Currently the WSA does not provide any filtering based on MAC addresses. All policies utilize IPs or authenticated usernames / groups. I do not believe MAC policies are on the road map, but I can file this as an enhancement request if it is something you desire.
Since you are using DHCP, I would typically recommend using authentication and building policies based on user / group. You state that you have no DC on the client side though.
If there is a DC near by, it can be used for authentication. Or if you have an LDAP server, that would suffice as well.
The WSA can can use the squid as both an explicit or transparent proxy. This will change how the WSA creates its own requests to fetch the objects.
With a transparent upstream proxy, there is nothing additional that needs to be done. The WSA will send it's requests to the configured default gateway.
With an explicit upstream proxy, you will need to enter your Squid's IP and port (typically 80 or 8080) to be used. The WSA will send requests directly to the Squid proxy, as opposed to the default gateway.
Both of these options are configured under the Network tab -> Upstream proxy.
The only real difference between not using an upstream proxy and using a transparent upstream proxy, is that with the latter the WSA will forward internal credentials upstream to the squid (if the squid is doing authentication).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :