I wish to create a secure channel between (2) WS-C3850-24T using (2) LH fiber modules in the C3850-NM-4-1G. I originally wanted to use MacSec but I am questioning now if MacSec is even possible on the 3850 (unable to get all the commands to work). Can anyone confirm if MacSec is possible on the 3850 with this module? If you have configured this, let me know how.
On the fiber module port, I am unable to issue the commands:
switchport trunk encapsulation dot1q
as well as the “gcm-encypt” part of sap pmk <Hexdec> mode-list gcm-encrypt
If it isn't possible, is there another way recommended? Site-to-Site VPN?
MacSec is desirable due to the speed but if it can't be done, so be it. I am getting conflicting information online and with Cisco.
Rick
