ifconfig - Configures or displays network interface parameters
For the AF_INET address family, use the following syntax:
/usr/sbin/ifconfig interface_id [address_family]
[address[/bitmask] [dest_address]] [parameters]
For the AF_INET6 address family, use the following syntax:
/usr/sbin/ifconfig interface_id address_family [[ip6prefix]
address[/bitmask] [dest_address]] [parameters]
For displaying interface information, use the following
syntaxes: /usr/sbin/ifconfig -a [-d] [-u] [-v]
[address_family]
/usr/sbin/ifconfig -l [-d] [-u] [-v] [address_family]
/usr/sbin/ifconfig [-v] interface-id [address_family]
The ifconfig command assigns and displays an address to a
network interface, and configures network interface parameters.
Displays information about all interfaces that are configured
on a system. Displays information about interfaces
that are down only. Displays interface names only that
are configured on a system. Displays information about
interfaces that are up only. Displays verbose information
about interfaces, such as hardware addresses and IPv6
timers.
You use the ifconfig command at boot time to define the
network address of each interface. You can also use the
ifconfig command at other times to display all interfaces
that are configured on a system, to redefine the address
of an interface, or to set other operating parameters.
Note
If you want to redefine the address or the netmask of an
interface, use the SysMan Menu utility. Otherwise, any
daemons currently running will use the old address and
netmask, and will fail. The SysMan Menu utility makes the
necessary changes and restarts the network services.
The ifconfig command can modify most of the operating
parameters associated with network interfaces, including
some low-level parameters, such as the speed (10, 100, or
1000 Mb/s) and mode (half-duplex or full-duplex) parameters.
However, to set other low-level parameters, such as
the media type (AUI, BNC, UTP, or Fiber) or IEEE 802.3u
autonegotiation, you must use the lan_config command or
possibly a console firmware command. See lan_config(8)
for more information about changing these low-level parameters,
and viewing their current values.
Any user can query the status of a network interface; only
the superuser can modify the configuration of network
interfaces.
You specify an interface with the ifconfig interface_id
syntax. (See your hardware documentation for information
on obtaining an interface ID.)
If you specify only an interface_id, the ifconfig command
displays the current configuration for the specified network
interface only.
If a protocol family is specified by the address_family
parameter, ifconfig reports only the configuration details
specific to that protocol family. The following table
lists valid values for address_family:
Address Family Value
AF_INET inet
AF_INET6 inet6
When changing an interface configuration, if the address
family is not AF_INET, you must specify an address family,
which may alter the interpretation of any parameters that
follow. You must specify an address family because an
interface can receive transmissions in different protocols,
each of which may require a separate naming scheme.
The address argument is the network address of the interface
being configured. For the AF_INET address family,
the address argument is either a hostname or an Internet
address in the standard dotted-decimal notation with or
without the optional Classless Inter-Domain Routing (CIDR)
bitmask (/bitmask). If using the bitmask argument, do not
use the netmask parameter.
For the AF_INET6 address family, the address argument is
either a hostname or the 128-bit Internet Protocol Version
6 (IPv6) address, as follows:
x:x:x:x:x:x:x:x
In this format, each x is the hexadecimal value of a
16-bit piece of the address. An IPv6 address typically
consists of a 64-bit prefix followed by a 64-bit interface
identifier. See the Network Administration: Connections
manual for more information on IPv6 addresses.
The ip6prefix argument, when configuring an address on the
interface, specifies that the address argument is an IPv6
prefix and that the interface identifier is to be appended
to it to create a 128-bit IPv6 address.
The interface identifier uniquely identifies an interface
on a subnet, and is typically the interface's link-layer
address. According to RFC 2373, most prefixes are
required to have 64-bit interface identifiers. For 48-bit
MAC addresses, the interface identifier is created by
inserting the hexadecimal values of 0xFF and 0xFE in the
middle of the address and inverting the universal/local
bit (bit 7) in the resulting 64-bit address. For example,
the 48-bit MAC address 0:0:f8:23:10:f3 becomes the 64-bit
interface identifier 2:0:f8:ff:fe:23:10:f3.
The destination address (dest_address) argument specifies
the address of the correspondent on the remote end of a
point-to-point link.
