xref: /trueos/sbin/ifconfig/ifconfig.8 (revision 5868f7205430cd67aa3b655419d3f15f83b70119)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 4. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
29.\" $FreeBSD$
30.\"
31.Dd May 15, 2015
32.Dt IFCONFIG 8
33.Os
34.Sh NAME
35.Nm ifconfig
36.Nd configure network interface parameters
37.Sh SYNOPSIS
38.Nm
39.Op Fl L
40.Op Fl k
41.Op Fl m
42.Op Fl n
43.Ar interface
44.Op Cm create
45.Ar address_family
46.Oo
47.Ar address
48.Op Ar dest_address
49.Oc
50.Op Ar parameters
51.Nm
52.Ar interface
53.Cm destroy
54.Nm
55.Fl a
56.Op Fl L
57.Op Fl d
58.Op Fl m
59.Op Fl u
60.Op Fl v
61.Op Ar address_family
62.Nm
63.Fl l
64.Op Fl d
65.Op Fl u
66.Op Ar address_family
67.Nm
68.Op Fl L
69.Op Fl d
70.Op Fl k
71.Op Fl m
72.Op Fl u
73.Op Fl v
74.Op Fl C
75.Nm
76.Op Fl g Ar groupname
77.Sh DESCRIPTION
78The
79.Nm
80utility is used to assign an address
81to a network interface and/or configure
82network interface parameters.
83The
84.Nm
85utility must be used at boot time to define the network address
86of each interface present on a machine; it may also be used at
87a later time to redefine an interface's address
88or other operating parameters.
89.Pp
90The following options are available:
91.Bl -tag -width indent
92.It Ar address
93For the
94.Tn DARPA Ns -Internet
95family,
96the address is either a host name present in the host name data
97base,
98.Xr hosts 5 ,
99or a
100.Tn DARPA
101Internet address expressed in the Internet standard
102.Dq dot notation .
103.Pp
104It is also possible to use the CIDR notation (also known as the
105slash notation) to include the netmask.
106That is, one can specify an address like
107.Li 192.168.0.1/16 .
108.Pp
109For the
110.Dq inet6
111family, it is also possible to specify the prefix length using the slash
112notation, like
113.Li ::1/128 .
114See the
115.Cm prefixlen
116parameter below for more information.
117.\" For the Xerox Network Systems(tm) family,
118.\" addresses are
119.\" .Ar net:a.b.c.d.e.f ,
120.\" where
121.\" .Ar net
122.\" is the assigned network number (in decimal),
123.\" and each of the six bytes of the host number,
124.\" .Ar a
125.\" through
126.\" .Ar f ,
127.\" are specified in hexadecimal.
128.\" The host number may be omitted on IEEE 802 protocol
129.\" (Ethernet, FDDI, and Token Ring) interfaces,
130.\" which use the hardware physical address,
131.\" and on interfaces other than the first.
132.\" For the
133.\" .Tn ISO
134.\" family, addresses are specified as a long hexadecimal string,
135.\" as in the Xerox family.
136.\" However, two consecutive dots imply a zero
137.\" byte, and the dots are optional, if the user wishes to (carefully)
138.\" count out long strings of digits in network byte order.
139.Pp
140The link-level
141.Pq Dq link
142address
143is specified as a series of colon-separated hex digits.
144This can be used to, for example,
145set a new MAC address on an Ethernet interface, though the
146mechanism used is not Ethernet specific.
147If the interface is already
148up when this option is used, it will be briefly brought down and
149then brought back up again in order to ensure that the receive
150filter in the underlying Ethernet hardware is properly reprogrammed.
151.It Ar address_family
152Specify the
153address family
154which affects interpretation of the remaining parameters.
155Since an interface can receive transmissions in differing protocols
156with different naming schemes, specifying the address family is recommended.
157The address or protocol families currently
158supported are
159.Dq inet ,
160.Dq inet6 ,
161.Dq atalk ,
162.Dq ipx ,
163.\" .Dq iso ,
164and
165.Dq link .
166.\" and
167.\" .Dq ns .
168The default if available is
169.Dq inet
170or otherwise
171.Dq link .
172.Dq ether
173and
174.Dq lladdr
175are synonyms for
176.Dq link .
177When using the
178.Fl l
179flag, the
180.Dq ether
181address family has special meaning and is no longer synonymous with
182.Dq link
183or
184.Dq lladdr .
185Specifying
186.Fl l Dq ether
187will list only Ethernet interfaces, excluding all other interface types,
188including the loopback interface.
189.It Ar dest_address
190Specify the address of the correspondent on the other end
191of a point to point link.
192.It Ar interface
193This
194parameter is a string of the form
195.Dq name unit ,
196for example,
197.Dq Li ed0 .
198.It Ar groupname
199List the interfaces in the given group.
200.El
201.Pp
202The following parameters may be set with
203.Nm :
204.Bl -tag -width indent
205.It Cm add
206Another name for the
207.Cm alias
208parameter.
209Introduced for compatibility
210with
211.Bsx .
212.It Cm alias
213Establish an additional network address for this interface.
214This is sometimes useful when changing network numbers, and
215one wishes to accept packets addressed to the old interface.
216If the address is on the same subnet as the first network address
217for this interface, a non-conflicting netmask must be given.
218Usually
219.Li 0xffffffff
220is most appropriate.
221.It Fl alias
222Remove the network address specified.
223This would be used if you incorrectly specified an alias, or it
224was no longer needed.
225If you have incorrectly set an NS address having the side effect
226of specifying the host portion, removing all NS addresses will
227allow you to respecify the host portion.
228.It Cm anycast
229(Inet6 only.)
230Specify that the address configured is an anycast address.
231Based on the current specification,
232only routers may configure anycast addresses.
233Anycast address will not be used as source address of any of outgoing
234IPv6 packets.
235.It Cm arp
236Enable the use of the Address Resolution Protocol
237.Pq Xr arp 4
238in mapping
239between network level addresses and link level addresses (default).
240This is currently implemented for mapping between
241.Tn DARPA
242Internet
243addresses and
244.Tn IEEE
245802 48-bit MAC addresses (Ethernet, FDDI, and Token Ring addresses).
246.It Fl arp
247Disable the use of the Address Resolution Protocol
248.Pq Xr arp 4 .
249.It Cm staticarp
250If the Address Resolution Protocol is enabled,
251the host will only reply to requests for its addresses,
252and will never send any requests.
253.It Fl staticarp
254If the Address Resolution Protocol is enabled,
255the host will perform normally,
256sending out requests and listening for replies.
257.It Cm broadcast
258(Inet only.)
259Specify the address to use to represent broadcasts to the
260network.
261The default broadcast address is the address with a host part of all 1's.
262.It Cm debug
263Enable driver dependent debugging code; usually, this turns on
264extra console error logging.
265.It Fl debug
266Disable driver dependent debugging code.
267.It Cm promisc
268Put interface into permanently promiscuous mode.
269.It Fl promisc
270Disable permanently promiscuous mode.
271.It Cm delete
272Another name for the
273.Fl alias
274parameter.
275.It Cm description Ar value , Cm descr Ar value
276Specify a description of the interface.
277This can be used to label interfaces in situations where they may
278otherwise be difficult to distinguish.
279.It Cm -description , Cm -descr
280Clear the interface description.
281.It Cm down
282Mark an interface
283.Dq down .
284When an interface is marked
285.Dq down ,
286the system will not attempt to
287transmit messages through that interface.
288If possible, the interface will be reset to disable reception as well.
289This action does not automatically disable routes using the interface.
290.It Cm group Ar group-name
291Assign the interface to a
292.Dq group .
293Any interface can be in multiple groups.
294.Pp
295Cloned interfaces are members of their interface family group by default.
296For example, a PPP interface such as
297.Em ppp0
298is a member of the PPP interface family group,
299.Em ppp .
300.\" The interface(s) the default route(s) point to are members of the
301.\" .Em egress
302.\" interface group.
303.It Cm -group Ar group-name
304Remove the interface from the given
305.Dq group .
306.It Cm eui64
307(Inet6 only.)
308Fill interface index
309(lowermost 64bit of an IPv6 address)
310automatically.
311.It Cm fib Ar fib_number
312Specify interface FIB.
313A FIB
314.Ar fib_number
315is assigned to all frames or packets received on that interface.
316The FIB is not inherited, e.g., vlans or other sub-interfaces will use
317the default FIB (0) irrespective of the parent interface's FIB.
318The kernel needs to be tuned to support more than the default FIB
319using the
320.Va ROUTETABLES
321kernel configuration option, or the
322.Va net.fibs
323tunable.
324.It Cm tunnelfib Ar fib_number
325Specify tunnel FIB.
326A FIB
327.Ar fib_number
328is assigned to all packets encapsulated by tunnel interface, e.g.,
329.Xr gif 4
330and
331.Xr gre 4 .
332.It Cm ipdst
333This is used to specify an Internet host who is willing to receive
334IP packets encapsulating IPX packets bound for a remote network.
335An apparent point to point link is constructed, and
336the address specified will be taken as the IPX address and network
337of the destination.
338.It Cm maclabel Ar label
339If Mandatory Access Control support is enabled in the kernel,
340set the MAC label to
341.Ar label .
342.\" (see
343.\" .Xr maclabel 7 ) .
344.It Cm media Ar type
345If the driver supports the media selection system, set the media type
346of the interface to
347.Ar type .
348Some interfaces support the mutually exclusive use of one of several
349different physical media connectors.
350For example, a 10Mbit/s Ethernet
351interface might support the use of either
352.Tn AUI
353or twisted pair connectors.
354Setting the media type to
355.Cm 10base5/AUI
356would change the currently active connector to the AUI port.
357Setting it to
358.Cm 10baseT/UTP
359would activate twisted pair.
360Refer to the interfaces' driver
361specific documentation or man page for a complete list of the
362available types.
363.It Cm mediaopt Ar opts
364If the driver supports the media selection system, set the specified
365media options on the interface.
366The
367.Ar opts
368argument
369is a comma delimited list of options to apply to the interface.
370Refer to the interfaces' driver specific man page for a complete
371list of available options.
372.It Fl mediaopt Ar opts
373If the driver supports the media selection system, disable the
374specified media options on the interface.
375.It Cm mode Ar mode
376If the driver supports the media selection system, set the specified
377operating mode on the interface to
378.Ar mode .
379For IEEE 802.11 wireless interfaces that support multiple operating modes
380this directive is used to select between 802.11a
381.Pq Cm 11a ,
382802.11b
383.Pq Cm 11b ,
384and 802.11g
385.Pq Cm 11g
386operating modes.
387.It Cm inst Ar minst , Cm instance Ar minst
388Set the media instance to
389.Ar minst .
390This is useful for devices which have multiple physical layer interfaces
391.Pq PHYs .
392.It Cm name Ar name
393Set the interface name to
394.Ar name .
395.It Cm rxcsum , txcsum , rxcsum6 , txcsum6
396If the driver supports user-configurable checksum offloading,
397enable receive (or transmit) checksum offloading on the interface.
398The feature can be turned on selectively per protocol family.
399Use
400.Cm rxcsum6 , txcsum6
401for
402.Xr ip6 4
403or
404.Cm rxcsum , txcsum
405otherwise.
406Some drivers may not be able to enable these flags independently
407of each other, so setting one may also set the other.
408The driver will offload as much checksum work as it can reliably
409support, the exact level of offloading varies between drivers.
410.It Fl rxcsum , txcsum , rxcsum6 , txcsum6
411If the driver supports user-configurable checksum offloading,
412disable receive (or transmit) checksum offloading on the interface.
413The feature can be turned off selectively per protocol family.
414Use
415.Fl rxcsum6 , txcsum6
416for
417.Xr ip6 4
418or
419.Fl rxcsum , txcsum
420otherwise.
421These settings may not always be independent of each other.
422.It Cm tso
423If the driver supports
424.Xr tcp 4
425segmentation offloading, enable TSO on the interface.
