MACSec - viable layer 2 security for $$$? Is there OS support for it?

[OpenSource Ghost]

MACSec is related to 802.1X (EAPOL), but doesn't suffer from the same vulnerabilities as 802.1X. Based on specs it seems like a viable layer 2 (wire-based) security mechanism - https://en.wikipedia.org/wiki/IEEE_802.1AE.

When I research it, almost all results include "Cisco" and licensing fees. Does any OS support it? Until typical OS like WIndows, Android, and macOS support it, only switch-to-switch links are protected without benefiting client-to-switch links. Are licensing fees the primary reason MACSec is not widely adopted?

 

[Nobu]

Looks like Linux (the kernel) supports it since 2016, and support may be in iproute2 (Linux userspace networking utilities).

https://bootlin.com/blog/network-traffic-encryption-in-linux-using-macsec-and-hardware-offloading/#:~:text=Linux has a software implementation of MACsec, found,secure channel, attached to a parent network device.

Looks like some HPe switches can be configured for it: https://techhub.hpe.com/eginfolib/n..._access_security_guide/content/v32677644.html

There's also an msdn article about how to configure macsec on MS Azure. Couldn't find anything related to plain Windows (desktop or server)