Folks,
I've made an attempt at merging the UV and Brussels changes to the
dladm(1M) man page, and need a comprehensive review of the overall result
before Terry Gibson (Cc'ed) takes over the actual implementation of the
changes. I've given up on diffs on this man page at this point, as
almost everything has changed except for the WiFi and secobj subcommands.
Here it is, it its full glory:
System Administration Commands dladm(1M)
NAME
dladm - administer data links
SYNOPSIS
dladm show-link [-pP] [-s [-i interval]] [-o field[,...]] [link]
dladm rename-link [-R root-dir] link new-link
dladm show-dev [-p] [-s [-i interval]] [-o field[,...]] [dev]
dladm delete-phys link
dladm show-phys [-pP] [-o field[,...]] [link]
dladm show-ether [-px] [-o field[,...]] [link]
dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] -l linkn ... link
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] link
dladm delete-aggr [-t] [-R root-dir] link
dladm add-aggr [-t] [-R root-dir] -l linkn ... link
dladm remove-aggr [-t] [-R root-dir] -l linkn ... link
dladm show-aggr [-pPLx] [-s [-i interval]] [-o field[,...]] [link]
dladm create-vlan [-ft] [-R root-dir] -l plink -v vlan-tag [link]
dladm delete-vlan [-t] [-R root-dir] link
dladm show-vlan [-pP] [-o field[,...]] [link]
dladm scan-wifi [-p] [-o field[,...]] [link]
dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s wep |
wpa]
[-a open|shared] [-b bss|ibss] [-c] [-m a|b|g] [-T time] [link]
dladm disconnect-wifi [-a] [link]
dladm show-wifi [-p] [-o field[,...]] [link]
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link
dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link
dladm show-linkprop [-cP] [-o field,...] [-p prop[,...]] [link]
dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
dladm show-secobj [-pP] [-o field[,...]] [secobj,...]
DESCRIPTION
The dladm command is used to administer datalinks. A datalink
is represented in the system as a STREAMS DLPI (v2)
interface which can be plumbed under protocol stacks such as
TCP/IP. Each datalink relies on either a single network
device or an aggregation of devices to send packets to or
receive packets from a network.
Each dladm subcommand operates on one of the following
objects:
link Datalinks, identified by a name.
dev Network devices, identified by concatenation of a
driver name and an instance number.
aggr Aggregations of network devices, identified either
by a name or an administratively-chosen key between 1 and
999.
secobj Secure objects, identified by an
administratively-chosen alphanumeric name.
Some subcommands require a specific type of link. For
instance, the WiFi subcommands require a WiFi link. Further,
the behavior of the linkprop subcommands depends on the type
of link and underlying device.
Some devices do not support configurable datalinks or
aggregations. The fixed datalinks provided by such devices
can be viewed using dladm, but can not be configured.
SUBCOMMANDS
The following subcommands are supported:
dladm show-link [-pP] [-s [-i interval]] [-o field[,...]] [link]
Show link configuration information (the default) or
statistics, either for all datalinks or for the specified
"link". By default, the system is configured with one
datalink for each known network device.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value "all" to display all
fields. By default (without -o), show-link displays all
fields.
LINK
The name of the datalink.
CLASS
The class of the datalink. dladm distinguishes
between the following classes:
phys
A physical datalink. The show-phys subcommand
displays more detail for this class of datalink.
For WiFi physical datalinks, the show-wifi
subcommand will also display WiFi-specific
information.
aggr
An IEEE 802.3ad link aggregation. The show-aggr
subcommand displays more detail for this class of
datalink.
vlan
A VLAN datalink. The show-vlan subcommand
displays more detail for this class of datalink.
MTU
The maximum transmition unit size for the datalink
being displayed.
STATE
The link state of the datalink. The state can be up,
down, or unknown.
OVER
The physical datalink(s) over which the datalink is
operating. This applies to aggr and vlan classes of
datalinks. A VLAN is created over a single physical
datalink, and an aggregation is comprised of one or
more physical datalins.
