JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Dynamic VLAN Assignment



As IT admins work to increase the overall security stance of their network, one feature gaining popularity is dynamic VLAN (virtual local area network) assignment. Traditionally done with wired networks through switches, IT organizations are leveraging this capability for their WiFi networks and access points through a cloud RADIUS implementation. Let’s explore dynamic VLAN assignment with cloud RADIUS.

What is Dynamic VLAN Assignment?

The concept of dynamic VLAN assignment (aka VLAN steering or tagging) is quite simple. A VLAN is a segment of the whole of the network, which only provides access to a selection of network resources. Based on a user’s identity, the WiFi access point (WAP) is told which VLAN the user should be placed in. This process can step up security, help with compliance, and potentially balance load and quality of service. Regardless of the reason or requirement, the process is the same.

What is VLAN steering or tagging?

A user or group of users are assigned to a specific VLAN through RADIUS attributes. These attributes are placed into the RADIUS server. When a user attempts to authenticate to the network, there are multiple levels of assessment. The first is whether the user’s credentials are correct—this assessment is done via the on-board directory service in the case of RADIUS-as-a-Service. Then, assuming a successful authentication, the user’s identity and group information is used to lookup which VLAN assignment they have. As part of the RADIUS server’s reply to the wireless access point, the VLAN assignment is passed along. The WAP uses that information to then assign the user to the specific VLAN.

The Value of VLAN Assignment

The process of implementing VLAN assignment is tedious but straightforward, although the value it brings significantly outweighs the undertaking. IT organizations can leverage dynamic VLAN steering to help support compliance activities and security programs. By excluding users from sensitive resources they do not need to access, the attack vectors sourced from compromised credentials are cut down severely.

Of course, many organizations don’t take advantage of VLAN assignment due to the process of implementing it network-wide. While it isn’t necessarily difficult, not every organization has the proper network and identity management tools to implement VLAN assignments effectively. After all, in order to control which resources are tied to which VLANs, each user’s core identity in the directory service needs to be linked directly to the WAP. This can be simply done through leveraging JumpCloud® Directory-as-a-Service®.

VLAN Assignment with JumpCloud®

With JumpCloud’s Directory-as-a-Service platform, the entire process of implementing VLAN assignment is made easier. JumpCloud’s RADIUS-as-a-Service includes the ability to assign reply attributes, has an onboard directory service, and doesn’t require IT admins to configure endpoints with the correct supplicants. Simply point the WAP to the virtual RADIUS server, and your end users’ core credentials are leveraged for their access to the network.

VLAN assignment with Directory-as-a-Service

You can learn more about dynamic VLAN assignment with RADIUS-as-a-Service by checking out our blog, or our YouTube channel. You can also contact us with your questions and comments. Directory-as-a-Service is available completely free for your first ten users, forever, with competitive pricing for more users.


Recent Posts
The MDM Custom Configuration Profile policy gives admins new device management controls that they can use fit to their organizations’ needs.

Blog

Deploying Custom Configuration Profiles to MDM-Enrolled macOS Systems using a JumpCloud Policy

The MDM Custom Configuration Profile policy gives admins new device management controls that they can use fit to their organizations’ needs.

OpenLDAP and Apache Directory Server are both popular solutions — but another alternative is cloud-hosted LDAP. Try JumpCloud free today.

Blog

Apache Directory Server vs. OpenLDAP

OpenLDAP and Apache Directory Server are both popular solutions — but another alternative is cloud-hosted LDAP. Try JumpCloud free today.

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

Blog

July ’20 Newsletter

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.