定位listener.ora:
By default, the listener.ora file is located in the ORACLE_HOME/network/admin directory. The listener.ora file can also be stored the following locations:
- The directory specified by the TNS_ADMIN environment variable or registry value.
- On Linux and UNIX operating systems, it is the global configuration directory. For example, on the Oracle Solaris operating system, the directory is /var/opt/oracle.
It is often useful to configure multiple listeners in one listener.ora file. However, Oracle recommends running only one listener for each node in most customer environments.
(一)Protocol Address Parameters
listener_name=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521))
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))))
IP参数只用于HOST指定了一个hostname而非IP地址,表示使用hostname对应哪个IP.
To determine which IP address the listener listens on when a host name is specified.
This parameter is only applicable when the HOST parameter specifies a host name.
Values
First: Listen on the first IP address returned by the DNS resolution of the host name. If the user wants the listener to listen on the first IP to which the specified host name resolves, then the address must be qualified with (IP=first).
v4_only: Listen only on IPv4 addresses.
v6_only: Listen only on IPv6 addresses.
This feature is disabled by default.
关于监听IP:
- 如果配置HOST值为IP,则在此IP上监听,如果设置为0.0.0.0则监听主机所有IP地址
- 如果配置HOST值为域名,则按DNS获取的IP顺序在第一个成功连通的IP上监听(无论是否设置IP=FIRST),如果此IP与主机名(hostname)解析的IP一样,则监听主机所有IP地址,但如果此时设置监听IP=FIRST属性,则还是只监听DNS解析的第一个成功连通的IP
For a given host name, Oracle Net attempts to connect to all IP addresses returned by Domain Name System (DNS) name resolution until a successful connection is established or all addresses have been attempted.
Example
listener_name=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=rancode1-vip)(PORT=1522)(IP=v6_only))
限制并发连接数,即请求队列长度,如限制并发还是用下面的rate_limit,即每秒处理数量
To specify the number of concurrent connection requests that the listener can accept on a TCP/IP or IPC listening endpoint (protocol address).
The number of concurrent connection requests is dependent on the platform and listener usage scenarios. If the listener is heavily-loaded, then set the parameter to a higher number.
Put this parameter at the end of the protocol address with its value set to the expected number of concurrent connection requests.
The default number of concurrent connection requests is operating system specific.
Example
listener_name=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521)(QUEUESIZE=20)))
To specify, in bytes, the buffer space for receive operations of sessions.
Put this parameter under the DESCRIPTION parameter or at the end of the protocol address with its value set to the expected number of bytes.
This parameter is supported by the TCP/IP, TCP/IP with SSL, and SDP protocols.
The default value for this parameter is operating system specific. The default for the Linux operating system is 87380 bytes.
Example
listener_name=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)
(RECV_BUF_SIZE=11784))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc)
(RECV_BUF_SIZE=11784))))listener_name=
(DESCRIPTION=
(ADDRESS_LIST=
(RECV_BUF_SIZE=11784))
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))
To specify, in bytes, the buffer space for send operations of sessions.
Put this parameter under the DESCRIPTION parameter or at the end of the protocol address.
This parameter is supported by the TCP/IP, TCP/IP with SSL, and SDP protocols.
The default value for this parameter is operating system specific. The default for the Linux operating system is 16 KB.
Example
listener_name=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)
(SEND_BUF_SIZE=11280))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc)
(SEND_BUF_SIZE=11280))))
listener_name=
(DESCRIPTION=
(SEND_BUF_SIZE=11280)
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))
(二)Connection Rate Limiter Parameters
The connection rate limiter feature in Oracle Net Listener enables a database administrator to limit the number of new connections handled by the listener. When this feature is enabled, Oracle Net Listener imposes a user-specified maximum limit on the number of new connections handled by the listener every second.
Depending on the configuration, the rate can be applied to a collection of endpoints, or to a specific endpoint.
全局设置对应监听名每秒处理连接数,需要在终端设置rate_limit才会生效
To specify a global rate that is enforced across all listening endpoints that are rate-limited.
