dladm(1m) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

dladm(1m)

Name
     dladm - administer data links

Synopsis
     dladm


     dladm show-link [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [link]

     dladm rename-link [-R root-dir] link new-link


     dladm delete-phys phys-link

     dladm show-phys [-PZ] [-Lm] [[-p] -o field[,...]] [-H]

          [-z zone[,...]] [-D [dcb-feature]] [-lr]] [phys-link]


     dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode]

          [-T time] [-u address] -l ether-link1 [-l ether-link2...] aggr-link

     dladm modify-aggr [-t] [-R root-dir] [-m mode] [-P policy] [-L lacpmode]

          [-T time] [-u address] aggr-link

     dladm delete-aggr [-t] [-R root-dir] aggr-link

     dladm add-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]

          aggr-link

     dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [-l ether-link2...]

          aggr-link

     dladm show-aggr [-PLxZS] [[-p] -o field[,...]] [-z zone[,...]] [aggr-link]


     dladm create-bridge [-P protect] [-R root-dir] [-p priority]

          [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]

          [-l link...] bridge-name

     dladm modify-bridge [-P protect] [-R root-dir] [-p priority]

          [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol]

          bridge-name

     dladm delete-bridge [-R root-dir] bridge-name

     dladm add-bridge [-R root-dir] -l link [-l link...]bridge-name

     dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name

     dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o field,...]

          [bridge-name]


     dladm create-vlan [-ft] [-R root-dir] -l ether-link -v

               vid[,pvlan-svid[,pvlan-type]] [vlan-link]

     dladm modify-vlan [-t] [-R root-dir] [-l ether-link] [-v

               vid[,pvlan-svid[,pvlan-type]] [-f]]

            {vlan-link,[vlan-link,...] | -L ether-link}

     dladm delete-vlan [-t] [-R root-dir] vlan-link

     dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [vlan-link]


     dladm scan-wifi [[-p] -o field[,...]] [wifi-link]

     dladm connect-wifi [-e essid] [-i bssid] [-k key,...]

          [-s none | wep | wpa ] [-a open | shared] [-b bss | ibss] [-c]

          [-m a | b | g | n ] [-T time] [wifi-link]

     dladm disconnect-wifi [-a] [wifi-link]

     dladm show-wifi [-Z] [[-p] -o field[,...]] [-z zone[,...]] [wifi-link]


     dladm show-ether [-xZ] [[-p] -o field[,...]] [-z zone[,...]]

          [-P protocol] [ether-link]


     dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...] link

     dladm reset-linkprop [-t] [-R root-dir] [-p prop[,...]] link

     dladm show-linkprop [-HPZ] [[-c] -o field[,...]] [-p prop[,...]]

          [-z zone[,...]] [link]

     dladm create-secobj [-t] [-R root-dir] [-f file] -c class secobj

     dladm delete-secobj [-t] [-R root-dir] secobj[,...]

     dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]


     dladm create-vnic [-t] [-f] -l link [-R root-dir] [-m value | auto |

               {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}

               | {random [-r prefix]}] [-v vlan-id]

               [-P pkey] [-p prop=value[,...]] vnic-link

     dladm create-vnic -t -c <evsname>[/<vportname>] [-T <tenant>] <vnic-link>

    dladm modify-vnic [-t] [-R root-dir] [-l link]  [-m value | auto

          {factory [-n slot-identifier]} | {vrrp -A {inet | inet6} -V vrid}

          | {random [-r prefix]}] [-v vlan-id[,pvlan-svid[,pvlan-type]]]

          {vnic-link,[vnic-link,...] | -L link}

     dladm delete-vnic [-t] [-R root-dir] vnic-link

     dladm show-vnic [-P | {-z zone[,..]}] [[-p] -o field[,..]] [-l link]

     [vnic-link]

     dladm show-vnic [-Zmv] [-l link] [vnic-link]


     dladm create-etherstub [-t] [-R root-dir] etherstub

     dladm delete-etherstub [-t] [-R root-dir] etherstub

     dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]


     dladm create-iptun [-t] [-R root-dir] -T type [-a {local|remote}=addr,...]

          iptun-link

     dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,...

          iptun-link

     dladm delete-iptun [-t] [-R root-dir] iptun-link

     dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]] [iptun-link]
     dladm create-part [-t] [-f] -l ib-link [-R root-dir] -P pkey

          [-p prop=value[,...]] part-link

     dladm delete-part [-t] [-R root-dir] part-link

     dladm show-part [-pP] [-o field[,...]] [-l ib-link]  [part-link]


     dladm show-ib [-pP] [-o field[,...]] [ib-link]


     dladm create-eoib [-t] [-R root-dir] -l ib-link -g gw-system-name

          -c gw-eth-port eoib-link

     dladm delete-eoib [-t] [-R root-dir] eoib-link

     dladm show-eoib [-PZ] [-g gw-system-name] [-l ib-link] [[-p]

          -o field[,...]] [-z zone [,...]] [eoib-link]

     dladm show-ib [-pP] [-o field[,...]] [ib-link]


     dladm create-vxlan [-t] [-R root-dir] -p vni=<vxlan id>,addr=<ip_address>[,prop=value[,...]]

               vxlan-link

     dladm create-vxlan [-t] [-R root-dir] -p vni=<vxlan id>,interface=<interface_name>[,prop=value[,...]]

               vxlan-link

     dladm show-vxlan [-pP] [-o field[,...]] [vxlan-link]

     dladm delete-vxlan [-t] [-R root-dir] vxlan-link


     dladm create-cap  [-t] [-R root-dir] cap-link

     dladm show-cap [-pP] [-o  field[,...]] [cap-link]

     dladm delete-cap  [-t] [-R root-dir] cap-link


     dladm help [subcommand-name]

Description
     The dladm command is used to administer data-links. A  data-
     link  is  represented  in  the system as a STREAMS DLPI (v2)
     interface which can be plumbed under protocol stacks such as

     TCP/IP.  Each  data-link  relies  on either a single network
     device or an aggregation of devices to send  packets  to  or
     receive packets from a network.


     All link configuration is part of  a  Network  Configuration
     Profile  (NCP).  Any number of NCPs may be defined on a sys-
     tem, but there will always be one active NCP.  Changes  made
     using  the  dladm  command  will be applied to the currently
     active NCP.


     NCPs may be `fixed' or `reactive'. There is one  fixed  NCP,
     called  DefaultFixed.  This  NCP will have all of its confi-
     guration applied immediately upon activation, and the system
     will  not  make  any  changes,  regardless of the success or
     failure of any part of the configuration. There may  be  any
     number of reactive NCPs; these NCPs will be applied based on
     additional policy rules that make up the  profile,  and  the
     system   configuration   may  be  changed  automatically  in
     response to changes in the network conditions, based on  the
     NCP's  policy rules. The policy rules for a reactive NCP may
     be created using the netcfg(1M) command.


     Each dladm subcommand  operates  on  one  of  the  following
     objects:

     link
         A datalink, identified by a name. The  name  can  be  at
         most  30  characters,  and must start with an alphabetic
         character and end with a number between 0 and 4294967294
         (inclusive). A number with leading zeroes is not permit-
         ted. The rest of the name can  use  any  combination  of
         alphanumeric  characters,  along  with  `.'  and `_'. In
         addition, datalink names may also  contain  the  special
         delimiter characters `/' and `-', as described below.

         When viewed from the global  zone,  datalinks  inside  a
         zone will have a prefix (identifying the zone), followed
         by a  `/'  and  the  traditional  datalink  name.  Thus,
         datalink  "net0"  inside  zone  "myzone"  will appear as
         "myzone/net0" when viewed from  the  global  zone.  This
         ensures that the datalink names are always unique.

         Datalinks created externally to  dladm  will  contain  a
         prefix (identifying the creator) followed by a `-' and a
         traditional   datalink   name   (for   example,   ldoms-
         vsw1.port2).    This   ensures  that  externally-created
         datalinks will not have naming  conflicts.  Accordingly,
         dladm  cannot  be  used to create datalinks that contain
         `-'.

         Some  subcommands  operate  only  on  certain  types  or
         classes  of  datalinks.  For  those cases, the following
         object names are used:

         aggr-link
             An aggregation datalink (or a key; see NOTES).


         ether-link
             A physical Ethernet datalink.


         eoib-link
             An Ethernet-over-InfiniBand (EoIB) datalink.


         iptun-link
             An IP tunnel link.


         part-link
             An InfiniBand (IB) partition data link.


         phys-link
             A physical datalink.


         vlan-link
             A VLAN datalink.


         vnic-link
             A virtual network interface created on a link or  an
             etherstub. It is a pseudo device that can be treated
             as if  it  were  an  network  interface  card  on  a
             machine.


         wifi-link
             A WiFi datalink.



     bridge
         A bridge instance, identified  by  an  administratively-
         chosen   name.   The   name  may  use  any  alphanumeric
         characters or the underscore, _, but must start and  end
         with  an  alphabetic  character. A bridge name can be at
         most 31 characters. The name default is reserved, as are
         all names starting with SUNW.

         Note that appending a zero (0) to a bridge name produces
         a valid link name, used for observability.

         Also note that the bridge-related subcommands, described
         with  dladm  subcommands  below, require installation of
         the pkg://solaris/network/bridging package.


     dev
         A network  device,  identified  by  concatenation  of  a
         driver name and an instance number.


     etherstub
         An Ethernet stub can be used instead of a  physical  NIC
         to  create  VNICs.  VNICs  created  on an etherstub will
         appear to be connected through a virtual switch,  allow-
         ing complete virtual networks to be built without physi-
         cal hardware.


     part
         An IB partition link created on a IB physical link.


     secobj
         A secure  object,  identified  by  an  administratively-
         chosen  name.  The name can use any alphanumeric charac-
         ters, as well as underscore (_), period (.), and  hyphen
         (-). A secure object name can be at most 32 characters.



     dladm  is  implemented  as  a  set   of   subcommands   with
     corresponding  options. Options are described in the context
     of each subcommand. Many of the subcommands have  the   fol-
     lowing as a common option:

     -R root-dir, --root-dir=root-dir
         Specifies  an  alternate  root   directory   where   the
         operation-such as creation, deletion, or renaming-should
         apply.

     dladm also supports a command form with no  arguments.  When
     invoked  this way, dladm displays basic configuration infor-
     mation for all datalinks on a system. See EXAMPLES.

  SUBCOMMANDS
     The following subcommands are supported:

     dladm show-link [-PZ] [[-p] -o field[,...]] [-z zone[,...]]
     [link]
         Show  link  configuration  information  either  for  all
         datalinks  or  for  the  specified link. By default, the
         system is configured with one datalink  for  each  known
         network  device.  The option to print link statistics is
         moved to dlstat(1M).

         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one fields
             listed below, or the special value  all  to  display
             all  fields.  By  default  (without  -o),  show-link
             displays all fields.

             LINK
                 The name of the datalink.


             ZONE
                 The current zone of the datalink.


             CLASS
                 The class of the datalink.  dladm  distinguishes
                 between the following classes:

                 aggr
                     Link Aggregation  either  as  Datalink  Mul-
                     tipathing  (dlmp) or IEEE 802.3ad trunk. The
                     show-aggr subcommand displays  more  details
                     for this class of datalink.


                 bridge
                     A  bridge   instance,   identified   by   an
                     administratively-chosen name.


                 eoib
                     An EoIB interface. The show-eoib  subcommand
                     displays  more  detail  for  this  class  of
                     datalink.


                 etherstub
                     Instance of an etherstub. An  Ethernet  stub
                     can  be  used  instead  of a physical NIC to
                     create VNICs. VNICs created on an  etherstub
                     will  appear  to be connected through a vir-
                     tual switch, allowing complete virtual  net-
                     works to be built without physical hardware.


                 iptun
                     An instance of an IP tunnel link.


                 part
                     An IP-over-IB interface. The show-part  sub-
                     command  displays more detail for this class
                     of datalink.


                 phys
                     A physical datalink. The  show-phys  subcom-
                     mand  displays more detail for this class of
                     datalink.


                 vlan
                     A VLAN datalink.  The  show-vlan  subcommand
                     displays  more  detail  for  this  class  of
                     datalink.


                 vnic
                     A virtual network interface.  The  show-vnic
                     subcommand  displays  more  detail  for this
                     class of datalink.



             MTU
                 The  maximum  transmission  unit  size  for  the
                 datalink being displayed.

             STATE
                 The virtual link  state  of  the  datalink.  The
                 state can be up, down, or unknown. When a NIC is
                 carved up into multiple  virtual  NICs  (VNICs),
                 then  a  virtual switch is created internally to
                 allow the VNICs and the primary datalink to com-
                 municate  as  long as they are on the same VLAN.
                 These datalinks can talk to each other, even  if
                 the physical datalink has no connection with the
                 external network. This forms  the  virtual  link
                 state of the datalink.


             BRIDGE
                 The name of the bridge to  which  this  link  is
                 assigned, if any.


             OVER
                 The physical datalink(s) over which the datalink
                 is  operating.  This  applies  to  aggr, bridge,
                 eoib, vlan and  part  classes  of  datalinks.  A
                 VLAN,  IB partition, or EoIB datalink is created
                 over a single physical datalink,  a  bridge  has
                 multiple  attached  links, and an aggregation is
                 comprised of one or more physical datalinks.



         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -P, --persistent
             Display the persistent link configuration.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             Display links from the specified zones. By  default,
             dladm displays links in all the zones when it is run
             from the global zone. The links in other  zones  are
             displayed  with  the  corresponding  zonename as its
             prefix, followed by the  slash  (/)  separator.  For
             example, zone1/net0

             When run from a  non-global  zone,  this  subcommand
             displays  only  links  from  that zone. A non-global
             zone cannot see links in other zones.



     dladm rename-link [-R root-dir] link new-link
         Rename link to new-link. This is used to give a  link  a
         meaningful  name,  or  to associate existing link confi-
         guration such as link properties  of  a  removed  device
         with a new device. See the EXAMPLES section for specific
         examples of how this subcommand is used.

         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm delete-phys phys-link
         This command is used to delete the persistent configura-
         tion  of  a link associated with physical hardware which
         has been removed from the system.

         Layer 3 components  such  as  ip  interfaces  should  be
         deleted  manually  using  the ipadm delete commands. See
         the EXAMPLES section.


     dladm show-phys [-PZ] [-Lm] [[-p] -o field[,...]] [-H] [-z
     zone[,...]] [-D [dcb-feature] [-lr]] [-V] [phys-link]
         Show the physical device and attributes of all  physical
         links,  or  of the named physical link. Without -P, only
         physical links that are available on the running  system
         are displayed.

         -D [dcb-feature]
             Show DCB (Data Center  Bridging)-related  configura-
             tion  information  on  the phys-link. Supported dcb-
             features include ets (Enhanced  Transmission  Selec-
             tion,  IEEE  802.1Qaz)  and pfc (Priority-based Flow
             Control, IEEE 802.1Qbb). The output for  dcb-feature
             is unstable.

             Output from -D ets displays the  following  elements
             for ETS DCB feature:

             LINK
                 The name of the datalink.


             COS
                 802.1p priority value.


             ETSBW_LCL_EFFECT
                 The effective ETS BW as a percentage for the CoS
                 (802.1p priority) value.


             ETSBW_RMT_EFFECT
                 The effective ETS BW as a percentage for the CoS
                 (802.1p priority) value on the peer.


             ETSBW_LCL_SOURCE
                 Indicates the source for ETSBW_LCL_EFFECT value.
                 This  could  be  either  local  (configured)  or
                 remote (recommended) value.


             CLIENTS
                 MAC clients that are using the CoS value.



         -l
             For ETS DCB feature,  this  shows  additional  local
             information:

             ETSBW_LCL
                                  The configured ETS BW as a per-
                                  centage  for  the  CoS  (802.1p
                                  priority) value.


             ETSBW_LCL_EFFECT
                                  The effective ETS BW as a  per-
                                  centage  for  the  CoS  (802.1p
                                  priority) value.


             ETSBW_LCL_ADVICE:
                                  The ETS  BW  as  a   percentage
                                  for   the CoS (802.1p priority)
                                  value that  is  recommended  by
                                  the peer.

         -r
             For ETS DCB feature, this  shows  additional  remote
             information:

             ETSBW_RMT_EFFECT
                                 The effective ETS BW as  a  per-
                                 centage   for  the  CoS  (802.1p
                                 priority) value on the peer.


             ETSBW_RMT_ADVICE:
                                  The ETS BW as a  percentage for
                                  the CoS (802.1p priority) value
                                  that  is  recommended  to   the
                                  peer.

             Output from -D  pfc  displays  the  LINK,  COS,  and
             CLIENTS  fields, just the same as the -D ets output.
             In addition, -D pfc displays the following  elements
             specifically for PFC DCB feature:

             PFC
                 If the configured PFC is  enabled  for  the  CoS
                 (802.1p priority) value.


             PFC_EFFECT
                 If the effective PFC  is  enabled  for  the  CoS
                 (802.1p priority) value.



         -H
             Show hardware resource usage, as returned by the NIC
             driver.  Output  from -H displays the following ele-
             ments:

             LINK
                 The name of the datalink.


             RINGTYPE
                 The type of the ring, either RX or TX.


             RINGS
                 The ring index. A ring is an hardware  resource,
                 which  typically maps to a DMA channel, that can
                 be programmed for specific use. For example,  an
                 RX  ring can be programmed to receive only pack-
                 ets belonging to a specific MAC address.

             CLIENTS
                 MAC clients that are using the rings.



         -L
             Display  location  information  for   the   physical
             devices/links.  Output is in location order-that is,
             onboard devices before expansion slots-and  location
             information (for example, PCIexp Slot 2, MB) is sup-
             plied where available.  Output from -L supports  the
             following elements:

             LINK
                 A physical device corresponding to a NIC driver.


             DEVICE
                 The name of the physical device under this link.


             LOC
                 Physical  location  description  string   (where
                 available).



         -m
             Display the list of  factory  MAC  addresses,  their
             slot identifiers, and their availability.


         -V
             Display SR-IOV information for a physical link.  The
             output shows:

             LINK
                          The physical link name.


             VFS-AVAIL
                          The number of  VFs  available  on  this
                          physical link.


             VFS-INUSE
                          The number of VFs in use by this physi-
                          cal link.

             FLAGS
                          The only  possible  flag  is  l,  which
                          stands  for LDOMs-managed. If this flag
                          is set,  dladm  will  not  be  able  to
                          create VF VNICs on this physical link.



         -o field, --output=field
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the special  value  all,  to
             display  all  fields.  For  each link, the following
             fields can be displayed:

             LINK
                 The name of the datalink.


             MEDIA
                 The  media  type  provided   by   the   physical
                 datalink.


             STATE
                 The physical link state of  the  datalink.  This
                 can  be  up, down, or unknown. The physical link
                 state identifies whether the physical device has
                 connectivity with the external network (it does,
                 if the cable is plugged in and the state of  the
                 port on the other end of the cable is "up").


             SPEED
                 The current speed of the link, in  megabits  per
                 second.


             DUPLEX
                 For Ethernet links, the full/half duplex  status
                 of  the  link  is displayed if the link state is
                 up. The duplex is displayed as  unknown  in  all
                 other cases.


             DEVICE
                 The name of the physical device under this link.

         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -P, --persistent
             This option displays  persistent  configuration  for
             all  links,  including  those that have been removed
             from the system. The output provides a FLAGS  column
             in which the r flag indicates that the physical dev-
             ice  associated  with  a  physical  link  has   been
             removed.  For such links, delete-phys can be used to
             purge the link's configuration from the system.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.