426Some drivers may not be able to support TSO for
427.Xr ip 4
428and
429.Xr ip6 4
430packets, so they may enable only one of them.
431.It Fl tso
432If the driver supports
433.Xr tcp 4
434segmentation offloading, disable TSO on the interface.
435It will always disable TSO for
436.Xr ip 4
437and
438.Xr ip6 4 .
439.It Cm tso6 , tso4
440If the driver supports
441.Xr tcp 4
442segmentation offloading for
443.Xr ip6 4
444or
445.Xr ip 4
446use one of these to selectively enabled it only for one protocol family.
447.It Fl tso6 , tso4
448If the driver supports
449.Xr tcp 4
450segmentation offloading for
451.Xr ip6 4
452or
453.Xr ip 4
454use one of these to selectively disable it only for one protocol family.
455.It Cm lro
456If the driver supports
457.Xr tcp 4
458large receive offloading, enable LRO on the interface.
459.It Fl lro
460If the driver supports
461.Xr tcp 4
462large receive offloading, disable LRO on the interface.
463.It Cm wol , wol_ucast , wol_mcast , wol_magic
464Enable Wake On Lan (WOL) support, if available.
465WOL is a facility whereby a machine in a low power state may be woken
466in response to a received packet.
467There are three types of packets that may wake a system:
468ucast (directed solely to the machine's mac address),
469mcast (directed to a broadcast or multicast address),
470or
471magic (unicast or multicast frames with a ``magic contents'').
472Not all devices support WOL, those that do indicate the mechanisms
473they support in their capabilities.
474.Cm wol
475is a synonym for enabling all available WOL mechanisms.
476To disable WOL use
477.Fl wol .
478.It Cm vlanmtu , vlanhwtag, vlanhwfilter, vlanhwcsum, vlanhwtso
479If the driver offers user-configurable VLAN support, enable
480reception of extended frames, tag processing in hardware,
481frame filtering in hardware, checksum offloading, or TSO on VLAN,
482respectively.
483Note that this must be issued on a physical interface associated with
484.Xr vlan 4 ,
485not on a
486.Xr vlan 4
487interface itself.
488.It Fl vlanmtu , vlanhwtag, vlanhwfilter, vlanhwtso
489If the driver offers user-configurable VLAN support, disable
490reception of extended frames, tag processing in hardware,
491frame filtering in hardware, or TSO on VLAN,
492respectively.
493.It Cm vnet Ar jail
494Move the interface to the
495.Xr jail 8 ,
496specified by name or JID.
497If the jail has a virtual network stack, the interface will disappear
498from the current environment and become visible to the jail.
499.It Fl vnet Ar jail
500Reclaim the interface from the
501.Xr jail 8 ,
502specified by name or JID.
503If the jail has a virtual network stack, the interface will disappear
504from the jail, and become visible to the current network environment.
505.It Cm polling
506Turn on
507.Xr polling 4
508feature and disable interrupts on the interface, if driver supports
509this mode.
510.It Fl polling
511Turn off
512.Xr polling 4
513feature and enable interrupt mode on the interface.
514.It Cm create
515Create the specified network pseudo-device.
516If the interface is given without a unit number, try to create a new
517device with an arbitrary unit number.
518If creation of an arbitrary device is successful, the new device name is
519printed to standard output unless the interface is renamed or destroyed
520in the same
521.Nm
522invocation.
523.It Cm destroy
524Destroy the specified network pseudo-device.
525.It Cm plumb
526Another name for the
527.Cm create
528parameter.
529Included for
530.Tn Solaris
531compatibility.
532.It Cm unplumb
533Another name for the
534.Cm destroy
535parameter.
536Included for
537.Tn Solaris
538compatibility.
539.It Cm metric Ar n
540Set the routing metric of the interface to
541.Ar n ,
542default 0.
543The routing metric is used by the routing protocol
544.Pq Xr routed 8 .
545Higher metrics have the effect of making a route
546less favorable; metrics are counted as additional hops
547to the destination network or host.
548.It Cm mtu Ar n
549Set the maximum transmission unit of the interface to
550.Ar n ,
551default is interface specific.
552The MTU is used to limit the size of packets that are transmitted on an
553interface.
554Not all interfaces support setting the MTU, and some interfaces have
555range restrictions.
556.It Cm netmask Ar mask
557.\" (Inet and ISO.)
558(Inet only.)
559Specify how much of the address to reserve for subdividing
560networks into sub-networks.
561The mask includes the network part of the local address
562and the subnet part, which is taken from the host field of the address.
563The mask can be specified as a single hexadecimal number
564with a leading
565.Ql 0x ,
566with a dot-notation Internet address,
567or with a pseudo-network name listed in the network table
568.Xr networks 5 .
569The mask contains 1's for the bit positions in the 32-bit address
570which are to be used for the network and subnet parts,
571and 0's for the host part.
572The mask should contain at least the standard network portion,
573and the subnet field should be contiguous with the network
574portion.
575.Pp
576The netmask can also be specified in CIDR notation after the address.
577See the
578.Ar address
579option above for more information.
580.It Cm prefixlen Ar len
581(Inet6 only.)
582Specify that
583.Ar len
584bits are reserved for subdividing networks into sub-networks.
585The
586.Ar len
587must be integer, and for syntactical reason it must be between 0 to 128.
588It is almost always 64 under the current IPv6 assignment rule.
589If the parameter is omitted, 64 is used.
590.Pp
591The prefix can also be specified using the slash notation after the address.
592See the
593.Ar address
594option above for more information.
595.\" see
596.\" Xr eon 5 .
597.\" .It Cm nsellength Ar n
598.\" .Pf ( Tn ISO
599.\" only)
600.\" This specifies a trailing number of bytes for a received
601.\" .Tn NSAP
602.\" used for local identification, the remaining leading part of which is
603.\" taken to be the
604.\" .Tn NET
605.\" (Network Entity Title).
606.\" The default value is 1, which is conformant to US
607.\" .Tn GOSIP .
608.\" When an ISO address is set in an ifconfig command,
609.\" it is really the
610.\" .Tn NSAP
611.\" which is being specified.
612.\" For example, in
613.\" .Tn US GOSIP ,
614.\" 20 hex digits should be
615.\" specified in the
616.\" .Tn ISO NSAP
617.\" to be assigned to the interface.
618.\" There is some evidence that a number different from 1 may be useful
619.\" for
620.\" .Tn AFI
621.\" 37 type addresses.
622.It Cm range Ar netrange
623Under appletalk, set the interface to respond to a
624.Ar netrange
625of the form
626.Ar startnet Ns - Ns Ar endnet .
627Appletalk uses this scheme instead of
628netmasks though
629.Fx
630implements it internally as a set of netmasks.
631.It Cm remove
632Another name for the
633.Fl alias
634parameter.
635Introduced for compatibility
636with
637.Bsx .
638.It Cm phase
639The argument following this specifies the version (phase) of the
640Appletalk network attached to the interface.
641Values of 1 or 2 are permitted.
642.Sm off
643.It Cm link Op Cm 0 No - Cm 2
644.Sm on
645Enable special processing of the link level of the interface.
646These three options are interface specific in actual effect, however,
647they are in general used to select special modes of operation.
648An example
649of this is to enable SLIP compression, or to select the connector type
650for some Ethernet cards.
651Refer to the man page for the specific driver
652for more information.
653.Sm off
654.It Fl link Op Cm 0 No - Cm 2
655.Sm on
656Disable special processing at the link level with the specified interface.
657.It Cm monitor
658Put the interface in monitor mode.
659No packets are transmitted, and received packets are discarded after
660.Xr bpf 4
661processing.
662.It Fl monitor
663Take the interface out of monitor mode.
664.It Cm up
665Mark an interface
666.Dq up .
667This may be used to enable an interface after an
668.Dq Nm Cm down .
669It happens automatically when setting the first address on an interface.
670If the interface was reset when previously marked down,
671the hardware will be re-initialized.
672.El
673.Pp
674The following parameters are for ICMPv6 Neighbor Discovery Protocol.
675Note that the address family keyword
676.Dq Li inet6
677is needed for them:
678.Bl -tag -width indent
679.It Cm accept_rtadv
680Set a flag to enable accepting ICMPv6 Router Advertisement messages.
681The
682.Xr sysctl 8
683variable
684.Va net.inet6.ip6.accept_rtadv
685controls whether this flag is set by default or not.
686.It Cm -accept_rtadv
687Clear a flag
688.Cm accept_rtadv .
689.It Cm no_radr
690Set a flag to control whether routers from which the system accepts
691Router Advertisement messages will be added to the Default Router List
692or not.
693When the
694.Cm accept_rtadv
695flag is disabled, this flag has no effect.
696The
697.Xr sysctl 8
698variable
699.Va net.inet6.ip6.no_radr
700controls whether this flag is set by default or not.
701.It Cm -no_radr
702Clear a flag
703.Cm no_radr .
704.It Cm auto_linklocal
705Set a flag to perform automatic link-local address configuration when
706the interface becomes available.
707The
708.Xr sysctl 8
709variable
710.Va net.inet6.ip6.auto_linklocal
711controls whether this flag is set by default or not.
712.It Cm -auto_linklocal
713Clear a flag
714.Cm auto_linklocal .
715.It Cm defaultif
716Set the specified interface as the default route when there is no
717default router.
718.It Cm -defaultif
719Clear a flag
720.Cm defaultif .
721.It Cm ifdisabled
722Set a flag to disable all of IPv6 network communications on the
723specified interface.
724Note that if there are already configured IPv6
725addresses on that interface, all of them are marked as
726.Dq tentative
727and DAD will be performed when this flag is cleared.
728.It Cm -ifdisabled
729Clear a flag
730.Cm ifdisabled .
731When this flag is cleared and
732.Cm auto_linklocal
733flag is enabled, automatic configuration of a link-local address is
734performed.
735.It Cm nud
736Set a flag to enable Neighbor Unreachability Detection.
737.It Cm -nud
738Clear a flag
739.Cm nud .
740.It Cm no_prefer_iface
741Set a flag to not prefer address on the interface as candidates of the
742source address for outgoing packets, even when the interface is
743outgoing interface.
744.It Cm -no_prefer_iface
745Clear a flag
746.Cm no_prefer_iface .
747.It Cm no_dad
748Set a flag to disable Duplicate Address Detection.
749.It Cm -no_dad
750Clear a flag
751.Cm no_dad .
752.It Cm ignoreloop
753Set a flag to disable loopback detection in Enhanced Duplicate Address
754Detection Algorithm.
755When this flag is set,
756Duplicate Address Detection will stop in a finite number of probings
757even if a loopback configuration is detected.
758.It Cm -ignoreloop
759Clear a flag
760.Cm ignoreloop .
761.El
762.Pp
763The following parameters are specific for IPv6 addresses.
764Note that the address family keyword
765.Dq Li inet6
766is needed for them:
767.Bl -tag -width indent
768.It Cm prefer_source
769Set a flag to prefer address as a candidate of the source address for
770outgoing packets.
771.It Cm -prefer_source
772Clear a flag
773.Cm prefer_source .
774.El
775.Pp
776The following parameters are specific to cloning
777IEEE 802.11 wireless interfaces with the
778.Cm create
779request:
780.Bl -tag -width indent
781.It Cm wlandev Ar device
782Use
783.Ar device
784as the parent for the cloned device.
785.It Cm wlanmode Ar mode
786Specify the operating mode for this cloned device.
787.Ar mode
788is one of
789.Cm sta ,
790.Cm ahdemo
791(or
792.Cm adhoc-demo ),
793.Cm ibss ,
794(or
795.Cm adhoc ),
796.Cm ap ,
797(or
798.Cm hostap ),
799.Cm wds ,
800.Cm tdma ,
801.Cm mesh ,
802and
803.Cm monitor .
804The operating mode of a cloned interface cannot be changed.