When this parameter is specified, it overrides any endpoint-level numeric rate values that might be specified.
Syntax
CONNECTION_RATE_listener_name=number_of_connections_per_second
用于局部设置某终端每秒处理连接数
如果同时使用connection_rate_listenername=n与rate_limit=yes则限制为每秒n个连接
如果同时使用connection_rate_listenername=n与rate_limit=m则限制为每秒n个连接
如果使用connection_rate_listenername=n未使用rate_limit则不限制
如果未使用connection_rate_listenername使用了rate_limit=n则限制为每秒n个连接
The parameter is specified in the ADDRESS section of the listener endpoint configuration.
LISTENER=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))
- When the RATE_LIMIT parameter is set to yes for an endpoint, that endpoint is included in the enforcement of the global rate configured by the CONNECTION_RATE_listener_name parameter.
- The global rate limit is enforced individually at each endpoint that has RATE_LIMIT set to yes.
Dynamic endpoints for listeners managed by Oracle Clusterware have the RATE_LIMIT parameter set to yes.
- When the RATE_LIMIT parameter is set to a value greater than 0, then the rate limit is enforced at that endpoint level.
The following examples use the CONNECTION_RATE_listener name and RATE_LIMIT parameters.
CONNECTION_RATE_LISTENER=10
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1523)))
In the preceding example, the global rate of new connections is enforced separately for each endpoint. Connections through port 1521 are limited at 10 every second, and the connections through port 1522 are also separately limited at 10 every second. Connections through port 1523 are not limited.
Example 2
LISTENER= (ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=5))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=10))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1523))
)
In the preceding example, the connection rates are enforced at the endpoint level. A maximum of 5 connections are processed through port 1521 every second. The limit for connections through port 1522 is 10 every second. Connections through port 1523 are not limited.
The global CONNECTON_RATE_listener_name parameter is not specified in the preceding configuration. If it is specified, then the limits on ports 1521 and 1522 are ignored, and the global value is used instead.
(三)Control Parameters
1. ADMIN_RESTRICTIONS_listener_name
即是否开启online配置,如果关闭只能改配置文件后重启监听来修改配置
To restrict runtime administration of the listener.
Setting ADMIN_RESTRICTIONS_listener_name=on disables the runtime modification of parameters in listener.ora. That is, the listener refuses to accept SET commands that alter its parameters.
To change any of the parameters in listener.ora, including ADMIN_RESTRICTIONS_listener_name itself, modify the listener.ora file manually and reload its parameters using the RELOAD command for the new changes to take effect without explicitly stopping and restarting the listener.
Default off
ADMIN_RESTRICTIONS_listener=on
2. ALLOW_MULTIPLE_REDIRECTS_listener_name
To support multiple redirects of the client.
This parameter should only be set on the SCAN listener on the Oracle Public Cloud. When set to on, multiple redirects of the client are allowed.
Do not set this parameter for a node listener if that is used as a SCAN listener.
Default off
ALLOW_MULTIPLE_REDIRECTS_listener=on
- ENABLE_EXADIRECT_listener_name
To enable Exadirect protocol. The parameter enables Exadirect support.
Default: Off
ENABLE_EXADIRECT_listener=on
By default, the Oracle Net listener notifies Cluster Ready Services (CRS) when it is started or stopped. These notifications allow CRS to manage the listener in an Oracle Real Application Clusters environment. This behavior can be prevented by setting the CRS_NOTIFICATION_listener_nameparameter to off.
Default: on
To enable the server to spawn a thread or process when a connection to the database is requested through the listener.
Default: off
DEDICATED_THROUGH_BROKER_listener=on
To enable users to connect to the database without having to specify a service name from the client side.
In Oracle Database 12c, when a client tries to connect to the database the connection request passes through the listener. The listener may be servicing several different databases. If a service name is configured in this parameter, then users may not necessarily need to specify a service name in the connect syntax. If a user specifies a service name, then the listener connects the user to that specific database, otherwise the listener connects to the service name specified by the DEFAULT_SERVICE_listener_name parameter. For container databases, the client must explicitly specify the service name.
