Why use VLAN Steering?

Written by Katelyn McWilliams on January 21, 2019

Share This Article

As the modern organization shifts its gaze towards the cloud, IT admins are required to step up the sophistication of their network security. One aspect of IT security that has been at the back of their minds is why use virtual local area network (VLAN) steering? Before we can accurately answer why use VLAN steering (also known as VLAN tagging or assignment) and how its valuable to an organization, we should dissect it and learn exactly what’s going on behind the curtain.

What is VLAN Steering?

What is VLAN steering

To put it simply, dynamic VLAN steering allows admins to place users into different sections of the network. This has historically been done with the use of 802.1x and RADIUS servers on wired networks. But, now with WiFi becoming nearly ubiquitous and much easier to implement and manage, the concept of VLAN assignment has been taking off.

IT admins assign designated VLANs to their users and groups in the RADIUS server. The directory service, connected with the RADIUS server, authenticates user credentials. Also being connected with the WiFi network, the RADIUS server replies with attributes assigning the VLAN to a user after they are authenticated. The WAP accepts this assignment and places the user in the correct network segment.

Why use VLAN Steering?

Why use VLAN steering?

With some understanding of what VLAN steering is, it is fairly straightforward to see why it is valuable for almost any organization. But, we’ll ask again: why use VLAN steering? The simple answer is security. But, the deeper answer to this question is the fact that IT admins are able to gain greater control over their networks, users, and performance as well.

For many organizations subject to compliance regulations or intricate security requirements, ensuring that there is effective separation between users, their IT resources, and networks can be a vital security tool. For most organizations, end users operate together without any segmentation by group, department, or IT needs. This means that Bill from accounting is most likely in the same network as Stacy from sales, even though they have completely different needs. You see how that can get messy (and scary from a security perspective).

In another instance, sometimes users need to be placed under specific network segment controls, in order to meet particular security requirements. For example, organizations required to meet PCI DSS compliance, users that need access to sensitive cardholder data should be placed in a separate, more secure VLAN than other users.

VLAN Steering: The Struggles

The challenges behind using VLAN steering

The challenge with VLAN steering has historically been how difficult it can be to implement. IT admins needed to first set up the different VLANs within their switches and routers, install and configure a FreeRADIUS server, integrate with the directory service, and then finally configure each endpoint to support the correct RADIUS protocols. Because this infrastructure relates to how people login and do their work, it also needs to be highly available.

However, not all organizations leverage RADIUS and additionally, not every RADIUS solution offers VLAN steering options. How are organizations supposed to reap the benefits of a secure network with VLANs if they can’t even automatically place users in them?

VLAN Steering with Directory-as-a-Service®

It’s easy to understand why the use of VLAN steering was fairly limited. The good news is that there is a SaaS-based identity and access management solution that makes it simple and straightforward to deploy VLAN steering.

JumpCloud® Directory-as-a-Service® is a cloudforward directory service for the modern organization. JumpCloud utilizes the SAML, LDAP, and RADIUS protocols to offer users with True Single Sign-On™. This means that the DaaS platform provides secure network management by way of VLAN attributes. This is all done up in the cloud, making it platform, provider, and location neutral. Your users can work anywhere, be it on-prem or remote, with any device (Mac®, Linux®, or Windows®), while still being secure.

Interested in learning more on why you should use VLAN steering? Contact us here or dive into our YouTube channel and Knowledge Base for more information on this topic. To see the full functionality of the Directory-as-a-Service product, you can schedule a demo or sign up for an account here, which comes complimentary with ten free users forever.

Katelyn McWilliams

Kate is a Content Writer at JumpCloud. She moved to Boulder, Colorado from Seattle in 2017 with experience in marketing for IT under her belt. When she isn't writing about tech, she enjoys rock climbing and petting every dog in sight.

Continue Learning with our Newsletter