Hello @Herman2018
Yes, MACsec is a solid option for protecting L2 connections between HQ and branch offices, as it provides encryption at the physical layer to safeguard against eavesdropping, tampering, and other attacks...
To implement MACsec, you'll first need to verify that your hardware supports it, as not all switches or routers come with MACsec capabilities; Cisco devices like the Catalyst 9000 series typically support it. You’ll also need the appropriate licenses, such as Network Advantage or DNA Advantage.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-12/configuration_guide/sec/b_1712_sec_9300_cg/macsec_encryption.html
Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.