         By default, Solaris assigns link names with  the  prefix
         of  net.  Before installing Solaris, you can change this
         default  by  modifying  the  value  of   the   linkname-
         policy/phys-prefix   SMF   property   of   the   service
         svc:/network/datalink-management:default. Specify a  new
         value for this property in the System Configuration man-
         ifests used the  Automated  Install  (AI)  program.  See
         Chapter  2, Administering Datalink Configuration in Ora-
         cle Solaris, in Configuring and  Managing  Network  Com-
         ponents in Oracle Solaris 11.3 for details.


     dladm create-aggr [-t] [-R root-dir] [-m mode] [-P policy]
     [-L lcapmode] [-T time] [-u address] -l ether-link1 [-l
     ether-link2...] aggr-link
         Combine a set of links into a  single  link  aggregation
         named  aggr-link. The aggregation could be Datalink Mul-
         tipathing (dlmp) or IEEE 802.3ad compliant. The  use  of
         an  integer key to generate a link name for the aggrega-
         tion is also supported for backward compatibility.  Many
         of  the *-aggr subcommands below also support the use of
         a key to refer to a given aggregation, but  use  of  the
         aggregation  link  name is preferred. See the NOTES sec-
         tion for more information on keys.

         dladm supports a number of port selection  policies  for
         an  aggregation of ports. (See the description of the -P
         option, below.) If you do not specify a policy,  create-
         aggr  uses  the  default, the L4 policy, described under
         the -P option.

         -l ether-link, --link=ether-link
             Each Ethernet link (or port) in the  aggregation  is
             specified using an -l option followed by the name of
             the link to be included in the aggregation. Multiple
             links  are included in the aggregation by specifying
             multiple -l options. For backward compatibility with
             previous versions of Solaris, the dladm command also
             supports the using the -d option (or --dev)  with  a
             device  name  to  specify  links by their underlying
             device name. The other *-aggr subcommands that  take
             -loptions also accept -d.


         -t, --temporary
             Specifies that the aggregation  is  temporary.  Tem-
             porary aggregations last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -m mode
             Mode must be set to one of the following:

             trunk
                 IEEE  802.3ad  compliant  link  aggregation.  If
                 unspecified, mode is trunk.


             dlmp
                 Datalink Multipathing mode. A layer 2 high avai-
                 lability  technology  that  can provide failover
                 among multiple switches, and  does  not  require
                 switch  configuration.  A  dlmp link aggregation
                 can  also  aggregate  ports  connected  to  same
                 switch.  However,  it cannot be used in back-to-
                 back setup.

                 An dlmp  link  aggregation  is  limited  in  its
                 load-spreading  ability:  MAC clients configured
                 on plumbed dlmp aggr are distributed across  all
                 aggr  ports  but an individual MAC client cannot
                 spread load across multiple ports.

                 This mode is not IEEE 802.3ad compliant. Setting
                 policy, lacpmode, time or MAC address is invalid
                 in this mode.



         -P policy, --policy=policy

             Specifies the port selection policy to use for  load
             spreading  of outbound traffic. The policy specifies
             which dev object is used to send packets.  A  policy
             is a list of one or more layers specifiers separated
             by commas. A layer specifier is one of  the  follow-
             ing:

             L2
                 Select outbound device according to  source  and
                 destination MAC addresses of the packet.


             L3
                 Select outbound device according to  source  and
                 destination IP addresses of the packet.


             L4
                 Select outbound device according  to  the  upper
                 layer  protocol  information  contained  in  the
                 packet. For TCP and UDP,  this  includes  source
                 and  destination ports. For IPsec, this includes
                 the SPI (Security Parameters Index).

             For example, to use upper  layer  protocol  informa-
             tion, the following policy can be used:

               -P L4


             Note that policy L4 is the default.

             To use the source and destination MAC  addresses  as
             well as the source and destination IP addresses, the
             following policy can be used:

               -P L2,L3

         -L lacpmode, --lacp-mode=mode
             Specifies whether LACP should be used and, if  used,
             the  mode  in  which  it  should  operate. Supported
             values are off, active or passive.


         -T time, --lacp-timer=time

             Specifies the LACP timer value. The supported values
             are short or long.


         -u address, --unicast=address
             Specifies a fixed unicast  hardware  address  to  be
             used  for  the  aggregation.  If  this option is not
             specified, then an address is  automatically  chosen
             from the set of addresses of the component devices.



     dladm modify-aggr [-t] [-R root-dir] [-m mode] [-P policy]
     [-L lacpmode] [-T time] [-u address] aggr-link
         Modify the parameters of the specified aggregation.

         -t, --temporary
             Specifies that the modification is  temporary.  Tem-
             porary aggregations last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -m mode
             See description of -m mode option under  create-aggr
             subcommand, above.


         -P policy, --policy=policy
             Specifies the port selection policy to use for  load
             spreading of outbound traffic. See dladm create-aggr
             for a description of valid policy values.


         -L lacpmode, --lacp-mode=mode
             Specifies whether LACP should be used and, if  used,
             the  mode  in  which  it  should  operate. Supported
             values are off, active, or passive.

         -T time, --lacp-timer=time

             Specifies the LACP timer value. The supported values
             are short or long.


         -u address, --unicast=address
             Specifies a fixed unicast  hardware  address  to  be
             used  for  the  aggregation.  If  this option is not
             specified, then an address is  automatically  chosen
             from the set of addresses of the component devices.

             (Note  that  modification  of  the   fixed   unicast
             hardware   address   will  override  any  previously
             defined mac-address link property  defined  for  the
             aggregation. See "General Link Properties".)



     dladm delete-aggr [-t] [-R root-dir] aggr-link
         Deletes the specified aggregation.

         -t, --temporary
             Specifies that the deletion is temporary.  Temporary
             deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm add-aggr [-t] [-R root-dir] -l ether-link1 [--
     link=ether-link2...] aggr-link
         Adds links to the specified aggregation.

         -l ether-link, --link=ether-link
             Specifies an Ethernet link to add  to  the  aggrega-
             tion.  Multiple links can be added by supplying mul-
             tiple -l options.


         -t, --temporary
             Specifies that the  additions  are  temporary.  Tem-
             porary additions last until the next reboot.

         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm remove-aggr [-t] [-R root-dir] -l ether-link1 [--
     l=ether-link2...] aggr-link
         Removes links from the specified aggregation.

         -l ether-link, --link=ether-link
             Specifies an Ethernet link to remove from the aggre-
             gation.  Multiple  links  can  be added by supplying
             multiple -l options.


         -t, --temporary
             Specifies that the removals are temporary. Temporary
             removal last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-aggr [-PLxZS] [[-p] -o field[,...]] [-z
     zone[,...]] [aggr-link]
         Show  aggregation  configuration  (the  default),   LACP
         information  or DLMP probe-based failure/recovery detec-
         tion status either  for  all  aggregations  or  for  the
         specified aggregation.

         By default (with no options), the following  fields  can
         be displayed:

         LINK
             The name of the aggregation link.


         MODE
             The aggregation mode, either trunk or dlmp.


         POLICY
             The LACP policy of the aggregation. See the  create-
             aggr  -P  option  for  a description of the possible
             values.

         ADDRPOLICY
             Either auto, if the  aggregation  is  configured  to
             automatically configure its unicast MAC address (the
             default if the -u option was not used to  create  or
             modify the aggregation), or fixed, if -u was used to
             set a fixed MAC address.


         LACPACTIVITY
             The LACP mode of the  aggregation.  Possible  values
             are off, active, or passive, as set by the -l option
             to create-aggr or modify-aggr.


         LACPTIMER
             The LACP timer value of the aggregation  as  set  by
             the -T option of create-aggr or modify-aggr.

         The following field is not part of the  default  output,
         but can be queried using -o.

         FLAGS
             A set of state flags associated  with  the  aggrega-
             tion.   The  only  possible  flag  is  f,  which  is
             displayed if the administrator forced  the  creation
             the  aggregation using the -f option to create-aggr.
             Other flags might be defined in the future.

         The show-aggr command accepts the following options:

         -L, --lacp
             Displays detailed LACP information for the  aggrega-
             tion  link  and  each  underlying  port. Most of the
             state  information  displayed  by  this  option   is
             defined by IEEE 802.3. With this option, the follow-
             ing fields can be displayed:

             LINK
                 The name of the aggregation link.


             PORT
                 The name of one of  the  underlying  aggregation
                 ports.


             AGGREGATABLE
                 Whether  the  port   can   be   added   to   the
                 aggregation.


             SYNC
                 If yes, the system considers the port to be syn-
                 chronized and part of the aggregation.


             COLL
                 If yes, collection of incoming frames is enabled
                 on the associated port.


             DIST
                 If  yes,  distribution  of  outgoing  frames  is
                 enabled on the associated port.


             DEFAULTED
                 If yes, the  port  is  using  defaulted  partner
                 information (that is, has not received LACP data
                 from the LACP partner).


             EXPIRED
                 If yes, the receive state of the port is in  the
                 EXPIRED state.



         -x, --extended
             Display additional aggregation information including
             detailed  information  on each underlying port. With
             -x, the following fields can be displayed:

             LINK
                 The name of the aggregation link.


             PORT
                 The name of one of  the  underlying  aggregation
                 ports.


             SPEED
                 The speed of the link or port  in  megabits  per
                 second.

             DUPLEX
                 The full/half duplex status of the link or  port
                 is displayed if the link state is up. The duplex
                 status is displayed  as  unknown  in  all  other
                 cases.


             STATE
                 The  link  state.  This  can  be  up,  down,  or
                 unknown.


             ADDRESS
                 The MAC address of the link or port.


             PORTSTATE
                 This indicates whether the  individual  aggrega-
                 tion port is in the standby or attached state.



         -S
             Displays detailed probe information  for  the  given
             DLMP aggregation link and each underlying port. With
             -S, the following fields can be displayed:

             LINK
                         The name of the aggregation link.


             PORT
                         The name of one of the underlying aggre-
                         gation ports.


             FLAGS
                         The four  letters  of  the  FLAGS  field
                         represent:

                         link state
                                         `u' for link up, `d' for
                                         link  down  or  `-'  for
                                         unknown link state.


                         prober state
                                         `p'  for  elected   ICMP
                                         prober   (in   case  all
                                         ports are failed).


                         L2 state
                                         `2' for "L2 active".

                         ICMP state
                                         `3' for "ICMP active".



             STATE
                         The state of the port.  Possible  values
                         can be "active", "failed or "unknown".


             TARGETS
                         The active ICMP targets for this port.


             XTARGETS
                         The active transitive probe targets  for
                         this port.



         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed above, or the special  value  all,  to
             display  all fields. The fields applicable to the -o
             option are limited to those listed under each output
             mode.  For  example,  if  using  -L, only the fields
             listed under -L, above, can be used with -o.


         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -P, --persistent
             Display  the  persistent  aggregation  configuration
             rather than the state of the running system.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.



     dladm create-bridge [ -P protect] [-R root-dir] [ -p prior-
     ity] [ -m max-age] [ -h hello-time] [ -d forward-delay] [ -f
     force-protocol] [-l link...] bridge-name

         Create an 802.1D bridge instance and  optionally  assign
         one or more network links to the new bridge. By default,
         no bridge instances are present on the system.

         In order to bridge between links,  you  must  create  at
         least  one  bridge  instance.  Each  bridge  instance is
         separate, and there is no forwarding connection  between
         bridges.

         Note that the bridge-related subcommands,  create-bridge
         among     them,     require    installation    of    the
         pkg://solaris/network/bridging package.

         -P protect, --protect=protect
             Specifies a protection method. The  defined  protec-
             tion  methods are stp for the Spanning Tree Protocol
             and trill for TRILL, which is used on RBridges.  The
             default value is stp.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -p priority, --priority=priority
             Specifies the Bridge Priority. This  sets  the  IEEE
             STP  priority  value for determining the root bridge
             node in the network. The  default  value  is  32768.
             Valid  values  are  0  (highest  priority)  to 61440
             (lowest priority), in increments of 4096.

             If a value not evenly divisible by 4096 is used, the
             system  silently  rounds  downward to the next lower
             value that is divisible by 4096.


         -m max-age, --max-age=max-age
             Specifies the maximum age for configuration informa-
             tion  in  seconds.  This sets the STP Bridge Max Age
             parameter. This value is used for all nodes  in  the
             network if this node is the root bridge. Bridge link
             information older than this time  is  discarded.  It
             defaults  to  20 seconds. Valid values are from 6 to
             40 seconds. See the -d forward-delay  parameter  for
             additional constraints.


         -h hello-time, --hello-time=hello-time
             Specifies the STP Bridge Hello Time parameter.  When
             this  node  is the root node, it sends Configuration

             BPDUs at this interval throughout the  network.  The
             default  value is 2 seconds. Valid values are from 1
             to 10 seconds. See the  -d  forward-delay  parameter
             for additional constraints.


         -d forward-delay, --forward-delay=forward-delay
             Specifies the STP Bridge  Forward  Delay  parameter.
             When this node is the root node, then all bridges in
             the network use this  timer  to  sequence  the  link
             states  when a port is enabled. The default value is
             15 seconds. Valid values are from 4 to 30 seconds.

             Bridges must obey the following two constraints:

               2 * (forward-delay - 1.0) >= max-age



               max-age >= 2 * (hello-time + 1.0)


             Any parameter setting that would violate those  con-
             straints  is treated as an error and causes the com-
             mand to fail with a diagnostic message. The  message
             provides valid alternatives to the supplied values.


         -f force-protocol, --force-protocol=force-protocol
             Specifies the MSTP forced maximum  supported  proto-
             col.  The  default value is 3. Valid values are non-
             negative integers. The current  implementation  does
             not  support  RSTP or MSTP, so this currently has no
             effect. However, to prevent MSTP from being used  in
             the  future,  the  parameter may be set to 0 for STP
             only or 2 for STP and RSTP.


         -l link, --link=link
             Specifies one or more links to  add  to  the  newly-
             created  bridge.  This  is  similar  to creating the
             bridge and then adding one or more  links,  as  with
             the  add-bridge  subcommand.  However, if any of the
             links cannot be added, the entire command fails, and
             the  new bridge itself is not created. To add multi-
             ple links on the  same  command  line,  repeat  this
             option  for  each  link. You are permitted to create
             bridges without links. For  more  information  about
             link assignments, see the add-bridge subcommand.

         Bridge  creation  and  link   assignment   require   the

         PRIV_SYS_DL_CONFIG privilege. Bridge creation might fail
         if the optional bridging feature is not installed on the
         system.


     dladm modify-bridge [ -P protect] [-R root-dir] [ -p prior-
     ity] [ -m max-age] [ -h hello-time] [ -d forward-delay] [ -f
     force-protocol] [-l link...] bridge-name
         Modify the operational parameters of an existing bridge.
         The  options  are the same as for the create-bridge sub-
         command, except that the -l option is not permitted.  To
         add links to an existing bridge, use the add-bridge sub-
         command.

         Bridge    parameter    modification     requires     the
         PRIV_SYS_DL_CONFIG privilege.


     dladm delete-bridge [-R root-dir] bridge-name
         Delete a bridge instance. The bridge being deleted  must
         not  have any attached links. Use the remove-bridge sub-
         command to deactivate links before deleting a bridge.

         Bridge   deletion   requires   the    PRIV_SYS_DL_CONFIG
         privilege.

         The -R (--root-dir)  option  is  the  same  as  for  the
         create-bridge subcommand.


     dladm add-bridge [-R root-dir] -l link [-l link...] bridge-
     name
         Add one or more links to an existing bridge. If multiple
         links  are specified, and adding any one of them results
         in an error, the command fails and no changes  are  made
         to the system.

         Link    addition    to    a    bridge    requires    the
         PRIV_SYS_DL_CONFIG privilege.

         A link may be a member of at most one bridge.  An  error
         occurs  when  you  attempt  to  add  a link that already
         belongs to another bridge.  To  move  a  link  from  one
         bridge  instance  to another, remove it from the current
         bridge before adding it to a new one.

         The links assigned to a bridge must not also  be  VLANs,
         VNICs,  or  tunnels.  Only  physical Ethernet datalinks,
         aggregation datalinks, and Ethernet stubs are  permitted
         to be assigned to a bridge.

         Links assigned to a bridge must all have the  same  MTU.
         This  is  checked when the link is assigned. The link is
         added to the bridge in a deactivated form if it  is  not
         the first link on the bridge and it has a differing MTU.

         Note that systems using  bridging  should  not  set  the
         eeprom(1M) local-mac-address? variable to false.

         The options are the same as for the  create-bridge  sub-
         command.


     dladm remove-bridge [-R root-dir] -l link [-l link...]
     bridge-name
         Remove one or more links from a bridge instance. If mul-
         tiple  links are specified, and removing any one of them
         would result in an error, the command fails and none are
         removed.

         Link   removal    from    a    bridge    requires    the
         PRIV_SYS_DL_CONFIG privilege.

         The options are the same as for the  create-bridge  sub-
         command.


     dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o
     field,...] [bridge-name]
         Show the running status and  configuration  of  bridges,
         their  attached  links,  learned forwarding entries, and
         TRILL nickname databases. When  showing  overall  bridge
         status and configuration, the bridge name can be omitted
         to show all bridges. The other forms require a specified
         bridge.

         The  show-bridge  subcommand   accepts   the   following
         options:

         -i interval, --interval=interval
             Used with the -s option to specify an  interval,  in
             seconds, at which statistics should be displayed. If
             this option is not  specified,  statistics  will  be
             displayed only once. This option is made obsolete by
             the show-bridge subcommand in dlstat(1M).


         -s, --statistics
             Display statistics for the specified bridges or  for
             a  given bridge's attached links. This option cannot
             be used with the -f and -t options. This  option  is
             made  obsolete  by  the  show-bridge  subcommand  in
             dlstat(1M).


         -p, --parseable
             Display using a stable machine-parsable format.  See
             "Parsable Output Format," below.


         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields  to  display.  The  field names are described
             below. The special value all  displays  all  fields.
             Each  set  of  fields  has  its  own  default set to
             display when -o is not specified.

         By default, the show-bridge subcommand shows bridge con-
         figuration. The following fields can be shown:

         BRIDGE
             The name of the bridge.


         ADDRESS
             The Bridge Unique Identifier value (MAC address).


         PRIORITY
             Configured priority value; set by  -p  with  create-
             bridge and modify-bridge.


         BMAXAGE
             Configured  bridge  maximum  age;  set  by  -m  with
             create-bridge and modify-bridge.


         BHELLOTIME
             Configured  bridge  hello  time;  set  by  -h   with
             create-bridge and modify-bridge.


         BFWDDELAY
             Configured forwarding delay; set by -d with  create-
             bridge and modify-bridge.

         FORCEPROTO
             Configured forced maximum protocol; set by  -f  with
             create-bridge and modify-bridge.


         TCTIME
             Time, in seconds, since last topology change.


         TCCOUNT
             Count of the number of topology changes.


         TCHANGE
             This indicates that a topology change was detected.


         DESROOT
             Bridge Identifier of the root node.


         ROOTCOST
             Cost of the path to the root node.


         ROOTPORT
             Port number used to reach the root node.


         MAXAGE
             Maximum age value from the root node.


         HELLOTIME
             Hello time value from the root node.


         FWDDELAY
             Forward delay value from the root node.


         HOLDTIME
             Minimum BPDU interval.

         By default, when the -o option is  not  specified,  only
         the  BRIDGE,  ADDRESS,  PRIORITY, and DESROOT fields are
         shown.

         When the -s option is specified, the show-bridge subcom-
         mand  shows  bridge statistics. The following fields can
         be shown:

         BRIDGE
             Bridge name.


         DROPS
             Number of packets dropped due to resource problems.


         FORWARDS
             Number  of  packets  forwarded  from  one  link   to
             another.


         MBCAST
             Number of multicast and broadcast packets handled by
             the bridge.


         RECV
             Number of packets received on all attached links.


         SENT
             Number of packets sent on all attached links.


         UNKNOWN
             Number of packets handled that have an unknown  des-
             tination. Such packets are sent to all links.

         By default, when the -o option is  not  specified,  only
         the BRIDGE, DROPS, and FORWARDS fields are shown.

         The show-bridge subcommand also  accepts  the  following
         options:

         -l, --link
             Displays link-related status and statistics informa-
             tion  for  all  links  attached  to  a single bridge
             instance. By using this option and  without  the  -s
             option,  the  following  fields can be displayed for
             each link:

             LINK
                 The link name.


             INDEX
                 Port (link) index number on the bridge.


             STATE
                 State of the link. The state  can  be  disabled,
                 discarding,  learning,  forwarding,  non-stp, or
                 bad-mtu.


             UPTIME
                 Number of seconds since the last reset  or  ini-
                 tialization.


