ifconfig
Maintenance Commands ifconfig(1M)NAME
ifconfig - configure network interface parametersSYNOPSIS
/sbin/ifconfig interface [ address_family ] [ address [ /prefix_length ] [ dest_address ] ] [ addif address [ /prefix_length ] ] [ removeif address [ /prefix_length ] ] [ arp | -arp ] [ auth_algs authentication algorithm ] [ encr_algs encryption algorithm ] [ encr_auth_algs authentication algorithm ] [ auto-revarp ] [ broadcast address ] [ deprecated | -deprecated ] [ destination dest_address ] [ [ failover ] | [ -failover ] ] [ group [ [ name ] | "" ] ] [ index { if_index } ] [ metric n ] [ modlist ] [ modinsert mod_name@pos ] [ modremove mod_name@pos ] [ mtu n ] [ netmask mask ] [ plumb ] [ unplumb ] [ private | -private ] [ nud | -nud ] [ set [ address ] [ /netmask ] ] [ [ standby ] | [ -standby ] ] [ subnet subnet_address ] [ tdst tunnel_dest_address ] [ tsrc tunnel_src_address ] [ trailers | -trailers ] [ up ] [ down ] [ xmit | -xmit ] /usr/sbin/ifconfig interface [ address_family ] [ address [ /prefix_length ] [ dest_address ] ] [ addif address [ /prefix_length ] ] [ removeif address [ /prefix_length ] ] [ arp | -arp ] [ auth_algs authentication algorithm ] [ encr_algs encryption algorithm ] [ encr_auth_algs authentication algorithm ] [ auto-revarp ] [ broadcast address ] [ deprecated | -deprecated ] [ destination dest_address ] [ [ failover ] | [ -failover ] ] [ group [ [ name ] | "" ] ] [ index { if_index } ] [ metric n ] [ modlist ] [ modinsert mod_name@pos ] [ modremove mod_name@pos ] [ mtu n ] [ netmask mask ] [ plumb ] [ unplumb ] [ private | -private ] [ nud | -nud ] [ set [ address ] [ /netmask ] ] [ [ standby ] | [ -standby ] ] [ subnet subnet_address ] [ tdst tunnel_dest_address ] [ tsrc tunnel_src_address ] [ trailers | -trailers ] [ up ] [ down ] [ xmit | -xmit ] /sbin/ifconfig interface { auto-dhcp | dhcp } [ primary ] [ wait seconds ] drop | extend | inform | ping | release | start | status /usr/sbin/ifconfig interface { auto-dhcp | dhcp } [ primary ] [ wait seconds ] drop | extend | inform | ping | release | start | statusDESCRIPTION
The command ifconfig is used to assign an address to a net- work interface and to configure network interface parame- ters. The ifconfig command must be used at boot time to define the network address of each interface present on a machine; it may also be used at a later time to redefine an interface's address or other operating parameters. If no option is specified, ifconfig displays the current confi- guration for a network interface. If an address family is specified, ifconfig reports only the details specific to that address family. Only the superuser may modify the con- figuration of a network interface. Options appearing within braces ({}) indicate that one of the options must be speci- fied. The two versions of ifconfig, /sbin/ifconfig and /usr/sbin/ifconfig, behave differently with respect to name services. The order in which names are looked up by /sbin/ifconfig when the system is booting is fixed and can- not be changed. In contrast, changing /etc/nsswitch.conf may affect the behavior of /usr/sbin/ifconfig. The system administrator may configure the source and lookup order in the tables by means of the name service switch. See nsswitch.conf(4) for more information. DHCP Configuration The third and fourth forms of this command are used to con- trol the Dynamic Host Configuration Protocol ("DHCP") confi- guring of the interface. DHCP is only available on inter- faces for which the address family is inet. In this mode, ifconfig is used to control operation of dhcpagent(1M), the DHCP client daemon. Once an interface is placed under DHCP control by using the start operand, ifconfig should not, in normal operation, be used to modify the address or charac- teristics of the interface. If the address of an interface under DHCP is changed, dhcpagent will remove the interface from its control.OPTIONS
The following options are supported: addif address Create the next unused logical interface on the speci- fied physical interface. arp Enable the use of the Address Resolution Protocol ("ARP") in mapping between network level addresses and link level addresses (default). This is currently implemented for mapping between IPv4 addresses and 10Mb/s Ethernet addresses. -arp Disable the use of the ARP. auth_algs authentication algorithm For a tunnel, enable IPsec AH with the authentication algorithm specified. The algorithm can be either a number or an algorithm name, including any to express no preference in algorithm. All IPsec tunnel proper- ties must be specified on the same command line. To disable tunnel security, specify an auth_alg of none. auto-dhcp Use DHCP to automatically