-p, --parseable
Display using a stable machine-parseable format.
-P, --persistent
Display the persistent link configuration.
-s, --statistics
Display link statistics.
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed. If
this option is not specified, statistics will only
be displayed once.
dladm rename-link [-R root-dir] link new-link
Rename "link" to "new-link". This is used to give a link a
meaningful name, or to associate existing link configuration
such as link properties of a removed device with a new device.
For example, suppose that the bge0 device has a link name of
mgmt0 (because the administrator initially named it such by
typing "dladm rename-link bge0 mgmt0".) The bge0 device is
physically removed from the system due to failure, and replaced
with a ce0 device. To associate the newly added ce0 device
with the mgmt0 configuration previously associated with bge0,
the administrator types "dladm rename-link ce0 mgmt0"
The rename operation will fail if the link is in use by an IP
interface or by DLPI consumers.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where the link
rename operation should apply.
dladm show-dev [-p] [-s [-i interval]] [-o field[,...]] [dev]
Show device configuration information (the default) or
statistics, either for all network devices or for the
specified device dev.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all, to
display all fields. For each device, the following
fields can be displayed:
DEV
The name of the device.
STATE
The state of the link. This is up, if the link
is running and all required resources are allo-
cated, and down otherwise.
SPEED
The current speed of the link, in megabits per
second.
DUPLEX
For Ethernet links, the full/half duplex status
of the link is displayed if the link state is
up. The duplex is displayed as unknown in all
other cases.
-p, --parseable
Display using a stable machine-parseable format.
-s, --statistics
Display network device statistics.
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed. If
this option is not specified, statistics will only
be displayed once.
dladm delete-phys link
This command is used to delete the persistent configuration of
a link associated with physical hardware which has been removed
from the system.
dladm show-phys [-pP] [-o field[,...]] [link]
Show the physical device and attributes of all physical
links, or of the named physical link. Without -P, only
physical links which are available on the running system are
displayed.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all, to
display all fields. For each link, the following
fields can be displayed:
LINK
The name of the datalink.
MEDIA
The media type provided by the physical datalink.
STATE
The link state. This can be up, down, or unknown.
SPEED
The current speed of the link in megabits per second.
DUPLEX
For Ethernet links, the full/half duplex status
of the link is displayed if the link state is
up. The duplex is displayed as unknown in all
other cases.
DEVICE
The name of the physical device under this link.
-p, --parseable
Display using a stable machine-parseable format.
-P, --persistent
This option displays persistent configuration for all
links, including those which have been removed from the
system. The output provides a FLAGS column in which the
'r' flag indicates that the physical device associated with
a physical link has been removed. For such links,
delete-phys may be used to purge the link's configuration
from the system.
dladm show-ether [-p] [-o field,...] [name]
Shows state information either for all Ethernet links or
for a specified link, name.
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. For each link, the following
fields can be displayed:
LINK The name of the link being
displayed.
PTYPE Parameter type, where current indi-
cates the negotiated state of the
link, capable indicates capabilities
supported by the device, adv indi-
cates the advertised capabilities,
and peeradv indicates the capabili-
ties advertised by the link-partner.
STATE The state of the link.
AUTO A yes/no value indicating whether
auto-negotiation is advertised.
SPEED-DUPLEX Combinations of speed and duplex
values available. The units of speed
are encoded with a trailing suffix
of G (Gigabits/s) or M (Mb/s).
Duplex values are encoded as f
(full-duplex) or h (half-duplex).
PAUSE Flow control information. Can be ""
(null string) indicating no flow
control is available, tx indicating
that the end-point can transmit
pause frames, but ignores any
received pause frames, rx indicating
that the end-point receives and acts
upon received pause frames, or both
indicating bi-directional flow-
control.
REM_FAULT Fault detection information. Valid
values are none or fault.
