- NetBSD Manual Pages
IFCONFIG(8) NetBSD System Manager's Manual IFCONFIG(8)
Powered by man-cgi (2020-09-24).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
ifconfig -- configure network interface parameters
ifconfig [-N] interface address_family [address [dest_address]]
ifconfig [-hLmNvz] interface [protocol_family]
ifconfig -a [-bdhLNmsuvz] [protocol_family]
ifconfig -l [-bdsu]
ifconfig -s interface
ifconfig -w secs [-W secs]
ifconfig is used to assign an address to a network interface and/or con-
figure network interface parameters. ifconfig must be used at boot time
to define the network address of each interface present on a machine; it
may also be used at a later time to redefine an interface's address or
other operating parameters.
Available operands for ifconfig:
For the DARPA-Internet family, the address is either a host name
present in the host name data base, hosts(5), or a DARPA Internet
address expressed in the Internet standard ``dot notation''.
Specifies the address_family which affects interpretation of the
remaining parameters. Since an interface can receive transmis-
sions in differing protocols with different naming schemes, spec-
ifying the address family is recommended. The address or proto-
col families currently supported are ``inet'', ``inet6'',
``atalk'', and ``link''.
The interface parameter is a string of the form ``name unit'',
for example, ``en0''
The following parameters may be set with ifconfig:
active This keyword applies when ifconfig adds or modifies any
link-layer address. It indicates that ifconfig should
``activate'' the address. Activation makes an address
the default source for transmissions on the interface.
You may not delete the active address from an interface.
You must activate some other address, first.
advbase n If the driver is a carp(4) pseudo-device, set the base
advertisement interval to n seconds. This ia an 8-bit
number; the default value is 1 second.
advskew n If the driver is a carp(4) pseudo-device, skew the adver-
tisement interval by n. This is an 8-bit number; the
default value is 0.
Taken together the advbase indicate how frequently, in
seconds, the host will advertise the fact that it consid-
ers itself the master of the virtual host. The formula
is advbase + (advskew / 256). If the master does not
advertise within three times this interval, this host
will begin advertising as master.
alias Establish an additional network address for this inter-
face. This is sometimes useful when changing network
numbers, and one wishes to accept packets addressed to
the old interface.
-alias Remove the specified network address alias.
arp Enable the use of the Address Resolution Protocol in map-
ping between network level addresses and link level
addresses (default). This is currently implemented for
mapping between DARPA Internet addresses and Ethernet
-arp Disable the use of the Address Resolution Protocol.
anycast (inet6 only) Set the IPv6 anycast address bit.
-anycast (inet6 only) Clear the IPv6 anycast address bit.
broadcast mask (Inet only) Specify the address to use to represent
broadcasts to the network. The default broadcast address
is the address with a host part of all 1's.
carpdev iface If the driver is a carp(4) pseudo-device, attach it to
iface. If not specified, the kernel will attempt to
select an interface with a subnet matching that of the
description description, descr description
Set a description of the interface. (0-63 characters)
Clear the description of the interface.
debug Enable driver dependent debugging code; usually, this
turns on extra console error logging.
-debug Disable driver dependent debugging code.
delete Remove the network address specified. This would be used
if you incorrectly specified an alias, or it was no
longer needed. If you have incorrectly set an NS address
having the side effect of specifying the host portion,
removing all NS addresses will allow you to respecify the
host portion. delete does not work for IPv6 addresses.
Use -alias with explicit IPv6 address instead.
dest_address Specify the address of the correspondent on the other end
of a point to point link.
down Mark an interface ``down''. When an interface is marked
``down'', the system will not attempt to transmit mes-
sages through that interface. If possible, the interface
will be reset to disable reception as well. This action
does not automatically disable routes using the inter-
media type Set the media type of the interface to type. Some inter-
faces support the mutually exclusive use of one of sev-
eral different physical media connectors. For example, a
10Mb/s Ethernet interface might support the use of either
AUI or twisted pair connectors. Setting the media type
to ``10base5'' or ``AUI'' would change the currently
active connector to the AUI port. Setting it to
``10baseT'' or ``UTP'' would activate twisted pair.