             OPERCOST
                 Actual cost in use (1-65535).


             OPERP2P
                 This indicates whether point-to-point (P2P) mode
                 been detected.


             OPEREDGE
                 This  indicates  whether  edge  mode  has   been
                 detected.


             DESROOT
                 The Root Bridge Identifier that has been seen on
                 this port.


             DESCOST
                 Path cost to the network root node  through  the
                 designated port.


             DESBRIDGE
                 Bridge Identifier for this port.

             DESPORT
                 The ID and priority of the port used to transmit
                 configuration messages for this port.


             TCACK
                 This  indicates  whether  Topology  Change  Ack-
                 nowledge has been seen.

             When the -l  option  is  specified  without  the  -o
             option,  only  the  LINK, STATE, UPTIME, and DESROOT
             fields are shown.

             When the -l option is specified, the -s  option  can
             be  used  to  display  the following fields for each
             link:

             LINK
                 Link name.


             CFGBPDU
                 Number of configuration BPDUs received.


             TCNBPDU
                 Number of topology change BPDUs received.


             RSTPBPDU
                 Number of Rapid Spanning Tree BPDUs received.


             TXBPDU
                 Number of BPDUs transmitted.


             DROPS
                 Number of packets dropped due to resource  prob-
                 lems.


             RECV
                 Number of packets received by the bridge.

             XMIT
                 Number of packets sent by the bridge.

             When the -o option is not specified, only the  LINK,
             DROPS, RECV, and XMIT fields are shown.


         -f, --forwarding
             Displays forwarding  entries  for  a  single  bridge
             instance. With this option, the following fields can
             be shown for each forwarding entry:

             DEST
                 Destination MAC address.


             AGE
                 Age of entry in seconds and milliseconds.  Omit-
                 ted for local entries.


             FLAGS
                 The L (local) flag is shown if the  MAC  address
                 belongs  to an attached link or to a VNIC on one
                 of the attached links.


             OUTPUT
                 For local entries,  this  is  the  name  of  the
                 attached  link  that has the MAC address. Other-
                 wise, for bridges that use Spanning Tree  Proto-
                 col,  this  is  the  output  interface name. For
                 RBridges, this is the output TRILL nickname.

             When the -o option is not specified, the DEST,  AGE,
             FLAGS, and OUTPUT fields are shown.


         -t, --trill
             Displays TRILL nickname entries for a single  bridge
             instance. With this option, the following fields can
             be shown for each TRILL nickname entry:

             NICK
                 TRILL nickname for  this  RBridge,  which  is  a
                 number from 1 to 65535.

             FLAGS
                 The L flag is shown if the  nickname  identifies
                 the local system.


             LINK
                 Link name for output when  sending  messages  to
                 this RBridge.


             NEXTHOP
                 MAC address of the next hop RBridge that is used
                 to reach the RBridge with this nickname.

             When the -o  option  is  not  specified,  the  NICK,
             FLAGS, LINK, and NEXTHOP fields are shown.



     dladm create-vlan [-ft] [-R root-dir] -l ether-link -v
     vid[,pvlan-svid[,pvlan-type]]  [vlan-link]
         Create a tagged VLAN link with an ID of vid over  Ether-
         net  link  ether-link.  The name of the VLAN link can be
         specified as vlan-link. The name  can  be  specified  as
         zonename/linkname,  which  will  create  the VLAN in the
         given  zone's namespace. If the name is not specified, a
         name  will  be  automatically  generated  (assuming that
         ether-link is namePPA) as:

           <name><1000 * vlan-tag + PPA>


         For example, if ether-link is bge1 and  vid  is  2,  the
         name generated is bge2001.

         -f, --force
             Force the creation of the VLAN link. Some devices do
             not allow frame sizes large enough to include a VLAN
             header. When creating a VLAN link over such  a  dev-
             ice,  the -f option is needed, and the MTU of the IP
             interfaces on the resulting VLAN must be set to 1496
             instead of 1500.


         -l ether-link
             Specifies Ethernet link over which VLAN is created.

         -t, --temporary
             Specifies that the VLAN link is temporary. Temporary
             VLAN links last until the next reboot. The -t option
             must be specified if the VLAN is created in  a  non-
             global zone's namespace.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm modify-vlan [-t] [-R root-dir] [-l ether-link] [-v
     vid[,pvlan-svid[,pvlan-type]] [-f]] {vlan-link,[vlan-
     link,...] | -L source-ether-link}
         Modifies the underlying link and/or the VLAN-ID  of  the
         specified  VLAN  link(s). The VLAN link(s) can be speci-
         fied as a comma-delimited list or  as  -L  source-ether-
         link to indicate "all VLANs on source-ether-link".

         -t, --temporary
             Specifies that the VLAN modification is temporary.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -l ether-link
             Specifies the Ethernet link to  which  to  move  the
             VLAN(s).  The  Ethernet  link must be different from
             the current one the VLAN(s) is or are using.


         -v vid, [pvlan-svid,[pvlan-type]] [-f]
             Specifies the VLAN-ID to be used. This option can be
             used  only  if  a single VLAN link is specified. The
             purpose of the -f option is the same as  in  create-
             vlan, above.



     dladm delete-vlan [-t] [-R root-dir] vlan-link
         Delete the VLAN link specified.

         The delete-vlansubcommand accepts the following options:
         -t, --temporary
             Specifies that the deletion is temporary.  Temporary
             deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-vlan [-PZ] [[-p] -o field[,...]] [-z zone[,...]]
     [vlan-link]
         Display VLAN configuration for all VLAN links or for the
         specified VLAN link.

         The show-vlan subcommand accepts the following options:

         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the special  value  all,  to
             display  all fields. For each VLAN link, the follow-
             ing fields can be displayed:

             LINK
                 The name of the VLAN link.


             VID
                 The ID associated with the VLAN. Or the  Primary
                 VID associated with a PVLAN.


             SVID
                 The PVLAN Secondary VLAN ID assocated  with  the
                 VNIC.


             PVLAN-TYPE
                 The PVLAN type associated with the VNIC.


             OVER
                 The name of the physical link  over  which  this
                 VLAN is configured.

             FLAGS
                 A set of flags associated with  the  VLAN  link.
                 Possible flags are:

                 f
                     The VLAN was created using the -f option  to
                     create-vlan.


                 i
                     The VLAN was  implicitly  created  when  the
                     DLPI  link  was opened. These VLAN links are
                     automatically deleted on last close  of  the
                     DLPI  link  (for example, when the IP inter-
                     face  associated  with  the  VLAN  link   is
                     unplumbed).

                 Additional flags might be defined in the future.



         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -P, --persistent
             Display the  persistent  VLAN  configuration  rather
             than the state of the running system.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.



     dladm scan-wifi [[-p] -o field[,...]] [wifi-link]
         Scans for WiFi networks, either on all  WiFi  links,  or
         just on the specified wifi-link.

         By  default,  currently  all  fields  but  BSSTYPE   are
         displayed.
         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the  special  value  all  to
             display all fields. For each WiFi network found, the
             following fields can be displayed:

             LINK
                 The name of the link the WiFi network is on.


             ESSID
                 The ESSID (name) of the WiFi network.


             BSSID
                 Either  the  hardware  address   of   the   WiFi
                 network's  Access  Point  (for BSS networks), or
                 the WiFi  network's  randomly  generated  unique
                 token (for IBSS networks).


             SEC
                 Either none for a  WiFi  network  that  uses  no
                 security,  wep  for a WiFi network that requires
                 WEP (Wired Equivalent Privacy),  or  wpa  for  a
                 WiFi  network that requires WPA (Wi-Fi Protected
                 Access).


             MODE
                 The supported connection modes: one or  more  of
                 a, b, g, or n.


             STRENGTH
                 The strength of the signal:  one  of  excellent,
                 very good, good, weak, or very weak.


             SPEED
                 The maximum speed of the WiFi network, in  mega-
                 bits per second.


             BSSTYPE
                 Either bss for BSS (infrastructure) networks, or
                 ibss for IBSS (ad-hoc) networks.

         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.



     dladm connect-wifi [-e essid] [-i bssid] [-k key,...] [-s
     none | wep | wpa] [-a open|shared] [-b bss|ibss] [-c] [-m
     a|b|g|n] [-T time] [wifi-link]
         Connects to a WiFi network. This consists of four steps:
         discovery,  filtration, prioritization, and association.
         However, to enable  connections  to  non-broadcast  WiFi
         networks and to improve performance, if a BSSID or ESSID
         is specified using the -e or -i options, then the  first
         three  steps  are  skipped  and connect-wifi immediately
         attempts to associate with a BSSID or ESSID that matches
         the rest of the provided parameters. If this association
         fails, but there is a possibility  that  other  networks
         matching  the  specified criteria exist, then the tradi-
         tional discovery process begins as specified below.

         The discovery step finds all available WiFi networks  on
         the  specified  WiFi  link,  which  must not yet be con-
         nected. For administrative convenience, if there is only
         one WiFi link on the system, wifi-link can be omitted.

         Once discovery is complete, the list of networks is fil-
         tered according to the value of the following options:

         -e essid, --essid=essid
             Networks that do not have the same  essid  are  fil-
             tered out.


         -b bss|ibss, --bsstype=bss|ibss
             Networks that do not have the same bsstype are  fil-
             tered out.


         -m a|b|g, --mode=a|b|g|n
             Networks not appropriate for  the  specified  802.11
             mode are filtered out.


         -k key,..., --key=key, ...
             Use the specified secobj named by the key to connect
             to  the  network.  Networks  not appropriate for the
             specified keys are filtered out.

         -s none|wep|wpa, --sec=none|wep|wpa
             Networks not appropriate for the specified  security
             mode are filtered out.

         Next, the remaining networks are prioritized,  first  by
         signal  strength, and then by maximum speed. Finally, an
         attempt is made to associate with each  network  in  the
         list,  in  order,  until  one  succeeds  or  no networks
         remain.

         In addition to the options described above, the  follow-
         ing options also control the behavior of connect-wifi:

         -a open|shared, --auth=open|shared
             Connect using the specified authentication mode.  By
             default, open and shared are tried in order.


         -c, --create-ibss
             Used with -b ibss to create a new ad-hoc network  if
             one matching the specified ESSID cannot be found. If
             no ESSID  is  specified,  then  -c  -b  ibss  always
             triggers the creation of a new ad-hoc network.


         -T time, --timeout=time
             Specifies the number of seconds to wait for associa-
             tion  to succeed. If time is forever, then the asso-
             ciate will wait indefinitely. The current default is
             ten  seconds,  but  this might change in the future.
             Timeouts shorter than the default might not  succeed
             reliably.


         -k key,..., --key=key,...
             In addition to the filtering  previously  described,
             the  specified keys will be used to secure the asso-
             ciation. The security mode to use will be  based  on
             the  key  class;  if  a security mode was explicitly
             specified, it must be compatible with the key class.
             All keys must be of the same class.

             For security modes that support multiple key  slots,
             the  slot  to  place  the key will be specified by a
             colon followed by an index.  Therefore,  -k  mykey:3
             places  mykey  in  slot  3.  By  default,  slot 1 is
             assumed. For security modes  that  support  multiple
             keys,  a comma-separated list can be specified, with
             the first key being the active key.

     dladm disconnect-wifi [-a] [wifi-link]
         Disconnect from one or more WiFi networks. If  wifi-link
         specifies  a  connected  WiFi  link,  then it is discon-
         nected. For administrative convenience, if only one WiFi
         link is connected, wifi-link can be omitted.

         -a, --all-links
             Disconnects from all connected links. This  is  pri-
             marily intended for use by scripts.



     dladm show-wifi [-Z] [[-p] -o field,...] [-z zone[,...]]
     [wifi-link]
         Shows WiFi configuration information either for all WiFi
         links or for the specified link wifi-link.

         -o field,..., --output=field
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the special  value  all,  to
             display  all fields. For each WiFi link, the follow-
             ing fields can be displayed:

             LINK
                 The name of the link being displayed.


             STATUS
                 Either connected if the link  is  connected,  or
                 disconnected if it is not connected. If the link
                 is disconnected, all remaining fields  have  the
                 value --.


             ESSID
                 The ESSID (name) of the connected WiFi network.


             BSSID
                 Either  the  hardware  address   of   the   WiFi
                 network's  Access  Point  (for BSS networks), or
                 the WiFi  network's  randomly  generated  unique
                 token (for IBSS networks).


             SEC
                 Either none for a  WiFi  network  that  uses  no
                 security,  wep  for a WiFi network that requires
                 WEP, or wpa for a  WiFi  network  that  requires
                 WPA.


             MODE
                 The supported connection modes: one or  more  of
                 a, b, g, or n.


             STRENGTH
                 The connection strength: one of excellent,  very
                 good, good, weak, or very weak.


             SPEED
                 The connection speed, in megabits per second.


             AUTH
                 Either open or shared (see connect-wifi).


             BSSTYPE
                 Either bss for BSS (infrastructure) networks, or
                 ibss for IBSS (ad-hoc) networks.

             By default, currently all fields  but  AUTH,  BSSID,
             BSSTYPE are displayed.


         -p, --parseable
             Displays using a  stable  machine-parseable  format.
             The  -o  option  is required with -p. See "Parseable
             Output Format", below.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.

     dladm show-ether [-xZ] [[-p] -o field,...] [-z zone[,...]]
     [-P protocol] [ether-link]
         Shows state information either for all physical Ethernet
         links or for a specified physical Ethernet link.

         The show-ether subcommand accepts the following options:

         -o field,..., --output=field
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the  special  value  all  to
             display  all  fields.  For  each link, the following
             fields can be displayed:

             LINK
                 The name of the link being displayed.


             PTYPE
                 Parameter  type,  where  current  indicates  the
                 negotiated  state of the link, capable indicates
                 capabilities supported by the device, adv  indi-
                 cates  the  advertised capabilities, and peeradv
                 indicates the  capabilities  advertised  by  the
                 link-partner.


             STATE
                 The physical link state of  the  datalink.  This
                 can  be  up, down, or unknown. The physical link
                 state identifies whether the physical device has
                 connectivity with the external network (it does,
                 if the cable is plugged in and the state of  the
                 port on the other end of the cable is "up").


             AUTO
                 A  yes/no   value   indicating   whether   auto-
                 negotiation is advertised.


             SPEED-DUPLEX
                 Combinations of speed and duplex  values  avail-
                 able.  The  units  of  speed  are encoded with a
                 trailing suffix of G (Gigabits/s) or  M  (Mb/s).
                 Duplex  values are encoded as f (full-duplex) or
                 h (half-duplex).

             PAUSE
                 Flow control information. Can be no,  indicating
                 no  flow  control  is  available; tx, indicating
                 that the end-point can  transmit  pause  frames,
                 but ignores any received pause frames; rx, indi-
                 cating that the end-point receives and acts upon
                 received  pause  frames;  or  bi, indicating bi-
                 directional flow-control.


             REM_FAULT
                 Fault detection information.  Valid  values  are
                 none or fault.

             By  default,  all  fields   except   REM_FAULT   are
             displayed for the "current" PTYPE.


         -p, --parseable
             Displays using a  stable  machine-parseable  format.
             The  -o  option  is required with -p. See "Parseable
             Output Format", below.


         -P protocol
             Displays information about supported Ethernet proto-
             cols.  Supported  protocols  include  vdp,  the  VSI
             Discovery and Configuration protocol, and ecp,  Edge
             Control Protocol.

             VDP information is specific to a VNIC. Thus, if  the
             link  argument  is  a phys-link, VDP information for
             all of the VNIC over the phys-link is displayed.

             ECP information is specific to a phys-link.

             For VDP, following information is displayed:

             VSI
                 The name of the Virtual Station Interface  (VSI)
                 or VNIC.


             LINK
                 The name of the physical link  over  which  this
                 VNIC is configured.

             VSI-STATE
                 The state of the VDP protocol state machine  for
                 the  VNIC. Supported states include ASSOC, DEAS-
                 SOC, or TIMEDOUT.


             VSIID
                 The identifier for the VSI or VNIC.  This  iden-
                 tifier  is  used by the bridge to associate pro-
                 perties with VNICs.  Supported  format  for  the
                 VSIID  is the MAC address. Thus, the VSIID for a
                 VNIC is its MAC address.


             VSI-TYPEID
                 This is VSI Type ID and Version associated  with
                 a  VNIC  and is of the form VSI Type ID/Version.
                 The VSI Type identifies the  properties  associ-
                 ated with the VNIC.


             CMD-PENDING
                 The VDP command that is currently  in  progress.
                 Supported  commands  are:  ASSOC,  DEASSOC.  The
                 ASSOC command requests the bridge  to  associate
                 properties with a VSI (identified by the VSIID),
                 whereas  the  DEASSOC  requests  the  bridge  to
                 disassociate the properties from a given VSIID.


             FILTER-INFO
                 The information used by  the  switch  to  filter
                 packets  for  a given VNIC. Supported format for
                 Filter Info includes the  MAC/VLAN  ID  combina-
                 tion. Thus, the FilterInfo for a VNIC is its MAC
                 address and VLAN ID, if any.


             KEEPALIVE-INTERVAL
                 The interval (in seconds) for  Keep  Alive  mes-
                 sages  to  be  transmitted for existing associa-
                 tions. The default is 11.6 secs.


             RESP-TIMEOUT
                 The time (in seconds) to  wait  for  a  response
                 from the bridge before timing out a request.

             For ECP, following information is displayed:

             LINK
                 The name  of  the  physical  link  for  the  ECP
                 instance.


             MAC-RETRIES
                 The  maximum  number  of  transmission   retries
                 without  receiving  an  acknowledgement from the
                 peer.


             TIMEOUT
                 The interval of time (in milliseconds)  to  wait
                 for an acknowledgment from the peer.



         -x, --extended
             Extended output is displayed  for  PTYPE  values  of
             current, capable, adv and peeradv.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.



     dladm set-linkprop [-t] [-R root-dir] -p prop=value[,...]
     link
         Sets the values of one or more properties  on  the  link
         specified.  The  list  of  properties and their possible
         values depend on  the  link  type,  the  network  device
         driver, and networking hardware. These properties can be
         retrieved using show-linkprop.

         -t, --temporary
             Specifies that the changes are temporary.  Temporary
             changes last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.

         -p prop=value[,...], --prop prop=value[,...]

             A comma-separated list of properties to set  to  the
             specified values.

         Note that when the persistent value  is  set,  the  tem-
         porary value changes to the same value.


     dladm reset-linkprop [-t] [-R root-dir] [-p prop,...] link
         Resets one or more properties to  their  values  on  the
         link  specified. Properties are reset to the values they
         had at startup. If no properties are specified, all pro-
         perties  are  reset. See show-linkprop for a description
         of properties.

         -t, --temporary
             Specifies that the resets are temporary. Values  are
             reset to default values. Temporary resets last until
             the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -p prop, ..., --prop=prop, ...
             A comma-separated list of properties to reset.

         Note that when the persistent value is reset,  the  tem-
         porary value changes to the same value.


     dladm show-linkprop [-HPZ] [[-c] -o field[,...]][-p
     prop[,...]] [-z zone[,...]] [link]
         Show the current or persistent values  of  one  or  more
         properties,  either  for all datalinks or for the speci-
         fied link. By default, current values are shown.  If  no
         properties  are specified, all available link properties
         are displayed. For each property, the  following  fields
         are displayed:

         -o field[,...], --output=field
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the  special  value  all  to
             display  all  fields.  For  each link, the following
             fields can be displayed:

             LINK
                 The name of the datalink.


             PROPERTY
                 The name of the property.


             PERM
                 The read/write permissions of the property.  The
                 value shown is one of ro or rw.


             VALUE
                 The current (or persistent) property  value.  If
                 the  value  is not set, it is shown as --. If it
                 is unknown, the value is shown as ?.  Persistent
                 values  that are not set or have been reset will
                 be shown as -- and will use the  system  DEFAULT
                 value (if any).


             EFFECTIVE
                 The property value chosen  by  the  system.  For
                 some  properties  the value chosen by the system
                 may not be same as the value configured  by  the
                 user. This is because the property value is con-
                 strained by the resource availability, capabili-
                 ties  of the underlying physical datalink, or in
                 some cases the datalink partner.