By default, all fields except REM_FAULT are
displayed for the "current" PTYPE.
-p, --parseable
Displays using a stable machine-parseable format. If
this option is specified, all output fields are
displayed by default.
-x, --extended
Extended output is displayed for PTYPE values of
current, capable, adv and peeradv.
dladm create-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] -l linkn ... link
Combine a set of links into a single IEEE 802.3ad link
aggregation named "link". The use of an integer "key" to
generate a link name for the aggregation is also supported for
backward compatibility. Many of the aggr subcommands below
also support the use of a "key" to refer to a given
aggregation, but use of the aggregation link name is preferred.
See the NOTES section for more information on keys.
-l, --link
Each link (or port) in the aggregation is specified using a
-l option followed by the name of the link to be included in
the aggregation. Multiple links are included in the
aggregation by specifying multiple -l options. For backward
compatibility with previous versions of Solaris, the dladm
command also supports the using the -d option (or --dev)
with a device name to specify links by their underlying
device name. The other aggr subcommands which take -l
options also accept -d.
-t, --temporary
Specifies that the aggregation is temporary. Tem-
porary aggregations last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent creation.
-P policy, --policy=policy
Specifies the port selection policy to use for load
spreading of outbound traffic. The policy specifies
which dev object is used to send packets. A policy
is a list of one or more layers specifiers separated
by commas. A layer specifier is one of the follow-
ing:
L2 Select outbound device according to source and
destination MAC addresses of the packet.
L3 Select outbound device according to source and
destination IP addresses of the packet.
L4 Select outbound device according to the upper
layer protocol information contained in the
packet. For TCP and UDP, this includes source
and destination ports. For IPsec, this
includes the SPI (Security Parameters Index.)
For example, to use upper layer protocol informa-
tion, the following policy can be used:
-P L4
To use the source and destination MAC addresses as
well as the source and destination IP addresses, the
following policy can be used:
-P L2,L3
-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used,
the mode in which it should operate. Supported
values are "off", "active" or "passive".
-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values
are "short" or "long".
-u address, --unicast=address
Specifies a fixed unicast hardware address to be
used for the aggregation. If this option is not
specified, then an address is automatically chosen
from the set of addresses of the component devices.
dladm modify-aggr [-t] [-R root-dir] [-P policy] [-L mode]
[-T time] [-u address] link
Modify the parameters of the specified aggregation.
-t, --temporary
Specifies that the modification is temporary. Tem-
porary aggregations last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent modifications.
-P policy, --policy=policy
Specifies the port selection policy to use for load
spreading of outbound traffic. See dladm create-aggr
for a description of valid policy values.
-L mode, --lacp-mode=mode
Specifies whether LACP should be used and, if used,
the mode in which it should operate. Supported
values are "off", "active" or "passive".
-T time, --lacp-timer=time
Specifies the LACP timer value. The supported values
are "short" or "long".
-u address, --unicast=address
Specifies a fixed unicast hardware address to be
used for the aggregation. If this option is not
specified, then an address is automatically chosen
from the set of addresses of the component devices.
dladm delete-aggr [-t] [-R root-dir] link
Deletes the specified aggregation.
-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent deletions.
dladm add-aggr [-t] [-R root-dir] -l linkn ... link
Adds links to the specified aggregation.
-l, --link
Specifies a link to add to the aggregation. Multiple links
can be added by supplying multiple -l options.
-t, --temporary
Specifies that the additions are temporary. Tem-
porary additions last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent additions.
dladm remove-aggr [-t] [-R root-dir] -l linkn ... link
Removes links from the specified aggregation.
-l, --link
Specifies a link to remove from the aggregation. Multiple
links can be removed by supplying multiple -l options.
-t, --temporary
Specifies that the removals are temporary. Temporary
removal last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent removals.
dladm show-aggr [-pPLx] [-s [-i interval]] [-o field[,...]] [link]
Show aggregation configuration (the default), LACP
information, or statistics, either for all aggregations
or for the specified aggregation link.
