Man page of ifconfig
Section: Maintenance Commands (8)
Return to Main Contents
ifconfig - Configures or displays network interface parameters
/usr/sbin/ifconfig interface_id [address_family]
[address[/bitmask] [dest_address]] [parameters]
The ifconfig command
assigns and displays an address to a network interface, and
configures network interface parameters.
Displays information about all interfaces that are configured on a
You use the ifconfig command at boot time to define the network address
of each interface. You can also use the ifconfig command at other times
to display all interfaces that are configured on a system, to redefine the
address of an interface, or to set other operating parameters.
If you want to redefine the interface address or the netmask, use the
netsetup command. Otherwise, any daemons currently running will use the
old address and netmask, and will fail. The netsetup command makes
the necessary changes and restarts the network services.
Any user can query the status of a network interface; only the
superuser can modify the configuration network interfaces.
You specify an interface with the ifconfig interface_id
syntax. (See your hardware documentation for information on obtaining
an interface ID.)
If you specify only an interface_id, the ifconfig program displays
the current configuration for the specified network interface only.
If a protocol family is specified by the
address_family parameter, ifconfig reports only
the configuration details specific to that protocol family.
When changing an interface configuration, if the address family cannot
be inferred from the address parameter, an address family,
which may alter the interpretation of succeeding parameters, must
This family is required because an interface can receive
transmissions in different protocols, each of which may require a
separate naming scheme.
The address argument is the network address of the interface being
configured. For the inet address family, the address argument is
either a hostname or an Internet address in the standard dotted-decimal
notation with or without the optional Classless Inter-Domain Routing (CIDR)
bitmask (/bitmask). If using
the bitmask argument, do not use the netmask parameter.
The destination address
(dest_address) argument specifies the address of
the correspondent on the remote end of a point-to-point link.
Closes all TCP connections associated with a network address. Use this
parameter when removing aliases or deleting network addresses.
This prevents users from experiencing a hanging connection when the network
address is deleted.
Creates a set of redundant adapters (NetRAIN). The interface-id
specified must represent adapters of the same type connected to
the same LAN segment. The ifconfig interface-id parameter
must be a NetRAIN virtual interface name of the form nrx,
x is the unit number (Valid unit numbers are 0 to nr_maxdev-1.
See sys_attrs_netrain(5) for a description of nr_maxdev and other
netrain subsystem attributes. You can adjust this limit by using the
sysconfig command). If the NetRAIN virtual interface does not exist,
it is created.
Establishes an additional network address for this interface. This can
be useful when changing network numbers and you want to continue to
accept packets addressed to the old interface.
If you do not specify a bitmask or netmask with the alias address, the default
netmask is based on the alias address's network class.
If you are using the optional bitmask argument, do not use the
Removes the network address specified. This can be used either if you
incorrectly specified an alias or if an alias is no longer needed.
The -alias parameter functions in the same manner as the delete
Establishes a range of additional network addresses for this interface.
The range can be a comma-separated list or a hyphenated list, and is inclusive.
You can also specify the optional CIDR bitmask (/bitmask) argument at the
end of the list. Do not use a comma-separated list and a hyphenated list for
a range. For example, the following aliaslist command adds network
addresses 40 through 50, inclusive, to subnets 18.240.32, 18.240.33,
18.240.34, 18.240.35, and 18.240.36:
ifconfig aliaslist 18.240.32-36.40-50
The following aliaslist command specifies the netmask 255.255.252.0 in
CIDR format to the previous example:
ifconfig aliaslist 18.240.32-36.40-50/22
The following aliaslist command adds network
addresses 40 through 50, inclusive, to subnets 18.240.32, 18.240.64,
ifconfig aliaslist 18.240.32,64,96.40-50
The following aliaslist command is invalid because a
comma-separated list and a hyphenated list are used to denote a range:
ifconfig aliaslist 188.8.131.52-50,55,58
Removes a range of network addresses for this interface. This can
be useful when deleting network numbers and you want to keep the
primary interface address. The alias list rules are the same as for the
Enables the reception of all multicast packets.
Disables the reception of all multicast packets.
Enables the use of the Address Resolution Protocol (ARP) in mapping between
network-level addresses and link-level addresses. This parameter is
on by default.
Disables the use of the ARP. Use of this parameter is not recommended. See
arp(8) for more information.
Specifies the address to use to represent broadcasts to the network.
The default broadcast address is the address with a host part
consisting of all 1s (ones). Note that the computation of the host
part is dependent on netmask (see the description of the
Enables driver-dependent debug code. This might turn on extra console
error logging. (See your hardware documentation for further
Disables driver-dependent debug code.