             DEFAULT
                 The default value of the property. If  the  pro-
                 perty has no default value, -- is shown.


             POSSIBLE
                 A comma-separated list of the  values  the  pro-
                 perty  can  have.  If  the values span a numeric
                 range, min - max might be shown as shorthand. If
                 the possible values are unknown or unbounded, --
                 is shown.


             HWPOSSIBLE
                 Shows a value if there is hardware support. This
                 explains that the physical NIC is capable of the
                 property. A value of -- means there is  no  sup-
                 port.


             SWPOSSIBLE
                 Shows a value if there is  software  support  in
                 the  networking  stack for the property. A value
                 of -- means there is no support.

                 For both HWPOSSIBLE and SWPOSSIBLE,  any  granu-
                 larity requirement (step value) for the value is
                 shown after the number range followed  by  a  :.
                 Currently, only maxbw property shows a value for
                 the step value.


             MODE
                 Shows the current mode used for the data link to
                 implement  the  property.  Possible values or sw
                 for software only, hw for hardware only and none
                 for  no  support  is possible for the link. Note
                 that MODE can  be  none  even  though  there  is
                 hardware or software support.

             HWFLAGS and SWFLAGS currently show the  flag  o  for
             outbound,  i for inbound and oi for inbound and out-
             bound. Currently, it shows a value only for the  SLA
             properties, maxbw, bwshare and priority.

             The list of properties depends on the link type  and
             network  device driver, and the available values for
             a given property further depends on  the  underlying
             network hardware and its state. General link proper-
             ties are documented in the "General Link Properties"
             section.  However,  link  properties that begin with
             "_" (underbar) are specific to a given link  or  its
             underlying  network  device and subject to change or
             removal. See the appropriate network  device  driver
             man page for details.


         -c, --parseable
             Display using a stable machine-parseable format. The
             -o  option is required with this option. See "Parse-
             able Output Format", below.


         -H
             Show-linkprop -H shows information on the underlying
             physical  link capabilities and the networking stack
             software capabilities for supporting  the  property.
             Also,  shows  which  mode  is currently used for the
             data link.


         -P, --persistent
             Display persistent link property information


         -p prop, ..., --prop=prop, ...
             A comma-separated list of properties  to  show.  See
             the sections on link properties following subcommand
             descriptions.


         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.



     dladm create-secobj [-t] [-R root-dir] [-f file] -c class
     secobj
         Create a secure object named  secobj  in  the  specified
         class to be later used as a WEP or WPA key in connecting
         to an encrypted network. The value of the secure  object
         can  either  be  provided  interactively  or read from a
         file. The sequence of interactive prompts and  the  file
         format depends on the class of the secure object.

         Currently, the classes wep and wpa  are  supported.  The
         WEP (Wired Equivalent Privacy) key can be either 5 or 13
         bytes long. It can be provided either  as  an  ASCII  or
         hexadecimal  string  -- thus, 12345 and 0x3132333435 are
         equivalent 5-byte keys (the 0x prefix can be omitted). A
         file  containing a WEP key must consist of a single line
         using either WEP key format. The  WPA  (Wi-Fi  Protected
         Access)  key  must be provided as an ASCII string with a
         length between 8 and 63 bytes.

         This subcommand is only usable by users  or  roles  that
         belong to the "Network Link Security" RBAC profile.

         -c class, --class=class
             class can be wep or wpa. See preceding discussion.

         -t, --temporary
             Specifies that the creation is temporary.  Temporary
             creation last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -f file, --file=file
             Specifies a file that should be used to  obtain  the
             secure  object's  value.  The  format  of  this file
             depends on the secure object class. See the EXAMPLES
             section for an example of using this option to set a
             WEP key.



     dladm delete-secobj [-t] [-R root-dir] secobj[,...]
         Delete one or more specified secure objects.  This  sub-
         command  is only usable by users or roles that belong to
         the "Network Link Security" RBAC profile.

         -t, --temporary
             Specifies that the  deletions  are  temporary.  Tem-
             porary deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-secobj [-P] [[-p] -o field[,...]] [secobj,...]
         Show current or persistent secure object information. If
         one  or more secure objects are specified, then informa-
         tion for each is displayed. Otherwise,  all  current  or
         persistent secure objects are displayed.

         By default, current secure objects are displayed,  which
         are  all  secure  objects  that  have  either  been per-
         sistently created and not temporarily deleted,  or  tem-
         porarily created.

         For security reasons, it is not  possible  to  show  the
         value of a secure object.
         -o field[,...] , --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below. For  displayed  secure  object,
             the following fields can be shown:

             OBJECT
                 The name of the secure object.


             CLASS
                 The class of the secure object.



         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -P, --persistent
             Display persistent secure object information



     dladm create-vnic [-t]  [-f] -l link [-R root-dir] [-m value
    | auto | {factory [-n slot-identifier]} | {vrrp -A {inet
     inet6} -V vrid} | {random [-r prefix]}] [-v vlan-id] [-P
     pkey] [-p prop=value[,...]] vnic-link
         Create a VNIC with name  vnic-link  over  the  specified
         link.    The    vnic-link    can    be    specified   as
         zonename/linkname, which will create  the  VNIC  in  the
         given zone's namespace.

         -t, --temporary
             Specifies that  the  VNIC  is  temporary.  Temporary
             VNICs last until the next reboot. The -t option must
             be specified if the VNIC is to be created in a  non-
             global zone's namespace.


         -f, --force
             If the VNIC is a IPoIB VNIC, force the  creation  of
             the  VNIC  even  if  pkey is absent on the port, the
             multicast group is absent, or the port is down.

         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -l link, --link=link
             link can be a physical link,  an  etherstub,  or  an
             aggregation link (aggr-link).


         -m value | keyword, --mac-address=value | keyword
             This option only applies to Ethernet VNICs.

             Sets the VNIC's MAC address based on  the  specified
             value  or  keyword. If value is not a keyword, it is
             interpreted as a unicast MAC address, which must  be
             valid  for  the underlying NIC. A user-specified MAC
             address must be drawn from the ranges  specified  by
             the  Globally  Unique and Locally Administered types
             of MAC addresses.

             The following special keywords can be used:

             factory [-n slot-identifier],
             factory [--slot=slot-identifier]
                 Assign a factory MAC address to the VNIC. When a
                 factory MAC address is requested, -m can be com-
                 bined with  the  -n  option  to  specify  a  MAC
                 address slot to be used. If -n is not specified,
                 the system will choose the next  available  fac-
                 tory MAC address. The -m option of the show-phys
                 subcommand can be used to display  the  list  of
                 factory  MAC  addresses, their slot identifiers,
                 and their availability.



             random [-r prefix],
             random [--mac-prefix=prefix]
                 Assign a random  MAC  address  to  the  VNIC.  A
                 default  prefix  consisting  of a valid IEEE OUI
                 with the local bit set will be used. That prefix
                 can be overridden with the -r option.


             vrrp -A {inet | inet6} -V vrid
                 Assign a VRRP virtual MAC address  to  the  VNIC
                 base on the specified address family and vrid.

             auto
                 Try and use a factory MAC address first. If none
                 is  available, assign a random MAC address. auto
                 is the default action if the -m  option  is  not
                 specified.


             -v vlan-id
                 This option only applies to Ethernet VNICs.

                 Enable VLAN tagging for this VNIC. The VLAN  tag
                 will have id vlan-id.

                 Note -

                   dladm create-vnic may fail  while  creating  a
                   vNIC  over  an EoIB (Ethernet-over-Infiniband)
                   data link, if executed right after the Infini-
                   band  gateway  switch's  disallowhostconfig or
                   allowhostconfig command. The commands  restart
                   the  bridge manager on the gateway, triggering
                   a series of asynchronous  events  between  the
                   gateway  and  the  host. It takes some time to
                   finalize  those  events  and   vNIC   creation
                   requests prematurely generated by the host get
                   rejected.

                   To avoid  this,  wait  for  after  the  disal-
                   lowhostconfig   or   allowhostconfig   command
                   returns and before executing  the  create-vnic
                   command.



         -P, --pkey=pkey
             Partition key to be used. This option  is  mandatory
             for IPoIB VNICs and not applicable for other type of
             links. pkey specified is always treated  as  hexade-
             cimal, whether it has the 0x prefix or not.


         -p prop=value,..., --prop prop=value,...
             A comma-separated list of properties to set  to  the
             specified values.




     dladm create-vnic -t -c <evsname>[/<vportname>] [-T
     <tenant>] <vnic-link>

         Note -

           You must install  Elastic  Virtual  Switch  (EVS)  IPS
           packages  to  use  this  form of create-vnic, and then
           configure  EVS  controller   as   described   in   the
           evsadm(1M) manpage and Managing Network Virtualization
           and Network Resources in Oracle Solaris 11.3.
         Creates a VNIC with name vnic-link, by connecting  to  a
         EVS  evsname at optionally provided Virtual Port (VPort)
         vportname. If the tenantname is provided, then  the  EVS
         will  be  searched  in  tenant's  namespace. If VPort is
         specified, then the  SLA  properties  (maxbw,  cos,  and
         priority), IP address, and MAC address of the VPort will
         be inherited by the VNIC. If  Vport  is  not  specified,
         then  the  EVS  controller  will generate a system VPort
         which will have IP address, MAC address, and default SLA
         properties  of  EVS, and then the VNIC will be connected
         to this system VPort.

         VNICs when connected to EVS have the following  limitia-
         tions  (in  terms  of  how  they  can be managed through
         dladm):

             o    They cannot be renamed  through  dladm  rename-
                  link

             o    Their properties cannot  be  changed  by  using
                  dladm set-linkrop or dladm reset-linkprop

             o    They cannot be modified by using dladm  modify-
                  vnic
         For more information on EVS, VPorts,  and  tenants,  see
         evsadm(1M) manpage.

         The VNIC created is temporary and will be lost upon next
         reboot. See EXAMPLES section below for an example usage.

         -t, --temporary
             Specifies that the VNIC  is  temporary.  This  is  a
             required option.


         -T <tenantname>, --tenant <tenantname>
             Specifies the name of the tenant that owns the  EVS.
             If  it is not provided, then the default tenant sys-
             global will be assumed.


         -c <evsname>[/<vportname>], --connect
         <evsname>[/vportname]
             Specifies the name of the EVS to which the VNIC must
             be connected. If vportname is provided, the the VNIC
             will be connected to that vport. If a  vportname  is
             not  provided,  then  a  vport will be automatically
             generated and assigned to the VNIC.

             The act of connecting  a  VNIC  to  EVS  results  in
             either  the  VNIC inheriting the properties from EVS
             or a provided vport.




    dladm modify-vnic [-t] [-R root-dir] [-l link] [-m value
    auto | {factory [-n slot-identifier]} | {vrrp -A {inet
     inet6} -V vrid} | {random [-r prefix]}] [-v vlan-id] {vnic-
     link,[vnic-link,...] | -L source-link}
         Modifies   the   underlying   link   and/or   the    MAC
         address/VLAN-ID  of the specified VNIC link(s). The VNIC
         link(s) can be specified as a comma-delimited list or as
         -L source-link to indicate "all VNICs on source-link".

         -t, --temporary
             Specifies that the VNIC modification is temporary.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -l link, -link=link
             Specifies the link to which  to  move  the  VNIC(s).
             link  can  be  of any link type supported by create-
             vnic. link must  be  different  from  the  link  the
             VNIC(s)  are  currently  using.  If  the VNIC(s) are
             using a factory MAC address and -m is not specified,
             a  new  MAC  address will be allocated on the target
             link, using the -m auto scheme, and assigned to  the
             VNIC(s).


         -m value | keyword, --mac-address=value | keyword
             This option only applies to Ethernet VNICs.

             See create-vnic, above, for  supported  options.  If
             multiple VNICs are specified, only the auto, random,
             and factory (without -n) address assignment  schemes
             will be supported.

     dladm delete-vnic [-t] [-R root-dir] vnic-link
         Deletes the specified VNIC.

         -t, --temporary
             Specifies that the deletion is temporary.  Temporary
             deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-vnic [-P | {-z zone[,..]}] [[-p] -o field[,..]]
     [-l link]  [vnic-link]
     show-vnic [-Zmv] [-l link] [vnic-link]
         Show VNIC configuration information for all  VNICs,  all
         VNICs on a link, or only the specified vnic-link.

         -o field[,...] , --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the  special  value  all  to
             display  all  fields. By default (without -o), show-
             vnic displays all fields.

             LINK
                 The name of the VNIC.


             OVER
                 The name of the physical link  over  which  this
                 VNIC is configured.


             SPEED
                 The maximum speed of the VNIC, in  megabits  per
                 second.


             MACADDRESS
                 MAC address of the VNIC.

                 For IPoIB VNICs, by default (without -o),  first
                 five  bytes  of  the  mac address are shown, and
                 ".." is shown in the  sixth  byte  position.  To
                 show the full mac address use the -o option.

             MACADDRESSES
                 If the VNIC is associated with more than one MAC
                 addresses  then this column will display all the
                 MAC addresses of a VNIC.

                 For IPoIB VNICs, by default (without -o),  first
                 five  bytes  of  the  mac address are shown, and
                 ".." is shown in the  sixth  byte  position.  To
                 show the full mac address use the -o option.


             MACADDRTYPE
                 MAC address type  of  the  VNIC.  dladm  distin-
                 guishes among the following MAC address types:

                 random
                     A random address assigned to the VNIC.


                 factory
                     A factory MAC address used by the VNIC.



             MACADDRTYPES
                 If the VNIC is associated with more than one MAC
                 addresses  then this column will display the MAC
                 address type for each of the MAC address.


             VID
                 The VLAN ID associated with the VNIC.


             SVID
                 The Secondary VLAN ID associated with the VNIC.


             PVLAN-TYPE
                 The PVLAN type associated with the VNIC.


             VIDS
                 If the VNIC is associated  with  more  than  one
                 VLAN  ID,  then this column will display all the
                 VLAN IDs.

             EVS
                 Name of the EVS to which the VNIC  is  connected
                 to.


             VPORT
                 Name of the vport to which the VNIC is connected
                 to and inherits the properties from.


             TENANT
                 Name of the tenant that owns the EVS.


             PKEY
                 IB  partition  key  associated  with  the  VNIC.
                 Applicable only to IPoIB datalinks.


             IDS
                 Shows VIDS for ethernet datalinks and  PKEY  for
                 IPoIB  datalinks in the format "VID:<value>" and
                 "PKEY:<value>" respectively.

             See the create-vnic section above for more  informa-
             tion on EVS, VPORT, and TENANT.


         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -P, --persistent
             Display the persistent VNIC configuration.


         -l link, --link=link
             Display information for all VNICs on the named link.


         -Z
             Display ZONE column in the output.

         -V
             Display SR-IOV information for a  VNIC.  The  output
             shows:

             LINK
                            The name of the VNIC.


             VF_ASSIGNED
                            The name of the  VF  device  instance
                            currently assigned to the VNIC.



         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.


         -c
             Display the EVS information for the given vnic. This
             is  a  shortcut  for  the  following  fields:  LINK,
             TENANT, EVS, VPORT, OVER, MACADDRESS, VIDS.

             See the create-vnic section above for more  informa-
             tion.


         -m
             Display all MAC addresses,  MAC  address  types  and
             VLAN IDs associated with the VNIC.


         -v
             Display all VLAN  information  associated  with  the
             VNIC.



     dladm create-part [-t] [-f] [-R root-dir] -l ib-link [-p
     prop=value[,..]] -P pkey part-link
         Create an IP-over-IB link with the name  part-link  over
         the specified link. This subcommand is supported only on
         InfiniBand physical links. The part-link can  be  speci-
         fied  as zonename/linkname, which will create the parti-
         tion link in the given zone's namespace.

         -f, --force
             Forces the creation of the partition  link  even  if
             pkey  is  absent on the port, the multicast group is
             absent, or the port is down.

         -l ib-link, --link=ib-link
             IP-over-IB physical link name.


         -P, --pkey=pkey
             Partition key to be used for creating the  partition
             link.  pkey  specified  is always treated as hexade-
             cimal, whether it has the 0x prefix or not.


         -p prop=value[,..]
         --prop prop=value[,..]
             A comma-separated list of properties to set  to  the
             specified  values.  Supported  properties  are given
             "General Link Properties" section below.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -t, --temporary
             Specifies that the partition link creation  is  tem-
             porary.  Temporary  partition  links  last until the
             next reboot. The -t option must be specified if  the
             partition  link  is  to  be  created in a non-global
             zone's namespace.



     dladm delete-part [-R root-dir] part-link
         Delete the specified partition link.

         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -t, --temporary
             Specifies that the partition link deletion  is  tem-
             porary.  Temporary  deletion  last  until  the  next
             reboot.



     dladm show-part [-pP] [-l ib-link] [-o field[,...]] [part-
     link]
         Displays IB partition link information for all partition
         links,  for  all  partitions on ib-link, or for only the
         specified part-link.

         -l ib-link, --link=ib-link
             Display information for all the  partitions  on  the
             named link.


         -o field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the  special  value  all  to
             display  all  fields. By default (without -o), show-
             part displays all fields.

             LINK
                 The name of the partition link.


             PKEY
                 Pkey associated with the partition link.


             OVER
                 The name of the physical link  over  which  this
                 partition link is created.


             STATE
                 Current state of the  partition  link.  Possible
                 values are up, down, or unknown.


             FLAGS
                 A set of state flags used for creating the  par-
                 tition link. Possible values are:

                 f
                      Partition  was  created  forcibly  (without
                      checking  whether creating a partition were
                      possible).


                 t
                      Partition link is temporary,  lasting  only
                      until the next reboot.

         -P, --persistent
             Display the persistent IB partition link  configura-
             tion.


         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.



     dladm show-ib [-pP] [-o field[,...]] [ib-link]
         Display IB physical  link  information  on  all  or  the
         specified IB links.

         -o field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the  special  value  all  to
             display all fields. By default (without -o), show-ib
             displays all fields except HCA, GWID and GWFLAGS.

             LINK
                 The name of the physical link.


             HCA
                 Infiniband Host Channel Adapter  (HCA)  name  as
                 managed by the ibadm(1M) utility.


             HCAGUID
                 Globally unique identifier of the HCA.


             PORTGUID
                 Globally unique identifier of the port.  If  the
                 PORTGUID is not set, it is shown as unknown. For
                 IB SR-IOV virtual  adapters, the PORTGUID is set
                 when the link is up.


             PORT
                 Port number.

             STATE
                 Current state of  the  physical  link.  Possible
                 values are up, down, or unknown.


             GWNAME
                 The configured system name  of  the  IB-Ethernet
                 gateway  switch  that is discovered from this IB
                 physical link.


             GWPORT
                 The name of the connector  associated  with  the
                 gateway ethernet port.


             GWID
                 The identifier for the gateway instance  associ-
                 ated  with  the displayed gateway ethernet port.
                 The value is expected to be unique even if  mul-
                 tiple gateway switches share the same InfiniBand
                 fabric. The value of the gateway instance  iden-
                 tifier ranges from 0 to 1023.


             GWFLAGS
                 A set of flags associated  with  the  discovered
                 gateway. Possible flags are:

                 a
                      The gateway has indicated its  availability
                      for  logins from this IB port in its adver-
                      tisement.


                 H
                      The gateway allows host-administered  VNICs
                      from this IB port.


                 n
                      The gateway has  at  least  one  macaddress
                      assigned for the EoIB datalink from this IB
                      port.



             PKEYS
                 Pkeys available on the port associated with  the
                 IP-over-IB link specified in the LINK field.

         -P, --persistent
             Display the persistent IB physical  link  configura-
             tion.


         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.



     dladm create-eoib [-t] [-R root-dir] -l ib-link -g gw-
     system-name -c gw-eth-port eoib-link
         Create an EoIB link with the  name  eoib-link  over  the
         specified  link.  This  subcommand  is supported only on
         InfiniBand physical links.

         -t, --temporary
             Specifies that the EoIB link creation is  temporary.
             Temporary links will last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options" above.


         -l ib-link,--link=ib-link
             InfiniBand physical link name.


         -g gw-system-name
             Specifies the system name of the IB-Ethernet gateway
             switch.


