This chapter describes interface configuration for the Solaris Express, Developer Edition 2/07 release:Interface Administration (Task Map) Basics for Administering Physical Interfaces Administering Individual Network Interfaces Administering Virtual Local Area Networks Administering Link Aggregations Configuring and Communicating Over WiFi Interfaces Task Description For Instructions Check the status of interfaces on a system. List all interfaces on the system and check which interfaces are already plumbed. How to Obtain Interface Status Add a single interface after system installation. Change a system to a multihomed host or router by configuring another interface. How to Configure a Physical Interface After System Installation SPARC: Check that the MAC address of an interface is unique. Ensure that the interface is configured with its factory-installed MAC address, rather than the system MAC address (SPARC only). How to Ensure That the MAC Address of an Interface Is Unique Plan for a virtual local area network (VLAN). Perform required planning tasks prior to creating a VLAN. How to Plan for VLAN Configuration Configure a VLAN. Create and modify VLANs on your network. How to Configure a VLAN Plan for aggregations. Design your aggregation and perform required planning tasks prior to configuring aggregations. Administering Link Aggregations Configure an aggregation. Perform various tasks related to link aggregations. How to Create a Link Aggregation Plan for and configure an IPMP group. Configure failover and failback for interfaces that are members of an IPMP group. How to Plan for an IPMP GroupHow to Configure an IPMP Group With Multiple Interfaces Network interfaces provide the connection between a system and a network. A Solaris OS-based system can have two types of interfaces, physical and logical. Physical interfaces consist of a software driver and a connector into which you connect network media, such as an Ethernet cable. Physical interfaces can be grouped for administrative or availability purposes. Logical interfaces are configured onto existing physical interfaces, usually for adding addresses and creating tunnel endpoints on the physical interfaces.Logical network interfaces are described in the tasks where they are used: IPv6 tasks, IPMP tasks, DHCP tasks, and others. Most computer systems have at least one physical interface that is built-in by the manufacturer on the main system board. Some systems can also have more than one built-in interface. In addition to built-in interfaces, you can add separately purchased interfaces to a system. A separately purchased interface is known as a network interface card (NIC). You physically install a NIC according to the manufacturer's instructions. NICs are also referred to as network adapters. During system installation, the Solaris installation program detects any interfaces that are physically installed and displays each interface's name. You must configure at least one interface from the list of interfaces. The first interface to be configured during installation becomes the primary network interface. The IP address of the primary network interface is associated with the configured host name of the system, which is stored in the /etc/nodename file. However, you can configure any additional interfaces during installation or later. Each physical interface is identified by a unique device name. Device names have the following syntax:<driver-name><instance-number>Driver names on Solaris systems could include ce, hme, bge, e1000g and many other driver names. The variable instance-number can have a value from zero to n, depending on how many interfaces of that driver type are installed on the system. For example, consider a 100BASE-TX Fast Ethernet interface, which is often used as the primary network interface on both host systems and server systems. Some typical driver names for this interface are eri, qfe, and hme. When used as the primary network interface, the Fast Ethernet interface has a device name such as eri0 or qfe0.NICs such as eri and hme have only one interface. However, many brands of NICs have multiple interfaces. For example, the Quad Fast Ethernet (qfe) card has four interfaces, qfe0 through qfe3. An interface must be plumbed before it can pass traffic between the system and the network. The plumbing process involves associating an interface with a device name. Then, streams are set up so that the interface can be used by the IP protocol. Both physical interfaces and logical interfaces must be plumbed. Interfaces are plumbed either as part of the boot sequence or explicitly, with the appropriate syntax of the ifconfig command.When you configure an interface during installation, the interface is automatically plumbed. If you decide during installation not to configure the additional interfaces on the system, those interfaces are not plumbed. The Solaris OS supports the following two types of interfaces:Legacy interfaces – These interfaces are DLPI interfaces and GLDv2 interfaces. Some legacy interface types are eri, qfe, and ce. When you check interface status with the dladm show-link command, these interfaces are reported as “legacy.” Non-VLAN interfaces – These interfaces are GLDv3 interfaces. Currently GLDv3 is supported on the following interface types: bge, xge, and e1000g. After Solaris installation, you might configure or administer interfaces on a system for the following purposes:To upgrade the system to become a multihomed host. For more information, refer to Configuring Multihomed Hosts. To change a host to a router. For instructions on configuring routers, refer to Configuring an IPv4 Router. To configure interfaces as part of a VLAN. For more information, refer to Administering Virtual Local Area Networks. To configure interfaces as members of an aggregation. For more information, refer to Administering Link Aggregations. To add an interface to an IPMP group. For instructions on configuring an IPMP group, refer to Configuring IPMP Groups This section contains information about configuring individual network interfaces. Refer to the following sections for information about configuring interfaces into one of the following groupings:For configuring interfaces into a VLAN, refer to Administering Virtual Local Area Networks. For configuring interfaces into an aggregation, refer to Administering Link Aggregations. For configuring interfaces as members of IPMP groups, refer to Configuring IPMP Groups. This procedure explains how to determine which interfaces are currently available on a system and their status. This procedure also shows which interfaces are currently plumbed. On the system with the interfaces to be configured, assume the Primary Administrator role or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Determine which interfaces are currently installed on your system.