Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
IFCONFIG(8)		  BSD System Manager's Manual		   IFCONFIG(8)

NAME
     ifconfig -- configure network interface parameters

SYNOPSIS
     ifconfig [-AaC] [interface] [address_family] [address [dest_address]]
	      [parameters]

DESCRIPTION
     The ifconfig utility is used to assign an address to a network interface
     and/or configure network interface	parameters.  Generally speaking,
     hostname.if(5) files are used at boot-time	to define the network address
     of	each interface present on a machine; ifconfig is used at a later time
     to	redefine an interface's	address	or other operating parameters.

     ifconfig displays the current configuration for a network interface when
     no	optional parameters are	supplied.  If a	protocol family	is specified,
     ifconfig will report only the details specific to that protocol family.
     If	no parameters are provided, a summary of all interfaces	is provided.

     Only the superuser	may modify the configuration of	a network interface.

     The following options are available:

     -A	     Causes full interface alias information for each interface	to be
	     displayed.

     -a	     Causes ifconfig to	print information on all interfaces.  The pro-
	     tocol family may be specified as well.  This is the default, if
	     no	parameters are given to	ifconfig.

     -C	     Print the names of	all network pseudo-devices that	can be created
	     dynamically at runtime using ifconfig create.

     interface
	     The interface parameter is	a string of the	form "name unit", for
	     example, "en0".  If no optional parameters	are supplied, this
	     string can	instead	be just	"name".	 If an interface group of that
	     name exists, all interfaces in the	group will be shown.  Other-
	     wise all interfaces of the	same type will be displayed (for exam-
	     ple, "fxp"	will display all fxp(4)	interfaces).

     address_family
	     Specifies the address family which	affects	interpretation of the
	     remaining parameters.  Since an interface can receive transmis-
	     sions in differing	protocols with different naming	schemes, spec-
	     ifying the	address	family is recommended.	The address or proto-
	     col families currently supported are "inet" and "inet6".

     address
	     Internet version 4	and 6 addresses	take the form of a host	name
	     present in	the host name database,	hosts(5); "dot"	notation
	     (IPv4); colon-separated (IPv6); or	CIDR notation.

     dest_address
	     Specify the address of the	correspondent on the other end of a
	     point-to-point link.

     The following parameters may be set with ifconfig:

     alias	     Establish an additional network address for this inter-
		     face.  This is sometimes useful when changing network
		     numbers, and one wishes to	accept packets addressed to
		     the old interface.

     -alias	     A synonym for delete.  Use	of this	option is discouraged
		     in	favour of delete.

     arp	     Enable the	use of the Address Resolution Protocol (ARP)
		     in	mapping	between	network	level addresses	and link level
		     addresses (default).

     -arp	     Disable the use of	ARP.

     broadcast addr  (inet only) Specify the address to	use to represent
		     broadcasts	to the network.	 The default broadcast address
		     is	the address with a host	part of	all 1's.

     create	     Create the	specified network pseudo-device.  At least the
		     following devices can be created on demand:

		     bridge(4),	carp(4), egre(4), enc(4), eoip(4), etherip(4),
		     gif(4), gre(4), lo(4), mgre(4), mpe(4), mpw(4), nvgre(4),
		     pair(4), pflog(4),	pflow(4), pfsync(4), ppp(4), pppoe(4),
		     svlan(4), switch(4), tap(4), trunk(4), tun(4), vether(4),
		     vlan(4), vxlan(4)

     debug	     Enable driver-dependent debugging code; usually, this
		     turns on extra console error logging.

     -debug	     Disable driver-dependent debugging	code.

     delete	     Remove the	default	inet address associated	with the in-
		     terface, including	any netmask or destination address
		     configured	with it.  An address and address family	can be
		     given to make the deletion	more specific.

     description value
		     Specify a description of the interface.  This can be used
		     to	label interfaces in situations where they may other-
		     wise be difficult to distinguish.

     -description    Clear the interface description.

     destroy	     Destroy the specified network pseudo-device.

     down	     Mark an interface "down".	When an	interface is marked
		     "down", the system	will not attempt to transmit messages
		     through that interface.  If possible, the interface will
		     be	reset to disable reception as well.  This action auto-
		     matically disables	routes using the interface.

     group group-name
		     Assign the	interface to a "group".	 group-name may	not be
		     longer than 15 characters and must	not end	with a digit.
		     Any interface can be in multiple groups.

		     For instance, a group could be used to create a hardware
		     independent pf(4) ruleset (i.e. not one based on the
		     names of NICs) using existing (egress, carp, etc.)	or
		     user-defined groups.

		     Some interfaces belong to specific	groups by default:

		     -	     All interfaces are	members	of the all interface
			     group.
		     -	     Cloned interfaces are members of their interface
			     family group.  For	example, a PPP interface such
			     as	ppp0 is	a member of the	ppp interface family
			     group.
		     -	     pppx(4) interfaces	are members of the pppx	inter-
			     face group.
		     -	     The interface(s) the default route(s) point to
			     are members of the	egress interface group.
		     -	     IEEE 802.11 wireless interfaces are members of
			     the wlan interface	group.
		     -	     Any interfaces used for network booting are mem-
			     bers of the netboot interface group.

     -group group-name
		     Remove the	interface from the given "group".

     hwfeatures	     Display the interface hardware features:

			   CSUM_IPv4	   The device supports IPv4 checksum
					   offload.
			   CSUM_TCPv4	   As above, for TCP in	IPv4 data-
					   grams.
			   CSUM_UDPv4	   As above, for UDP.
			   VLAN_MTU	   The device can handle full sized
					   frames, plus	the size of the
					   vlan(4) tag.
			   VLAN_HWTAGGING  On transmit,	the device can add the
					   vlan(4) tag.
			   CSUM_TCPv6	   As CSUM_TCPv4, but supports IPv6
					   datagrams.
			   CSUM_UDPv6	   As above, for UDP.
			   WOL		   The device supports Wake on LAN
					   (WoL).
			   hardmtu	   The maximum MTU supported.

     -inet	     Remove all	configured inet(4) addresses on	the given in-
		     terface.

     -inet6	     Disable inet6(4) on the given interface and remove	all
		     configured	inet6(4) addresses, including the link-local
		     ones.  This is the	default.  To turn inet6	on, use	eui64
		     or	autoconf, or assign any	inet6 address.

     instance minst  Set the media instance to minst.  This is useful for de-
		     vices which have multiple physical	layer interfaces
		     (PHYs).  Setting the instance on such devices may not be
		     strictly required by the network interface	driver as the
		     driver may	take care of this automatically; see the
		     driver's manual page for more information.

     link[0-2]	     Enable special processing of the link level of the	inter-
		     face.  These three	options	are interface specific in ac-
		     tual effect; however, they	are in general used to select
		     special modes of operation.  An example of	this is	to se-
		     lect the connector	type for some Ethernet cards.  Refer
		     to	the man	page for the specific driver for more informa-
		     tion.

     -link[0-2]	     Disable special processing	at the link level with the
		     specified interface.

     lladdr etheraddr|random
		     Change the	link layer address (MAC	address) of the	inter-
		     face.  This should	be specified as	six colon-separated
		     hex values, or can	be chosen randomly.

     llprio prio     Set the priority for link layer communications (arp(4),
		     bpf(4), pppoe(4)).

     media [type]    Set the media type	of the interface to type.  If no argu-
		     ment is given, display a list of all available media.

		     Some interfaces support the mutually exclusive use	of one
		     of	several	different physical media connectors.  For ex-
		     ample, a 10Mb/s Ethernet interface	might support the use
		     of	either AUI or twisted pair connectors.	Setting	the
		     media type	to "10base5" or	"AUI" would change the cur-
		     rently active connector to	the AUI	port.  Setting it to
		     "10baseT" or "UTP"	would activate twisted pair.  Refer to
		     the interface's driver-specific man page for a complete
		     list of the available types, or use the following command
		     for a listing of choices:

			   $ ifconfig interface	media

     mediaopt opts   Set the specified media options on	the interface.	opts
		     is	a comma	delimited list of options to apply to the in-
		     terface.  Refer to	the interface's	driver-specific	man
		     page for a	complete list of available options, or use the
		     following command for a listing of	choices:

			   $ ifconfig interface	media

     -mediaopt opts  Disable the specified media options on the	interface.

     metric nhops    Set the routing metric of the interface to	nhops, default
		     0.	 The routing metric can	be used	by routing protocols.
		     Higher metrics have the effect of making a	route less fa-
		     vorable.

     mode mode	     If	the driver for the interface supports the media	selec-
		     tion system, force	the mode of the	interface to the given
		     mode.  For	IEEE 802.11 wireless interfaces	that support
		     multiple modes, this directive is used to select between
		     802.11a ("11a"), 802.11b ("11b"), 802.11g ("11g"),	and
		     802.11n ("11n") modes.

     -mode	     Select the	mode automatically.  This is the default for
		     IEEE 802.11 wireless interfaces.

     mpls	     Enable Multiprotocol Label	Switching (MPLS) on the	inter-
		     face, allowing it to send and receive MPLS	traffic.

     -mpls	     Disable MPLS on the interface.

     mtu value	     Set the MTU for this device to the	given value.  Cloned
		     routes inherit this value as a default.  For Ethernet de-
		     vices which support setting the MTU, a value greater than
		     1500 enables jumbo	frames.	 The hardmtu output from
		     hwfeatures	shows the maximum supported MTU.

     netmask mask    (inet and inet6 only) Specify how much of the address to
		     reserve for subdividing networks into subnetworks.	 The
		     mask includes the network part of the local address and
		     the subnet	part, which is taken from the host field of
		     the address.  The mask can	be specified as	a single hexa-
		     decimal number with a leading 0x, or with a dot-notation
		     Internet address.	The mask contains 1's for the bit po-
		     sitions in	the 32-bit address which are to	be used	for
		     the network and subnet parts, and 0's for the host	part.
		     The mask should contain at	least the standard network
		     portion, and the subnet field should be contiguous	with
		     the network portion.

     prefixlen n     (inet and inet6 only) Effect is similar to	netmask, but
		     you can specify prefix length by digits.

     priority n	     Set the interface routing priority	to n.  n is in the
		     range of 0	to 15 with smaller numbers being better.  The
		     default priority of an interface is 0, except for IEEE
		     802.11 wireless interfaces	(priority 4) and carp(4) in-
		     terfaces (priority	15).  The default priority of newly
		     connected routes (routes created by configuring an	IP ad-
		     dress on an interface) is calculated by adding 4
		     (RTP_CONNECTED) to	the interface priority.	 The default
		     priority of new static routes added to the	kernel is cal-
		     culated by	adding 8 (RTP_STATIC) to the interface prior-
		     ity.

     rdomain rdomainid
		     Attach the	interface to the routing domain	with the spec-
		     ified rdomainid.  Interfaces in different routing domains
		     are separated and cannot directly pass traffic between
		     each other.  It is	therefore possible to reuse the	same
		     addresses in different routing domains.  If the specified
		     rdomain does not yet exist	it will	be created, including
		     a routing table with the same id.	By default all inter-
		     faces belong to routing domain 0.

     -rdomain	     Remove the	interface from the routing domain and return
		     it	to routing domain 0.  Any inet and inet6 addresses on
		     the interface will	also be	removed.

     rtlabel route-label
		     (inet) Attach route-label to new network routes of	the
		     specified interface.  Route labels	can be used to imple-
		     ment policy routing; see route(4),	route(8), and
		     pf.conf(5).

     -rtlabel	     Clear the route label.

     staticarp	     If	ARP is enabled,	the host will only reply to requests
		     for its addresses,	and will never send any	requests.

     -staticarp	     If	ARP is enabled,	the host will perform normally,	send-
		     ing out requests and listening for	replies.

     transceiver     Query and display information and diagnostics from	GBIC
		     and SFP modules installed in an interface.	 It is only
		     supported by drivers implementing the necessary function-
		     ality on hardware which supports it.

     up		     Mark an interface "up".  This may be used to enable an
		     interface after an	ifconfig down.	It happens automati-
		     cally when	setting	the first address on an	interface.  If
		     the interface was reset when previously marked down, the
		     hardware will be re-initialized.

     wol	     Enable Wake on LAN	(WoL).	When enabled, reception	of a
		     WoL frame will cause the network card to power up the
		     system from standby or suspend mode.  WoL frames are sent
		     using arp(8).

     -wol	     Disable WoL.  WoL is disabled at boot by the driver, if
		     possible.

BRIDGE
     The following options are available for a bridge(4) interface:

     add interface
	     Add interface as a	member of the bridge.  The interface is	put
	     into promiscuous mode so that it can receive every	packet sent on
	     the network.  An interface	can be a member	of at most one bridge.

     addr    Display the addresses that	have been learned by the bridge.

     addspan interface
	     Add interface as a	span port on the bridge.

     autoedge interface
	     Automatically detect the spanning tree edge port status on
	     interface.	 This is the default for interfaces added to the
	     bridge.

     -autoedge interface
	     Disable automatic spanning	tree edge port detection on interface.

     autoptp interface
	     Automatically detect the point-to-point status on interface by
	     checking the full duplex link status.  This is the	default	for
	     interfaces	added to the bridge.

     -autoptp interface
	     Disable automatic point-to-point link detection on	interface.

     blocknonip	interface
	     Mark interface so that only IPv4, IPv6, ARP, and Reverse ARP
	     packets are accepted from it or forwarded to it from other	bridge
	     member interfaces.

     -blocknonip interface
	     Allow non-IPv4, IPv6, ARP,	or Reverse ARP packets through
	     interface.

     del interface
	     Remove interface from the bridge.	Promiscuous mode is turned off
	     for the interface when it is removed from the bridge.

     deladdr address
	     Delete address from the cache.

     delspan interface
	     Delete interface from the list of span ports of the bridge.

     discover interface
	     Mark interface so that packets are	sent out of the	interface if
	     the destination port of the packet	is unknown.  If	the bridge has
	     no	address	cache entry for	the destination	of a packet, meaning
	     that there	is no static entry and no dynamically learned entry
	     for the destination, the bridge will forward the packet to	all
	     member interfaces that have this flag set.	 This is the default
	     for interfaces added to the bridge.

     -discover interface
	     Mark interface so that packets are	not sent out of	the interface
	     if	the destination	port of	the packet is unknown.	Turning	this
	     flag off means that the bridge will not send packets out of this
	     interface unless the packet is a broadcast	packet,	multicast
	     packet, or	a packet with a	destination address found on the in-
	     terface's segment.	 This, in combination with static address
	     cache entries, prevents potentially sensitive packets from	being
	     sent on segments that have	no need	to see the packet.

     down    Stop the bridge from forwarding packets.

     edge interface
	     Set interface as a	spanning tree edge port.  An edge port is a
	     single connection to the network and cannot create	bridge loops.
	     This allows a straight transition to forwarding.

     -edge interface
	     Disable edge port status on interface.

     flush   Remove all	dynamically learned addresses from the cache.

     flushall
	     Remove all	addresses from the cache including static addresses.

     flushrule interface
	     Remove all	Ethernet MAC filtering rules from interface.

     fwddelay time
	     Set the time (in seconds) before an interface begins forwarding
	     packets.  Defaults	to 15 seconds, minimum of 4, maximum of	30.

     hellotime time
	     Set the time (in seconds) between broadcasting spanning tree pro-
	     tocol configuration packets.  Defaults to 2 seconds, minimum of
	     1,	maximum	of 2.  This option is only supported in	STP mode with
	     rapid transitions disabled; see the proto command for setting the
	     protocol version.

     holdcnt time
	     Set the transmit hold count, which	is the number of spanning tree
	     protocol packets transmitted before being rate limited.  Defaults
	     to	6, minimum of 1, maximum of 10.

     ifcost interface num
	     Set the spanning tree path	cost of	interface to num.  Defaults to
	     55, minimum of 1, maximum of 200000000 in RSTP mode, and maximum
	     of	65535 in STP mode.

     -ifcost interface
	     Automatically calculate the spanning tree priority	of interface
	     based on the current link speed, interface	status,	and spanning
	     tree mode.	 This is the default for interfaces added to the
	     bridge.

     ifpriority	interface num
	     Set the spanning tree priority of interface to num.  Defaults to
	     128, minimum of 0,	maximum	of 240.

     learn interface
	     Mark interface so that the	source address of packets received
	     from the interface	are entered into the address cache.  This is
	     the default for interfaces	added to the bridge.

     -learn interface
	     Mark interface so that the	source address of packets received
	     from interface are	not entered into the address cache.

     link0   Setting this flag stops all IP multicast packets from being for-
	     warded by the bridge.

     -link0  Clear the link0 flag on the bridge	interface.

     link1   Setting this flag stops all non-IP	multicast packets from being
	     forwarded by the bridge.

     -link1  Clear the link1 flag on the bridge	interface.

     link2   Setting this flag causes all packets to be	passed on to ipsec(4)
	     for processing, based on the policies established by the adminis-
	     trator using the ipsecctl(8) command and ipsec.conf(5).  If ap-
	     propriate security	associations (SAs) exist, they will be used to
	     encrypt or	decrypt	the packets.  Otherwise, any key management
	     daemons such as isakmpd(8)	that are running on the	bridge will be
	     invoked to	establish the necessary	SAs.  These daemons have to be
	     configured	as if they were	running	on the host whose traffic they
	     are protecting (i.e. they need to have the	appropriate authenti-
	     cation and	authorization material,	such as	keys and certificates,
	     to	impersonate the	protected host(s)).

     -link2  Clear the link2 flag on the bridge	interface.

     maxaddr size
	     Set the address cache size	to size.  The default is 100 entries.

     maxage time
	     Set the time (in seconds) that a spanning tree protocol configu-
	     ration is valid.  Defaults	to 20 seconds, minimum of 6, maximum
	     of	40.

     protected interface ids
	     Put interface in protected	domains.  ids is a comma delimited
	     list of domain IDs, between 1 and 31, to put the interface	in.
	     Interfaces	that are part of a protected domain cannot forward
	     traffic to	any other interface in that domain.  Interfaces	do not
	     belong to any protected domain by default.

