This question was posed to me at a cocktail party and I didn't know the answer.
This guy has a site in San Jose and one in Phoenix. He's doing clustering for an Exchange server and the version he says requires the cluster members be on the same vlan. So his plan is to have a VLAN span two physical locations - SJ and PHX. Actually he'd be trunking a couple of VLANs between the sites. He has a private 100Mbps fiber line between the sites. Now he wants to encrypt the trunk so all VLANs that go over the fiber get encrypted.
I told him I'd upgrade the OS version and use different subnets at each site. But he's intent on this method. How would you go about encrypting/decrypting this L2 trunk??