There is no default value for the DEFAULT_SERVICE_listener_name parameter. If this parameter is not configured and a user does not specify a fully-qualified service name in the connect syntax, then the connection attempt fails. This parameter only accepts one value.
DEFAULT_SERVICE_listener=sales.us.example.com
To specify the time, in seconds, for the client to complete its connect request to the listener after the network connection had been established.
If the listener does not receive the client request in the time specified, then it terminates the connection. In addition, the listener logs the IP address of the client and an ORA-12525:TNS: listener has not received client's request in time allowed error message to the listener.log file.
To protect both the listener and the database server, Oracle recommends setting this parameter in combination with the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file. When specifying values for these parameters, consider the following recommendations:
- Set both parameters to an initial low value.
- Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.
Default: 60 seconds
INBOUND_CONNECT_TIMEOUT_listener=2
To secure registration requests through dedicated secure registration endpoints for local listeners. Service ACLs are accepted by listener only if LOCAL_REGISTRATION_ADDRESS_lsnr alias is configured. The parameter specifies the group that is allowed to send ACLs.
The local registration endpoint accepts local registration connections from the specified group. All local registration requests coming on normal listening endpoints are redirected to the local registration endpoint. If the registrar is not a part of the group, then it cannot connect to the endpoint.
Default: OFF
Values: ON, OFF, or IPC endpoint address with group
When set to ON, listener defaults the group to oinstall on UNIX and ORA_INSTALL on Windows.
LOCAL_REGISTRATION_ADDRESS_lsnr_alias = (address=(protocol=ipc)(group=xyz))
LOCAL_REGISTRATION_ADDRESS_lsnr_alias =ON
包含来自数据库的注册连接与来自客户端的连接请求
To specify the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Net Listener.
This number includes registration connections from databases, and ongoing client connection establishment requests. After a connection is established, the clients do not maintain a connection to the listener. This limit only applies to client connections that are in the initial connection establishment phase from a listener perspective.
Default: Operating system-specific
MAX_ALL_CONNECTIONS_listener=40
应该是数据库注册最大并发
To specify the maximum number of concurrent registration connection sessions that can be supported by Oracle Net Listener.
Default:512
MAX_REG_CONNECTIONS_listener=20
- REGISTRATION_EXCLUDED_NODES_listener_name
To specify the list of nodes that cannot register with the listener.
The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.
If the REGISTRATION_INVITED_NODES_listener_name parameter and the REGISTRATION_EXCLUDED_NODES_listener_name parameter are set, then the REGISTRATION_EXCLUDED_NODES_listener_name parameter is ignored.
REGISTRATION_EXCLUDED_NODES_listener = (10.1.26.*, 10.16.40.0/24, \
2001:DB8:3eff:fe38, node2)
To specify the list of node that can register with the listener.
REGISTRATION_INVITED_NODES_listener = (10.1.35.*, 10.1.34.0/24, \
2001:DB8:fe38:7303, node1)
To secure registration requests through dedicated secure registration endpoints for SCAN listeners.
The registration endpoint is on a private network within the cluster. All remote registration requests coming in on normal listening endpoints are redirected to the registration endpoint. Any system which is not a part of the cluster cannot connect to the endpoint. This feature is not supported when ADMIN_RESTRICTIONS_listener_name is set to ON as the Cluster Ready Services agent configures the remote_registration_addressdynamically at run time.
This parameter is configured internally in the SCAN listener to restrict registrations to the private network. The value of this parameter should not be modified or specified explicitly. The only supported explicit setting is for turning this feature off by setting the value to OFF. The value is OFF in non-SCAN listeners.
Values:off
REMOTE_REGISTRATION_ADDRESS_listener=off
To specify whether runtime configuration changes are saved to the listener.ora file.
When you set the parameter to true, any parameters that were modified while the listener was running using the Listener Control utility SET command are saved to the listener.ora file when the STOP command is issued. When you set the parameter to false, the Listener Control utility does not save the runtime configuration changes to the listener.ora file.