acquire an address for this interface. This option has a completely equivalent alias called dhcp. primary Defines the interface as the primary. The inter- face is defined as the preferred one for the delivery of client-wide configuration data. Only one interface can be the primary at any given time. If another interface is subsequently selected as the primary, it replaces the previ- ous one. Nominating an interface as the primary one will not have much significance once the client work station has booted, as many applica- tions will already have started and been config- ured with data read from the previous primary interface. wait seconds The ifconfig command will wait until the opera- tion either completes or for the interval speci- fied, whichever is the sooner. If no wait inter- val is given, and the operation is one that can- not complete immediately, ifconfig will wait 30 seconds for the requested operation to complete. The symbolic value forever may be used as well, with obvious meaning. drop Remove the specified interface from DHCP con- trol. Additionally, set the IP address to zero and mark the interface as "down". extend Attempt to extend the lease on the interface's IPv4 address. This is not required, as the agent will automatically extend the lease well before it expires. inform Obtain network configuration parameters from DHCP without obtaining a lease on an IP address. This is useful in situations where an IP address is obtained through mechanisms other than DHCP. ping Check whether the interface given is under DHCP control, which means that the interface is managed by the DHCP agent and is working prop- erly. An exit status of 0 means success. This subcommand has no meaning when the named inter- face represents more than one interface. release Relinquish the IPv4 address on the interface, and mark the interface as "down." start Start DHCP on the interface. status Display the DHCP configuration status of the interface. auto-revarp Use the Reverse Address Resolution Protocol ("RARP") to automatically acquire an address for this inter- face. broadcast address For IPv4 only. Specify the address to use to represent broadcasts to the network. The default broadcast address is the address with a host part of all 1's. A "+" (plus sign) given for the broadcast value causes the broadcast address to be reset to a default appropriate for the (possibly new) address and net- mask. The arguments of ifconfig are interpreted left to right. Therefore ifconfig -a netmask + broadcast + and ifconfig -a broadcast + netmask + may result in different values being assigned for the broadcast addresses of the interfaces. deprecated Marks the address as a deprecated address. Addresses marked as deprecated will not be used as source address for outbound packets unless either there are no other addresses available on this interface or the application has bound to this address explicitly. The status display shows DEPRECATED as part of flags. -deprecated Marks the address as not deprecated. destination dest_address Set the destination address for a point-to point interface. dhcp This option is an alias for option auto-dhcp down Mark an interface "down". When an interface is marked "down", the system does not attempt to transmit mes- sages through that interface. If possible, the inter- face is reset to disable reception as well. This action does not automatically disable routes using the interface. encr_auth_algs authentication algorithm For a tunnel, enable IPsec ESP with the authentication algorithm specified. It can be either a number or an algorithm name, including any or none, to indicate no algorithm preference. If an ESP encryption algorithm is specified but the authentication algorithm is not, the default value for the ESP authentication algorithm will be any. encr_algs encryption algorithm For a tunnel, enable IPsec ESP with the encryption algorithm specified. It can be either a number or an algorithm name. Note that all IPsec tunnel properties must be specified on the same command line. To disable tunnel security, specify the value of encr_alg as none. If an ESP authentication algorithm is specified, but the encryption algorithm is not, the default value for the ESP encryption will be null. -failover Mark the address as a non-failover address.Addresses marked this way will not failover when the interface fails. Status display shows "NOFAILOVER" as part of flags. failover Mark the address as a failover address. This address will failover when the interface fails. Status display does not show "NOFAILOVER" as part of flags. group [ name |""] Insert the interface in the multipathing group speci- fied by name. To delete an interface from a