IFCONFIG(8) System Manager's Manual IFCONFIG(8)
ifconfig - configure network interface parameters
ifconfig [-AaC] [interface] [address_family] [address [dest_address]]
The ifconfig utility is used to assign an address to a network interface
and/or configure network interface parameters. Generally speaking,
hostname.if(5) files are used at boot-time to define the network address
of each interface present on a machine; ifconfig is used at a later time
to redefine an interface's address or other operating parameters.
ifconfig displays the current configuration for a network interface when
no optional parameters are supplied. If a protocol family is specified,
ifconfig will report only the details specific to that protocol family.
If no parameters are provided, a summary of all interfaces is provided.
Only the superuser may modify the configuration of a network interface.
The following options are available:
-A Causes full interface alias information for each interface to be
-a Causes ifconfig to print information on all interfaces. The
protocol family may be specified as well. This is the default,
if no parameters are given to ifconfig.
-C Print the names of all network pseudo-devices that can be created
dynamically at runtime using ifconfig create.
The interface parameter is a string of the form ``name unit'',
for example, ``en0''. If no optional parameters are supplied,
this string can instead be just ``name''. If an interface group
of that name exists, all interfaces in the group will be shown.
Otherwise all interfaces of the same type will be displayed (for
example, ``fxp'' will display all fxp(4) interfaces).
Specifies the address family which affects interpretation of the
remaining parameters. Since an interface can receive
transmissions in differing protocols with different naming
schemes, specifying the address family is recommended. The
address or protocol families currently supported are ``inet'' and
Internet version 4 and 6 addresses take the form of a host name
present in the host name database, hosts(5); ``dot'' notation
(IPv4); colon separated (IPv6); or CIDR notation.
Specify the address of the correspondent on the other end of a
The following parameters may be set with ifconfig:
alias Establish an additional network address for this
interface. This is sometimes useful when changing
network numbers, and one wishes to accept packets
addressed to the old interface.
-alias A synonym for delete. Use of this option is discouraged
in favour of delete.
arp Enable the use of the Address Resolution Protocol (ARP)
in mapping between network level addresses and link level
addresses (default). This is currently implemented for
mapping between DARPA Internet addresses and Ethernet
-arp Disable the use of ARP.
autoconf Enable autoconfiguration. Valid for ``inet6'' only. If
autoconf is enabled router advertisements are accepted on
this interface and the kernel sends periodic router
solicitations from this interface.
-autoconf Disable autoconfiguration.
broadcast addr (inet only) Specify the address to use to represent
broadcasts to the network. The default broadcast address
is the address with a host part of all 1's.
create Create the specified network pseudo-device. At least the
following devices can be created on demand:
bridge(4), carp(4), enc(4), etherip(4), gif(4), gre(4),
lo(4), mpe(4), mpw(4), pair(4), pflog(4), pflow(4),
pfsync(4), ppp(4), pppoe(4), svlan(4), tap(4), trunk(4),
tun(4), vether(4), vlan(4), vxlan(4)
debug Enable driver-dependent debugging code; usually, this
turns on extra console error logging.
-debug Disable driver-dependent debugging code.
delete Remove the default inet address associated with the
interface, including any netmask or destination address
configured with it. An address and address family can be
given to make the deletion more specific.
Specify a description of the interface. This can be used
to label interfaces in situations where they may
otherwise be difficult to distinguish.
-description Clear the interface description.
destroy Destroy the specified network pseudo-device.
down Mark an interface ``down''. When an interface is marked
``down'', the system will not attempt to transmit
messages through that interface. If possible, the
interface will be reset to disable reception as well.
This action automatically disables routes using the
Assign the interface to a ``group''. group-name may not
be longer than 15 characters and must not end with a
digit. Any interface can be in multiple groups.
For instance, a group could be used to create a hardware
independent pf(4) ruleset (i.e. not one based on the
names of NICs) using existing (egress, carp, etc.) or
Some interfaces belong to specific groups by default:
- All interfaces are members of the all interface
- Cloned interfaces are members of their interface
family group. For example, a PPP interface such
as ppp0 is a member of the ppp interface family
- pppx(4) interfaces are members of the pppx
- The interface(s) the default route(s) point to
are members of the egress interface group.