805The
806.Cm tdma
807mode is actually implemented as an
808.Cm adhoc-demo
809interface with special properties.
810.It Cm wlanbssid Ar bssid
811The 802.11 mac address to use for the bssid.
812This must be specified at create time for a legacy
813.Cm wds
814device.
815.It Cm wlanaddr Ar address
816The local mac address.
817If this is not specified then a mac address will automatically be assigned
818to the cloned device.
819Typically this address is the same as the address of the parent device
820but if the
821.Cm bssid
822parameter is specified then the driver will craft a unique address for
823the device (if supported).
824.It Cm wdslegacy
825Mark a
826.Cm wds
827device as operating in ``legacy mode''.
828Legacy
829.Cm wds
830devices have a fixed peer relationship and do not, for example, roam
831if their peer stops communicating.
832For completeness a Dynamic WDS (DWDS) interface may marked as
833.Fl wdslegacy .
834.It Cm bssid
835Request a unique local mac address for the cloned device.
836This is only possible if the device supports multiple mac addresses.
837To force use of the parent's mac address use
838.Fl bssid .
839.It Cm beacons
840Mark the cloned interface as depending on hardware support to
841track received beacons.
842To have beacons tracked in software use
843.Fl beacons .
844For
845.Cm hostap
846mode
847.Fl beacons
848can also be used to indicate no beacons should
849be transmitted; this can be useful when creating a WDS configuration but
850.Cm wds
851interfaces can only be created as companions to an access point.
852.El
853.Pp
854The following parameters are specific to IEEE 802.11 wireless interfaces
855cloned with a
856.Cm create
857operation:
858.Bl -tag -width indent
859.It Cm ampdu
860Enable sending and receiving AMPDU frames when using 802.11n (default).
861The 802.11n specification states a compliant station must be capable
862of receiving AMPDU frames but transmission is optional.
863Use
864.Fl ampdu
865to disable all use of AMPDU with 802.11n.
866For testing and/or to work around interoperability problems one can use
867.Cm ampdutx
868and
869.Cm ampdurx
870to control use of AMPDU in one direction.
871.It Cm ampdudensity Ar density
872Set the AMPDU density parameter used when operating with 802.11n.
873This parameter controls the inter-packet gap for AMPDU frames.
874The sending device normally controls this setting but a receiving station
875may request wider gaps.
876Legal values for
877.Ar density
878are 0, .25, .5, 1, 2, 4, 8, and 16 (microseconds).
879A value of
880.Cm -
881is treated the same as 0.
882.It Cm ampdulimit Ar limit
883Set the limit on packet size for receiving AMPDU frames when operating
884with 802.11n.
885Legal values for
886.Ar limit
887are 8192, 16384, 32768, and 65536 but one can also specify
888just the unique prefix: 8, 16, 32, 64.
889Note the sender may limit the size of AMPDU frames to be less
890than the maximum specified by the receiving station.
891.It Cm amsdu
892Enable sending and receiving AMSDU frames when using 802.11n.
893By default AMSDU is received but not transmitted.
894Use
895.Fl amsdu
896to disable all use of AMSDU with 802.11n.
897For testing and/or to work around interoperability problems one can use
898.Cm amsdutx
899and
900.Cm amsdurx
901to control use of AMSDU in one direction.
902.It Cm amsdulimit Ar limit
903Set the limit on packet size for sending and receiving AMSDU frames
904when operating with 802.11n.
905Legal values for
906.Ar limit
907are 7935 and 3839 (bytes).
908Note the sender may limit the size of AMSDU frames to be less
909than the maximum specified by the receiving station.
910Note also that devices are not required to support the 7935 limit,
911only 3839 is required by the specification and the larger value
912may require more memory to be dedicated to support functionality
913that is rarely used.
914.It Cm apbridge
915When operating as an access point, pass packets between
916wireless clients directly (default).
917To instead let them pass up through the
918system and be forwarded using some other mechanism, use
919.Fl apbridge .
920Disabling the internal bridging
921is useful when traffic is to be processed with
922packet filtering.
923.It Cm authmode Ar mode
924Set the desired authentication mode in infrastructure mode.
925Not all adapters support all modes.
926The set of
927valid modes is
928.Cm none , open , shared
929(shared key),
930.Cm 8021x
931(IEEE 802.1x),
932and
933.Cm wpa
934(IEEE WPA/WPA2/802.11i).
935The
936.Cm 8021x
937and
938.Cm wpa
939modes are only useful when using an authentication service
940(a supplicant for client operation or an authenticator when
941operating as an access point).
942Modes are case insensitive.
943.It Cm bgscan
944Enable background scanning when operating as a station.
945Background scanning is a technique whereby a station associated to
946an access point will temporarily leave the channel to scan for
947neighboring stations.
948This allows a station to maintain a cache of nearby access points
949so that roaming between access points can be done without
950a lengthy scan operation.
951Background scanning is done only when a station is not busy and
952any outbound traffic will cancel a scan operation.
953Background scanning should never cause packets to be lost though
954there may be some small latency if outbound traffic interrupts a
955scan operation.
956By default background scanning is enabled if the device is capable.
957To disable background scanning, use
958.Fl bgscan .
959Background scanning is controlled by the
960.Cm bgscanidle
961and
962.Cm bgscanintvl
963parameters.
964Background scanning must be enabled for roaming; this is an artifact
965of the current implementation and may not be required in the future.
966.It Cm bgscanidle Ar idletime
967Set the minimum time a station must be idle (not transmitting or
968receiving frames) before a background scan is initiated.
969The
970.Ar idletime
971parameter is specified in milliseconds.
972By default a station must be idle at least 250 milliseconds before
973a background scan is initiated.
974The idle time may not be set to less than 100 milliseconds.
975.It Cm bgscanintvl Ar interval
976Set the interval at which background scanning is attempted.
977The
978.Ar interval
979parameter is specified in seconds.
980By default a background scan is considered every 300 seconds (5 minutes).
981The
982.Ar interval
983may not be set to less than 15 seconds.
984.It Cm bintval Ar interval
985Set the interval at which beacon frames are sent when operating in
986ad-hoc or ap mode.
987The
988.Ar interval
989parameter is specified in TU's (1024 usecs).
990By default beacon frames are transmitted every 100 TU's.
991.It Cm bmissthreshold Ar count
992Set the number of consecutive missed beacons at which the station
993will attempt to roam (i.e., search for a new access point).
994The
995.Ar count
996parameter must be in the range 1 to 255; though the
997upper bound may be reduced according to device capabilities.
998The default threshold is 7 consecutive missed beacons; but
999this may be overridden by the device driver.
1000Another name for the
1001.Cm bmissthreshold
1002parameter is
1003.Cm bmiss .
1004.It Cm bssid Ar address
1005Specify the MAC address of the access point to use when operating
1006as a station in a BSS network.
1007This overrides any automatic selection done by the system.
1008To disable a previously selected access point, supply
1009.Cm any , none ,
1010or
1011.Cm -
1012for the address.
1013This option is useful when more than one access point uses the same SSID.
1014Another name for the
1015.Cm bssid
1016parameter is
1017.Cm ap .
1018.It Cm burst
1019Enable packet bursting.
1020Packet bursting is a transmission technique whereby the wireless
1021medium is acquired once to send multiple frames and the interframe
1022spacing is reduced.
1023This technique can significantly increase throughput by reducing
1024transmission overhead.
1025Packet bursting is supported by the 802.11e QoS specification
1026and some devices that do not support QoS may still be capable.
1027By default packet bursting is enabled if a device is capable
1028of doing it.
1029To disable packet bursting, use
1030.Fl burst .
1031.It Cm chanlist Ar channels
1032Set the desired channels to use when scanning for access
1033points, neighbors in an IBSS network, or looking for unoccupied
1034channels when operating as an access point.
1035The set of channels is specified as a comma-separated list with
1036each element in the list representing either a single channel number or a range
1037of the form
1038.Dq Li a-b .
1039Channel numbers must be in the range 1 to 255 and be permissible
1040according to the operating characteristics of the device.
1041.It Cm channel Ar number
1042Set a single desired channel.
1043Channels range from 1 to 255, but the exact selection available
1044depends on the region your adaptor was manufactured for.
1045Setting
1046the channel to
1047.Li any ,
1048or
1049.Cm -
1050will clear any desired channel and, if the device is marked up,
1051force a scan for a channel to operate on.
1052Alternatively the frequency, in megahertz, may be specified
1053instead of the channel number.
1054.Pp
1055When there are several ways to use a channel the channel
1056number/frequency may be appended with attributes to clarify.
1057For example, if a device is capable of operating on channel 6
1058with 802.11n and 802.11g then one can specify that g-only use
1059should be used by specifying ``6:g''.
1060Similarly the channel width can be specified by appending it
1061with ``/''; e.g., ``6/40'' specifies a 40MHz wide channel,
1062These attributes can be combined as in: ``6:ht/40''.
1063The full set of flags specified following a ``:'' are:
1064.Cm a
1065(802.11a),
1066.Cm b
1067(802.11b),
1068.Cm d
1069(Atheros Dynamic Turbo mode),
1070.Cm g
1071(802.11g),
1072.Cm h
1073or
1074.Cm n
1075(802.11n aka HT),
1076.Cm s
1077(Atheros Static Turbo mode),
1078and
1079.Cm t
1080(Atheros Dynamic Turbo mode, or appended to ``st'' and ``dt'').
1081The full set of channel widths following a '/' are:
1082.Cm 5
1083(5MHz aka quarter-rate channel),
1084.Cm 10
1085(10MHz aka half-rate channel),
1086.Cm 20
1087(20MHz mostly for use in specifying ht20),
1088and
1089.Cm 40
1090(40MHz mostly for use in specifying ht40).
1091In addition,
1092a 40MHz HT channel specification may include the location
1093of the extension channel by appending ``+'' or ``-'' for above and below,
1094respectively; e.g., ``2437:ht/40+'' specifies 40MHz wide HT operation
1095with the center channel at frequency 2437 and the extension channel above.
1096.It Cm country Ar name
1097Set the country code to use in calculating the regulatory constraints
1098for operation.
1099In particular the set of available channels, how the wireless device
1100will operation on the channels, and the maximum transmit power that
1101can be used on a channel are defined by this setting.
1102Country/Region codes are specified as a 2-character abbreviation
1103defined by ISO 3166 or using a longer, but possibly ambiguous, spelling;
1104e.g., "ES" and "Spain".
1105The set of country codes are taken from
1106.Pa /etc/regdomain.xml
1107and can also
1108be viewed with the ``list countries'' request.
1109Note that not all devices support changing the country code from a default
1110setting; typically stored in EEPROM.
1111See also
1112.Cm regdomain ,
1113.Cm indoor ,
1114.Cm outdoor ,
1115and
1116.Cm anywhere .
1117.It Cm dfs
1118Enable Dynamic Frequency Selection (DFS) as specified in 802.11h.
1119DFS embodies several facilities including detection of overlapping
1120radar signals, dynamic transmit power control, and channel selection
1121according to a least-congested criteria.
1122DFS support is mandatory for some 5GHz frequencies in certain
1123locales (e.g., ETSI).
1124By default DFS is enabled according to the regulatory definitions
1125specified in
1126.Pa /etc/regdomain.xml
1127and the current country code, regdomain,
1128and channel.
1129Note the underlying device (and driver) must support radar detection
1130for full DFS support to work.
1131To be fully compliant with the local regulatory agency frequencies that
1132require DFS should not be used unless it is fully supported.
1133Use
1134.Fl dfs
1135to disable this functionality for testing.
1136.It Cm dotd
1137Enable support for the 802.11d specification (default).
1138When this support is enabled in station mode, beacon frames that advertise
1139a country code different than the currently configured country code will
1140cause an event to be dispatched to user applications.
1141This event can be used by the station to adopt that country code and
1142operate according to the associated regulatory constraints.
1143When operating as an access point with 802.11d enabled the beacon and
1144probe response frames transmitted will advertise the current regulatory
1145domain settings.
1146To disable 802.11d use
1147.Fl dotd .
1148.It Cm doth
1149Enable 802.11h support including spectrum management.
1150When 802.11h is enabled beacon and probe response frames will have
1151the SpectrumMgt bit set in the capabilities field and
1152country and power constraint information elements will be present.
1153802.11h support also includes handling Channel Switch Announcements (CSA)
1154which are a mechanism to coordinate channel changes by an access point.
1155By default 802.11h is enabled if the device is capable.
1156To disable 802.11h use
1157.Fl doth .
1158.It Cm deftxkey Ar index
1159Set the default key to use for transmission.
1160Typically this is only set when using WEP encryption.
1161Note that you must set a default transmit key
1162for the system to know which key to use in encrypting outbound traffic.
1163The
1164.Cm weptxkey
1165is an alias for this request; it is provided for backwards compatibility.
1166.It Cm dtimperiod Ar period
1167Set the
1168DTIM
1169period for transmitting buffered multicast data frames when
1170operating in ap mode.
1171The
1172.Ar period
1173specifies the number of beacon intervals between DTIM
1174and must be in the range 1 to 15.
1175By default DTIM is 1 (i.e., DTIM occurs at each beacon).
1176.It Cm quiet
1177Enable the use of quiet IE.
1178Hostap will use this to silence other
1179stations to reduce interference for radar detection when
1180operating on 5GHz frequency and doth support is enabled.
1181Use
1182.Fl quiet
1183to disable this functionality.
1184.It Cm quiet_period Ar period
1185Set the QUIET
1186.Ar period
1187to the number of beacon intervals between the start of regularly
1188scheduled quiet intervals defined by Quiet element.
1189.It Cm quiet_count Ar count
1190Set the QUIET
1191.Ar count
1192to the number of TBTTs until the beacon interval during which the
1193next quiet interval shall start.
1194A value of 1 indicates the quiet
1195interval will start during the beacon interval starting at the next
1196TBTT.
1197A value 0 is reserved.
1198.It Cm quiet_offset Ar offset
1199Set the QUIET
1200.Ar offset
1201to the offset of the start of the quiet interval from the TBTT
1202specified by the Quiet count, expressed in TUs.
1203The value of the
1204.Ar offset
1205shall be less than one beacon interval.
1206.It Cm quiet_duration Ar dur
1207Set the QUIET
1208.Ar dur
1209to the duration of the Quiet interval, expressed in TUs.
1210The value should be less than beacon interval.
1211.It Cm dturbo
1212Enable the use of Atheros Dynamic Turbo mode when communicating with
1213another Dynamic Turbo-capable station.
1214Dynamic Turbo mode is an Atheros-specific mechanism by which
1215stations switch between normal 802.11 operation and a ``boosted''
1216mode in which a 40MHz wide channel is used for communication.
1217Stations using Dynamic Turbo mode operate boosted only when the
1218channel is free of non-dturbo stations; when a non-dturbo station
1219is identified on the channel all stations will automatically drop
1220back to normal operation.
1221By default, Dynamic Turbo mode is not enabled, even if the device is capable.
1222Note that turbo mode (dynamic or static) is only allowed on some
1223channels depending on the regulatory constraints; use the
1224.Cm list chan
1225command to identify the channels where turbo mode may be used.
1226To disable Dynamic Turbo mode use
1227.Fl dturbo .
1228.It Cm dwds
1229Enable Dynamic WDS (DWDS) support.
1230DWDS is a facility by which 4-address traffic can be carried between
1231stations operating in infrastructure mode.
1232A station first associates to an access point and authenticates using
1233normal procedures (e.g., WPA).
1234Then 4-address frames are passed to carry traffic for stations
1235operating on either side of the wireless link.
1236DWDS extends the normal WDS mechanism by leveraging existing security
1237protocols and eliminating static binding.
1238.Pp
1239When DWDS is enabled on an access point 4-address frames received from
1240an authorized station will generate a ``DWDS discovery'' event to user
1241applications.
1242This event should be used to create a WDS interface that is bound
1243to the remote station (and usually plumbed into a bridge).
1244Once the WDS interface is up and running 4-address traffic then logically
1245flows through that interface.
1246.Pp
1247When DWDS is enabled on a station, traffic with a destination address
1248different from the peer station are encapsulated in a 4-address frame
1249and transmitted to the peer.
1250All 4-address traffic uses the security information of the stations
1251(e.g., cryptographic keys).
1252A station is associated using 802.11n facilities may transport
12534-address traffic using these same mechanisms; this depends on available
1254resources and capabilities of the device.
1255The DWDS implementation guards against layer 2 routing loops of
1256multicast traffic.
1257.It Cm ff
1258Enable the use of Atheros Fast Frames when communicating with
1259another Fast Frames-capable station.
1260Fast Frames are an encapsulation technique by which two 802.3
1261frames are transmitted in a single 802.11 frame.
1262This can noticeably improve throughput but requires that the
1263receiving station understand how to decapsulate the frame.
1264Fast frame use is negotiated using the Atheros 802.11 vendor-specific
1265protocol extension so enabling use is safe when communicating with
1266non-Atheros devices.
1267By default, use of fast frames is enabled if the device is capable.
1268To explicitly disable fast frames, use
1269.Fl ff .
1270.It Cm fragthreshold Ar length
1271Set the threshold for which transmitted frames are broken into fragments.
1272The
1273.Ar length
1274argument is the frame size in bytes and must be in the range 256 to 2346.
1275Setting
1276.Ar length
1277to
1278.Li 2346 ,
1279.Cm any ,
1280or
1281.Cm -
1282disables transmit fragmentation.
1283Not all adapters honor the fragmentation threshold.
1284.It Cm hidessid
1285When operating as an access point, do not broadcast the SSID
1286in beacon frames or respond to probe request frames unless
1287they are directed to the ap (i.e., they include the ap's SSID).
1288By default, the SSID is included in beacon frames and
1289undirected probe request frames are answered.
1290To re-enable the broadcast of the SSID etc., use
1291.Fl hidessid .
1292.It Cm ht
1293Enable use of High Throughput (HT) when using 802.11n (default).
1294The 802.11n specification includes mechanisms for operation
1295on 20MHz and 40MHz wide channels using different signalling mechanisms
1296than specified in 802.11b, 802.11g, and 802.11a.
1297Stations negotiate use of these facilities, termed HT20 and HT40,
1298when they associate.
1299To disable all use of 802.11n use
1300.Fl ht .
1301To disable use of HT20 (e.g., to force only HT40 use) use
1302.Fl ht20 .
1303To disable use of HT40 use
1304.Fl ht40 .
1305.Pp
1306HT configuration is used to ``auto promote'' operation
1307when several choices are available.
1308For example, if a station associates to an 11n-capable access point
1309it controls whether the station uses legacy operation, HT20, or HT40.
1310When an 11n-capable device is setup as an access point and
1311Auto Channel Selection is used to locate a channel to operate on,
1312HT configuration controls whether legacy, HT20, or HT40 operation is setup
1313on the selected channel.
1314If a fixed channel is specified for a station then HT configuration can
1315be given as part of the channel specification; e.g., 6:ht/20 to setup
1316HT20 operation on channel 6.
1317.It Cm htcompat
1318Enable use of compatibility support for pre-802.11n devices (default).
1319The 802.11n protocol specification went through several incompatible iterations.
1320Some vendors implemented 11n support to older specifications that
1321will not interoperate with a purely 11n-compliant station.
1322In particular the information elements included in management frames
1323for old devices are different.
1324When compatibility support is enabled both standard and compatible data
1325will be provided.
1326Stations that associate using the compatibility mechanisms are flagged
1327in ``list sta''.
1328To disable compatibility support use
1329.Fl htcompat .
1330.It Cm htprotmode Ar technique
1331For interfaces operating in 802.11n, use the specified
1332.Ar technique
1333for protecting HT frames in a mixed legacy/HT network.
1334The set of valid techniques is
1335.Cm off ,
1336and
1337.Cm rts
1338(RTS/CTS, default).
1339Technique names are case insensitive.
1340.It Cm inact
1341Enable inactivity processing for stations associated to an
1342access point (default).
1343When operating as an access point the 802.11 layer monitors
1344the activity of each associated station.
1345When a station is inactive for 5 minutes it will send several
1346``probe frames'' to see if the station is still present.
1347If no response is received then the station is deauthenticated.
1348Applications that prefer to handle this work can disable this
1349facility by using
1350.Fl inact .
1351.It Cm indoor
1352Set the location to use in calculating regulatory constraints.
1353The location is also advertised in beacon and probe response frames
1354when 802.11d is enabled with
1355.Cm dotd .
1356See also
1357.Cm outdoor ,
1358.Cm anywhere ,
1359.Cm country ,
1360and
1361.Cm regdomain .
1362.It Cm list active
1363Display the list of channels available for use taking into account
1364any restrictions set with the
1365.Cm chanlist
1366directive.
1367See the description of
1368.Cm list chan
1369for more information.
1370.It Cm list caps
1371Display the adaptor's capabilities, including the operating
1372modes supported.
1373.It Cm list chan
1374Display the list of channels available for use.
1375Channels are shown with their IEEE channel number, equivalent
1376frequency, and usage modes.
1377Channels identified as
1378.Ql 11g
1379are also usable in
1380.Ql 11b
1381mode.
1382Channels identified as
1383.Ql 11a Turbo
1384may be used only for Atheros' Static Turbo mode
1385(specified with
1386. Cm mediaopt turbo ) .
1387Channels marked with a
1388.Ql *
1389have a regulatory constraint that they be passively scanned.
1390This means a station is not permitted to transmit on the channel until
1391it identifies the channel is being used for 802.11 communication;
1392typically by hearing a beacon frame from an access point operating
1393on the channel.
1394.Cm list freq
1395is another way of requesting this information.
1396By default a compacted list of channels is displayed; if the
1397.Fl v
1398option is specified then all channels are shown.
1399.It Cm list countries
1400Display the set of country codes and regulatory domains that can be
1401used in regulatory configuration.
1402.It Cm list mac
1403Display the current MAC Access Control List state.
1404Each address is prefixed with a character that indicates the
1405current policy applied to it:
1406.Ql +
1407indicates the address is allowed access,
1408.Ql -
1409indicates the address is denied access,
1410.Ql *
1411indicates the address is present but the current policy open
1412(so the ACL is not consulted).
1413.It Cm list mesh
1414Displays the mesh routing table, used for forwarding packets on a mesh
1415network.
1416.It Cm list regdomain
1417Display the current regulatory settings including the available channels
1418and transmit power caps.
1419.It Cm list roam
1420Display the parameters that govern roaming operation.
1421.It Cm list txparam
1422Display the parameters that govern transmit operation.
1423.It Cm list txpower
1424Display the transmit power caps for each channel.
1425.It Cm list scan
1426Display the access points and/or ad-hoc neighbors
1427located in the vicinity.
1428This information may be updated automatically by the adapter
1429with a
1430.Cm scan
1431request or through background scanning.
1432Depending on the capabilities of the stations the following
1433flags can be included in the output:
1434.Bl -tag -width 3n
1435.It Li A
1436Authorized.
1437Indicates that the station is permitted to send/receive data frames.
1438.It Li E
1439Extended Rate Phy (ERP).
1440Indicates that the station is operating in an 802.11g network
1441using extended transmit rates.
1442.It Li H
1443High Throughput (HT).
1444Indicates that the station is using HT transmit rates.
1445If a `+' follows immediately after then the station associated
1446using deprecated mechanisms supported only when
1447.Cm htcompat
1448is enabled.
1449.It Li P
1450Power Save.
1451Indicates that the station is operating in power save mode.
1452.It Li Q
1453Quality of Service (QoS).
1454Indicates that the station is using QoS encapsulation for
1455data frame.
1456QoS encapsulation is enabled only when WME mode is enabled.
