In Blog, Security

VLAN Segmentation Benefits

What are the benefits of VLAN assignment? With a recent uptick in network security requirements, VLAN assignment is more than a blip on many an admin’s horizon. For a long while, the benefits of VLAN assignment have been elusive for IT organizations. While the promise of controlling user access via VLANs has been in place since 802.1x emerged, the challenge of the matter has always been in its implementation.

Benefits of VLAN Assignment

Before we broach the challenges of VLAN assignment, let’s first explore what exactly it is and how it can benefit an organization. VLAN assignment (or tagging) is the practice of segmenting an IT organization’s network, separating users into respective network sections based on their roles and responsibilities. By doing so, IT admins can better control who has access to the various sensitive resources across their network.

For example, the development network can be separated from the sales and marketing teams stepping up security significantly. A finance network can be created to secure financial systems. The other benefit of this approach is that IT organizations can control performance much better. For many organizations subject to compliance requirements (e.g. cardholder data environments), segmenting VLANs is a must.

From a network security standpoint, VLAN assignment is one of the more straightforward buffers an organization can adopt. With VLAN assignments, bad actors with stolen credentials can only access as much as that specific identity can (which can be altered immediately after a compromise is detected). Additionally, in the unfortunate event of an insider breach, a single set of credentials is only as good as what that user already has access to, no more, no less.

The History of VLAN Assignment

RADIUS Attributes VLAN

Historically, IT organizations needed to have a number of different systems integrated together in order to fully realize the additional security benefits that VLAN assignment provided. Switches are first needed to support 802.1x for local and wireless network access. Those switches also need to be linked together via a RADIUS server, and then access controlled by the identity provider (usually Microsoft® Active Directory®). Additionally, laptops and desktops needed a supplicant to securely send credentials via the switch to the RADIUS server. All of these steps effectively made segmenting user access via VLAN assignment less desirable compared to its benefits.

With the addition of WiFi networks and the capabilities of modern laptops and desktops, a few of those steps have become easier. Regardless, wireless access points (WAPs) still need to be configured to include the segmenting required for VLAN assignment. It wasn’t until a cloud RADIUS platform emerged that VLAN tagging was effectively made a turnkey process.

VLAN Assignment from the Cloud

VLAN Assignment Network SegmentationWith a modern cloud identity management solution with cloud RADIUS functionality, IT organizations can now secure the network easier than ever before. This cloud RADIUS solution integrates smoothly with WAPs (which still need to be configured for VLAN tagging). Once integrated, the solution automatically connects the network to serverless RADIUS, and as a cloud identity provider (IdP), automatically links user identities to their assigned VLANs as well. The benefits of VLAN assignment, now that the process is much easier to implement, can be realized by a variety of organizations.

This cloud IdP and RADIUS solution is called JumpCloud® Directory-as-a-Service®. With Directory-as-a-Service, network engineers and admins alike can directly assign VLAN segments to configured WAPs with the PowerShell Module. Since JumpCloud is a full-fledged cloud directory service, VLAN segments are instantly linked through RADIUS-as-a-Service to a user’s core identity. This, of course, means that systems linked to said identity are connected to the network securely with access to all of that user’s necessary resources.

Learn More

You can explore JumpCloud’s VLAN assignment benefits, as well as all of the platform’s capabilities, absolutely free today. With ten users included free to get you started, signing up for JumpCloud gives you access to all that Directory-as-a-Service has to offer your organization. Our blog and YouTube channel are always being updated with more educational content to help you through your JumpCloud experience.

Recent Posts