Parameters [Toc] [Back]
Closes all TCP connections associated with a network
address. Use this parameter when removing aliases or
deleting network addresses. This prevents users from experiencing
a hanging connection when the network address is
deleted. Creates or modifies a set of redundant adapters
(NetRAIN). The ifconfig interface-id parameter must be a
NetRAIN virtual interface name of the form nrx, where x is
the unit number (Valid unit numbers are 0 to nr_maxdev-1.
See sys_attrs_netrain(5) for a description of nr_maxdev
and other netrain subsystem attributes. You can adjust
this limit by using dxkerneltuner or the sysconfig command).
If the NetRAIN virtual interface does not exist, it
is created. You can also specify multiple interface-id
parameters when creating a NetRAIN set. The
interface-id specified must represent adapters of
the same type connected to the same LAN segment.
You can also modify an existing NetRAIN set by
adding one interface-id at a time. The interfaceid
specified must represent an adapter of the same
type and connected to the same LAN segment as other
adapters in the NetRAIN set.
See the Network Administration: Connections manual
for complete information on configuring a NetRAIN
interface. [AF_INET only] Establishes an additional
network address for this interface. This
can be useful when changing network numbers and you
want to continue to accept packets addressed to the
old interface. This alias is in effect only until
the system is rebooted. To establish this alias
automatically each time the system is booted, edit
the inet.local file and add the ifconfig alias
entries to it.
If you do not specify a bitmask or netmask with an
alias address, the default netmask is based on the
alias address's network class.
If you are using the optional bitmask argument, do
not use the netmask argument.
This parameter has the following restrictions: You
can specify only one alias alias_address parameter
for each ifconfig command line. You cannot specify
an alias and a primary address on the same command
line. [AF_INET only] Removes the network address
specified. This can be used either if you incorrectly
specified an alias or if an alias is no
longer needed. The -alias parameter functions in
the same manner as the delete parameter. [AF_INET
only] Establishes a range of additional network
addresses for this interface. The range can be
either a comma-separated list or a hyphenated list,
and is inclusive. You can also specify the
optional CIDR bitmask (/bitmask) argument at the
end of the list. Do not use a comma-separated list
and a hyphenated list for a range. See the "Examples"
section for valid examples of the aliaslist
parameter.
If you do not specify a netmask with the alias
list, the default netmask is based on the alias
address's network class. [AF_INET only] Removes a
range of network addresses for this interface.
This can be useful when deleting network numbers
and you want to keep the primary interface address.
The alias list rules are the same as for the
aliaslist parameter. Enables the reception of all
multicast packets. Disables the reception of all
multicast packets. Enables the use of the Address
Resolution Protocol (ARP) in mapping between network-level
IPv4 addresses and link-level addresses.
This parameter is on by default. Disables the use
of the ARP. Use of this parameter is not recommended.
See arp(8) for more information. Specifies
the address to use to represent broadcasts to
the network. The default broadcast address is the
address with a host part consisting of all 1s
(ones). Note that the computation of the host part
is dependent on netmask (see the description of the
netmask parameter). Enables driver-dependent debug
code. This might turn on extra console error logging.
(See your hardware documentation for further
information.) Disables driver-dependent debug
code. Removes the network address specified. This
would be used if you incorrectly specified an
alias, or if it was no longer needed. If you have
incorrectly set an NS address having the side
effect of specifying the host portion, removing all
NS addresses will allow you to respecify the host
portion.
Note
Be careful when you use this parameter. If you
either specify the network address before the
delete parameter or specify no network address
after the delete parameter, all IPv4 and IPv6 network
addresses for the interface and IPv6 routes
are deleted. IPv4 routes are not deleted. Marks
an interface as not working (down), which keeps the
system from trying to transmit messages through
that interface. If possible, the ifconfig command
also resets the interface to disable reception of
messages. Routes that use the interface, however,
are not automatically disabled. Enables access
filtering on the interface. Reads the /etc/ifaccess.conf
file and constructs an interface access
filter based on entries in the file. Interface
access filtering provides a mechanism for detecting
and preventing IP spoofing attacks. (See CERT Advisory
CA-95:01). The source addresses of IP input
packets are checked against access filter entries;
packets receive the action associated with the
first matching entry. The following actions are
valid: permit, deny, or denylog; the final filter
entry is a default permit all. See ifaccess.conf(4)
for more information.
