This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi All,
I have just started deploying my wireless system with 1850 Mobility Express solutions. I have configured Radius authentication. The only problem is that I want to create WLAN with corresponding user subnet VLAN which can only connect internet through my WSA as proxy. So is there any Radius attribute where i can use it for forcing my WSA IP and Port to mobile phones so that they can connect internet. If no I will have to create separate Wireless Subnet which is not preferable solution for me.
Thanks in Advance!
Solved! Go to Solution.
In order to support various clients in wild ranges, Transparent proxy is a better option. Below is what we used in our training lab using a Cisco 3650 with ip routing enabled:
conf t ! ! create redirect ACL for WCCP ip access-list extended wccp-redirect deny ip any 10.0.0.0 0.255.255.255 permit tcp 10.0.0.0 0.255.255.255 any eq www permit tcp 10.0.0.0 0.255.255.255 any eq 443 ! ! enable wccp with service-id 90, matched WSA config ip wccp 90 redirect-list wccp-redirect ! ! apply wccp to the client VLAN 50 interface Vlan50 ip wccp 90 redirect in ! end
I believe we do this by hosting the proxy PAC on a web server and using DNS or DHCP to discovery it, per WinHTTP AutoProxy Support.
I do not think any RADIUS attribute can help with that. At least I am not aware of.
Thank you very much, for your response.
For corporation computers I am using DHCP 252 option with PAC file URL that is okay. But, what about mobile phones? I am no sure that phones will understand PAC file.
In order to support various clients in wild ranges, Transparent proxy is a better option. Below is what we used in our training lab using a Cisco 3650 with ip routing enabled:
conf t ! ! create redirect ACL for WCCP ip access-list extended wccp-redirect deny ip any 10.0.0.0 0.255.255.255 permit tcp 10.0.0.0 0.255.255.255 any eq www permit tcp 10.0.0.0 0.255.255.255 any eq 443 ! ! enable wccp with service-id 90, matched WSA config ip wccp 90 redirect-list wccp-redirect ! ! apply wccp to the client VLAN 50 interface Vlan50 ip wccp 90 redirect in ! end