Wired Equivalent Privacy was the term coined for wireless encryptions, however today the wired connections have become the easy target of the attackers due to its inherent vulnerable characteristics. Contrast to the IP tunnels that are end-to-end masking the content of the packet from network services, a hop-by-hop encryption alternative with complete visibility of the data to the network devices is desirable. This intermediate session focusses on the fundamentals and deployment options of the IEEE 802.1AE (MACsec), a hop-by-hop layer 2 encryption technology using Catalyst and Nexus switching platforms as well as MACsec over WAN links using ASR1K and ISR routing platforms. Various deployment scenarios from Enterprise to WAN use cases will be covered as part of this breakout session. 256-bit GCM encryption on ASR1K, ISR, with multiple deployment options, viz Port-mode, VLAN-mode on point-to-point and point-to-multipoint links will be discussed.This session is for Network Architects, Pre-Sales Engineers and Technical Decision Makers. Previous knowledge or experience is recommended in encryption, campus design, WAN design, and Layer 2 switching.