(X-posting as I mistakenly posted in the wrong forum)

We are in the middle of an 802.1x deployment with Cisco ISE as the backend. We have been using Anyconnect NAM as supplicant.

Everything is working famously on physical hosts, but we apparently have a significant number of users that have VMs on their workstations for a variety of reasons (most use Virtualbox, but there is also some Hyper-V in there.) Most of those VMs are actually provided by our Desktop Support department and follow corporate policy, and thus have Anyconnect NAM installed. All of those VMs are also configured in bridge mode so that they receive real IPs and connect to all the services and management that are available for regular physical hosts.

Problem is, it doesn't look like the bridged adapter is forwarding EAP messages between the supplicant and the switch. That's fine in Open mode, but when I go to close mode all of these host won't connect to the network.

Anybody have seen this issue? Any idea how to fix it?

So far my only ideas are:

-Create a custom profile for the Virtualbox MACs (and figure out what Hyper-V uses) and whitelist them.

-Keep those ports open

Both of which doesn't really accomplish the goal of authenticating the host.