1457.It Li S
1458Short Preamble.
1459Indicates that the station is doing short preamble to optionally
1460improve throughput performance with 802.11g and 802.11b.
1461.It Li T
1462Transitional Security Network (TSN).
1463Indicates that the station associated using TSN; see also
1464.Cm tsn
1465below.
1466.It Li W
1467Wi-Fi Protected Setup (WPS).
1468Indicates that the station associated using WPS.
1469.El
1470.Pp
1471By default interesting information elements captured from the neighboring
1472stations are displayed at the end of each row.
1473Possible elements include:
1474.Cm WME
1475(station supports WME),
1476.Cm WPA
1477(station supports WPA),
1478.Cm WPS
1479(station supports WPS),
1480.Cm RSN
1481(station supports 802.11i/RSN),
1482.Cm HTCAP
1483(station supports 802.11n/HT communication),
1484.Cm ATH
1485(station supports Atheros protocol extensions),
1486.Cm VEN
1487(station supports unknown vendor-specific extensions).
1488If the
1489.Fl v
1490flag is used all the information elements and their
1491contents will be shown.
1492Specifying the
1493.Fl v
1494flag also enables display of long SSIDs.
1495The
1496.Cm list ap
1497command is another way of requesting this information.
1498.It Cm list sta
1499When operating as an access point display the stations that are
1500currently associated.
1501When operating in ad-hoc mode display stations identified as
1502neighbors in the IBSS.
1503When operating in mesh mode display stations identified as
1504neighbors in the MBSS.
1505When operating in station mode display the access point.
1506Capabilities advertised by the stations are described under
1507the
1508.Cm scan
1509request.
1510Depending on the capabilities of the stations the following
1511flags can be included in the output:
1512.Bl -tag -width 3n
1513.It Li A
1514Authorized.
1515Indicates that the station is permitted to send/receive data frames.
1516.It Li E
1517Extended Rate Phy (ERP).
1518Indicates that the station is operating in an 802.11g network
1519using extended transmit rates.
1520.It Li H
1521High Throughput (HT).
1522Indicates that the station is using HT transmit rates.
1523If a `+' follows immediately after then the station associated
1524using deprecated mechanisms supported only when
1525.Cm htcompat
1526is enabled.
1527.It Li P
1528Power Save.
1529Indicates that the station is operating in power save mode.
1530.It Li Q
1531Quality of Service (QoS).
1532Indicates that the station is using QoS encapsulation for
1533data frame.
1534QoS encapsulation is enabled only when WME mode is enabled.
1535.It Li S
1536Short Preamble.
1537Indicates that the station is doing short preamble to optionally
1538improve throughput performance with 802.11g and 802.11b.
1539.It Li T
1540Transitional Security Network (TSN).
1541Indicates that the station associated using TSN; see also
1542.Cm tsn
1543below.
1544.It Li W
1545Wi-Fi Protected Setup (WPS).
1546Indicates that the station associated using WPS.
1547.El
1548.Pp
1549By default information elements received from associated stations
1550are displayed in a short form; the
1551.Fl v
1552flag causes this information to be displayed symbolically.
1553.It Cm list wme
1554Display the current channel parameters to use when operating in WME mode.
1555If the
1556.Fl v
1557option is specified then both channel and BSS parameters are displayed
1558for each AC (first channel, then BSS).
1559When WME mode is enabled for an adaptor this information will be
1560displayed with the regular status; this command is mostly useful
1561for examining parameters when WME mode is disabled.
1562See the description of the
1563.Cm wme
1564directive for information on the various parameters.
1565.It Cm maxretry Ar count
1566Set the maximum number of tries to use in sending unicast frames.
1567The default setting is 6 but drivers may override this with a value
1568they choose.
1569.It Cm mcastrate Ar rate
1570Set the rate for transmitting multicast/broadcast frames.
1571Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1572This rate should be valid for the current operating conditions;
1573if an invalid rate is specified drivers are free to chose an
1574appropriate rate.
1575.It Cm mgtrate Ar rate
1576Set the rate for transmitting management and/or control frames.
1577Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1578.It Cm outdoor
1579Set the location to use in calculating regulatory constraints.
1580The location is also advertised in beacon and probe response frames
1581when 802.11d is enabled with
1582.Cm dotd .
1583See also
1584.Cm anywhere ,
1585.Cm country ,
1586.Cm indoor ,
1587and
1588.Cm regdomain .
1589.It Cm powersave
1590Enable powersave operation.
1591When operating as a client, the station will conserve power by
1592periodically turning off the radio and listening for
1593messages from the access point telling it there are packets waiting.
1594The station must then retrieve the packets.
1595Not all devices support power save operation as a client.
1596The 802.11 specification requires that all access points support
1597power save but some drivers do not.
1598Use
1599.Fl powersave
1600to disable powersave operation when operating as a client.
1601.It Cm powersavesleep Ar sleep
1602Set the desired max powersave sleep time in TU's (1024 usecs).
1603By default the max powersave sleep time is 100 TU's.
1604.It Cm protmode Ar technique
1605For interfaces operating in 802.11g, use the specified
1606.Ar technique
1607for protecting OFDM frames in a mixed 11b/11g network.
1608The set of valid techniques is
1609.Cm off , cts
1610(CTS to self),
1611and
1612.Cm rtscts
1613(RTS/CTS).
1614Technique names are case insensitive.
1615Not all devices support
1616.Cm cts
1617as a protection technique.
1618.It Cm pureg
1619When operating as an access point in 802.11g mode allow only
162011g-capable stations to associate (11b-only stations are not
1621permitted to associate).
1622To allow both 11g and 11b-only stations to associate, use
1623.Fl pureg .
1624.It Cm puren
1625When operating as an access point in 802.11n mode allow only
1626HT-capable stations to associate (legacy stations are not
1627permitted to associate).
1628To allow both HT and legacy stations to associate, use
1629.Fl puren .
1630.It Cm regdomain Ar sku
1631Set the regulatory domain to use in calculating the regulatory constraints
1632for operation.
1633In particular the set of available channels, how the wireless device
1634will operation on the channels, and the maximum transmit power that
1635can be used on a channel are defined by this setting.
1636Regdomain codes (SKU's) are taken from
1637.Pa /etc/regdomain.xml
1638and can also
1639be viewed with the ``list countries'' request.
1640Note that not all devices support changing the regdomain from a default
1641setting; typically stored in EEPROM.
1642See also
1643.Cm country ,
1644.Cm indoor ,
1645.Cm outdoor ,
1646and
1647.Cm anywhere .
1648.It Cm rifs
1649Enable use of Reduced InterFrame Spacing (RIFS) when operating in 802.11n
1650on an HT channel.
1651Note that RIFS must be supported by both the station and access point
1652for it to be used.
1653To disable RIFS use
1654.Fl rifs .
1655.It Cm roam:rate Ar rate
1656Set the threshold for controlling roaming when operating in a BSS.
1657The
1658.Ar rate
1659parameter specifies the transmit rate in megabits
1660at which roaming should be considered.
1661If the current transmit rate drops below this setting and background scanning
1662is enabled, then the system will check if a more desirable access point is
1663available and switch over to it.
1664The current scan cache contents are used if they are considered
1665valid according to the
1666.Cm scanvalid
1667parameter; otherwise a background scan operation is triggered before
1668any selection occurs.
1669Each channel type has a separate rate threshold; the default values are:
167012 Mb/s (11a), 2 Mb/s (11b), 2 Mb/s (11g), MCS 1 (11na, 11ng).
1671.It Cm roam:rssi Ar rssi
1672Set the threshold for controlling roaming when operating in a BSS.
1673The
1674.Ar rssi
1675parameter specifies the receive signal strength in dBm units
1676at which roaming should be considered.
1677If the current rssi drops below this setting and background scanning
1678is enabled, then the system will check if a more desirable access point is
1679available and switch over to it.
1680The current scan cache contents are used if they are considered
1681valid according to the
1682.Cm scanvalid
1683parameter; otherwise a background scan operation is triggered before
1684any selection occurs.
1685Each channel type has a separate rssi threshold; the default values are
1686all 7 dBm.
1687.It Cm roaming Ar mode
1688When operating as a station, control how the system will
1689behave when communication with the current access point
1690is broken.
1691The
1692.Ar mode
1693argument may be one of
1694.Cm device
1695(leave it to the hardware device to decide),
1696.Cm auto
1697(handle either in the device or the operating system\[em]as appropriate),
1698.Cm manual
1699(do nothing until explicitly instructed).
1700By default, the device is left to handle this if it is
1701capable; otherwise, the operating system will automatically
1702attempt to reestablish communication.
1703Manual mode is used by applications such as
1704.Xr wpa_supplicant 8
1705that want to control the selection of an access point.
1706.It Cm rtsthreshold Ar length
1707Set the threshold for which
1708transmitted frames are preceded by transmission of an
1709RTS
1710control frame.
1711The
1712.Ar length
1713argument
1714is the frame size in bytes and must be in the range 1 to 2346.
1715Setting
1716.Ar length
1717to
1718.Li 2346 ,
1719.Cm any ,
1720or
1721.Cm -
1722disables transmission of RTS frames.
1723Not all adapters support setting the RTS threshold.
1724.It Cm scan
1725Initiate a scan of neighboring stations, wait for it to complete, and
1726display all stations found.
1727Only the super-user can initiate a scan.
1728See
1729.Cm list scan
1730for information on the display.
1731By default a background scan is done; otherwise a foreground
1732scan is done and the station may roam to a different access point.
1733The
1734.Cm list scan
1735request can be used to show recent scan results without
1736initiating a new scan.
1737.It Cm scanvalid Ar threshold
1738Set the maximum time the scan cache contents are considered valid;
1739i.e., will be used without first triggering a scan operation to
1740refresh the data.
1741The
1742.Ar threshold
1743parameter is specified in seconds and defaults to 60 seconds.
1744The minimum setting for
1745.Ar threshold
1746is 10 seconds.
1747One should take care setting this threshold; if it is set too low
1748then attempts to roam to another access point may trigger unnecessary
1749background scan operations.
1750.It Cm shortgi
1751Enable use of Short Guard Interval when operating in 802.11n
1752on an HT channel.
1753NB: this currently enables Short GI on both HT40 and HT20 channels.
1754To disable Short GI use
1755.Fl shortgi .
1756.It Cm smps
1757Enable use of Static Spatial Multiplexing Power Save (SMPS)
1758when operating in 802.11n.
1759A station operating with Static SMPS maintains only a single
1760receive chain active (this can significantly reduce power consumption).
1761To disable SMPS use
1762.Fl smps .
1763.It Cm smpsdyn
1764Enable use of Dynamic Spatial Multiplexing Power Save (SMPS)
1765when operating in 802.11n.
1766A station operating with Dynamic SMPS maintains only a single
1767receive chain active but switches to multiple receive chains when it
1768receives an RTS frame (this can significantly reduce power consumption).
1769Note that stations cannot distinguish between RTS/CTS intended to
1770enable multiple receive chains and those used for other purposes.
1771To disable SMPS use
1772.Fl smps .
1773.It Cm ssid Ar ssid
1774Set the desired Service Set Identifier (aka network name).
1775The SSID is a string up to 32 characters
1776in length and may be specified as either a normal string or in
1777hexadecimal when preceded by
1778.Ql 0x .
1779Additionally, the SSID may be cleared by setting it to
1780.Ql - .
1781.It Cm tdmaslot Ar slot
1782When operating with TDMA, use the specified
1783.Ar slot
1784configuration.
1785The
1786.Ar slot
1787is a number between 0 and the maximum number of slots in the BSS.
1788Note that a station configured as slot 0 is a master and
1789will broadcast beacon frames advertising the BSS;
1790stations configured to use other slots will always
1791scan to locate a master before they ever transmit.
1792By default
1793.Cm tdmaslot
1794is set to 1.