Default: false
SAVE_CONFIG_ON_STOP_listener=true
To specify whether a client is authenticated using the Secure Sockets Layer (SSL).
The database server authenticates the client. Therefore, this value should be set to false. If this parameter is set to true, then the listener attempts to authenticate the client, which can result in a failure. Default:true
SSL_CLIENT_AUTHENTICATION=false
To limit allowable SSL or TLS versions used for connections.
Clients and database servers must use a compatible version. This parameter should only be used when absolutely necessary for backward compatibility. The current default uses TLS version 1.2 which is the version required for multiple security compliance requirements.
Default:1.2
Values:undetermined | 3.0 | 1.0| 1.1 | 1.2
If you want to specify one version or another version, then use “or”. The following values are permitted:
1.0 or 3.0 | 1.2 or 3.0 | 1.1 or 1.0 | 1.2 or 1.0 | 1.2 or 1.1 | 1.1 or 1.0 or 3.0 |
1.2 or 1.0 or 3.0 | 1.2 or 1.1 or 1.0 | 1.2 or 1.1 or 3.0 |1.2 or 1.1 or 1.0 or 3.0
The remaining version numbers correspond to the TLS versions, such as, TLSv1.0, TLSv1.1, and TLSv1.2.
To subscribe to Oracle Notification Service (ONS) notifications for downed events.
By default, the listener subscribes to the ONS node down event on startup, if ONS is available. This subscription enables the listener to remove the affected service when it receives node down event notification from ONS. The listener uses asynchronous subscription for the event notification. Alter this behavior by setting SUBSCRIBE_FOR_NODE_DOWN_EVENT_listener_name=off in listener.ora.
Default:on
To enable the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.
Database clients with earlier releases of Oracle Database that have hard-coded connect descriptors can use this parameter to connect to a container or pluggable database.
When the database is an Oracle Database 12c container database, the client must specify a service name in order to connect to it. Setting this parameter to on instructs the listener to use the SID in the connect descriptor as a service name and connect the client to the specified database. Default:off
To determine whether valid node checking registration is performed, or the subnet is allowed.
When set to on, valid node checking registration is performed at the listener for any incoming registration request, and only local IP addresses are allowed.
Default:on
Values
off | 0 to specify valid node checking registration is off, and no checking is performed.
on | 1 | local to specify valid node checking registration is on, and all local IP addresses can register. If a list of invited nodes is set, then all IP addresses, host names, or subnets in the list as well as local IP addresses are allowed.
subnet | 2 to specify valid node checking registration is on, and all machines in the local subnets are allowed to register. If a list of invited nodes is set, then all nodes in the local subnets as well as all IP addresses, host names and subnets in the list are allowed.
Example
VALID_NODE_CHECKING_REGISTRATION_listener=on
- WALLET_LOCATION
To specify the location of wallets.
Wallets are certificates, keys, and trustpoints processed by SSL that allow for secure connections.
The key/value pair for Microsoft certificate store (MCS) omits the METHOD_DATA parameter because MCS does not use wallets. Instead, Oracle PKI (public key infrastructure) applications obtain certificates, trustpoints and private keys directly from the user's profile.
If an Oracle wallet is stored in the Microsoft Windows registry and the wallet's key (KEY) is SALESAPP, then the storage location of the encrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12. The storage location of the decrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO.
Additional Parameters
The following additional parameters are available for WALLET_LOCATION:
SOURCE: Type of storage for wallets and storage location.
METHOD: Type of storage.
METHOD_DATA: Storage location.
DIRECTORY: Location of Oracle wallets on file system.
KEY: Wallet type and location in the Microsoft Windows registry.
PROFILE: Entrust profile file (.epf).
INIFILE: Entrust initialization file (.ini).
