I have been asked to perform a quick pen test of a CIsco VOIP system on a wired LAN which runs 802.1x. I'm not a VOIP or NAC expert so this is going to be basic stuff - only the most obvious of tests (this is just a favour).
The VOIP system uses Cisco 7962 phones connected to the Cisco LAN infrastructure using some form of NAC.
looking for an obvious approach I thought I might try to bypass the NAC by plugging a hub inline between the phone and the LAN. i.e. to allow the phone to authenticate with the hub allowing me to then remove the phone (unknown to the LAN) and to configure my laptop with the phones' MAC and IP Address.
i.e. the phone uses the EAP password and other authenticaiton info to login. the LAN puts it (including the hub) into the appropriate VLAN. And then I can use the laptop masquerading as the phone to further test teh VOIP system.
But this doesn't appear to work - so was I wrong to think that NAC/802.1x only tests the machine at initial login?