Bypass Cisco NAC Agent
The Cisco NAC agent is run either in Java or ActiveX to check your windows update and virus definition status. If your operating system or antivirus is not up to date, you won't be able to fully access the (wireless) network until you install the required updates. This is all nice, except that it doesn't tell you what updates are required, which ones failed, and it sometimes takes an hour or more to update your machine. This, plus the fact that there is a ridiculously small amount of time between the new updates being released and them being required. This makes your computer fail to access the network at the most inconvenient times. I've found myself spending many class periods failing to listen or take notes because I had to get connected. Here's how you can get logged on without having to even run the NAC agent.
Simply put, change your operating system to either Mac, or Linux. Rather, change what your web browser is reporting as your operating system. Currently there is no Cisco agent for either of these operating systems, and I don't expect one to be required, at least for Linux. You can make this change manually if you know your web browser intimately, or you can download an extension to make a quick change and change back after you have logged in. I recommend using Firefox, but I've heard that there's an add-on in Chrome as well.
Below is step by step instructions on how to do this with Firefox.
1. Install the Firefox plug-in found here: https://addons.mozilla.org/en-US/firefox/addon/59 This will require you to restart Firefox.
2. Look in "Tools". You should have a menu item that says "Default User Agent". Get into the sub-menu and click "Edit User Agents".
3. Click "New..." and Replace everywhere that says something like "Windows" to "Linux". I just guessed all of these and it worked, so I wouldn't worry about being exact, versions, etc.
4. Click OK. Now you can get into that same Default User Agent menu and change it to Linux before you connect to the network. You will still have to authenticate, but the NAC agent won't run since it thinks you are a Linux machine.
5. I would change it back to default after authenticating since content might change based on your operating system setting.
The tool has other uses, such as web development testing and streaming video on Linux.
Simply put, change your operating system to either Mac, or Linux. Rather, change what your web browser is reporting as your operating system. Currently there is no Cisco agent for either of these operating systems, and I don't expect one to be required, at least for Linux. You can make this change manually if you know your web browser intimately, or you can download an extension to make a quick change and change back after you have logged in. I recommend using Firefox, but I've heard that there's an add-on in Chrome as well.
Below is step by step instructions on how to do this with Firefox.
2. Look in "Tools". You should have a menu item that says "Default User Agent". Get into the sub-menu and click "Edit User Agents".
4. Click OK. Now you can get into that same Default User Agent menu and change it to Linux before you connect to the network. You will still have to authenticate, but the NAC agent won't run since it thinks you are a Linux machine.
5. I would change it back to default after authenticating since content might change based on your operating system setting.
For the latest versions of Cisco's NAC solution (CAS, CAM and NAC Agent), the client depends upon an installed service on the system and makes multiple deeper and more sophisticated checks to determine OS (e.g. network stack fingerprinting).
ReplyDeleteAlso, for many campuses, Linux users ARE REQUIRED to authenticate via a browser using Java in a "Guest" role which may or may not have access to various sensitive network resources, depending on CAS configuration. There is a Mac client.
I guess you're out of luck then. I'd probably just keep my machine up to date unless you've got a better way. Are you from Zimbabwe?
ReplyDelete