Removes the network address specified. This would be used if you incorrectly
specified an alias, or if it was no longer needed. If you have incorrectly set
an NS address having the side effect of specifying the host portion, removing
all NS addresses will allow you to respecify the host portion.
You need to be careful when specifying this parameter. If you specify
the network address before the delete parameter, all network
addresses for the interface are deleted. Similarly, if you specify no
network address after the delete parameter,
all network addresses for the interface are
Marks an interface as not working (down), which keeps the system from
trying to transmit messages through that interface. If possible,
the ifconfig command also resets the interface to disable
reception of messages. Routes that use the interface, however, are
not automatically disabled.
Enables access filtering on the interface. Reads the
/etc/ifaccess.conf file and constructs an interface access filter
based on entries in the file. Interface access filtering provides a
mechanism for detecting and preventing IP spoofing attacks. (See CERT
Advisory CA-95:01). The source addresses of IP input packets
are checked against access filter entries; packets receive the
action associated with the first matching entry. The following actions
are valid: permit, deny, or denylog; the final filter entry
is a default permit all. See ifaccess.conf(4) for more information.
Disables access filtering on the interface.
Specifies an Internet host willing to receive IP packets encapsulating
packets bound for a remote network. For a Network Systems (NS)
case, an apparent
point-to-point link is constructed, and the address specified will be
taken as the NS address and network of the destination host.
Alters the size of the maximum transfer unit (MTU) for messages that your
system transmits. It might be necessary to reduce the MTU size so that
bridges connecting token rings can transfer frames without error.
Sets the routing metric, or number of hops, for the interface to
the value of number. The default value is 0 (zero) if number
is not specified, indicating that both hosts are on the same network.
The routing metric is used by the routed and gated daemons, with
higher metrics indicating that the route is less favorable.
Enable NetRAIN monitoring on this interface. If the monitoring code
determines that the interface is not operational, a message is sent
to the console and to a log file.
Specifies how much of the address to reserve for subdividing
networks into sub-networks. This parameter can only be used with
an address family of inet. Do not use this parameter if you are
specifying the CIDR mask (/bitmask) with the address argument,
alias parameter, or aliaslist parameter.
The mask variable includes both the network part of the
local address and the subnet
part, which is taken from the host field of the address. The
mask can be specified as a single hexadecimal number beginning
with 0x, in the standard Internet dotted-decimal notation,
with a name.
The mask contains 1s (ones) for the bit positions in the 32-bit
address that are reserved for the network and subnet parts, and
0s (zeros) for the bit positions that specify the host. The
mask should contain at least the standard network portion.
The default netmask is based on the address parameter's network class.
Sets the number of attempts to determine whether a NetRAIN
interface is operational before performing a failover to another
interface. The default value is 4 retries; this value can be
adjusted using the sysconfig command.
For ATM LAN Emulation (LANE), set integer to 5.
Sets the NetRAIN interface monitoring interval. The default value
is 1 times the value of the nrtmoisr parameter (1 second).
This value sets the time it takes to perform a test on an operational interface.
Sets the time between NetRAIN interface tests if an interface is
marked down. Interface operability tests are not run unless the
interface UP flag is set. This timer represents the time between
checking the UP flag for an interface. Once the UP flag is
set, the interface resumes normal monitoring mode. The default value is 10
times the value of the nrtmoisr parameter (10 seconds).
Sets the time between NetRAIN interface tests after this interface
has failed. The default value is 5 times the value of the
nrtmoisr parameter (5 seconds). An interface is marked as
having failed after the interface test fails retry count times.
Sets the time-out value, in CPU clock ticks, for the NetRAIN interrupt service
routine that monitors the interfaces. The default value is 1000 (1 second).
This value overrides the netrain_timeout system attribute value, and
controls all other NetRAIN time-out values. Each time the NetRAIN
interrupt service routine executes, it decrements the time-out count
for each interface being monitored. When the time-out count reaches
zero, an operational test is performed on the interface. This value sets the
frequency which the routine monitoring interfaces runs.
Sets the time between NetRAIN interface tests when the previous test has
failed but it has not failed retry count times. The default value is 1 times
the value of the nrtmoisr parameter (1 second).
For ATM LAN Emulation (LANE) interfaces, set integer to 2.
Sets the time between NetRAIN interface tests when the previous
test succeeded. The default value is 3 times the value of the
nrtmoisr parameter (3 seconds).
Sets the interface into promiscuous mode. This directs the network
interface to receive all packets off the network, rather than just those
packets directed to the host.
Disables the promiscuous mode of the interface. This is the default.