Use the netstat(1) command to display the current
access filters for the interface. Disables access
filtering on the interface. [AF_INET6 only] Specifies
the number of consecutive Neighbor Solicitation
messages that your system transmits while it
performs Duplicate Address Detection on a tentative
address. [AF_INET6 only] Sets the default number
of hops to be included in transmitted unicast IP
packets. [AF_INET6 only] Overrides that default
interface ID, which depends on the underlying link
type (for example, Ethernet, FDDI, and Token Ring),
and specifies id as the interface ID. For example,
if your system has the Ethernet hardware address
08-00-2b-2a-1e-d3, the following command generates
the inet6 link-local address
fe80::a00:2bff:fe2a:1ed3 for the interface:
ifconfig ln0 ipv6
On the same system, the following command generates
the inet6 interface ID abcd:1234 for the interface:
ifconfig ln0 ip6interfaceid ::abcd:1234 ipv6
[AF_INET6 only] Alters the maximum transfer unit
(MTU) for messages that your system transmits on
the link. [AF_INET6 only] Disables Neighbor
Unreachability Detection (NUD) on the interface.
[AF_INET6 only] Sets the time, in milliseconds,
that your system considers a neighbor is reachable
after your system receives a reachability confirmation
message. [AF_INET6 only] Sets the time
interval, in milliseconds, between Neighbor Solicitation
messages to a neighbor. Specifies an Internet
host willing to receive IP packets encapsulating
packets bound for a remote network. [AF_INET
only] Alters the size of the maximum transfer unit
(MTU) for messages that your system transmits. It
might be necessary to reduce the MTU size so that
bridges connecting token rings can transfer frames
without error. [AF_INET6 only] Initializes
IPv6-related data structures and assigns an IPv6
link-local address to the interface. [AF_INET6
only] Removes any IPv6 configuration associated
with the interface, including all IPv6 addresses
and IPv6 routes through the interface. This command
is equivalent to the ifconfig interface inet6
delete command. Sets the routing metric, or number
of hops, for the interface to the value of number.
The default value is 0 (zero) if number is not
specified, indicating that both hosts are on the
same network. The routing metric is used by the
routed and gated daemons, with higher metrics indicating
that the route is less favorable. [AF_INET
only] Enables the use of multiple subnets on the
interface. This is required when an IP alias
address is configured on an interface and it is in
a different subnet than the primary IP address of
the interface. [AF_INET only] Disables the use of
multiple subnets on the interface. [AF_INET
only] Specifies how much of the address to reserve
for subdividing networks into sub-networks. This
parameter can only be used with an address family
of inet. Do not use this parameter if you are
specifying the CIDR mask (/bitmask) with the
address argument, alias parameter, or aliaslist
parameter.
The mask variable includes both the network part of
the local address and the subnet part, which is
taken from the host field of the address. The mask
can be specified as a single hexadecimal number
beginning with 0x, in the standard Internet dotteddecimal
notation, or beginning with a name.
The mask contains 1s (ones) for the bit positions
in the 32-bit address that are reserved for the
network and subnet parts, and 0s (zeros) for the
bit positions that specify the host. The mask
should contain at least the standard network portion.
The default netmask is based on the address parameter's
network class. Sets two NetRAIN interface
timing parameters. The t1 parameter specifies the
time period, in seconds, that the traffic monitor
thread delays between reads of the interface counters
when the network is running normally. If
there is no change in the received byte count for
t1 seconds, the traffic monitor thread issues a
yellow alert. The recommended t1 value is 4.
The t2 parameter specifies the traffic-free time
period, in seconds, that must pass before the traffic
monitor thread declares the interface dead.
The recommended t2 value is 10 for Ethernet interfaces
and 16 for Asynchronous Transfer Mode (ATM)
LAN Emulation (LANE) interfaces.
You can specify decimal values for both the t1 and
t2 parameters (for example, 1.5 or 0.8). If you do
this, the values are validated similarly to the
nr_timeout_t and nr_timeout_o kernel attributes.