- IEEE 802.11 wireless interfaces are members of
the wlan interface group.
- Any interfaces used for network booting are
members of the netboot interface group.
Remove the interface from the given ``group''.
hwfeatures Display the interface hardware features:
CSUM_IPv4 The device supports IPv4 checksum
CSUM_TCPv4 As above, for TCP in IPv4
CSUM_UDPv4 As above, for UDP.
VLAN_MTU The device can handle full sized
frames, plus the size of the
VLAN_HWTAGGING On transmit, the device can add the
CSUM_TCPv6 As CSUM_TCPv4, but supports IPv6
CSUM_UDPv6 As above, for UDP.
WOL The device supports Wake on LAN
hardmtu The maximum MTU supported.
-inet Remove all configured inet(4) addresses on the given
-inet6 Disable inet6(4) on the given interface and remove all
configured inet6(4) addresses, including the link-local
ones. This is the default. To turn inet6 on, use eui64,
use autoconf or assign any inet6 address.
instance minst Set the media instance to minst. This is useful for
devices which have multiple physical layer interfaces
(PHYs). Setting the instance on such devices may not be
strictly required by the network interface driver as the
driver may take care of this automatically; see the
driver's manual page for more information.
link[0-2] Enable special processing of the link level of the
interface. These three options are interface specific in
actual effect; however, they are in general used to
select special modes of operation. An example of this is
to select the connector type for some Ethernet cards.
Refer to the man page for the specific driver for more
-link[0-2] Disable special processing at the link level with the
Change the link layer address (MAC address) of the
interface. This should be specified as six colon-
separated hex values, or can be chosen randomly.
media [type] Set the media type of the interface to type. If no
argument is given, display a list of all available media.
Some interfaces support the mutually exclusive use of one
of several different physical media connectors. For
example, a 10Mb/s Ethernet interface might support the
use of either AUI or twisted pair connectors. Setting
the media type to ``10base5'' or ``AUI'' would change the
currently active connector to the AUI port. Setting it
to ``10baseT'' or ``UTP'' would activate twisted pair.
Refer to the interface's driver-specific man page for a
complete list of the available types, or use the
following command for a listing of choices:
$ ifconfig interface media
mediaopt opts Set the specified media options on the interface. opts
is a comma delimited list of options to apply to the
interface. Refer to the interface's driver-specific man
page for a complete list of available options, or use the
following command for a listing of choices:
$ ifconfig interface media
-mediaopt opts Disable the specified media options on the interface.
metric nhops Set the routing metric of the interface to nhops, default
0. The routing metric can be used by routing protocols.
Higher metrics have the effect of making a route less
mode mode If the driver for the interface supports the media
selection system, force the mode of the interface to the
given mode. For IEEE 802.11 wireless interfaces that
support multiple modes, this directive is used to select
between 802.11a (``11a''), 802.11b (``11b''), 802.11g
(``11g''), and 802.11n (``11n'') modes.
-mode Select the mode automatically. This is the default for
IEEE 802.11 wireless interfaces.
mpls Enable Multiprotocol Label Switching (MPLS) on the
interface, allowing it to send and receive MPLS traffic.
-mpls Disable MPLS on the interface.
mtu value Set the MTU for this device to the given value. Cloned
routes inherit this value as a default. For Ethernet
devices which support setting the MTU, a value greater
than 1500 enables jumbo frames. The hardmtu output from
hwfeatures shows the maximum supported MTU.
netmask mask (inet and inet6) Specify how much of the address to
reserve for subdividing networks into subnetworks. The
mask includes the network part of the local address and
the subnet part, which is taken from the host field of
the address. The mask can be specified as a single
hexadecimal number with a leading 0x, with a dot-notation
Internet address, or with a pseudo-network name listed in
the network table networks(5). The mask contains 1's for
the bit positions in the 32-bit address which are to be
used for the network and subnet parts, and 0's for the
host part. The mask should contain at least the standard
network portion, and the subnet field should be
contiguous with the network portion.
prefixlen n (inet and inet6 only) Effect is similar to netmask, but
you can specify prefix length by digits.
priority n Set the interface routing priority to n. This will
influence the default routing priority of new static
routes added to the kernel. n is in the range of 0 to 15
with smaller numbers being better.