         -c gw-eth-port
             Specifies the name of the connector associated  with
             the gateway switch's ethernet port.



     dladm delete-eoib [-t] [-R root-dir] eoib-link
         Delete the specified EoIB link.

         -t, --temporary
             Specifies that the EoIB link creation is  temporary.

             Temporary links will last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options" above.



     dladm show-eoib [-PZ] [-g gw-system-name] [-l ib-link] [[-p]
     -o field[,...]] [-z zone[,...]] [eoib-link]
         Displays information about all the EoIB datalinks on the
         system,  EoIB datalinks over a specific ib-link and/or a
         gw-system-name, or information  about  a  specific  EoIB
         datalink.

         -P, --persistent
                              Display the  persistent  EoIB  link
                              configuration.


         -Z
                              Display ZONE column in the output.


         -g gw-system-name
                              Display  information   about   EoIB
                              datalinks  bound  to ethernet ports
                              on the specified gateway.


         -l ib-link
                              Display  information   about   EoIB
                              datalinks  built over the specified
                              IB link.


         -o field[,...]
                              A case-insensitive, comma-separated
                              list  of  output fields to display.
                              The field name must be one  of  the
                              fields listed below, or the special
                              value all to display all fields. By
                              default  (without  -o option) show-
                              eoib displays all fields.

                              LINK
                                          The name of the  EoIB
                                          datalink.


                              GWNAME
                                          The configured system
                                          name   of   the   IB-
                                          Ethernet      gateway
                                          switch.    For   per-
                                          sistent links, if the
                                          gateway  system  name
                                          is  unknown  (because
                                          the   link  is  being
                                          migrated from the old
                                          administration model)
                                          and  if  the  gateway
                                          corresponding  to the
                                          GWID of the  link  is
                                          not  discovered  yet,
                                          the value is shown as
                                          ?.


                              GWPORT
                                          The name of the  con-
                                          nector     associated
                                          with the gateway eth-
                                          ernet  port. For per-
                                          sistent links, if the
                                          gateway  system  name
                                          is  unknown  (because
                                          the   link  is  being
                                          migrated from the old
                                          model  of administra-
                                          tion)  and   if   the
                                          gateway corresponding
                                          to the  GWID  of  the
                                          link      is      not
                                          discovered  yet,  the
                                          value is shown as ?.


                              GWID
                                          The  identifier   for
                                          the  gateway instance
                                          associated  with  the
                                          displayed     gateway
                                          ethernet  port.   The
                                          value  is expected to
                                          be  unique  even   if
                                          multiple      gateway
                                          switches  share   the
                                          same       InfiniBand
                                          fabric. The value  of
                                          the  gateway instance
                                          identifier     ranges
                                          from  0  to  1023. If
                                          the gateway  has  not
                                          been  discovered yet,
                                          the value is shown as
                                          --.


                              SPEED
                                          The maximum speed  of
                                          the link, in megabits
                                          per second.

                              MACADDRESS
                                          MAC address  assigned
                                          for  the EoIB link on
                                          the gateway.  If  the
                                          underlying connection
                                          to  the  gateway  has
                                          not  been established
                                          yet,  the  macaddress
                                          is   shown   as   all
                                          zeros.


                              OVER
                                          The name  of  the  IB
                                          physical   link  over
                                          which    this    EoIB
                                          datalink is created.


                              FLAGS
                                          A set of flags  asso-
                                          ciated  with the EoIB
                                          link. In addition  to
                                          the flags listed ear-
                                          lier  under   show-ib
                                          description,      two
                                          additional       flag
                                          values are possible:

                                          D
                                          The     ethernet
                                          port  associated
                                          with the link is
                                          currently DOWN.


                                          U
                                          The     ethernet
                                          port  associated
                                          with the link is
                                          currently UP.




         -p, --parseable
                              Display  using  a  stable  machine-
                              parseable  format. The -o option is
                              required with  -p.  See  "Parseable
                              Output Format" below.



     dladm create-etherstub [-t] [-R root-dir] etherstub
         Create an etherstub with the specified name.
         -t, --temporary
             Specifies that the etherstub is temporary. Temporary
             etherstubs do not persist across reboots.


         -R root-dir, --root-dir=root-dir
             See "Options," above.

         VNICs can be created on top  of  etherstubs  instead  of
         physical  NICs.  As  with physical NICs, such a creation
         causes the stack to implicitly create a  virtual  switch
         between the VNICs created on top of the same etherstub.



     dladm delete-etherstub [-t] [-R root-dir] etherstub
         Delete the specified etherstub.

         -t, --temporary
             Specifies that the deletion is temporary.  Temporary
             deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-etherstub [-Z] [-z zone[,...]] [etherstub]
         Show all configured etherstubs by default, or the speci-
         fied etherstub if etherstub is specified.

         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.



     dladm create-iptun [-t] [-R root-dir] -T type [-a
     {local|remote}=addr,...] iptun-link
         Create an IP tunnel link named  iptun-link.  Such  links
         can   additionally   be   protected   with  IPsec  using
         ipsecconf(1M).

         An IP tunnel is conceptually comprised of two  parts:  a
         virtual  link  between  two  or more IP nodes, and an IP
         interface above this link  that  allows  the  system  to
         transmit  and  receive  IP  packets  encapsulated by the
         underlying link. This subcommand creates a virtual link.
         The ipadm(1M) command is used to configure IP interfaces
         above the link.

         -t, --temporary
             Specifies that the IP tunnel link is temporary. Tem-
             porary tunnels last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -T type, --tunnel-type=type
             Specifies the type of tunnel to be created. The type
             must be one of the following:

             ipv4
                 A point-to-point, IP-over-IP tunnel between  two
                 IPv4  nodes.  This  type of tunnel requires IPv4
                 source and destination  addresses  to  function.
                 IPv4  and  IPv6  interfaces can be plumbed above
                 such  a  tunnel  to  create  IPv4-over-IPv4  and
                 IPv6-over-IPv4 tunneling configurations.


             ipv6
                 A point-to-point, IP-over-IP tunnel between  two
                 IPv6  nodes  as  defined  in IETF RFC 2473. This
                 type of tunnel requires IPv6 source and destina-
                 tion addresses to function. IPv4 and IPv6 inter-
                 faces can be plumbed  above  such  a  tunnel  to
                 create IPv4-over-IPv6 and IPv6-over-IPv6 tunnel-
                 ing configurations.


             6to4
                 A 6to4, point-to-multipoint tunnel as defined in
                 IETF  RFC  3056. This type of tunnel requires an
                 IPv4 source address to function. An IPv6  inter-
                 face is plumbed on such a tunnel link to config-
                 ure a 6to4 router.

         -a {local|remote}=addr,...
         --address {local|remote}=addr,...
             Literal IP addresses or hostnames  corresponding  to
             the  local  or remote tunnel addresses. Either local
             or remote can be specified individually, or both can
             be  specified  separated by a comma (for example, -a
             local=laddr,remote=raddr).



     dladm modify-iptun [-t] [-R root-dir] -a
     {local|remote}=addr,... iptun-link
         Modify the parameters of the specified IP tunnel.

         -t, --temporary
             Specifies that the modification is  temporary.  Tem-
             porary modifications last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.




         -a {local|remote}=addr,...
         --address {local|remote}=addr,...
             Specify new local or remote addresses for the tunnel
             link. See create-iptun for a description.



     dladm delete-iptun [-t] [-R root-dir] iptun-link
         Delete the specified IP tunnel link.

         -t, --temporary
             Specifies that the deletion is temporary.  Temporary
             deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-iptun [-PZ] [[-p] -o field[,...]] [-z zone[,...]]
     [iptun-link]
         Show IP tunnel link configuration for a single IP tunnel
         or all IP tunnels.

         -P, --persistent
             Display the persistent IP tunnel configuration.


         -p, --parseable
             Display using a stable machine-parseable format. The
             -o option is required with -p. See "Parseable Output
             Format", below.


         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the special  value  all,  to
             display  all  fields. By default (without -o), show-
             iptun displays all fields.

             LINK
                 The name of the IP tunnel link.


             TYPE
                 Type of tunnel as specified by the -T option  of
                 create-iptun.


             FLAGS
                 A set of flags associated  with  the  IP  tunnel
                 link. Possible flags are:

                 s
                     The IP tunnel link  is  protected  by  IPsec
                     policy.  To display the IPsec policy associ-
                     ated with the tunnel link, enter:

                       # ipsecconf -ln -i tunnel-link


                     See ipsecconf(1M) for more details on how to
                     configure IPsec policy.


                 i
                     The IP tunnel link  was  implicitly  created
                     with  ipadm(1M),  and  will be automatically
                     deleted when  it  is  no  longer  referenced
                     (that  is,  when  the last IP interface over
                     the tunnel is removed).  See  ipadm(1M)  for
                     details on implicit tunnel creation.



             LOCAL
                 The local tunnel address.


             REMOTE
                 The remote tunnel address.



         -Z
             Display ZONE column in the output.


         -z zone[,...]
             See description of -z option under dladm  show-link,
             above.



     dladm create-vxlan [-t] [-R root-dir] -p vni=<vxlan
     id>[,prop=value[,...] ] vxlan-link
         Creates a VXLAN link called vxlan-link. A VXLAN link  is
         a  virtual  link  that  is created over an IP interface,
         which will be used for receiving and transmitting  VXLAN
         packets.

         -t, --temporary
             Specifies that the modification is  temporary.  Tem-
             porary modifications last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.


         -p prop=value[,...]
             The properties of the VXLAN link to be created.  See
             "General  Link Properties" for VXLAN related proper-
             ties.

     dladm delete-vxlan [-t] [-R root-dir] vxlan-link
         Deletes the specified VXLAN link.

         -t, --temporary
             Specifies that the modification is  temporary.  Tem-
             porary modifications last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options," above.



     dladm show-vxlan [-P] [[-p] -o field[,...]] [vxlan-link]
         Displays VXLAN configuration for all VXLAN links or  for
         the specified VXLAN link.

         The show-vxlan subcommand accepts the following options:

         -P, --persistent
             Displays the persistent IP tunnel configuration.


         -p, --parseable
             Displays using a  stable  machine-parseable  format.
             The  -o  option  is  required  with  -p  option. See
             "Parseable Output Format", below.


         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the special  value  all,  to
             display all fields. For each VXLAN link, the follow-
             ing fields can be displayed:

             LINK
                       The name of the VXLAN link.


             ADDR
                       The address of the IP interface associated
                       with the VXLAN link.


             VNI
                       The VXLAN segment number  that  the  VXLAN
                       link belongs to.

             MGROUP
                       The multicast group  associated  with  the
                       VXLAN link.




     dladm create-cap [-t] [-R root-dir] cap-link
         Creates a capture datalink with name cap-link. The  cap-
         link must be unique in given zone namespace, where dladm
         command is running.

         -t, --temporary
             Specifies that the capture  datalink  is  temporary.
             Temporary capture last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options" above.



     dladm delete-cap [-t] [-R root-dir] cap-link
         Deletes the specified capture datalink.

         -t, --temporary
             Specifies that the deletion is temporary.  Temporary
             deletions last until the next reboot.


         -R root-dir, --root-dir=root-dir
             See "Options" above.



     dladm show-cap [-P] [[-p] -o <field>,...] [cap-link]
         Shows all/individual cap-link capture interface(s) bound
         to the zone, where dladm command is running.

         -P, --persistent
             Show persistent datalink configuration.


         -p, --parseable
             Displays using a  stable  machine-parseable  format.
             The  -o  option  is  required  with  -p  option. See
             "Parseable Output Format" below.

         -o field[,...], --output=field[,...]
             A case-insensitive, comma-separated list  of  output
             fields to display. The field name must be one of the
             fields listed below, or the special  value  all,  to
             display  all fields. For each capture link, the fol-
             lowing fields can be displayed:

             LINK
                     The name of the capture link.


             ZONE
                     The current zone of the datalink.


             TYPE
                     Datalink type, currently pflog link type  is
                     the only type supported.


             MTU
                     Link mtu.




     help [subcommand-name]
         Displays all the supported dladm  subcommands  or  usage
         for  a  given  subcommand.  If  you  invoke  help  for a
         specific subcommand, the command  syntax  is  displayed,
         along  with  an  example.  Using  dladm help without any
         argument displays all of the subcommands.


  Parseable Output Format
     Many dladm subcommands have an option that  displays  output
     in  a  machine-parseable format. The output format is one or
     more  lines  of  colon  (:)  delimited  fields.  The  fields
     displayed are specific to the subcommand used and are listed
     under the entry for the -o option for  a  given  subcommand.
     Output  includes only those fields requested by means of the
     -o option, in the order requested.


     When you request multiple fields, any literal colon  charac-
     ters  are  escaped  by  a backslash (\) before being output.
     Similarly, literal backslash characters will also be escaped
     (\\). This escape format is parseable by using shell read(1)
     functions with the environment variable IFS=: (see EXAMPLES,
     below). Note that escaping is not done when you request only
     a single field.

  General Link Properties
     The following general link properties are supported:
     addr
         Applicable only for VXLAN links. This property specifies
         the IP address, IPv4 or IPv6, that hosts a VXLAN link. A
         prefixlen may be specified as part of the IPv4  or  IPv6
         address.  A  hostname  may  be provided instead of an IP
         address. If a hostname is provided, its numeric value is
         obtained  from  the  entry in /etc/hosts or the resolver
         specified for hosts or ipnodes in  nsswitch.conf(4).  As
         IP  addresses  are  created  before naming services have
         been brought online during boot process, it is important
         that  any  hostname used be included in /etc/hosts. This
         property cannot be specified if the VXLAN link  is  also
         configured with interface property. This property can be
         set only when creating a VXLAN link and cannot be  modi-
         fied thereafter. This property may change in the future.


     autopush
         Specifies the set of STREAMS  modules  to  push  on  the
         stream  associated  with  a link when its DLPI device is
         opened. It is a space-delimited list of modules.

         The optional special character sequence  [anchor]  indi-
         cates  that  a  STREAMS  anchor  should be placed on the
         stream at the module previously specified in  the  list.
         It  is  an  error  to specify more than one anchor or to
         have an anchor first in the list.

         The autopush property is preferred over the more general
         autopush(1M) command.


     cos
         The 802.1p priority associated with the link. This  pro-
         perty,  when  set, indicates the 802.1p priority on out-
         bound packets on the link. The values range from 0 to 7.
         When  this  property is set, all the packets outbound on
         the link will have a VLAN tag with  the  priority  field
         set  to the property value. When this property is set on
         a physical NIC, only traffic for the primary  client  on
         that  physical  NIC  will  have priority set and not any
         other datalinks on the NIC. This property is only  valid
         on  Ethernet  data  link.  The default cos is 0 for VLAN
         data links or when the underlying device  registers  DCB
         capabilities, otherwise the default is not to add a VLAN
         tag.


     cpus
         Bind the processing of packets for a given data link  to
         a  processor  or a set of processors. The value can be a
         comma-separated list of one or more processor ids  or  a
         range of ids. If the list consists of more than one pro-
         cessor, the processing will spread out to all  the  pro-
         cessors.  Connection  to  processor  affinity and packet
         ordering for any individual  connection  will  be  main-
         tained.

         The processor or set of processors are  not  exclusively
         reserved  for  the  link.  Only  the  kernel threads and
         interrupts associated with processing of  the  link  are
         bound  to  the processor or the set of processors speci-
         fied. In case it is desired that processors be dedicated
         to  the link, psrset(1M) can be used to create a proces-
         sor set and then specifying the processors from the pro-
         cessor set to bind the link to.

         If the link was already bound to  processor  or  set  of
         processors due to a previous operation, the binding will
         be removed and the new set of processors  will  be  used
         instead.

         The default is no CPU binding, which is to say that  the
         processing  of packets is not bound to any specific pro-
         cessor or processor set.

         Specification of the cpus property  is  not  allowed  on
         links with a pool link property.

         The effective value of cpus property displays  the  list
         of  CPUs  used  for  packet processing on the named data
         link. If the cpus property has been set,  the  effective
         value  will  be  the  same as the set value. If the pool
         property has been  set, effective value will be selected
         from  the pool designated by  the administrator. If nei-
         ther the pool nor cpus property is set, the system  will
         select the effective value for cpus property.


     etsbw-lcl
         This indicates the ETS bandwidth configured  on  the  TX
         side  for  a  link. This property can be configured on a
         data link only if the underlying physical NIC  registers
         DCB  capability and supports ETS. The value is a percen-
         tage of the physical NIC's  bandwidth  and  the  sum  of
         values of this property over all links on a physical NIC
         cannot exceed 100.  Aggregation  of  physical  NIC  that
         register  DCB  capabilities  is not supported currently,
         hence this property cannot be set on  aggregations.  The
         effective value for this property could be the etsbw-lcl
         or  etsbw-lcl-advice depending on LLDP negotiations.

     etsbw-lcl-advice
         This indicates  the  ETS  bandwidth  (as  a  percentage)
         recommended  by  the remote end for this link. The value
         is obtained by means of LLDP.


     etsbw-rmt
         This indicates the ETS bandwidth (in percentage) that is
         on  the  remote end for this link. The value is obtained
         by means of LLDP.


     etsbw-rmt-advice
         This indicates the  ETS  bandwidth   (as  a  percentage)
         recommended  to the remote end for this link. This value
         is used by LLDP.


     interface
         Applicable only for VXLAN links. This property specifies
         the  underlying IP interface for a VXLAN link. The VXLAN
         will be created using an IP address that is available on
         the specified interface. By default an IPv4 address will
         be selected for the VXLAN  link  which  can  be  changed
         using the ipvers property. This property can be set only
         when creating  a  VXLAN  link  and  cannot  be  modified
         thereafter. This property may change in the future.


     ipvers
         Applicable only to VXLAN datalinks. This property  indi-
         cates whether an IPv4 or IPv6 address should be selected
         on an IP interface, specified using interface  property,
         for  a  VXLAN  link.  This property can be set only when
         creating a VXLAN link and cannot be modified thereafter.
         This property may change in the future.


     rxfanout
         Allows you to specify the number of receive-side  fanout
         threads.

         Traffic received on a receive ring  can  be  fanned  out
         across  multiple threads and processed in parallel. This
         is particularly useful when the system has large  number
         of  CPUs.  This  property  is  a count for the number of
         receive-side fanout threads for a  particular  datalink.
         Note  that  this  property lets an administrator specify
         the desired rxfanout. However, based on  the  number  of
         available  CPUs  and hardware RX rings, the system might
         choose a different (smaller or even  higher)  value  for
         fanout.  The  number  of  CPUs is the upper bound on the
         receive side fanout while the number of rxrings  is  the
         lower  bound. Thus, the actual receive-side fanout count
         can have a value different from the one set by the user.


     learn_limit
         Limits the number of new or changed MAC  sources  to  be
         learned over a bridge link. When the number exceeds this
         value, learning on that link  is  temporarily  disabled.
         Only non-VLAN, non-VNIC type links have this property.

         The default value is 1000. Valid values are  greater  or
         equal to 0.


     learn_decay
         Specifies the decay rate for source changes  limited  by
         learn_limit.  This number is subtracted from the counter
         for a bridge link every 5 seconds. Only  non-VLAN,  non-
         VNIC type links have this property.

         The default value is 200. Valid values  are  greater  or
         equal to 0.


     lro
         Specifies the user's disposition of turning  LRO  on  or
         off or using system default LRO value on a data link.

         Valid values are off, on, or auto. The default value  is
         auto.  The  value  auto  is set to off for physical NICs
         while it inherits the lower link's lro  disposition  for
         virtual NICs.


     mac-address
         Sets the primary MAC address for  the  data  link.  When
         set, changes the primary MAC address used by all current
         and future MAC clients of the underlying data link.

