ifconfig



IFCONFIG(8)                 System Manager's Manual                IFCONFIG(8)


NAME

     ifconfig - configure network interface parameters


SYNOPSIS

     ifconfig [-AaC] [interface] [address_family] [address [dest_address]]
              [parameters]


DESCRIPTION

     The ifconfig utility is used to assign an address to a network interface
     and/or configure network interface parameters.  Generally speaking,
     hostname.if(5) files are used at boot-time to define the network address
     of each interface present on a machine; ifconfig is used at a later time
     to redefine an interface's address or other operating parameters.

     ifconfig displays the current configuration for a network interface when
     no optional parameters are supplied.  If a protocol family is specified,
     ifconfig will report only the details specific to that protocol family.
     If no parameters are provided, a summary of all interfaces is provided.

     Only the superuser may modify the configuration of a network interface.

     The following options are available:

     -A      Causes full interface alias information for each interface to be
             displayed.

     -a      Causes ifconfig to print information on all interfaces.  The
             protocol family may be specified as well.  This is the default,
             if no parameters are given to ifconfig.

     -C      Print the names of all network pseudo-devices that can be created
             dynamically at runtime using ifconfig create.

     interface
             The interface parameter is a string of the form ``name unit'',
             for example, ``en0''.  If no optional parameters are supplied,
             this string can instead be just ``name''.  If an interface group
             of that name exists, all interfaces in the group will be shown.
             Otherwise all interfaces of the same type will be displayed (for
             example, ``fxp'' will display all fxp(4) interfaces).

     address_family
             Specifies the address family which affects interpretation of the
             remaining parameters.  Since an interface can receive
             transmissions in differing protocols with different naming
             schemes, specifying the address family is recommended.  The
             address or protocol families currently supported are ``inet'' and
             ``inet6''.

     address
             Internet version 4 and 6 addresses take the form of a host name
             present in the host name database, hosts(5); ``dot'' notation
             (IPv4); colon separated (IPv6); or CIDR notation.

     dest_address
             Specify the address of the correspondent on the other end of a
             point-to-point link.

     The following parameters may be set with ifconfig:

     alias           Establish an additional network address for this
                     interface.  This is sometimes useful when changing
                     network numbers, and one wishes to accept packets
                     addressed to the old interface.

     -alias          A synonym for delete.  Use of this option is discouraged
                     in favour of delete.

     arp             Enable the use of the Address Resolution Protocol (ARP)
                     in mapping between network level addresses and link level
                     addresses (default).  This is currently implemented for
                     mapping between DARPA Internet addresses and Ethernet
                     addresses.

     -arp            Disable the use of ARP.

     autoconf        Enable autoconfiguration.  Valid for ``inet6'' only.  If
                     autoconf is enabled router advertisements are accepted on
                     this interface and the kernel sends periodic router
                     solicitations from this interface.

     -autoconf       Disable autoconfiguration.

     broadcast addr  (inet only) Specify the address to use to represent
                     broadcasts to the network.  The default broadcast address
                     is the address with a host part of all 1's.

     create          Create the specified network pseudo-device.  At least the
                     following devices can be created on demand:

                     bridge(4), carp(4), enc(4), etherip(4), gif(4), gre(4),
                     lo(4), mpe(4), mpw(4), pair(4), pflog(4), pflow(4),
                     pfsync(4), ppp(4), pppoe(4), svlan(4), tap(4), trunk(4),
                     tun(4), vether(4), vlan(4), vxlan(4)

     debug           Enable driver-dependent debugging code; usually, this
                     turns on extra console error logging.

     -debug          Disable driver-dependent debugging code.

     delete          Remove the default inet address associated with the
                     interface, including any netmask or destination address
                     configured with it.  An address and address family can be
                     given to make the deletion more specific.

     description value
                     Specify a description of the interface.  This can be used
                     to label interfaces in situations where they may
                     otherwise be difficult to distinguish.

     -description    Clear the interface description.

     destroy         Destroy the specified network pseudo-device.

     down            Mark an interface ``down''.  When an interface is marked
                     ``down'', the system will not attempt to transmit
                     messages through that interface.  If possible, the
                     interface will be reset to disable reception as well.
                     This action automatically disables routes using the
                     interface.

     group group-name
                     Assign the interface to a ``group''.  group-name may not
                     be longer than 15 characters and must not end with a
                     digit.  Any interface can be in multiple groups.

                     For instance, a group could be used to create a hardware
                     independent pf(4) ruleset (i.e. not one based on the
                     names of NICs) using existing (egress, carp, etc.) or
                     user-defined groups.

                     Some interfaces belong to specific groups by default:

                     -       All interfaces are members of the all interface
                             group.
                     -       Cloned interfaces are members of their interface
                             family group.  For example, a PPP interface such
                             as ppp0 is a member of the ppp interface family
                             group.
                     -       pppx(4) interfaces are members of the pppx
                             interface group.
                     -       The interface(s) the default route(s) point to
                             are members of the egress interface group.
                     -       IEEE 802.11 wireless interfaces are members of
                             the wlan interface group.
                     -       Any interfaces used for network booting are
                             members of the netboot interface group.

