1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 4. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 29.\" $FreeBSD$ 30.\" 31.Dd May 15, 2015 32.Dt IFCONFIG 8 33.Os 34.Sh NAME 35.Nm ifconfig 36.Nd configure network interface parameters 37.Sh SYNOPSIS 38.Nm 39.Op Fl L 40.Op Fl k 41.Op Fl m 42.Op Fl n 43.Ar interface 44.Op Cm create 45.Ar address_family 46.Oo 47.Ar address 48.Op Ar dest_address 49.Oc 50.Op Ar parameters 51.Nm 52.Ar interface 53.Cm destroy 54.Nm 55.Fl a 56.Op Fl L 57.Op Fl d 58.Op Fl m 59.Op Fl u 60.Op Fl v 61.Op Ar address_family 62.Nm 63.Fl l 64.Op Fl d 65.Op Fl u 66.Op Ar address_family 67.Nm 68.Op Fl L 69.Op Fl d 70.Op Fl k 71.Op Fl m 72.Op Fl u 73.Op Fl v 74.Op Fl C 75.Nm 76.Op Fl g Ar groupname 77.Sh DESCRIPTION 78The 79.Nm 80utility is used to assign an address 81to a network interface and/or configure 82network interface parameters. 83The 84.Nm 85utility must be used at boot time to define the network address 86of each interface present on a machine; it may also be used at 87a later time to redefine an interface's address 88or other operating parameters. 89.Pp 90The following options are available: 91.Bl -tag -width indent 92.It Ar address 93For the 94.Tn DARPA Ns -Internet 95family, 96the address is either a host name present in the host name data 97base, 98.Xr hosts 5 , 99or a 100.Tn DARPA 101Internet address expressed in the Internet standard 102.Dq dot notation . 103.Pp 104It is also possible to use the CIDR notation (also known as the 105slash notation) to include the netmask. 106That is, one can specify an address like 107.Li 192.168.0.1/16 . 108.Pp 109For the 110.Dq inet6 111family, it is also possible to specify the prefix length using the slash 112notation, like 113.Li ::1/128 . 114See the 115.Cm prefixlen 116parameter below for more information. 117.\" For the Xerox Network Systems(tm) family, 118.\" addresses are 119.\" .Ar net:a.b.c.d.e.f , 120.\" where 121.\" .Ar net 122.\" is the assigned network number (in decimal), 123.\" and each of the six bytes of the host number, 124.\" .Ar a 125.\" through 126.\" .Ar f , 127.\" are specified in hexadecimal. 128.\" The host number may be omitted on IEEE 802 protocol 129.\" (Ethernet, FDDI, and Token Ring) interfaces, 130.\" which use the hardware physical address, 131.\" and on interfaces other than the first. 132.\" For the 133.\" .Tn ISO 134.\" family, addresses are specified as a long hexadecimal string, 135.\" as in the Xerox family. 136.\" However, two consecutive dots imply a zero 137.\" byte, and the dots are optional, if the user wishes to (carefully) 138.\" count out long strings of digits in network byte order. 139.Pp 140The link-level 141.Pq Dq link 142address 143is specified as a series of colon-separated hex digits. 144This can be used to, for example, 145set a new MAC address on an Ethernet interface, though the 146mechanism used is not Ethernet specific. 147If the interface is already 148up when this option is used, it will be briefly brought down and 149then brought back up again in order to ensure that the receive 150filter in the underlying Ethernet hardware is properly reprogrammed. 151.It Ar address_family 152Specify the 153address family 154which affects interpretation of the remaining parameters. 155Since an interface can receive transmissions in differing protocols 156with different naming schemes, specifying the address family is recommended. 157The address or protocol families currently 158supported are 159.Dq inet , 160.Dq inet6 , 161.Dq atalk , 162.Dq ipx , 163.\" .Dq iso , 164and 165.Dq link . 166.\" and 167.\" .Dq ns . 168The default if available is 169.Dq inet 170or otherwise 171.Dq link . 172.Dq ether 173and 174.Dq lladdr 175are synonyms for 176.Dq link . 177When using the 178.Fl l 179flag, the 180.Dq ether 181address family has special meaning and is no longer synonymous with 182.Dq link 183or 184.Dq lladdr . 185Specifying 186.Fl l Dq ether 187will list only Ethernet interfaces, excluding all other interface types, 188including the loopback interface. 189.It Ar dest_address 190Specify the address of the correspondent on the other end 191of a point to point link. 192.It Ar interface 193This 194parameter is a string of the form 195.Dq name unit , 196for example, 197.Dq Li ed0 . 198.It Ar groupname 199List the interfaces in the given group. 200.El 201.Pp 202The following parameters may be set with 203.Nm : 204.Bl -tag -width indent 205.It Cm add 206Another name for the 207.Cm alias 208parameter. 209Introduced for compatibility 210with 211.Bsx . 212.It Cm alias 213Establish an additional network address for this interface. 214This is sometimes useful when changing network numbers, and 215one wishes to accept packets addressed to the old interface. 216If the address is on the same subnet as the first network address 217for this interface, a non-conflicting netmask must be given. 218Usually 219.Li 0xffffffff 220is most appropriate. 221.It Fl alias 222Remove the network address specified. 223This would be used if you incorrectly specified an alias, or it 224was no longer needed. 225If you have incorrectly set an NS address having the side effect 226of specifying the host portion, removing all NS addresses will 227allow you to respecify the host portion. 228.It Cm anycast 229(Inet6 only.) 230Specify that the address configured is an anycast address. 231Based on the current specification, 232only routers may configure anycast addresses. 233Anycast address will not be used as source address of any of outgoing 234IPv6 packets. 235.It Cm arp 236Enable the use of the Address Resolution Protocol 237.Pq Xr arp 4 238in mapping 239between network level addresses and link level addresses (default). 240This is currently implemented for mapping between 241.Tn DARPA 242Internet 243addresses and 244.Tn IEEE 245802 48-bit MAC addresses (Ethernet, FDDI, and Token Ring addresses). 246.It Fl arp 247Disable the use of the Address Resolution Protocol 248.Pq Xr arp 4 . 249.It Cm staticarp 250If the Address Resolution Protocol is enabled, 251the host will only reply to requests for its addresses, 252and will never send any requests. 253.It Fl staticarp 254If the Address Resolution Protocol is enabled, 255the host will perform normally, 256sending out requests and listening for replies. 257.It Cm broadcast 258(Inet only.) 259Specify the address to use to represent broadcasts to the 260network. 261The default broadcast address is the address with a host part of all 1's. 262.It Cm debug 263Enable driver dependent debugging code; usually, this turns on 264extra console error logging. 265.It Fl debug 266Disable driver dependent debugging code. 267.It Cm promisc 268Put interface into permanently promiscuous mode. 269.It Fl promisc 270Disable permanently promiscuous mode. 271.It Cm delete 272Another name for the 273.Fl alias 274parameter. 275.It Cm description Ar value , Cm descr Ar value 276Specify a description of the interface. 277This can be used to label interfaces in situations where they may 278otherwise be difficult to distinguish. 279.It Cm -description , Cm -descr 280Clear the interface description. 281.It Cm down 282Mark an interface 283.Dq down . 284When an interface is marked 285.Dq down , 286the system will not attempt to 287transmit messages through that interface. 288If possible, the interface will be reset to disable reception as well. 289This action does not automatically disable routes using the interface. 290.It Cm group Ar group-name 291Assign the interface to a 292.Dq group . 293Any interface can be in multiple groups. 294.Pp 295Cloned interfaces are members of their interface family group by default. 296For example, a PPP interface such as 297.Em ppp0 298is a member of the PPP interface family group, 299.Em ppp . 300.\" The interface(s) the default route(s) point to are members of the 301.\" .Em egress 302.\" interface group. 303.It Cm -group Ar group-name 304Remove the interface from the given 305.Dq group . 306.It Cm eui64 307(Inet6 only.) 308Fill interface index 309(lowermost 64bit of an IPv6 address) 310automatically. 311.It Cm fib Ar fib_number 312Specify interface FIB. 313A FIB 314.Ar fib_number 315is assigned to all frames or packets received on that interface. 316The FIB is not inherited, e.g., vlans or other sub-interfaces will use 317the default FIB (0) irrespective of the parent interface's FIB. 318The kernel needs to be tuned to support more than the default FIB 319using the 320.Va ROUTETABLES 321kernel configuration option, or the 322.Va net.fibs 323tunable. 324.It Cm tunnelfib Ar fib_number 325Specify tunnel FIB. 326A FIB 327.Ar fib_number 328is assigned to all packets encapsulated by tunnel interface, e.g., 329.Xr gif 4 330and 331.Xr gre 4 . 332.It Cm ipdst 333This is used to specify an Internet host who is willing to receive 334IP packets encapsulating IPX packets bound for a remote network. 335An apparent point to point link is constructed, and 336the address specified will be taken as the IPX address and network 337of the destination. 338.It Cm maclabel Ar label 339If Mandatory Access Control support is enabled in the kernel, 340set the MAC label to 341.Ar label . 342.\" (see 343.\" .Xr maclabel 7 ) . 344.It Cm media Ar type 345If the driver supports the media selection system, set the media type 346of the interface to 347.Ar type . 348Some interfaces support the mutually exclusive use of one of several 349different physical media connectors. 350For example, a 10Mbit/s Ethernet 351interface might support the use of either 352.Tn AUI 353or twisted pair connectors. 354Setting the media type to 355.Cm 10base5/AUI 356would change the currently active connector to the AUI port. 357Setting it to 358.Cm 10baseT/UTP 359would activate twisted pair. 360Refer to the interfaces' driver 361specific documentation or man page for a complete list of the 362available types. 363.It Cm mediaopt Ar opts 364If the driver supports the media selection system, set the specified 365media options on the interface. 366The 367.Ar opts 368argument 369is a comma delimited list of options to apply to the interface. 370Refer to the interfaces' driver specific man page for a complete 371list of available options. 372.It Fl mediaopt Ar opts 373If the driver supports the media selection system, disable the 374specified media options on the interface. 375.It Cm mode Ar mode 376If the driver supports the media selection system, set the specified 377operating mode on the interface to 378.Ar mode . 379For IEEE 802.11 wireless interfaces that support multiple operating modes 380this directive is used to select between 802.11a 381.Pq Cm 11a , 382802.11b 383.Pq Cm 11b , 384and 802.11g 385.Pq Cm 11g 386operating modes. 387.It Cm inst Ar minst , Cm instance Ar minst 388Set the media instance to 389.Ar minst . 390This is useful for devices which have multiple physical layer interfaces 391.Pq PHYs . 392.It Cm name Ar name 393Set the interface name to 394.Ar name . 395.It Cm rxcsum , txcsum , rxcsum6 , txcsum6 396If the driver supports user-configurable checksum offloading, 397enable receive (or transmit) checksum offloading on the interface. 398The feature can be turned on selectively per protocol family. 399Use 400.Cm rxcsum6 , txcsum6 401for 402.Xr ip6 4 403or 404.Cm rxcsum , txcsum 405otherwise. 406Some drivers may not be able to enable these flags independently 407of each other, so setting one may also set the other. 408The driver will offload as much checksum work as it can reliably 409support, the exact level of offloading varies between drivers. 410.It Fl rxcsum , txcsum , rxcsum6 , txcsum6 411If the driver supports user-configurable checksum offloading, 412disable receive (or transmit) checksum offloading on the interface. 413The feature can be turned off selectively per protocol family. 414Use 415.Fl rxcsum6 , txcsum6 416for 417.Xr ip6 4 418or 419.Fl rxcsum , txcsum 420otherwise. 421These settings may not always be independent of each other. 422.It Cm tso 423If the driver supports 424.Xr tcp 4 425segmentation offloading, enable TSO on the interface. 