Refer to the interfaces' driver specific man page for a
complete list of the available types and the ifmedia(4)
manual page for a list of media types. See the -m flag
mediaopt opts Set the specified media options on the interface. opts
is a comma delimited list of options to apply to the
interface. Refer to the interfaces' driver specific man
page for a complete list of available options. Also see
the ifmedia(4) manual page for a list of media options.
-mediaopt opts Disable the specified media options on the interface.
mode mode If the driver supports the media selection system, set
the specified operating mode on the interface to mode.
For IEEE 802.11 wireless interfaces that support multiple
operating modes this directive is used to select between
802.11a (``11a''), 802.11b (``11b''), and 802.11g
(``11g'') operating modes.
instance minst Set the media instance to minst. This is useful for
devices which have multiple physical layer interfaces
(PHYs). Setting the instance on such devices may not be
strictly required by the network interface driver as the
driver may take care of this automatically; see the
driver's manual page for more information.
metric n Set the routing metric of the interface to n, default 0.
The routing metric is used by the routing protocol
(routed(8)). Higher metrics have the effect of making a
route less favorable; metrics are counted as addition
hops to the destination network or host.
mtu n Set the maximum transmission unit of the interface to n.
Most interfaces do not support this option.
netmask mask (inet and inet6) Specify how much of the address to
reserve for subdividing networks into sub-networks. The
mask includes the network part of the local address and
the subnet part, which is taken from the host field of
the address. The mask can be specified as a single hexa-
decimal number with a leading 0x, with a dot-notation
Internet address, or with a pseudo-network name listed in
the network table networks(5). The mask contains 1's for
the bit positions in the 32-bit address which are to be
used for the network and subnet parts, and 0's for the
host part. The mask should contain at least the standard
network portion, and the subnet field should be contigu-
ous with the network portion.
For INET and INET6 addresses, the netmask can also be
given with slash-notation after the address (e.g
state state Explicitly force the carp(4) pseudo-device to enter this
state. Valid states are init, backup, and master.
frag threshold (IEEE 802.11 devices only) Configure the fragmentation
threshold for IEEE 802.11-based wireless network inter-
rts threshold (IEEE 802.11 devices only) Configure the RTS/CTS thresh-
old for IEEE 802.11-based wireless network interfaces.
This controls the number of bytes used for the RTS/CTS
handshake boundary. The threshold can be any value
between 0 and 2347. The default is 2347, which indicates
the RTS/CTS mechanism should not be used.
ssid id (IEEE 802.11 devices only) Configure the Service Set
Identifier (aka the network name) for IEEE 802.11-based
wireless network interfaces. The id can either be any
text string up to 32 characters in length, or a series of
up to 64 hexadecimal digits preceded by ``0x''. Setting
id to the empty string allows the interface to connect to
any available access point.
nwid id Synonym for ``ssid''.
hidessid (IEEE 802.11 devices only) When operating as an access
point, do not broadcast the SSID in beacon frames or
respond to probe request frames unless they are directed
to the ap (i.e., they include the ap's SSID). By
default, the SSID is included in beacon frames and undi-
rected probe request frames are answered.
-hidessid (IEEE 802.11 devices only) When operating as an access
point, broadcast the SSID in beacon frames and answer and
respond to undirected probe request frames (default).
nwkey key (IEEE 802.11 devices only) Enable WEP encryption for IEEE
802.11-based wireless network interfaces with the key.
The key can either be a string, a series of hexadecimal
digits preceded by ``0x'', or a set of keys in the form
n:k1,k2,k3,k4, where n specifies which of keys will be
used for all transmitted packets, and four keys, k1
through k4, are configured as WEP keys. Note that the
order must be match within same network if multiple keys
are used. For IEEE 802.11 wireless network, the length
of each key is restricted to 40 bits, i.e., 5-character
string or 10 hexadecimal digits, while the WaveLAN/IEEE
Gold cards accept the 104 bits (13 characters) key.
nwkey persist (IEEE 802.11 devices only) Enable WEP encryption for IEEE
802.11-based wireless network interfaces with the persis-
tent key written in the network card.
(IEEE 802.11 devices only) Write the key to the persis-
tent memory of the network card, and enable WEP encryp-
tion for IEEE 802.11-based wireless network interfaces
with the key.