     -group group-name
                     Remove the interface from the given ``group''.

     hwfeatures      Display the interface hardware features:

                           CSUM_IPv4       The device supports IPv4 checksum
                                           offload.
                           CSUM_TCPv4      As above, for TCP in IPv4
                                           datagrams.
                           CSUM_UDPv4      As above, for UDP.
                           VLAN_MTU        The device can handle full sized
                                           frames, plus the size of the
                                           vlan(4) tag.
                           VLAN_HWTAGGING  On transmit, the device can add the
                                           vlan(4) tag.
                           CSUM_TCPv6      As CSUM_TCPv4, but supports IPv6
                                           datagrams.
                           CSUM_UDPv6      As above, for UDP.
                           WOL             The device supports Wake on LAN
                                           (WoL).
                           hardmtu         The maximum MTU supported.

     -inet           Remove all configured inet(4) addresses on the given
                     interface.

     -inet6          Disable inet6(4) on the given interface and remove all
                     configured inet6(4) addresses, including the link-local
                     ones.  This is the default.  To turn inet6 on, use eui64,
                     use autoconf or assign any inet6 address.

     instance minst  Set the media instance to minst.  This is useful for
                     devices which have multiple physical layer interfaces
                     (PHYs).  Setting the instance on such devices may not be
                     strictly required by the network interface driver as the
                     driver may take care of this automatically; see the
                     driver's manual page for more information.

     link[0-2]       Enable special processing of the link level of the
                     interface.  These three options are interface specific in
                     actual effect; however, they are in general used to
                     select special modes of operation.  An example of this is
                     to select the connector type for some Ethernet cards.
                     Refer to the man page for the specific driver for more
                     information.

     -link[0-2]      Disable special processing at the link level with the
                     specified interface.

     lladdr etheraddr|random
                     Change the link layer address (MAC address) of the
                     interface.  This should be specified as six colon-
                     separated hex values, or can be chosen randomly.

     media [type]    Set the media type of the interface to type.  If no
                     argument is given, display a list of all available media.

                     Some interfaces support the mutually exclusive use of one
                     of several different physical media connectors.  For
                     example, a 10Mb/s Ethernet interface might support the
                     use of either AUI or twisted pair connectors.  Setting
                     the media type to ``10base5'' or ``AUI'' would change the
                     currently active connector to the AUI port.  Setting it
                     to ``10baseT'' or ``UTP'' would activate twisted pair.
                     Refer to the interface's driver-specific man page for a
                     complete list of the available types, or use the
                     following command for a listing of choices:

                           $ ifconfig interface media

     mediaopt opts   Set the specified media options on the interface.  opts
                     is a comma delimited list of options to apply to the
                     interface.  Refer to the interface's driver-specific man
                     page for a complete list of available options, or use the
                     following command for a listing of choices:

                           $ ifconfig interface media

     -mediaopt opts  Disable the specified media options on the interface.

     metric nhops    Set the routing metric of the interface to nhops, default
                     0.  The routing metric can be used by routing protocols.
                     Higher metrics have the effect of making a route less
                     favorable.

     mode mode       If the driver for the interface supports the media
                     selection system, force the mode of the interface to the
                     given mode.  For IEEE 802.11 wireless interfaces that
                     support multiple modes, this directive is used to select
                     between 802.11a (``11a''), 802.11b (``11b''), 802.11g
                     (``11g''), and 802.11n (``11n'') modes.

     -mode           Select the mode automatically.  This is the default for
                     IEEE 802.11 wireless interfaces.

     mpls            Enable Multiprotocol Label Switching (MPLS) on the
                     interface, allowing it to send and receive MPLS traffic.

     -mpls           Disable MPLS on the interface.

     mtu value       Set the MTU for this device to the given value.  Cloned
                     routes inherit this value as a default.  For Ethernet
                     devices which support setting the MTU, a value greater
                     than 1500 enables jumbo frames.  The hardmtu output from
                     hwfeatures shows the maximum supported MTU.

     netmask mask    (inet and inet6) Specify how much of the address to
                     reserve for subdividing networks into subnetworks.  The
                     mask includes the network part of the local address and
                     the subnet part, which is taken from the host field of
                     the address.  The mask can be specified as a single
                     hexadecimal number with a leading 0x, with a dot-notation
                     Internet address, or with a pseudo-network name listed in
                     the network table networks(5).  The mask contains 1's for
                     the bit positions in the 32-bit address which are to be
                     used for the network and subnet parts, and 0's for the
                     host part.  The mask should contain at least the standard
                     network portion, and the subnet field should be
                     contiguous with the network portion.

     prefixlen n     (inet and inet6 only) Effect is similar to netmask, but
                     you can specify prefix length by digits.

