I'm looking for some guidance with authenticating wired clients attached to MR36H wired ports.  We're using Cisco ISE (RADIUS) for wireless clients which is working well.  In ISE, we have endpoint groups, just lists of MAC addresses, that are allowed to connect to the network without hitting the user portal for login.  The wired ports work fine for open access but I'm not having any success leveraging ISE for authenticating those wired clients.  The end goal here is for users to register their MAC addresses for wired devices and have an ACL that only allows those registered clients to access the network.  Is anyone doing anything similar?