-nwkey (IEEE 802.11 devices only) Disable WEP encryption for
IEEE 802.11-based wireless network interfaces.
apbridge (IEEE 802.11 devices only) When operating as an access
point, pass packets between wireless clients directly
-apbridge (IEEE 802.11 devices only) When operating as an access
point, pass packets through the system so that they can
be forwarded using some other mechanism. Disabling the
internal bridging is useful when traffic is to be pro-
cessed with packet filtering.
If the driver is a carp(4) pseudo-device, set the authen-
tication key to passphrase. There is no passphrase by
powersave (IEEE 802.11 devices only) Enable 802.11 power saving
-powersave (IEEE 802.11 devices only) Disable 802.11 power saving
(IEEE 802.11 devices only) Set the receiver sleep dura-
tion in milliseconds for 802.11 power saving mode.
bssid bssid (IEEE 802.11 devices only) Set the desired BSSID for IEEE
802.11-based wireless network interfaces.
-bssid (IEEE 802.11 devices only) Unset the desired BSSID for
IEEE 802.11-based wireless network interfaces. The
interface will automatically select a BSSID in this mode,
which is the default.
chan chan (IEEE 802.11 devices only) Select the channel (radio
frequency) to be used for IEEE 802.11-based wireless net-
-chan (IEEE 802.11 devices only) Unset the desired channel to
be used for IEEE 802.11-based wireless network inter-
faces. It does not affect the channel to be created for
IBSS or hostap mode.
list scan (IEEE 802.11 devices only) Display the access points
and/or ad-hoc neighbors located in the vicinity. The -v
flag may be used to display long SSIDs. -v also causes
received information elements to be displayed symboli-
cally. The interface must be up before any scanning
operation. Only the super-user can use this command.
tunnel src_addr[,src_port] dest_addr[,dest_port]
(IP tunnel devices only) Configure the physical source
and destination address for IP tunnel interfaces, includ-
ing gif(4). The arguments src_addr and dest_addr are
interpreted as the outer source/destination for the
encapsulating IPv4/IPv6 header.
On a gre(4) interface in UDP mode, the arguments src_port
and dest_port are interpreted as the outer source/desti-
nation port for the encapsulating UDP header.
deletetunnel Unconfigure the physical source and destination address
for IP tunnel interfaces previously configured with
session local_session remote_session
(L2TPv3 devices only) Configure local session id and
remote session id for L2TPv3 interface. The length of
session id is 4 bytes.
deletesession Unconfigure the local session id and remote session id
for L2TPv3 interface previously configured with session.
cookie local_cookie_length local_cookie remote_cookie_length
(L2TPv3 devices only) Configure local cookie and remote
cookie for L2TPv3 interface. The cookie length must be 4
or 8 bytes. Generally, cookies are managed by daemon.
So, this command would be used for test or debug only.
deletecookie Unconfigure the local cookie and remote cookie for L2TPv3
interface previously configured with cookie.
create Create the specified network pseudo-device.
destroy Destroy the specified network pseudo-device.
pltime n (inet6 only) Set preferred lifetime for the address.
prefixlen n (inet and inet6 only) Effect is similar to netmask. but
you can specify by prefix length by digits.
deprecated (inet6 only) Set the IPv6 deprecated address bit.
-deprecated (inet6 only) Clear the IPv6 deprecated address bit.
eui64 (inet6 only) Fill interface index (lowermost 64bit of an
IPv6 address) automatically.
link[0-2] Enable special processing of the link level of the inter-
face. These three options are interface specific in
actual effect, however, they are in general used to
select special modes of operation. An example of this is
to enable SLIP compression, or to select the connector
type for some Ethernet cards. Refer to the man page for
the specific driver for more information.
-link[0-2] Disable special processing at the link level with the
linkstr str Set a link-level string parameter for the interface.
This functionality varies from interface to interface.
Refer to the man page for the specific driver for more
-linkstr Remove an interface link-level string parameter.
up Mark an interface ``up''. This may be used to enable an
interface after an ``ifconfig down.'' It happens auto-
matically when setting the first address on an interface.