     priority n      Set the interface routing priority to n.  This will
                     influence the default routing priority of new static
                     routes added to the kernel.  n is in the range of 0 to 15
                     with smaller numbers being better.

     rdomain rdomainid
                     Attach the interface to the routing domain with the
                     specified rdomainid.  Interfaces in different routing
                     domains are separated and cannot directly pass traffic
                     between each other.  It is therefore possible to reuse
                     the same addresses in different routing domains.  If the
                     specified rdomain does not yet exist it will be created,
                     including a routing table with the same id.  By default
                     all interfaces belong to routing domain 0.

     rtlabel route-label
                     (inet) Attach route-label to new network routes of the
                     specified interface.  Route labels can be used to
                     implement policy routing; see route(4), route(8), and
                     pf.conf(5).

     -rtlabel        Clear the route label.

     timeslot timeslot_range
                     Set the timeslot range map, which is used to control
                     which channels an interface device uses.

     up              Mark an interface ``up''.  This may be used to enable an
                     interface after an ifconfig down.  It happens
                     automatically when setting the first address on an
                     interface.  If the interface was reset when previously
                     marked down, the hardware will be re-initialized.

     wol             Enable Wake on LAN (WoL).  When enabled, reception of a
                     WoL frame will cause the network card to power up the
                     system from standby or suspend mode.  WoL frames are sent
                     using arp(8).

     -wol            Disable WoL.  WoL is disabled at boot by the driver, if
                     possible.

     ifconfig supports a multitude of sub-types, described in the following
     sections:

           -   bridge(4)
           -   carp(4)
           -   IEEE 802.11 (wireless devices)
           -   inet6(4)
           -   interface groups
           -   mpe(4)
           -   mpw(4)
           -   pair(4)
           -   pflow(4)
           -   pfsync(4)
           -   pppoe(4)
           -   sppp(4) (PPP Link Control Protocol)
           -   trunk(4)
           -   tunnel (etherip(4), gif(4), gre(4), vxlan(4))
           -   vlan(4)


BRIDGE

     The following options are available for a bridge(4) interface:

     add interface
             Add interface as a member of the bridge.  The interface is put
             into promiscuous mode so that it can receive every packet sent on
             the network.  An interface can be a member of at most one bridge.

     addr    Display the addresses that have been learned by the bridge.

     addspan interface
             Add interface as a span port on the bridge.

     autoedge interface
             Automatically detect the spanning tree edge port status on
             interface.  This is the default for interfaces added to the
             bridge.

     -autoedge interface
             Disable automatic spanning tree edge port detection on interface.

     autoptp interface
             Automatically detect the point-to-point status on interface by
             checking the full duplex link status.  This is the default for
             interfaces added to the bridge.

     -autoptp interface
             Disable automatic point-to-point link detection on interface.

     blocknonip interface
             Mark interface so that no non-IPv4, IPv6, ARP, or Reverse ARP
             packets are accepted from it or forwarded to it from other bridge
             member interfaces.

     -blocknonip interface
             Allow non-IPv4, IPv6, ARP, or Reverse ARP packets through
             interface.

     del interface
             Remove interface from the bridge.  Promiscuous mode is turned off
             for the interface when it is removed from the bridge.

     deladdr address
             Delete address from the cache.

     delspan interface
             Delete interface from the list of span ports of the bridge.

     discover interface
             Mark interface so that packets are sent out of the interface if
             the destination port of the packet is unknown.  If the bridge has
             no address cache entry for the destination of a packet, meaning
             that there is no static entry and no dynamically learned entry
             for the destination, the bridge will forward the packet to all
             member interfaces that have this flag set.  This is the default
             for interfaces added to the bridge.

     -discover interface
             Mark interface so that packets are not sent out of the interface
             if the destination port of the packet is unknown.  Turning this
             flag off means that the bridge will not send packets out of this
             interface unless the packet is a broadcast packet, multicast
             packet, or a packet with a destination address found on the
             interface's segment.  This, in combination with static address
             cache entries, prevents potentially sensitive packets from being
             sent on segments that have no need to see the packet.

     down    Stop the bridge from forwarding packets.

     edge interface
             Set interface as a spanning tree edge port.  An edge port is a
             single connection to the network and cannot create bridge loops.
             This allows a straight transition to forwarding.

     -edge interface
             Disable edge port status on interface.

     flush   Remove all dynamically learned addresses from the cache.

     flushall
             Remove all addresses from the cache including static addresses.

     flushrule interface
             Remove all Ethernet MAC filtering rules from interface.

     fwddelay time
             Set the time (in seconds) before an interface begins forwarding
             packets.  Defaults to 15 seconds, minimum of 4, maximum of 30.

     hellotime time
             Set the time (in seconds) between broadcasting spanning tree
             protocol configuration packets.  Defaults to 2 seconds, minimum
             of 1, maximum of 2.  This option is only supported in STP mode
             with rapid transitions disabled; see the proto command for
             setting the protocol version.

     holdcnt time
             Set the transmit hold count, which is the number of spanning tree
             protocol packets transmitted before being rate limited.  Defaults
             to 6, minimum of 1, maximum of 10.

     ifcost interface num
             Set the spanning tree path cost of interface to num.  Defaults to
             55, minimum of 1, maximum of 200000000 in RSTP mode, and maximum
             of 65535 in STP mode.