Attach the interface to the routing domain with the
specified rdomainid. Interfaces in different routing
domains are separated and cannot directly pass traffic
between each other. It is therefore possible to reuse
the same addresses in different routing domains. If the
specified rdomain does not yet exist it will be created,
including a routing table with the same id. By default
all interfaces belong to routing domain 0.
(inet) Attach route-label to new network routes of the
specified interface. Route labels can be used to
implement policy routing; see route(4), route(8), and
-rtlabel Clear the route label.
Set the timeslot range map, which is used to control
which channels an interface device uses.
up Mark an interface ``up''. This may be used to enable an
interface after an ifconfig down. It happens
automatically when setting the first address on an
interface. If the interface was reset when previously
marked down, the hardware will be re-initialized.
wol Enable Wake on LAN (WoL). When enabled, reception of a
WoL frame will cause the network card to power up the
system from standby or suspend mode. WoL frames are sent
-wol Disable WoL. WoL is disabled at boot by the driver, if
ifconfig supports a multitude of sub-types, described in the following
- IEEE 802.11 (wireless devices)
- interface groups
- sppp(4) (PPP Link Control Protocol)
- tunnel (etherip(4), gif(4), gre(4), vxlan(4))
The following options are available for a bridge(4) interface:
Add interface as a member of the bridge. The interface is put
into promiscuous mode so that it can receive every packet sent on
the network. An interface can be a member of at most one bridge.
addr Display the addresses that have been learned by the bridge.
Add interface as a span port on the bridge.
Automatically detect the spanning tree edge port status on
interface. This is the default for interfaces added to the
Disable automatic spanning tree edge port detection on interface.
Automatically detect the point-to-point status on interface by
checking the full duplex link status. This is the default for
interfaces added to the bridge.
Disable automatic point-to-point link detection on interface.
Mark interface so that no non-IPv4, IPv6, ARP, or Reverse ARP
packets are accepted from it or forwarded to it from other bridge
Allow non-IPv4, IPv6, ARP, or Reverse ARP packets through
Remove interface from the bridge. Promiscuous mode is turned off
for the interface when it is removed from the bridge.
Delete address from the cache.
Delete interface from the list of span ports of the bridge.
Mark interface so that packets are sent out of the interface if
the destination port of the packet is unknown. If the bridge has
no address cache entry for the destination of a packet, meaning
that there is no static entry and no dynamically learned entry
for the destination, the bridge will forward the packet to all
member interfaces that have this flag set. This is the default
for interfaces added to the bridge.
Mark interface so that packets are not sent out of the interface
if the destination port of the packet is unknown. Turning this
flag off means that the bridge will not send packets out of this
interface unless the packet is a broadcast packet, multicast
packet, or a packet with a destination address found on the
interface's segment. This, in combination with static address
cache entries, prevents potentially sensitive packets from being
sent on segments that have no need to see the packet.
down Stop the bridge from forwarding packets.
Set interface as a spanning tree edge port. An edge port is a
single connection to the network and cannot create bridge loops.
This allows a straight transition to forwarding.
Disable edge port status on interface.
flush Remove all dynamically learned addresses from the cache.
Remove all addresses from the cache including static addresses.
Remove all Ethernet MAC filtering rules from interface.
Set the time (in seconds) before an interface begins forwarding
packets. Defaults to 15 seconds, minimum of 4, maximum of 30.
Set the time (in seconds) between broadcasting spanning tree
protocol configuration packets. Defaults to 2 seconds, minimum
of 1, maximum of 2. This option is only supported in STP mode
with rapid transitions disabled; see the proto command for
setting the protocol version.
Set the transmit hold count, which is the number of spanning tree
protocol packets transmitted before being rate limited. Defaults
to 6, minimum of 1, maximum of 10.
ifcost interface num
Set the spanning tree path cost of interface to num. Defaults to
55, minimum of 1, maximum of 200000000 in RSTP mode, and maximum
of 65535 in STP mode.
