= Scenario =
- RB4011iGS+5HacQ2HnD as main router (connect via ethernet to ISP ONT)
- RBD53iG-5HacD2HnD as a bridge AP (located in my building basement), connected to RB4011 via ethernet
- Ethernet cable goes partially through a public area (building garage)
- Main subnet 192.168.25.0/24
- 1 VLAN (172.16.0.0/24) and 1 bridge for the VLAN in each device (VLAN is used to isolate my Hyper-V Lab towards Internet)
= Objective =
Secure the comms so that I mitigate the exposure of the physical cable going through a public area
I’ve tested doing a simple configuration of MACSEC, but I can’t make it work (Invalid) and logging is not helping at all.
Is it possible to do MACSEC between these devices at all? I know perf might not be the best, but I would like to test it nevertheless.
Could anyone give me some pointers on how to achieve it? Do I need to create another subnet + bridge and route the traffic through the MACSEC interface?
Thank you for your help!