     -ifcost interface
             Automatically calculate the spanning tree priority of interface
             based on the current link speed, interface status, and spanning
             tree mode.  This is the default for interfaces added to the
             bridge.

     ifpriority interface num
             Set the spanning tree priority of interface to num.  Defaults to
             128, minimum of 0, maximum of 240.

     learn interface
             Mark interface so that the source address of packets received
             from the interface are entered into the address cache.  This is
             the default for interfaces added to the bridge.

     -learn interface
             Mark interface so that the source address of packets received
             from interface are not entered into the address cache.

     link0   Setting this flag stops all IP multicast packets from being
             forwarded by the bridge.

     -link0  Clear the link0 flag on the bridge interface.

     link1   Setting this flag stops all non-IP multicast packets from being
             forwarded by the bridge.

     -link1  Clear the link1 flag on the bridge interface.

     link2   Setting this flag causes all packets to be passed on to ipsec(4)
             for processing, based on the policies established by the
             administrator using the ipsecctl(8) command and ipsec.conf(5).
             If appropriate security associations (SAs) exist, they will be
             used to encrypt or decrypt the packets.  Otherwise, any key
             management daemons such as isakmpd(8) that are running on the
             bridge will be invoked to establish the necessary SAs.  These
             daemons have to be configured as if they were running on the host
             whose traffic they are protecting (i.e. they need to have the
             appropriate authentication and authorization material, such as
             keys and certificates, to impersonate the protected host(s)).

     -link2  Clear the link2 flag on the bridge interface.

     maxaddr size
             Set the address cache size to size.  The default is 100 entries.

     maxage time
             Set the time (in seconds) that a spanning tree protocol
             configuration is valid.  Defaults to 20 seconds, minimum of 6,
             maximum of 40.

     proto value
             Force the spanning tree protocol version.  The available values
             are rstp to operate in the default Rapid Spanning Tree (RSTP)
             mode or stp to force operation in Spanning Tree (STP) mode with
             rapid transitions disabled.

     ptp interface
             Set interface as a point-to-point link.  This is required for
             straight transitions to forwarding and should be enabled for a
             full duplex link or a trunk(4) with at least two physical links
             to the same network segment.

     -ptp interface
             Disable point-to-point link status on interface.  This should be
             disabled for a half duplex link and for an interface connected to
             a shared network segment, like a hub or a wireless network.

     rule block|pass [in | out] on interface [src address] [dst address] [tag
             tagname]
             Add a filtering rule to an interface.  Rules have a similar
             syntax to those in pf.conf(5).  Rules can be used to selectively
             block or pass frames based on Ethernet MAC addresses.  They can
             also tag packets for pf(4) to filter on.  Rules are processed in
             the order in which they were added to the interface, and the
             first rule matched takes the action (block or pass) and, if
             given, the tag of the rule.  If no source or destination address
             is specified, the rule will match all frames (good for creating a
             catchall policy).

     rulefile filename
             Load a set of rules from the file filename.

     rules interface
             Display the active filtering rules in use on interface.

     spanpriority num
             Set the spanning priority of this bridge to num.  Defaults to
             32768, minimum of 0, maximum of 61440.

     static interface address
             Add a static entry into the address cache pointing to interface.
             Static entries are never aged out of the cache or replaced, even
             if the address is seen on a different interface.

     stp interface
             Enable spanning tree protocol on interface.

     -stp interface
             Disable spanning tree protocol on interface.  This is the default
             for interfaces added to the bridge.

     timeout time
             Set the timeout, in seconds, for addresses in the cache to time.
             The default is 240 seconds.  If time is set to zero, then entries
             will not be expired.

     up      Start the bridge forwarding packets.


CARP

     ifconfig carp-interface [advbase n] [advskew n] [balancing mode]
              [carpnodes vhid:advskew,vhid:advskew,...] [carpdev iface]
              [[-]carppeer peer_address] [pass passphrase] [state state]
              [vhid host-id]

     The following options are available for a carp(4) interface:

     advbase n
             Set the base advertisement interval to n seconds.  Acceptable
             values are 0 to 254; the default value is 1 second.

     advskew n
             Skew the advertisement interval by n.  Acceptable values are 0 to
             254; the default value is 0.

     balancing mode
             Set the load balancing mode to mode.  Valid modes are arp, ip,
             ip-stealth, and ip-unicast.

     carpnodes vhid:advskew,vhid:advskew,...
             Create a load balancing group consisting of up to 32 nodes.  Each
             node is specified as a vhid:advskew tuple in a comma separated
             list.

     carpdev iface
             Attach to parent interface iface.

     carppeer peer_address
             Send the carp advertisements to a specified point-to-point peer
             or multicast group instead of sending the messages to the default
             carp multicast group.  The peer_address is the IP address of the
             other host taking part in the carp cluster.  With this option,
             carp(4) traffic can be protected using ipsec(4) and it may be
             desired in networks that do not allow or have problems with IPv4
             multicast traffic.