group, use a null string "". When invoked on the logical interface with id zero, the status display shows the group name. index n Change the interface index for the interface. The value of n must be an interface index (if_index) that is not used on another interface. if_index will be a non-zero positive number that uniquely identifies the network interface on the system. metric n Set the routing metric of the interface to n; if no value is specified, the default is 0. The routing metric is used by the routing protocol. Higher metrics have the effect of making a route less favorable; metrics are counted as addition hops to the destina- tion network or host. modinsert mod_name@pos Insert a module with name mod_name to the stream of the device at position pos. The position is relative to the stream head. Position 0 means directly under stream head. Based upon the example in the modlist option, use the following command to insert a module with name ipqos under the ip module and above the firewall module: ifconfig hme0 modinsert ipqos@2 A subsequent listing of all the modules in the stream of the device follows: ifconfig hme0 modlist 0 arp 1 ip 2 ipqos 3 firewall 4 hme modlist List all the modules in the stream of the device. The following example lists all the modules in the stream of the device: ifconfig hme0 modlist 0 arp 1 ip 2 firewall 4 hme modremove mod_name@pos Remove a module with name mod_name from the stream of the device at position pos. The position is relative to the stream head. Based upon the example in the modinsert option, use the following command to remove the firewall module from the stream after inserting the ipqos module: ifconfig hme0 modremove firewall@3 A subsequent listing of all the modules in the stream of the device follows: ifconfig hme0 modlist 0 arp 1 ip 2 ipqos 3 hme Note that the core IP stack modules, for example, ip and tun modules, cannot be removed. mtu n Set the maximum transmission unit of the interface to n. For many types of network, the mtu has an upper limit, for example, 1500 for Ethernet. netmask mask For IPv4 only. Specify how much of the address to reserve for subdividing network into subnetwork. The mask includes the network part of the local address and the subnet part, which is taken from the host field of the address. The mask contains 1's for the bit positions in the 32-bit address which are to be used for the network and subnet parts, and 0's for the host part. The mask should contain at least the standard network portion, and the subnet field should be contiguous with the network portion. The mask can be specified in one of four ways: 1. with a single hexadecimal number with a leading 0x, 2. with a dot-notation address, 3. with a "+" (plus sign) address, or 4. with a pseudo host name/pseudo network name found in the network database network(4). If a "+" (plus sign) is given for the netmask value, the mask is looked up in the netmasks(4) database. This lookup finds the longest matching netmask in the database by start- ing with the interface's IPv4 address as the key and itera- tively masking off more and more low order bits of the address. This iterative lookup ensures that the netmasks(4) database can be used to specify the netmasks when variable length subnetmasks are used within a network number. If a pseudo host name/pseudo network name is supplied as the netmask value, netmask data may be located in the hosts or network database. Names are looked up by first using gethostbyname(3NSL). If not found there, the names are looked up in getnetbyname(3SOCKET). These interfaces may in turn use nsswitch.conf(4) to determine what data store(s) to use to fetch the actual value. For both inet and inet6, the same information conveyed by mask can be specified as a prefix_length attached to the address parameter. nud Enables the neighbor unreachability detection mechan- ism on a point-to-go interface. -nud Disables the neighbor unreachability detection mechan- ism on a point-to-go interface. plumb Open the device associated with the physical interface name and set up the streams needed for IP to use the device. When used with a logical interface name, this command is used to create a specific named logical interface. An interface must be separately plumbed for use by IPv4 and IPv6. The address_family parameter controls whether the ifconfig command applies to IPv4 or IPv6. Before an interface has been plumbed, , the interface will not show up in the output of the ifconfig -a com- mand. private Tells the in.routed routing daemon that the interface should not be advertised. -private Specify unadvertised interfaces. removeif address Remove the logical interface on the physical inter- face