See sys_attrs_netrain(5) for more information on
minimum and maximum NetRAIN timer values.
NetRAIN uses Network Interface Failure Finder
(NIFF) to monitor the NetRAIN interfaces. See
nifftmt(7) for more information. Associates a virtual
Media Access Control (MAC) address (macaddress)
with an IP network address. You must
specify an alias address with this command. The
system sends an ARP "whohas" request containing the
physical address followed by an ARP "whohas"
request containing the virtual MAC address.
This association is in effect only until the system
is rebooted. To establish this association automatically
each time the system is booted, edit the
inet.local file and add the ifconfig physaddr
entries to it. Disassociates the virtual MAC
address (mac-address) from an IP network address.
Sets the interface into promiscuous mode. This
directs the network interface to receive all packets
off the network, rather than just those packets
directed to the host. Disables the promiscuous
mode of the interface. This is the default.
Removes one or all interfaces attached to a NetRAIN
interface. If you do not specify an interface-id,
all interfaces are removed from the NetRAIN set,
their default hardware addresses are restored, and
the UP option is cleared. The hardware address of
the NetRAIN virtual interface is set to
00:00:00:00:00:00 and its UP option is cleared.
If you specify only one interface-id and it is a
member of the NetRAIN interface (nrx), the interface
is removed from the NetRAIN set. If interface-id
is also the active interface and there are
other interfaces in the set, the active interface
is switched to another interface in the set.
If there is only one interface in the NetRAIN set,
the following two commands are equivalent: ifconfig
nrx remove ifconfig nrx remove interface-id
You can also reconfigure the NetRAIN virtual interface
by using the add command. Sets the speed at
which the token ring adapter transmits and receives
on the token ring network to value. The value can
be either 4 for a ring speed of 4Mbs or 16 for
16Mbs. The adapter speed must match the signal
speed of the token ring.
This parameter also determines the speed (regular,
fast, or gigabit Ethernet) and half- or full-duplex
mode operation on the interface when that interface
is using the twisted-pair port as follows:
Value Configuration
10 10 Mbps Ethernet half-duplex
20 10 Mbps Ethernet full-duplex
100 100 Mbps Ethernet half-duplex
200 100 Mbps Ethernet full-duplex
1000 1000 Mbps Ethernet half-duplex
2000 1000 Mbps Ethernet full-duplex
After the interface is online, you can use the
ifconfig up and down options to change the speed
value dynamically. Stop adapter transmission with
down and set the speed in the same command line.
Then specify up without a speed value to restart
the adapter. Force a NetRAIN interface to failover
to another interface in the NetRAIN set. If the
ifconfig interface-id specified is the NetRAIN virtual
interface, the next available interface in the
set becomes active. If the ifconfig interface-id
is a member of the NetRAIN set, the interface-id
specified becomes the active member. If the interface-id
specified is not operational, the switch
command has no effect. Requests the use of a
trailer link-level encapsulation when sending messages.
If a network interface supports trailers, the system
will, when possible, encapsulate outgoing messages
in a manner that minimizes the number of memory-memory
copy operations performed by the
receiver. On networks that support the Address Resolution
Protocol (see arp), this option indicates
that the system should request that other systems
use trailers when sending to this host. Similarly,
trailer encapsulations will be sent to other hosts
that have made such requests. Currently used by
Internet protocols only. Disables the use of a
trailer link-level encapsulation. This is the
default. Sets the trust group identifier for the
interface. Trust group identifiers are passed from
the kernel to the screend daemon, and indicate the
color of the interface on which a packet was
received and the color of the interface to which a
packet is intended, as indicated by the kernel
routing tables. The group can be one of the primary
colors in the visible spectrum (for example,
red, orange, yellow, green, blue, indigo, and violet).
The screend daemon can optionally use trust
group information to make packet screening decisions.
By default, the trust group identifier is unknown,
meaning any interface. Only application gateways
for firewall services use trust group identifiers.
Marks an interface as working (up). This parameter
is used automatically when setting the first
address for an interface, or can be used to enable
an interface after an ifconfig down command. If the
interface was reset when previously marked with the
parameter down (see the following section for a
description of this parameter), the hardware will
be reinitialized. Associates a virtual Media
Access Control (MAC) address (mac-address) with an
IP network address. You must specify an alias
address with this command. The system sends both
initial ARP "whohas" requests containing the virtual
MAC address.