Default:None
Examples
Oracle wallets on file system:
WALLET_LOCATION=
(SOURCE=
(METHOD=file)
(METHOD_DATA=
(DIRECTORY=/etc/oracle/wallets/databases)))
Microsoft certificate store:
WALLET_LOCATION=
(SOURCE=
(METHOD=mcs))
Oracle Wallets in the Microsoft Windows registry:
WALLET_LOCATION=
(SOURCE=
(METHOD=REG)
(METHOD_DATA=
(KEY=SALESAPP)))
Entrust Wallets:
WALLET_LOCATION=
(SOURCE=
(METHOD=entr)
(METHOD_DATA=
(PROFILE=/etc/oracle/wallets/test.epf)
(INIFILE=/etc/oracle/wallets/test.ini)))
(四)ADR Diagnostic Parameters for Oracle Net Listener
This section includes the parameters used when ADR is enabled. Non-ADR parameters listed in the listener.ora file are ignored when ADR is enabled. ADR is enabled by default.
To specify the base directory that stores tracing and logging incidents when ADR is enabled.
The default is ORACLE_BASE, or ORACLE_HOME/log if ORACLE_BASE is not defined.
ADR_BASE_listener=/oracle/network/trace
To indicate whether ADR tracing is enabled.
When the DIAG_ADR_ENABLED_listener_name parameter is set to on, then ADR file tracing is used. When the DIAG_ADR_ENABLED_listener_name parameter is set to off, then non-ADR file tracing is used.
Default:on
DIAG_ADR_ENABLED_listener=on
To turn logging on or off.
This parameter is also applicable when non-ADR tracing is used.
Default:on
LOGGING_listener=on
To turn listener tracing on, at a specific level, or off.
This parameter is also applicable when non-ADR tracing is used.
Default:off | 0
Values
off or 0 for no trace output
user or 4 for user trace information
admin or 10 for administration trace information
support or 16 for Oracle Support Services trace information
Example
TRACE_LEVEL_listener=admin
To add a time stamp in the form of dd-mmm-yyyy hh:mi:ss:mil to every trace event in the trace file for the listener.
This parameter is used with the TRACE_LEVEL_listener_name parameter. This parameter is also applicable when non-ADR tracing is used.
Default:on
TRACE_TIMESTAMP_listener=true
(五)Non-ADR Diagnostic Parameters for Oracle Net Listener
This section lists the parameters used when ADR is disabled.
7.6.1 LOG_DIRECTORY_listener_name
Purpose
To specify the destination directory of the listener log file.
Usage Notes
Use this parameter when ADR is not enabled.
Default
CopyORACLE_HOME/network/log
Example
CopyLOG_DIRECTORY_listener=/oracle/network/admin/log
Purpose
To specify the name of the log file for the listener.
Usage Notes
Use this parameter when ADR is not enabled.
Default
Copylistener.log
Example
CopyLOG_FILE_listener=list.log
7.6.3 TRACE_DIRECTORY_listener_name
Purpose
To specify the destination directory of the listener trace file.
Usage Notes
Use this parameter when ADR is not enabled.
Default
CopyORACLE_HOME/network/trace
Example
CopyTRACE_DIRECTORY_listener=/oracle/network/admin/trace
7.6.4 TRACE_FILE_listener_name
Purpose
To specify the name of the trace file for the listener.
Usage Notes
Use this parameter when ADR is not enabled.
Default
Copylistener.trc
Example
CopyTRACE_FILE_listener=list.trc
7.6.5 TRACE_FILEAGE_listener_name
Purpose
To specify the maximum age of listener trace files in minutes.
Usage Notes
When the age limit is reached, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO_listener_nameparameter. Use this parameter when ADR is not enabled.
Default
Unlimited
This is the same as setting the parameter to 0.
Example 7-4 Example
TRACE_FILEAGE_listener=60
7.6.6 TRACE_FILELEN_listener_name
Purpose
To specify the size of the listener trace files in kilobytes (KB).
Usage Notes
When the size is met, the trace information is written to the next file. The number of files is specified using the TRACE_FILENO_listener_nameparameter. Use this parameter when ADR is not enabled.
