MACSec secure policies

rushanmu-cisco · rushanmu-cisco · commit 3d9012b3a3c8 · 2025-10-01T13:01:30.000-07:00
Signed-off-by: Ruthrapathy Shanmuganandam &lt;rushanmu@cisco.com&gt;
diff --git a/doc/SAI-Proposal-MACSec-Secure-Policy.md b/doc/SAI-Proposal-MACSec-Secure-Policy.md
@@ -35,8 +35,6 @@ Must Secure is the most stringent secure policy.
 
 - If MKA session remains down, only EAPol(Extensible Authentication Protocol over LAN) packets are exchanged.
 
-- If the peer does not support MACsec, traffic still passes unencrypted (avoiding connectivity loss).
-
 ## Should Secure (Fail-Open)
 
 Should Secure is a less stricter policy than Must Secure.
@@ -47,8 +45,6 @@ Should Secure is a less stricter policy than Must Secure.
 
 - The network continues to function, but the traffic on that specific link remains unencrypted.
 
-- If the peer does not support MACsec, traffic still passes unencrypted (avoiding connectivity loss).
-
 # SAI Attribute Enhancement
 
 The below MACSec port attribute is newly introduced to allow configuration of the MACSec secure policy. This attribute controls how the switch’s MACsec security engine enforces link protection. When set, the attribute instructs the hardware to apply the corresponding policy on the specified port.