426Some drivers may not be able to support TSO for 427.Xr ip 4 428and 429.Xr ip6 4 430packets, so they may enable only one of them. 431.It Fl tso 432If the driver supports 433.Xr tcp 4 434segmentation offloading, disable TSO on the interface. 435It will always disable TSO for 436.Xr ip 4 437and 438.Xr ip6 4 . 439.It Cm tso6 , tso4 440If the driver supports 441.Xr tcp 4 442segmentation offloading for 443.Xr ip6 4 444or 445.Xr ip 4 446use one of these to selectively enabled it only for one protocol family. 447.It Fl tso6 , tso4 448If the driver supports 449.Xr tcp 4 450segmentation offloading for 451.Xr ip6 4 452or 453.Xr ip 4 454use one of these to selectively disable it only for one protocol family. 455.It Cm lro 456If the driver supports 457.Xr tcp 4 458large receive offloading, enable LRO on the interface. 459.It Fl lro 460If the driver supports 461.Xr tcp 4 462large receive offloading, disable LRO on the interface. 463.It Cm wol , wol_ucast , wol_mcast , wol_magic 464Enable Wake On Lan (WOL) support, if available. 465WOL is a facility whereby a machine in a low power state may be woken 466in response to a received packet. 467There are three types of packets that may wake a system: 468ucast (directed solely to the machine's mac address), 469mcast (directed to a broadcast or multicast address), 470or 471magic (unicast or multicast frames with a ``magic contents''). 472Not all devices support WOL, those that do indicate the mechanisms 473they support in their capabilities. 474.Cm wol 475is a synonym for enabling all available WOL mechanisms. 476To disable WOL use 477.Fl wol . 478.It Cm vlanmtu , vlanhwtag, vlanhwfilter, vlanhwcsum, vlanhwtso 479If the driver offers user-configurable VLAN support, enable 480reception of extended frames, tag processing in hardware, 481frame filtering in hardware, checksum offloading, or TSO on VLAN, 482respectively. 483Note that this must be issued on a physical interface associated with 484.Xr vlan 4 , 485not on a 486.Xr vlan 4 487interface itself. 488.It Fl vlanmtu , vlanhwtag, vlanhwfilter, vlanhwtso 489If the driver offers user-configurable VLAN support, disable 490reception of extended frames, tag processing in hardware, 491frame filtering in hardware, or TSO on VLAN, 492respectively. 493.It Cm vnet Ar jail 494Move the interface to the 495.Xr jail 8 , 496specified by name or JID. 497If the jail has a virtual network stack, the interface will disappear 498from the current environment and become visible to the jail. 499.It Fl vnet Ar jail 500Reclaim the interface from the 501.Xr jail 8 , 502specified by name or JID. 503If the jail has a virtual network stack, the interface will disappear 504from the jail, and become visible to the current network environment. 505.It Cm polling 506Turn on 507.Xr polling 4 508feature and disable interrupts on the interface, if driver supports 509this mode. 510.It Fl polling 511Turn off 512.Xr polling 4 513feature and enable interrupt mode on the interface. 514.It Cm create 515Create the specified network pseudo-device. 516If the interface is given without a unit number, try to create a new 517device with an arbitrary unit number. 518If creation of an arbitrary device is successful, the new device name is 519printed to standard output unless the interface is renamed or destroyed 520in the same 521.Nm 522invocation. 523.It Cm destroy 524Destroy the specified network pseudo-device. 525.It Cm plumb 526Another name for the 527.Cm create 528parameter. 529Included for 530.Tn Solaris 531compatibility. 532.It Cm unplumb 533Another name for the 534.Cm destroy 535parameter. 536Included for 537.Tn Solaris 538compatibility. 539.It Cm metric Ar n 540Set the routing metric of the interface to 541.Ar n , 542default 0. 543The routing metric is used by the routing protocol 544.Pq Xr routed 8 . 545Higher metrics have the effect of making a route 546less favorable; metrics are counted as additional hops 547to the destination network or host. 548.It Cm mtu Ar n 549Set the maximum transmission unit of the interface to 550.Ar n , 551default is interface specific. 552The MTU is used to limit the size of packets that are transmitted on an 553interface. 554Not all interfaces support setting the MTU, and some interfaces have 555range restrictions. 556.It Cm netmask Ar mask 557.\" (Inet and ISO.) 558(Inet only.) 559Specify how much of the address to reserve for subdividing 560networks into sub-networks. 561The mask includes the network part of the local address 562and the subnet part, which is taken from the host field of the address. 563The mask can be specified as a single hexadecimal number 564with a leading 565.Ql 0x , 566with a dot-notation Internet address, 567or with a pseudo-network name listed in the network table 568.Xr networks 5 . 569The mask contains 1's for the bit positions in the 32-bit address 570which are to be used for the network and subnet parts, 571and 0's for the host part. 572The mask should contain at least the standard network portion, 573and the subnet field should be contiguous with the network 574portion. 575.Pp 576The netmask can also be specified in CIDR notation after the address. 577See the 578.Ar address 579option above for more information. 580.It Cm prefixlen Ar len 581(Inet6 only.) 582Specify that 583.Ar len 584bits are reserved for subdividing networks into sub-networks. 585The 586.Ar len 587must be integer, and for syntactical reason it must be between 0 to 128. 588It is almost always 64 under the current IPv6 assignment rule. 589If the parameter is omitted, 64 is used. 590.Pp 591The prefix can also be specified using the slash notation after the address. 592See the 593.Ar address 594option above for more information. 595.\" see 596.\" Xr eon 5 . 597.\" .It Cm nsellength Ar n 598.\" .Pf ( Tn ISO 599.\" only) 600.\" This specifies a trailing number of bytes for a received 601.\" .Tn NSAP 602.\" used for local identification, the remaining leading part of which is 603.\" taken to be the 604.\" .Tn NET 605.\" (Network Entity Title). 606.\" The default value is 1, which is conformant to US 607.\" .Tn GOSIP . 608.\" When an ISO address is set in an ifconfig command, 609.\" it is really the 610.\" .Tn NSAP 611.\" which is being specified. 612.\" For example, in 613.\" .Tn US GOSIP , 614.\" 20 hex digits should be 615.\" specified in the 616.\" .Tn ISO NSAP 617.\" to be assigned to the interface. 618.\" There is some evidence that a number different from 1 may be useful 619.\" for 620.\" .Tn AFI 621.\" 37 type addresses. 622.It Cm range Ar netrange 623Under appletalk, set the interface to respond to a 624.Ar netrange 625of the form 626.Ar startnet Ns - Ns Ar endnet . 627Appletalk uses this scheme instead of 628netmasks though 629.Fx 630implements it internally as a set of netmasks. 631.It Cm remove 632Another name for the 633.Fl alias 634parameter. 635Introduced for compatibility 636with 637.Bsx . 638.It Cm phase 639The argument following this specifies the version (phase) of the 640Appletalk network attached to the interface. 641Values of 1 or 2 are permitted. 642.Sm off 643.It Cm link Op Cm 0 No - Cm 2 644.Sm on 645Enable special processing of the link level of the interface. 646These three options are interface specific in actual effect, however, 647they are in general used to select special modes of operation. 648An example 649of this is to enable SLIP compression, or to select the connector type 650for some Ethernet cards. 651Refer to the man page for the specific driver 652for more information. 653.Sm off 654.It Fl link Op Cm 0 No - Cm 2 655.Sm on 656Disable special processing at the link level with the specified interface. 657.It Cm monitor 658Put the interface in monitor mode. 659No packets are transmitted, and received packets are discarded after 660.Xr bpf 4 661processing. 662.It Fl monitor 663Take the interface out of monitor mode. 664.It Cm up 665Mark an interface 666.Dq up . 667This may be used to enable an interface after an 668.Dq Nm Cm down . 669It happens automatically when setting the first address on an interface. 670If the interface was reset when previously marked down, 671the hardware will be re-initialized. 672.El 673.Pp 674The following parameters are for ICMPv6 Neighbor Discovery Protocol. 675Note that the address family keyword 676.Dq Li inet6 677is needed for them: 678.Bl -tag -width indent 679.It Cm accept_rtadv 680Set a flag to enable accepting ICMPv6 Router Advertisement messages. 681The 682.Xr sysctl 8 683variable 684.Va net.inet6.ip6.accept_rtadv 685controls whether this flag is set by default or not. 686.It Cm -accept_rtadv 687Clear a flag 688.Cm accept_rtadv . 689.It Cm no_radr 690Set a flag to control whether routers from which the system accepts 691Router Advertisement messages will be added to the Default Router List 692or not. 693When the 694.Cm accept_rtadv 695flag is disabled, this flag has no effect. 696The 697.Xr sysctl 8 698variable 699.Va net.inet6.ip6.no_radr 700controls whether this flag is set by default or not. 701.It Cm -no_radr 702Clear a flag 703.Cm no_radr . 704.It Cm auto_linklocal 705Set a flag to perform automatic link-local address configuration when 706the interface becomes available. 707The 708.Xr sysctl 8 709variable 710.Va net.inet6.ip6.auto_linklocal 711controls whether this flag is set by default or not. 712.It Cm -auto_linklocal 713Clear a flag 714.Cm auto_linklocal . 715.It Cm defaultif 716Set the specified interface as the default route when there is no 717default router. 718.It Cm -defaultif 719Clear a flag 720.Cm defaultif . 721.It Cm ifdisabled 722Set a flag to disable all of IPv6 network communications on the 723specified interface. 724Note that if there are already configured IPv6 725addresses on that interface, all of them are marked as 726.Dq tentative 727and DAD will be performed when this flag is cleared. 728.It Cm -ifdisabled 729Clear a flag 730.Cm ifdisabled . 731When this flag is cleared and 732.Cm auto_linklocal 733flag is enabled, automatic configuration of a link-local address is 734performed. 735.It Cm nud 736Set a flag to enable Neighbor Unreachability Detection. 737.It Cm -nud 738Clear a flag 739.Cm nud . 740.It Cm no_prefer_iface 741Set a flag to not prefer address on the interface as candidates of the 742source address for outgoing packets, even when the interface is 743outgoing interface. 744.It Cm -no_prefer_iface 745Clear a flag 746.Cm no_prefer_iface . 747.It Cm no_dad 748Set a flag to disable Duplicate Address Detection. 749.It Cm -no_dad 750Clear a flag 751.Cm no_dad . 752.It Cm ignoreloop 753Set a flag to disable loopback detection in Enhanced Duplicate Address 754Detection Algorithm. 755When this flag is set, 756Duplicate Address Detection will stop in a finite number of probings 757even if a loopback configuration is detected. 758.It Cm -ignoreloop 759Clear a flag 760.Cm ignoreloop . 761.El 762.Pp 763The following parameters are specific for IPv6 addresses. 764Note that the address family keyword 765.Dq Li inet6 766is needed for them: 767.Bl -tag -width indent 768.It Cm prefer_source 769Set a flag to prefer address as a candidate of the source address for 770outgoing packets. 771.It Cm -prefer_source 772Clear a flag 773.Cm prefer_source . 774.El 775.Pp 776The following parameters are specific to cloning 777IEEE 802.11 wireless interfaces with the 778.Cm create 779request: 780.Bl -tag -width indent 781.It Cm wlandev Ar device 782Use 783.Ar device 784as the parent for the cloned device. 785.It Cm wlanmode Ar mode 786Specify the operating mode for this cloned device. 787.Ar mode 788is one of 789.Cm sta , 790.Cm ahdemo 791(or 792.Cm adhoc-demo ), 793.Cm ibss , 794(or 795.Cm adhoc ), 796.Cm ap , 797(or 798.Cm hostap ), 799.Cm wds , 800.Cm tdma , 801.Cm mesh , 802and 803.Cm monitor . 804The operating mode of a cloned interface cannot be changed. 805The 806.Cm tdma 807mode is actually implemented as an 808.Cm adhoc-demo 809interface with special properties. 810.It Cm wlanbssid Ar bssid 811The 802.11 mac address to use for the bssid. 812This must be specified at create time for a legacy 813.Cm wds 814device. 815.It Cm wlanaddr Ar address 816The local mac address. 817If this is not specified then a mac address will automatically be assigned 818to the cloned device. 