By default (with no options), the following fields can be
displayed:
LINK
The name of the aggregation link.
POLICY
The LACP policy of the aggregation. See the create-aggr
-P option for a description of the possible values.
ADDRPOLICY
Either auto if the aggregation is configured to
automatically configure its unicast MAC address (the
default if the -u option wasn't used to create or modify
the aggregation), or fixed if -u was used to set a fixed
MAC address.
LACPACTIVITY
The LACP mode of the aggregation. Possible values are
off, active, or passive, as set by the -l option to
create-aggr or modify-aggr.
LACPTIMER
The LACP timer value of the aggregation as set by the -T
option of create-aggr or mofify-aggr.
FLAGS
A set of state flags associated with the aggregation.
The only possible flag is 'f', which is displayed if the
administrator forced the creation the aggregation using
the -f option to create-aggr. Other flags may be defined
in the future.
The show-aggr command accepts the following options:
-L, --lacp
Displays detailed LACP information for the aggregation
link and each underlying port. With this option, the
following fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation ports.
AGGREGATABLE
Whether the port can be added to the aggregation.
SYNC
If yes, the system considers the port to be
synchronized and part of the aggregation.
COLL
If yes, collection of incoming frames is enabled on
the associated port.
DIST
If yes, distribution of outgoing frames is enabled on
the associated port.
DEFAULTED
If yes, the port is using defaulted partner
information (i.e., hasn't received LACP data from the
LACP partner).
EXPIRED
If yes, the receive state of the port is in the
EXPIRED state.
-x, --extended
Print additional aggregation information including
detailed information on each underlying port. With -x,
the following fields can be displayed:
LINK
The name of the aggregation link.
PORT
The name of one of the underlying aggregation ports.
SPEED
The speed of the link or port in megabits per second.
DUPLEX
The full/half duplex status of the link or port is
displayed if the link state is up. The duplex status
is displayed as unknown in all other cases.
STATE
The link state. This can be up, down, or unknown.
ADDRESS
The MAC address of the link or port.
PORTSTATE
XXX
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed above, or the special value all, to display all
fields. The fields applicable to the -o option are
limited to those listed under each output mode. For
example, if using -L, only the fields listed under -L
above may be used with -o.
-p, --parseable
Display using a stable machine-parseable format.
-P, --persistent
Display the persistent aggregation configuration rather
than the state of the running system.
-s, --statistics
Displays aggregation statistics.
-i interval, --interval=interval
Used with the -s option to specify an interval, in
seconds, at which statistics should be displayed. If
this option is not specified, statistics will only
be displayed once.
dladm create-vlan [-ft] [-R root-dir] -l plink -v vlan-tag [link]
Create a tagged VLAN link with tag "vlan-tag" over physical
link "plink". The name of the VLAN link may be specified as
"link".
If the name is not specified, a name will be automatically
generated (assuming that "plink" is <name><PPA>) as
<name><1000 * vlan-tag + PPA>
For example, is "plink" is bge1 and the VLAN tag is 2, the name
generated will be "bge2001".
-f, --force
Force the creation of the VLAN link. Some devices do not
allow frame sizes large enough to include a VLAN header.
When creating a VLAN link over such a device, the -f option
is needed, and the MTU of the IP interfaces on the
resulting VLAN must be set to 1496 instead of 1500.
-t, --temporary
Specifies that the VLAN link is temporary. Temporary
VLAN links last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should create the VLAN link.
dladm delete-vlan [-t] [-R root-dir] link
Delete the VLAN link specified.
-t, --temporary
Specifies that the deletion is temporary. Temporary
deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent deletions.
dladm show-vlan [-pP] [-o field[,...]] [link]
Print VLAN configuration for all VLAN links or for the
specified VLAN link.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output fields
to display. The field name must be one of the fields
listed below, or the special value all, to display all
fields. For each VLAN link, the following fields can be
displayed:
LINK
The name of the VLAN link.
