Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Do only one of the following tasks. For the trade-offs, see Planning for Multilevel Access.
Specify Two IP Addresses for the System by Using a CDE Action
In this configuration, the host's address applies only to the global zone. Labeled
zones share a second IP address with the global zone.
Before You Begin
You are superuser in the global zone. The system has already been
assigned two IP addresses. You are in a Trusted CDE workspace.
- Navigate to the Trusted_Extensions folder.
- Click mouse button 3 on the background.
- From the Workspace menu, choose Applications → Application Manager.
- Double-click the Trusted_Extensions folder icon.
This folder contains actions that set up interfaces, LDAP clients, and labeled zones.
- Double-click the Share Logical Interface action and answer the prompts.
Note - The system must already have been assigned two IP addresses. For this action,
provide the second address and a host name for that address. The second
address is the shared address.
Hostname: Type the name for your labeled zones interface
IP Address: Type the IP address for the interface
This action configures a host with more than one IP address. The
IP address for the global zone is the name of the host. The
IP address for a labeled zone has a different host name. In addition,
the IP address for the labeled zones is shared with the global zone.
When this configuration is used, labeled zones are able to reach a network
printer.
Tip - Use a standard naming convention for labeled zones. For example, add -zones to
the host name.
- (Optional) In a terminal window, verify the results of the action.
# ifconfig -a
For example, the following output shows a shared logical interface, hme0:3 on
network interface 192.168.0.12 for the labeled zones. The hme0 interface is the unique
IP address of the global zone.
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ether 0:0:00:00:00:0
hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.0.11 netmask fffffe00 broadcast 192.168.0.255
hme0:3 flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
all-zones
inet 192.168.0.12 netmask fffffe00 broadcast 192.168.0.255
Specify One IP Address for the System by Using a CDE Action
In this configuration, the host's address applies to all the zones, including the
labeled zones.
Before You Begin
You are superuser in the global zone. You are in a Trusted
CDE workspace.
- Navigate to the Trusted_Extensions folder.
- Click mouse button 3 on the background.
- From the Workspace menu, choose Applications → Application Manager.
- Double-click the Trusted_Extensions folder icon.
This folder contains actions that set up interfaces, LDAP clients, and labeled zones.
- Double-click the Share Physical Interface action.
This action configures a host with one IP address. The global zone does
not have a unique address. This system cannot be used as a multilevel
print server or NFS server.
- (Optional) In a terminal window, verify the results of the action.
# ifconfig -a
The Share Physical Interface action configures all zones to have logical NICs. These
logical NICs share a single physical NIC in the global zone.
For example, the following output shows the shared physical interface, hme0 on
network interface 192.168.0.11 for all the zones.
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ether 0:0:00:00:00:0
hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
all-zones
inet 192.168.0.11 netmask fffffe00 broadcast 192.168.0.255