L2 Cache

Behold the power of |!

User Tools

Site Tools


Sidebar

snipets:solaris:net-vnic

This is an old revision of the document!


VNIC's and vlanning

Introduction

I know you can do vlanning without using a vnic, my personal preferences goes to vnics for a few reason. Mostly because they have there own mac address. And to simplify my interface manangement.

Bellow you'll find some quick and dirty examples.

Creating a vnic

dladm create-vnic -l aggr0 host0
ipadm create-if host0

The above example will create a vnic named host0 on a link aggregation called aggr0, ofcourse you can create vnics on normal interfaces or even on etherstubs.

You can drop the ipadm command if you are planning on using the vnic in a zone or for kvm.

Creating a vnic with a vlan tag

dladm create-vnic -l trunk0 -v 300 vm0
ipadm create-if vm0

Same as above but this time we are using a trunk0 in my case this is an aggr that contains tagged traffic for VLAN 100,200 and 300. By adding the -v option followed by the vlan-tag all the traffic will be tagged before it is send along to the trunk.

Link Protection

Quick Reference

Check the current configuration:

dladm show-linkprop -p protection,allowed-ips vnic0

Disable link protection:

dladm reset-linkprop -p protection vnic0

Enable anti MAC-spoofing:

dladm set-linkprop -p protection=mac-nospoof vnic0

Enable anti IP-spoofing:

dladm set-linkprop -p protection=ip-nospoof vnic0
dladm set-linkprop -p allowed-ips=172.16.30.75,172.16.20.75 vnic0

Enable anti Client ID/DUID-spoofing:

dladm set-linkprop -p protection=dhcp-nospoof vnic0

Properties

  • ip-nospoof: limit outgoing traffic from source IP’s learned through DHCP or the allowed-ips property.
  • mac-nospoof: prevents zone admin from changing the mac address.
  • dhcp-nospoof: prevents Client ID/DUID spoofing for DHCP. Limited to the vnic's mac, other list can be specified using allowed-dhcp-cids.
  • restricted: only allows IPv4, IPv6 and ARP protocols.

Etherstubs

TODO Include Page

snipets/solaris/net-vnic.1348137826.txt.gz · Last modified: 2014/10/09 22:02 (external edit)