# dladm show-linkThis step uses the dladm command, which is explained in detail in the dladm(1M) man page. This command reports on all the interface drivers that it finds, regardless of whether the interfaces are currently configured. Determine which interfaces on the system are currently plumbed.# ifconfig -aThe ifconfig command has many additional functions, including plumbing an interface. For more information, refer to the ifconfig1M man page. The next example shows the status display of the dladm command.# dladm show-link ce0 type: legacy mtu: 1500 device: ce0 ce1 type: legacy mtu: 1500 device: ce1 bge0 type: non-vlan mtu: 1500 device: bge0 bge1 type: non-vlan mtu: 1500 device: bge1 bge2 type: non-vlan mtu: 1500 device: bge2 The output of dladm show-link indicates that four interface drivers are available for the local host. Both the ce and the bge interfaces can be configured for VLANs. However, only the GLDV3 interfaces with a type of non-VLAN can be used for link aggregations.The next example shows the status display of the ifconfig a command.# ifconfig -a lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e bge0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2 inet 10.8.57.39 netmask ffffff00 broadcast 10.8.57.255 ether 0:3:ba:29:fc:cc The output of the ifconfig -a command displays statistics for only two interfaces, ce0 and bge0. This output shows that only ce0 and bge0 have been plumbed and are ready for use by network traffic. These interfaces can be used in a VLAN. Because bge0 has been plumbed, you can no longer use this interface in an aggregation. Use the next procedure for configuring interfaces. Determine the IPv4 addresses that you want to use for the additional interfaces. Ensure that the physical interface to be configured has been physically installed onto the system. For information about installing separately purchased NIC hardware, refer to the manufacturer's instructions that accompany the NIC. If you have just installed the interface, perform a reconfiguration boot before proceeding with the next task. On the system with the interfaces to be configured, assume the Primary Administrator role or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Determine which interfaces are currently installed on the system.# dladm show-link Configure and plumb each interface.# ifconfig interface plumb upFor example, for qfe0 you would type:# ifconfig qfe0 plumb upInterfaces that are explicitly configured with the ifconfig command do not persist across a reboot. Assign an IPv4 address and netmask to the interface.# ifconfig interface IPv4-address netmask+netmaskFor example, for qfe0 you would type:# ifconfig qfe0 192.168.84.3 netmask + 255.255.255.0You can specify an IPv4 address in either traditional IPv4 notation or CIDR notation. Verify that the newly configured interfaces are plumbed and configured, or “UP.”# ifconfig -aCheck the status line for each interface that is displayed. Ensure that the output contains an UP flag on the status line, for example:qfe0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 (Optional) To make the interface configuration persist across reboots, perform the following steps:Create an /etc/hostname.interface file for each interface to be configured.For example, to add a qfe0 interface, you would create the following file:# vi /etc/hostname.qfe0 Edit the /etc/hostname.interface file.At a minimum, add the IPv4 address of the interface to the file. You can use traditional IPv4 notation or CIDR notation to specify the IP address of the interface. You can also add a netmask and other configuration information to the file.To add an IPv6 address to an interface, refer to Modifying an IPv6 Interface Configuration for Hosts and Servers Add entries for the new interfaces into the /etc/inet/hosts file. Perform a reconfiguration boot.# reboot -- -r Verify that the interface you created in the /etc/hostname.interface file has been configured.# ifconfig -aFor examples, refer to Example 6–2. The example shows how to configure the interfaces qfe0 and qfe1 to a host. These interfaces remain persistent across reboots.# dladm show-link eri0 type: legacy mtu: 1500 device: eri0 qfe0 type: legacy mtu: 1500 device: qfe0 qfe1 type: legacy mtu: 1500 device: qfe1 qfe2 type: legacy mtu: 1500 device: qfe2 qfe3 type: legacy mtu: 1500 device: qfe3 bge0 type: non-vlan mtu: 1500 device: bge0 # vi /etc/hostname.qfe0 192.168.84.3 netmask + 255.255.255.0 # vi /etc/hostname.qfe1 192.168.84.72 netmask + 255.255.255.0 # vi /etc/inet/hosts # Internet host table # 127.0.0.1 localhost 10.0.0.14 myhost 192.168.84.3 interface-2 192.168.84.72 interface-3At this point, you would reboot the system. # reboot -- -rAfter the system boots, you would then verify the interface configuration.ifconfig -a # ifconfig -a lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 eri0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.14 netmask ff000000 broadcast 10.255.255.255 ether 8:0:20:c1:8b:c3 qfe0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.84.3 netmask ffffff00 broadcast 192.255.255.255 ether 8:0:20:c8:f4:1d qfe1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4 inet 192.168.84.72 netmask ffffff00 broadcast 10.255.255.255 ether 8:0:20:c8:f4:1e To configure an IPv6 address onto an interface, refer to How to Enable an IPv6 Interface for the Current Session. To set up failover detection and failback for interfaces by using IP Network Multipathing (IPMP), refer to Chapter 31, Administering IPMP (Tasks). Use this procedure for removing a physical interface. On the system with the interface to be removed, assume the Primary Administrator role or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Remove the physical interface.