1795.It Cm tdmaslotcnt Ar cnt
1796When operating with TDMA, setup a BSS with
1797.Ar cnt
1798slots.
1799The slot count may be at most 8.
1800The current implementation is only tested with two stations
1801(i.e., point to point applications).
1802This setting is only meaningful when a station is configured as slot 0;
1803other stations adopt this setting from the BSS they join.
1804By default
1805.Cm tdmaslotcnt
1806is set to 2.
1807.It Cm tdmaslotlen Ar len
1808When operating with TDMA, setup a BSS such that each station has a slot
1809.Ar len
1810microseconds long.
1811The slot length must be at least 150 microseconds (1/8 TU)
1812and no more than 65 milliseconds.
1813Note that setting too small a slot length may result in poor channel
1814bandwidth utilization due to factors such as timer granularity and
1815guard time.
1816This setting is only meaningful when a station is configured as slot 0;
1817other stations adopt this setting from the BSS they join.
1818By default
1819.Cm tdmaslotlen
1820is set to 10 milliseconds.
1821.It Cm tdmabintval Ar intval
1822When operating with TDMA, setup a BSS such that beacons are transmitted every
1823.Ar intval
1824superframes to synchronize the TDMA slot timing.
1825A superframe is defined as the number of slots times the slot length; e.g.,
1826a BSS with two slots of 10 milliseconds has a 20 millisecond superframe.
1827The beacon interval may not be zero.
1828A lower setting of
1829.Cm tdmabintval
1830causes the timers to be resynchronized more often; this can be help if
1831significant timer drift is observed.
1832By default
1833.Cm tdmabintval
1834is set to 5.
1835.It Cm tsn
1836When operating as an access point with WPA/802.11i allow legacy
1837stations to associate using static key WEP and open authentication.
1838To disallow legacy station use of WEP, use
1839.Fl tsn .
1840.It Cm txpower Ar power
1841Set the power used to transmit frames.
1842The
1843.Ar power
1844argument is specified in .5 dBm units.
1845Out of range values are truncated.
1846Typically only a few discreet power settings are available and
1847the driver will use the setting closest to the specified value.
1848Not all adapters support changing the transmit power.
1849.It Cm ucastrate Ar rate
1850Set a fixed rate for transmitting unicast frames.
1851Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1852This rate should be valid for the current operating conditions;
1853if an invalid rate is specified drivers are free to chose an
1854appropriate rate.
1855.It Cm wepmode Ar mode
1856Set the desired WEP mode.
1857Not all adapters support all modes.
1858The set of valid modes is
1859.Cm off , on ,
1860and
1861.Cm mixed .
1862The
1863.Cm mixed
1864mode explicitly tells the adaptor to allow association with access
1865points which allow both encrypted and unencrypted traffic.
1866On these adapters,
1867.Cm on
1868means that the access point must only allow encrypted connections.
1869On other adapters,
1870.Cm on
1871is generally another name for
1872.Cm mixed .
1873Modes are case insensitive.
1874.It Cm weptxkey Ar index
1875Set the WEP key to be used for transmission.
1876This is the same as setting the default transmission key with
1877.Cm deftxkey .
1878.It Cm wepkey Ar key Ns | Ns Ar index : Ns Ar key
1879Set the selected WEP key.
1880If an
1881.Ar index
1882is not given, key 1 is set.
1883A WEP key will be either 5 or 13
1884characters (40 or 104 bits) depending on the local network and the
1885capabilities of the adaptor.
1886It may be specified either as a plain
1887string or as a string of hexadecimal digits preceded by
1888.Ql 0x .
1889For maximum portability, hex keys are recommended;
1890the mapping of text keys to WEP encryption is usually driver-specific.
1891In particular, the
1892.Tn Windows
1893drivers do this mapping differently to
1894.Fx .
1895A key may be cleared by setting it to
1896.Ql - .
1897If WEP is supported then there are at least four keys.
1898Some adapters support more than four keys.
1899If that is the case, then the first four keys
1900(1-4) will be the standard temporary keys and any others will be adaptor
1901specific keys such as permanent keys stored in NVRAM.
1902.Pp
1903Note that you must set a default transmit key with
1904.Cm deftxkey
1905for the system to know which key to use in encrypting outbound traffic.
1906.It Cm wme
1907Enable Wireless Multimedia Extensions (WME) support, if available,
1908for the specified interface.
1909WME is a subset of the IEEE 802.11e standard to support the
1910efficient communication of realtime and multimedia data.
1911To disable WME support, use
1912.Fl wme .
1913Another name for this parameter is
1914.Cm wmm .
1915.Pp
1916The following parameters are meaningful only when WME support is in use.
1917Parameters are specified per-AC (Access Category) and
1918split into those that are used by a station when acting
1919as an access point and those for client stations in the BSS.
1920The latter are received from the access point and may not be changed
1921(at the station).
1922The following Access Categories are recognized:
1923.Pp
1924.Bl -tag -width ".Cm AC_BK" -compact
1925.It Cm AC_BE
1926(or
1927.Cm BE )
1928best effort delivery,
1929.It Cm AC_BK
1930(or
1931.Cm BK )
1932background traffic,
1933.It Cm AC_VI
1934(or
1935.Cm VI )
1936video traffic,
1937.It Cm AC_VO
1938(or
1939.Cm VO )
1940voice traffic.
1941.El
1942.Pp
1943AC parameters are case-insensitive.
1944Traffic classification is done in the operating system using the
1945vlan priority associated with data frames or the
1946ToS (Type of Service) indication in IP-encapsulated frames.
1947If neither information is present, traffic is assigned to the
1948Best Effort (BE) category.
1949.Bl -tag -width indent
1950.It Cm ack Ar ac
1951Set the ACK policy for QoS transmissions by the local station;
1952this controls whether or not data frames transmitted by a station
1953require an ACK response from the receiving station.
1954To disable waiting for an ACK use
1955.Fl ack .
1956This parameter is applied only to the local station.
1957.It Cm acm Ar ac
1958Enable the Admission Control Mandatory (ACM) mechanism
1959for transmissions by the local station.
1960To disable the ACM use
1961.Fl acm .
1962On stations in a BSS this parameter is read-only and indicates
1963the setting received from the access point.
1964NB: ACM is not supported right now.
1965.It Cm aifs Ar ac Ar count
1966Set the Arbitration Inter Frame Spacing (AIFS)
1967channel access parameter to use for transmissions
1968by the local station.
1969On stations in a BSS this parameter is read-only and indicates
1970the setting received from the access point.
1971.It Cm cwmin Ar ac Ar count
1972Set the CWmin channel access parameter to use for transmissions
1973by the local station.
1974On stations in a BSS this parameter is read-only and indicates
1975the setting received from the access point.
1976.It Cm cwmax Ar ac Ar count
1977Set the CWmax channel access parameter to use for transmissions
1978by the local station.
1979On stations in a BSS this parameter is read-only and indicates
1980the setting received from the access point.
1981.It Cm txoplimit Ar ac Ar limit
1982Set the Transmission Opportunity Limit channel access parameter
1983to use for transmissions by the local station.
1984This parameter defines an interval of time when a WME station
1985has the right to initiate transmissions onto the wireless medium.
1986On stations in a BSS this parameter is read-only and indicates
1987the setting received from the access point.
1988.It Cm bss:aifs Ar ac Ar count
1989Set the AIFS channel access parameter to send to stations in a BSS.
1990This parameter is meaningful only when operating in ap mode.
1991.It Cm bss:cwmin Ar ac Ar count
1992Set the CWmin channel access parameter to send to stations in a BSS.
1993This parameter is meaningful only when operating in ap mode.
1994.It Cm bss:cwmax Ar ac Ar count
1995Set the CWmax channel access parameter to send to stations in a BSS.
1996This parameter is meaningful only when operating in ap mode.
1997.It Cm bss:txoplimit Ar ac Ar limit
1998Set the TxOpLimit channel access parameter to send to stations in a BSS.
1999This parameter is meaningful only when operating in ap mode.
2000.El
2001.It Cm wps
2002Enable Wireless Privacy Subscriber support.
2003Note that WPS support requires a WPS-capable supplicant.
2004To disable this function use
2005.Fl wps .
2006.El
2007.Pp
2008The following parameters support an optional access control list
2009feature available with some adapters when operating in ap mode; see
2010.Xr wlan_acl 4 .
2011This facility allows an access point to accept/deny association
2012requests based on the MAC address of the station.
2013Note that this feature does not significantly enhance security
2014as MAC address spoofing is easy to do.
2015.Bl -tag -width indent
2016.It Cm mac:add Ar address
2017Add the specified MAC address to the database.
2018Depending on the policy setting association requests from the
2019specified station will be allowed or denied.
2020.It Cm mac:allow
2021Set the ACL policy to permit association only by
2022stations registered in the database.
2023.It Cm mac:del Ar address
2024Delete the specified MAC address from the database.
2025.It Cm mac:deny
2026Set the ACL policy to deny association only by
2027stations registered in the database.
2028.It Cm mac:kick Ar address
2029Force the specified station to be deauthenticated.
2030This typically is done to block a station after updating the
2031address database.
2032.It Cm mac:open
2033Set the ACL policy to allow all stations to associate.
2034.It Cm mac:flush
2035Delete all entries in the database.
2036.It Cm mac:radius
2037Set the ACL policy to permit association only by
2038stations approved by a RADIUS server.
2039Note that this feature requires the
2040.Xr hostapd 8
2041program be configured to do the right thing
2042as it handles the RADIUS processing
2043(and marks stations as authorized).
2044.El
2045.Pp
2046The following parameters are related to a wireless interface operating in mesh
2047mode:
2048.Bl -tag -width indent
2049.It Cm meshid Ar meshid
2050Set the desired Mesh Identifier.
2051The Mesh ID is a string up to 32 characters in length.
2052A mesh interface must have a Mesh Identifier specified
2053to reach an operational state.
2054.It Cm meshttl Ar ttl
2055Set the desired ``time to live'' for mesh forwarded packets;
2056this is the number of hops a packet may be forwarded before
2057it is discarded.
2058The default setting for
2059.Cm meshttl
2060is 31.
2061.It Cm meshpeering
2062Enable or disable peering with neighbor mesh stations.
2063Stations must peer before any data packets can be exchanged.
2064By default
2065.Cm meshpeering
2066is enabled.
2067.It Cm meshforward
2068Enable or disable forwarding packets by a mesh interface.
2069By default
2070.Cm meshforward
2071is enabled.
2072.It Cm meshgate
2073This attribute specifies whether or not the mesh STA activates mesh gate
2074announcements.
2075By default
2076.Cm meshgate
2077is disabled.
2078.It Cm meshmetric Ar protocol
2079Set the specified
2080.Ar protocol
2081as the link metric protocol used on a mesh network.
2082The default protocol is called
2083.Ar AIRTIME .
2084The mesh interface will restart after changing this setting.
2085.It Cm meshpath Ar protocol
2086Set the specified
2087.Ar protocol
2088as the path selection protocol used on a mesh network.
2089The only available protocol at the moment is called
2090.Ar HWMP
2091(Hybrid Wireless Mesh Protocol).
2092The mesh interface will restart after changing this setting.
2093.It Cm hwmprootmode Ar mode
2094Stations on a mesh network can operate as ``root nodes.''
2095Root nodes try to find paths to all mesh nodes and advertise themselves
2096regularly.
2097When there is a root mesh node on a network, other mesh nodes can setup
2098paths between themselves faster because they can use the root node
2099to find the destination.
2100This path may not be the best, but on-demand
2101routing will eventually find the best path.
2102The following modes are recognized:
2103.Pp
2104.Bl -tag -width ".Cm PROACTIVE" -compact
2105.It Cm DISABLED
2106Disable root mode.
2107.It Cm NORMAL
2108Send broadcast path requests every two seconds.
2109Nodes on the mesh without a path to this root mesh station with try to
2110discover a path to us.