         Note -

           The system might not turn LRO on if it  determines  it
           is  unsafe to do so. For instance, if IP is forwarding
           traffic using a data link, then the system would  deem
           it  unsafe  to  turn on LRO for that data link. So the
           effective value will be different from the  configured
           value in such cases.


     maxbw
         Sets  the  full  duplex  bandwidth  for  the  link.  The
         bandwidth  is  specified  as  an integer with one of the
         scale suffixes (K, M, or G for Kbps, Mbps, and Gbps). If
         no  units are specified, the input value will be read as
         Mbps. The default is no bandwidth limit.


     bwshare
         Bandwidth share for a VNIC is the minimum share  of  the
         bandwidth  the  VNIC  will get when there is competition
         from other VNICs on the same data link.  Note  that  the
         bandwidth  is  allocated among all the active VNICs. The
         amount of allocation is proportional to their share. For
         example,

           # dladm set-linkprop -p bwshare=40 vnic1

           # dladm set-linkprop -p bwshare=10 vnic2


         Assuming a 1Gbps link and assuming  these  two  are  the
         only  VNICs,  vnic1  can  have  up  to 800 Mbps (1Gbps *
         40/(40+10)) and vnic2 can have up to 200 Mbps  (1Gbps  *
         10/(40+10)).

         The above example assumes both the VNICs have traffic to
         consume  their share of the bandwidth. However, if vnic1
         consumes only 100 Mbps, then vnic2  can  go  up  to  900
         Mbps.  The  goal  with  bandwidth  shares  is  no wasted
         bandwidth when there is a VNIC that  can  use  it  while
         assuring  the  allocated share when there is competition
         from other VNICs.

         This property is currently  supported  only  on  certain
         NICs.  dladm  show-linkprop -H -p bwshare command can be
         used to determine if bwshare property is supported on  a
         given link. The value can range from 1 to 100. The value
         is a relative share value and does not indicate  a  per-
         centage of the bandwidth. The effective value is printed
         as a percentage of the physical link bandwidth. This  is
         the  minimum % of the bandwidth assured to the VNIC when
         there is  competition.  The  effective  value  can  keep
         changing depending on the other VNICs on the link.


     mgroup
         Applicable  only  to  VXLAN  datalinks.  This   property
         indicates  the  multicast  group a VXLAN link subscribes
         to. The VXLAN link will use  this  address  to  discover
         other  VXLAN  links  on  the same VXLAN segment. If this
         property is not set, the default all-host  address  will
         be used by the VXLAN link. This property can be set only
         when creating  a  VXLAN  link  and  cannot  be  modified
         thereafter. This property may change in the future.


     pool
         Bind the processing of packets for a given data link  to
         a   pool  of  processors  defined  and  administered  by
         poolcfg(1M) and pooladm(1M). The binding of processes is
         similar  to  what  occurs  with  the cpus link property,
         except that the list of CPUs  is  not  explicit  and  is
         instead maintained by the pools facility.

         If pools are enabled, and no pool is specified  for  the
         link, pool_default will be used for packet processing.

         For zones with ip-type=exclusive, if a pool is specified
         through  a  pool zone property or dedicated-cpus alloca-
         tion, that pool will also be used  for  all  data  links
         associated with the zone.

         Specification of the pool property  is  not  allowed  on
         links with a cpus link property.

         If the pools facility  has  been  enabled,  and  if  the
         administrator  has  not  assigned a pool to a data link,
         then the effective value of pool will be pool_default.

         If the pools facility is disabled, there is no effective
         pool and the value will be empty.


     priority
         Sets the relative priority for the link. The  value  can
         be  given as one of the tokens high, medium, or low. The
         default is medium. This priority is not reflected in any
         protocol  priority  fields  on  the  wire,  but used for
         packet processing scheduling within the system.  A  high
         priority  link  offers a better latency depending on the
         availability of system resources. Setting this  property
         can cause CPU utilization to go up for some workloads.


     rxringsavail
         A read-only property that specifies the number of  rings
         available on the receive side.

     rxrings
         Specifies the number of receive rings side for  the  MAC
         client.  A  value of sw means this MAC client should not
         be assigned any RX ring and will  be  software-based.  A
         value  of  hw means this MAC client can get one RX ring,
         if available, or  will  be  software-based.  A  non-zero
         value means reserve that many rings for this MAC client,
         if available, and fail if not. If this property  is  not
         specified, the MAC client can get one RX ring, if avail-
         able, or will be software-based.


     rxhwclntavail
         A read-only property that specifies the number of  addi-
         tional   RX  hardware-based  MAC  clients  that  can  be
         created.


     txringsavail
         A read-only property that specifies the number of  rings
         available on the transmit side.


     txrings
         Specifies the number  of  transmit  rings  for  the  MAC
         client.  A  value of sw means this MAC client should not
         be assigned any TX ring. A value of hw  means  this  MAC
         client  can  get  one  TX ring, if available, or will be
         software-based. A non-zero value means reserve that many
         rings  for  this  MAC  client, if available, and fail if
         not. If this property is not specified, the  MAC  client
         can  get one TX ring, if available, or will be software-
         based.


     txhwclntavail
         A read-only property that specifics the number of  addi-
         tional   TX  hardware-based  MAC  clients  that  can  be
         created.


     stp
         Enables or disables Spanning Tree Protocol on  a  bridge
         link.  Setting  this  value to 0 disables Spanning Tree,
         and puts the link into forwarding mode with BPDU  guard-
         ing enabled. This mode is appropriate for point-to-point
         links connected only to end nodes. Only  non-VLAN,  non-
         VNIC type links have this property. The default value is
         1, to enable STP.

     forward
         Enables or disables forwarding for a VLAN. Setting  this
         value  to  0 disables bridge forwarding for a VLAN link.
         Disabling bridge forwarding removes that VLAN  from  the
         "allowed set" for the bridge. The default value is 1, to
         enable bridge forwarding for configured VLANs.


     default_tag
         Sets the default VLAN ID that is  assumed  for  untagged
         packets  sent  to and received from this link. Only non-
         VLAN, non-VNIC type links have  this  property.  Setting
         this  value  to  0  disables  the  bridge  forwarding of
         untagged packets to and from the port. The default value
         is  VLAN  ID  1. Valid values values are from 0 to 4094.
         The default VLAN ID is also referred to as the Port VLAN
         Identifier (PVID).

         You cannot create a tagged VLAN or VLAN-tagged VNIC link
         with  a  VLAN  ID that matches the default VLAN value of
         the underlying link. All untagged packets  on  the  link
         are  already associated with the default VLAN (PVID). To
         successfully create a tagged VLAN  or  VLAN-tagged  VNIC
         link  with  VLAN ID equal to the default VLAN value, you
         must first change the default_tag property of the under-
         lying link to a different VLAN value.

         When default_tag=0, all untagged packets on the link are
         no longer associated with any VLAN. As a result, you can
         create a VLAN link with any VLAN ID from 1 to 4094. Note
         that  any  received  packets that are erroneously tagged
         with the PVID at an end-point  might  be  dropped.  This
         situation  occurs  if all the end-points on a given link
         do not agree on the PVID. All end-points on a link  must
         use  the  same  PVID  and  must not tag traffic with the
         PVID.


     stp_priority
         Sets the STP and RSTP Port Priority value, which is used
         to  determine the preferred root port on a bridge. Lower
         numerical values are higher priority. The default  value
         is 128. Valid values range from 0 to 255.


     stp_cost
         Sets the STP and RSTP  cost  for  using  the  link.  The
         default value is auto, which sets the cost based on link
         speed, using 100 for  10Mbps,  19  for  100Mbps,  4  for
         1Gbps,  and  2  for 10Gbps. Valid values range from 1 to
         65535.


     stp_edge
         Enables or disables bridge edge port detection.  If  set
         to  0  (false), the system assumes that the port is con-
         nected to other bridges even if no bridge  PDUs  of  any
         type  are  seen.  The  default value is 1, which detects
         edge ports automatically.


     stp_p2p
         Sets  bridge  point-to-point  operation  mode.  Possible
         values  are  true,  false,  and  auto. When set to auto,
         point-to-point connections are automatically discovered.
         When  set to true, the port mode is forced to use point-
         to-point. When set to false, the port mode is forced  to
         use normal multipoint mode. The default value is auto.


     stp_mcheck
         Triggers the system to run the RSTP Force BPDU Migration
         Check procedure on this link. The procedure is triggered
         by setting the property value  to  1.  The  property  is
         automatically  reset back to 0. This value cannot be set
         unless the following are true:

             o    The link is bridged

             o    The bridge is protected by Spanning Tree

             o    The bridge force-protocol value is at  least  2
                  (RSTP)
         The default value is 0.


     protection
         Enables one or more  types  of  link  protection.  Valid
         values are:

         mac-nospoof
             MAC address anti-spoof. An outbound packet's  source
             MAC  address  must  match  the link's configured MAC
             address. Non-matching packets will  be  dropped.  If
             the  link  belongs to a zone, turning mac-nospoof on
             will prevent the zone's  owner  from  modifying  the
             link's MAC address.

         ip-nospoof
             IP address anti-spoof. This protection type works in
             conjunction with the link property allowed-ips.

             allowed-ips is a list containing IP (IPv4  or  IPv6)
             addresses.  This list is empty by default. Addresses
             that are implicitly in this list are: the link local
             IPv6  address  conforming  to RFC 2464 (derived from
             the link's MAC address); IPv4/IPv6 addresses learned
             from   DHCP  replies;  the  unspecified  (all-zeros)
             IPv4/IPv6 address.

             An outbound IP packet can pass if its source address
             is in allowed-ips.

             An outbound ARP packet can pass if its sender proto-
             col address is in allowed-ips.

             When  a  datalink  has  been  protected  by  setting
             allowed-ips  to  a  set of one or more IP addresses,
             any attempts to configure IP addresses that are  not
             in  this  set  will  fail  with an EPERM error being
             returned to the user. Moreover,  the  interface  may
             not  be used for forwarding IP packets, and attempts
             to set the  ipadm(1M)  forwarding  property  on  the
             interface will encounter an EPERM error.


         dhcp-nospoof
             DHCP  client  ID  (DUID  for  DHCPv6)  and  hardware
             address  anti-spoof.  This  protection type works in
             conjunction with  the  link  property  allowed-dhcp-
             cids.

             Items in the allowed-dhcp-cids list should  be  for-
             matted in the same way as the CLIENT_ID field in the
             /etc/default/dhcpagent file. The only difference  is
             that . (period) should be used in place of , (comma)
             when  specifying  DUIDs.   See   dhcpagent(1M)   for
             details.

             An outbound DHCP (v4/v6) packet  can  pass  only  if
             these conditions are satisfied:

                 o    If allowed-dhcp-cids is not configured  and
                      the packet type is:

                     o    DHCPv4, the client ID field must  match
                          the configured MAC address.

                     o    DHCPv6, the DUID must be of type 1 or 3

                          and  the link layer address part of the
                          DUID  must  match  the  configured  MAC
                          address.

                 o    If allowed-dhcp-cids is configured and  the
                      packet type is:

                     o    DHCPv4, the client ID field must  match
                          one of the IDs on this list or the con-
                          figured MAC address.

                     o    DHCPv6, the DUID field must  match  one
                          of  the  IDs  on this list or, the DUID
                          must be of type 1 or  3  and  the  link
                          layer  address part of the DUID matches
                          the configured MAC address.


         restricted
             This protection restricts outgoing packet  types  to
             just IPv4, IPv6, and ARP.



     vni
         Applicable only to VXLAN datalinks. This property,  with
         values  ranging  between  0 and 16777215, that specifies
         the VXLAN segment the link belongs to. This property  is
         mandatory when creating a VXLAN link and cannot be modi-
         fied thereafter. This property may change in the future.


     vsi-mgrid
         An IPv6 address.

         When the VDP service is enabled on a VNIC, properties of
         the  VNIC  are  exchanged with the bridge using a 3-byte
         VSI Type ID and 1-byte VSI Version. A VSI Manager  main-
         tains  the mapping between the {VSI Type ID-VSI Version}
         and the set of properties. The {VSI Manager ID, VSI Type
         id, VSI Version} tuple identifies a specific set of pro-
         perties.

         On a VNIC, the vsi-mgrid can be explicitly assigned.  If
         the  vsi-mgrid is not explicitly assigned, the vsi-mgrid
         is set to the vsi-mgrid value of the underlying link.

         On physical link, vsi-mgrid specifies the  default  vsi-
         manageid for all the VNICs over it. The default value of
         the vsi-mgrid on a physical link is 0.

         The default VSI Manager ID on a physical link is associ-
         ated with the Oracle VSI Manager (oracle_v1). The Oracle
         VSI Manager is defined as a 3-byte  encoding  using  the
         following link properties:

           Bits            Properties

           --------------------------------------------------

           0-4             Link Bandwidth Limit

                           00000-10100 :   0-100% of link speed

                                          in increments of 5%

                           rest        :   reserved



                           5-7             Link Speed

                                          000 - Unknown

                                          001 - 10 Mbps

                                          010 - 100 Mbps

                                          011 - 1 Gbps

                                          100 - 10 Gbps

                                          101 - 40 Gbps

                                          110 - 100 Gbps

                                          111 - Reserved



                           8-12            Reserved



                           13-15           Traffic Class (0-7)



                           16-17           Link MTU

                                          00 - 1500 bytes

                                          01 - 9000 bytes
                                          10 - Custom

                                          11 - Reserved





                           18-23           Reserved



     vsi-mgrid-enc
         The encoding associated with the  physical  link's  vsi-
         mgrid.  Supported  values include oracle_v1 and none. If
         this property is set to none, the  vsi-typeid  and  vsi-
         vers  are not automatically generated over this link for
         VNICs that do not have their vsi-mgrid explicitly set.


     vsi-typeid
         A 3-byte value that is used to determine the  properties
         associated  with  a  VNIC.  The vsi-typeid is used along
         with the vsi-vers and vsi-mgrid  to  obtain  the  actual
         properties  associated with the VNIC. When the vsi-mgrid
         is  not  explicitly  on  the  VNIC,  the  vsi-typeid  is
         automatically generated using the properties of the VNIC
         and the above encoding (oracle_v1).


     vsi-vers
         A 1-byte value that is used to determine the  properties
         associated  with a VNIC. The vsi-vers is used along with
         the vsi-typeid and vsi-mgrid to obtain the  actual  pro-
         perties  associated with the VNIC. When the vsi-mgrid is
         not explicitly on the VNIC, the vsi-vers is set to 0.


     vswitching
         This property determines if switching between  VNICs  or
         MAC  clients  over  a  physical link happens through the
         virtual switch associated with the link or on the exter-
         nal switch. This property is applicable only to physical
         and  aggregated  links.  By  default  switching  happens
         through  the  virtual  switch  associated with the link.
         Valid values include:

         local
                   Switching between MAC clients  or  VNICs  over
                   the link happens internally through the link's
                   virtual switch. This is referred to as Virtual

                   Ethernet Bridge (VEB).


         remote
                   Switching between MAC clients  or  VNICs  over
                   the link happens externally through the exter-
                   nal switch. This is  referred  to  as  Virtual
                   Ethernet  Port Aggregator (VEPA). Setting this
                   value assumes that Reflective Relay is config-
                   ured on the external switch.


         auto
                   Switching is  determined  through  Link  Layer
                   Discovery   Protocol  (LLDP)  protocol.   This
                   value initiates LLDP exchange with the  exter-
                   nal switch to enable Reflective Relay. If LLDP
                   successfully enables Reflective Relay  on  the
                   switch,  the  effective  value is remote (that
                   is, switching happens on the external switch),
                   else  it  is local (that is, switching happens
                   locally through the link's virtual switch).



     pvlan-tagmode
         This property determines how the outgoing packets should
         be  tagged. This property applies to physical links. The
         valid values are:

         primary
                      The outgoing packets will  be  tagged  with
                      the VNIC's Primary VID.


         secondary
                      The outgoing packets will  be  tagged  with
                      the  VNIC's  Secondary  VID.  This  is  the
                      default value.



     iov
         This property behaves differently depending  on  whether
         it is used on a physical link or a VNIC.

         Setting this link property on a physical link allows the
         user  to enable/disable SR-IOV mode. The possible values
         for iov on a physical link are:

         auto
                 Allows the OS decide whether  to  enable  SR-IOV
                 mode on this link. This is the default value.

         on
                 Turns SR-IOV mode on. This will allow the  crea-
                 tion of VF VNICS.


         off
                 Turns SR-IOV mode off.  This  will  disable  the
                 ability to create VF VNICs.

         The user can display the current iov  setting  by  using
         show-linkprop.  The EFFECTIVE column will show the value
         decided by the OS. The VALUE column will show  the  user
         specified value.

         This property may also be specified during VNIC creation
         via the -p option. This option allows the user to choose
         whether to create a VF VNIC or not. For this  case,  the
         possible values for iov are:

         inherit
                    Inherit the EFFECTIVE iov  setting  from  the
                    VNIC's  underlying  link. For example, if the
                    underlying  link  has  -iov  on,   specifying
                    inherit  during VNIC creation means, allowing
                    the OS allocate a VF if possible; If a VF  is
                    not  found, create a regular VNIC instead. If
                    the underlying link has iov off, it  means  a
                    VF will not be allocated.

                    If -p iov is  not  specified  during  create-
                    vnic, this is + the assumed default value.


         on
                    A VF must be allocated for this VNIC. If a VF
                    cannot be found, fail the VNIC creation.


         off
                    Do not allocate  a  VF  for  this  VNIC.  The
                    created  VNIC  will  always be a regular VNIC
                    regardless of the underlying iov setting.

         Unlike the physical link case, the VNIC's  iov  property
         cannot  be  modified  by  set-linkprop.  It  can only be
         specified during create-vnic. Displaying  this  property
         through show-linkprop is allowed.


     zone
         Specifies the zone to which the link belongs. This  pro-
         perty  can  be  modified only temporarily through dladm,
         and thus the -t option must be specified. To modify  the
         zone  assignment  such  that it persists across reboots,
         please use zonecfg(1M). Possible values consist  of  any
         exclusive-IP  zone  currently  running on the system. By
         default, the zone binding is as per zonecfg(1M).

     allow-autoconf
         Specifies whether a physical link  should  be  automati-
         cally  configured. This property is only applicable when
         the system-defined Automatic Network Configuration  Pro-
         file is active. The default value is 1, meaning that the
         link will be automatically configured. If the  value  is
         set to 0, the link will not be automatically configured.


     fw-vers
         Applicable only for physical datalinks. A read-only pro-
         perty  that  specifies  the firmware version information
         for the physical NIC. This property is only  shown  when
         explicitly  requested through the -p option. The format,
         meaning, and stability of its value is up to each  indi-
         vidual  driver and optionally documented in the driver's
         manual page.



     On IPoIB VNICs, only the following link properties are  sup-
     ported:  autopush, zone, maxbw, cpus, rxfanout, pool, prior-
     ity, protection, allowed-ips, and allowed-dhcp-cids.

  Wifi Link Properties
     The following WiFi link properties are supported. Note  that
     the ability to set a given property to a given value depends
     on the driver and hardware.

     channel
         Specifies the channel to use. This property can be modi-
         fied  only  by certain WiFi links when in IBSS mode. The
         default value and allowed  range  of  values  varies  by
         regulatory domain.


     powermode
         Specifies the power management mode of  the  WiFi  link.
         Possible  values are off (disable power management), max
         (maximum power savings), and fast (performance-sensitive
         power management). Default is off.


     radio
         Specifies the radio mode  of  the  WiFi  link.  Possible
         values are on or off. Default is on.

     speed
         Specifies a fixed speed for the WiFi link,  in  megabits
         per  second.  The  set of possible values depends on the
         driver and hardware (but  is  shown  by  show-linkprop);
         common  speeds  include  1,  2,  11, and 54. By default,
         there is no fixed speed.


  Ethernet Link Properties
     The following MII Properties, as documented in ieee802.3(5),
     are supported in read-only mode:

         o    duplex

         o    state

         o    adv_autoneg_cap

         o    adv_10gfdx_cap

         o    adv_1000fdx_cap

         o    adv_1000hdx_cap

         o    adv_100fdx_cap

         o    adv_100hdx_cap

         o    adv_10fdx_cap

         o    adv_10hdx_cap


     Each adv_ property (for example, adv_10fdx_cap) also  has  a
     read/write    counterpart   en_   property   (for   example,
     en_10fdx_cap)   controlling   parameters   used   at   auto-
     negotiation.  In  the absence of Power Management, the  adv*
     speed/duplex parameters provide the  values  that  are  both
     negotiated  and  currently  effective  in hardware. However,
     with Power Management enabled, the speed/duplex capabilities
     currently  exposed  in hardware might be a subset of the set
     of bits that were used in initial  link  parameter  negotia-
     tion.  Thus  the  MII adv_* parameters are marked read-only,
     with an additional set of en_*  parameters  for  configuring
     speed and duplex properties at initial negotiation.