Automatically calculate the spanning tree priority of interface
based on the current link speed, interface status, and spanning
tree mode. This is the default for interfaces added to the
ifpriority interface num
Set the spanning tree priority of interface to num. Defaults to
128, minimum of 0, maximum of 240.
Mark interface so that the source address of packets received
from the interface are entered into the address cache. This is
the default for interfaces added to the bridge.
Mark interface so that the source address of packets received
from interface are not entered into the address cache.
link0 Setting this flag stops all IP multicast packets from being
forwarded by the bridge.
-link0 Clear the link0 flag on the bridge interface.
link1 Setting this flag stops all non-IP multicast packets from being
forwarded by the bridge.
-link1 Clear the link1 flag on the bridge interface.
link2 Setting this flag causes all packets to be passed on to ipsec(4)
for processing, based on the policies established by the
administrator using the ipsecctl(8) command and ipsec.conf(5).
If appropriate security associations (SAs) exist, they will be
used to encrypt or decrypt the packets. Otherwise, any key
management daemons such as isakmpd(8) that are running on the
bridge will be invoked to establish the necessary SAs. These
daemons have to be configured as if they were running on the host
whose traffic they are protecting (i.e. they need to have the
appropriate authentication and authorization material, such as
keys and certificates, to impersonate the protected host(s)).
-link2 Clear the link2 flag on the bridge interface.
Set the address cache size to size. The default is 100 entries.
Set the time (in seconds) that a spanning tree protocol
configuration is valid. Defaults to 20 seconds, minimum of 6,
maximum of 40.
Force the spanning tree protocol version. The available values
are rstp to operate in the default Rapid Spanning Tree (RSTP)
mode or stp to force operation in Spanning Tree (STP) mode with
rapid transitions disabled.
Set interface as a point-to-point link. This is required for
straight transitions to forwarding and should be enabled for a
full duplex link or a trunk(4) with at least two physical links
to the same network segment.
Disable point-to-point link status on interface. This should be
disabled for a half duplex link and for an interface connected to
a shared network segment, like a hub or a wireless network.
rule block|pass [in | out] on interface [src address] [dst address] [tag
Add a filtering rule to an interface. Rules have a similar
syntax to those in pf.conf(5). Rules can be used to selectively
block or pass frames based on Ethernet MAC addresses. They can
also tag packets for pf(4) to filter on. Rules are processed in
the order in which they were added to the interface, and the
first rule matched takes the action (block or pass) and, if
given, the tag of the rule. If no source or destination address
is specified, the rule will match all frames (good for creating a
Load a set of rules from the file filename.
Display the active filtering rules in use on interface.
Set the spanning priority of this bridge to num. Defaults to
32768, minimum of 0, maximum of 61440.
static interface address
Add a static entry into the address cache pointing to interface.
Static entries are never aged out of the cache or replaced, even
if the address is seen on a different interface.
Enable spanning tree protocol on interface.
Disable spanning tree protocol on interface. This is the default
for interfaces added to the bridge.
Set the timeout, in seconds, for addresses in the cache to time.
The default is 240 seconds. If time is set to zero, then entries
will not be expired.
up Start the bridge forwarding packets.
ifconfig carp-interface [advbase n] [advskew n] [balancing mode]
[carpnodes vhid:advskew,vhid:advskew,...] [carpdev iface]
[[-]carppeer peer_address] [pass passphrase] [state state]
The following options are available for a carp(4) interface:
Set the base advertisement interval to n seconds. Acceptable
values are 0 to 254; the default value is 1 second.
Skew the advertisement interval by n. Acceptable values are 0 to
254; the default value is 0.
Set the load balancing mode to mode. Valid modes are arp, ip,
ip-stealth, and ip-unicast.
Create a load balancing group consisting of up to 32 nodes. Each
node is specified as a vhid:advskew tuple in a comma separated
Attach to parent interface iface.