819Typically this address is the same as the address of the parent device 820but if the 821.Cm bssid 822parameter is specified then the driver will craft a unique address for 823the device (if supported). 824.It Cm wdslegacy 825Mark a 826.Cm wds 827device as operating in ``legacy mode''. 828Legacy 829.Cm wds 830devices have a fixed peer relationship and do not, for example, roam 831if their peer stops communicating. 832For completeness a Dynamic WDS (DWDS) interface may marked as 833.Fl wdslegacy . 834.It Cm bssid 835Request a unique local mac address for the cloned device. 836This is only possible if the device supports multiple mac addresses. 837To force use of the parent's mac address use 838.Fl bssid . 839.It Cm beacons 840Mark the cloned interface as depending on hardware support to 841track received beacons. 842To have beacons tracked in software use 843.Fl beacons . 844For 845.Cm hostap 846mode 847.Fl beacons 848can also be used to indicate no beacons should 849be transmitted; this can be useful when creating a WDS configuration but 850.Cm wds 851interfaces can only be created as companions to an access point. 852.El 853.Pp 854The following parameters are specific to IEEE 802.11 wireless interfaces 855cloned with a 856.Cm create 857operation: 858.Bl -tag -width indent 859.It Cm ampdu 860Enable sending and receiving AMPDU frames when using 802.11n (default). 861The 802.11n specification states a compliant station must be capable 862of receiving AMPDU frames but transmission is optional. 863Use 864.Fl ampdu 865to disable all use of AMPDU with 802.11n. 866For testing and/or to work around interoperability problems one can use 867.Cm ampdutx 868and 869.Cm ampdurx 870to control use of AMPDU in one direction. 871.It Cm ampdudensity Ar density 872Set the AMPDU density parameter used when operating with 802.11n. 873This parameter controls the inter-packet gap for AMPDU frames. 874The sending device normally controls this setting but a receiving station 875may request wider gaps. 876Legal values for 877.Ar density 878are 0, .25, .5, 1, 2, 4, 8, and 16 (microseconds). 879A value of 880.Cm - 881is treated the same as 0. 882.It Cm ampdulimit Ar limit 883Set the limit on packet size for receiving AMPDU frames when operating 884with 802.11n. 885Legal values for 886.Ar limit 887are 8192, 16384, 32768, and 65536 but one can also specify 888just the unique prefix: 8, 16, 32, 64. 889Note the sender may limit the size of AMPDU frames to be less 890than the maximum specified by the receiving station. 891.It Cm amsdu 892Enable sending and receiving AMSDU frames when using 802.11n. 893By default AMSDU is received but not transmitted. 894Use 895.Fl amsdu 896to disable all use of AMSDU with 802.11n. 897For testing and/or to work around interoperability problems one can use 898.Cm amsdutx 899and 900.Cm amsdurx 901to control use of AMSDU in one direction. 902.It Cm amsdulimit Ar limit 903Set the limit on packet size for sending and receiving AMSDU frames 904when operating with 802.11n. 905Legal values for 906.Ar limit 907are 7935 and 3839 (bytes). 908Note the sender may limit the size of AMSDU frames to be less 909than the maximum specified by the receiving station. 910Note also that devices are not required to support the 7935 limit, 911only 3839 is required by the specification and the larger value 912may require more memory to be dedicated to support functionality 913that is rarely used. 914.It Cm apbridge 915When operating as an access point, pass packets between 916wireless clients directly (default). 917To instead let them pass up through the 918system and be forwarded using some other mechanism, use 919.Fl apbridge . 920Disabling the internal bridging 921is useful when traffic is to be processed with 922packet filtering. 923.It Cm authmode Ar mode 924Set the desired authentication mode in infrastructure mode. 925Not all adapters support all modes. 926The set of 927valid modes is 928.Cm none , open , shared 929(shared key), 930.Cm 8021x 931(IEEE 802.1x), 932and 933.Cm wpa 934(IEEE WPA/WPA2/802.11i). 935The 936.Cm 8021x 937and 938.Cm wpa 939modes are only useful when using an authentication service 940(a supplicant for client operation or an authenticator when 941operating as an access point). 942Modes are case insensitive. 943.It Cm bgscan 944Enable background scanning when operating as a station. 945Background scanning is a technique whereby a station associated to 946an access point will temporarily leave the channel to scan for 947neighboring stations. 948This allows a station to maintain a cache of nearby access points 949so that roaming between access points can be done without 950a lengthy scan operation. 951Background scanning is done only when a station is not busy and 952any outbound traffic will cancel a scan operation. 953Background scanning should never cause packets to be lost though 954there may be some small latency if outbound traffic interrupts a 955scan operation. 956By default background scanning is enabled if the device is capable. 957To disable background scanning, use 958.Fl bgscan . 959Background scanning is controlled by the 960.Cm bgscanidle 961and 962.Cm bgscanintvl 963parameters. 964Background scanning must be enabled for roaming; this is an artifact 965of the current implementation and may not be required in the future. 966.It Cm bgscanidle Ar idletime 967Set the minimum time a station must be idle (not transmitting or 968receiving frames) before a background scan is initiated. 969The 970.Ar idletime 971parameter is specified in milliseconds. 972By default a station must be idle at least 250 milliseconds before 973a background scan is initiated. 974The idle time may not be set to less than 100 milliseconds. 975.It Cm bgscanintvl Ar interval 976Set the interval at which background scanning is attempted. 977The 978.Ar interval 979parameter is specified in seconds. 980By default a background scan is considered every 300 seconds (5 minutes). 981The 982.Ar interval 983may not be set to less than 15 seconds. 984.It Cm bintval Ar interval 985Set the interval at which beacon frames are sent when operating in 986ad-hoc or ap mode. 987The 988.Ar interval 989parameter is specified in TU's (1024 usecs). 990By default beacon frames are transmitted every 100 TU's. 991.It Cm bmissthreshold Ar count 992Set the number of consecutive missed beacons at which the station 993will attempt to roam (i.e., search for a new access point). 994The 995.Ar count 996parameter must be in the range 1 to 255; though the 997upper bound may be reduced according to device capabilities. 998The default threshold is 7 consecutive missed beacons; but 999this may be overridden by the device driver. 1000Another name for the 1001.Cm bmissthreshold 1002parameter is 1003.Cm bmiss . 1004.It Cm bssid Ar address 1005Specify the MAC address of the access point to use when operating 1006as a station in a BSS network. 1007This overrides any automatic selection done by the system. 1008To disable a previously selected access point, supply 1009.Cm any , none , 1010or 1011.Cm - 1012for the address. 1013This option is useful when more than one access point uses the same SSID. 1014Another name for the 1015.Cm bssid 1016parameter is 1017.Cm ap . 1018.It Cm burst 1019Enable packet bursting. 1020Packet bursting is a transmission technique whereby the wireless 1021medium is acquired once to send multiple frames and the interframe 1022spacing is reduced. 1023This technique can significantly increase throughput by reducing 1024transmission overhead. 1025Packet bursting is supported by the 802.11e QoS specification 1026and some devices that do not support QoS may still be capable. 1027By default packet bursting is enabled if a device is capable 1028of doing it. 1029To disable packet bursting, use 1030.Fl burst . 1031.It Cm chanlist Ar channels 1032Set the desired channels to use when scanning for access 1033points, neighbors in an IBSS network, or looking for unoccupied 1034channels when operating as an access point. 1035The set of channels is specified as a comma-separated list with 1036each element in the list representing either a single channel number or a range 1037of the form 1038.Dq Li a-b . 1039Channel numbers must be in the range 1 to 255 and be permissible 1040according to the operating characteristics of the device. 1041.It Cm channel Ar number 1042Set a single desired channel. 1043Channels range from 1 to 255, but the exact selection available 1044depends on the region your adaptor was manufactured for. 1045Setting 1046the channel to 1047.Li any , 1048or 1049.Cm - 1050will clear any desired channel and, if the device is marked up, 1051force a scan for a channel to operate on. 1052Alternatively the frequency, in megahertz, may be specified 1053instead of the channel number. 1054.Pp 1055When there are several ways to use a channel the channel 1056number/frequency may be appended with attributes to clarify. 1057For example, if a device is capable of operating on channel 6 1058with 802.11n and 802.11g then one can specify that g-only use 1059should be used by specifying ``6:g''. 1060Similarly the channel width can be specified by appending it 1061with ``/''; e.g., ``6/40'' specifies a 40MHz wide channel, 1062These attributes can be combined as in: ``6:ht/40''. 1063The full set of flags specified following a ``:'' are: 1064.Cm a 1065(802.11a), 1066.Cm b 1067(802.11b), 1068.Cm d 1069(Atheros Dynamic Turbo mode), 1070.Cm g 1071(802.11g), 1072.Cm h 1073or 1074.Cm n 1075(802.11n aka HT), 1076.Cm s 1077(Atheros Static Turbo mode), 1078and 1079.Cm t 1080(Atheros Dynamic Turbo mode, or appended to ``st'' and ``dt''). 1081The full set of channel widths following a '/' are: 1082.Cm 5 1083(5MHz aka quarter-rate channel), 1084.Cm 10 1085(10MHz aka half-rate channel), 1086.Cm 20 1087(20MHz mostly for use in specifying ht20), 1088and 1089.Cm 40 1090(40MHz mostly for use in specifying ht40). 1091In addition, 1092a 40MHz HT channel specification may include the location 1093of the extension channel by appending ``+'' or ``-'' for above and below, 1094respectively; e.g., ``2437:ht/40+'' specifies 40MHz wide HT operation 1095with the center channel at frequency 2437 and the extension channel above. 1096.It Cm country Ar name 1097Set the country code to use in calculating the regulatory constraints 1098for operation. 1099In particular the set of available channels, how the wireless device 1100will operation on the channels, and the maximum transmit power that 1101can be used on a channel are defined by this setting. 1102Country/Region codes are specified as a 2-character abbreviation 1103defined by ISO 3166 or using a longer, but possibly ambiguous, spelling; 1104e.g., "ES" and "Spain". 1105The set of country codes are taken from 1106.Pa /etc/regdomain.xml 1107and can also 1108be viewed with the ``list countries'' request. 1109Note that not all devices support changing the country code from a default 1110setting; typically stored in EEPROM. 1111See also 1112.Cm regdomain , 1113.Cm indoor , 1114.Cm outdoor , 1115and 1116.Cm anywhere . 1117.It Cm dfs 1118Enable Dynamic Frequency Selection (DFS) as specified in 802.11h. 1119DFS embodies several facilities including detection of overlapping 1120radar signals, dynamic transmit power control, and channel selection 1121according to a least-congested criteria. 1122DFS support is mandatory for some 5GHz frequencies in certain 1123locales (e.g., ETSI). 1124By default DFS is enabled according to the regulatory definitions 1125specified in 1126.Pa /etc/regdomain.xml 1127and the current country code, regdomain, 1128and channel. 1129Note the underlying device (and driver) must support radar detection 1130for full DFS support to work. 1131To be fully compliant with the local regulatory agency frequencies that 1132require DFS should not be used unless it is fully supported. 1133Use 1134.Fl dfs 1135to disable this functionality for testing. 1136.It Cm dotd 1137Enable support for the 802.11d specification (default). 1138When this support is enabled in station mode, beacon frames that advertise 1139a country code different than the currently configured country code will 1140cause an event to be dispatched to user applications. 