By Zach DeMeyer Posted November 30, 2018
As IT admins increase their sophistication of network management, controlling who has access to what parts of the network has become a point of focus. One area in particular where IT organizations can step-up their user access security is through virtual local area network (VLAN) steering. In this blog post, we’ll answer the question: what is VLAN steering?
The What (and Why) of VLAN Steering
Before we address what exactly VLAN steering is, let’s briefly talk about why IT organizations are even interested in it. For most IT networks, end users exist in the network together without any sort of segmentation by group, department, or needs. So, despite the fact that two users may have very different needs and security requirements, they are placed on the same network together. For security requirements and compliance needs, sometimes users need to be placed under different network segment controls. For instance, in an organization concerned with PCI DSS compliance, a user that needs to access sensitive data in the cardholder data environment may be placed in a separate more secure VLAN than the rest of the users.
That process of shifting users to their proper VLANs is called VLAN steering. Users or groups are assigned to a VLAN and once they have authenticated to the network, the RADIUS server and wireless access points work together to place that user in the proper network segment.
The more technical process in the background works like this. IT admins assign VLANs to their users and groups in a RADIUS server. The RADIUS server is, of course, integrated with the directory service so that users can be authenticated with their credentials. The RADIUS server is also connected to the WiFi network, and once the user is authenticated, the RADIUS server replies with attributes assigning the VLAN. The WAP accepts that assignment and places the user in the proper network segment.
VLAN Steering Option
Unfortunately, not every organization leverages RADIUS, and, on top of that, not every RADIUS solution has VLAN steering options. Despite this, companies still need the benefits that VLAN steering offers, and it is often easier to adhere to compliance regulations through VLAN steering security capabilities. What’s an IT admin to do?
The good news is that there is a cloud RADIUS platform that can handle all of the moving parts involved with VLAN steering. With a virtual FreeRADIUS server and an onboard identity provider, IT admins can simply load their users and assign VLANs and they are ready to go. The WAPs are pointed to authenticate via the RADIUS-as-a-Service platform. With this platform, IT admins can avoid the on-prem infrastructure required for VLAN steering, any endpoint changes, and other integration points. This cloud RADIUS platform is called JumpCloud® Directory-as-a-Service®.
VLAN Steering with Directory-as-a-Service®
JumpCloud’s Directory-as-a-Service is a cloud-based directory service for the modern era. With LDAP, SAML, and RADIUS protocols at its disposal, Directory-as-a-Service provides IT admins and end users with a True Single Sign-On™ experience. Specifically, JumpCloud’s RADIUS-as-a-Service platform creates a secure network environment for IT organizations, and now features assignable VLAN attributes. Directory-as-a-Service also touts sleek user/system management regardless of platform, provider, or location.
To learn more about VLAN steering with Directory-as-a-Service, you can contact our expert team. More information can also be found in our Knowledge Base or YouTube channel. To see RADIUS-as-a-Service and the other features of the JumpCloud product at work, you can schedule a demo or try Directory-as-a-Service absolutely free for up to ten users forever.