     -carppeer
             Send the advertisements to the default carp multicast group.

     pass passphrase
             Set the authentication key to passphrase.  There is no passphrase
             by default.

     state state
             Explicitly force the interface to enter this state.  Valid states
             are init, backup, and master.

     vhid n  Set the virtual host ID to n.  Acceptable values are 1 to 255.

     Taken together, the advbase and advskew indicate how frequently, in
     seconds, the host will advertise the fact that it considers itself master
     of the virtual host.  The formula is advbase + (advskew / 256).  If the
     master does not advertise within three times this interval, this host
     will begin advertising as master.


IEEE 802.11 (WIRELESS DEVICES)

     ifconfig wireless-interface [[-]bssid bssid] [[-]chan [n]]
              [[-]nwflag flag] [[-]nwid id] [[-]nwkey key]
              [[-]powersave [duration]] [scan] [[-]wpa] [wpaakms akm,akm,...]
              [wpaciphers cipher,cipher,...] [wpagroupcipher cipher]
              [[-]wpakey passphrase | hexkey] [wpaprotos proto,proto,...]

     The following options are available for a wireless interface:

     bssid bssid
             Set the desired BSSID.

     -bssid  Unset the desired BSSID.  The interface will automatically select
             a BSSID in this mode, which is the default.

     chan [n]
             Set the channel (radio frequency) to n.

             With no channel specified, show the list of channels supported by
             the device.

     -chan   Unset the desired channel.  It doesn't affect the channel to be
             created for IBSS or Host AP mode.

     nwflag flag
             Set specified flag.  The flag name can be either `hidenwid' or
             `nobridge'.  The `hidenwid' flag will hide the network ID (ESSID)
             in beacon frames when operating in Host AP mode.  It will also
             prevent responses to probe requests with an unspecified network
             ID.  The `nobridge' flag will disable the direct bridging of
             frames between associated nodes when operating in Host AP mode.
             Setting this flag will block and filter direct inter-station
             communications.

             Note that the `hidenwid' and `nobridge' options do not provide
             any security.  The hidden network ID will be sent in clear text
             by associating stations and can be easily discovered with tools
             like tcpdump(8) and hostapd(8).

     -nwflag flag
             Remove specified flag.

     nwid id
             Configure network ID.  The id can either be any text string up to
             32 characters in length, or a series of hexadecimal digits up to
             64 digits.  The empty string allows the interface to connect to
             any available access points.  Note that network ID is synonymous
             with Extended Service Set ID (ESSID).

     -nwid   Set the network ID to the empty string to allow the interface to
             connect to any available access point.

     nwkey key
             Enable WEP encryption using the specified key.  The key can
             either be a string, a series of hexadecimal digits (preceded by
             `0x'), or a set of keys of the form ``n:k1,k2,k3,k4'' where `n'
             specifies which of the keys will be used for transmitted packets,
             and the four keys, ``k1'' through ``k4'', are configured as WEP
             keys.  If a set of keys is specified, a comma (`,') within the
             key must be escaped with a backslash.  Note that if multiple keys
             are used, their order must be the same within the network.

             The length of each key must be either 40 bits for 64-bit
             encryption (5-character ASCII string or 10 hexadecimal digits) or
             104 bits for 128-bit encryption (13-character ASCII string or 26
             hexadecimal digits).

     -nwkey  Disable WEP encryption.

     nwkey persist
             Enable WEP encryption using the persistent key stored in the
             network card.

     nwkey persist:key
             Write key to the persistent memory of the network card, and
             enable WEP encryption using that key.

     powersave [duration]
             Enable 802.11 power saving mode.  Optionally set the receiver
             sleep duration (in milliseconds).

     -powersave
             Disable 802.11 power saving mode.

     scan    Show the results of an access point scan.  In Host AP mode, this
             will dump the list of known nodes without scanning.

     wpa     Enable Wi-Fi Protected Access.  WPA is a Wi-Fi Alliance protocol
             based on the IEEE 802.11i standard.  It was designed to enhance
             the security of wireless networks.  Notice that not all drivers
             support WPA.  Check the driver's manual page to know if this
             option is supported.

     -wpa    Disable Wi-Fi Protected Access.

     wpaakms akm,akm,...
             Set the comma-separated list of allowed authentication and key
             management protocols.

             The supported values are ``psk'' and ``802.1x''.  psk
             authentication (also known as personal mode) uses a 256-bit pre-
             shared key.  802.1x authentication (also known as enterprise
             mode) is used with an external IEEE 802.1X authentication server,
             such as wpa_supplicant.  The default value is ``psk''.  ``psk''
             can only be used if a pre-shared key is configured using the
             wpakey option.

     wpaciphers cipher,cipher,...
             Set the comma-separated list of allowed pairwise ciphers.