If the interface was reset when previously marked down,
the hardware will be re-initialized.
vhid n If the driver is a carp(4) pseudo-device, set the virtual
host ID to n. Acceptable values are 1 to 255.
vlan vid If the interface is a vlan(4) pseudo-interface, set the
VLAN identifier to vid. These are the first 12 bits
(0-4095) from a 16-bit integer used to create an 802.1Q
VLAN header for packets sent from the vlan(4) interface.
Note that vlan and vlanif must be set at the same time.
vlanif iface If the interface is a vlan(4) pseudo-interface, associate
the physical interface iface with it. Packets transmit-
ted through the vlan(4) interface will be diverted to the
specified physical interface iface with 802.1Q VLAN
encapsulation. Packets with 802.1Q encapsulation
received by the physical interface with the correct VLAN
tag will be diverted to the associated vlan(4) pseudo-
interface. The VLAN interface is assigned a copy of the
physical interface's flags and Ethernet address. If the
vlan(4) interface already has a physical interface asso-
ciated with it, this command will fail. To change the
association to another physical interface, the existing
association must be cleared first. Note that vlanif and
vlan must be set at the same time.
-vlanif iface Dissociate iface from the vlan(4) interface.
agrport iface Add iface to the agr(4) interface.
-agrport iface Remove iface from the agr(4) interface.
vltime n (inet6 only) Set valid lifetime for the address.
ip4csum Shorthand of ``ip4csum-tx ip4csum-rx''
-ip4csum Shorthand of ``-ip4csum-tx -ip4csum-rx''
tcp4csum Shorthand of ``tcp4csum-tx tcp4csum-rx''
-tcp4csum Shorthand of ``-tcp4csum-tx -tcp4csum-rx''
udp4csum Shorthand of ``udp4csum-tx udp4csum-rx''
-udp4csum Shorthand of ``-udp4csum-tx -udp4csum-rx''
tcp6csum Shorthand of ``tcp6csum-tx tcp6csum-rx''
-tcp6csum Shorthand of ``-tcp6csum-tx -tcp6csum-rx''
udp6csum Shorthand of ``udp6csum-tx udp6csum-rx''
-udp6csum Shorthand of ``-udp6csum-tx -udp6csum-rx''
ip4csum-tx Enable hardware-assisted IPv4 header checksums for the
-ip4csum-tx Disable hardware-assisted IPv4 header checksums for the
ip4csum-rx Enable hardware-assisted IPv4 header checksums for the
-ip4csum-rx Disable hardware-assisted IPv4 header checksums for the
tcp4csum-tx Enable hardware-assisted TCP/IPv4 checksums for the out-
-tcp4csum-tx Disable hardware-assisted TCP/IPv4 checksums for the out-
tcp4csum-rx Enable hardware-assisted TCP/IPv4 checksums for the in-
-tcp4csum-rx Disable hardware-assisted TCP/IPv4 checksums for the in-
udp4csum-tx Enable hardware-assisted UDP/IPv4 checksums for the out-
-udp4csum-tx Disable hardware-assisted UDP/IPv4 checksums for the out-
udp4csum-rx Enable hardware-assisted UDP/IPv4 checksums for the in-
-udp4csum-rx Disable hardware-assisted UDP/IPv4 checksums for the in-
tcp6csum-tx Enable hardware-assisted TCP/IPv6 checksums for the out-
-tcp6csum-tx Disable hardware-assisted TCP/IPv6 checksums for the out-
tcp6csum-rx Enable hardware-assisted TCP/IPv6 checksums for the in-
-tcp6csum-rx Disable hardware-assisted TCP/IPv6 checksums for the in-
udp6csum-tx Enable hardware-assisted UDP/IPv6 checksums for the out-
-udp6csum-tx Disable hardware-assisted UDP/IPv6 checksums for the out-
udp6csum-rx Enable hardware-assisted UDP/IPv6 checksums for the in-
-udp6csum-rx Disable hardware-assisted UDP/IPv6 checksums for the in-
tso4 Enable hardware-assisted TCP/IPv4 segmentation on inter-
faces that support it.
-tso4 Disable hardware-assisted TCP/IPv4 segmentation on inter-
faces that support it.
tso6 Enable hardware-assisted TCP/IPv6 segmentation on inter-
faces that support it.
-tso6 Disable hardware-assisted TCP/IPv6 segmentation on inter-
faces that support it.
vlan-hwtagging Enable hardware-assisted VLAN tag insertion/removal on
interfaces that support it.
Disable hardware-assisted VLAN tag insertion/removal on
interfaces that support it.
maxupd n If the driver is a pfsync(4) pseudo-device, indicate the
maximum number of updates for a single state which can be
collapsed into one. This is an 8-bit number; the default
value is 128.
syncdev iface If the driver is a pfsync(4) pseudo-device, use the spec-
ified interface to send and receive pfsync state synchro-
-syncdev If the driver is a pfsync(4) pseudo-device, stop sending
pfsync state synchronisation messages over the network.
If the driver is a pfsync(4) pseudo-device, make the
pfsync link point-to-point rather than using multicast to
broadcast the state synchronisation messages. The
peer_address is the IP address of the other host taking
part in the pfsync cluster. With this option, pfsync(4)
traffic can be protected using ipsec(4).
-syncpeer If the driver is a pfsync(4) pseudo-device, broadcast the
packets using multicast.
ifconfig displays the current configuration for a network interface when
no optional parameters are supplied. If a protocol family is specified,
ifconfig will report only the details specific to that protocol family.
If the -s flag is passed before an interface name, ifconfig will attempt
to query the interface for its media status. If the interface supports
reporting media status, and it reports that it does not appear to be con-
nected to a network, ifconfig will exit with status of 1 (false); other-
wise, it will exit with a zero (true) exit status. Not all interface
drivers support media status reporting.
If the -m flag is passed before an interface name, ifconfig will display
all of the supported media for the specified interface. If the -L flag
is supplied, address lifetime is displayed for IPv6 addresses, as time
Optionally, the -a flag may be used instead of an interface name. This
flag instructs ifconfig to display information about all interfaces in
the system. This is also the default behaviour when no arguments are
given to ifconfig on the command line. When -a is used, the output can
be modified by adding more flags: -d limits this to interfaces that are
down, -u limits this to interfaces that are up, -b limits this to broad-
cast interfaces, and -s omits interfaces which appear not to be connected
to a network.
The -l flag may be used to list all available interfaces on the system,
with no other additional information. Use of this flag is mutually
exclusive with all other flags and commands, except for -d (only list
interfaces that are down), -u (only list interfaces that are up), -s
(only list interfaces that may be connected), -b (only list broadcast
The -C flag may be used to list all of the interface cloners available on
the system, with no additional information. Use of this flag is mutually
exclusive with all other flags and commands.
The -v flag prints statistics on packets sent and received on the given
interface. If -h is used in conjunction with -v, the byte statistics
will be printed in "human-readable" format. The -z flag is identical to
the -v flag except that it zeros the interface input and output statis-
tics after printing them.
The -w flag may be used to wait seconds seconds for the tentative flag to
be removed from all addresses. 0 seconds means to wait indefinitely
until all addresses no longer have the tentative flag. The optional -W
flag may be used to wait seconds seconds during the above time for the
detached flag to be removed from all addresses whose interface is marked
``up'' as well. The detached flag is set when the interface does not
have a carrier.
The -N flag is just the opposite of the -n flag in netstat(1) or in
route(8): it tells ifconfig to try to resolve numbers to hostnames or to
service names. The default ifconfig behavior is to print numbers instead
Only the super-user may modify the configuration of a network interface.
Add a link-layer (MAC) address to an Ethernet:
ifconfig sip0 link 00:11:22:33:44:55
Add and activate a link-layer (MAC) address:
ifconfig sip0 link 00:11:22:33:44:55 active
Messages indicating the specified interface does not exist, the requested
address is unknown, or the user is not privileged and tried to alter an
netstat(1), agr(4), carp(4), ifmedia(4), netintro(4), pfsync(4), vlan(4),
ifconfig.if(5), rc(8), routed(8)
The ifconfig command appeared in 4.2BSD.
NetBSD 9.0 July 8, 2019 NetBSD 9.0