VID
The VLAN tag or ID associated with the VLAN.
OVER
The name of the physical link over which this VLAN is
configured.
FLAGS
A set of flags associated with the VLAN link. The
only flag possible is 'f', which denotes that the
VLAN was created using the -f option to create-vlan.
More flags may be defined in the future.
-p, --parseable
Display using a stable machine-parseable format.
-P, --persistent
Display the persistent VLAN configuration rather than the
state of the running system.
dladm scan-wifi [-p] [-o field[,...]] [link]
Scans for WiFi networks, either on all WiFi links, or
just on the specified name.
By default, all fields except for BSSTYPE are displayed.
-o field[,...], --output=field[,...]
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed above, or the special value "all" to
display all fields. For each WiFi network found, the
following fields can be displayed:
LINK
The name of the link the WiFi network is on.
ESSID
The ESSID (name) of the WiFi network.
BSSID
Either the hardware address of the WiFi
network's Access Point (for BSS networks), or
the WiFi network's randomly generated unique
token (for IBSS networks).
SEC
Either "none" for a WiFi network that uses no
security, "wep" for a WiFi network that requires
WEP (Wired Equivalent Privacy), or "wpa" for a
WiFi network that requires WPA (Wi-Fi Protected
Access).
MODE
The supported connection modes: one or more of
"a", "b", or "g".
STRENGTH
The strength of the signal: one of "excellent",
"very good", "good", "weak", or "very weak".
SPEED
The maximum speed of the WiFi network, in mega-
bits per second.
BSSTYPE
Either "bss" for BSS (infrastructure) networks,
or "ibss" for IBSS (ad-hoc) networks.
-p, --parseable
Display using a stable machine-parseable format. If
this option is specified, all output fields are
displayed by default.
dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s
wep | wpa] [-a open|shared] [-b bss|ibss] [-c] [-m a|b|g]
[-T time] [link]
Connects to a WiFi network. This consists of four steps:
discovery, filtration, prioritization, and association.
However, to enable connections to non-broadcast WiFi
networks and to improve performance, if a BSSID or ESSID
is specified using the -e or -i options, then the first
three steps are skipped and connect-wifi immediately
attempts to associate to a BSSID or ESSID that matches
the rest of the provided parameters. If this association
fails, but there is a possibility that other networks
matching the specified criteria exist, then the tradi-
tional discovery process begins as specified below.
The discovery step finds all available WiFi networks on
the specified name, which must not yet be connected. For
administrative convenience, if there is only one WiFi
link on the system, name may be omitted.
Once discovery is complete, the list of networks is fil-
tered according to the value of the following options:
-e essid, --essid=essid
Networks that do not have the same essid are fil-
tered out.
-b bss|ibss, --bsstype=bss|ibss
Networks that do not have the same bsstype are fil-
tered out.
-m a|b|g, --mode=a|b|g
Networks not appropriate for the specified 802.11
mode are filtered out.
-k key,..., --key=key, ...
Networks not appropriate for the specified keys are
filtered out.
-s none|wep|wpa, --sec=none|wep|wpa
Networks not appropriate for the specified security
mode are filtered out.
Next, the remaining networks are prioritized, first by
signal strength, and then by maximum speed. Finally, an
attempt is made to associate with each network in the
list, in order, until one succeeds or no networks
remain.
In addition to the options described above, the follow-
ing options also control the behavior of connect-wifi:
-a open|shared, --auth=open|shared
Connect using the specified authentication mode. By
default, "open" and "shared" are tried in order.
-c, --create-ibss
Used with "-b ibss" to create a new ad-hoc network
if one matching the specified ESSID cannot be found.
If no ESSID is specified, then "-c -b ibss" will
always trigger the creation of a new ad-hoc network.