Default
Unlimited
Example
CopyTRACE_FILELEN_listener=100
7.6.7 TRACE_FILENO_listener_name
Purpose
To specify the number of trace files for listener tracing.
Usage Notes
When this parameter is set along with the TRACE_FILELEN_listener_name parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is re-used, and so on.
The trace file names are distinguished from one another by their sequence number. For example, if the default trace file of listener.trc is used, and this parameter is set to 3, then the trace files would be named listener1.trc, listener2.trc and listener3.trc.
In addition, trace events in the trace files are preceded by the sequence number of the file. Use this parameter when ADR is not enabled.
Default
1
Example
CopyTRACE_FILENO_listener=3
(六)Class of Secure Transports Parameters
The class of secure transports (COST) parameters specify a list of transports that are considered secure for administration and registration of a particular listener. The COST parameters identify which transports are considered secure for that installation and whether the administration of a listener requires secure transports. Configuring these parameters is optional.
To enable or disable dynamic registration.
Static registrations are not affected by this parameter.
The default value is on. Unless this parameter is explicitly set to off, all registration connections are accepted.
Example
DYNAMIC_REGISTRATION_listener_name=on
To specify the transports on which control commands are to be serviced.
If the SECURE_CONTROL_listener_name parameter is configured with a list of transport names, then the control commands are serviced only if the connection is one of the listed transports. Connections arriving by other transport protocols are refused. The following is an example:
SECURE_CONTROL_listener1 = (TCPS,IPC)
In the preceding example, administration requests are accepted only on TCPS and IPC transports.
If no values are entered for this parameter, then the listener accepts any connection on any endpoint.
Syntax
SECURE_CONTROL_listener_name = [(]transport1[,transport2, ....,transportn)]
In the preceding syntax, transport1, transport2, and transportn are valid, installed transport protocol names.
Example
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_CONTROL_LISTENER1=tcps
To specify the transports on which registration requests are to be accepted.
If the SECURE_REGISTER_listener_name parameter is configured with a list of transport names, then only the connections arriving on the specified transports are able to register the service with the listener. Connections arriving by other transport protocols are refused. The following is an example:
SECURE_REGISTER_listener1 = (TCPS,IPC)
In the preceding example, registration requests are accepted only on TCPS and IPC transports.
If no values are entered for this parameter, then the listener accepts registration requests from any transport.
Syntax
SECURE_REGISTER_listener_name = [(]transport1[,transport2, ....,transportn)]
In the preceding example, transport1, transport2, and transportn are valid, installed transport protocol names.
If this parameter and SECURE_CONTROL_listener_name are configured, then they override the SECURE_PROTOCOL_listener_name parameter.
Example
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_REGISTER_listener1=tcps
To specify the transports on which administration and registration requests are accepted.
If this parameter is configured with a list of transport names, then the control commands and service registration can happen only if the connection belongs to the list of transports.
If this parameter is not present and neither SECURE_CONTROL_listener_name or SECURE_REGISTER_listener_name are configured, then all supported transports accept control and registration requests.
If the SECURE_CONTROL_listener_name and SECURE_REGISTER_listener_name parameters are configured, then they override the SECURE_PROTOCOL_listener_name parameter.
Syntax
SECURE_PROTOCOL_listener_name = [(]transport1[,transport2, ....,transportn)]
In the preceding syntax, transport1, transport2, and transportn are valid, installed transport protocol names.
Example
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_PROTOCOL_listener1=tcps
COST parameters can also be used in combination to further control which transports accept service registration and control commands.
In Example 7-5, control commands are accepted only on the IPC channel and the TCPS transport, and service registrations are accepted only on an IPC channel.
Example 7-5 Combining COST Parameters
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_CONTROL_listener1=(tcps,ipc)
SECURE_REGISTER_listener1=ipc
In Example 7-6, control commands are accepted only on the TCPS transport, and service registrations are accepted only on the IPC channel.
Example 7-6 Combining COST Parameters
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_CONTROL_listener1=tcps
SECURE_PROTOCOL_listener1=ipc