1141This event can be used by the station to adopt that country code and 1142operate according to the associated regulatory constraints. 1143When operating as an access point with 802.11d enabled the beacon and 1144probe response frames transmitted will advertise the current regulatory 1145domain settings. 1146To disable 802.11d use 1147.Fl dotd . 1148.It Cm doth 1149Enable 802.11h support including spectrum management. 1150When 802.11h is enabled beacon and probe response frames will have 1151the SpectrumMgt bit set in the capabilities field and 1152country and power constraint information elements will be present. 1153802.11h support also includes handling Channel Switch Announcements (CSA) 1154which are a mechanism to coordinate channel changes by an access point. 1155By default 802.11h is enabled if the device is capable. 1156To disable 802.11h use 1157.Fl doth . 1158.It Cm deftxkey Ar index 1159Set the default key to use for transmission. 1160Typically this is only set when using WEP encryption. 1161Note that you must set a default transmit key 1162for the system to know which key to use in encrypting outbound traffic. 1163The 1164.Cm weptxkey 1165is an alias for this request; it is provided for backwards compatibility. 1166.It Cm dtimperiod Ar period 1167Set the 1168DTIM 1169period for transmitting buffered multicast data frames when 1170operating in ap mode. 1171The 1172.Ar period 1173specifies the number of beacon intervals between DTIM 1174and must be in the range 1 to 15. 1175By default DTIM is 1 (i.e., DTIM occurs at each beacon). 1176.It Cm quiet 1177Enable the use of quiet IE. 1178Hostap will use this to silence other 1179stations to reduce interference for radar detection when 1180operating on 5GHz frequency and doth support is enabled. 1181Use 1182.Fl quiet 1183to disable this functionality. 1184.It Cm quiet_period Ar period 1185Set the QUIET 1186.Ar period 1187to the number of beacon intervals between the start of regularly 1188scheduled quiet intervals defined by Quiet element. 1189.It Cm quiet_count Ar count 1190Set the QUIET 1191.Ar count 1192to the number of TBTTs until the beacon interval during which the 1193next quiet interval shall start. 1194A value of 1 indicates the quiet 1195interval will start during the beacon interval starting at the next 1196TBTT. 1197A value 0 is reserved. 1198.It Cm quiet_offset Ar offset 1199Set the QUIET 1200.Ar offset 1201to the offset of the start of the quiet interval from the TBTT 1202specified by the Quiet count, expressed in TUs. 1203The value of the 1204.Ar offset 1205shall be less than one beacon interval. 1206.It Cm quiet_duration Ar dur 1207Set the QUIET 1208.Ar dur 1209to the duration of the Quiet interval, expressed in TUs. 1210The value should be less than beacon interval. 1211.It Cm dturbo 1212Enable the use of Atheros Dynamic Turbo mode when communicating with 1213another Dynamic Turbo-capable station. 1214Dynamic Turbo mode is an Atheros-specific mechanism by which 1215stations switch between normal 802.11 operation and a ``boosted'' 1216mode in which a 40MHz wide channel is used for communication. 1217Stations using Dynamic Turbo mode operate boosted only when the 1218channel is free of non-dturbo stations; when a non-dturbo station 1219is identified on the channel all stations will automatically drop 1220back to normal operation. 1221By default, Dynamic Turbo mode is not enabled, even if the device is capable. 1222Note that turbo mode (dynamic or static) is only allowed on some 1223channels depending on the regulatory constraints; use the 1224.Cm list chan 1225command to identify the channels where turbo mode may be used. 1226To disable Dynamic Turbo mode use 1227.Fl dturbo . 1228.It Cm dwds 1229Enable Dynamic WDS (DWDS) support. 1230DWDS is a facility by which 4-address traffic can be carried between 1231stations operating in infrastructure mode. 1232A station first associates to an access point and authenticates using 1233normal procedures (e.g., WPA). 1234Then 4-address frames are passed to carry traffic for stations 1235operating on either side of the wireless link. 1236DWDS extends the normal WDS mechanism by leveraging existing security 1237protocols and eliminating static binding. 1238.Pp 1239When DWDS is enabled on an access point 4-address frames received from 1240an authorized station will generate a ``DWDS discovery'' event to user 1241applications. 1242This event should be used to create a WDS interface that is bound 1243to the remote station (and usually plumbed into a bridge). 1244Once the WDS interface is up and running 4-address traffic then logically 1245flows through that interface. 1246.Pp 1247When DWDS is enabled on a station, traffic with a destination address 1248different from the peer station are encapsulated in a 4-address frame 1249and transmitted to the peer. 1250All 4-address traffic uses the security information of the stations 1251(e.g., cryptographic keys). 1252A station is associated using 802.11n facilities may transport 12534-address traffic using these same mechanisms; this depends on available 1254resources and capabilities of the device. 1255The DWDS implementation guards against layer 2 routing loops of 1256multicast traffic. 1257.It Cm ff 1258Enable the use of Atheros Fast Frames when communicating with 1259another Fast Frames-capable station. 1260Fast Frames are an encapsulation technique by which two 802.3 1261frames are transmitted in a single 802.11 frame. 1262This can noticeably improve throughput but requires that the 1263receiving station understand how to decapsulate the frame. 1264Fast frame use is negotiated using the Atheros 802.11 vendor-specific 1265protocol extension so enabling use is safe when communicating with 1266non-Atheros devices. 1267By default, use of fast frames is enabled if the device is capable. 1268To explicitly disable fast frames, use 1269.Fl ff . 1270.It Cm fragthreshold Ar length 1271Set the threshold for which transmitted frames are broken into fragments. 1272The 1273.Ar length 1274argument is the frame size in bytes and must be in the range 256 to 2346. 1275Setting 1276.Ar length 1277to 1278.Li 2346 , 1279.Cm any , 1280or 1281.Cm - 1282disables transmit fragmentation. 1283Not all adapters honor the fragmentation threshold. 1284.It Cm hidessid 1285When operating as an access point, do not broadcast the SSID 1286in beacon frames or respond to probe request frames unless 1287they are directed to the ap (i.e., they include the ap's SSID). 1288By default, the SSID is included in beacon frames and 1289undirected probe request frames are answered. 1290To re-enable the broadcast of the SSID etc., use 1291.Fl hidessid . 1292.It Cm ht 1293Enable use of High Throughput (HT) when using 802.11n (default). 1294The 802.11n specification includes mechanisms for operation 1295on 20MHz and 40MHz wide channels using different signalling mechanisms 1296than specified in 802.11b, 802.11g, and 802.11a. 1297Stations negotiate use of these facilities, termed HT20 and HT40, 1298when they associate. 1299To disable all use of 802.11n use 1300.Fl ht . 1301To disable use of HT20 (e.g., to force only HT40 use) use 1302.Fl ht20 . 1303To disable use of HT40 use 1304.Fl ht40 . 1305.Pp 1306HT configuration is used to ``auto promote'' operation 1307when several choices are available. 1308For example, if a station associates to an 11n-capable access point 1309it controls whether the station uses legacy operation, HT20, or HT40. 1310When an 11n-capable device is setup as an access point and 1311Auto Channel Selection is used to locate a channel to operate on, 1312HT configuration controls whether legacy, HT20, or HT40 operation is setup 1313on the selected channel. 1314If a fixed channel is specified for a station then HT configuration can 1315be given as part of the channel specification; e.g., 6:ht/20 to setup 1316HT20 operation on channel 6. 1317.It Cm htcompat 1318Enable use of compatibility support for pre-802.11n devices (default). 1319The 802.11n protocol specification went through several incompatible iterations. 1320Some vendors implemented 11n support to older specifications that 1321will not interoperate with a purely 11n-compliant station. 1322In particular the information elements included in management frames 1323for old devices are different. 1324When compatibility support is enabled both standard and compatible data 1325will be provided. 1326Stations that associate using the compatibility mechanisms are flagged 1327in ``list sta''. 1328To disable compatibility support use 1329.Fl htcompat . 1330.It Cm htprotmode Ar technique 1331For interfaces operating in 802.11n, use the specified 1332.Ar technique 1333for protecting HT frames in a mixed legacy/HT network. 1334The set of valid techniques is 1335.Cm off , 1336and 1337.Cm rts 1338(RTS/CTS, default). 1339Technique names are case insensitive. 1340.It Cm inact 1341Enable inactivity processing for stations associated to an 1342access point (default). 1343When operating as an access point the 802.11 layer monitors 1344the activity of each associated station. 1345When a station is inactive for 5 minutes it will send several 1346``probe frames'' to see if the station is still present. 1347If no response is received then the station is deauthenticated. 1348Applications that prefer to handle this work can disable this 1349facility by using 1350.Fl inact . 1351.It Cm indoor 1352Set the location to use in calculating regulatory constraints. 1353The location is also advertised in beacon and probe response frames 1354when 802.11d is enabled with 1355.Cm dotd . 1356See also 1357.Cm outdoor , 1358.Cm anywhere , 1359.Cm country , 1360and 1361.Cm regdomain . 1362.It Cm list active 1363Display the list of channels available for use taking into account 1364any restrictions set with the 1365.Cm chanlist 1366directive. 1367See the description of 1368.Cm list chan 1369for more information. 1370.It Cm list caps 1371Display the adaptor's capabilities, including the operating 1372modes supported. 1373.It Cm list chan 1374Display the list of channels available for use. 1375Channels are shown with their IEEE channel number, equivalent 1376frequency, and usage modes. 1377Channels identified as 1378.Ql 11g 1379are also usable in 1380.Ql 11b 1381mode. 1382Channels identified as 1383.Ql 11a Turbo 1384may be used only for Atheros' Static Turbo mode 1385(specified with 1386. Cm mediaopt turbo ) . 1387Channels marked with a 1388.Ql * 1389have a regulatory constraint that they be passively scanned. 1390This means a station is not permitted to transmit on the channel until 1391it identifies the channel is being used for 802.11 communication; 1392typically by hearing a beacon frame from an access point operating 1393on the channel. 1394.Cm list freq 1395is another way of requesting this information. 1396By default a compacted list of channels is displayed; if the 1397.Fl v 1398option is specified then all channels are shown. 1399.It Cm list countries 1400Display the set of country codes and regulatory domains that can be 1401used in regulatory configuration. 1402.It Cm list mac 1403Display the current MAC Access Control List state. 1404Each address is prefixed with a character that indicates the 1405current policy applied to it: 1406.Ql + 1407indicates the address is allowed access, 1408.Ql - 1409indicates the address is denied access, 1410.Ql * 1411indicates the address is present but the current policy open 1412(so the ACL is not consulted). 1413.It Cm list mesh 1414Displays the mesh routing table, used for forwarding packets on a mesh 1415network. 1416.It Cm list regdomain 1417Display the current regulatory settings including the available channels 1418and transmit power caps. 1419.It Cm list roam 1420Display the parameters that govern roaming operation. 1421.It Cm list txparam 1422Display the parameters that govern transmit operation. 1423.It Cm list txpower 1424Display the transmit power caps for each channel. 1425.It Cm list scan 1426Display the access points and/or ad-hoc neighbors 1427located in the vicinity. 