             The supported values are ``tkip'', ``ccmp'', and ``usegroup''.
             usegroup specifies that no pairwise ciphers are supported and
             that only group keys should be used.  The default value is
             ``tkip,ccmp''.  If multiple pairwise ciphers are specified, the
             pairwise cipher will be negotiated between the station and the
             access point at association time.  A station will always try to
             use ccmp over tkip if both ciphers are allowed and supported by
             the access point.  If the selected cipher is not supported by the
             hardware, software encryption will be used.  Check the driver's
             manual page to know which ciphers are supported in hardware.

     wpagroupcipher cipher
             Set the group cipher used to encrypt broadcast and multicast
             traffic.

             The supported values are ``wep40'', ``wep104'', ``tkip'', and
             ``ccmp''.  The default value is ``tkip''.  The use of wep40 or
             wep104 as the group cipher is discouraged due to weaknesses in
             WEP.  The wpagroupcipher option is available in Host AP mode
             only.  A station will always use the group cipher of the BSS.

     wpakey passphrase | hexkey
             Set the WPA key and enable WPA.  The key can be given using
             either a passphrase or a full length hex key, starting with 0x.
             If a passphrase is used the nwid option must be set prior to
             specifying the wpakey option, since ifconfig will hash the nwid
             along with the passphrase to create the key.

     -wpakey
             Delete the pre-shared WPA key and disable WPA.

     wpaprotos proto,proto,...
             Set the comma-separated list of allowed WPA protocol versions.

             The supported values are ``wpa1'' and ``wpa2''.  wpa1 is based on
             draft 3 of the IEEE 802.11i standard whereas wpa2 is based on the
             ratified standard.  The default value is ``wpa1,wpa2''.  If
             ``wpa1,wpa2'' is specified, a station will always use the wpa2
             protocol when supported by the access point.


INET6

     ifconfig inet6-interface [[-]anycast] [[-]autoconfprivacy] [eui64]
              [pltime n] [[-]tentative] [vltime n]

     The following options are available for an ip6(4) interface:

     anycast
             Set the IPv6 anycast address bit.

     -anycast
             Clear the IPv6 anycast address bit.

     autoconfprivacy
             Enable privacy extensions for stateless IPv6 address
             autoconfiguration (RFC 4941) on the interface.  The purpose of
             these extensions is to prevent tracking of individual devices
             which connect to the IPv6 internet from different networks using
             stateless autoconfiguration.  The interface identifier often
             remains constant and provides the lower 64 bits of an
             autoconfigured IPv6 address, facilitating tracking of individual
             devices (and hence, potentially, users of these devices) over
             long periods of time (weeks to months to years).  When these
             extensions are active, random interface identifiers are used for
             autoconfigured addresses.

             Autoconfigured addresses are also made temporary, which means
             that they will automatically be replaced regularly.  Temporary
             addresses are deprecated after 24 hours.  Once a temporary
             address has been deprecated, a new temporary address will be
             configured upon reception of a router advertisement indicating
             that the prefix is still valid.  Deprecated addresses will not be
             used for new connections as long as a non-deprecated address
             remains available.  Temporary addresses become invalid after one
             week, at which time they will be removed from the interface.
             Address lifetime extension through router advertisements is
             ignored for temporary addresses.

     -autoconfprivacy
             Disable IPv6 autoconf privacy extensions on the interface.
             Currently configured addresses will not be removed until they
             become invalid.

     eui64   Fill the interface index (the lowermost 64th bit of an IPv6
             address) automatically.

     pltime n
             Set preferred lifetime for the address.

     tentative
             Set the IPv6 tentative address bit.

     -tentative
             Clear the IPv6 tentative address bit.

     vltime n
             Set valid lifetime for the address.


INTERFACE GROUPS

     ifconfig -g group-name [[-]carpdemote [number]]

     The following options are available for interface groups:

     -g group-name
             Specify the group.

     carpdemote [number]
             Increase carp(4) demote count for given interface group by
             number.  Acceptable values are 0 to 128.  If number is omitted,
             it is increased by 1.  Demote count can be set up to 255.

     -carpdemote [number]
             Decrease carp(4) demote count for given interface group by
             number.  Acceptable values are 0 to 128.  If number is omitted,
             it is decreased by 1.


MPE

     ifconfig mpe-interface [mplslabel mpls-label]

     The following options are available for an mpe(4) interface:

     mplslabel mpls-label
             Set the MPLS label to mpls-label.  This value is a 20-bit number
             which will be used as the MPLS header for packets entering the
             MPLS domain.


MPW

     ifconfig mpw-interface [[-]controlword] [encap encapsulation]
              [mpwlabel local-label remote-label neighbor dest-address]

     The following options are available for an mpw(4) interface:

     controlword
             Configure the mpw interface to use control-word.