This association is in effect only until the system
is rebooted. To establish this association automatically
each time the system is booted, edit the
inet.local file and add the ifconfig vphysaddr
entries to it.
Use the -physaddr mac-address option to remove the
virtual MAC address association.
Display options [Toc] [Back]
When you issue the ifconfig command for an interface you
might see any of the following options: The interface will
receive all multicast packets. The interface supports
broadcast packets. This is a read-only option that is set
by the driver. Driver-dependent debugging is enabled.
The interface is a loopback mode. Packets transmitted on
this interface will be looped back in the driver and not
be transmitted out on the network. The interface supports
multicast packets. This is a read-only option that is set
by the driver, does not mean that a multicast address is
configured for the interface. Multiple networks are configured
on the interface. This means that an IP alias is
in a different subnet than the primary IP address. The
interface is not using address resolution protocol (ARP).
It will neither transmit nor respond to ARP requests. The
interface does not perform checksums on transmitted or
received packets. Use this only on very reliable network
media. Trailer link-level encapsulation for transmitted
packets is disabled. The interface is actively transmitting
packets. This is a read-only option that is set by
the driver. All packets transmitted on this interface are
copied and passed to the packet filter program. The
interface is point-to-point link. This is a read-only
option that is set by the driver. The interface is in
promiscuous mode. All packets received are copied and
passed to the packet filter program. UP interface marked
DOWN due to cluster quorum loss. The interface is
reserved for use by another virtual interface. For example,
members of a NetRAIN set are reserved by the NetRAIN
virtual interface; members of a link aggregation group are
reserved by the LAG virtual interface; and interfaces that
are enabled for VLAN are reserved by the VLAN virtual
interface.
Reserved interfaces are not available for general
purpose use by the system. Therefore, the following
typical operations are not available to them: The
interface's flags (for example, up or down, and
promiscuous mode) cannot be changed. The interface
cannot be configured with IPv4 or IPv6 addresses.
The interface's characteristics (for example, mtu
and speed) cannot be changed. The interface's
physical address cannot be changed, and VMAC
addresses cannot be configured.
If you attempt to perform any of these operations
on a reserved interface, the operation will fail
and a Function not implemented error message will
be displayed.
In general, you must perform these operations on
the reserving virtual interface (for example, nr0,
lag1, and vlan222). However, NetRAIN configuration
commands may be issued even if the NetRAIN virtual
interface is itself reserved. The driver has allocated
resources for the interface, and is ready to
transmit and receive packets. This is a read-only
option that is set by the driver. It is not applicable
to loopback devices, for example, lo0. The
interface cannot hear its own transmissions. This
is a read-only option that is set by the driver.
The interface is currently in IEEE 802.1q tagging
support mode. The interface is up. This option is
turned on when an address has been configured on
the interface. The interface supports variable
Maximum Transmission Unit (MTU) sizes. The is a
read-only option that is set by the driver.
In addition, you might see NetRAIN, VLAN, and link aggregation
virtual interface relationships, if any.
