cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

132
Views
0
Helpful
3
Replies

Wireless Authorization Profile Forcing WEB Proxy IP

Hi All,

I have just started deploying my wireless system with 1850 Mobility Express solutions. I have configured Radius authentication. The only problem is that I want to create WLAN with corresponding user subnet VLAN which can only connect internet through my WSA as proxy. So is there any Radius attribute where i can use it for forcing my WSA IP and Port to mobile phones so that they can connect internet. If no I will have to create separate Wireless Subnet which is not preferable solution for me.

 

Thanks in Advance!

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Wireless Authorization Profile Forcing WEB Proxy IP

In order to support various clients in wild ranges, Transparent proxy is a better option. Below is what we used in our training lab using a Cisco 3650 with ip routing enabled:

 

conf t
!
! create redirect ACL for WCCP
ip access-list extended wccp-redirect
 deny   ip any 10.0.0.0 0.255.255.255
 permit tcp 10.0.0.0 0.255.255.255 any eq www
 permit tcp 10.0.0.0 0.255.255.255 any eq 443
!
! enable wccp with service-id 90, matched WSA config
ip wccp 90 redirect-list wccp-redirect
!
! apply wccp to the client VLAN 50
interface Vlan50
 ip wccp 90 redirect in
!
end

 

3 REPLIES 3
Cisco Employee

Re: Wireless Authorization Profile Forcing WEB Proxy IP

I believe we do this by hosting the proxy PAC on a web server and using DNS or DHCP to discovery it, per WinHTTP AutoProxy Support.

I do not think any RADIUS attribute can help with that. At least I am not aware of.

 

Highlighted

Re: Wireless Authorization Profile Forcing WEB Proxy IP

Thank you very much, for your response.

For corporation computers I am using DHCP 252 option with PAC file URL that is okay. But, what about mobile phones? I am no sure that phones will understand PAC file.

Cisco Employee

Re: Wireless Authorization Profile Forcing WEB Proxy IP

In order to support various clients in wild ranges, Transparent proxy is a better option. Below is what we used in our training lab using a Cisco 3650 with ip routing enabled:

 

conf t
!
! create redirect ACL for WCCP
ip access-list extended wccp-redirect
 deny   ip any 10.0.0.0 0.255.255.255
 permit tcp 10.0.0.0 0.255.255.255 any eq www
 permit tcp 10.0.0.0 0.255.255.255 any eq 443
!
! enable wccp with service-id 90, matched WSA config
ip wccp 90 redirect-list wccp-redirect
!
! apply wccp to the client VLAN 50
interface Vlan50
 ip wccp 90 redirect in
!
end