cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1265
Views
0
Helpful
3
Replies

Wireless Authorization Profile Forcing WEB Proxy IP

Hi All,

I have just started deploying my wireless system with 1850 Mobility Express solutions. I have configured Radius authentication. The only problem is that I want to create WLAN with corresponding user subnet VLAN which can only connect internet through my WSA as proxy. So is there any Radius attribute where i can use it for forcing my WSA IP and Port to mobile phones so that they can connect internet. If no I will have to create separate Wireless Subnet which is not preferable solution for me.

 

Thanks in Advance!

1 Accepted Solution

Accepted Solutions

In order to support various clients in wild ranges, Transparent proxy is a better option. Below is what we used in our training lab using a Cisco 3650 with ip routing enabled:

 

conf t
!
! create redirect ACL for WCCP
ip access-list extended wccp-redirect
 deny   ip any 10.0.0.0 0.255.255.255
 permit tcp 10.0.0.0 0.255.255.255 any eq www
 permit tcp 10.0.0.0 0.255.255.255 any eq 443
!
! enable wccp with service-id 90, matched WSA config
ip wccp 90 redirect-list wccp-redirect
!
! apply wccp to the client VLAN 50
interface Vlan50
 ip wccp 90 redirect in
!
end

 

View solution in original post

3 Replies 3

hslai
Cisco Employee
Cisco Employee

I believe we do this by hosting the proxy PAC on a web server and using DNS or DHCP to discovery it, per WinHTTP AutoProxy Support.

I do not think any RADIUS attribute can help with that. At least I am not aware of.

 

Thank you very much, for your response.

For corporation computers I am using DHCP 252 option with PAC file URL that is okay. But, what about mobile phones? I am no sure that phones will understand PAC file.

In order to support various clients in wild ranges, Transparent proxy is a better option. Below is what we used in our training lab using a Cisco 3650 with ip routing enabled:

 

conf t
!
! create redirect ACL for WCCP
ip access-list extended wccp-redirect
 deny   ip any 10.0.0.0 0.255.255.255
 permit tcp 10.0.0.0 0.255.255.255 any eq www
 permit tcp 10.0.0.0 0.255.255.255 any eq 443
!
! enable wccp with service-id 90, matched WSA config
ip wccp 90 redirect-list wccp-redirect
!
! apply wccp to the client VLAN 50
interface Vlan50
 ip wccp 90 redirect in
!
end