     -protected	interface
	     Remove interface from all protected domains.

     proto value
	     Force the spanning	tree protocol version.	The available values
	     are rstp to operate in the	default	Rapid Spanning Tree (RSTP)
	     mode or stp to force operation in Spanning	Tree (STP) mode	with
	     rapid transitions disabled.

     ptp interface
	     Set interface as a	point-to-point link.  This is required for
	     straight transitions to forwarding	and should be enabled for a
	     full duplex link or a trunk(4) with at least two physical links
	     to	the same network segment.

     -ptp interface
	     Disable point-to-point link status	on interface.  This should be
	     disabled for a half duplex	link and for an	interface connected to
	     a shared network segment, like a hub or a wireless	network.

     rule block|pass [in | out]	on interface [src lladdr] [dst lladdr]
	     [tag tagname] [arp	| rarp [request	| reply] [sha lladdr]
	     [spa ipaddr] [tha lladdr] [tpa ipaddr]]
	     Add a filtering rule to an	interface.  Rules have a similar syn-
	     tax to those in pf.conf(5).  Rules	can be used to selectively
	     block or pass frames based	on Ethernet MAC	addresses or to	tag
	     packets for pf(4) to filter on.

	     arp(4) packets can	be matched with	the arp	keyword	for regular
	     packets and rarp for reverse arp.	request	and reply limit
	     matches to	requests or replies.  The source and target host ad-
	     dresses can be matched with the sha and tha keywords, and the
	     protocol addresses	with spa and tpa.

	     Rules are processed in the	order in which they were added to the
	     interface.	 The first rule	matched	takes the action (block	or
	     pass) and,	if given, the tag of the rule.	If no source or	desti-
	     nation address is specified, the rule will	match all frames (good
	     for creating a catchall policy).

     rulefile filename
	     Load a set	of rules from the file filename.

     rules interface
	     Display the active	filtering rules	in use on interface.

     spanpriority num
	     Set the spanning priority of this bridge to num.  Defaults	to
	     32768, minimum of 0, maximum of 61440.

     static interface address
	     Add a static entry	into the address cache pointing	to interface.
	     Static entries are	never aged out of the cache or replaced, even
	     if	the address is seen on a different interface.

     stp interface
	     Enable spanning tree protocol on interface.

     -stp interface
	     Disable spanning tree protocol on interface.  This	is the default
	     for interfaces added to the bridge.

     timeout time
	     Set the timeout, in seconds, for addresses	in the cache to	time.
	     The default is 240	seconds.  If time is set to zero, then entries
	     will not be expired.

     up	     Start the bridge forwarding packets.

CARP
     ifconfig carp-interface [advbase n] [advskew n] [balancing	mode]
     [carpnodes	vhid:advskew,vhid:advskew,...] [carpdev	iface]
     [[-]carppeer peer_address]	[pass passphrase] [state state]	[vhid host-id]

     The following options are available for a carp(4) interface:

     advbase n
	     Set the base advertisement	interval to n seconds.	Acceptable
	     values are	0 to 254; the default value is 1 second.

     advskew n
	     Skew the advertisement interval by	n.  Acceptable values are 0 to
	     254; the default value is 0.

     balancing mode
	     Set the load balancing mode to mode.  Valid modes are ip,
	     ip-stealth, and ip-unicast.

     carpnodes vhid:advskew,vhid:advskew,...
	     Create a load balancing group consisting of up to 32 nodes.  Each
	     node is specified as a vhid:advskew tuple in a comma-separated
	     list.

     carpdev iface
	     Attach to parent interface	iface.

     carppeer peer_address
	     Send the carp advertisements to a specified point-to-point	peer
	     or	multicast group	instead	of sending the messages	to the default
	     carp multicast group.  The	peer_address is	the IP address of the
	     other host	taking part in the carp	cluster.  With this option,
	     carp(4) traffic can be protected using ipsec(4) and it may	be de-
	     sired in networks that do not allow or have problems with IPv4
	     multicast traffic.

     -carppeer
	     Send the advertisements to	the default carp multicast group.

     pass passphrase
	     Set the authentication key	to passphrase.	There is no passphrase
	     by	default.

     state state
	     Explicitly	force the interface to enter this state.  Valid	states
	     are init, backup, and master.

     vhid n  Set the virtual host ID to	n.  Acceptable values are 1 to 255.

     Taken together, the advbase and advskew indicate how frequently, in sec-
     onds, the host will advertise the fact that it considers itself master of
     the virtual host.	The formula is advbase + (advskew / 256).  If the mas-
     ter does not advertise within three times this interval, this host	will
     begin advertising as master.

IEEE 802.11 (WIRELESS DEVICES)
     ifconfig wireless-interface [[-]bssid bssid] [[-]chan [n]]	[[-]join id]
     [[-]joinlist] [[-]nwflag flag] [[-]nwid id] [[-]nwkey key]
     [[-]powersave [duration]] [scan] [[-]wpa] [wpaakms	akm,akm,...]
     [wpaciphers cipher,cipher,...] [wpagroupcipher cipher]
     [[-]wpakey	passphrase | hexkey] [wpaprotos	proto,proto,...]

     The following options are available for a wireless	interface:

     bssid bssid
	     Set the desired BSSID.

     -bssid  Unset the desired BSSID.  The interface will automatically	select
	     a BSSID in	this mode, which is the	default.

     chan [n]
	     Set the channel (radio frequency) to n.

	     With no channel specified,	show the list of channels supported by
	     the device.

     -chan   Unset the desired channel.	 It doesn't affect the channel to be
	     created for IBSS or Host AP mode.

     join id
	     Add the network with NWID/ESSID id	to the list of auto-join net-
	     works.  Information about such networks is	retained, such that
	     configured	interfaces can automatically switch to such networks
	     as	necessary.

	     The id can	either be any text string up to	32 characters in
	     length, or	a series of hexadecimal	digits up to 64	digits.	 Any
	     necessary wpakey or nwkey arguments should	be specified on	the
	     same line.	 The empty string allows the interface to automati-
	     cally connect to any available access points if no	known access
	     points are	found.	May not	be used	with nwid.

     -join id
	     Remove the	network	with NWID id, from the list of auto-join net-
	     works.

     joinlist
	     Show the list of currently	configured auto-join networks.

