Security7-12Enabling Security and Trapstransmitted clean to all ports on that channel unless security has been enabledthere, too. Packets bridged to Channel A will always be transmitted clean to allports, regardless of lock status; however, careful bridge configuration andprudent use of each port’s forwarding and blocking abilities can provide somemeasure of security in this case.• Security must be disabled on any port which is connected to an external bridge,or the bridge will discard all packets it receives as error packets (since the CRCis not recalculated after a packet is scrambled).• Security should also be disabled on any port which is supporting a trunkconnection, unless you are sure that no more than 34 source addresses willattempt to use the port, and you have secured all necessary addresses. Notethat, with the newest versions of security, aLANVIEWSECURE port that seesmore than 35 addresses in its Source Address table (or exactly 35 addresses fortwo consecutive aging intervals) is considered unsecurable and cannot belocked.• Full security should not be implemented on any port which supports a nameserver or a bootp server, as those devices would not receive the broadcast andmulticast messages they are designed to respond to (partial security — whichdoes not scramble broadcasts or multicasts — will not affect their operation).Note that users who require responses to broadcast or multicast requests canstill operate successfully if their ports are fully secured, as the reply to abroadcast has a single, specific destination address.In general, scrambling is most effective when employed in a single chassis whichcontains onlyLANVIEWSECURE MIMs operating on channels B and/or C;remember, non-LANVIEWSECURE MIMs and any ports operating on Channel A donot support scrambling as part of their security functionality.Enabling Security and TrapsYou can enable or disable all applicable protections by locking or unlocking portsvia the repeater, module, or port Security window, as described in the sectionsbelow. There are two levels of lock status to choose from: if you select Full lockstatus, the port will stop learning new source addresses, accept packets only fromsecured source addresses, employ either full or partial eavesdrop protection (asconfigured), and take the configured steps (send trap and/or disable port) if aviolation occurs; if you select Continuous lock status, the port will implement theconfigured level of eavesdrop protection, but continue to learn source addressesand allow all packets to pass, effectively disabling intruder protection.Enabling and disabling traps from the Security windows has the same effect asenabling and disabling them from the Source Address windows; you can enableand disable the following traps: