I have a question about WAN MACSec.
dot1q (0x8100) in the clear and tagging sites - that all makes perfect sense - the provider can see the tag - routes the traffic and its all sunshine and rainbows.
However - how does the 0x876F (EAPOL) frame traverse the network ? Its all well and good to say - dont drop it - but something isnt stacking up.
If I have HQ connected and sites 30 / 50 / 70 all tagged - Now we enable this extra ether type ? 0x876F
How does the provider know where to deliver it ? A ether type comes in with 876F - where does it go ? All Sites ?
Also the return traffic - the site responds to the eapol frame .. and it goes where ?
If you have an international network this crumbles pretty quick.
From the provider prospective - this isnt clear..
I appreciate when there is a etherwire or pseudowire connection between two sides - you can transmit any ether type - and it works grand but the design doesnt scale... at all.. from what I can see.
Please advise..