By Ryan Squires Posted January 17, 2019
Creating dynamic VLANs with RADIUS represents a powerful security concept, but one that’s difficult to implement. There are a lot of variables that go into its set up. Components such as wireless access points (WAPs), RADIUS servers, and identity providers (IdPs) each contribute to its complexity. The good news is that there is a next generation cloud identity management platform that is making VLAN steering easier to execute than ever before.
What is Dynamic VLAN Assignment?
Dynamic VLAN assignment is a great way for IT organizations to step up their network security efforts. The idea at play here is that users, or groups of users, can be placed into different VLANs, or segmented chunks of the same network, to increase security. For example, the sales team doesn’t need to be on the same VLAN with developers and vice versa. That means that if a bad actor were to gain access to either the sales or engineering VLAN, they still could not access other segments of that network, like the development VLAN. Effectively, this provides IT admins the ability to limit the the attack surface on a given network. Less attack surface, less potential for problems.
VLAN and RADIUS Implementation
So, while the benefits of dynamic VLANs with RADIUS are hard to overstate, the implementation process can present quite the challenge to IT admins. Segmenting a network can be done through WiFi infrastructure or through the network switches and routers. Users and groups of users are assigned VLANs and those assignments are placed into the RADIUS server, which is backended by an identity provider which validates credentials. All of these different components, network gear, RADIUS servers, directory services, and even endpoints need to be tied together to make the process of dynamic VLAN assignments work effectively. Of course, that can be a tall order for many IT organizations which is why the adoption of network segmentation hasn’t been nearly as high as it should be.
A Cloud-based Security Booster
Thankfully, a new generation of identity and access management solution is taking the heavy lifting out of implementing dynamic VLAN assignment with RADIUS. With an on-board RADIUS server and directory service, this cloud IAM platform has the majority of the the identity and networking components ready to use. Assuming IT admins are in possession of WAPs with VLAN capability, IT admins simply point their compatible WAPs to the cloud RADIUS solution and load their users into the cloud directory. The Directory-as-a-Service platform takes care of the rest. This ability is just one facet of JumpCloud’s security offering. With the ability to automate SSH key management, execute remote Policy and command deployment, and enable True Single Sign-On™, your users will stay safe and your organization secure.
Learn More About JumpCloud
If you’re ready to enjoy the benefits of dynamic VLANs with RADIUS without all the heavy lifting, sign up for a free JumpCloud account today. With a free JumpCloud account, you’ll be able to test all the functionality of JumpCloud while managing up to 10 users for free. Be sure to check out our Knowledge Base and YouTube channel for more information.