星期五, 7月 28, 2017

[SQL*NET Firewall] 透過sqlnet.ora來限定 可連接Oracle資料庫的主機

 

Oracle DB 主機 $ORACLE_HONE/network/admin路徑下寫好sqlnet.ora檔案, 透過此檔案來限制可以連接DB的主機清單時.

也有一個較白話的講法SQL*NET Firewall.

 

如果設定以下三個參數,

l   如果沒有寫正確, 此檔案有多餘的ASII 空白、無法被listener正常的解析 , DB主機上面的listener 就無法正常啟動.

l   Oracle RAC環境下,請把VIPSCAN IP也加到TCP.INVITED_NODES 清單內.

 

 

Example for sqlnet.ora :

 

TCP.VALIDNODE_CHECKING=Y

TCP.INVITED_NODES=(192.168.*, 2001:DB8:200C:433B/32)

TCP.EXCLUDED_NODES=(192.168.2.25, 172.30.*, test.fqdn.net, 2001:DB8:200C:417A/32)

 

 

ref1:

Listener Fails to Start Using TCP.VALIDNODE_CHECKING: TNS-12532 TNS:Invalid Argument (Doc ID 287500.1)

*The listener will not start if any of the hosts or ip addresses are note resolvable.  

*The only solution to this issue is to ensure that all the hostnames and ip addresses in the invited nodes list

 are resolvable using ping or nslookup from the host where the listener is starting.

 

ref2:

http://blog.itpub.net/34596/viewspace-605999/

 

ref3:

https://blog.dbi-services.com/oracle-12cr2-dataguard-and-tcp-valid_node_checking/

In case you work with SCAN and the GRID Infrastructure GRID_HOME/network/admin/sqlnet.ora file, then don't forget to add your NODE VIP's and SCAN VIP's to your TCP.INVITED_NODES list

 

沒有留言:

LinkWithin-相關文件

Related Posts Plugin for WordPress, Blogger...