# ifconfig interface unplumb down For example, to remove the interface qfe1, you would type:# ifconfig qfe1 unplumb down Use this procedure for configuring MAC addresses. Some applications require every interface on a host to have a unique MAC addresses. However, every SPARC based system has a system-wide MAC address, which by default is used by all interfaces. Here are two situations where you might want to configure the factory-installed MAC addresses for the interfaces on a SPARC system.For link aggregations, you should use the factory-set MAC addresses of the interfaces in the aggregation configuration. For IPMP groups, each interface in the group must have a unique MAC address. These interfaces must use their factory-installed MAC addresses. The EEPROM parameter local-mac-address? determines whether all interfaces on a SPARC system use the system-wide MAC address or their unique MAC address. The next procedure shows how to use the eeprom command to check the current value of local-mac-address? and change it, if necessary. On the system with the interfaces to be configured, assume the Primary Administrator role or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Determine whether all interfaces on the system currently use the system-wide MAC address.# eeprom local-mac-address? local-mac-address?=falseIn the example, the response to the eeprom command, local-mac-address?=false, indicates that all interfaces do use the system-wide MAC address. The value of local-mac-address?=false must be changed to local-mac-address?=true before the interfaces can become members of an IPMP group. You should also change local-mac-address?=false to local-mac-address?=true for aggregations. If necessary, change the value of local-mac-address? as follows:# eeprom local-mac-address?=trueWhen you reboot the system, the interfaces with factory-installed MAC addresses now use these factory settings, rather than the system-wide MAC address. Interfaces without factory-set MAC addresses continue to use the system-wide MAC address. Check the MAC addresses of all the interfaces on the system.Look for cases where multiple interfaces have the same MAC address. In this example, all interfaces use the system-wide MAC address 8:0:20:0:0:1.ifconfig -a lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.112 netmask ffffff80 broadcast 10.0.0.127 ether 8:0:20:0:0:1 ce0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.114 netmask ffffff80 broadcast 10.0.0.127 ether 8:0:20:0:0:1 ce1: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.118 netmask ffffff80 broadcast 10.0.0.127 ether 8:0:20:0:0:1Continue to the next step only if more than one network interface still has the same MAC address. Otherwise, go on to the final step. If necessary, manually configure the remaining interfaces so that all interfaces have unique MAC address.Specify a unique MAC address in the /etc/hostname.interface file for the particular interface. # vi /etc/hostname.eri0 myhost 12:34:56:7:8:9To prevent any risk of manually configured MAC addresses conflicting with other MAC addresses on your network, you must always configure locally administered MAC addresses, as defined by the IEEE 802.3 standard. In the example in Step 4, you would need to configure ce0 and ce1 with locally administered MAC addresses. For example, to reconfigure ce1 with the locally administered MAC address 06:05:04:03:02, you would add the following line to /etc/hostname.ce1: ether 06:05:04:03:02 You also can use the ifconfig ether command to configure an interface's MAC address for the current session. However, any changes made directly with ifconfig are not preserved across reboots. Refer to the ifconfig1M man page for details. Reboot the system. A virtual local area network (VLAN) is a subdivision of a local area network at the data link layer of the TCP/IP protocol stack. You can create VLANs for local area networks that use switch technology. By dividing groups of users into VLANs, you can improve network administration and security for the entire local network. You can also assign interfaces on the same system to different VLANs.Consider dividing your local network into VLANs if you need to do the following:Create a logical division of workgroups.For example, suppose all hosts on a floor of a building are connected on one switched-based local network. You could create a separate VLAN for each workgroup on the floor. Enforce differing security policies for the workgroups.For example, the security needs of a Finance department and an Information Technologies department are quite different. If systems for both departments share the same local network, you could create a separate VLAN for each department. Then, you could enforce the appropriate security policy on a per-VLAN basis. Split workgroups into manageable broadcast domains.The use of VLANs reduces the size of broadcast domains and improves network efficiency. Switched LAN technology enables you to organize the systems on a local network into VLANs. Before you can divide a local network into VLANs, you must obtain switches that support VLAN technology. You can configure all ports on a switch to serve a single VLAN or multiple VLANs, depending on the VLAN topology design. Each switch manufacturer has different procedures for configuring the ports of a switch.Figure 6–1 shows a local area network that has the subnet address 192.168.84.0. This LAN is subdivided into three VLANs, Red, Yellow, and blue.

The surrounding context describes the figure's content.

Connectivity on LAN 192.168.84.0 is handled by Switches 1 and 2. Systems of the Information Technologies workgroup are assigned to the Blue VLAN. The Human Resources workgroup's systems are on the Yellow VLAN. The Red VLAN contains systems in the Accounting workgroup. Each VLAN in a local area network is identified by a VLAN tag, or VLAN ID (VID). The VID is assigned during VLAN configuration. The VID is a 12-bit identifier between 1 and 4094 that provides a unique identity for each VLAN. In Figure 6–1, the Blue VLAN has the VID 123, the Yellow VLAN has the VID 456, and the Red VLAN has the VID 789. When you configure switches to support VLANs, you need to assign a VID to each port. The VID on the port must be the same as the VID assigned to the interface that connects to the port, as shown in the following figure.

The surrounding context describes the figure's content.

