Remix clone Hacker News

new | show | ask | jobs Github

▲

tguvot 2 days ago

it still will block or slow down many.

802.1x is commonly deployed with macsec. will it be also trivial to bypass ?

▲

justsomehnguy a day ago | parent [-]

Did you ever seen an intercom or IP camera with macsec support?

▲

tguvot a day ago | parent [-]

yes

for example https://newsroom.axis.com/en-us/press-release/macsec-zero-tr...

▲

justsomehnguy a day ago | parent [-]

That's great.

Now we need to get an enterprise grade switch - doubt Cisco would add macsec into SOHO gear. Along with enterprise grade intercoms, cameras, doorbells...

And beloved by many Unifi is out of question - they still can't bake IPv6 support.

So looks like it's feasible but the cost wouldn't be good.

ADD: also read this article: https://news.ycombinator.com/item?id=41531699

	▲	tguvot 16 hours ago \| parent [-]
		i well familiar with macsec. we use it between datacenters and for aws directlink. it de-facto standard for this kind of stuff. i even worked on hardware that provided macsec support a couple of years ago I tried to use it inside datacenter during fedramp implementation. it crashed and burned for a couple of reasons: - linux wpa_supplicant was crashing during session establishment - switch had a limit on number of macsec session per port