Home » Security » [solved] how to whitelist the mac address in Cisco ISE using the console

[solved] how to whitelist the mac address in Cisco ISE using the console

This article will walk you thru on how to whitelist the mac address in Cisco ISE. The device gets profiled as soon as it is plugged into the network and depending on the authorization rules, it is either allowed or denied. below is an example of the Cisco phone being profiled in Cisco ISE.

below is rule that matches endpoint identity group name “printers” and allows access once the the mac address is white-listed

you can see that the endpoint group under Endpoint Identity Groups by navigating to “Work centers” and “ID Groups”

Now if the printer is plugged in and mac address is not added in Cisco ISE, the printer will be profiled as printer and denied access since it will not any allow rule and same goes for any phones or other deivces

below is a phone which did not have the MAC white listed in Cisco ISE and you can see it was redirected to guest vlan

 

 

There are multiple ways to add the mac to address in Cisco ISE, you can use a file to add multiple addresses – below is an example of a test.csv file with multiple values.

Add the mac address which also ties to a end point policy and an identity group and save the file to the desktop

 

you can then browse to “work Centers” and “Identities”

Click on the Import and browse to the location of the file where it was saved for example on your desktop

 

Choose the file and click on submit

 

 

Now the file has been submitted, you can power off the device and power it back up again and this time it will see mac address in the list and will allow access to the internal network. you can see now it is matched as a correct profile and allowed access

 

Let me know if this helps, or if it is inaccurate so I can update

HTH

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*