Hi all,

I'm trying to create a PoC for Cisco ISE to test some Client Provisioning scenarios. I have deployed a Cisco ISE instance on my ESXi and connected a CML scenario with couple of switches and couple of Windows clients.

Unfortunately I noticed that the switches doesn't support CoA. It gets the RADIUS attributes (DACL names, Redirect URL, etc..)  but the DACL is not created/applied. I checked the documentation (Link here) and it only list some of the supported/Unsupported features (i.e. Radius is not in the list but is supported)

Supported Features

The following features have been tested and work in the IOSvL2 image:

• Layer-2 forwarding
• Switchport
• 802.1q trunk, 802.1q VLANs
• Spanning tree
• Port-Channel (pagp and lacp)
• 802.1x passthrough
• Port-ACLs
• Dynamic ARP inspection
• DHCP snooping
• IP device tracking
• Switched Virtual Interfaces (SVI)
• Layer-3 forwarding over SVIs
• Routing protocol support (ISIS is NOT supported)
• VTP v1-3
• PVST
• QoS
• Inter-vlan routing
• VLAN access maps (VACLs / access control lists for VLANs)
• ACL functionality for both layer-2 and layer-3 protocol packets
• Dynamic Trunking Protocol support
• Switchport protected mode

Unsupported Features

The following features are not supported by IOSvL2 and are known not to work:

• Port mirroring (SPAN)
• Private VLANs

Do you guys knows if there's any plan on having CoA supported in the future releases for the IOSv L2? 

That would be very helpful to create scenarios with ISE.

If anybody as a workaround for this IOSv L2 limit any feedback would be much appreciated

Thank you