-T time, --timeout=time
Specifies the number of seconds to wait for associa-
tion to succeed. If time is "forever", then the
SunOS 5.11 Last change: 27 Apr 2007 9
System Administration Commands dladm(1M)
associate will wait indefinitely. The current
default is ten seconds, but this may change in the
future. Timeouts shorter than the default may not
succeed reliably.
-k key,..., --key=key,...
In addition to the filtering previously described,
the specified keys will be used to secure the asso-
ciation. The security mode to use will be based on
the key class; if a security mode was explicitly
specified, it must be compatible with the key class.
All keys must be of the same class.
For security modes that support multiple key slots,
the slot to place the key will be specified by a
colon followed by an index. Therefore, "-k mykey:3"
places "mykey"in slot 3. By default, slot 1 is
assumed. For security modes that support multiple
keys, a comma-separated list can be specified, with
the first key being the active key.
dladm disconnect-wifi [-a] [link]
Disconnect from one or more WiFi networks. If name
specifies a connected WiFi link, then it is discon-
nected. For administrative convenience, if only one WiFi
link is connected, name may be omitted.
-a, --all-links Disconnects from all connected links.
This is primarily intended for use by
scripts.
dladm show-wifi [-p] [-o field,...] [link]
Shows WiFi configuration information either for all WiFi
links or for the specified link name.
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed above, or the special value "all" to
display all fields. For each WiFi link, the follow-
ing fields can be displayed:
LINK
The name of the link being displayed.
STATUS
Either "connected" if the link is connected, or
"disconnected" if it is not connected. If the
link is disconnected, all remaining fields have
the value "--".
ESSID
The ESSID (name) of the connected WiFi network.
BSSID
Either the hardware address of the WiFi
network's Access Point (for BSS networks), or
the WiFi network's randomly generated unique
token (for IBSS networks).
SEC
Either "none" for a WiFi network that uses no
security, "wep" for a WiFi network that requires
WEP, or "wpa" for a WiFi network that requires
WPA.
MODE
The supported connection modes: one or more of
"a", "b", or "g".
STRENGTH
The connection strength: one of "excellent",
"very good", "good", "weak", or "very weak".
SPEED
The connection speed, in megabits per second.
AUTH
Either "open" or "shared" (see connect-wifi).
BSSTYPE
Either "bss" for BSS (infrastructure) networks,
or "ibss" for IBSS (ad-hoc) networks.
By default, currently all fields but AUTH, BSSID,
and BSSTYPE are displayed.
-p, --parseable
Displays using a stable machine-parseable format. If
this option is specified, all output fields are
displayed by default.
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed above, or the special value "all" to
display all fields.
dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...]
link
Sets the values of one or more properties on the link
specified. The list of properties and their pos-
sible values depend on the link type, the network device
driver, and networking hardware, but can be retrieved
using show-linkprop.
-t, --temporary
Specifies that the changes are temporary. Temporary
changes last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent creation.
-p prop=value[,...], --prop prop=value[,...]
A comma-separated list of properties to set to the
specified values.
dladm reset-linkprop [-t] [-R root-dir] -p prop, ... link
Resets one or more properties to their values on the link
specified. If no properties are specified, all properties are
reset.
-t, --temporary
Specifies that the resets are temporary. Temporary
resets last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent creation.
-p prop, ..., --prop=prop, ...
A comma-separated list of properties to reset.
dladm show-linkprop [-cP] [-o field[,...]] [-p prop[,...]] [link]
Show the current or persistent values of one or more
properties, either for all datalinks or for the specified
link. By default, current values are shown. If no properties
are specified, all available link properties are displayed.
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below, or the special value all to
display all fields. For each link, the following
fields can be displayed:
LINK The name of the data-link.
PROPERTY The name of the property.
VALUE The current (or persistent) property
value. If the value is not set, it is
shown as "--". If it is unknown, the
value is shown as "?". Persistent values
that are not set or have been reset
will be shown as "--" and will use the
system DEFAULT value (if any).