1428This information may be updated automatically by the adapter 1429with a 1430.Cm scan 1431request or through background scanning. 1432Depending on the capabilities of the stations the following 1433flags can be included in the output: 1434.Bl -tag -width 3n 1435.It Li A 1436Authorized. 1437Indicates that the station is permitted to send/receive data frames. 1438.It Li E 1439Extended Rate Phy (ERP). 1440Indicates that the station is operating in an 802.11g network 1441using extended transmit rates. 1442.It Li H 1443High Throughput (HT). 1444Indicates that the station is using HT transmit rates. 1445If a `+' follows immediately after then the station associated 1446using deprecated mechanisms supported only when 1447.Cm htcompat 1448is enabled. 1449.It Li P 1450Power Save. 1451Indicates that the station is operating in power save mode. 1452.It Li Q 1453Quality of Service (QoS). 1454Indicates that the station is using QoS encapsulation for 1455data frame. 1456QoS encapsulation is enabled only when WME mode is enabled. 1457.It Li S 1458Short Preamble. 1459Indicates that the station is doing short preamble to optionally 1460improve throughput performance with 802.11g and 802.11b. 1461.It Li T 1462Transitional Security Network (TSN). 1463Indicates that the station associated using TSN; see also 1464.Cm tsn 1465below. 1466.It Li W 1467Wi-Fi Protected Setup (WPS). 1468Indicates that the station associated using WPS. 1469.El 1470.Pp 1471By default interesting information elements captured from the neighboring 1472stations are displayed at the end of each row. 1473Possible elements include: 1474.Cm WME 1475(station supports WME), 1476.Cm WPA 1477(station supports WPA), 1478.Cm WPS 1479(station supports WPS), 1480.Cm RSN 1481(station supports 802.11i/RSN), 1482.Cm HTCAP 1483(station supports 802.11n/HT communication), 1484.Cm ATH 1485(station supports Atheros protocol extensions), 1486.Cm VEN 1487(station supports unknown vendor-specific extensions). 1488If the 1489.Fl v 1490flag is used all the information elements and their 1491contents will be shown. 1492Specifying the 1493.Fl v 1494flag also enables display of long SSIDs. 1495The 1496.Cm list ap 1497command is another way of requesting this information. 1498.It Cm list sta 1499When operating as an access point display the stations that are 1500currently associated. 1501When operating in ad-hoc mode display stations identified as 1502neighbors in the IBSS. 1503When operating in mesh mode display stations identified as 1504neighbors in the MBSS. 1505When operating in station mode display the access point. 1506Capabilities advertised by the stations are described under 1507the 1508.Cm scan 1509request. 1510Depending on the capabilities of the stations the following 1511flags can be included in the output: 1512.Bl -tag -width 3n 1513.It Li A 1514Authorized. 1515Indicates that the station is permitted to send/receive data frames. 1516.It Li E 1517Extended Rate Phy (ERP). 1518Indicates that the station is operating in an 802.11g network 1519using extended transmit rates. 1520.It Li H 1521High Throughput (HT). 1522Indicates that the station is using HT transmit rates. 1523If a `+' follows immediately after then the station associated 1524using deprecated mechanisms supported only when 1525.Cm htcompat 1526is enabled. 1527.It Li P 1528Power Save. 1529Indicates that the station is operating in power save mode. 1530.It Li Q 1531Quality of Service (QoS). 1532Indicates that the station is using QoS encapsulation for 1533data frame. 1534QoS encapsulation is enabled only when WME mode is enabled. 1535.It Li S 1536Short Preamble. 1537Indicates that the station is doing short preamble to optionally 1538improve throughput performance with 802.11g and 802.11b. 1539.It Li T 1540Transitional Security Network (TSN). 1541Indicates that the station associated using TSN; see also 1542.Cm tsn 1543below. 1544.It Li W 1545Wi-Fi Protected Setup (WPS). 1546Indicates that the station associated using WPS. 1547.El 1548.Pp 1549By default information elements received from associated stations 1550are displayed in a short form; the 1551.Fl v 1552flag causes this information to be displayed symbolically. 1553.It Cm list wme 1554Display the current channel parameters to use when operating in WME mode. 1555If the 1556.Fl v 1557option is specified then both channel and BSS parameters are displayed 1558for each AC (first channel, then BSS). 1559When WME mode is enabled for an adaptor this information will be 1560displayed with the regular status; this command is mostly useful 1561for examining parameters when WME mode is disabled. 1562See the description of the 1563.Cm wme 1564directive for information on the various parameters. 1565.It Cm maxretry Ar count 1566Set the maximum number of tries to use in sending unicast frames. 1567The default setting is 6 but drivers may override this with a value 1568they choose. 1569.It Cm mcastrate Ar rate 1570Set the rate for transmitting multicast/broadcast frames. 1571Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s. 1572This rate should be valid for the current operating conditions; 1573if an invalid rate is specified drivers are free to chose an 1574appropriate rate. 1575.It Cm mgtrate Ar rate 1576Set the rate for transmitting management and/or control frames. 1577Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s. 1578.It Cm outdoor 1579Set the location to use in calculating regulatory constraints. 1580The location is also advertised in beacon and probe response frames 1581when 802.11d is enabled with 1582.Cm dotd . 1583See also 1584.Cm anywhere , 1585.Cm country , 1586.Cm indoor , 1587and 1588.Cm regdomain . 1589.It Cm powersave 1590Enable powersave operation. 1591When operating as a client, the station will conserve power by 1592periodically turning off the radio and listening for 1593messages from the access point telling it there are packets waiting. 1594The station must then retrieve the packets. 1595Not all devices support power save operation as a client. 1596The 802.11 specification requires that all access points support 1597power save but some drivers do not. 1598Use 1599.Fl powersave 1600to disable powersave operation when operating as a client. 1601.It Cm powersavesleep Ar sleep 1602Set the desired max powersave sleep time in TU's (1024 usecs). 1603By default the max powersave sleep time is 100 TU's. 1604.It Cm protmode Ar technique 1605For interfaces operating in 802.11g, use the specified 1606.Ar technique 1607for protecting OFDM frames in a mixed 11b/11g network. 1608The set of valid techniques is 1609.Cm off , cts 1610(CTS to self), 1611and 1612.Cm rtscts 1613(RTS/CTS). 1614Technique names are case insensitive. 1615Not all devices support 1616.Cm cts 1617as a protection technique. 1618.It Cm pureg 1619When operating as an access point in 802.11g mode allow only 162011g-capable stations to associate (11b-only stations are not 1621permitted to associate). 1622To allow both 11g and 11b-only stations to associate, use 1623.Fl pureg . 1624.It Cm puren 1625When operating as an access point in 802.11n mode allow only 1626HT-capable stations to associate (legacy stations are not 1627permitted to associate). 1628To allow both HT and legacy stations to associate, use 1629.Fl puren . 1630.It Cm regdomain Ar sku 1631Set the regulatory domain to use in calculating the regulatory constraints 1632for operation. 1633In particular the set of available channels, how the wireless device 1634will operation on the channels, and the maximum transmit power that 1635can be used on a channel are defined by this setting. 1636Regdomain codes (SKU's) are taken from 1637.Pa /etc/regdomain.xml 1638and can also 1639be viewed with the ``list countries'' request. 1640Note that not all devices support changing the regdomain from a default 1641setting; typically stored in EEPROM. 1642See also 1643.Cm country , 1644.Cm indoor , 1645.Cm outdoor , 1646and 1647.Cm anywhere . 1648.It Cm rifs 1649Enable use of Reduced InterFrame Spacing (RIFS) when operating in 802.11n 1650on an HT channel. 1651Note that RIFS must be supported by both the station and access point 1652for it to be used. 1653To disable RIFS use 1654.Fl rifs . 1655.It Cm roam:rate Ar rate 1656Set the threshold for controlling roaming when operating in a BSS. 1657The 1658.Ar rate 1659parameter specifies the transmit rate in megabits 1660at which roaming should be considered. 1661If the current transmit rate drops below this setting and background scanning 1662is enabled, then the system will check if a more desirable access point is 1663available and switch over to it. 1664The current scan cache contents are used if they are considered 1665valid according to the 1666.Cm scanvalid 1667parameter; otherwise a background scan operation is triggered before 1668any selection occurs. 1669Each channel type has a separate rate threshold; the default values are: 167012 Mb/s (11a), 2 Mb/s (11b), 2 Mb/s (11g), MCS 1 (11na, 11ng). 1671.It Cm roam:rssi Ar rssi 1672Set the threshold for controlling roaming when operating in a BSS. 1673The 1674.Ar rssi 1675parameter specifies the receive signal strength in dBm units 1676at which roaming should be considered. 1677If the current rssi drops below this setting and background scanning 1678is enabled, then the system will check if a more desirable access point is 1679available and switch over to it. 1680The current scan cache contents are used if they are considered 1681valid according to the 1682.Cm scanvalid 1683parameter; otherwise a background scan operation is triggered before 1684any selection occurs. 1685Each channel type has a separate rssi threshold; the default values are 1686all 7 dBm. 1687.It Cm roaming Ar mode 1688When operating as a station, control how the system will 1689behave when communication with the current access point 1690is broken. 1691The 1692.Ar mode 1693argument may be one of 1694.Cm device 1695(leave it to the hardware device to decide), 1696.Cm auto 1697(handle either in the device or the operating system\[em]as appropriate), 1698.Cm manual 1699(do nothing until explicitly instructed). 1700By default, the device is left to handle this if it is 1701capable; otherwise, the operating system will automatically 1702attempt to reestablish communication. 1703Manual mode is used by applications such as 1704.Xr wpa_supplicant 8 1705that want to control the selection of an access point. 1706.It Cm rtsthreshold Ar length 1707Set the threshold for which 1708transmitted frames are preceded by transmission of an 1709RTS 1710control frame. 1711The 1712.Ar length 1713argument 1714is the frame size in bytes and must be in the range 1 to 2346. 1715Setting 1716.Ar length 1717to 1718.Li 2346 , 1719.Cm any , 1720or 1721.Cm - 1722disables transmission of RTS frames. 1723Not all adapters support setting the RTS threshold. 1724.It Cm scan 1725Initiate a scan of neighboring stations, wait for it to complete, and 1726display all stations found. 1727Only the super-user can initiate a scan. 1728See 1729.Cm list scan 1730for information on the display. 1731By default a background scan is done; otherwise a foreground 1732scan is done and the station may roam to a different access point. 1733The 1734.Cm list scan 1735request can be used to show recent scan results without 1736initiating a new scan. 1737.It Cm scanvalid Ar threshold 1738Set the maximum time the scan cache contents are considered valid; 1739i.e., will be used without first triggering a scan operation to 1740refresh the data. 1741The 1742.Ar threshold 1743parameter is specified in seconds and defaults to 60 seconds. 1744The minimum setting for 1745.Ar threshold 1746is 10 seconds. 1747One should take care setting this threshold; if it is set too low 1748then attempts to roam to another access point may trigger unnecessary 1749background scan operations. 1750.It Cm shortgi 1751Enable use of Short Guard Interval when operating in 802.11n 1752on an HT channel. 1753NB: this currently enables Short GI on both HT40 and HT20 channels. 1754To disable Short GI use 1755.Fl shortgi . 