Home » Security » [solved] how to whitelist the mac address in Cisco ISE using the console

[solved] how to whitelist the mac address in Cisco ISE using the console

This article will walk you thru on how to whitelist the mac address in Cisco ISE. The device gets profiled as soon as it is plugged into the network and depending on the authorization rules, it is either allowed or denied. below is an example of the Cisco phone being profiled in Cisco ISE.

below is rule that matches endpoint identity group name “printers” and allows access once the the mac address is white-listed

you can see that the endpoint group under Endpoint Identity Groups by navigating to “Work centers” and “ID Groups”

Now if the printer is plugged in and mac address is not added in Cisco ISE, the printer will be profiled as printer and denied access since it will not any allow rule and same goes for any phones or other deivces

below is a phone which did not have the MAC white listed in Cisco ISE and you can see it was redirected to guest vlan



There are multiple ways to add the mac to address in Cisco ISE, you can use a file to add multiple addresses – below is an example of a test.csv file with multiple values.

Add the mac address which also ties to a end point policy and an identity group and save the file to the desktop


you can then browse to “work Centers” and “Identities”

Click on the Import and browse to the location of the file where it was saved for example on your desktop


Choose the file and click on submit



Now the file has been submitted, you can power off the device and power it back up again and this time it will see mac address in the list and will allow access to the internal network. you can see now it is matched as a correct profile and allowed access


Let me know if this helps, or if it is inaccurate so I can update



Leave a Reply

Your email address will not be published. Required fields are marked *