In this figure, the primary network interfaces of three hosts connect into Switch 1. Host A is a member of the Blue VLAN. Therefore, Host A's interface is configured with the VID 123. This interface connects to Port 1 on Switch 1, which is then configured with the VID 123. Host B is a member of the Yellow VLAN, with the VID 456. Host B's interface connects to Port 5 on Switch 1, which is configured with the VID 456, and so on.During VLAN configuration, you have to specify the physical point of attachment, or PPA, of the VLAN. You obtain the PPA value by using this formula:driver-name + VID * 1000 + device-instanceNote that the device-instance number must be less than 1000.For example, you would create the following PPA for a ce1 interface to be configured as part of VLAN 456:ce + 456 * 1000 + 1= ce456001 Use the next procedure for planning for VLANs on your network. Examine the local network topology and determine where subdivision into VLANs is appropriate.For a basic example of such a topology, refer to Figure 6–1. Create a numbering scheme for the VIDs and assign a VID to each VLAN.A VLAN numbering scheme might already exist on the network. If so, you must create VIDs within the existing VLAN numbering framework. On each system, determine which interfaces should be members of a particular VLAN.Find out which interfaces are configured on a host.# dladm show-link Identify which VID should be associated with each data link on the system. Create PPAs for each interface to be configured with a VLAN. All interfaces on a system do not necessarily have to be configured on the same VLAN. Check the connections of the interfaces to the network's switches.Note the VID of each interface and the switch port where each interface is connected. Configure each port of the switch with the same VID as the interface to which it is connected.Refer to the switch manufacturer's documentation for configuration instructions. The Solaris OS now supports VLANs on the following interface types:ce bge xge e1000g Of the legacy interface types, only the ce interface can become a member of a VLAN. You can configure interfaces of different types in the same VLAN. For information about the interface types that are supported by the Solaris OS, refer to Solaris OS Interface Types.Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Determine the types of interfaces in use on your system.# dladm show-linkThe output shows the available interface types:ce0 type: legacy mtu: 1500 device: ce0 ce1 type: legacy mtu: 1500 device: ce1 bge0 type: non-vlan mtu: 1500 device: bge0 bge1 type: non-vlan mtu: 1500 device: bge1 bge2 type: non-vlan mtu: 1500 device: bge2 Configure an interface as part of a VLAN. # ifconfig interface-PPA plumb IP-address upFor example, you would use the following command to configure the interface ce1 with a new IP address 10.0.0.2 into a VLAN with the VID 123:# ifconfig ce123001 plumb 10.0.0.2 up (Optional) To make the VLAN settings persist across reboots, create a hostname.interface-PPA file for each interface that is configured as part of a VLAN. # cat hostname.interface-PPA IPv4-address On the switch, set VLAN tagging and VLAN ports to correspond with the VLANs that you have set up on the system. This example shows how to configure devices bge1 and bge2 into a VLAN with the VID 123.# dladm show-link ce0 type: legacy mtu: 1500 device: ce0 ce1 type: legacy mtu: 1500 device: ce1 bge0 type: non-vlan mtu: 1500 device: bge0 bge1 type: non-vlan mtu: 1500 device: bge1 bge2 type: non-vlan mtu: 1500 device: bge2 # ifconfig bge123001 plumb 10.0.0.1 up # ifconfig bge123002 plumb 10.0.0.2 up # cat hostname.bge123001 10.0.0.1 # cat hostname.bge123002 10.0.0.2 # ifconfig -a lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge123001: flags=201000803 <UP,BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 10.0.0.1 netmask ff000000 broadcast 10.255.255.255 ether 0:3:ba:7:84:5e bge123002: flags=201000803 <UP,BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 10.0.0.2 netmask ff000000 broadcast 10.255.255.255 ether 0:3:ba:7:84:5e ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4 inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e # dladm show-link ce0 type: legacy mtu: 1500 device: ce0 ce1 type: legacy mtu: 1500 device: ce1 bge0 type: non-vlan mtu: 1500 device: bge0 bge1 type: non-vlan mtu: 1500 device: bge1 bge2 type: non-vlan mtu: 1500 device: bge2 bge123001 type: vlan 123 mtu: 1500 device: bge1 bge123002 type: vlan 123 mtu: 1500 device: bge2 The Solaris OS supports the organization of network interfaces into link aggregations. A link aggregation consists of several interfaces on a system that are configured together as a single, logical unit. Link aggregation, also referred to as trunking, is defined in the IEEE 802.3ad Link Aggregation Standard. The IEEE 802.3ad Link Aggregation Standard provides a method to combine the capacity of multiple full-duplex Ethernet links into a single logical link. This link aggregation group is then treated as though it were, in fact, a single link. The following are features of link aggregations:Increased bandwidth – The capacity of multiple links is combined into one logical link. Automatic failover/failback – Traffic from a failed link is failed over to working links in the aggregation. Load balancing – Both inbound and outbound traffic is distributed according to user selected load balancing policies, such as source and destination MAC or IP addresses. Support for redundancy – Two systems can be configured with parallel aggregations. Improved administration – All interfaces are administered as a single unit. Less drain on the network address pool – The entire aggregation is assigned one IP address. The basic link aggregation topology involves a single aggregation that is composed of a set of physical interfaces. You might use the basic link aggregation in the following situations:For systems that run an application with distributed heavy traffic, you can dedicate an aggregation to that application's traffic. For sites with limited IP address space that nevertheless require large amounts of bandwidth, you need only one IP address for a large aggregation of interfaces. For sites that need to hide the existence of internal interfaces, the IP address of the aggregation hides its interfaces from external applications. Figure 6–3 shows an aggregation for a server that hosts a popular web site. The site requires increased bandwidth for query traffic between Internet customers and the site's database server. For security purposes, the existence of the individual interfaces on the server must be hidden from external applications. The solution is the aggregation aggr1 with the IP address 192.168.50.32. This aggregation consists of three interfaces,bge0–2. These interfaces are dedicated to sending out traffic in response to customer queries. The outgoing address on packet traffic from all the interfaces is the IP address of aggr1, 192.168.50.32.

