Skip to main content
Everything you do to endpoints in a managed Endpoint Identity Group is pushed to Cisco ISE. The admin side and the Self-Service side share the same underlying model; this page covers the admin-side workflow, which is the richer of the two. For batch uploads, see Batch adding endpoints. For Change of Authorization, see Change of Authorization.

The ISE Endpoints tab

Open a managed group and click the ISE Endpoints tab (selected by default). The table shows every endpoint Cisco ISE reports as a member of the group. Columns:
  • Status — icon showing online (live session) or offline (no session right now).
  • Type — icon for the endpoint’s device class (phone, camera, laptop, IoT, unknown).
  • MAC — lowercase, colon-separated. Click to open the endpoint detail page.
  • Description — the free-text description captured when the endpoint was added.
  • IPv4 address — from the live session, if any.
  • Network Device (NAS) — the switch / WLC / access point name, with IP.
  • Port / VLAN — the NAS interface and VLAN assignment.
  • Session Duration — how long the current session has been up.
  • Data Usage (DL/UL) — download / upload totals for this session.
  • Connection Information — the authentication method in use.
  • Action — per-row menu: Edit, Move, Perform CoA (only when the endpoint is online), Delete endpoint.
Above the list:
  • A Search by mac… filter.
  • Add Device (primary) — single-endpoint add.
  • Batch Add Endpoints (on the bottom-right) — four-step CSV wizard. Covered on its own page.
ISE Endpoints tab of IP_Phones group showing a table with MACs, device types, IPs, NAS and session data columns, with per-row Edit/Move/Delete/Perform CoA action menus

Adding a single endpoint

1

Click Add Device

Opens the Add Device dialog.
2

Fill the form

  • MAC Address — 14 hexadecimal characters, any common format (colons, dashes, none). Case-insensitive; stored lowercase.
  • Description — a short free-text description. Shows up in the list and in ISE.
  • Device type — optional; picked from the dropdown of device types the Context recognises.
3

Click Add Device

The platform creates the endpoint in Cisco ISE and the new row appears in the list within moments.
Add Device dialog with MAC Address, Description and Device type fields
Already in another group? Adding a MAC that Cisco ISE already holds in a different group moves the endpoint into the group you’re adding to — it doesn’t create a duplicate. If that’s not what you wanted, use Move instead (see below).

Editing an endpoint

From any endpoint’s row menu, pick Edit. You can change:
  • Description.
  • Device type (if the Context defines device types).
  • Any Managed Attribute value the group is configured for.
MAC Address is immutable. To change an endpoint’s MAC, delete the old one and add a new one.

Moving an endpoint to another group

1

Pick Move on the endpoint's row menu

Opens the Move Device dialog.
2

Choose a destination group

The dropdown lists every connected Endpoint Identity Group in the Context.
3

Confirm

The platform updates the endpoint’s group membership on the ISE side. The endpoint vanishes from the current group’s list and appears in the destination’s.
Move does not re-authenticate the endpoint. If your ISE authorization policy depends on the group membership, consider triggering a Change of Authorization after the move so the endpoint gets the destination group’s authorization profile.

Deleting an endpoint

From the row menu, Delete endpoint removes the endpoint from Cisco ISE. Audited. No undo — re-add if you made a mistake.

The endpoint detail page

Clicking a MAC opens the endpoint detail page, which is richer than the row can show:
  • Endpoint Details — MAC, IP, Description, Added by / Added Date, Last Updated by / Last Updated, plus every Managed Attribute value the endpoint carries.
  • Session Details — IPv4, Network Device, NAS IP Address, NAS Port ID, VLAN, Session Duration, Data Usage, Packets Received / Sent, Authentication Method, Authentication Protocol, Authentication Status, Authorization Profiles, plus around twenty more attributes Cisco ISE reports for the session. If the endpoint isn’t currently authenticated, this card says No Session Data available.
  • RADIUS Attributes — the raw attributes from the most recent RADIUS Access-Accept. Useful for troubleshooting policy hits.
  • Additional Authentication Details — ISE’s per-auth extras.
Endpoint detail page showing MAC, IP, Description in Endpoint Details and a full Session Details table with NAS, VLAN, Session Duration, Data Usage, RADIUS attributes
Each card has its own refresh button — sessions are live data, so you’ll often want to re-fetch.

What the Self-Service side does differently

Group Administrators and default users see a slimmer version of this page. The differences:
  • Accordion, not table. Each endpoint expands to show the same information per row, optimised for smaller screens.
  • Modify and Revoke only. No Move (single-group scope), no Delete (same thing as Revoke in admin terms), no Perform CoA.
  • Filter pills — Online / Offline / All — instead of a boolean search filter.
See Self-Service portal.

Batch adding endpoints

The four-step CSV wizard.

Change of Authorization

Re-authenticate an endpoint after a group move or attribute change.

Managed Attributes

Per-group and per-endpoint attribute values synced into ISE.

Self-Service portal

What delegated administrators see for the same endpoints.