To query the status of serial line interface sl0, enter: $
ifconfig sl0 sl0: options=10<POINTOPOINT> To configure the
local loopback interface, enter: # ifconfig lo0 inet
127.0.0.1 up
Only a user with superuser authority can modify the
configuration of a network interface. To configure
a ee0 interface, enter: # ifconfig ee0
212.232.32.1/22
The broadcast address is 212.232.35.255 as the
22-bit mask specifies four Class C networks. To
configure the token ring interface for a 4 Mbps
token ring with a netmask of 255.255.255.0 in CIDR
format, enter: # ifconfig tra0 130.180.4.1/24 speed
4 To stop the token ring interface and start it for
a 16 Mbps token ring, enter: # ifconfig tra0 down #
ifconfig tra0 speed 16 up To configure IPv6 on a
ee0 interface, enter: # ifconfig ee0 ipv6 up To
create a NetRAIN set nr1 with the Ethernet interfaces
ee0 and ee2 as the set members, enter: #
ifconfig nr1 add ee0,ee2
To set the IP address of this interface to
18.240.32.40, enter: # ifconfig nr1 inet
18.240.32.40
To view this set, enter: # ifconfig nr1 nr1:
options=c63<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX>
NetRAIN Attached Interfaces: ( ee0
ee2 ) Active Interface: ( ee0 ) inet 18.240.32.40
netmask ffffff00 broadcast 18.240.32.255 ipmtu 1500
To add interfaces ee1 and ee3 to this set, enter: #
ifconfig nr1 add ee1 # ifconfig nr1 add ee3
To remove the interface ee0 from the NetRAIN set
created in the previous example, enter: # ifconfig
nr1 remove ee0
To disassemble the entire NetRAIN set created in
the previous example, enter: # ifconfig nr1 remove
To add alias 132.50.40.35 with a netmask of
255.255.255.0 in CIDR format to interface tu0,
enter: # ifconfig tu0 alias 132.50.40.35/24 To add
network addresses 40 through 50, inclusive, to subnets
18.240.32, 18.240.33, 18.240.34, 18.240.35,
and 18.240.36 with a netmask of 255.255.255.0 in
CIDR format to the tu0 interface, enter: # ifconfig
tu0 aliaslist 132.240.32-36.40-50/24 To add network
addresses 40 through 50, inclusive, to subnets
18.240.32, 18.240.64, and 18.240.96 with a netmask
of 255.255.255.0 in CIDR format to the tu0 interface,
enter: # ifconfig tu0 aliaslist
132.240.32,64,96.40-50/24 To stop Ethernet interface
tu0, delete all addresses associated with the
interface, and close all TCP connections, enter: #
ifconfig tu0 down delete abort 145.92.16.1: aborting
7 tcp connection(s) To delete the alias address
145.92.16.2 on interface tu0 and close all TCP connections,
enter: # ifconfig tu0 -alias 145.92.16.2
abort 145.92.16.2: aborting 2 tcp connection(s) To
create an IPv6 address for prefix AB:CD:CE:AB,
enter: # ifconfig tu0 inet6 ip6prefix
AB:CD:CE:AB::/64
To associate MAC address aa:01:81:43:02:11 with the
alias address 145.92.16.2, enter: # ifconfig tu0
alias 145.92.16.2 physaddr aa:01:81:43:02:11 To
disassociate MAC address aa:01:81:43:02:11 from the
alias address 145.92.16.2, enter: # ifconfig tu0
-alias 145.92.16.2 -physaddr aa:01:81:43:02:11 To
display the names of the interfaces on the system
only, enter: # ifconfig -l fta0 lo0 tu0 tu1 To display
the hardware and IP address of interface tu0,
enter: # ifconfig -v tu0 tu0: options=c63<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX>
HWaddr
8:0:2b:9e:14:a2 inet 192.140.34.16 netmask ffffff00
broadcast 192.140.34.255 ipmtu 1500
Broadcast can only be used with address, alias or aliaslist parameters.
Explanation
The broadcast option was specified without an
address parameter.
Cannot set primary and alias addresses, or multiple alias addresses.
Explanation
You specified more than one alias alias_address
parameter on the same ifconfig command line or you
specified an alias and an interface-id on the same
command line.
Invalid bitmask
Explanation
The bitmask specified is not in the range of 1 to
32, inclusive.
Netmask cannot be used with bitmask.
Explanation
The netmask option was specified together with a
CIDR bitmask.
Netmask can only be used with address, alias or aliaslist parameters.
Explanation
The netmask option was specified without an address
parameter.
No such device: nrx
Explanation
You specified the switch option and no other physical
interfaces that are part of the NetRAIN set are
UP; it is impossible to switch interfaces.
Specifies the command path Interface access filtering configuration
file File to invoke local network commands
Commands: lan_config(8), netstat(1), niffconfig(8), pfconfig(8), sysconfig(8) gated(8), routed(8), screend(8)
Files: ifaccess.conf(4), inet.local(4)
Interfaces: nifftmt(7), nr(7)
System Attributes: sys_attrs_netrain(5)
Network Administration: Connections
ifconfig(8)
[ Back ] |