     -controlword
             Remove control-word configuration from the interface.

     encap encapsulation
             Configures the mpw encapsulation type with value encapsulation
             which can be ethernet or ethernet-tagged.  By default it's
             assumed to be ethernet mode.

     mpwlabel local-label remote-label
             Set mpw local label to local-label and remote label to
             remote-label.  The local-label is a 20-bit number which will be
             used to create a local label route to the mpw interface and the
             remote-label is another 20-bit number which will be used to
             create the output label header.

     neighbor dest-address
             Sets the destination address where this mpw should output.  The
             dest-address is an IPv4 address that will be used to find the
             nexthop in the MPLS network.


PAIR

     ifconfig pair-interface [[-]patch interface]

     The following options are available for a pair(4) interface:

     patch interface
             Connect the interface with a second pair(4) interface.  Any
             outgoing packets from the first pair-interface will be received
             by the second interface, and vice versa.  This makes it possible
             to interconnect two routing domains locally.

     -patch  If configured, disconnect the interface pair.


PFLOW

     ifconfig pflow-interface [[-]flowdst addr:port] [[-]flowsrc addr[:port]]
              [pflowproto n]

     The following options are available for a pflow(4) interface:

     flowdst addr:port
             Set the receiver address and the port for pflow(4) packets.  Both
             must be defined to export pflow data.  addr is the IP address and
             port is the port number of the flow collector.  Pflow data will
             be sent to this address/port.

     -flowdst
             Unset the receiver address and stop sending pflow data.

     flowsrc addr [:port]
             Set the source IP address for pflow packets.  addr is the IP
             address used as sender of the UDP packets and may be used to
             identify the source of the data on the pflow collector.

     -flowsrc
             Unset the source address.

     pflowproto n
             Set the protocol version.  The default is version 5.


PFSYNC

     ifconfig pfsync-interface [[-]defer] [maxupd n] [[-]syncdev iface]
              [[-]syncpeer peer_address]

     The following options are available for a pfsync(4) interface:

     defer   Defer transmission of the first packet in a state until a peer
             has acknowledged that the associated state has been inserted.
             See pfsync(4) for more information.

     -defer  Do not defer the first packet in a state.  This is the default.

     maxupd n
             Indicate the maximum number of updates for a single state which
             can be collapsed into one.  This is an 8-bit number; the default
             value is 128.

     syncdev iface
             Use the specified interface to send and receive pfsync state
             synchronisation messages.

     -syncdev
             Stop sending pfsync state synchronisation messages over the
             network.

     syncpeer peer_address
             Make the pfsync link point-to-point rather than using multicast
             to broadcast the state synchronisation messages.  The
             peer_address is the IP address of the other host taking part in
             the pfsync cluster.  With this option, pfsync(4) traffic can be
             protected using ipsec(4).

     -syncpeer
             Broadcast the packets using multicast.


PPPOE

     ifconfig pppoe-interface [authkey key] [authname name] [authproto proto]
              [[-]peerflag flag] [peerkey key] [peername name]
              [peerproto proto] [[-]pppoeac access-concentrator]
              [pppoedev parent-interface] [[-]pppoesvc service]

     pppoe(4) uses the sppp(4) "generic" SPPP framework.  Any options not
     described in the section immediately following are described in the SPPP
     section, below.

     The following options are available for a pppoe(4) interface:

     pppoeac access-concentrator
             Set the name of the access-concentrator.

     -pppoeac
             Clear a previously set access-concentrator name.

     pppoedev parent-interface
             Set the name of the interface through which packets will be
             transmitted and received.

     pppoesvc service
             Set the service name of the interface.

     -pppoesvc
             Clear a previously set service name.


SPPP (PPP LINK CONTROL PROTOCOL)

     ifconfig sppp-interface [authkey key] [authname name] [authproto proto]
              [[-]peerflag flag] [peerkey key] [peername name]
              [peerproto proto]

     The following options are available for an sppp(4) or pppoe(4) interface:

     authkey key
             Set the client key or password for the PPP authentication
             protocol.

     authname name
             Set the client name for the PPP authentication protocol.

     authproto proto
             Set the PPP authentication protocol on the specified interface
             acting as a client.  The protocol name can be either `chap',
             `pap', or `none'.  In the latter case, authentication will be
             turned off.

     peerflag flag
             Set a specified PPP flag for the remote authenticator.  The flag
             name can be either `callin' or `norechallenge'.  The `callin'
             flag will require the remote peer to authenticate only when he's
             calling in, but not when the peer is called by the local client.
             This is required for some peers that do not implement the
             authentication protocols symmetrically.  The `norechallenge' flag
             is only meaningful with the CHAP protocol to not re-challenge
             once the initial CHAP handshake has been successful.  This is
             used to work around broken peer implementations that can't grok
             being re-challenged once the connection is up.

