Cisco TrustSec in EVE-NG using virtual IOS/IOL switches with Cisco ISE
Hi everyone,
I’m testing Cisco TrustSec in EVE-NG using virtual IOS/IOL switches with Cisco ISE.
Current status:
* SGT assignment through RADIUS works
* CTS configuration is accepted
* `show authentication sessions` displays the correct SGT
* `show cts role-based permissions` shows the RBACL entries
However, actual enforcement does not happen:
* Traffic is still permitted even with deny rules configured
* `show cts role-based counters` remains at 0
* Downloadable SGACLs from ISE also do not seem to apply
I also tested locally configured RBACLs directly on the switch and got the same behavior.
Is this a known limitation of IOU/IOL images in EVE-NG?
Do these images support only TrustSec classification/SGT visibility without real dataplane SGACL enforcement?
Would appreciate confirmation from anyone who has tested TrustSec successfully in emulated environments.