Send the carp advertisements to a specified point-to-point peer
or multicast group instead of sending the messages to the default
carp multicast group. The peer_address is the IP address of the
other host taking part in the carp cluster. With this option,
carp(4) traffic can be protected using ipsec(4) and it may be
desired in networks that do not allow or have problems with IPv4
Send the advertisements to the default carp multicast group.
Set the authentication key to passphrase. There is no passphrase
Explicitly force the interface to enter this state. Valid states
are init, backup, and master.
vhid n Set the virtual host ID to n. Acceptable values are 1 to 255.
Taken together, the advbase and advskew indicate how frequently, in
seconds, the host will advertise the fact that it considers itself master
of the virtual host. The formula is advbase + (advskew / 256). If the
master does not advertise within three times this interval, this host
will begin advertising as master.
IEEE 802.11 (WIRELESS DEVICES)
ifconfig wireless-interface [[-]bssid bssid] [[-]chan [n]]
[[-]nwflag flag] [[-]nwid id] [[-]nwkey key]
[[-]powersave [duration]] [scan] [[-]wpa] [wpaakms akm,akm,...]
[wpaciphers cipher,cipher,...] [wpagroupcipher cipher]
[[-]wpakey passphrase | hexkey] [wpaprotos proto,proto,...]
The following options are available for a wireless interface:
Set the desired BSSID.
-bssid Unset the desired BSSID. The interface will automatically select
a BSSID in this mode, which is the default.
Set the channel (radio frequency) to n.
With no channel specified, show the list of channels supported by
-chan Unset the desired channel. It doesn't affect the channel to be
created for IBSS or Host AP mode.
Set specified flag. The flag name can be either `hidenwid' or
`nobridge'. The `hidenwid' flag will hide the network ID (ESSID)
in beacon frames when operating in Host AP mode. It will also
prevent responses to probe requests with an unspecified network
ID. The `nobridge' flag will disable the direct bridging of
frames between associated nodes when operating in Host AP mode.
Setting this flag will block and filter direct inter-station
Note that the `hidenwid' and `nobridge' options do not provide
any security. The hidden network ID will be sent in clear text
by associating stations and can be easily discovered with tools
like tcpdump(8) and hostapd(8).
Remove specified flag.
Configure network ID. The id can either be any text string up to
32 characters in length, or a series of hexadecimal digits up to
64 digits. The empty string allows the interface to connect to
any available access points. Note that network ID is synonymous
with Extended Service Set ID (ESSID).
-nwid Set the network ID to the empty string to allow the interface to
connect to any available access point.
Enable WEP encryption using the specified key. The key can
either be a string, a series of hexadecimal digits (preceded by
`0x'), or a set of keys of the form ``n:k1,k2,k3,k4'' where `n'
specifies which of the keys will be used for transmitted packets,
and the four keys, ``k1'' through ``k4'', are configured as WEP
keys. If a set of keys is specified, a comma (`,') within the
key must be escaped with a backslash. Note that if multiple keys
are used, their order must be the same within the network.
The length of each key must be either 40 bits for 64-bit
encryption (5-character ASCII string or 10 hexadecimal digits) or
104 bits for 128-bit encryption (13-character ASCII string or 26
-nwkey Disable WEP encryption.
Enable WEP encryption using the persistent key stored in the
Write key to the persistent memory of the network card, and
enable WEP encryption using that key.
Enable 802.11 power saving mode. Optionally set the receiver
sleep duration (in milliseconds).
Disable 802.11 power saving mode.
scan Show the results of an access point scan. In Host AP mode, this
will dump the list of known nodes without scanning.
wpa Enable Wi-Fi Protected Access. WPA is a Wi-Fi Alliance protocol
based on the IEEE 802.11i standard. It was designed to enhance
the security of wireless networks. Notice that not all drivers
support WPA. Check the driver's manual page to know if this
option is supported.
-wpa Disable Wi-Fi Protected Access.
Set the comma-separated list of allowed authentication and key
The supported values are ``psk'' and ``802.1x''. psk
authentication (also known as personal mode) uses a 256-bit pre-
shared key. 802.1x authentication (also known as enterprise
mode) is used with an external IEEE 802.1X authentication server,
such as wpa_supplicant. The default value is ``psk''. ``psk''
can only be used if a pre-shared key is configured using the
Set the comma-separated list of allowed pairwise ciphers.
