802.1AE MACSec Support

This seems like a clean way to secure Ethernet connections between Alta Labs devices (and other devices supporting MACSec) without losing access to features like AltaPass/requiring wireless users to authenticate with a radius server .

My use case is securing Ethernet connections leading to outdoor access points (in my case the AP6Pro Outdoor). Currently, I have the AP connected to a 802.1x strict port on the S24 switch. The AP authenticates with the radius server running on a Route10 behind the switch on startup, which then allows traffic to flow from the AP from all connected devices. This setup is still vulnerable to someone plugging in their own switch to the outdoor connection and plugging in the AP into the switch alongside their devices.

I’m by no means an expert on the subject so if anyone has any suggestions or corrections please post!

Fyi MACsec (802.1AE) with 802.1X (EAPOL) key management with wpa_supplicant - For Developers - OpenWrt Forum contains a request for the feature ro be supported in openwrt which many alta devices seems based on.

It contains some considerations regarding hardware support and how to get the software to work.

While not bulletproof, (no mitm prevention) 802.1x support couls be a step in the right direction feasible with current hardware.