- Create IP restrictions in an XML document or a directory and then transfer them to the IP restriction GDO. See the topics that follow this one.
- Create a security policy that defines IP restrictions. For details about configuration and use of policy IP restrictions, see Network Security Policy.
IP restrictions apply to direct database logons.
Link-local IP Addresses
IPv6 and IPv4 link-local IP addresses are blocked from connecting to the database. During Teradata Vantage installation, an ipfilter is added to the ipfilter GDO restricting access to the link-local IP address range (fe80:: for IPv6 and 169.254.0 for IPv4).
The following ipfilter is added to ipfilter.xml to permit all IP addresses to connect to the database, except for blocked addresses in the listed ranges:
<ipfilter name="linklocal" type="permissive"> <deny ip="fe80::/10"/> <deny ip="192.0.2.200/255.255.0.0"/> <appliesto tagref="allusers" /> </ipfilter>
After the link-local restrictions are configured, reverting to an earlier release of Vantage does not remove the restrictions. If Link-local IP addresses are needed, they must be manually allowed.
If the upgrade or installation detects the customer is currently using ipfilters, the link-local restriction is not imposed and a warning message advises the customer to add the link-local restrictions manually.
To modify the link-local IP address configuration, see Editing or Disabling IP Restrictions.
For information on how to configure IP restrictions, see Creating XML-Based IP Restrictions.