Your better off using the Guest Device Repository as Tim mentioned. I just went through this same process. Guest Device Repository gives you much more to work with including names, descriptions, and any other custom field you can think of. Plus you can setup Guest Login with custom Admin Privileges to only add/manage/remove devices.
Your service would then look like:
Authenticaiton method: MAC AUTH
Authentication source: Guest Device Repository
Role Mapping - If Authentication Source = Guest Device Repository (or you can use a custom attribute to reference) Assign your Role.
Enforcement - TIPS Role EQUALS Your Role = Enforcement Profile (same as now)