     -peerflag flag
             Remove a specified PPP flag for the remote authenticator.

     peerkey key
             Set the authenticator key or password for the PPP authentication
             protocol.

     peername name
             Set the authenticator name for the PPP authentication protocol.

     peerproto proto
             Set the PPP authentication protocol on the specified interface
             acting as an authenticator.  The protocol name can be either
             `chap', `pap', or `none'.  In the latter case, authentication
             will be turned off.


TRUNK

     ifconfig trunk-interface [[-]trunkport child-iface] [trunkproto proto]

     The following options are available for a trunk(4) interface:

     trunkport child-iface
             Add child-iface as a trunk port.

     -trunkport child-iface
             Remove the trunk port child-iface.

     trunkproto proto
             Set the trunk protocol.  Refer to trunk(4) for a complete list of
             the available protocols,


TUNNEL

     ifconfig tunnel-interface [deletetunnel src_address dest_address]
              [[-]keepalive period count] [tunnel src_address dest_address]
              [tunneldomain tableid] [[-]vnetid network-id]

     etherip(4), gif(4), gre(4), and vxlan(4) are all tunnel interfaces.  The
     following options are available:

     deletetunnel src_address dest_address
             Remove the source and destination tunnel addresses.

     keepalive period count
             Enable gre(4) keepalive with a packet sent every period seconds.
             A second timer is run with a timeout of count * period.  If no
             keepalive response is received during that time, the link is
             considered down.  The minimal usable count is 2 since the round-
             trip time of keepalive packets needs to be accounted for.

     -keepalive
             Disable the gre(4) keepalive mechanism.

     tunnel src_address dest_address[:dest_port]
             Set the source and destination tunnel addresses on a tunnel
             interface.  Packets routed to this interface will be encapsulated
             in IPv4 or IPv6, depending on the source and destination address
             families.  Both addresses must be of the same family.  The
             optional destination port can be specified for interfaces such as
             vxlan(4), which further encapsulate the packets in UDP datagrams.

     tunneldomain tableid
             Use routing table tableid instead of the default table.  The
             tunnel does not need to terminate in the same routing domain as
             the interface itself.  tableid can be set to any valid routing
             table ID; the corresponding routing domain is derived from this
             table.

     tunnelttl ttl
             Set the IP or multicast TTL of the tunnel packets.

     vnetid network-id
             Set the virtual network identifier.  This is a number which is
             used by tunnel protocols such as vxlan(4) to identify packets
             with a virtual network.  The accepted size of the number depends
             on the individual tunnel protocol; it is a 24-bit number for
             vxlan(4).

     -vnetid
             Clear the virtual network identifier.


VLAN

     ifconfig vlan-interface [vlan vlan-tag] [[-]vlandev parent-interface]

     The following options are available for a vlan(4) interface:

     vlan vlan-tag
             Set the vlan tag value to vlan-tag.  This value is a 12-bit
             number which is used to create an 802.1Q vlan header for packets
             sent from the vlan interface.  This value cannot be changed once
             it is set for an interface.

     vlandev parent-interface
             Associate with interface parent-interface.  Packets transmitted
             through the vlan interface will be diverted to the specified
             interface parent-interface with 802.1Q vlan tagging.  Packets
             with 802.1Q tagging received by the parent interface with the
             correct vlan tag will be diverted to the associated vlan pseudo-
             device.  The vlan interface is assigned a copy of the parent
             interface's flags and the parent's Ethernet address.  If vlandev
             and vlan are not set at the same time, the vlan tag will be
             inferred from the interface name, for instance vlan5 will be
             assigned 802.1Q tag 5.

     -vlandev
             Disassociate from the parent interface.  This breaks the link
             between the vlan interface and its parent, clears its vlan tag,
             flags, and link address, and shuts the interface down.


EXAMPLES

     Assign the address of 192.168.1.10 with a network mask of 255.255.255.0
     to interface fxp0:

           # ifconfig fxp0 inet 192.168.1.10 netmask 255.255.255.0

     Configure the xl0 interface to use 100baseTX, full duplex:

           # ifconfig xl0 media 100baseTX mediaopt full-duplex

     Label the em0 interface as an uplink:

           # ifconfig em0 description "Uplink to Gigabit Switch 2"

     Create the gif1 network interface:

           # ifconfig gif1 create

     Put the athn0 wireless interface into monitor mode:

           # ifconfig athn0 mediaopt monitor


DIAGNOSTICS

     Messages indicating the specified interface does not exist, the requested
     address is unknown, or the user is not privileged and tried to alter an
     interface's configuration.


SEE ALSO

     netstat(1), ifmedia(4), inet(4), intro(4), netintro(4), hostname.if(5),
     hosts(5), networks(5), rc(8), tcpdump(8)


HISTORY

     The ifconfig command appeared in 4.2BSD.

OpenBSD 5.9                    January 13, 2016                    OpenBSD 5.9

[Unix Hosting | Open-Source | Contact Us]
[Engineering & Automation | Software Development | Server Applications]