By Zach DeMeyer Posted December 29, 2018
When it comes to the modern enterprise, few things are more important than network security. With bad actors lurking around every corner (even inside of an organization itself), maintaining a strong, secure network is of utmost importance to the IT admin. Several network securing tools and techniques are being employed by IT admins today, but one that has been turning heads is dynamic VLAN assignment. Since IT admins are dramatically stepping up the security of their network infrastructures, some are asking: what is dynamic VLAN assignment and how can it help secure the network?
Network Security with Dynamic VLAN Assignment
The simple answer is that dynamic VLAN assignment (or VLAN steering) is an excellent technique used to build on the underlying core strategy to control network access. VLAN assignments build on the use of RADIUS to control access to the network. Via RADIUS integration, a WiFi access point (WAP) requires not only an SSID and passphrase, but a user’s unique set of credentials to access the network. Once a user has passed credentials through to the WAP and they are subsequently passed to the RADIUS server and directory service, the RADIUS server will reply to the WAP that the user has been authenticated and inform what VLAN they are assigned to.
IT admins configure the system to identity which users and/or groups are assigned to which VLAN. Those VLANs can be setup on the WiFi network for any number of reasons including security and compliance. By segmenting users and authenticating them with their unique credentials, IT admins can increase security significantly.
Challenges with Dynamic VLAN Assignments
The challenge with this approach is the overhead for IT admins. Traditionally, to implement dynamic VLAN assignments would require a great deal of infrastructure, configuration, and administration. For starters, IT organizations would need to set up their own FreeRADIUS server and connect that instance to the wireless access points and the identity provider (IdP), often, Microsoft® Active Directory®. In many networks, the IT group would also need to configure endpoints with supplicants so that they could talk to the RADIUS server over the proper protocols. All of this ended up being a significant disincentive for IT admins, and that is why many WiFi networks are secured simply with an SSID and passphrase.
With the introduction of modern cloud RADIUS solutions, however, IT admins can virtually outsource the entire process for RADIUS authentication to WiFi and dynamic VLAN assignments. This RADIUS-as-a-Service offering doesn’t focus on RADIUS only, but also acts as the identity management source of truth that can replace an on-prem Active Directory instance. It is available from JumpCloud® Directory-as-a-Service®.
RADIUS-as-a-Service and More
JumpCloud Directory-as-a-Service is everything a directory service was, and reimagines it for the cloud era. This includes endpoint management, identity and access management, and network authentication tools such as RADIUS-as-a-Service. New to the JumpCloud Suite is dynamic VLAN assignment functionality, so network administrators can better authorize their users’ access to crucial network resources. This feature just adds one more log to the bright flame that is Directory-as-a-Service.
Interested in dynamic VLAN assignment and the rest of what the DaaS product has to offer? Contact us, or check out our knowledge base to learn more. You can see the full functionality of Directory-as-a-Service firsthand by trying JumpCloud for free! In order to properly get your feet wet, we’ve included ten users, free to use forever.