specified that matches the address specified. set Set the address, prefix_length or both, for an interface. standby Marks the physical interface as a standby interface. If the interface is marked STANDBY and is part of the multipathing group, the interface will not be selected to send out packets unless some other interface in the group has failed and the network access has been failed over to this standby interface. The status display shows "STANDBY, INACTIVE" indicat- ing that that the interface is a standby and is also inactive. IFF_INACTIVE will be cleared when some other interface belonging to the same multipathing group fails over to this interface. Once a failback happens, the status display will return to INACTIVE. -standby Turns off standby on this interface. subnet Set the subnet address for an interface. tdst tunnel_dest_address Set the destination address of a tunnel. The address should not be the same as the dest_address of the tun- nel, because no packets leave the system over such a tunnel. trailers This flag previously caused a nonstandard encapsula- tion of inet packets on certain link levels. Drivers supplied with this release no longer use this flag. It is provided for compatibility, but is ignored. -trailers Disable the use of a "trailer" link level encapsulation. tsrc tunnel_src_address Set the source address of a tunnel. This is the source address on an outer encapsulating IP header. It must be an address of another interface already configured using ifconfig. unplumb Close the device associated with this physical inter- face name and any streams that ifconfig set up for IP to use the device. When used with a logical interface name, the logical interface is removed from the sys- tem. After this command is executed, the device name will no longer appear in the output of ifconfig -a. up Mark an interface "up". This happens automatically when setting the first address on an interface. The up option enables an interface after an ifconfig down, which reinitializes the hardware. xmit Enable an interface to transmit packets. This is the default behavior when the interface is up. -xmit Disable transmission of packets on an interface. The interface will continue to receive packets.OPERANDS
The interface operand, as well as address parameters that affect it, are described below. interface A string of the form, name physical-unit, for example, le0 or ie1; or of the form name physical-unit:logical-unit, for example, le0:1; or of the form ip.tunN, for tunnels. If the interface name starts with a dash (-), it is interpreted as a set of options which specify a set of interfaces. In such a case, -a must be part of the options and any of the additional options below can be added in any order. If one of these interface names is given, the commands following it are applied to all of the interfaces that match. -a Apply the commands to all interfaces in the system. -d Apply the commands to all "down" interfaces in the system. -D Apply the commands to all interfaces not under DHCP (Dynamic Host Configuration Pro- tocol) control. -u Apply the commands to all "up" interfaces in the system. -4 Apply the commands to all IPv4 interfaces. -6 Apply the commands to all IPv6 interfaces. address_family The address family is specified by the address_family parameter. The ifconfig command currently supports the following families: ether, inet, and inet6. If no address family is speci- fied, the default is inet. address For the IPv4 family (inet), the address is either a host name present in the host name data base (see hosts(4)) or in the Network Information Ser- vice (NIS) map hosts, or an IPv4 address expressed in the Internet standard "dot nota- tion". For the IPv6 family (inet6), the address is either a host name present in the host name data base (see ipnodes(4)) or in the Network Informa- tion Service (NIS) map ipnode, or an IPv6 address expressed in the Internet standard colon- separated hexadecimal format represented as x:x:x:x:x:x:x:x where x is a hexadecimal number between 0 and FFFF. For the ether address family, the address is an Ethernet address represented as x:x:x: x:x:x where x is a hexadecimal number between 0 and FF. Some, though not all, of the Ethernet interface cards have their own addresses. To use cards that do not have their own addresses, refer to section 3.2.3(4) of the IEEE 802.3 specification for a definition of the locally administered address space. The use of interface groups should be res- tricted to those cards with their own addresses (see INTERFACE GROUPS). prefix_length For the IPv4 and IPv6 families (inet and inet6), the prefix_length is a number between 0 and the number of bits in the address. For inet, the