Remove the interfaces attached to a NetRAIN interface. All of the
interfaces have their default hardware addresses restored and the
UP flag is cleared. The hardware address of the NetRAIN virtual
interface is set to 00:00:00:00:00:00 and its UP flag is
cleared. The NetRAIN virtual interface may be reconfigured using
the add command.
Sets the speed at which the token ring adapter transmits and receives
on the token ring network to value. The value can be either 4 for
a ring speed of 4Mbs or 16 for 16Mbs. The adapter speed must match the
signal speed of the token ring.
This parameter also determines the speed (regular or fast Ethernet) and half-
or full-duplex mode operation on the tu interface when that
interface is using the twisted-pair port as follows:
|10||10 Mbps Ethernet half-duplex|
|20||10 Mbps Ethernet full-duplex|
|100||100 Mbps Ethernet half-duplex|
|200||100 Mbps Ethernet full-duplex|
After the interface is online, you can use the ifconfig up and
down options to change the speed value dynamically. Stop adapter
transmission with down and set the speed in the same command
line. Then specify up without a speed value to restart the
Force a NetRAIN interface to failover to another interface in the
NetRAIN set. If the ifconfig interface-id specified is the
NetRAIN virtual interface, the next available interface in the
set becomes active. If the ifconfig interface-id is a member
of the NetRAIN set, the interface-id specified becomes the active
member. If the interface-id specified is not operational, the
switch command has no effect.
Requests the use of a trailer link-level encapsulation
when sending messages.
If a network interface supports
the system will, when possible, encapsulate outgoing
messages in a manner that minimizes the number of
memory-memory copy operations performed by the receiver.
On networks that support the Address Resolution Protocol
this flag indicates that the system should request that other
systems use trailers when sending to this host.
Similarly, trailer encapsulations will be sent to other
hosts that have made such requests. Currently used by Internet
Disables the use of a trailer link-level encapsulation. This is the
Sets the trust group identifier for the interface. Trust group
identifiers are passed from the kernel to the screend daemon, and
indicate the color of the interface on which a packet was received and the
color of the interface to which a packet is intended, as indicated by
the kernel routing tables. The group can be one of the primary
colors in the visible spectrum (for example, red, orange, yellow, green,
blue, indigo, and violet). The screend daemon can optionally use
trust group information to make packet screening decisions.
Marks an interface as working (up). This parameter is used
automatically when setting the first address for an interface, or can
be used to enable an interface after an ifconfig down command.
If the interface was reset when previously marked with the parameter
down (see the following section for a description of this
parameter), the hardware will be reinitialized.
To query the status of serial line interface sl0,
$ ifconfig sl0
To configure the local loopback interface, enter:
# ifconfig lo0 inet 127.0.0.1 up
Only a user with superuser authority can modify the configuration
of a network interface.
To configure a ln0 interface, enter:
# ifconfig ln0 184.108.40.206/22
The broadcast address is 220.127.116.11 as the 22-bit mask specifies four Class C
To configure the token ring interface for a 4 Mbps token ring with a netmask of
255.255.255.0 in CIDR format, enter:
# ifconfig tra0 18.104.22.168/24 speed 4
To stop the token ring interface and start it for a 16 Mbps token ring, enter:
# ifconfig tra0 down
# ifconfig tra0 speed 16 up
To create a NetRAIN set nr1 with the Ethernet interfaces tu0
and tu2 as the set members, enter:
# ifconfig nr1 add tu0,tu2
To set the IP address of this interface to 22.214.171.124, enter:
# ifconfig nr1 inet 126.96.36.199
To view this set, enter:
# ifconfig nr1
NetRAIN Attached Interfaces: ( tu0 tu2 ) Active Interface: ( tu0 )
inet 188.8.131.52 netmask ffffff00 broadcast 184.108.40.206 ipmtu
To remove the interfaces tu0 and tu2 from the NetRAIN set
created in the previous example, enter:
# ifconfig nr1 remove
To stop Ethernet interface tu0, delete all addresses associated with the
interface, and close all TCP connections, enter:
# ifconfig tu0 down delete abort
220.127.116.11: aborting 7 tcp connection(s)
To delete the alias address 18.104.22.168 on interface tu0 and close all
TCP connections, enter:
# ifconfig tu0 -alias 22.214.171.124 abort
126.96.36.199: aborting 2 tcp connection(s)
The bitmask specified is not in the range of 1 to 32, inclusive.
The -netmask option was specified together with a CIDR bitmask.
Specifies the command path
Interface access filtering configuration file.
nr(7), inet.local(8), pfconfig(8).
Daemons: gated(8), routed(8) screend(8).
System Attributes: sys_attrs_netrain(5).
- RELATED INFORMATION
This document was created by
using the manual pages.
Time: 02:40:28 GMT, October 02, 2010