     -joinlist
	     Remove all	networks in the	list of	auto-join networks.

     nwflag flag
	     Set specified flag.  The flag name	can be either `hidenwid' or
	     `nobridge'.  The `hidenwid' flag will hide	the network ID (ESSID)
	     in	beacon frames when operating in	Host AP	mode.  It will also
	     prevent responses to probe	requests with an unspecified network
	     ID.  The `nobridge' flag will disable the direct bridging of
	     frames between associated nodes when operating in Host AP mode.
	     Setting this flag will block and filter direct inter-station com-
	     munications.

	     Note that the `hidenwid' and `nobridge' options do	not provide
	     any security.  The	hidden network ID will be sent in clear	text
	     by	associating stations and can be	easily discovered with tools
	     like tcpdump(8) and hostapd(8).

     -nwflag flag
	     Remove specified flag.

     nwid id
	     Connect to	the network with NWID id.  Unlike auto-join networks,
	     information about the network is not retained.  The empty string
	     allows the	interface to connect to	any available access points.
	     May not be	used with join.

     -nwid   Set the NWID to the empty string to allow the interface to	con-
	     nect to any available access point.

     nwkey key
	     Enable WEP	encryption using the specified key.  The key can ei-
	     ther be a string, a series	of hexadecimal digits (preceded	by
	     `0x'), or a set of	keys of	the form "n:k1,k2,k3,k4" where `n'
	     specifies which of	the keys will be used for transmitted packets,
	     and the four keys,	"k1" through "k4", are configured as WEP keys.
	     If	a set of keys is specified, a comma (`,') within the key must
	     be	escaped	with a backslash.  Note	that if	multiple keys are
	     used, their order must be the same	within the network.

	     The length	of each	key must be either 40 bits for 64-bit encryp-
	     tion (5-character ASCII string or 10 hexadecimal digits) or 104
	     bits for 128-bit encryption (13-character ASCII string or 26
	     hexadecimal digits).

     -nwkey  Disable WEP encryption.

     nwkey persist
	     Enable WEP	encryption using the persistent	key stored in the net-
	     work card.

     nwkey persist:key
	     Write key to the persistent memory	of the network card, and en-
	     able WEP encryption using that key.

     powersave
	     Enable 802.11 power saving	mode.  Power saving is disabled	by de-
	     fault.  See driver	specific manual	pages to see details of	the
	     implementation relevant to	that device.

     -powersave
	     Disable 802.11 power saving mode.

     scan    Show the results of an access point scan.	In Host	AP mode, this
	     will dump the list	of known nodes without scanning.

     wpa     Enable Wi-Fi Protected Access.  WPA is a Wi-Fi Alliance protocol
	     based on the IEEE 802.11i standard.  It was designed to enhance
	     the security of wireless networks.	 Notice	that not all drivers
	     support WPA.  Check the driver's manual page to know if this op-
	     tion is supported.

     -wpa    Disable Wi-Fi Protected Access.

     wpaakms akm,akm,...
	     Set the comma-separated list of allowed authentication and	key
	     management	protocols.

	     The supported values are "psk" and	"802.1x".  psk authentication
	     (also known as personal mode) uses	a 256-bit pre-shared key.
	     802.1x authentication (also known as enterprise mode) is used
	     with an external IEEE 802.1X authentication server, such as
	     wpa_supplicant.  The default value	is "psk".  "psk" can only be
	     used if a pre-shared key is configured using the wpakey option.

     wpaciphers	cipher,cipher,...
	     Set the comma-separated list of allowed pairwise ciphers.

	     The supported values are "tkip", "ccmp", and "usegroup".
	     usegroup specifies	that no	pairwise ciphers are supported and
	     that only group keys should be used.  The default value is
	     "ccmp".  If multiple pairwise ciphers are specified, the pairwise
	     cipher will be negotiated between the station and the access
	     point at association time.	 A station will	always try to use ccmp
	     over tkip if both ciphers are allowed and supported by the	access
	     point.  If	the selected cipher is not supported by	the hardware,
	     software encryption will be used.	Check the driver's manual page
	     to	know which ciphers are supported in hardware.

     wpagroupcipher cipher
	     Set the group cipher used to encrypt broadcast and	multicast
	     traffic.

	     The supported values are "wep40", "wep104", "tkip", and "ccmp".
	     The default value is "ccmp".  The use of tkip or wep40 or wep104
	     as	the group cipher is discouraged	due to weaknesses in TKIP and
	     WEP.  The wpagroupcipher option is	available in Host AP mode
	     only.  A station will always use the group	cipher of the BSS.

     wpakey passphrase | hexkey
	     Set the WPA key and enable	WPA.  The key can be given using ei-
	     ther a passphrase or a full length	hex key, starting with 0x.  If
	     a passphrase is used the nwid or join option must first be	speci-
	     fied, since ifconfig will hash the	nwid along with	the passphrase
	     to	create the key.

     -wpakey
	     Delete the	pre-shared WPA key and disable WPA.

     wpaprotos proto,proto,...
	     Set the comma-separated list of allowed WPA protocol versions.

	     The supported values are "wpa1" and "wpa2".  wpa1 is based	on
	     draft 3 of	the IEEE 802.11i standard whereas wpa2 is based	on the
	     ratified standard.	 The default value is "wpa2".  If "wpa1,wpa2"
	     is	specified, a station will always use the wpa2 protocol when
	     supported by the access point.

INET6
     ifconfig interface	inet6 [[-]anycast] [[-]autoconf] [[-]autoconfprivacy]
     [eui64] [pltime n]	[[-]soii] [[-]tentative] [vltime n]

     The following options are available for an	ip6(4) interface:

     anycast
	     Set the IPv6 anycast address bit.

     -anycast
	     Clear the IPv6 anycast address bit.

     autoconf
	     Set the AUTOCONF6 flag on the interface.  The address autoconfig-
	     uration daemon slaacd(8) automatically configures IPv6 addresses
	     for interfaces with this flag.