number of bits in the address is 32; for inet6, the number of bits in the address is 128. The prefix_length denotes the number of leading set bits in the netmask. dest_address If the dest_address parameter is supplied in addition to the address parameter, it specifies the address of the correspondent on the other end of a point-to-point link. tunnel_dest_address An address that is or will be reachable through an interface other than the tunnel being config- ured. This tells the tunnel where to send the tunneled packets. This address must not be the same as the tunnel_dest_address being configured. tunnel_src_address As address that is attached to an already config- ured interface that has been configured "up" with ifconfig. LOGICAL INTERFACES Solaris TCP/IP allows multiple logical interfaces to be associated with a physical network interface. This allows a single machine to be assigned multiple IP addresses, even though it may have only one network interface. Physical net- work interfaces have names of the form driver-name physical-unit-number, while logical interfaces have names of the form driver-name physical-unit-number:logical-unit- number. A physical interface is configured into the system using the plumb command. For example: ifconfig le0 plumb Once a physical interface has been "plumbed", logical inter- faces associated with the physical interface can be config- ured by separate plumb or addif options to the ifconfig command. ifconfig le0:1 plumb allocates a specific logical interface associated with the physical interface le0. The command ifconfig le0 addif 192.9.200.1/24 up allocates the next available logical unit number on the le0 physical interface and assigns an address and prefix_length. A logical interface can be configured with parameters ( address,prefix_length, and so on) different from the physi- cal interface with which it is associated. Logical inter- faces that are associated with the same physical interface can be given different parameters as well. Each logical interface must be associated with an existing and "up" phy- sical interface. So, for example, the logical interface le0:1 can only be configured after the physical interface le0 has been plumbed. To delete a logical interface, use the unplumb or removeif options. For example, ifconfig le0:1 down unplumb will delete the logical interface le0:1. INTERFACE GROUPS If a physical interface shares an IP prefix with another interface, these interfaces are collected into an interface group. IP uses an interface group to rotate source address selection when the source address is unspecified, and in the case of multiple physical interfaces in the same group, to scatter traffic across different IP addresses on a per-IP- destination basis. See netstat(1M) for per-IP-destination information. This feature may be enabled by using ndd(1M). One can also use the group keyword to form a multipathing group. When multipathing groups are used, the functionality of the interface group is subsumed into the functionality of the multipathing group. A multipathing group provides failure detection and repair detection for the interfaces in the group. See in.mpathd(1M) and System Administration Guide, Volume 3. The interface groups formed using ndd(1M) will be made obsolete in the future. Accordingly, it is advisable to use form multipathing groups using the group keyword. CONFIGURING IPv6 INTERFACES When an IPv6 physical interface is plumbed and configured "up" with ifconfig, it is automatically assigned an IPv6 link-local address for which the last 64 bits are calculated from the MAC address of the interface. ifconfig le0 inet6 plumb up The following example shows that the link-local address has a prefix of fe80::/10. ifconfig le0 inet6 le0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:fe8e:f3ad/10 If an advertising IPv6 router exists on the link advertising prefixes, then the newly plumbed IPv6 interface will auto- configure logical interface(s) depending on the prefix advertisements. For example, for prefix advertisements fec0:0:0:55::/64 and 3ff0:0:0:55::/64, the autoconfigured interfaces will look like: le0:1: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2 inet6 fec0::55:a00:20ff:fe8e:f3ad/64 le0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2 inet6 3ff0::55:a00:20ff:fe8e:f3ad/64 Even if there are no prefix advertisements on the link, you can still assign site-local and global addresses manually, for example: ifconfig le0 inet6 addif fec0::55:a00:20ff:fe8e:f3ad/64 up ifconfig le0 inet6 addif 3ff0::55:a00:20ff:fe8e:f3ad/64 up To configure boot-time defaults for the interface le0, place the following entries in the /etc/hostname6.le0 file: addif