I have the unenviable scenario of being forced to use encryption on the links between switches. They will be point-to-point gigabit links via SFP/GBIC adapters. (I know encryption shouldn't be necessary on a point-to-point topology, but it's been decided from so high it needs oxygen, and is totally unarguable).
They are going to be 3750's, so as a last resort, I'll have to muck about with subnets on a per-switch basis, and configuring DHCP helper to match. However I'd rather keep it as vanilla a switch fabric as possible so site engineers can do a more rapid swap-out if required.
What I'd like to do is configure encryption between the switches while using either dot1q or ISL to carry VTP.
Has anyone ever done this? Is there a native layer-2 encryption process I can use?
All tips most welcome, and thanks in advance.