Where does Cisco ISE store the MAC address of the guest endpoint once the guest has signed the Acceptable Use Policy?

The MAC address of the guest endpoint is stored in the GuestEndpoint identity group after the guest has signed the Acceptable Use Policy. This storage mechanism is part of how Cisco ISE manages guest access and ensures that all pertinent information about guest devices is organized and accessible.

When a guest connects to a network and agrees to the Acceptable Use Policy (AUP), Cisco ISE automatically adds their endpoint details, including the MAC address, to the GuestEndpoint identity group. This allows for effective tracking of guest devices, applying policies specifically tailored for guests, and facilitating any necessary management or reporting related to their network access.

By maintaining the MAC addresses in this specific identity group, Cisco ISE simplifies the process of distinguishing between regular endpoints and guest endpoints. This distinction is vital for enforcing security policies and managing access rights appropriately, ensuring that guest users have the permissions they need without infringing on the security of the organization's primary network resources.

Other options, such as the RegisteredDevices identity group or the hotspot identity group, do not specifically cater to guests after they accept the AUP and therefore do not provide the same level of targeted management for guest networks.