     -autoconf
	     Unset the AUTOCONF6 flag on the interface.

     autoconfprivacy
	     Enable privacy extensions for stateless IPv6 address autoconfigu-
	     ration (RFC 4941) on the interface.  These	extensions are enabled
	     by	default.  The purpose of these extensions is to	prevent	track-
	     ing of individual devices which connect to	the IPv6 internet from
	     different networks	using stateless	autoconfiguration.  The	inter-
	     face identifier often remains constant and	provides the lower 64
	     bits of an	autoconfigured IPv6 address, facilitating tracking of
	     individual	devices	(and hence, potentially, users of these	de-
	     vices) over long periods of time (weeks to	months to years).
	     When these	extensions are active, random interface	identifiers
	     are used for autoconfigured addresses.

	     Autoconfigured addresses are also made temporary, which means
	     that they will automatically be replaced regularly.  Temporary
	     addresses are deprecated after 24 hours.  Once a temporary	ad-
	     dress has been deprecated,	a new temporary	address	will be	con-
	     figured upon reception of a router	advertisement indicating that
	     the prefix	is still valid.	 Deprecated addresses will not be used
	     for new connections as long as a non-deprecated address remains
	     available.	 Temporary addresses become invalid after one week, at
	     which time	they will be removed from the interface.  Address
	     lifetime extension	through	router advertisements is ignored for
	     temporary addresses.

     -autoconfprivacy
	     Disable IPv6 autoconf privacy extensions on the interface.	 Cur-
	     rently configured addresses will not be removed until they	become
	     invalid.

     eui64   Fill the interface	index (the lowermost 64	bits of	an IPv6
	     address) automatically.

     pltime n
	     Set preferred lifetime for	the address, in	seconds.

     soii    Enable persistent Semantically Opaque Interface Identifiers
	     (SOIIs), as per RFC 7217, for link	local and SLAAC	addresses on
	     the interface.  The purpose of these identifiers is to make dis-
	     covery of hosts by	scanning a whole prefix	more difficult.	 SOIIs
	     use the whole 64 bits of the host part while SLAAC	addresses are
	     formed from MAC addresses which can lower the entropy to 24 bits
	     if	the host is running in a virtualization	environment or the
	     hardware manufacturer is known.  See RFC 8064 for details.	 SOIIs
	     are enabled by default.

     -soii   Disable IPv6 persistent Semantically Opaque Interface Identifiers
	     on	the interface.	Currently configured addresses will not	be re-
	     moved until they become invalid.

     tentative
	     Set the IPv6 tentative address bit.

     -tentative
	     Clear the IPv6 tentative address bit.

     vltime n
	     Set valid lifetime	for the	address, in seconds.

INTERFACE GROUPS
     ifconfig -g group-name [[-]carpdemote [number]]

     The following options are available for interface groups:

     -g	group-name
	     Specify the group.

     carpdemote	[number]
	     Increase carp(4) demote count for given interface group by
	     number.  Acceptable values	are 0 to 128.  If number is omitted,
	     it	is increased by	1.  Demote count can be	set up to 255.

     -carpdemote [number]
	     Decrease carp(4) demote count for given interface group by
	     number.  Acceptable values	are 0 to 128.  If number is omitted,
	     it	is decreased by	1.

MPLS
     ifconfig mpls-interface [mplslabel	mpls-label] [[-]pwecw] [[-]pwefat]
     [pweneighbor mpls-label neighbor] [tunneldomain rdomain]

     The following options are available for mpe(4), mpip(4), and mpw(4) in-
     terfaces:

     mplslabel mpls-label
	     Set the local MPLS	label to mpls-label.  MPLS packets sent	to
	     this label	on the local system will be decapsulated for input.
	     An	MPLS label is a	20-bit number.	Labels 0 to 15 inclusive are
	     reserved labels and cannot	be used.

     tunneldomain rdomain
	     Use the route domain rdomain for MPLS transit.  The MPLS encapsu-
	     lated traffic does	not need to terminate in the same routing do-
	     main as the interface itself.

     The following options are available for the mpip(4) and mpw(4) interfaces
     that provide MPLS Pseudowire Emulation Edge-to-Edge (PWE3)	functionality:

     pwecw   Enable the	use of the PWE3	Control	Word.

     -pwecw  Disable the use of	the PWE3 Control Word.

     pwefat  Enable the	use of the Flow-Aware Transport	(FAT) flow label.

     -pwefat
	     Disable the use of	the Flow-Aware Transport (FAT) flow label.

     pweneighbor mpls-label neighbor
	     Use mpls-label and	neighbor as the	remote MPLS label and neighbor
	     respectively.  Remote MPLS	labels have the	same restrictions on
	     values as local MPLS labels.

PAIR
     ifconfig pair-interface [[-]patch interface]

     The following options are available for a pair(4) interface:

     patch interface
	     Connect the interface with	a second pair(4) interface.  Any out-
	     going packets from	the first pair-interface will be received by
	     the second	interface, and vice versa.  This makes it possible to
	     interconnect two routing domains locally.

     -patch  If	configured, disconnect the interface pair.

PFLOW
     ifconfig pflow-interface [[-]flowdst addr:port] [[-]flowsrc addr[:port]]
     [pflowproto n]

     The following options are available for a pflow(4)	interface:

     flowdst addr:port
	     Set the receiver address and the port for pflow(4)	packets.  Both
	     must be defined to	export pflow data.  addr is the	IP address and
	     port is the port number of	the flow collector.  Pflow data	will
	     be	sent to	this address/port.

     -flowdst
	     Unset the receiver	address	and stop sending pflow data.

     flowsrc addr[:port]
	     Set the source IP address for pflow packets.  addr	is the IP ad-
	     dress used	as sender of the UDP packets and may be	used to	iden-
	     tify the source of	the data on the	pflow collector.

     -flowsrc
	     Unset the source address.

     pflowproto	n
	     Set the protocol version.	The default is version 5.

PFSYNC
     ifconfig pfsync-interface [[-]defer] [maxupd n] [[-]syncdev iface]
     [[-]syncpeer peer_address]

     The following options are available for a pfsync(4) interface:

     defer   Defer transmission	of the first packet in a state until a peer
	     has acknowledged that the associated state	has been inserted.
	     See pfsync(4) for more information.

     -defer  Do	not defer the first packet in a	state.	This is	the default.

     maxupd n
	     Indicate the maximum number of updates for	a single state which
	     can be collapsed into one.	 This is an 8-bit number; the default
	     value is 128.

     syncdev iface
	     Use the specified interface to send and receive pfsync state syn-
	     chronisation messages.

