Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
3
Helpful
4
Replies

60 new MAC addresses in ISE

pedernessimo
Level 1
Level 1

‎09-25-2025 01:46 AM

Hello.

Can You advice how we can add 60 new MAC addresses into our ISE.

This is 60 x new Cisco IP phones.

 

Best regards

Peder Nessimo

TV 2 Norway

 

0 Helpful
4 Replies 4

Mark Elsen
Hall of Fame
Hall of Fame

‎09-25-2025 04:43 AM

 

  - @pedernessimo     Ref : https://www.wiresandwi.fi/blog/cisco-ise-managing-mac-addresses-and-endpoint-identity-groups-for-mab-authentication
                                  ...> (Read from) : Bulk Import MAC addresses into Endpoint Identity Group using CSV file

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Rob Ingram
VIP
VIP

‎09-25-2025 04:51 AM

@pedernessimo any reason why you don't use 802.1X using the built in Manufacturer Integrated Certificate (MIC), that would be more secure than using MAB which is spoofable.

If you wish to use MAB then use the bulk import option from CSV as already provided. You can make MAB slightly more secure by including profiling attributes (i.e., Cisco IP Phone) in the authorisation rule, assuming you have the correct licensing. 

Arne Bier
VIP
VIP
In response to Rob Ingram

‎09-25-2025 11:07 PM

@Rob Ingram - exactly what I was hoping would be the case. But I think this dream of 'plug and play' doesn't always work out as planned.

If there is to be out-of-the-box plug and play support for phones or cameras etc. then the following must be true:

  • 802.1X supplicant configured on the device from factory
  • if 802.1X supplicant is configured, then it must be set to not trust the RADIUS server EAP Certificate (because that would be an impossible situation, unless the ISE EAP cert was signed using a public CA cert ... which is very uncommon) 
  • And of course ISE must have the Trusted Cert Chain installed of the manufacturer's cert etc. - that's the easy part we can control

In my experience with Axis cameras and their 802.1AR ID-Certs (kind of like a Cisco MIC cert) is that the cameras are enabled with supplicant from factory, but when I tested on my ISE, the cameras rejected the ISE cert - I am not finished with my testing yet, but if that is indeed the factory default, then no joy with that vendor.  I wonder if Cisco phones/WAPs are any better.

0 Helpful

MarkTrump
Level 1
Level 1

‎09-25-2025 05:19 AM

You can bulk add them by creating an import file (CSV) and uploading through ISE, much quicker than entering each MAC manually.

Customers Also Viewed These Support Documents