     Note   that   the   adv_autoneg_cap   does   not   have   an
     en_autoneg_cap  counterpart:  the  adv_autoneg_cap  is a 0/1
     switch that turns off/on autonegotiation itself, and  there-
     fore cannot be impacted by Power Management.

     In addition, the following Ethernet properties are reported:

     flowctrl
         Establishes flow-control modes that will  be  advertised
         by the device. Valid input is one of:

         auto
             Flow control  mode  on  the  device  is  dynamically
             determined.  To see the actual flow control mode set
             on the device, check the effective value of flowctrl
             property.


         no
             No flow control enabled.


         rx
             Receive, and act upon incoming pause frames.


         tx
             Transmit pause frames to the  peer  when  congestion
             occurs, but ignore received pause frames.


         pfc
             Transmit pause frames including the  priority  value
             of  the traffic that should be paused. Receive pause
             frames, and act  upon  the  traffic  whose  priority
             values are specified in the frame.


         bi
             Bidirectional flow control.

         Note that the actual settings for this  value  are  con-
         strained  by  the capabilities allowed by the device and
         the  link  partner.  As  such  the  effective  value  of
         flowctrl indicates the system chosen value.


     gvrp-timeout
         Specifies wait period between  VID  announcement  broad-
         casts, in milliseconds.

     mtu
         The maximum client SDU (Send Data Unit) supported by the
         device. Valid range is 68-65536.


     ntcs
         The number of Traffic Classes supported on the device. A
         device supporting extensions for DCB (Data Center Bridg-
         ing) can support multiple traffic classes. This property
         can  be  used  to  determine  if the device supports DCB
         extensions. This is a read-only property.


     pfcmap
         This property is used to indicate  the  802.1p  priority
         values  for  which  PFC (Priority-based flow control) is
         enabled. This is an 8-bit mask, in which  an  individual
         bit signifies whether PFC is enabled for the correspond-
         ing priority. For priorities that have PFC enabled,  the
         device  will transmit a pause frame for that priority in
         the event of congestion. This is relevant only  if  ntcs
         is  greater than zero and effective value of flowctrl is
         pfc.

         The effective value of pfcmap can  either  be  the  user
         configured  value  or  the effective value of pfcmap-rmt
         depending on LLDP DCBx negotiations.


     pfcmap-rmt
         This property is used to indicate the PFC  configuration
         of the remote peer, usually an adjacent switch.


     ptp
         (read-only) This property is used to indicate the  avai-
         lability of PTP hardware assistance in the device.


     speed
         (read-only) The operating speed of the device, in Mbps.


     tagmode
         This link property  controls  the  conditions  in  which
         802.1Q  VLAN  tags  will  be  inserted  in packets being
         transmitted on the link. Two mode values can be assigned
         to this property:
         normal
                     Insert a VLAN tag in outgoing packets  under
                     the following conditions:

                         o    The packet belongs to a VLAN.

                         o    The user  requested  priority  tag-
                              ging.


         vlanonly
                     Insert a VLAN tag  only  when  the  outgoing
                     packet  belongs to a VLAN. If a tag is being
                     inserted in this mode and the user has  also
                     requested  a non-zero priority, the priority
                     is honored and included in the VLAN tag.

         The default value is vlanonly.


     vlan-announce
         This property controls automatic VLAN  ID  announcement.
         When  enabled,  it  broadcasts  the VIDs of any VNICs or
         VLANs configured on the device. It supports both  physi-
         cal links and aggregations. Possible values are:

         off
             No VID announcements will be sent.


         gvrp
             Announcements sent using GVRP protocol,  as  defined
             in  802.1D.  See gvrp-timeout to configure broadcast
             frequency.



  InfiniBand Link Properties
     The following properties are supported only on IB  partition
     object datalinks and IPoIB VNIC datalinks.

     linkmode
         Sets the link transport service type on an IB  partition
         datalink. The default value is cm. Valid values are:

         cm
             Connected Mode. This mode  uses  a  default  MTU  of
             65520  and supports a maximum MTU of 65535 bytes. If
             Connected Mode is not available for a  remote  node,
             Unreliable  Datagram mode will automatically be used
             instead.

         ud
             Unreliable Datagram Mode. This mode uses  a  default
             MTU  of  2044  and  supports  a  maximum MTU of 4092
             bytes.



  IP Tunnel Link Properties
     The following IP tunnel link properties are supported.

     hoplimit
         Specifies the IPv4 TTL or IPv6 hop limit for the  encap-
         sulating outer IP header of a tunnel link. This property
         exists for all tunnel types. The default value is 64.


     encaplimit
         Specifies the IPv6 encapsulation limit for an IPv6  tun-
         nel  as  defined  in  RFC 2473. This value is the tunnel
         nesting limit for a given tunneled packet.  The  default
         value  is  4.  A  value  of 0 disables the encapsulation
         limit.


  Aggregation Link Properties
     The following properties are supported  only  on  DLMP  mode
     aggregations.

     probe-ip
         This property is a comma separated list of IP  addressed
         allowed for use as source IP addresses for ICMP probing.
         IP addresses from this list, if configured  (as  plumbed
         primary  or  as  VNICs)  will  be used for ICMP probing.
         These IP addresses will continue to carry  data  traffic
         like  usual. Thus, there is no need to reserve exclusive
         IP addresses for probing.

         Each field in the list consists of "source IP"  followed
         by optional target configuration information. The target
         information, if specified, can either be the  target  IP
         address  or  the  string  "rt". If it is the latter, the
         in.dlmpd daemon  will  consult  the  routing  table  for
         routes  on  the same subnet as the specified "source IP"
         address, and uses the specified next-hop as  the  target
         IP address.

         If no target is specified, the DLMP probing service will
         try  to discover potential targets IP addresses by send-
         ing the ICMP multicast packet.

         Regardless  the  sources  of  the  target   IP   address
         (discovered,  specified or come from the routing table),
         the target IP address must be in the same subnetwork  as
         the  specified  source  IP address, or, it will not take
         effect.

         The following forms are accepted. Note that "target" can
         either be the IP address or the hostname of the target:

         <IP address>[/prefixlen][+<target address>
             Explicitly specify the IP  address  and  its  prefix
             length (optional). For example, 10.134.8.0/24+.


         <addrobj_name>[+<target address>
             Specify the specific addrobj name, which can be seen
             in   the   ipadm   show-addr  output.  For  example,
             vnic1/addr1+169.156.0.1.


         <interface_name>[+<target address>
             Specify a specific interface name. It can be  either
             the  name of the aggregation interface itself or any
             VNIC configured over the aggregation. All  the  IPv4
             addresses  and  IPv6  addresses  configured  on  the
             specified interface will be used for  ICMP  probing.
             Note  that  to  avoid ambiguity between the hostname
             and the interface name, the interface names will  be
             enclosed   by   the  square  barcket.  For  example,
             [dlmp1]+.


         +[<target>]
             When no source IP address is specified, all  the  IP
             addresses  configured  on  the  aggregation  and the
             VNICs in the global zone will be potential source IP
             address of ICMP probes.



     probe-fdt
         This link property defines the failure  detection  time.
         It  configures the expected failure detection time value
         in seconds.  The default value is 10s.

Examples
     Example 1 Display Datalink Configuration

     The following command shows the  effect  of  invoking  dladm
     with no arguments.


       # dladm

       LINK                CLASS     MTU    STATE    OVER

       net0                phys      1500   up       --

       net1                phys      1500   up       --

       net2                phys      1500   unknown  --

       net3                phys      1500   up       --

       vnic1               vnic      1500   up       net1

       vlan1               vlan      1500   up       net1

       aggr1               aggr      1500   up       net2 net3

       stub1               etherstub 9000   unknown  --



     Example 2 Configuring an Aggregation


     To configure a data-link over an aggregation of devices bge0
     (linkname  net0)  and bge1 (linkname net1) with key 1, enter
     the following command:


       # dladm create-aggr -l net0 -l net1 1




     To configure an IEEE 802.3ad  link  aggregation  of  devices
     e1000g1 (linkname net0) and e1000g2 (linkname net1) with the
     name aggr1, enter following command:


       # dladm create-aggr -l net0 -l net1 aggr1




     To configure an Datalink Multipathing (dlmp)  link  aggrega-
     tion  of  devices ixgbe1 (linkame net2) and ixgbe2 (linkname
     net3) with the name aggr2 enter following command:

       # dladm create-aggr -m dlmp -l net2  -l net3 aggr2




     To list aggregations, enter following command:


       # dladm show-aggr

       LINK              MODE    POLICY   ADDRPOLICY           LACPACTIVITY  LACPTIMER

       aggr1             trunk   L4       auto            off           short

       aggr2             dlmp    --       --           --            --



     Example 3 Connecting to a WiFi Link


     To connect to the most optimal available  unsecured  network
     on  a system with a single WiFi link (as per the prioritiza-
     tion rules specified for connect-wifi), enter the  following
     command:


       # dladm connect-wifi



     Example 4 Creating a WiFi Key


     To interactively create the WEP key mykey, enter the follow-
     ing command:


       # dladm create-secobj -c wep mykey




     Alternatively, to non-interactively create the WEP key mykey
     using the contents of a file:


       # umask 077

        # cat >/tmp/mykey.$$ <<EOF

        12345

        EOF

        # dladm create-secobj -c wep -f /tmp/mykey.$$ mykey

        # rm /tmp/mykey.$$



     Example 5 Connecting to a Specified Encrypted WiFi Link


     To use key mykey to connect to  ESSID  wlan  on  link  ath0,
     enter the following command:


       # dladm connect-wifi -k mykey -e wlan ath0



     Example 6 Changing a Link Property


     To set powermode to the value fast on link pcwl0, enter  the
     following command:


       # dladm set-linkprop -p powermode=fast pcwl0



     Example 7 Connecting to a WPA-Protected WiFi Link


     Create a WPA key psk and enter the following command:


       # dladm create-secobj -c wpa psk




     To then use key psk to connect to ESSID wlan on  link  ath0,
     enter the following command:


       # dladm connect-wifi -k psk -e wlan ath0



     Example 8 Renaming a Link

     To rename the bge0 link to mgmt0, enter the  following  com-
     mand:


       # dladm rename-link bge0 mgmt0



     Example 9 Replacing a Network Card


     Consider that the bge0 device, whose link was named mgmt0 as
     shown  in  the previous example, needs to be replaced with a
     ce0 device because of a hardware failure. The  bge0  NIC  is
     physically  removed,  and  replaced  with  a new ce0 NIC. To
     associate the newly added ce0 device with the  mgmt0  confi-
     guration  previously associated with bge0, enter the follow-
     ing command:


       # dladm rename-link ce0 mgmt0



     Example 10 Removing a Network Card


     Suppose that in the previous example, the intent is  not  to
     replace  the bge0 NIC with another NIC, but rather to remove
     and not replace  the  hardware.  In  that  case,  the  mgmt0
     datalink configuration is not slated to be associated with a
     different physical device as shown in the previous  example,
     but  needs  to  be  deleted.  Enter the following command to
     delete the datalink configuration associated with the  mgmt0
     datalink,  whose  physical  hardware (bge0 in this case) has
     been removed:


       # dladm delete-phys mgmt0



     Example 11 Using Parseable Output to Capture a Single Field


     The following assignment saves the MTU of  link  net0  to  a
     variable named mtu.


       # mtu=`dladm show-link -p -o mtu net0`

     Example 12 Using Parseable Output to Iterate over Links


     The following script displays the state of each link on  the
     system.


       # dladm show-link -p -o link,state | while IFS=: read link state; do

                   print "Link $link is in state $state"

               done



     Example 13 Configuring VNICs


     Create two VNICs with names hello0 and test1 over  a  single
     physical link net0:


       # dladm create-vnic -l net0 hello0

       # dladm create-vnic -l net0 test1



     Example 14 Configuring VNICs and  Allocating  Bandwidth  and
     Priority


     Create two VNICs with names hello0 and test1 over  a  single
     physical link net0 and make hello0 a high priority VNIC with
     a factory-assigned MAC address with a maximum  bandwidth  of
     50  Mbps.  Make  test1 a low priority VNIC with a random MAC
     address and a maximum bandwidth of 100Mbps.


       # dladm create-vnic -l net0 -m factory -p maxbw=50,priority=high hello0

       # dladm create-vnic -l net0 -m random -p maxbw=100M,priority=low test1



     Example 15 Configuring a VNIC with a Factory MAC Address


     First, list the available factory MAC addresses  and  choose
     one of them:

       # dladm show-phys -m net0

       LINK            SLOT         ADDRESS              INUSE    CLIENT

       net0            primary      0:e0:81:27:d4:47     yes      net0

       net0            1            8:0:20:fe:4e:a5      no

       net0            2            8:0:20:fe:4e:a6      no

       net0            3            8:0:20:fe:4e:a7      no




     Create a VNIC named hello0 and use slot 1's address:


       # dladm create-vnic -l net0 -m factory -n 1 hello0

       # dladm show-phys -m net0

       LINK            SLOT         ADDRESS              INUSE    CLIENT

       net0            primary      0:e0:81:27:d4:47     yes      net0

       net0            1            8:0:20:fe:4e:a5      yes     hello0

       net0            2            8:0:20:fe:4e:a6      no

       net0            3            8:0:20:fe:4e:a7      no



     Example 16 Creating a VNIC with User-Specified MAC  Address,
     Binding it to Set of Processors


     Create a VNIC with name hello0, with a  user  specified  MAC
     address, and a processor binding 0, 2, 4-6.


       # dladm create-vnic -l net0 -m 8:0:20:fe:4e:b8 -p cpus=0,2,4-6 hello0



     Example 17 Creating a Virtual Network Without a Physical NIC


     First, create an etherstub with name stub1:

       # dladm create-etherstub stub1




     Create two VNICs with names hello0 and test1 on  the  ether-
     stub.  This  operation  implicitly  creates a virtual switch
     connecting hello0 and test1.


       # dladm create-vnic -l stub1 hello0

       # dladm create-vnic -l stub1 test1



     Example 18 Displaying Bridge Information


     The following commands use the show-bridge  subcommand  with
     no and various options.


       # dladm show-bridge

       BRIDGE       PROTECT ADDRESS           PRIORITY DESROOT

       foo          stp     32768/8:0:20:bf:f 32768    8192/0:d0:0:76:14:38

       bar          stp     32768/8:0:20:e5:8 32768    8192/0:d0:0:76:14:38



       # dladm show-bridge -l foo

       LINK         STATE        UPTIME   DESROOT

       hme0         forwarding   117      8192/0:d0:0:76:14:38

       qfe1         forwarding   117      8192/0:d0:0:76:14:38



       # dladm show-bridge -s foo

       BRIDGE       DROPS        FORWARDS

       foo          0            302



       # dladm show-bridge -ls foo

       LINK         DROPS     RECV      XMIT

       hme0         0         360832    31797

       qfe1         0         322311    356852



       # dladm show-bridge -f foo

       DEST              AGE     FLAGS  OUTPUT

       8:0:20:bc:a7:dc   10.860  --     hme0

       8:0:20:bf:f9:69   --      L      hme0

       8:0:20:c0:20:26   17.420  --     hme0

       8:0:20:e5:86:11   --      L      qfe1



     Example 19 Creating an IPv4 Tunnel


     The following sequence of commands creates and then displays
     a  persistent  IPv4  tunnel  link  named  mytunnel0  between
     66.1.2.3 and 192.4.5.6:


       # dladm create-iptun -T ipv4 -a local=66.1.2.3,remote=192.4.5.6 mytunnel0

       # dladm show-iptun mytunnel0

       LINK            TYPE  FLAGS  SOURCE              DESTINATION

       mytunnel0       ipv4  --     66.1.2.3            192.4.5.6




     A point-to-point IP interface can then be created over  this
     tunnel link:


       # ipadm create-ip mytunnel0

       # ipadm create-addr -T static -a local=10.1.0.1,remote=10.1.0.2 \

       mytunnel0/addr

       # ipadm show-addr mytunnel0/addr

       ADDROBJ           TYPE     STATE        ADDR

       mytunnel0/addr    static   ok           10.1.0.1->10.1.0.2



     Example 20 Creating a 6to4 Tunnel


     The following command creates a 6to4 tunnel link.  The  IPv4
     address of the 6to4 router is 75.10.11.12.


       # dladm create-iptun -T 6to4 -a local=75.10.11.12 sitetunnel0

       # dladm show-iptun sitetunnel0

       LINK            TYPE  FLAGS  SOURCE              DESTINATION

       sitetunnel0     6to4  --     75.10.11.12         --




     The following command creates an IPv6 interface on this tun-
     nel:


       # ipadm create-ip sitetunnel0

       # ipadm show-addr sitetunnel0/_a

       ADDROBJ           TYPE     STATE        ADDR

       sitetunnel0/_a    static   ok           2002:4b0a:b0c::1/16




     Note that  the  system  automatically  configures  the  IPv6
     address  on  the  6to4  IP  interface.  See  ipadm(1M) for a
     description of how IPv6 addresses  are  configured  on  6to4
     tunnel links.


     Example 21 Using Link Protection


     To enable link protection:


       # dladm set-linkprop \
       -p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0




     To disable link protection:


       # dladm reset-linkprop -p protection vnic0




     To modify the allowed-ips list:


       # dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0




     To modify the allowed-dhcp-cids list:


       # dladm set-linkprop -p allowed-dhcp-cids=hello vnic0




     To display the resulting configuration:


       # dladm show-linkprop -p protection,allowed-ips vnic0



       LINK  PROPERTY    PERM   VALUE        EFFECTIVE    DEFAULT POSSIBLE

       vnic0 protection  rw     mac-nospoof, mac-nospoof, --      mac-nospoof,

                                restricted,  restricted,        restricted,

                                ip-nospoof,  ip-nospoof,        ip-nospoof,

                                dhcp-nospoof dhcp-nospoof         dhcp-nospoof

       vnic0 allowed-ips rw     10.0.0.1,    10.0.0.1,    --      --

                                10.0.0.2     10.0.0.2

       vnic0 allowed-dhcp-cids rw hello      hello        --      --

     Example 22 Creating an IB Partition


     The following command creates  a  partition  ffff.ibp0  with
     partition key 0xffff on the physical link ibp0.


       # dladm create-part -P ffff -l ibp0 ffff.ibp0



     Example 23 Displaying IB Partition Information


     The following command displays IB partition information.


       # dladm show-part

       LINK         PKEY OVER         STATE    FLAGS

       ffff.ibp0    FFFF ibp0         up       ----



     Example 24 Displaying IB Data Links Information


     The following command displays IB data links information.


       # dladm show-ib

       LINK     HCAGUID        PORTGUID       PORT STATE  GWNAME GWPORT  PKEYS

       net0     3BA000100CD7C  3BA000100CD7D  1    down   --     --      FFFF

       net1     3BA000100CD7C  3BA000100CD7E  2    down   --     --      FFFF

       net3     5AD0000033634  5AD0000033636  2    up     --     --      FFFF,8001

       net2     5AD0000033634  5AD0000033635  1    up     --     --      FFFF,8001



     Example 25 Displaying IB HCA mapping


     The following command displays IB HCA  name  as  managed  by
     ibadm(1M) that each IB link runs over.

       # dladm show-ib -o link,hca,port,hcaguid,portguid,pkeys

       LINK     HCA            PORT   HCAGUID        PORTGUID       PKEYS

       net0     hermon0        1      3BA000100CD7C  3BA000100CD7D  FFFF,8001

       net1     hermon0        2      3BA000100CD7C  3BA000100CD7E  FFFF,8001

       net3     hermon0.vhca0  2      5AD0000033634  5AD0000033636  FFFF,8001

       net2     hermon0.vhca1  1      5AD0000033634  5AD0000033635  FFFF,8001



     Example 26 Deleting a Partition


     The following command deletes the partition ffff.ibp0.