The supported values are ``tkip'', ``ccmp'', and ``usegroup''.
usegroup specifies that no pairwise ciphers are supported and
that only group keys should be used. The default value is
``tkip,ccmp''. If multiple pairwise ciphers are specified, the
pairwise cipher will be negotiated between the station and the
access point at association time. A station will always try to
use ccmp over tkip if both ciphers are allowed and supported by
the access point. If the selected cipher is not supported by the
hardware, software encryption will be used. Check the driver's
manual page to know which ciphers are supported in hardware.
Set the group cipher used to encrypt broadcast and multicast
The supported values are ``wep40'', ``wep104'', ``tkip'', and
``ccmp''. The default value is ``tkip''. The use of wep40 or
wep104 as the group cipher is discouraged due to weaknesses in
WEP. The wpagroupcipher option is available in Host AP mode
only. A station will always use the group cipher of the BSS.
wpakey passphrase | hexkey
Set the WPA key and enable WPA. The key can be given using
either a passphrase or a full length hex key, starting with 0x.
If a passphrase is used the nwid option must be set prior to
specifying the wpakey option, since ifconfig will hash the nwid
along with the passphrase to create the key.
Delete the pre-shared WPA key and disable WPA.
Set the comma-separated list of allowed WPA protocol versions.
The supported values are ``wpa1'' and ``wpa2''. wpa1 is based on
draft 3 of the IEEE 802.11i standard whereas wpa2 is based on the
ratified standard. The default value is ``wpa1,wpa2''. If
``wpa1,wpa2'' is specified, a station will always use the wpa2
protocol when supported by the access point.
ifconfig inet6-interface [[-]anycast] [[-]autoconfprivacy] [eui64]
[pltime n] [[-]tentative] [vltime n]
The following options are available for an ip6(4) interface:
Set the IPv6 anycast address bit.
Clear the IPv6 anycast address bit.
Enable privacy extensions for stateless IPv6 address
autoconfiguration (RFC 4941) on the interface. The purpose of
these extensions is to prevent tracking of individual devices
which connect to the IPv6 internet from different networks using
stateless autoconfiguration. The interface identifier often
remains constant and provides the lower 64 bits of an
autoconfigured IPv6 address, facilitating tracking of individual
devices (and hence, potentially, users of these devices) over
long periods of time (weeks to months to years). When these
extensions are active, random interface identifiers are used for
Autoconfigured addresses are also made temporary, which means
that they will automatically be replaced regularly. Temporary
addresses are deprecated after 24 hours. Once a temporary
address has been deprecated, a new temporary address will be
configured upon reception of a router advertisement indicating
that the prefix is still valid. Deprecated addresses will not be
used for new connections as long as a non-deprecated address
remains available. Temporary addresses become invalid after one
week, at which time they will be removed from the interface.
Address lifetime extension through router advertisements is
ignored for temporary addresses.
Disable IPv6 autoconf privacy extensions on the interface.
Currently configured addresses will not be removed until they
eui64 Fill the interface index (the lowermost 64th bit of an IPv6
Set preferred lifetime for the address.
Set the IPv6 tentative address bit.
Clear the IPv6 tentative address bit.
Set valid lifetime for the address.
ifconfig -g group-name [[-]carpdemote [number]]
The following options are available for interface groups:
Specify the group.
Increase carp(4) demote count for given interface group by
number. Acceptable values are 0 to 128. If number is omitted,
it is increased by 1. Demote count can be set up to 255.
Decrease carp(4) demote count for given interface group by
number. Acceptable values are 0 to 128. If number is omitted,
it is decreased by 1.
ifconfig mpe-interface [mplslabel mpls-label]
The following options are available for an mpe(4) interface:
Set the MPLS label to mpls-label. This value is a 20-bit number
which will be used as the MPLS header for packets entering the
ifconfig mpw-interface [[-]controlword] [encap encapsulation]
[mpwlabel local-label remote-label neighbor dest-address]
The following options are available for an mpw(4) interface:
Configure the mpw interface to use control-word.
