This article will walk you thru on how to whitelist the mac address in Cisco ISE. The device gets profiled as soon as it is plugged into the network and depending on the authorization rules, it is either allowed or denied. below is an example of the Cisco phone being profiled in Cisco ISE.
below is rule that matches endpoint identity group name “printers” and allows access once the the mac address is white-listed
you can see that the endpoint group under Endpoint Identity Groups by navigating to “Work centers” and “ID Groups”
Now if the printer is plugged in and mac address is not added in Cisco ISE, the printer will be profiled as printer and denied access since it will not any allow rule and same goes for any phones or other deivces
below is a phone which did not have the MAC white listed in Cisco ISE and you can see it was redirected to guest vlan
There are multiple ways to add the mac to address in Cisco ISE, you can use a file to add multiple addresses – below is an example of a test.csv file with multiple values.
Add the mac address which also ties to a end point policy and an identity group and save the file to the desktop
you can then browse to “work Centers” and “Identities”
Click on the Import and browse to the location of the file where it was saved for example on your desktop
Choose the file and click on submit
Now the file has been submitted, you can power off the device and power it back up again and this time it will see mac address in the list and will allow access to the internal network. you can see now it is matched as a correct profile and allowed access
Let me know if this helps, or if it is inaccurate so I can update
HTH
