If I have two layer 3 switches on a campus LAN connected to each other with a routed interface on each switch, can I still enable MACsec on both switches and the traffic between the switches would be encrypted?
Being that the switches are connected at layer 3 and MACsec is layer 2, I'm wondering how that works. Is it that the layer 2 frame is encapsulated in the IP packet between the switches?
The IP address is the payload of Ethernet frames, so, it will be transparent for Layer 3 communication. The same way happens between switch and PC. The PC is somehow a layer 3 devices as well as it has IP address and routing table. But, the Macsec works just fine with PC and switches.