni0: flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL>
mtu 0 index 23
srcof hme0 eri0 qfe0
inet 10.0.0.1 netmask ffffffff
vni0:1:
flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
index 23
zone test1
srcof hme0 eri0 qfe0
inet 10.0.0.2 netmask ffffffff
vni0:2:
flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
index 23
zone test2
srcof hme0 eri0 qfe0
inet 10.0.0.3 netmask ffffffff
vni0:3:
flags=20011100c1<UP,RUNNING,NOARP,NOXMIT,ROUTER,IPv4,VIRTUAL> mtu 0
index 23
zone test3
srcof hme0 eri0 qfe0
inet 10.0.0.4 netmask ffffffff


There is one virtual interface alias per zone (test1, test2, and test3).
A source address from the virtual interface alias in the same zone is
selected. The virtual interface aliases were created using zonecfg(1M) as
follows:


example% zonecfg -z test1
zonecfg:test1> add net
zonecfg:test1:net> set physical=vni0
zonecfg:test1:net> set address=10.0.0.2


The test2 and test3 zone interfaces and addresses are created in the same
way.


Example 11: Turning Off DHCPv6




The following example shows how to disable automatic use of DHCPv6 on all
interfaces, and immediately shut down DHCPv6 on the interface named hme0.
See in.ndpd(1M) and ndpd.conf(4) for more information on the automatic
DHCPv6 configuration mechanism.


example% echo ifdefault StatefulAddrConf false >> /etc/inet/ndpd.conf
example% pkill -HUP -x in.ndpd
example% ifconfig hme0 dhcp release


FILES


/etc/netmasks

Netmask data.


/etc/default/inet_type

Default Internet protocol type.


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+---------------------------------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------------------------------------+-----------------+
|Interface Stability for command-line options | Committed |
+---------------------------------------------+-----------------+
|Interface Stability for command output | Uncommitted |
+---------------------------------------------+-----------------+

SEE ALSO


dhcpinfo(1), cfgadm(1M), dhcpagent(1M), dladm(1M), if_mpadm(1M),
in.mpathd(1M), in.ndpd(1M), in.routed(1M), ipmpstat(1M), ipsecconf(1M),
ndd(1M), netstat(1M), zoneadm(1M), zonecfg(1M), ethers(3SOCKET),
gethostbyname(3NSL), getnetbyname(3SOCKET), hosts(4), inet_type(4),
ndpd.conf(4), netmasks(4), networks(4), nsswitch.conf(4), attributes(5),
privileges(5), zones(5), arp(7P), ipsecah(7P), ipsecesp(7P)


System Administration Guide: IP Services

DIAGNOSTICS


ifconfig sends messages that indicate if:

o the specified interface does not exist

o the requested address is unknown

o the user is not privileged and tried to alter an interface's
configuration

NOTES


Do not select the names broadcast, down, private, trailers, up or other
possible option names when you choose host names. If you choose any one
of these names as host names, it can cause unusual problems that are
extremely difficult to diagnose.


July 23, 2012 IFCONFIG(1M)