1756.It Cm smps 1757Enable use of Static Spatial Multiplexing Power Save (SMPS) 1758when operating in 802.11n. 1759A station operating with Static SMPS maintains only a single 1760receive chain active (this can significantly reduce power consumption). 1761To disable SMPS use 1762.Fl smps . 1763.It Cm smpsdyn 1764Enable use of Dynamic Spatial Multiplexing Power Save (SMPS) 1765when operating in 802.11n. 1766A station operating with Dynamic SMPS maintains only a single 1767receive chain active but switches to multiple receive chains when it 1768receives an RTS frame (this can significantly reduce power consumption). 1769Note that stations cannot distinguish between RTS/CTS intended to 1770enable multiple receive chains and those used for other purposes. 1771To disable SMPS use 1772.Fl smps . 1773.It Cm ssid Ar ssid 1774Set the desired Service Set Identifier (aka network name). 1775The SSID is a string up to 32 characters 1776in length and may be specified as either a normal string or in 1777hexadecimal when preceded by 1778.Ql 0x . 1779Additionally, the SSID may be cleared by setting it to 1780.Ql - . 1781.It Cm tdmaslot Ar slot 1782When operating with TDMA, use the specified 1783.Ar slot 1784configuration. 1785The 1786.Ar slot 1787is a number between 0 and the maximum number of slots in the BSS. 1788Note that a station configured as slot 0 is a master and 1789will broadcast beacon frames advertising the BSS; 1790stations configured to use other slots will always 1791scan to locate a master before they ever transmit. 1792By default 1793.Cm tdmaslot 1794is set to 1. 1795.It Cm tdmaslotcnt Ar cnt 1796When operating with TDMA, setup a BSS with 1797.Ar cnt 1798slots. 1799The slot count may be at most 8. 1800The current implementation is only tested with two stations 1801(i.e., point to point applications). 1802This setting is only meaningful when a station is configured as slot 0; 1803other stations adopt this setting from the BSS they join. 1804By default 1805.Cm tdmaslotcnt 1806is set to 2. 1807.It Cm tdmaslotlen Ar len 1808When operating with TDMA, setup a BSS such that each station has a slot 1809.Ar len 1810microseconds long. 1811The slot length must be at least 150 microseconds (1/8 TU) 1812and no more than 65 milliseconds. 1813Note that setting too small a slot length may result in poor channel 1814bandwidth utilization due to factors such as timer granularity and 1815guard time. 1816This setting is only meaningful when a station is configured as slot 0; 1817other stations adopt this setting from the BSS they join. 1818By default 1819.Cm tdmaslotlen 1820is set to 10 milliseconds. 1821.It Cm tdmabintval Ar intval 1822When operating with TDMA, setup a BSS such that beacons are transmitted every 1823.Ar intval 1824superframes to synchronize the TDMA slot timing. 1825A superframe is defined as the number of slots times the slot length; e.g., 1826a BSS with two slots of 10 milliseconds has a 20 millisecond superframe. 1827The beacon interval may not be zero. 1828A lower setting of 1829.Cm tdmabintval 1830causes the timers to be resynchronized more often; this can be help if 1831significant timer drift is observed. 1832By default 1833.Cm tdmabintval 1834is set to 5. 1835.It Cm tsn 1836When operating as an access point with WPA/802.11i allow legacy 1837stations to associate using static key WEP and open authentication. 1838To disallow legacy station use of WEP, use 1839.Fl tsn . 1840.It Cm txpower Ar power 1841Set the power used to transmit frames. 1842The 1843.Ar power 1844argument is specified in .5 dBm units. 1845Out of range values are truncated. 1846Typically only a few discreet power settings are available and 1847the driver will use the setting closest to the specified value. 1848Not all adapters support changing the transmit power. 1849.It Cm ucastrate Ar rate 1850Set a fixed rate for transmitting unicast frames. 1851Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s. 1852This rate should be valid for the current operating conditions; 1853if an invalid rate is specified drivers are free to chose an 1854appropriate rate. 1855.It Cm wepmode Ar mode 1856Set the desired WEP mode. 1857Not all adapters support all modes. 1858The set of valid modes is 1859.Cm off , on , 1860and 1861.Cm mixed . 1862The 1863.Cm mixed 1864mode explicitly tells the adaptor to allow association with access 1865points which allow both encrypted and unencrypted traffic. 1866On these adapters, 1867.Cm on 1868means that the access point must only allow encrypted connections. 1869On other adapters, 1870.Cm on 1871is generally another name for 1872.Cm mixed . 1873Modes are case insensitive. 1874.It Cm weptxkey Ar index 1875Set the WEP key to be used for transmission. 1876This is the same as setting the default transmission key with 1877.Cm deftxkey . 1878.It Cm wepkey Ar key Ns | Ns Ar index : Ns Ar key 1879Set the selected WEP key. 1880If an 1881.Ar index 1882is not given, key 1 is set. 1883A WEP key will be either 5 or 13 1884characters (40 or 104 bits) depending on the local network and the 1885capabilities of the adaptor. 1886It may be specified either as a plain 1887string or as a string of hexadecimal digits preceded by 1888.Ql 0x . 1889For maximum portability, hex keys are recommended; 1890the mapping of text keys to WEP encryption is usually driver-specific. 1891In particular, the 1892.Tn Windows 1893drivers do this mapping differently to 1894.Fx . 1895A key may be cleared by setting it to 1896.Ql - . 1897If WEP is supported then there are at least four keys. 1898Some adapters support more than four keys. 1899If that is the case, then the first four keys 1900(1-4) will be the standard temporary keys and any others will be adaptor 1901specific keys such as permanent keys stored in NVRAM. 1902.Pp 1903Note that you must set a default transmit key with 1904.Cm deftxkey 1905for the system to know which key to use in encrypting outbound traffic. 1906.It Cm wme 1907Enable Wireless Multimedia Extensions (WME) support, if available, 1908for the specified interface. 1909WME is a subset of the IEEE 802.11e standard to support the 1910efficient communication of realtime and multimedia data. 1911To disable WME support, use 1912.Fl wme . 1913Another name for this parameter is 1914.Cm wmm . 1915.Pp 1916The following parameters are meaningful only when WME support is in use. 1917Parameters are specified per-AC (Access Category) and 1918split into those that are used by a station when acting 1919as an access point and those for client stations in the BSS. 1920The latter are received from the access point and may not be changed 1921(at the station). 1922The following Access Categories are recognized: 1923.Pp 1924.Bl -tag -width ".Cm AC_BK" -compact 1925.It Cm AC_BE 1926(or 1927.Cm BE ) 1928best effort delivery, 1929.It Cm AC_BK 1930(or 1931.Cm BK ) 1932background traffic, 1933.It Cm AC_VI 1934(or 1935.Cm VI ) 1936video traffic, 1937.It Cm AC_VO 1938(or 1939.Cm VO ) 1940voice traffic. 1941.El 1942.Pp 1943AC parameters are case-insensitive. 1944Traffic classification is done in the operating system using the 1945vlan priority associated with data frames or the 1946ToS (Type of Service) indication in IP-encapsulated frames. 1947If neither information is present, traffic is assigned to the 1948Best Effort (BE) category. 1949.Bl -tag -width indent 1950.It Cm ack Ar ac 1951Set the ACK policy for QoS transmissions by the local station; 1952this controls whether or not data frames transmitted by a station 1953require an ACK response from the receiving station. 1954To disable waiting for an ACK use 1955.Fl ack . 1956This parameter is applied only to the local station. 1957.It Cm acm Ar ac 1958Enable the Admission Control Mandatory (ACM) mechanism 1959for transmissions by the local station. 1960To disable the ACM use 1961.Fl acm . 1962On stations in a BSS this parameter is read-only and indicates 1963the setting received from the access point. 1964NB: ACM is not supported right now. 1965.It Cm aifs Ar ac Ar count 1966Set the Arbitration Inter Frame Spacing (AIFS) 1967channel access parameter to use for transmissions 1968by the local station. 1969On stations in a BSS this parameter is read-only and indicates 1970the setting received from the access point. 1971.It Cm cwmin Ar ac Ar count 1972Set the CWmin channel access parameter to use for transmissions 1973by the local station. 1974On stations in a BSS this parameter is read-only and indicates 1975the setting received from the access point. 1976.It Cm cwmax Ar ac Ar count 1977Set the CWmax channel access parameter to use for transmissions 1978by the local station. 1979On stations in a BSS this parameter is read-only and indicates 1980the setting received from the access point. 1981.It Cm txoplimit Ar ac Ar limit 1982Set the Transmission Opportunity Limit channel access parameter 1983to use for transmissions by the local station. 1984This parameter defines an interval of time when a WME station 1985has the right to initiate transmissions onto the wireless medium. 1986On stations in a BSS this parameter is read-only and indicates 1987the setting received from the access point. 1988.It Cm bss:aifs Ar ac Ar count 1989Set the AIFS channel access parameter to send to stations in a BSS. 1990This parameter is meaningful only when operating in ap mode. 1991.It Cm bss:cwmin Ar ac Ar count 1992Set the CWmin channel access parameter to send to stations in a BSS. 1993This parameter is meaningful only when operating in ap mode. 1994.It Cm bss:cwmax Ar ac Ar count 1995Set the CWmax channel access parameter to send to stations in a BSS. 1996This parameter is meaningful only when operating in ap mode. 1997.It Cm bss:txoplimit Ar ac Ar limit 1998Set the TxOpLimit channel access parameter to send to stations in a BSS. 1999This parameter is meaningful only when operating in ap mode. 2000.El 2001.It Cm wps 2002Enable Wireless Privacy Subscriber support. 2003Note that WPS support requires a WPS-capable supplicant. 2004To disable this function use 2005.Fl wps . 2006.El 2007.Pp 2008The following parameters support an optional access control list 2009feature available with some adapters when operating in ap mode; see 2010.Xr wlan_acl 4 . 2011This facility allows an access point to accept/deny association 2012requests based on the MAC address of the station. 2013Note that this feature does not significantly enhance security 2014as MAC address spoofing is easy to do. 2015.Bl -tag -width indent 2016.It Cm mac:add Ar address 2017Add the specified MAC address to the database. 2018Depending on the policy setting association requests from the 2019specified station will be allowed or denied. 2020.It Cm mac:allow 2021Set the ACL policy to permit association only by 2022stations registered in the database. 2023.It Cm mac:del Ar address 2024Delete the specified MAC address from the database. 2025.It Cm mac:deny 2026Set the ACL policy to deny association only by 2027stations registered in the database. 2028.It Cm mac:kick Ar address 2029Force the specified station to be deauthenticated. 2030This typically is done to block a station after updating the 2031address database. 2032.It Cm mac:open 2033Set the ACL policy to allow all stations to associate. 2034.It Cm mac:flush 2035Delete all entries in the database. 2036.It Cm mac:radius 2037Set the ACL policy to permit association only by 2038stations approved by a RADIUS server. 2039Note that this feature requires the 2040.Xr hostapd 8 2041program be configured to do the right thing 2042as it handles the RADIUS processing 2043(and marks stations as authorized). 2044.El 2045.Pp 2046The following parameters are related to a wireless interface operating in mesh 2047mode: 2048.Bl -tag -width indent 2049.It Cm meshid Ar meshid 2050Set the desired Mesh Identifier. 2051The Mesh ID is a string up to 32 characters in length. 2052A mesh interface must have a Mesh Identifier specified 2053to reach an operational state. 2054.It Cm meshttl Ar ttl 2055Set the desired ``time to live'' for mesh forwarded packets; 2056this is the number of hops a packet may be forwarded before 2057it is discarded. 2058The default setting for 2059.Cm meshttl 2060is 31. 2061.It Cm meshpeering 2062Enable or disable peering with neighbor mesh stations. 