The figure shows a block for the link aggr1. Three physical interfaces, bge0–bge2, descend from the link block.

Figure 6–4 depicts a local network with two systems, each of which has an aggregation configured. The two systems are connected by a switch. If you need to run an aggregation through a switch, that switch must support aggregation technology. This type of configuration is particularly useful for high availability and redundant systems.In the figure, System A has an aggregation that consists of two interfaces, bge0 and bge1. These interfaces are connected to the switch through aggregated ports. System B has an aggregation of four interfaces, e1000g0 throughe100g3. These interfaces are also connected to aggregated ports on the switch.

The figure is explained in the preceding context.

The back-to-back link aggregation topology involves two separate systems that are cabled directly to each other, as shown in the following figure. The systems run parallel aggregations.

The figure is explained in the following context.

In this example, device bge0 on System A is directly linked to bge0 on System B, and so on. In this way, Systems A and B can support redundancy and high availability, as well as high-speed communications between both servers. Each server also has interface ce0 configured for traffic flow with the local network.The most common application for back-to-back aggregations is mirrored database servers. Both servers need to be updated together and therefore require significant bandwidth, high-speed traffic flow, and reliability. Data centers are the most common users of back-to-back link aggregations. If you plan to use a link aggregation, consider defining a policy for outgoing traffic. This policy specifies how you want packets to be distributed across the available links of an aggregation, thus establishing load balancing. The following are the possible layer specifiers and their significance for the aggregation policy:L2 - Determines the outgoing link by hashing the MAC (L2) header of each packet L3 - Determines the outgoing link by hashing the IP (L3) header of each packet L4 - Determines the outgoing link by hashing the TCP, UDP, or other ULP (L4) header of each packet Any combination of these policies is also valid. The default policy is L4. For more information, refer to the dladm(1M) man page. If your aggregation topology involves connection through a switch, you must note whether the switch supports link aggregation control protocol (LACP). If the switch supports LACP, you must configure LACP for the switch and the aggregation. However, you can define one of the following modes in which LACP is to operate:Off mode – The default mode for aggregations. LACP packets, which are called LACPDUs are not generated. Active mode – The system generates LACPDUs at regular intervals, which you can specify. Passive mode – The system generates an LACPDU only when it receives an LACPDU from the switch. When both the aggregation and the switch are configured in passive mode, they cannot exchange LACPDUs. See the dladm(1M) man page and the switch manufacturer's documentation for syntax information. Your aggregation configuration is bound by the following requirements:You must use the dladm command to configure aggregations. An interface that has been plumbed cannot become a member of an aggregation. Interfaces must be of the GLDv3 type: xge, e1000g, and bge. All interfaces in the aggregation must run at the same speed and in full duplex mode. You must set the value for MAC addresses to “true” in the EEPROM parameter local-mac-address? For instructions, refer to How to Ensure That the MAC Address of an Interface Is Unique. “Legacy” data link provider interfaces (DLPI ), such as the ce interface do not support Solaris link aggregations. Instead, you must configure aggregations for legacy devices by using Sun Trunking. You cannot configure aggregations for legacy devices by using the dladm command. For more information about Sun Trunking, refer to the Sun Trunking 1.3 Installation and User's Guide. Link aggregation only works on full-duplex, point-to-point links that operate at identical speeds. Make sure that the interfaces in your aggregation conform to this requirement. If you are using a switch in your aggregation topology, make sure that you have done the following on the switch:Configured the ports to be used as an aggregation If the switch supports LACP, configured LACP in either active mode or passive mode Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Determine which interfaces are currently installed on your system.# dladm show-link Determine which interfaces have been plumbed.# ifconfig -a Create an aggregation.# dladm create-aggr -d interface keyinterfaceRepresents the device name of the interface to become part of the aggregation. keyIs the number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys. For example:# dladm create-aggr -d bge0 -d bge1 1 Configure and plumb the newly created aggregation.# ifconfig aggrkey plumb IP-address upFor example:# ifconfig aggr1 plumb 192.168.84.14 up Check the status of the aggregation you just created.# dladm show-aggrYou receive the following output:key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:84:5e 1000 Mbps full up attached bge1 0:3:ba:7:84:5e 0 Mbps unknown down standbyThe output shows that an aggregation with the key of 1 and a policy of L4 was created. Note that the interfaces are known by the MAC address 0:3:ba:7:84:5e, which is the system MAC address. (Optional) Make the IP configuration of the link aggregation persist across reboots.For link aggregations with IPv4 addresses, create an /etc/hostname.aggr.key file. For IPv6–based link aggregations, create an /etc/hostname6.aggr.key file. Enter the IPv4 or IPv6 address of the link aggregation into the file.For example, you would create the following file for the aggregation that is created in this procedure:# vi /etc/hostname.aggr1 192.168.84.14 Perform a reconfiguration boot.# reboot -- -r Verify that the link aggregation configuration you entered in the /etc/hostname.aggrkey file has been configured.# ifconfig -a . . aggr1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.84.14 netmask ff000000 broadcast 192.255.255. This example shows the commands that are used to create a link aggregation with two devices, bge0 and bge1, and the resulting output.