fec0::55:a00:20ff:fe8e:f3ad/64 up addif 3ff0::55:a00:20ff:fe8e:f3ad/64 up Link-local addresses are only used for on-link communication and are not visible to other subnets. Configuring IPv6/IPv4 tunnels An IPv6 over IPv4 tunnel interface can send and receive IPv6 packets encapsulated in an IPv4 packet. Create tunnels at both ends pointing to each other. IPv6 over IPv4 tunnels require the tunnel source and tunnel destination IPv4 and IPv6 addresses. Solaris 8 supports both automatic and con- figured tunnels. For automatic tunnels, an IPv4-compatible IPv6 address is used. The following demonstrates auto-tunnel configuration: ifconfig ip.atun0 inet6 plumb ifconfig ip.atun0 inet6 tsrc <IPv4-address> \ ::<IPv4 address>/96 up where IPv4-address is the IPv4 address of the interface through which the tunnel traffic will flow, and IPv4- address, ::<IPv4-address>, is the corresponding IPv4- compatible IPv6 address. The following is an example of a configured tunnel: ifconfig ip.tun0 inet6 plumb tsrc <my-ipv4-address> \ tdst <peer-ipv4-address> up This creates a configured tunnel between my-ipv4-address and peer-ipv4-address with corresponding link-local addresses. For tunnels with global or site-local addresses, the logical tunnel interfaces need to be configured in the following form: ifconfig ip.tun0 inet6 addif <my-v6-address> <peer-v6-address> up For example, ifconfig ip.tun0 inet6 plumb tsrc 109.146.85.57 \ tdst 109.146.85.212 up ifconfig ip.tun0 inet6 addif 2::45 2::46 up To show all IPv6 interfaces that are up and configured: ifconfig -au6 ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> mtu 1480 index 3 inet tunnel src 109.146.85.57 tunnel dst 109.146.85.212 inet6 fe80::6d92:5539/10 --> fe80::6d92:55d4 ip.tun0:1: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> mtu 1480 index 3 inet6 2::45/128 --> 2::46Example 1: Using the ifconfig Command
If your workstation is not attached to an Ethernet, the le0 interface should be marked "down" as follows: ifconfig le0 downExample 2: Printing Addressing Information
To print out the addressing information for each interface, use the following command: ifconfig -aExample 3: Resetting the Broadcast Address
To reset each interface's broadcast address after the net- masks have been correctly set, use the next command: ifconfig -a broadcast +Example 4: Changing the Ethernet Address
To change the Ethernet address for interface le0, use the following command: ifconfig le0 ether aa:1:2:3:4:5Example 5: Configuring an IP-in-IP Tunnel
To configure an IP-in-IP tunnel, first plumb it with the following command: ifconfig ip.tun0 plumb Then configure it as a point-to-point interface, supplying the tunnel source and the tunnel destination: ifconfig ip.tun0 myaddr mydestaddr tsrc another_myaddr \ tdst a_dest_addr up Tunnel security properties must be configured on one invoca- tion of ifconfig: ifconfig ip.tun0 encr_auth_algs md5 encr_algs 3desExample 6: Requesting a Service Without Algorithm Preference
To request a service without any algorithm preferences, specify any: ifconfig ip.tun0 encr_auth_algs any encr_algs anyExample 7: Disabling All Security
To disable all security, specify any security service with none as the algorithm value: ifconfig ip.tun0 auth_algs none or ifconfig ip.tun0 encr_algs noneFILES
/etc/netmasks" netmask dataATTRIBUTES
See attributes(5) for descriptions of the following attri- butes: /usr/sbin ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________| | Stability Level for options | Evolving | | modlist, modinsert, and | | | modremove | | |_____________________________|_____________________________| /sbin ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsr | |_____________________________|_____________________________| | Stability Level for options | Evolving | | modlist, modinsert, and | | | modremove | | |_____________________________|_____________________________|SEE ALSO
dhcpinfo(1), dhcpagent(1M), in.mpathd(1M), in.routed(1M), ndd(1M), netstat(1M), ethers(3SOCKET), gethostbyname(3NSL), getnetbyname(3SOCKET), hosts(4), netmasks(4), network(4), nsswitch.conf(4), attributes(5), arp(7P),ipsecah(7P),ipsecesp(7P),tun(7M) System Administration Guide, Volume 3DIAGNOSTICS
ifconfig sends messages that indicate if: + the specified interface does not exist + the requested address is unknown + the user is not privileged and tried to alter an interface's configurationNOTES
It is recommended that the names broadcast, down, private, trailers, up, and the other possible option names not be selected when choosing host names. Choosing any one of these names as host names will cause bizarre problems that can be extremely difficult to diagnose. SunOS 5.8 Last change: 20 Jul 2001 18