2063Stations must peer before any data packets can be exchanged. 2064By default 2065.Cm meshpeering 2066is enabled. 2067.It Cm meshforward 2068Enable or disable forwarding packets by a mesh interface. 2069By default 2070.Cm meshforward 2071is enabled. 2072.It Cm meshgate 2073This attribute specifies whether or not the mesh STA activates mesh gate 2074announcements. 2075By default 2076.Cm meshgate 2077is disabled. 2078.It Cm meshmetric Ar protocol 2079Set the specified 2080.Ar protocol 2081as the link metric protocol used on a mesh network. 2082The default protocol is called 2083.Ar AIRTIME . 2084The mesh interface will restart after changing this setting. 2085.It Cm meshpath Ar protocol 2086Set the specified 2087.Ar protocol 2088as the path selection protocol used on a mesh network. 2089The only available protocol at the moment is called 2090.Ar HWMP 2091(Hybrid Wireless Mesh Protocol). 2092The mesh interface will restart after changing this setting. 2093.It Cm hwmprootmode Ar mode 2094Stations on a mesh network can operate as ``root nodes.'' 2095Root nodes try to find paths to all mesh nodes and advertise themselves 2096regularly. 2097When there is a root mesh node on a network, other mesh nodes can setup 2098paths between themselves faster because they can use the root node 2099to find the destination. 2100This path may not be the best, but on-demand 2101routing will eventually find the best path. 2102The following modes are recognized: 2103.Pp 2104.Bl -tag -width ".Cm PROACTIVE" -compact 2105.It Cm DISABLED 2106Disable root mode. 2107.It Cm NORMAL 2108Send broadcast path requests every two seconds. 2109Nodes on the mesh without a path to this root mesh station with try to 2110discover a path to us. 2111.It Cm PROACTIVE 2112Send broadcast path requests every two seconds and every node must reply 2113with a path reply even if it already has a path to this root mesh station. 2114.It Cm RANN 2115Send broadcast root announcement (RANN) frames. 2116Nodes on the mesh without a path to this root mesh station with try to 2117discover a path to us. 2118.El 2119By default 2120.Cm hwmprootmode 2121is set to 2122.Ar DISABLED . 2123.It Cm hwmpmaxhops Ar cnt 2124Set the maximum number of hops allowed in an HMWP path to 2125.Ar cnt . 2126The default setting for 2127.Cm hwmpmaxhops 2128is 31. 2129.El 2130.Pp 2131The following parameters are for compatibility with other systems: 2132.Bl -tag -width indent 2133.It Cm nwid Ar ssid 2134Another name for the 2135.Cm ssid 2136parameter. 2137Included for 2138.Nx 2139compatibility. 2140.It Cm stationname Ar name 2141Set the name of this station. 2142The station name is not part of the IEEE 802.11 2143protocol though some interfaces support it. 2144As such it only 2145seems to be meaningful to identical or virtually identical equipment. 2146Setting the station name is identical in syntax to setting the SSID. 2147One can also use 2148.Cm station 2149for 2150.Bsx 2151compatibility. 2152.It Cm wep 2153Another way of saying 2154.Cm wepmode on . 2155Included for 2156.Bsx 2157compatibility. 2158.It Fl wep 2159Another way of saying 2160.Cm wepmode off . 2161Included for 2162.Bsx 2163compatibility. 2164.It Cm nwkey key 2165Another way of saying: 2166.Dq Li "wepmode on weptxkey 1 wepkey 1:key wepkey 2:- wepkey 3:- wepkey 4:-" . 2167Included for 2168.Nx 2169compatibility. 2170.It Cm nwkey Xo 2171.Sm off 2172.Ar n : k1 , k2 , k3 , k4 2173.Sm on 2174.Xc 2175Another way of saying 2176.Dq Li "wepmode on weptxkey n wepkey 1:k1 wepkey 2:k2 wepkey 3:k3 wepkey 4:k4" . 2177Included for 2178.Nx 2179compatibility. 2180.It Fl nwkey 2181Another way of saying 2182.Cm wepmode off . 2183Included for 2184.Nx 2185compatibility. 2186.El 2187.Pp 2188The following parameters are specific to bridge interfaces: 2189.Bl -tag -width indent 2190.It Cm addm Ar interface 2191Add the interface named by 2192.Ar interface 2193as a member of the bridge. 2194The interface is put into promiscuous mode 2195so that it can receive every packet sent on the network. 2196.It Cm deletem Ar interface 2197Remove the interface named by 2198.Ar interface 2199from the bridge. 2200Promiscuous mode is disabled on the interface when 2201it is removed from the bridge. 2202.It Cm maxaddr Ar size 2203Set the size of the bridge address cache to 2204.Ar size . 2205The default is 2000 entries. 2206.It Cm timeout Ar seconds 2207Set the timeout of address cache entries to 2208.Ar seconds 2209seconds. 2210If 2211.Ar seconds 2212is zero, then address cache entries will not be expired. 2213The default is 1200 seconds. 2214.It Cm addr 2215Display the addresses that have been learned by the bridge. 2216.It Cm static Ar interface-name Ar address 2217Add a static entry into the address cache pointing to 2218.Ar interface-name . 2219Static entries are never aged out of the cache or re-placed, even if the 2220address is seen on a different interface. 2221.It Cm deladdr Ar address 2222Delete 2223.Ar address 2224from the address cache. 2225.It Cm flush 2226Delete all dynamically-learned addresses from the address cache. 2227.It Cm flushall 2228Delete all addresses, including static addresses, from the address cache. 2229.It Cm discover Ar interface 2230Mark an interface as a 2231.Dq discovering 2232interface. 2233When the bridge has no address cache entry 2234(either dynamic or static) 2235for the destination address of a packet, 2236the bridge will forward the packet to all 2237member interfaces marked as 2238.Dq discovering . 2239This is the default for all interfaces added to a bridge. 2240.It Cm -discover Ar interface 2241Clear the 2242.Dq discovering 2243attribute on a member interface. 2244For packets without the 2245.Dq discovering 2246attribute, the only packets forwarded on the interface are broadcast 2247or multicast packets and packets for which the destination address 2248is known to be on the interface's segment. 2249.It Cm learn Ar interface 2250Mark an interface as a 2251.Dq learning 2252interface. 2253When a packet arrives on such an interface, the source 2254address of the packet is entered into the address cache as being a 2255destination address on the interface's segment. 2256This is the default for all interfaces added to a bridge. 2257.It Cm -learn Ar interface 2258Clear the 2259.Dq learning 2260attribute on a member interface. 2261.It Cm sticky Ar interface 2262Mark an interface as a 2263.Dq sticky 2264interface. 2265Dynamically learned address entries are treated at static once entered into 2266the cache. 2267Sticky entries are never aged out of the cache or replaced, even if the 2268address is seen on a different interface. 2269.It Cm -sticky Ar interface 2270Clear the 2271.Dq sticky 2272attribute on a member interface. 2273.It Cm private Ar interface 2274Mark an interface as a 2275.Dq private 2276interface. 2277A private interface does not forward any traffic to any other port that is also 2278a private interface. 2279.It Cm -private Ar interface 2280Clear the 2281.Dq private 2282attribute on a member interface. 2283.It Cm span Ar interface 2284Add the interface named by 2285.Ar interface 2286as a span port on the bridge. 2287Span ports transmit a copy of every frame received by the bridge. 2288This is most useful for snooping a bridged network passively on 2289another host connected to one of the span ports of the bridge. 2290.It Cm -span Ar interface 2291Delete the interface named by 2292.Ar interface 2293from the list of span ports of the bridge. 2294.It Cm stp Ar interface 2295Enable Spanning Tree protocol on 2296.Ar interface . 2297The 2298.Xr if_bridge 4 2299driver has support for the IEEE 802.1D Spanning Tree protocol (STP). 2300Spanning Tree is used to detect and remove loops in a network topology. 2301.It Cm -stp Ar interface 2302Disable Spanning Tree protocol on 2303.Ar interface . 2304This is the default for all interfaces added to a bridge. 2305.It Cm edge Ar interface 2306Set 2307.Ar interface 2308as an edge port. 2309An edge port connects directly to end stations cannot create bridging 2310loops in the network, this allows it to transition straight to forwarding. 2311.It Cm -edge Ar interface 2312Disable edge status on 2313.Ar interface . 2314.It Cm autoedge Ar interface 2315Allow 2316.Ar interface 2317to automatically detect edge status. 2318This is the default for all interfaces added to a bridge. 2319.It Cm -autoedge Ar interface 2320Disable automatic edge status on 2321.Ar interface . 2322.It Cm ptp Ar interface 2323Set the 2324.Ar interface 2325as a point to point link. 2326This is required for straight transitions to forwarding and 2327should be enabled on a direct link to another RSTP capable switch. 2328.It Cm -ptp Ar interface 2329Disable point to point link status on 2330.Ar interface . 2331This should be disabled for a half duplex link and for an interface 2332connected to a shared network segment, 2333like a hub or a wireless network. 2334.It Cm autoptp Ar interface 2335Automatically detect the point to point status on 2336.Ar interface 2337by checking the full duplex link status. 2338This is the default for interfaces added to the bridge. 2339.It Cm -autoptp Ar interface 2340Disable automatic point to point link detection on 2341.Ar interface . 2342.It Cm maxage Ar seconds 2343Set the time that a Spanning Tree protocol configuration is valid. 2344The default is 20 seconds. 2345The minimum is 6 seconds and the maximum is 40 seconds. 2346.It Cm fwddelay Ar seconds 2347Set the time that must pass before an interface begins forwarding 2348packets when Spanning Tree is enabled. 2349The default is 15 seconds. 2350The minimum is 4 seconds and the maximum is 30 seconds. 2351.It Cm hellotime Ar seconds 2352Set the time between broadcasting of Spanning Tree protocol 2353configuration messages. 2354The hello time may only be changed when operating in legacy stp mode. 2355The default is 2 seconds. 2356The minimum is 1 second and the maximum is 2 seconds. 2357.It Cm priority Ar value 2358Set the bridge priority for Spanning Tree. 2359The default is 32768. 2360The minimum is 0 and the maximum is 61440. 2361.It Cm proto Ar value 2362Set the Spanning Tree protocol. 2363The default is rstp. 2364The available options are stp and rstp. 2365.It Cm holdcnt Ar value 2366Set the transmit hold count for Spanning Tree. 2367This is the number of packets transmitted before being rate limited. 2368The default is 6. 2369The minimum is 1 and the maximum is 10. 2370.It Cm ifpriority Ar interface Ar value 2371Set the Spanning Tree priority of 2372.Ar interface 2373to 2374.Ar value . 2375The default is 128. 2376The minimum is 0 and the maximum is 240. 2377.It Cm ifpathcost Ar interface Ar value 2378Set the Spanning Tree path cost of 2379.Ar interface 2380to 2381.Ar value . 2382The default is calculated from the link speed. 2383To change a previously selected path cost back to automatic, set the 2384cost to 0. 2385The minimum is 1 and the maximum is 200000000. 2386.It Cm ifmaxaddr Ar interface Ar size 2387Set the maximum number of hosts allowed from an interface, packets with unknown 2388source addresses are dropped until an existing host cache entry expires or is 2389removed. 2390Set to 0 to disable. 2391.El 2392.Pp 2393The following parameters are specific to lagg interfaces: 2394.Bl -tag -width indent 2395.It Cm laggport Ar interface 2396Add the interface named by 2397.Ar interface 2398as a port of the aggregation interface. 2399.It Cm -laggport Ar interface 2400Remove the interface named by 2401.Ar interface 2402from the aggregation interface. 2403.It Cm laggproto Ar proto 2404Set the aggregation protocol. 2405The default is failover. 2406The available options are failover, fec, lacp, loadbalance, roundrobin and 2407none. 2408.It Cm lagghash Ar option Ns Oo , Ns Ar option Oc 2409Set the packet layers to hash for aggregation protocols which load balance. 2410The default is 2411.Dq l2,l3,l4 . 2412The options can be combined using commas. 2413.Pp 2414.Bl -tag -width ".Cm l2" -compact 2415.It Cm l2 2416src/dst mac address and optional vlan number. 2417.It Cm l3 2418src/dst address for IPv4 or IPv6. 