     -syncdev
	     Stop sending pfsync state synchronisation messages	over the net-
	     work.

     syncpeer peer_address
	     Make the pfsync link point-to-point rather	than using multicast
	     to	broadcast the state synchronisation messages.  The peer_ad-
	     dress is the IP address of	the other host taking part in the pf-
	     sync cluster.  With this option, pfsync(4)	traffic	can be pro-
	     tected using ipsec(4).

     -syncpeer
	     Broadcast the packets using multicast.

PPPOE
     ifconfig pppoe-interface [authkey key] [authname name] [authproto proto]
     [[-]peerflag flag]	[peerkey key] [peername	name] [peerproto proto]
     [[-]pppoeac access-concentrator] [pppoedev	parent-interface]
     [[-]pppoesvc service]

     pppoe(4) uses the sppp(4) "generic" SPPP framework.  Any options not de-
     scribed in	the section immediately	following are described	in the SPPP
     section, below.

     The following options are available for a pppoe(4)	interface:

     pppoeac access-concentrator
	     Set the name of the access-concentrator.

     -pppoeac
	     Clear a previously	set access-concentrator	name.

     pppoedev parent-interface
	     Set the name of the interface through which packets will be
	     transmitted and received.

     pppoesvc service
	     Set the service name of the interface.

     -pppoesvc
	     Clear a previously	set service name.

SPPP (PPP LINK CONTROL PROTOCOL)
     ifconfig sppp-interface [authkey key] [authname name] [authproto proto]
     [[-]peerflag flag]	[peerkey key] [peername	name] [peerproto proto]

     The following options are available for an	sppp(4)	or pppoe(4) interface:

     authkey key
	     Set the client key	or password for	the PPP	authentication proto-
	     col.

     authname name
	     Set the client name for the PPP authentication protocol.

     authproto proto
	     Set the PPP authentication	protocol on the	specified interface
	     acting as a client.  The protocol name can	be either `chap',
	     `pap', or `none'.	In the latter case, authentication will	be
	     turned off.

     peerflag flag
	     Set a specified PPP flag for the remote authenticator.  The flag
	     name can be either	`callin' or `norechallenge'.  The `callin'
	     flag will require the remote peer to authenticate only when he's
	     calling in, but not when the peer is called by the	local client.
	     This is required for some peers that do not implement the authen-
	     tication protocols	symmetrically.	The `norechallenge' flag is
	     only meaningful with the CHAP protocol to not re-challenge	once
	     the initial CHAP handshake	has been successful.  This is used to
	     work around broken	peer implementations that can't	grok being re-
	     challenged	once the connection is up.

     -peerflag flag
	     Remove a specified	PPP flag for the remote	authenticator.

     peerkey key
	     Set the authenticator key or password for the PPP authentication
	     protocol.

     peername name
	     Set the authenticator name	for the	PPP authentication protocol.

     peerproto proto
	     Set the PPP authentication	protocol on the	specified interface
	     acting as an authenticator.  The protocol name can	be either
	     `chap', `pap', or `none'.	In the latter case, authentication
	     will be turned off.

SWITCH
     The following options are available for a switch(4) interface:

     add interface
	     Add interface as a	member of the switch.  The interface is	put
	     into promiscuous mode so that it can receive every	packet sent on
	     the network.  An interface	can be a member	of at most one switch.

     addlocal interface
	     Add interface as a	local port of the switch.  Local port is a
	     special port connected with the local system's network stack.
	     Only vether(4) can	be used	for the	interface.  Only one interface
	     can be added as a local port.

     datapath id
	     Configure the datapath ID for the switch.	The default value is
	     generated randomly.

     del interface
	     Remove interface from the switch.	Promiscuous mode is turned off
	     for the interface when it is removed from the switch.

     maxflow number
	     Set the maximum number of flows per table.	 The default value is
	     10000.

     maxgroup number
	     Set the maximum number of groups.	The default value is 1000.

     portno interface number
	     Set the port number for the port named interface.	The default
	     value is the interface index of the interface.

     up	     Start the switch processing packets.

TRUNK
     ifconfig trunk-interface [[-]trunkport child-iface] [trunkproto proto]

     The following options are available for a trunk(4)	interface:

     lacpmode active|passive
	     Set the LACP trunk	mode to	either active or passive.

     lacptimeout fast|slow
	     Set the LACP timeout speed	to either fast or slow.

     trunkport child-iface
	     Add child-iface as	a trunk	port.

     -trunkport	child-iface
	     Remove the	trunk port child-iface.

     trunkproto	proto
	     Set the trunk protocol.  Refer to trunk(4)	for a complete list of
	     the available protocols.

TUNNEL
     ifconfig tunnel-interface [[-]keepalive period count]
     [[-]tunnel	src_address dest_address] [[-]tunneldf]
     [[-]tunneldomain rtable] [tunnelttl ttl] [txprio prio] [[-]vnetflowid]
     [[-]vnetid	network-id]

     egre(4), eoip(4), etherip(4), gif(4), gre(4), mgre(4), nvgre(4), and
     vxlan(4) are all tunnel interfaces.  The following	options	are available:

     keepalive period count
	     Enable gre(4) keepalive with a packet sent	every period seconds.
	     A second timer is run with	a timeout of count * period.  If no
	     keepalive response	is received during that	time, the link is con-
	     sidered down.  The	minimal	usable count is	2 since	the round-trip
	     time of keepalive packets needs to	be accounted for.

     -keepalive
	     Disable the gre(4)	keepalive mechanism.

     tunnel src_address	dest_address[:dest_port]
	     Set the source and	destination tunnel addresses on	a tunnel in-
	     terface.  Packets routed to this interface	will be	encapsulated
	     in	IPv4 or	IPv6, depending	on the source and destination address
	     families.	Both addresses must be of the same family.  The	op-
	     tional destination	port can be specified for interfaces such as
	     vxlan(4), which further encapsulate the packets in	UDP datagrams.

     -tunnel
	     Remove the	source and destination tunnel addresses.

     tunneldf
	     Do	not allow fragmentation	of encapsulated	packets.