DEFAULT The default value of the property. If
the property has no default value, "--"
is shown.
POSSIBLE A comma-separated list of the values the
property may have. If the values span a
numeric range, min - max may be shown as
shorthand. If the possible values are
unknown or unbounded, "--" is shown.
The list of properties depends on the link type and
network device driver, and the available values for
a given property further depends on the underlying
network hardware and its state. General link proper-
ties are documented in the LINK PROPERTIES section.
However, link properties that begin with "_" (under-
bar) are specific to a given link or its underlying
network device and subject to change or removal; see
the appropriate network device driver manpage for
details.
-c, --parseable
Display using a stable machine-parseable format.
-P, --persistent
Display persistent link property information
-p prop, ..., --prop=prop, ...
A comma-separated list of properties to show. See
the sections on link properties following subcommand
descriptions.
dladm create-secobj [-t] [-R root-dir] [-f file] -c class
secobj
Create a secure object named secobj in the specified
class. The value of the secure object can either be pro-
vided interactively or read from a file. The sequence of
interactive prompts and file format depends on the class
of the secure object.
Currently, classes "wep" and "wpa" are suported. The WEP
(Wired Equivalent Privacy) key can be either 5 or 13
bytes long. It can be provided either as an ASCII or
hexadecimal string -- thus "12345" and "0x3132333435"
are equivalent 5-byte keys (the "0x" prefix may be omit-
ted). A file containing a WEP key must consist of a sin-
gle line using either WEP key format. The WPA (Wi-Fi
Protected Access) key must be provided as an ASCII
string with a length between 8 and 63 bytes.
This subcommand is only usable by users or roles that
belong to the "Network Link Security" RBAC profile.
-t, --temporary
Specifies that the creation is temporary. Temporary
creation last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent creation.
-f file, --file=file
Specifies a file that should be used to obtain the
secure object's value. The format of this file
depends on the secure object class. See the EXAMPLES
section for an example of using this option to set a
WEP key.
dladm delete-secobj [-t] [-R root-dir] secobj[,...]
Delete one or more specified secure objects. This sub-
command is only usable by users or roles that belong to
the "Network Link Security" RBAC profile.
-t, --temporary
Specifies that the deletions are temporary. Tem-
porary deletions last until the next reboot.
-R root-dir, --root-dir=root-dir
Specifies an alternate root directory where dladm
should apply persistent deletions
dladm show-secobj [-pP] [-o field[,...]] [secobj,...]
Show current or persistent secure object information. If
one or more secure objects are specified, then informa-
tion for each is displayed. Otherwise, all current or
persistent secure objects are displayed.
By default, current secure objects are displayed, which
are all secure objects that have either been per-
sistently created and not temporarily deleted, or tem-
porarily created.
For security reasons, it is not possible to show the
value of a secure object.
-o field,..., --output=field
A case-insensitive, comma-separated list of output
fields to display. The field name must be one of the
fields listed below. For displayed secure object,
the following fields can be shown:
OBJECT The name of the secure object.
CLASS The class of the secure object.
-p, --parseable Display using a stable machine-
parseable format.
-P, --persistent Display persistent secure object
information
General Link Property
The following general link property is supported:
zone Specifies the zone to which the link belongs. This
property can be modified only temporarily through
dladm, and thus the -t option must be specified. To
modify the zone assignment such that it persists
across reboots, please use zonecfg(1M). Possible
values consist of any zone currently running on the
system. By default, the zone binding is as per
zonecfg(1M).