# dladm show-link ce0 type: legacy mtu: 1500 device: ce0 ce1 type: legacy mtu: 1500 device: ce1 bge0 type: non-vlan mtu: 1500 device: bge0 bge1 type: non-vlan mtu: 1500 device: bge1 bge2 type: non-vlan mtu: 1500 device: bge2 # ifconfig -a lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e # dladm create-aggr -d bge0 -d bge1 1 # ifconfig aggr1 plumb 192.168.84.14 up # dladm show-aggr key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:84:5e 1000 Mbps full up attached bge1 0:3:ba:7:84:5e 0 Mbps unknown down standby # ifconfig -a lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e aggr1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.84.14 netmask ff000000 broadcast 192.255.255.255 ether 0:3:ba:7:84:5e Note that the two interfaces that were used for the aggregation were not previously plumbed by ifconfig. This procedure shows how to make the following changes to an aggregation definition:Modifying the policy for the aggregation Changing the mode for the aggregation Removing an interface from the aggregation Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Modify the aggregation to change the policy.# dladm modify-aggr -Ppolicy key policyRepresents one or more of the policies L2, L3, and L4, as explained in Policies and Load Balancing. keyIs a number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys. If LACP is running on the switch to which the devices in the aggregation are attached, modify the aggregation to support LACP.If the switch runs LACP in passive mode, be sure to configure active mode for your aggregation.# dladm modify-aggr -l LACP mode -t timer-value keyl LACP modeIndicates the LACP mode in which the aggregation is to run. The values are active, passive, and off. t timer-valueIndicates the LACP timer value, either short or long. key Is a number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys. This example shows how to modify the policy of aggregation aggr1 to L2 and then turn on active LACP mode.# dladm modify-aggr -P L2 1 # dladm modify-aggr -l active -t short 1 # dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:84:5e 1000 Mbps full up attached bge1 0:3:ba:7:84:5e 0 Mbps unknown down standby Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Remove an interface from the aggregation.# dladm remove-aggr -d interface This example shows how to remove the interfaces of the aggregation aggr1.# dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:84:5e 1000 Mbps full up attached bge1 0:3:ba:7:84:5e 0 Mbps unknown down standby # dladm remove-aggr -d bge1 1 # dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:84:5e 1000 Mbps full up attached Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Delete the aggregation.# dladm remove-aggr keykeyIs a number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys. This example shows how to remove the aggregation aggr1.# dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state # dladm remove-aggr -d bge0 1 The IEEE 802.11 specifications define wireless communications for local area networks. These specifications and the networks they describe are referred to collectively as WiFi, a term that is trademarked by the Wi-Fi Alliance trade group. WiFi networks are reasonably easy to configure by both providers and prospective clients. Therefore, they are increasingly popular and in common use throughout the world. WiFi networks use the same radio wave technology as cellular phones, televisions, and radios. The Solaris OS contains features that enable you to configure a system as a WiFi client. This section explains how to use the WiFi connectivity options of the dladm command to connect a laptop or home computer to a local WiFi network. The Solaris OS does not contain features for configuring WiFi servers or access points. WiFi networks typically come in three varieties:Commercially available WiFi networks Municipal WiFi networks Private WiFi networks A location that is served by WiFi is referred to as a hot spot. Each hot spot includes an access point. The access point is a router with a “wired” connection to the Internet, for example, Ethernet or DSL. The Internet connection is usually through a wireless Internet service provider (WISP) or traditional ISP.Many hotels and cafes offer wireless Internet connections as a service to their customers with laptop computers. These commercial hot spots have access points within their facilities. The access points are routers with wired connections to a WISP that serves commercial locations. Typical WISPs include independent providers and cellular phone companies. You can use a laptop that runs the Solaris OS to connect to a WiFi network that is offered by a hotel or other commercial hot spot. Ask for instructions at the hot spot for connecting to the WiFi network. Typically, the connection process involves supplying a key to a browser that you launch upon login. You might have to pay a fee to the hotel or WISP in order to use the network.Commercial locations that are Internet hot spots usually advertise this capability to their patrons. You can also find lists of wireless hot spots from various web sites, for example, Wi-FiHotSpotList.com. Cities throughout the world, cities have constructed free municipal WiFi networks, which their citizens can access from systems in their homes. Municipal WiFi uses radio transmitters on telephone poles or other outdoor locations to form a “mesh” over the area that the network serves. These transmitters are the access points to the municipal WiFi network. If your area is served by a municipal WiFi network, your home might be included in the network's mesh. Access to municipal WiFi is usually free. You can access the municipal network from a properly equipped laptop or personal computer that runs the Solaris OS. You do not need a home router to access the municipal network from your system. However, configuring a home router is recommended for areas where the signal from the municipal network is weak. Home routers are also recommended if you require secure connections over the WiFi network. For more information, see WiFi Networks and Security. Because WiFi networks are relatively easy to configure, companies and universities use private WiFi networks with access limited to employees or students. Private WiFi networks typically require you to supply a key when you connect or run a secure VPN after you connect. You need a properly equipped laptop or PC that runs the Solaris OS and permission to use the security features in order to connect to the private network. Before you can connect your system to a WiFi network, complete the following instructions.The following preparations assumes that your system is a laptop or personal computer that runs the Solaris Express, Developer Edition 2/07 release. Equip your system with a supported WiFi interface.Your system must have a WiFi card that is supported by Solaris. For the Solaris Express, Developer Edition 2/07, you can use WiFi cards that support most Atheros chip sets. For a list of currently supported drivers and chip sets, , refer to Wireless Networking for OpenSolaris.If the interface is not already present on the system, follow the manufacturer's instructions for installing the interface card. You configure the interface software during the procedure How to Connect to a WiFi Network. Locate your system in a place that is served by a WiFi network, either commercial, municipal, or private.Your system must be near the access point for the network, which is normally not a consideration for a commercial or private network hot spot. However, if you plan to use a free municipal network, your location must be near the transmitter access point. (Optional) Set up a wireless router to serve as an additional access point.Set up your own router if no WiFi network is available at your location. For example, if you have a DSL line, connect the wireless router to the DSL router. Then the wireless router becomes the access point for your wireless devices. The following procedure assumes that you have followed the instructions in How to Prepare a System for WiFi Communications. Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Check for available links.# dladm show-link ath0 type: non-vlan mtu: 1500 device: ath0 e1000g type: non-vlan mtu: 1500 device: e1000gIn this example, the output indicates that two links are available. The ath0 link supports WiFi communications using the Solaris Express, Developer Edition 2/07 software. The e1000g link is for attaching the system to a wired network. Configure the WiFi interface.Use the following steps to configure the interface:Plumb the link that supports WiFi:# ifconfig ath0 plumb Verify that the link has been plumbed:# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g: flags=2001004802<BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2 inet 0.0.0.0 netmask 0 ether 0:e:6:4:8:1 ath0: flags=201000803<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 0.0.0.0 netmask ff000000 ether 0:b:6:e:f:18 Check for available networks.# dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 net1 00:0e:38:49:01:d0 none good g 54Mb ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb ath0 net3 00:0d:ed:a5:47:e0 none very good g 54Mb The example output of the scan-wifi command displays information about the available WiFi networks at the current location. The information in the output includes:LINKLink name to be used in the WiFi connection. ESSIDExtended Service Set ID. The ESSID is the name of the WiFi network, such as net1, net2, and net3 in the example output. BSSID/IBSSIDBasic Service Set ID, the unique identifier for a particular ESSID. The BSSID is the 48-bit MAC address of the nearby access point that serves the network with a particular ESSID. SECType of security that is needed to access the network. The values are none or WEP. For information about WEP, refer to WiFi Networks and Security. STRENGTHStrength of the radio signals from the WiFi networks that are available at your location. MODEVersion of the 802 .11 protocol that is run by the network. The modes are a, b, or g, or these modes in combination. SPEEDSpeed in megabits per second of the particular network. Connect to a WiFi network.Do either of the following:Connect to the unsecured WiFi network with the strongest signal.# dladm connect-wifi Connect to an unsecured network by specifying its ESSID.# dladm connect-wifi -e ESSIDThe connect-wifi subcommand of dladm has several more options for connecting to a WiFi network. For complete details, refer to the dladm1M man page. Configure an IP address for the interface.Do either of the following:Obtain an IP address from a DHCP server.# ifconfig interface dhcp startIf the WiFi network does not support DHCP, you receive the following message:ifconfig: interface: interface does not exist or cannot be managed using DHCP Configure a static IP address:Use this option if you have a dedicated IP address for the system.# ifconfig interface IP-address/CIDR-mask | netmask Check the status of the WiFi network to which the system is connected.# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected net3 none very good g 36MbIn this example, the output indicates that the system is now connected to the net3 network. The earlier scan-wifi output indicated that net3 had the strongest signal among the available networks. The dladm show-wifi command automatically chooses the WiFi network with strongest signal, unless you directly specify a different network. Access the Internet through the WiFi network.Do either of the following, depending on the network to which the system is connected:If the access point offers free service, you can now run a browser or an application of your choice. If the access point is in a commercial hot spot that requires a fee, follow the instructions provided at the current location. Typically, you run a browser, supply a key, and give credit card information to the network provider. Conclude the session.Do one of the following:Terminate the WiFi session but leave the system running.# dladm disconnect-wifi Terminate a particular WiFi session when more than one session is currently running.# dladm disconnect-wifi linkwhere link represents the interface that was used for the session. Cleanly shut down the system while the WiFi session is running.# shutdown -g0 -i5You do not need to explicitly disconnect the WiFi session prior to turning off the system through the shutdown command. The following example shows a typical scenario that you might encounter when using a laptop that runs the Solaris Express, Developer Edition 2/07 release in an Internet coffee house. Learn whether a WiFi link is available.# dladm show-wifi ath0 type: non-vlan mtu: 1500 device: ath0The ath0 link is installed on the laptop. Configure the ath0 interface, and verify that it is up.# ifconfig ath0 plumb # ifconfig -a lo0: flags=2001000849<LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ath0: flags=201000803<BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 0.0.0.0 netmask ff000000 ether 0:b:6b:4e:8f:18Display the available WiFi links at your location.# dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 net1 00:0e:38:49:01:d0 none weak g 54Mb ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb ath0 net3 00:0d:ed:a5:47:e0 wep very good g 54Mb ath0 citinet 00:40:96:2a:56:b5 none good b 11MbThe output indicates that net3 has the best signal. net3 requires a key, for which the provider for the coffee house charges a fee. citinet is a free network provided by the local town.Connect to the citinet network.