       # dladm delete-part ffff.ibp0



     Example 27 Using show-link to Display Partition Information


     The following  command  uses  the  show-link  subcommand  to
     display partition information.


       # dladm show-link

       LINK        CLASS     MTU    STATE    OVER

       e1000g0     phys      1500   up       --

       e1000g1     phys      1500   unknown  --

       net0        phys      65520  down     --

       net3        phys      65520  up       --

       net2        phys      65520  up       --

       net1        phys      65520  down     --

       pffff.ibp0  part      2044   down     ibp0

       p8001.ibp2  part      65520  unknown  ibp2

     Example 28 Displaying Links in All  Zones  from  the  Global
     Zone


     The show-link command shown below displays data links in all
     zones from the global zone. Links that are not in the global
     zone are displayed with the zonename prefix followed by  the
     slash (/) separator.



     In this example, net0 is a VNIC created in the global  zone,
     zone1/net0  is  an automatically created VNIC for zone1, and
     zone2/net0 is an automatically created VNIC for zone2.


       # dladm show-link

       LINK                CLASS     MTU    STATE    OVER

       e1000g0             phys      1500   up       --

       e1000g1             phys      8170   unknown  --

       e1000g2             phys      1500   unknown  --

       e1000g3             phys      1500   unknown  --

       net0                vnic      1500   up       e1000g0

       zone1/net0          vnic      1500   up       e1000g0

       zone2/net0          vnic      1500   up       e1000g0



     Example 29 Displaying Links in the Global Zone


     The following show-link command displays data links  in  the
     global zone only.


       # dladm show-link -z global

       LINK                CLASS     MTU    STATE    OVER

       e1000g0             phys      1500   up       --

       e1000g1             phys      8170   unknown  --

       e1000g2             phys      1500   unknown  --

       e1000g3             phys      1500   unknown  --

       net0                vnic      1500   up       e1000g0



     Example 30 Displaying Links for a Specified Zone


     The following show-link command displays  data  links  in  a
     specific, non-global zone.


       # dladm show-link -z zone1

       LINK                CLASS     MTU    STATE    OVER

       zone1/net0          vnic      1500   up       e1000g0



     Example 31 Displaying Links for a Specified  Zone  from  the
     Global Zone


     The following show-link command displays,  from  the  global
     zone, data links in a specific, non-global zone.


       # dladm show-link -z zone1

       LINK                CLASS     MTU    STATE    OVER

       zone1/net0          vnic      1500   up       e1000g0



     Example 32 Displaying Links in a Non-Global Zone


     The following show-link shown below is  invoked  from  zone1
     and displays only data links for that zone.



     Note that, in show-link output, the  zone1/  prefix  is  not
     displayed.  The  prefix is not displayed because the command
     was invoked from within the zone.


       # zlogin zone1
       # dladm show-link -z zone1

       LINK                CLASS     MTU    STATE    OVER

       net0                vnic      1500   up       ?



     Example 33 Using -Z Option to Display the Current Zone


     The command below presumes the following conditions:


         o    The link net1 is currently assigned to  zoneA.  The
              entries  net1  and  zoneA/net1  represents the same
              link. The ZONE column for these two entries is  the
              same  and is the name of the zone to which the link
              is currently assigned.

         o    The link net2 is not  assigned  to  any  non-global
              zone.

         o    The link zoneB/net2 is an  automatic  VNIC  created
              for zoneB.

         o    The link zoneC/net2 is an  automatic  VNIC  created
              for zoneC.

         o    The link zoneD/net2 is an IP tunnel created  inside
              zoneD.   Unlike  for  net1,  each  entry  for  net2
              represents a different link. The  ZONE  column  for
              these entries is different.

       # dladm show-link -Z

       LINK        ZONE      CLASS     MTU    STATE    OVER

       e1000g0     global    phys      1500   up       --

       e1000g1     global    phys      1500   up       --

       net1        zoneA     vnic      1500   up       e1000g0

       zoneA/net1  zoneA     vnic      1500   up       e1000g0

       net2        global    vnic      1500   up       e1000g1

       zoneB/net2  zoneB     vnic      1500   up       e1000g1

       zoneC/net2  zoneC     vnic      1500   up       e1000g1
       zoneD/net2  zoneD     iptun     65515  up       --



     Example 34 Displaying VDP Information


     The following command displays VDP information for vnic1.


       # dladm show-ether -P vdp vnic1

       LINK    VSI     VSIID           VSI-TYPEID      VSI-STATE CMD-PENDING

       ixgbe1  vnic1   2:8:20:3:2:b    0x58/0          ASSOC     DEASSOC



     Example 35 Displaying ECP Information


     The following command displays ECP information for ixgbe1.


       # dladm show-ether -P ecp  ixgbe1

       LINK    SEQNO   ACKNO   LAST-ACK        MAX-RETRIES     TIMEOUTS

       ixgbe1  65535   25660   0               3            164



     Example 36 Setting the VSI Manager ID,  VSI  Type,  and  VSI
     Version


     The following commands set the VSI Manager ID, VSI Type, and
     VSI Version on vnic1.


       # dladm set-linkprop -p vsi-mgrid=fe80::214:4fff:fec2:67c8 vnic1

       # dladm set-linkprop -p vsi-typeid=0x64,vsi-vers=1 vnic1



     Example 37 Migrating a VLAN, Modifying its VLAN-ID


     The following command sequence shows how you migrate a  VLAN
     and modify its VLAN-ID.

       # dladm show-vlan vlan0

       LINK         VID SVID PVLAN-TYPE  FLAGS  OVER

       vlan0             100 --   --          -----  net0

       # dladm modify-vlan -l net1 -v 200 vlan0

       # dladm show-vlan vlan0

       LINK         VID SVID PVLAN-TYPE  FLAGS  OVER

       vlan0             200 --   --          -----  net1



     Example 38 Migrating Multiple VNICs


     The following command sequence shows how you migrate  multi-
     ple VNICs.


       # dladm show-vnic

       LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS

       vnic0     net0     1000   2:8:20:ec:c4:1d   random         VID:0

       vnic1     net0     1000   2:8:20:ec:c4:1e   random         VID:0

       # dladm modify-vnic -l net1 -L net0

       # dladm show-vnic

       LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS

       vnic0     net1     1000   2:8:20:ec:c4:1d   random         VID:0

       vnic1     net1     1000   2:8:20:ec:c4:1e   random         VID:0



     Example 39 Migrating a VNIC and Modifying its MAC Address


     The following command sequence shows how you migrate a  VNIC
     and modify its MAC address.


       # dladm show-vnic vnic0

       LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS

       vnic0     net0     1000   2:8:20:ec:c4:1d   random         VID:0

       # dladm modify-vnic -l net1 -m 2:8:20:00:01:02 vnic0

       # dladm show-vnic vnic0

       LINK      OVER     SPEED  MACADDRESS        MACADDRTYPE    IDS

       vnic0     net1     1000   2:8:20:0:1:2      fixed          VID:0



     Example 40 Configuring cos and ETS Bandwidth


     The following example creates a VNIC with  name  vnic1  over
     the physical link net1 and assigns to it a cos value of 3.


       # dladm create-vnic -p cos=3 -l net1 vnic1




     All packets transmitted by vnic1 will  have  a  VLAN  header
     with the priority field set to 3.



     Additionally, if the underlying physical NIC has  registered
     DCB  capability,  an ETS bandwidth can be assigned to vnic1.
     The following  commands  assume  the  LLDP  package  is  not
     installed or enabled.



     Check if the underlying NIC has  registered  DCB  capability
     using  the  ntcs link property. If the value of ntcs is non-
     zero, the underlying NIC has registered DCB capability.


       # dladm show-linkprop -p ntcs net1




     The following command assigns an ETS bandwidth of 10% of the
     link's bandwidth to vnic1.

       # dladm set-linkprop -p etsbw_lcl=10 vnic1




     Note if the maxbw link property has also been set, then  the
     traffic is limited by the maxbw value.



     With the LLDP package (service/network/lldp)  installed  and
     enabled,  the  ETS  bandwidth  configuration will follow the
     IEEE 802.1Qaz specification.



     The LLDP ETS TLV willing  property  determines  whether  the
     local or the remote's configuration is applied/used.



     The  etsbw-lcl-advice  link  property  indicates  the  value
     recommended by the remote, if available. The effective value
     of etsbw-lcl link property  will  indicate  the  actual  ETS
     bandwidth assigned to vnic1.


       # dladm show-linkprop -p etsbw-lcl-advice,etsbw-lcl vnic1




     The following command is used to advice the peer  to  assign
     10% of the link's bandwidth for vnic1.


       # dladm set-linkprop -p etsbw-rmt-advice=10 vnic1



     Example 41 Configuring an EoIB datalink


     Inspect the list of all gateways reachable from  a  specific
     IB port `ibp1'.


       # dladm show-ib ibp1

       LINK   HCAGUID        PORTGUID       PORT STATE  GWNAME    GWPORT    PKEYS

       ibp1   212800013F2F5A 212800013F2F5B 1    up     nm2gw-1   0a-eth-1  FFFF

                                          nm2gw-1   0a-eth-2

                                          nm2gw-1   0a-eth-3

                                          nm2gw-1   0a-eth-4




     Create an EoIB datalink `elink1' binding the  host  IB  port
     `ibp1'  to  the ethernet port `0a-eth-2' on the EoIB Gateway
     `nm2gw-1'.


       # dladm create-eoib -l ibp1 -g nm2gw-1 -c 0a-eth-2 elink1




     Verify that an IP interface may be created  over  the  newly
     created EoIB datalink `elink1'


       # ipadm create-ip elink1

       # ipadm create-addr -T static -a local=192.168.99.142/24 elink1/v4



       # dladm show-eoib

       LINK    GWNAME  GWPORT   GWID   FLAGS   SPEED  MACADDRESS     OVER

       elink1  nm2gw-1 0a-eth-2 1A8    aHnU--  10000  0:25:8b:60:2:3 ibp1




     If the EoIB datalink `elink1' is no longer required and  may
     be  removed,  delete any IP interfaces (or VNICs) built over
     the datalink and then delete the datalink itself  using  the
     delete-eoib subcommand.


       # ipadm delete-ip elink1

       # dladm delete-eoib elink1

       # dladm show-eoib

     Example 42 Configuring an EoIB datalink Over an IB Port That
     is Down

       # dladm show-ib -p -o state ibp2

       down



       # dladm create-eoib -l ibp2 -g nm2gw-1 -c 0a-eth-1 elink2



       # ipadm create-ip elink2



       # dladm show-link elink2

       LINK                CLASS     MTU    STATE    OVER

       elink2              eoib      1500   down     ibp2




     Now, enable the IB port for  ibp2  and  check  the  datalink
     state.


       # dladm show-ib -p -o state ibp2

       up



       # dladm show-link elink2

       LINK                CLASS     MTU    STATE    OVER

       elink2              eoib      1500   up       ibp2



     Example 43 Configuring  an  EoIB  Datalink  When  IB  Subnet
     Manager is Down

       nm2gw-2# disablesm

       Stopping partitiond-daemon. [  OK  ]

       Stopping IB Subnet Manager..-. [  OK  ]
       ib-host# sminfo

       ibwarn: [2488] _do_madrpc: recv failed: Connection timed out

       ibwarn: [2488] mad_rpc: _do_madrpc failed; dport (Lid 1)

       sminfo: iberror: failed: query



       ib-host# dladm create-eoib -l ibp2 -g nm2gw-2 -c 0a-eth-1 elink3



       ib-host# ipadm create-ip elink3



       ib-host# dladm show-link elink3

       LINK                CLASS     MTU    STATE    OVER

       elink3              eoib      1500   down     ibp2




     Now, enable the IB Subnet Manager on the Gateway  and  check
     the state of the datalink again.


       ib-host# dladm show-link elink3

       LINK                CLASS     MTU    STATE    OVER

       elink3              eoib      1500   up       ibp2



     Example 44 Displaying the  Probe  State  of  the  DLMP  Mode
     Aggregation


     The following command displays the probe state of  the  DLMP
     mode aggregation.


       # dladm show-aggr -S aggr1

       LINK       PORT   FLAGS  STATE  TARGETS        XTARGETS

       aggr1      s1     u--3   active 192.169.0.2    s0

       --         s0     u-2-   active --             s1



     Example 45 Displaying Help


     The following command illustrates the use  of  invoking  the
     help subcommand without arguments.


       # dladm help

       The following subcommands are supported:

       Bridge subcommands          : add-bridge, create-bridge,

                                     delete-bridge, modify-bridge,

                                     remove-bridge, show-bridge

       EoIB subcommands            : create-eoib, delete-eoib,

                                     show-eoib

       Etherstub subcommands       : create-etherstub, delete-etherstub,

                                     show-etherstub

       IB subcommands              : create-part, delete-part,

                                     show-ib, show-part

       IP tunnel subcommands       : create-iptun, delete-iptun,

                                     modify-iptun, show-iptun

       Link Aggregation subcommands: add-aggr, create-aggr, delete-aggr,

                                     modify-aggr, remove-aggr, show-aggr

       Link subcommands            : rename-link, reset-linkprop,

                                     set-linkprop, show-link, show-linkprop

       Secure Object subcommands   : create-secobj, delete-secobj,

                                     show-secobj

       VLAN subcommands            : create-vlan, delete-vlan, show-vlan

       VNIC subcommands            : create-vnic, delete-vnic, show-vnic

       Wifi subcommands            : connect-wifi, disconnect-wifi,

                                     scan-wifi, show-wifi

       Miscellaneous subcommands   : delete-phys, show-ether, show-phys,

       For more info, run: dladm help subcommand




     The following command illustrates the use  of  invoking  the
     help subcommand with a specific subcommand.


       # dladm help create-vnic

       usage:

                 create-vnic     [-t] -l link [-m value | auto |

                 {factory [-n slot-id]} | {random [-r prefix]} |

                 {vrrp -V vrid -A {inet | inet6}} [-v vid [-f]]

                 [-p prop=value[,...]] vnic-link



               example:

                 # dladm create-vnic -l net0 -m factory -n 2 -p mtu=1200 vnic1



     Example 46 Creating a VNIC in a Non-Global Zone


     The following example creates a VNIC v1 in non-global  zones
     zone1  and  zone2  from  the  global  zone.   zone1/net0 and
     zone2/net0 are automatically created  VNICs  for  zone1  and
     zone2 respectively.


       # dladm create-vnic -t -l net1 zone1/v1

       # dladm create-vnic -t -l net1 zone2/v1

       # dladm show-link -Z

       LINK                ZONE      CLASS     MTU    STATE    OVER

       net1                global    phys      1500   unknown  --

       net0                global    phys      1500   up      --

       zone1/net0          zone1     vnic      1500   up       net0

       zone2/net0          zone2     vnic      1500   up       net0

       zone1/v1            zone1     vnic      1500   up       net1

       zone2/v1            zone2     vnic      1500   up       net1



     Example 47 Using -m to Display a VNIC


     The following command shows how to  use  the  -m  option  to
     display a VNIC.


       # dladm show-vnic -m

       LINK    OVER      SPEED  MACADDRESSES      MACADDRTYPES     IDS



       vnic0   net5      10000  0:14:4f:fb:87:ee  fixed            VID:0



       vnic1   net5      10000  0:14:4f:87:13:7a  fixed            VID:0



                                0:14:4f:87:13:7e  fixed



                                0:14:4f:f8:7e:a   fixed



     Example 48 Enabling SR-IOV mode and creating a VF VNIC


     The following commands show how to enable  SR-IOV  mode  and
     create a VF VNIC.


       # dladm set-linkprop -p iov=on net0
       # dladm show-linkprop -p iov net0

       LINK    PROPERTY  PERM VALUE    EFFECTIVE   DEFAULT   POSSIBLE

       net0    iov       rw   auto     on          auto      auto,on,off



       # dladm create-vnic -lnet0 v1

       # dladm show-linkprop -p iov v1

       LINK    PROPERTY  PERM VALUE    EFFECTIVE   DEFAULT   POSSIBLE

       v1      iov       r-   inherit  on          inherit   inherit,on,off



     Example 49 Displaying SR-IOV information


     The following commands can be used to show additional SR-IOV
     information (continuing from the previous example).


       # dladm show-phys -V

       LINK    VFS-AVAIL   VFS-INUSE    FLAGS

       net0    30          1            -----



       # dladm show-vnic -V

       LINK    VF-ASSIGNED

       v1      ixgbevf0




     Alternatively, the above fields can specified through the -o
     option:


       # dladm show-phys -o LINK,VFS-INUSE

       LINK    VFS-INUSE

       net0    1

       # dladm show-vnic -o VF-ASSIGNED

       VF-ASSIGNED

       ixgbevf0



     Example 50 Creating a regular VNIC on a physical  link  with
     iov enabled


     The following command can be used to create a  regular  VNIC
     on a link with iov=on.


       # dladm create-vnic -lnet0 -piov=off v1




     These commands can be used to verify that the VNIC does  not
     have a VF:


       # dladm show-linkprop -p iov v1

       LINK    PROPERTY  PERM VALUE    EFFECTIVE   DEFAULT   POSSIBLE

       v1      iov       r-   off      off         inherit   inherit,on,off



       # dladm show-vnic -V

       LINK    VF-ASSIGNED

       v1      --



     Example 51 Creating a VNIC by connecting it  to  an  Elastic
     Virtual Switch (EVS)


     The following example creates a VNIC  by  connecting  to  an
     EVS.


       # dladm create-vnic -t -c HR/vport0 vnic0

       # dladm show-vnic -c

       LINK   TENANT     EVS    VPORT    OVER     MACADDRESS        IDS

       vnic0  sys-global HR     vport0   net2     2:8:20:c1:df:14   VID:100




     HR is an EVS and has a port vport0 to which  vnic0  will  be
     connected.  vnic0 will inherit all the properties of vport0.
     HR and vport0 are managed through evsadm(1M).


     Example 52 Creating IPoIB VNICs


     The  following  example  creates  IPoIB   VNIC   with   name
     ipoib_vnic0 over physical link net4 with pkey of 0xffff.


       # dladm create-vnic -l net4 -P 0xffff ipoib_vnic0




     To see the VNIC information:


       # dladm show-vnic



       LINK         OVER    SPEED  MACADDRESS        MACADDRTYPE IDS

       ipoib_vnic0  net4    32000  80:0:0:4a:fe:..   fixed       PKEY:0xFFFF



       # dladm show-vnic  -o link,macaddress



       LINK            MACADDRESS

       ipoib_vnic0     80:0:0:4a:fe:80:0:0:0:0:0:0:0:21:28:0:1:a0:a5:8e

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:
     /usr/sbin



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE  TYPEATTRIBUTE  VALUE  _  Availabilitysystem/core-os  _
     Interface StabilityCommitted



     /sbin



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE  TYPEATTRIBUTE  VALUE  _  Availabilitysystem/core-os  _
     Interface StabilityCommitted



     Note that, for both /usr/sbin and   /sbin,  the  -s  and  -i
     options   to  the show-aggr, show-link and show-vnic subcom-
     mands are Committed Obsolete.


     Note that, for both /usr/sbin  and  /sbin,  vswitching  link
     property has an interface stability of Volatile.


     Note that the  bridge-related  subcommands,  described  with
     dladm   subcommands   above,  require  installation  of  the
     pkg://solaris/network/bridging package.

See Also
     acctadm(1M),   autopush(1M),   dhcpagent(1M),    dlstat(1M),
     ifconfig(1M),    ipadm(1M),    ipsecconf(1M),   lldpadm(1M),
     ndd(1M),  netadm(1M),  netcfg(1M)pooladm(1M),   poolcfg(1M),
     psrset(1M),     vrrpadm(1M),     wpad(1M),     in.dlmpd(1M),
     zonecfg(1M),    attributes(5),    ieee802.3(5),    dlpi(7P),
     evsadm(1M)

Notes
     The preferred method of referring to an aggregation  in  the
     aggregation subcommands is by its link name. Referring to an
     aggregation by its integer key  is  supported  for  backward
     compatibility, but is not necessary. When creating an aggre-
     gation, if a key is specified instead of a  link  name,  the
     aggregation's  link  name will be automatically generated by
     dladm as aggrkey.
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3