Quick question, if you do not use User Authentication via 802.1x, is the MACSEC client to switch working? What MACSEC SW are you using on the client side?
People I have worked with on this, have not been able to find client side SW that actually works! MACSEC Juniper switch-to-switch definitely works and is deployed, albeit with potential caveats.