- Create IP restrictions in an XML document or a directory and then transfer them to the IP restriction GDO. See the topics that follow this one.
- Create a security policy that defines IP restrictions. For details about configuration and use of policy IP restrictions, see Network Security Policy.
IP restrictions apply to direct database logons, and logons through Unity. For logons through Unity, in addition to the logon user name and IP address, the Teradata Vantage gateway also receives the Unity user ID and IP address.
Link-local IP Addresses
IPv6 and IPv4 link-local IP addresses are blocked from connecting to the database. During Teradata Vantage installation, an ipfilter is added to the ipfilter GDO restricting access to the link-local IP address range (fe80:: for IPv6 and 169.254.0 for IPv4).
The following ipfilter is added to ipfilter.xml to permit all IP addresses to connect to the database, except for blocked addresses in the listed ranges:
<ipfilter name="linklocal" type="permissive"> <deny ip="fe80::/10"/> <deny ip="169.254.0.0/255.255.0.0"/> <appliesto tagref="allusers" /> </ipfilter>
Once the link-local restrictions are configured, backing down to an earlier release of Vantage will not remove the restrictions. If Link-local IP addresses are needed, they must be manually allowed.
If the upgrade or installation detects the customer is currently using ipfilters, the link-local restriction will not be imposed and a warning message will advise the customer to add the link-local restrictions manually.
To modify the link-local IP address configuration, see Editing or Disabling IP Restrictions.
For information on how to configure IP restrictions, see Creating XML-Based IP Restrictions.