Tuesday, March 23, 2010

Bypass Cisco NAC Agent

The Cisco NAC agent is run either in Java or ActiveX to check your windows update and virus definition status. If your operating system or antivirus is not up to date, you won't be able to fully access the (wireless) network until you install the required updates. This is all nice, except that it doesn't tell you what updates are required, which ones failed, and it sometimes takes an hour or more to update your machine. This, plus the fact that there is a ridiculously small amount of time between the new updates being released and them being required. This makes your computer fail to access the network at the most inconvenient times. I've found myself spending many class periods failing to listen or take notes because I had to get connected. Here's how you can get logged on without having to even run the NAC agent.

Simply put, change your operating system to either Mac, or Linux. Rather, change what your web browser is reporting as your operating system. Currently there is no Cisco agent for either of these operating systems, and I don't expect one to be required, at least for Linux. You can make this change manually if you know your web browser intimately, or you can download an extension to make a quick change and change back after you have logged in. I recommend using Firefox, but I've heard that there's an add-on in Chrome as well.

Below is step by step instructions on how to do this with Firefox.

1. Install the Firefox plug-in found here: https://addons.mozilla.org/en-US/firefox/addon/59 This will require you to restart Firefox.

2. Look in "Tools". You should have a menu item that says "Default User Agent". Get into the sub-menu and click "Edit User Agents".

3.  Click "New..." and Replace everywhere that says something like "Windows" to "Linux". I just guessed all of these and it worked, so I wouldn't worry about  being exact, versions, etc.

4. Click OK. Now you can get into that same Default User Agent menu and change it to Linux before you connect to the network. You will still have to authenticate, but the NAC agent won't run since it thinks you are a Linux machine.

5. I would change it back to default after authenticating since content might change based on your operating system setting.

The tool has other uses, such as web development testing and streaming video on Linux.