# dladm connect-wifi -e citinetThe e option of connect-wifi takes the ESSID of the preferred WiFi network as its argument. The argument in this command is citinet, the ESSID of the free local network. The dladm connect-wifi command offers several options for connecting to the WiFi network. For more information, refer to the dladm1M man page.Configure an IP address for the WiFi interface.# ifconfig ath0 10.192.16.3/24 up # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=201004843<UP,,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 3 inet 129.146.69.34 netmask fffffe00 broadcast 129.146.69.255 ether 0:e:7b:b5:64:a4 ath0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 4 inet 10.192.16.3 netmask ffffff00 broadcast 10.255.255.255 ether 0:b:6b:4e:8f:18This example assumes that you have the static IP address 10.192.16.3/24 configured on your laptop.# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected citinet none good g 11MbThe output indicates that the laptop is now connected to network citinet.# firefoxThe home page for the Firefox browser displays.Run a browser or other application to commence your work over the WiFi network.# dladm disconnect-wifi # dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 disconnected -- -- -- -- --The output of show-wifi verifies that you have disconnected the ath0 link from the WiFi network. This procedure shows how to monitor the status of a WiFi link through standard networking tools, and change link properties through the linkprop subcommand. Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Connect to the WiFi network, as described in How to Connect to a WiFi Network. View the properties of the link.Use the following syntax:# dladm show-linkprop interfaceFor example, you would use the following syntax to show the status of the connection established over the ath0 link:# dladm show-linkprop ath0 PROPERTY VALUE DEFAULT POSSIBLE channel 5 -- -- powermode off off off,fast,max radio ? on on,off speed 36 -- 1,2,5.5,6,9,11,12,18,24,36,48,54 Set a fixed speed for the link.The Solaris OS automatically chooses the optimal speed for the WiFi connection. Modifying the initial speed of the link might cause reduced performance or prevent the establishment of certain WiFi connections. You can modify the link speed to one of the possible values for speed that is listed in the show-linkprop output.# dladm set-linkprop -p speed=value link Check the packet flow over the link.# netstat -I ath0 -i 5 input ath0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 317 0 106 0 0 2905 0 571 0 0 14 0 0 0 0 20 0 0 0 0 7 0 0 0 0 16 0 1 0 0 5 0 0 0 0 9 0 0 0 0 304 0 10 0 0 631 0 316 0 0 338 0 9 0 0 722 0 381 0 0 294 0 7 0 0 670 0 371 0 0 306 0 5 0 0 649 0 338 0 0 289 0 5 0 0 597 0 301 0 0 This example shows how to set the speed of a link after you have connected to a WiFi network# dladm show-linkprop -p speed ath0 PROPERTY VALUE DEFAULT POSSIBLE speed 24 -- 1,2,5,6,9,11,12,18,24,36,48,54 # dladm set-linkprop -p speed=36 ath0 # dladm show-linkprop -p speed ath0 PROPERTY VALUE DEFAULT POSSIBLE speed 36 -- 1,2,5,6,9,11,12,18,24,36,48,54 Radio wave technology makes WiFi networks readily available and often freely accessible to users in many locations. As a result, connecting to a WiFi network can be an insecure undertaking. However, certain types of WiFi connections are more secure:Connecting to a private, restricted-access WiFi networkPrivate networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN. Encrypting your connection to the WiFi networkYou can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection. The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting connections through the access point. The WEP protocol is defined in IEEE 802.11 specifications for wireless connections. For complete details on the WEP-related options of the dladm command, refer to the dladm1M man page. The next procedure shows how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that can generate a secure key. This procedure assumes that you use such a router and have its documentation available. The procedure also assumes that your system is already plugged into the router. Start the software for configuring the home router.Refer to the manufacturer's documentation for instructions. Router manufacturers typically offer an internal web site or a graphical user interface for router configuration. Generate the value for the WEP key.Follow the manufacturer's instructions for creating a secure key for the router. The router configuration GUI might ask you to supply a passphrase of your choice for the key. The software then uses the passphrase to generate a hexadecimal string, typically 5 bytes or 13 bytes in length. This string becomes the value to be used for the WEP key. Apply and save the key configuration.Refer to the manufacturer's documentation for instructions. Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Create a secure object that contains the WEP key.Open a terminal window on the system and type the following:# dladm create-secobj -c wep keynamewhere keyname represents the name you want to give to the key. Supply the value for the WEP key to the secure object.The create-secobj subcommand then runs a script that requests the value for the key. provide value for keyname: 5 or 13 byte key confirm value for keyname: retype keyThis value is the key that was generated by the router. The script accepts either a five byte or thirteen byte string, in ASCII or in hexadecimal for the key value. View the contents of the key that you just created.# dladm show-secobj OBJECT CLASS keyname wepwhere keyname is the name for the secure object. Make an encrypted connection to the WiFi network.# dladm connect-wifi -e network -k keyname interface Verify that the connection is secure.# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected net1 wep good g 11MbThe wep value under the SEC heading indicates that WEP encryption is in place for the connection. This example assumes that you have already done the following:Connected your system to a home router that can create a WEP key Followed the router manufacturer's documentation and created the WEP key Saved the key so that you can use it to create the secure object on your system # dladm create-secobj -c wep mykey provide value for mykey: ***** confirm value for mkey: *****When you supply the WEP key generated that is by the router, asterisks mask the value that you type.# dladm show-secobj OBJECT CLASS mykey wep # dladm connect-wifi -e citinet -k mykey ath0This command establishes an encrypted connection to the WiFi network citinet, using the secure object mykey.# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected citinet wep good g 36MbThis output verifies that you are connected to citinet through WEP encryption.