     -tunneldf
	     Allow fragmentation of encapsulated packets.

     tunneldomain rtable
	     Use routing table rtable instead of the default table.  The tun-
	     nel does not need to terminate in the same	routing	domain as the
	     interface itself.	rtable can be set to any valid routing table
	     ID; the corresponding routing domain is derived from this table.

     -tunneldomain
	     Use the default routing table and routing domain 0.

     tunnelttl ttl
	     Set the IP	or multicast TTL of the	tunnel packets.	 If supported
	     by	the tunnel protocol, the value can also	be set to copy to have
	     the TTL copied between the	encapsulated protocol headers and the
	     tunnel protocol headers.

     txprio prio
	     Configure the value used for the priority field in	the tunnel
	     protocol headers.	The value can be a priority number from	0 to
	     7,	or packet to use the priority currently	set on the packet.  If
	     supported by the interface, the value can also be set to payload
	     to	have the priority field	copied from the	encapsulated protocol
	     headers to	the tunnel protocol headers.

     vnetflowid
	     Use a portion of the virtual network identifier space for a flow
	     identifier.  This allows load balancing of	the encapsulated traf-
	     fic over multiple links.

     -vnetflowid
	     Disable the use of	a flow identifier in the virtual network iden-
	     tifier.

     vnetid network-id
	     Set the virtual network identifier.  This is a number which is
	     used by tunnel protocols such as eoip(4) and vxlan(4) to identify
	     packets with a virtual network.  The accepted size	of the number
	     depends on	the individual tunnel protocol;	it is a	16-bit number
	     for eoip(4), and a	24-bit number for vxlan(4).  If	supported by
	     the tunnel	protocol, the value can	also be	set to any to accept
	     packets with arbitrary network identifiers	(for example for mul-
	     tipoint-to-multipoint modes).

     -vnetid
	     Clear the virtual network identifier.

UMB
     ifconfig umb-interface [[-]apn apn] [chgpin oldpin	newpin]
     [[-]class class,class,...]	[pin pin] [puk puk newpin] [[-]roaming]

     The following options are available for a umb(4) interface:

     apn apn
	     Set the Access Point Name (APN) required by the network provider.

     -apn    Clear the current APN.

     chgpin oldpin newpin
	     Permanently change	the PIN	of the SIM card	from the current value
	     oldpin to newpin.

     class   List all available	cell classes.

     class class,class,...
	     Set the preferred cell classes.  Apart from those listed by class
	     the following aliases can be used:	4G, 3G,	and 2G.

     -class  Clear any cell class preferences.

     down    Marking the interface as "down" will terminate any	existing data
	     connection	and deregister with the	service	provider.

     pin pin
	     Enter the PIN required to unlock the SIM card.  Most SIM cards
	     will not be able to establish a network association without pro-
	     viding a PIN.

     puk puk newpin
	     Sets the PIN of the SIM card to newpin using the PUK puk to vali-
	     date the request.

     roaming
	     Enable data roaming.

     -roaming
	     Disable data roaming.

     up	     As	soon as	the interface is marked	as "up", the umb(4) device
	     will try to establish a data connection with the service
	     provider.

VLAN
     ifconfig vlan-interface [[-]parent	parent-interface] [txprio prio]
     [[-]vnetid	vlan-tag]

     The following options are available for vlan(4) and svlan(4) VLAN inter-
     faces:

     parent parent-interface
	     Associate the VLAN	interface with the interface parent-interface.
	     Packets transmitted on vlan(4) or svlan(4)	interfaces will	be
	     tagged with 802.1Q	or 802.1ad headers respectively	and transmit-
	     ted on the	specified parent interface.  Packets with 802.1Q or
	     802.1ad tags received by the parent interface with	the specified
	     VLAN tag will be diverted to the associated VLAN interface.  Un-
	     less a custom Ethernet address is assigned	to the VLAN interface,
	     it	will inherit a copy of the parent interface's Ethernet ad-
	     dress.

     -parent
	     Disassociate from the parent interface.  This breaks the link be-
	     tween the VLAN interface and its parent.

     txprio prio
	     Set the value used	for the	priority field in the 802.1Q or
	     802.1ad headers.  Values may be from 0 to 7, or packet to use the
	     priority of packets transmitted on	the interface.

     vnetid vlan-tag
	     Set the VLAN tag value to vlan-tag.  This value is	a 12-bit num-
	     ber which is used in the 802.1Q or	802.1ad	headers	in packets
	     handled by	vlan(4)	or svlan(4) interfaces respectively.  Valid
	     tag values	are from 1 to 4094 inclusive.

     -vnetid
	     Clear the tag value.  Packets on a	VLAN interface without a tag
	     set will use a value of 0 in their	headers.

EXAMPLES
     Assign the	address	of 192.168.1.10	with a network mask of 255.255.255.0
     to	interface fxp0:

	   # ifconfig fxp0 inet	192.168.1.10 netmask 255.255.255.0

     Configure the xl0 interface to use	100baseTX, full	duplex:

	   # ifconfig xl0 media	100baseTX mediaopt full-duplex

     Label the em0 interface as	an uplink:

	   # ifconfig em0 description "Uplink to Gigabit Switch	2"

     Create the	gif1 network interface:

	   # ifconfig gif1 create

     Put the athn0 wireless interface into monitor mode:

	   # ifconfig athn0 mediaopt monitor

DIAGNOSTICS
     Messages indicating the specified interface does not exist, the requested
     address is	unknown, or the	user is	not privileged and tried to alter an
     interface's configuration.

SEE ALSO
     netstat(1), ifmedia(4), inet(4), intro(4),	netintro(4), route(4),
     hostname.if(5), hosts(5), rc(8), slaacd(8), tcpdump(8)

HISTORY
     The ifconfig command appeared in 4.2BSD.

BSD				April 10, 2019				   BSD

NAME | SYNOPSIS | DESCRIPTION | BRIDGE | CARP | IEEE 802.11 (WIRELESS DEVICES) | INET6 | INTERFACE GROUPS | MPLS | PAIR | PFLOW | PFSYNC | PPPOE | SPPP (PPP LINK CONTROL PROTOCOL) | SWITCH | TRUNK | TUNNEL | UMB | VLAN | EXAMPLES | DIAGNOSTICS | SEE ALSO | HISTORY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=OpenBSD+6.5>

home | help