Remove control-word configuration from the interface.
Configures the mpw encapsulation type with value encapsulation
which can be ethernet or ethernet-tagged. By default it's
assumed to be ethernet mode.
mpwlabel local-label remote-label
Set mpw local label to local-label and remote label to
remote-label. The local-label is a 20-bit number which will be
used to create a local label route to the mpw interface and the
remote-label is another 20-bit number which will be used to
create the output label header.
Sets the destination address where this mpw should output. The
dest-address is an IPv4 address that will be used to find the
nexthop in the MPLS network.
ifconfig pair-interface [[-]patch interface]
The following options are available for a pair(4) interface:
Connect the interface with a second pair(4) interface. Any
outgoing packets from the first pair-interface will be received
by the second interface, and vice versa. This makes it possible
to interconnect two routing domains locally.
-patch If configured, disconnect the interface pair.
ifconfig pflow-interface [[-]flowdst addr:port] [[-]flowsrc addr[:port]]
The following options are available for a pflow(4) interface:
Set the receiver address and the port for pflow(4) packets. Both
must be defined to export pflow data. addr is the IP address and
port is the port number of the flow collector. Pflow data will
be sent to this address/port.
Unset the receiver address and stop sending pflow data.
flowsrc addr [:port]
Set the source IP address for pflow packets. addr is the IP
address used as sender of the UDP packets and may be used to
identify the source of the data on the pflow collector.
Unset the source address.
Set the protocol version. The default is version 5.
ifconfig pfsync-interface [[-]defer] [maxupd n] [[-]syncdev iface]
The following options are available for a pfsync(4) interface:
defer Defer transmission of the first packet in a state until a peer
has acknowledged that the associated state has been inserted.
See pfsync(4) for more information.
-defer Do not defer the first packet in a state. This is the default.
Indicate the maximum number of updates for a single state which
can be collapsed into one. This is an 8-bit number; the default
value is 128.
Use the specified interface to send and receive pfsync state
Stop sending pfsync state synchronisation messages over the
Make the pfsync link point-to-point rather than using multicast
to broadcast the state synchronisation messages. The
peer_address is the IP address of the other host taking part in
the pfsync cluster. With this option, pfsync(4) traffic can be
protected using ipsec(4).
Broadcast the packets using multicast.
ifconfig pppoe-interface [authkey key] [authname name] [authproto proto]
[[-]peerflag flag] [peerkey key] [peername name]
[peerproto proto] [[-]pppoeac access-concentrator]
[pppoedev parent-interface] [[-]pppoesvc service]
pppoe(4) uses the sppp(4) "generic" SPPP framework. Any options not
described in the section immediately following are described in the SPPP
The following options are available for a pppoe(4) interface:
Set the name of the access-concentrator.
Clear a previously set access-concentrator name.
Set the name of the interface through which packets will be
transmitted and received.
Set the service name of the interface.
Clear a previously set service name.
SPPP (PPP LINK CONTROL PROTOCOL)
ifconfig sppp-interface [authkey key] [authname name] [authproto proto]
[[-]peerflag flag] [peerkey key] [peername name]
The following options are available for an sppp(4) or pppoe(4) interface:
Set the client key or password for the PPP authentication
Set the client name for the PPP authentication protocol.
Set the PPP authentication protocol on the specified interface
acting as a client. The protocol name can be either `chap',
`pap', or `none'. In the latter case, authentication will be
Set a specified PPP flag for the remote authenticator. The flag
name can be either `callin' or `norechallenge'. The `callin'
flag will require the remote peer to authenticate only when he's
calling in, but not when the peer is called by the local client.
This is required for some peers that do not implement the
authentication protocols symmetrically. The `norechallenge' flag
is only meaningful with the CHAP protocol to not re-challenge
once the initial CHAP handshake has been successful. This is
used to work around broken peer implementations that can't grok
being re-challenged once the connection is up.
Remove a specified PPP flag for the remote authenticator.
Set the authenticator key or password for the PPP authentication
Set the authenticator name for the PPP authentication protocol.
Set the PPP authentication protocol on the specified interface
acting as an authenticator. The protocol name can be either
`chap', `pap', or `none'. In the latter case, authentication
will be turned off.
ifconfig trunk-interface [[-]trunkport child-iface] [trunkproto proto]
The following options are available for a trunk(4) interface:
Add child-iface as a trunk port.
Remove the trunk port child-iface.
Set the trunk protocol. Refer to trunk(4) for a complete list of
the available protocols,
ifconfig tunnel-interface [deletetunnel src_address dest_address]
[[-]keepalive period count] [tunnel src_address dest_address]
[tunneldomain tableid] [[-]vnetid network-id]
etherip(4), gif(4), gre(4), and vxlan(4) are all tunnel interfaces. The
following options are available:
deletetunnel src_address dest_address
Remove the source and destination tunnel addresses.
keepalive period count
Enable gre(4) keepalive with a packet sent every period seconds.
A second timer is run with a timeout of count * period. If no
keepalive response is received during that time, the link is
considered down. The minimal usable count is 2 since the round-
trip time of keepalive packets needs to be accounted for.
Disable the gre(4) keepalive mechanism.
tunnel src_address dest_address[:dest_port]
Set the source and destination tunnel addresses on a tunnel
interface. Packets routed to this interface will be encapsulated
in IPv4 or IPv6, depending on the source and destination address
families. Both addresses must be of the same family. The
optional destination port can be specified for interfaces such as
vxlan(4), which further encapsulate the packets in UDP datagrams.
Use routing table tableid instead of the default table. The
tunnel does not need to terminate in the same routing domain as
the interface itself. tableid can be set to any valid routing
table ID; the corresponding routing domain is derived from this
Set the IP or multicast TTL of the tunnel packets.
Set the virtual network identifier. This is a number which is
used by tunnel protocols such as vxlan(4) to identify packets
with a virtual network. The accepted size of the number depends
on the individual tunnel protocol; it is a 24-bit number for
Clear the virtual network identifier.
ifconfig vlan-interface [vlan vlan-tag] [[-]vlandev parent-interface]
The following options are available for a vlan(4) interface:
Set the vlan tag value to vlan-tag. This value is a 12-bit
number which is used to create an 802.1Q vlan header for packets
sent from the vlan interface. This value cannot be changed once
it is set for an interface.
Associate with interface parent-interface. Packets transmitted
through the vlan interface will be diverted to the specified
interface parent-interface with 802.1Q vlan tagging. Packets
with 802.1Q tagging received by the parent interface with the
correct vlan tag will be diverted to the associated vlan pseudo-
device. The vlan interface is assigned a copy of the parent
interface's flags and the parent's Ethernet address. If vlandev
and vlan are not set at the same time, the vlan tag will be
inferred from the interface name, for instance vlan5 will be
assigned 802.1Q tag 5.
Disassociate from the parent interface. This breaks the link
between the vlan interface and its parent, clears its vlan tag,
flags, and link address, and shuts the interface down.
Assign the address of 192.168.1.10 with a network mask of 255.255.255.0
to interface fxp0:
# ifconfig fxp0 inet 192.168.1.10 netmask 255.255.255.0
Configure the xl0 interface to use 100baseTX, full duplex:
# ifconfig xl0 media 100baseTX mediaopt full-duplex
Label the em0 interface as an uplink:
# ifconfig em0 description "Uplink to Gigabit Switch 2"
Create the gif1 network interface:
# ifconfig gif1 create
Put the athn0 wireless interface into monitor mode:
# ifconfig athn0 mediaopt monitor
Messages indicating the specified interface does not exist, the requested
address is unknown, or the user is not privileged and tried to alter an
netstat(1), ifmedia(4), inet(4), intro(4), netintro(4), hostname.if(5),
hosts(5), networks(5), rc(8), tcpdump(8)
The ifconfig command appeared in 4.2BSD.
OpenBSD 5.9 January 13, 2016 OpenBSD 5.9
[Unix Hosting |
[Engineering & Automation |
Software Development |