Wifi Link Properties
The following WiFi link properties are supported. Note that
the ability to set a given property to a given value depends
on the driver and hardware.
channel Specifies the channel to use. This property can
only be modified by certain WiFi links when in
IBSS mode. The default value and allowed range
of values varies by regulatory domain.
powermode Specifies the power management mode of the WiFi
link. Possible values are "off" (disable power
management), "max" (maximum power savings), and
"fast" (performance-sensitive power manage-
ment). Default is "off".
radio Specifies the radio mode of the WiFi link. Pos-
sible values are "on" or "off". Default is
"on".
speed Specifies a fixed speed for the WiFi link, in
megabits per second. The set of possible values
depends on the driver and hardware (but is
shown by show-linkprop); common speeds include
1, 2, 11, and 54. By default, there is no fixed
speed.
Ethernet Link Properties
The following MII Properties as documented in ieee802.3(5)
are supported in read-only mode:
o link_duplex
o link_up
o adv_autoneg_cap
o adv_1000fdx_cap
o adv_1000hdx_cap
o adv_100fdx_cap
o adv_100hdx_cap
o adv_10fdx_cap
o adv_10hdx_cap
Each adv_ property (for example, adv_autoneg_cap) also has a
read/write counterpart enable_ property (for example,
enable_autoneg_cap) controlling parameters used at
autonegotiation.
In addition, the following Ethernet properties are reported:
ifspeed
(read-only) The operating speed of the device, in Mbps.
default_mtu
The maximum client SDU (Send Data Unit) supported by the
device. Valid range is 68-65536.
flowctrl
Establishes flow-control modes that will be advertised
by the device. Valid input is one of:
no No flow control enabled.
rx Receive, and act upon incoming pause frames.
tx Transmit pause frames to the peer when congestion
occurs, but ignore received pause frames.
bi Bidirectional flow control.
Note that the actual settings for this value are con-
strained by the capabilities allowed by the device and
the link partner.
EXAMPLES
Example 1 Configuring an Aggregation
To configure a datalink over an aggregation of devices bge0
and bge1 with key 1, enter the following command:
# dladm create-aggr -d bge0 -d bge1 1
Example 2 Connecting to a WiFi Link
To connect to the most optimal available unsecured network
on a system with a single WiFi link (as per the prioritiza-
tion rules specified for connect-wifi), enter the following
command:
# dladm connect-wifi
Example 3 Creating a WiFi Key
To interactively create the WEP key "mykey", enter the fol-
lowing command:
# dladm create-secobj -c wep mykey
Alternatively, to non-interactively create the WEP key
"mykey" using the contents of a file:
# umask 077
# cat >/tmp/mykey.$$ <<-EOF
12345
EOF
# dladm create-secobj -c wep -f /tmp/mykey.$$ mykey
# rm /tmp/mykey.$$
Example 4 Connecting to a Specified Encrypted WiFi Link
To use key "mykey"to connect to ESSID "wlan" on link "ath0",
enter the following command:
# dladm connect-wifi -k mykey -e wlan ath0
Example 5 Changing a Link Property
To set "powermode" to the value "fast" on link "pcwl0",
enter the following command:
# dladm set-linkprop -p powermode=fast pcwl0
Example 6 Connecting to a WPA-Protected WiFi Link
Create a WPA key psk and enter the following command:
# dladm create-secobj -c wpa psk
To then use key psk to connect to ESSID wlan on link ath0,
enter the following command:
# dladm connect-wifi -k psk -e wlan ath0
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
/usr/sbin
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRI-
BUTE TYPEATTRIBUTE VALUE _ AvailabilitySUNWcsu _ Interface
StabilityEvolving
/sbin
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRI-
BUTE TYPEATTRIBUTE VALUE _ AvailabilitySUNWcsr _ Interface
StabilityEvolving
SEE ALSO
ifconfig(1M), zonecfg(1M), wpad(1M), attributes(5), dlpi(7P)
NOTES
The preferred method of referring to an aggregation in the
aggregation subcommands is by its link name. Referring to an
aggregation by its integer "key" is supported for backward
compatibility, but is not necessary. When creating an aggregation,
if a "key" is specified instead of a link name, the aggregation's
link name will be automatically generated by dladm as "aggr<key>".