2111.It Cm PROACTIVE
2112Send broadcast path requests every two seconds and every node must reply
2113with a path reply even if it already has a path to this root mesh station.
2114.It Cm RANN
2115Send broadcast root announcement (RANN) frames.
2116Nodes on the mesh without a path to this root mesh station with try to
2117discover a path to us.
2118.El
2119By default
2120.Cm hwmprootmode
2121is set to
2122.Ar DISABLED .
2123.It Cm hwmpmaxhops Ar cnt
2124Set the maximum number of hops allowed in an HMWP path to
2125.Ar cnt .
2126The default setting for
2127.Cm hwmpmaxhops
2128is 31.
2129.El
2130.Pp
2131The following parameters are for compatibility with other systems:
2132.Bl -tag -width indent
2133.It Cm nwid Ar ssid
2134Another name for the
2135.Cm ssid
2136parameter.
2137Included for
2138.Nx
2139compatibility.
2140.It Cm stationname Ar name
2141Set the name of this station.
2142The station name is not part of the IEEE 802.11
2143protocol though some interfaces support it.
2144As such it only
2145seems to be meaningful to identical or virtually identical equipment.
2146Setting the station name is identical in syntax to setting the SSID.
2147One can also use
2148.Cm station
2149for
2150.Bsx
2151compatibility.
2152.It Cm wep
2153Another way of saying
2154.Cm wepmode on .
2155Included for
2156.Bsx
2157compatibility.
2158.It Fl wep
2159Another way of saying
2160.Cm wepmode off .
2161Included for
2162.Bsx
2163compatibility.
2164.It Cm nwkey key
2165Another way of saying:
2166.Dq Li "wepmode on weptxkey 1 wepkey 1:key wepkey 2:- wepkey 3:- wepkey 4:-" .
2167Included for
2168.Nx
2169compatibility.
2170.It Cm nwkey Xo
2171.Sm off
2172.Ar n : k1 , k2 , k3 , k4
2173.Sm on
2174.Xc
2175Another way of saying
2176.Dq Li "wepmode on weptxkey n wepkey 1:k1 wepkey 2:k2 wepkey 3:k3 wepkey 4:k4" .
2177Included for
2178.Nx
2179compatibility.
2180.It Fl nwkey
2181Another way of saying
2182.Cm wepmode off .
2183Included for
2184.Nx
2185compatibility.
2186.El
2187.Pp
2188The following parameters are specific to bridge interfaces:
2189.Bl -tag -width indent
2190.It Cm addm Ar interface
2191Add the interface named by
2192.Ar interface
2193as a member of the bridge.
2194The interface is put into promiscuous mode
2195so that it can receive every packet sent on the network.
2196.It Cm deletem Ar interface
2197Remove the interface named by
2198.Ar interface
2199from the bridge.
2200Promiscuous mode is disabled on the interface when
2201it is removed from the bridge.
2202.It Cm maxaddr Ar size
2203Set the size of the bridge address cache to
2204.Ar size .
2205The default is 2000 entries.
2206.It Cm timeout Ar seconds
2207Set the timeout of address cache entries to
2208.Ar seconds
2209seconds.
2210If
2211.Ar seconds
2212is zero, then address cache entries will not be expired.
2213The default is 1200 seconds.
2214.It Cm addr
2215Display the addresses that have been learned by the bridge.
2216.It Cm static Ar interface-name Ar address
2217Add a static entry into the address cache pointing to
2218.Ar interface-name .
2219Static entries are never aged out of the cache or re-placed, even if the
2220address is seen on a different interface.
2221.It Cm deladdr Ar address
2222Delete
2223.Ar address
2224from the address cache.
2225.It Cm flush
2226Delete all dynamically-learned addresses from the address cache.
2227.It Cm flushall
2228Delete all addresses, including static addresses, from the address cache.
2229.It Cm discover Ar interface
2230Mark an interface as a
2231.Dq discovering
2232interface.
2233When the bridge has no address cache entry
2234(either dynamic or static)
2235for the destination address of a packet,
2236the bridge will forward the packet to all
2237member interfaces marked as
2238.Dq discovering .
2239This is the default for all interfaces added to a bridge.
2240.It Cm -discover Ar interface
2241Clear the
2242.Dq discovering
2243attribute on a member interface.
2244For packets without the
2245.Dq discovering
2246attribute, the only packets forwarded on the interface are broadcast
2247or multicast packets and packets for which the destination address
2248is known to be on the interface's segment.
2249.It Cm learn Ar interface
2250Mark an interface as a
2251.Dq learning
2252interface.
2253When a packet arrives on such an interface, the source
2254address of the packet is entered into the address cache as being a
2255destination address on the interface's segment.
2256This is the default for all interfaces added to a bridge.
2257.It Cm -learn Ar interface
2258Clear the
2259.Dq learning
2260attribute on a member interface.
2261.It Cm sticky Ar interface
2262Mark an interface as a
2263.Dq sticky
2264interface.
2265Dynamically learned address entries are treated at static once entered into
2266the cache.
2267Sticky entries are never aged out of the cache or replaced, even if the
2268address is seen on a different interface.
2269.It Cm -sticky Ar interface
2270Clear the
2271.Dq sticky
2272attribute on a member interface.
2273.It Cm private Ar interface
2274Mark an interface as a
2275.Dq private
2276interface.
2277A private interface does not forward any traffic to any other port that is also
2278a private interface.
2279.It Cm -private Ar interface
2280Clear the
2281.Dq private
2282attribute on a member interface.
2283.It Cm span Ar interface
2284Add the interface named by
2285.Ar interface
2286as a span port on the bridge.
2287Span ports transmit a copy of every frame received by the bridge.
2288This is most useful for snooping a bridged network passively on
2289another host connected to one of the span ports of the bridge.
2290.It Cm -span Ar interface
2291Delete the interface named by
2292.Ar interface
2293from the list of span ports of the bridge.
2294.It Cm stp Ar interface
2295Enable Spanning Tree protocol on
2296.Ar interface .
2297The
2298.Xr if_bridge 4
2299driver has support for the IEEE 802.1D Spanning Tree protocol (STP).
2300Spanning Tree is used to detect and remove loops in a network topology.
2301.It Cm -stp Ar interface
2302Disable Spanning Tree protocol on
2303.Ar interface .
2304This is the default for all interfaces added to a bridge.
2305.It Cm edge Ar interface
2306Set
2307.Ar interface
2308as an edge port.
2309An edge port connects directly to end stations cannot create bridging
2310loops in the network, this allows it to transition straight to forwarding.
2311.It Cm -edge Ar interface
2312Disable edge status on
2313.Ar interface .
2314.It Cm autoedge Ar interface
2315Allow
2316.Ar interface
2317to automatically detect edge status.
2318This is the default for all interfaces added to a bridge.
2319.It Cm -autoedge Ar interface
2320Disable automatic edge status on
2321.Ar interface .
2322.It Cm ptp Ar interface
2323Set the
2324.Ar interface
2325as a point to point link.
2326This is required for straight transitions to forwarding and
2327should be enabled on a direct link to another RSTP capable switch.
2328.It Cm -ptp Ar interface
2329Disable point to point link status on
2330.Ar interface .
2331This should be disabled for a half duplex link and for an interface
2332connected to a shared network segment,
2333like a hub or a wireless network.
2334.It Cm autoptp Ar interface
2335Automatically detect the point to point status on
2336.Ar interface
2337by checking the full duplex link status.
2338This is the default for interfaces added to the bridge.
2339.It Cm -autoptp Ar interface
2340Disable automatic point to point link detection on
2341.Ar interface .
2342.It Cm maxage Ar seconds
2343Set the time that a Spanning Tree protocol configuration is valid.
2344The default is 20 seconds.
2345The minimum is 6 seconds and the maximum is 40 seconds.
2346.It Cm fwddelay Ar seconds
2347Set the time that must pass before an interface begins forwarding
2348packets when Spanning Tree is enabled.
2349The default is 15 seconds.
2350The minimum is 4 seconds and the maximum is 30 seconds.
2351.It Cm hellotime Ar seconds
2352Set the time between broadcasting of Spanning Tree protocol
2353configuration messages.
2354The hello time may only be changed when operating in legacy stp mode.
2355The default is 2 seconds.
2356The minimum is 1 second and the maximum is 2 seconds.
2357.It Cm priority Ar value
2358Set the bridge priority for Spanning Tree.
2359The default is 32768.
2360The minimum is 0 and the maximum is 61440.
2361.It Cm proto Ar value
2362Set the Spanning Tree protocol.
2363The default is rstp.
2364The available options are stp and rstp.
2365.It Cm holdcnt Ar value
2366Set the transmit hold count for Spanning Tree.
2367This is the number of packets transmitted before being rate limited.
2368The default is 6.
2369The minimum is 1 and the maximum is 10.
2370.It Cm ifpriority Ar interface Ar value
2371Set the Spanning Tree priority of
2372.Ar interface
2373to
2374.Ar value .
2375The default is 128.
2376The minimum is 0 and the maximum is 240.
2377.It Cm ifpathcost Ar interface Ar value
2378Set the Spanning Tree path cost of
2379.Ar interface
2380to
2381.Ar value .
2382The default is calculated from the link speed.
2383To change a previously selected path cost back to automatic, set the
2384cost to 0.
2385The minimum is 1 and the maximum is 200000000.
2386.It Cm ifmaxaddr Ar interface Ar size
2387Set the maximum number of hosts allowed from an interface, packets with unknown
2388source addresses are dropped until an existing host cache entry expires or is
2389removed.
2390Set to 0 to disable.
2391.El
2392.Pp
2393The following parameters are specific to lagg interfaces:
2394.Bl -tag -width indent
2395.It Cm laggport Ar interface
2396Add the interface named by
2397.Ar interface
2398as a port of the aggregation interface.
2399.It Cm -laggport Ar interface
2400Remove the interface named by
2401.Ar interface
2402from the aggregation interface.
2403.It Cm laggproto Ar proto
2404Set the aggregation protocol.
2405The default is failover.
2406The available options are failover, fec, lacp, loadbalance, roundrobin and
2407none.
2408.It Cm lagghash Ar option Ns Oo , Ns Ar option Oc
2409Set the packet layers to hash for aggregation protocols which load balance.
2410The default is
2411.Dq l2,l3,l4 .
2412The options can be combined using commas.
2413.Pp
2414.Bl -tag -width ".Cm l2" -compact
2415.It Cm l2
2416src/dst mac address and optional vlan number.
2417.It Cm l3
2418src/dst address for IPv4 or IPv6.
2419.It Cm l4
2420src/dst port for TCP/UDP/SCTP.
2421.El
2422.Pp
2423.El
2424.Pp
2425The following parameters are specific to IP tunnel interfaces,
2426.Xr gif 4 :
2427.Bl -tag -width indent
2428.It Cm tunnel Ar src_addr dest_addr
2429Configure the physical source and destination address for IP tunnel
2430interfaces.
2431The arguments
2432.Ar src_addr
2433and
2434.Ar dest_addr
2435are interpreted as the outer source/destination for the encapsulating
2436IPv4/IPv6 header.
2437.It Fl tunnel
2438Unconfigure the physical source and destination address for IP tunnel
2439interfaces previously configured with
2440.Cm tunnel .
2441.It Cm deletetunnel
2442Another name for the
2443.Fl tunnel
2444parameter.
2445.It Cm accept_rev_ethip_ver
2446Set a flag to accept both correct EtherIP packets and ones
2447with reversed version field.
2448Enabled by default.
2449This is for backward compatibility with
2450.Fx 6.1 ,
24516.2, 6.3, 7.0, and 7.1.
2452.It Cm -accept_rev_ethip_ver
2453Clear a flag
2454.Cm accept_rev_ethip_ver .
2455.It Cm ignore_source
2456Set a flag to accept encapsulated packets destined to this host
2457independently from source address.
2458This may be useful for hosts, that receive encapsulated packets
2459from the load balancers.
2460.It Cm -ignore_source
2461Clear a flag
2462.Cm ignore_source .
2463.It Cm send_rev_ethip_ver
2464Set a flag to send EtherIP packets with reversed version
2465field intentionally.
2466Disabled by default.
2467This is for backward compatibility with
2468.Fx 6.1 ,
24696.2, 6.3, 7.0, and 7.1.
2470.It Cm -send_rev_ethip_ver
2471Clear a flag
2472.Cm send_rev_ethip_ver .
2473.El
2474.Pp
2475The following parameters are specific to GRE tunnel interfaces,
2476.Xr gre 4 :
2477.Bl -tag -width indent
2478.It Cm grekey Ar key
2479Configure the GRE key to be used for outgoing packets.
2480Note that
2481.Xr gre 4 will always accept GRE packets with invalid or absent keys.
2482This command will result in a four byte MTU reduction on the interface.
2483.El
2484.Pp
2485The following parameters are specific to
2486.Xr pfsync 4
2487interfaces:
2488.Bl -tag -width indent
2489.It Cm syncdev Ar iface
2490Use the specified interface
2491to send and receive pfsync state synchronisation messages.
2492.It Fl syncdev
2493Stop sending pfsync state synchronisation messages over the network.
2494.It Cm syncpeer Ar peer_address
2495Make the pfsync link point-to-point rather than using
2496multicast to broadcast the state synchronisation messages.
2497The peer_address is the IP address of the other host taking part in
2498the pfsync cluster.
2499.It Fl syncpeer
2500Broadcast the packets using multicast.
2501.It Cm maxupd Ar n
2502Set the maximum number of updates for a single state which
2503can be collapsed into one.
2504This is an 8-bit number; the default value is 128.
2505.It Cm defer
2506Defer transmission of the first packet in a state until a peer has
2507acknowledged that the associated state has been inserted.
2508.It Fl defer
2509Do not defer the first packet in a state.
2510This is the default.
2511.El
2512.Pp
2513The following parameters are specific to
2514.Xr vlan 4
2515interfaces:
2516.Bl -tag -width indent
2517.It Cm vlan Ar vlan_tag
2518Set the VLAN tag value to
2519.Ar vlan_tag .
2520This value is a 12-bit VLAN Identifier (VID) which is used to create an 802.1Q
2521VLAN header for packets sent from the
2522.Xr vlan 4
2523interface.
2524Note that
2525.Cm vlan
2526and
2527.Cm vlandev
2528must both be set at the same time.
2529.It Cm vlandev Ar iface
2530Associate the physical interface
2531.Ar iface
2532with a
2533.Xr vlan 4
2534interface.
2535Packets transmitted through the
2536.Xr vlan 4
2537interface will be
2538diverted to the specified physical interface
2539.Ar iface
2540with 802.1Q VLAN encapsulation.
2541Packets with 802.1Q encapsulation received
2542by the parent interface with the correct VLAN Identifier will be diverted to
2543the associated
2544.Xr vlan 4
2545pseudo-interface.
2546The
2547.Xr vlan 4
2548interface is assigned a
2549copy of the parent interface's flags and the parent's Ethernet address.
2550The
2551.Cm vlandev
2552and
2553.Cm vlan
2554must both be set at the same time.
2555If the
2556.Xr vlan 4
2557interface already has
2558a physical interface associated with it, this command will fail.
2559To
2560change the association to another physical interface, the existing
2561association must be cleared first.
2562.Pp
2563Note: if the hardware tagging capability
2564is set on the parent interface, the
2565.Xr vlan 4
2566pseudo
2567interface's behavior changes:
2568the
2569.Xr vlan 4
2570interface recognizes that the
2571parent interface supports insertion and extraction of VLAN tags on its
2572own (usually in firmware) and that it should pass packets to and from
2573the parent unaltered.
2574.It Fl vlandev Op Ar iface
2575If the driver is a
2576.Xr vlan 4
2577pseudo device, disassociate the parent interface from it.
2578This breaks the link between the
2579.Xr vlan 4
2580interface and its parent,
2581clears its VLAN Identifier, flags and its link address and shuts the interface
2582down.
2583The
2584.Ar iface
2585argument is useless and hence deprecated.
2586.El
2587.Pp
2588The following parameters are used to configure
2589.Xr carp 4
2590protocol on an interface:
2591.Bl -tag -width indent
2592.It Cm vhid Ar n
2593Set the virtual host ID.
2594This is a required setting to initiate
2595.Xr carp 4 .
2596If the virtual host ID does not exist yet, it is created and attached to the
2597interface, otherwise configuration of an existing vhid is adjusted.
2598If the
2599.Cm vhid
2600keyword is supplied along with an
2601.Dq inet6
2602or
2603.Dq inet
2604address, then this address is configured to be run under control of the
2605specified vhid.
2606Whenever a last address that refers to a particular vhid is removed from an
2607interface, the vhid is automatically removed from interface and destroyed.
2608Any other configuration parameters for the
2609.Xr carp 4
2610protocol should be supplied along with the
2611.Cm vhid
2612keyword.
2613Acceptable values for vhid are 1 to 255.
2614.It Cm advbase Ar seconds
2615Specifies the base of the advertisement interval in seconds.
2616The acceptable values are 1 to 255.
2617The default value is 1.
2618.It Cm advskew Ar interval
2619Specifies the skew to add to the base advertisement interval to
2620make one host advertise slower than another host.
2621It is specified in 1/256 of seconds.
2622The acceptable values are 1 to 254.
2623The default value is 0.
2624.It Cm pass Ar phrase
2625Set the authentication key to
2626.Ar phrase .
2627.It Cm state Ar MASTER|BACKUP
2628Forcibly change state of a given vhid.
2629.El
2630.Pp
2631The
2632.Nm
2633utility displays the current configuration for a network interface
2634when no optional parameters are supplied.
2635If a protocol family is specified,
2636.Nm
2637will report only the details specific to that protocol family.
2638.Pp
2639If the
2640.Fl m
2641flag is passed before an interface name,
2642.Nm
2643will display the capability list and all
2644of the supported media for the specified interface.
2645If
2646.Fl L
2647flag is supplied, address lifetime is displayed for IPv6 addresses,
2648as time offset string.
2649.Pp
2650Optionally, the
2651.Fl a
2652flag may be used instead of an interface name.
2653This flag instructs
2654.Nm
2655to display information about all interfaces in the system.
2656The
2657.Fl d
2658flag limits this to interfaces that are down, and
2659.Fl u
2660limits this to interfaces that are up.
2661When no arguments are given,
2662.Fl a
2663is implied.
2664.Pp
2665The
2666.Fl l
2667flag may be used to list all available interfaces on the system, with
2668no other additional information.
2669If an
2670.Ar address_family
2671is specified, only interfaces of that type will be listed.
2672.Fl l Dq ether
2673will list only Ethernet adapters, excluding the loopback interface.
2674Use of this flag is mutually exclusive
2675with all other flags and commands, except for
2676.Fl d
2677(only list interfaces that are down)
2678and
2679.Fl u
2680(only list interfaces that are up).
2681.Pp
2682The
2683.Fl v
2684flag may be used to get more verbose status for an interface.
2685.Pp
2686The
2687.Fl C
2688flag may be used to list all of the interface cloners available on
2689the system, with no additional information.
2690Use of this flag is mutually exclusive with all other flags and commands.
2691.Pp
2692The
2693.Fl k
2694flag causes keying information for the interface, if available, to be
2695printed.
2696For example, the values of 802.11 WEP keys and
2697.Xr carp 4
2698passphrases will be printed, if accessible to the current user.
2699This information is not printed by default, as it may be considered
2700sensitive.
2701.Pp
2702If the network interface driver is not present in the kernel then
2703.Nm
2704will attempt to load it.
2705The
2706.Fl n
2707flag disables this behavior.
2708.Pp
2709Only the super-user may modify the configuration of a network interface.
2710.Sh EXAMPLES
2711Assign the IPv4 address
2712.Li 192.0.2.10 ,
2713with a network mask of
2714.Li 255.255.255.0 ,
2715to the interface
2716.Li fxp0 :
2717.Dl # ifconfig fxp0 inet 192.0.2.10 netmask 255.255.255.0
2718.Pp
2719Add the IPv4 address
2720.Li 192.0.2.45 ,
2721with the CIDR network prefix
2722.Li /28 ,
2723to the interface
2724.Li ed0 ,
2725using
2726.Cm add
2727as a synonym for the canonical form of the option
2728.Cm alias :
2729.Dl # ifconfig ed0 inet 192.0.2.45/28 add
2730.Pp
2731Remove the IPv4 address
2732.Li 192.0.2.45
2733from the interface
2734.Li ed0 :
2735.Dl # ifconfig ed0 inet 192.0.2.45 -alias
2736.Pp
2737Enable IPv6 functionality of the interface:
2738.Dl # ifconfig em0 inet6 -ifdisabled
2739.Pp
2740Add the IPv6 address
2741.Li 2001:DB8:DBDB::123/48
2742to the interface
2743.Li em0 :
2744.Dl # ifconfig em0 inet6 2001:db8:bdbd::123 prefixlen 48 alias
2745Note that lower case hexadecimal IPv6 addresses are acceptable.
2746.Pp
2747Remove the IPv6 address added in the above example,
2748using the
2749.Li /
2750character as shorthand for the network prefix,
2751and using
2752.Cm delete
2753as a synonym for the canonical form of the option
2754.Fl alias :
2755.Dl # ifconfig em0 inet6 2001:db8:bdbd::123/48 delete
2756.Pp
2757Configure a single CARP redundant address on igb0, and then switch it
2758to be master:
2759.Dl # ifconfig igb0 vhid 1 10.0.0.1/24 pass foobar up
2760.Dl # ifconfig igb0 vhid 1 state master
2761.Pp
2762Configure the interface
2763.Li xl0 ,
2764to use 100baseTX, full duplex Ethernet media options:
2765.Dl # ifconfig xl0 media 100baseTX mediaopt full-duplex
2766.Pp
2767Label the em0 interface as an uplink:
2768.Dl # ifconfig em0 description \&"Uplink to Gigabit Switch 2\&"
2769.Pp
2770Create the software network interface
2771.Li gif1 :
2772.Dl # ifconfig gif1 create
2773.Pp
2774Destroy the software network interface
2775.Li gif1 :
2776.Dl # ifconfig gif1 destroy
2777.Pp
2778Display available wireless networks using
2779.Li wlan0 :
2780.Dl # ifconfig wlan0 list scan
2781.Sh DIAGNOSTICS
2782Messages indicating the specified interface does not exist, the
2783requested address is unknown, or the user is not privileged and
2784tried to alter an interface's configuration.
2785.Sh SEE ALSO
2786.Xr netstat 1 ,
2787.Xr carp 4 ,
2788.Xr gif 4 ,
2789.Xr netintro 4 ,
2790.Xr pfsync 4 ,
2791.Xr polling 4 ,
2792.Xr vlan 4 ,
2793.Xr devd.conf 5 ,
2794.\" .Xr eon 5 ,
2795.Xr devd 8 ,
2796.Xr rc 8 ,
2797.Xr routed 8 ,
2798.Xr jail 8 ,
2799.Xr sysctl 8
2800.Sh HISTORY
2801The
2802.Nm
2803utility appeared in
2804.Bx 4.2 .
2805.Sh BUGS
2806Basic IPv6 node operation requires a link-local address on each
2807interface configured for IPv6.
2808Normally, such an address is automatically configured by the
2809kernel on each interface added to the system or enabled; this behavior may
2810be disabled by setting per-interface flag
2811.Cm -auto_linklocal .
2812The default value of this flag is 1 and can be disabled by using the sysctl
2813MIB variable
2814.Va net.inet6.ip6.auto_linklocal .
2815.Pp
2816Do not configure IPv6 addresses with no link-local address by using
2817.Nm .
2818It can result in unexpected behaviors of the kernel.
2819