2419.It Cm l4 2420src/dst port for TCP/UDP/SCTP. 2421.El 2422.Pp 2423.El 2424.Pp 2425The following parameters are specific to IP tunnel interfaces, 2426.Xr gif 4 : 2427.Bl -tag -width indent 2428.It Cm tunnel Ar src_addr dest_addr 2429Configure the physical source and destination address for IP tunnel 2430interfaces. 2431The arguments 2432.Ar src_addr 2433and 2434.Ar dest_addr 2435are interpreted as the outer source/destination for the encapsulating 2436IPv4/IPv6 header. 2437.It Fl tunnel 2438Unconfigure the physical source and destination address for IP tunnel 2439interfaces previously configured with 2440.Cm tunnel . 2441.It Cm deletetunnel 2442Another name for the 2443.Fl tunnel 2444parameter. 2445.It Cm accept_rev_ethip_ver 2446Set a flag to accept both correct EtherIP packets and ones 2447with reversed version field. 2448Enabled by default. 2449This is for backward compatibility with 2450.Fx 6.1 , 24516.2, 6.3, 7.0, and 7.1. 2452.It Cm -accept_rev_ethip_ver 2453Clear a flag 2454.Cm accept_rev_ethip_ver . 2455.It Cm ignore_source 2456Set a flag to accept encapsulated packets destined to this host 2457independently from source address. 2458This may be useful for hosts, that receive encapsulated packets 2459from the load balancers. 2460.It Cm -ignore_source 2461Clear a flag 2462.Cm ignore_source . 2463.It Cm send_rev_ethip_ver 2464Set a flag to send EtherIP packets with reversed version 2465field intentionally. 2466Disabled by default. 2467This is for backward compatibility with 2468.Fx 6.1 , 24696.2, 6.3, 7.0, and 7.1. 2470.It Cm -send_rev_ethip_ver 2471Clear a flag 2472.Cm send_rev_ethip_ver . 2473.El 2474.Pp 2475The following parameters are specific to GRE tunnel interfaces, 2476.Xr gre 4 : 2477.Bl -tag -width indent 2478.It Cm grekey Ar key 2479Configure the GRE key to be used for outgoing packets. 2480Note that 2481.Xr gre 4 will always accept GRE packets with invalid or absent keys. 2482This command will result in a four byte MTU reduction on the interface. 2483.El 2484.Pp 2485The following parameters are specific to 2486.Xr pfsync 4 2487interfaces: 2488.Bl -tag -width indent 2489.It Cm syncdev Ar iface 2490Use the specified interface 2491to send and receive pfsync state synchronisation messages. 2492.It Fl syncdev 2493Stop sending pfsync state synchronisation messages over the network. 2494.It Cm syncpeer Ar peer_address 2495Make the pfsync link point-to-point rather than using 2496multicast to broadcast the state synchronisation messages. 2497The peer_address is the IP address of the other host taking part in 2498the pfsync cluster. 2499.It Fl syncpeer 2500Broadcast the packets using multicast. 2501.It Cm maxupd Ar n 2502Set the maximum number of updates for a single state which 2503can be collapsed into one. 2504This is an 8-bit number; the default value is 128. 2505.It Cm defer 2506Defer transmission of the first packet in a state until a peer has 2507acknowledged that the associated state has been inserted. 2508.It Fl defer 2509Do not defer the first packet in a state. 2510This is the default. 2511.El 2512.Pp 2513The following parameters are specific to 2514.Xr vlan 4 2515interfaces: 2516.Bl -tag -width indent 2517.It Cm vlan Ar vlan_tag 2518Set the VLAN tag value to 2519.Ar vlan_tag . 2520This value is a 12-bit VLAN Identifier (VID) which is used to create an 802.1Q 2521VLAN header for packets sent from the 2522.Xr vlan 4 2523interface. 2524Note that 2525.Cm vlan 2526and 2527.Cm vlandev 2528must both be set at the same time. 2529.It Cm vlandev Ar iface 2530Associate the physical interface 2531.Ar iface 2532with a 2533.Xr vlan 4 2534interface. 2535Packets transmitted through the 2536.Xr vlan 4 2537interface will be 2538diverted to the specified physical interface 2539.Ar iface 2540with 802.1Q VLAN encapsulation. 2541Packets with 802.1Q encapsulation received 2542by the parent interface with the correct VLAN Identifier will be diverted to 2543the associated 2544.Xr vlan 4 2545pseudo-interface. 2546The 2547.Xr vlan 4 2548interface is assigned a 2549copy of the parent interface's flags and the parent's Ethernet address. 2550The 2551.Cm vlandev 2552and 2553.Cm vlan 2554must both be set at the same time. 2555If the 2556.Xr vlan 4 2557interface already has 2558a physical interface associated with it, this command will fail. 2559To 2560change the association to another physical interface, the existing 2561association must be cleared first. 2562.Pp 2563Note: if the hardware tagging capability 2564is set on the parent interface, the 2565.Xr vlan 4 2566pseudo 2567interface's behavior changes: 2568the 2569.Xr vlan 4 2570interface recognizes that the 2571parent interface supports insertion and extraction of VLAN tags on its 2572own (usually in firmware) and that it should pass packets to and from 2573the parent unaltered. 2574.It Fl vlandev Op Ar iface 2575If the driver is a 2576.Xr vlan 4 2577pseudo device, disassociate the parent interface from it. 2578This breaks the link between the 2579.Xr vlan 4 2580interface and its parent, 2581clears its VLAN Identifier, flags and its link address and shuts the interface 2582down. 2583The 2584.Ar iface 2585argument is useless and hence deprecated. 2586.El 2587.Pp 2588The following parameters are used to configure 2589.Xr carp 4 2590protocol on an interface: 2591.Bl -tag -width indent 2592.It Cm vhid Ar n 2593Set the virtual host ID. 2594This is a required setting to initiate 2595.Xr carp 4 . 2596If the virtual host ID does not exist yet, it is created and attached to the 2597interface, otherwise configuration of an existing vhid is adjusted. 2598If the 2599.Cm vhid 2600keyword is supplied along with an 2601.Dq inet6 2602or 2603.Dq inet 2604address, then this address is configured to be run under control of the 2605specified vhid. 2606Whenever a last address that refers to a particular vhid is removed from an 2607interface, the vhid is automatically removed from interface and destroyed. 2608Any other configuration parameters for the 2609.Xr carp 4 2610protocol should be supplied along with the 2611.Cm vhid 2612keyword. 2613Acceptable values for vhid are 1 to 255. 2614.It Cm advbase Ar seconds 2615Specifies the base of the advertisement interval in seconds. 2616The acceptable values are 1 to 255. 2617The default value is 1. 2618.It Cm advskew Ar interval 2619Specifies the skew to add to the base advertisement interval to 2620make one host advertise slower than another host. 2621It is specified in 1/256 of seconds. 2622The acceptable values are 1 to 254. 2623The default value is 0. 2624.It Cm pass Ar phrase 2625Set the authentication key to 2626.Ar phrase . 2627.It Cm state Ar MASTER|BACKUP 2628Forcibly change state of a given vhid. 2629.El 2630.Pp 2631The 2632.Nm 2633utility displays the current configuration for a network interface 2634when no optional parameters are supplied. 2635If a protocol family is specified, 2636.Nm 2637will report only the details specific to that protocol family. 2638.Pp 2639If the 2640.Fl m 2641flag is passed before an interface name, 2642.Nm 2643will display the capability list and all 2644of the supported media for the specified interface. 2645If 2646.Fl L 2647flag is supplied, address lifetime is displayed for IPv6 addresses, 2648as time offset string. 2649.Pp 2650Optionally, the 2651.Fl a 2652flag may be used instead of an interface name. 2653This flag instructs 2654.Nm 2655to display information about all interfaces in the system. 2656The 2657.Fl d 2658flag limits this to interfaces that are down, and 2659.Fl u 2660limits this to interfaces that are up. 2661When no arguments are given, 2662.Fl a 2663is implied. 2664.Pp 2665The 2666.Fl l 2667flag may be used to list all available interfaces on the system, with 2668no other additional information. 2669If an 2670.Ar address_family 2671is specified, only interfaces of that type will be listed. 2672.Fl l Dq ether 2673will list only Ethernet adapters, excluding the loopback interface. 2674Use of this flag is mutually exclusive 2675with all other flags and commands, except for 2676.Fl d 2677(only list interfaces that are down) 2678and 2679.Fl u 2680(only list interfaces that are up). 2681.Pp 2682The 2683.Fl v 2684flag may be used to get more verbose status for an interface. 2685.Pp 2686The 2687.Fl C 2688flag may be used to list all of the interface cloners available on 2689the system, with no additional information. 2690Use of this flag is mutually exclusive with all other flags and commands. 2691.Pp 2692The 2693.Fl k 2694flag causes keying information for the interface, if available, to be 2695printed. 2696For example, the values of 802.11 WEP keys and 2697.Xr carp 4 2698passphrases will be printed, if accessible to the current user. 2699This information is not printed by default, as it may be considered 2700sensitive. 2701.Pp 2702If the network interface driver is not present in the kernel then 2703.Nm 2704will attempt to load it. 2705The 2706.Fl n 2707flag disables this behavior. 2708.Pp 2709Only the super-user may modify the configuration of a network interface. 2710.Sh EXAMPLES 2711Assign the IPv4 address 2712.Li 192.0.2.10 , 2713with a network mask of 2714.Li 255.255.255.0 , 2715to the interface 2716.Li fxp0 : 2717.Dl # ifconfig fxp0 inet 192.0.2.10 netmask 255.255.255.0 2718.Pp 2719Add the IPv4 address 2720.Li 192.0.2.45 , 2721with the CIDR network prefix 2722.Li /28 , 2723to the interface 2724.Li ed0 , 2725using 2726.Cm add 2727as a synonym for the canonical form of the option 2728.Cm alias : 2729.Dl # ifconfig ed0 inet 192.0.2.45/28 add 2730.Pp 2731Remove the IPv4 address 2732.Li 192.0.2.45 2733from the interface 2734.Li ed0 : 2735.Dl # ifconfig ed0 inet 192.0.2.45 -alias 2736.Pp 2737Enable IPv6 functionality of the interface: 2738.Dl # ifconfig em0 inet6 -ifdisabled 2739.Pp 2740Add the IPv6 address 2741.Li 2001:DB8:DBDB::123/48 2742to the interface 2743.Li em0 : 2744.Dl # ifconfig em0 inet6 2001:db8:bdbd::123 prefixlen 48 alias 2745Note that lower case hexadecimal IPv6 addresses are acceptable. 2746.Pp 2747Remove the IPv6 address added in the above example, 2748using the 2749.Li / 2750character as shorthand for the network prefix, 2751and using 2752.Cm delete 2753as a synonym for the canonical form of the option 2754.Fl alias : 2755.Dl # ifconfig em0 inet6 2001:db8:bdbd::123/48 delete 2756.Pp 2757Configure a single CARP redundant address on igb0, and then switch it 2758to be master: 2759.Dl # ifconfig igb0 vhid 1 10.0.0.1/24 pass foobar up 2760.Dl # ifconfig igb0 vhid 1 state master 2761.Pp 2762Configure the interface 2763.Li xl0 , 2764to use 100baseTX, full duplex Ethernet media options: 2765.Dl # ifconfig xl0 media 100baseTX mediaopt full-duplex 2766.Pp 2767Label the em0 interface as an uplink: 2768.Dl # ifconfig em0 description \&"Uplink to Gigabit Switch 2\&" 2769.Pp 2770Create the software network interface 2771.Li gif1 : 2772.Dl # ifconfig gif1 create 2773.Pp 2774Destroy the software network interface 2775.Li gif1 : 2776.Dl # ifconfig gif1 destroy 2777.Pp 2778Display available wireless networks using 2779.Li wlan0 : 2780.Dl # ifconfig wlan0 list scan 2781.Sh DIAGNOSTICS 2782Messages indicating the specified interface does not exist, the 2783requested address is unknown, or the user is not privileged and 2784tried to alter an interface's configuration. 2785.Sh SEE ALSO 2786.Xr netstat 1 , 2787.Xr carp 4 , 2788.Xr gif 4 , 2789.Xr netintro 4 , 2790.Xr pfsync 4 , 2791.Xr polling 4 , 2792.Xr vlan 4 , 2793.Xr devd.conf 5 , 2794.\" .Xr eon 5 , 2795.Xr devd 8 , 2796.Xr rc 8 , 2797.Xr routed 8 , 2798.Xr jail 8 , 2799.Xr sysctl 8 2800.Sh HISTORY 2801The 2802.Nm 2803utility appeared in 2804.Bx 4.2 . 2805.Sh BUGS 2806Basic IPv6 node operation requires a link-local address on each 2807interface configured for IPv6. 2808Normally, such an address is automatically configured by the 2809kernel on each interface added to the system or enabled; this behavior may 2810be disabled by setting per-interface flag 2811.Cm -auto_linklocal . 2812The default value of this flag is 1 and can be disabled by using the sysctl 2813MIB variable 2814.Va net.inet6.ip6.auto_linklocal . 2815.Pp 2816Do not configure IPv6 addresses with no link-local address by using 2817.Nm . 2818It can result in unexpected behaviors of the kernel. 2819