Why You Should Use VLAN Steering

Written by Zach DeMeyer on February 3, 2019

Share This Article

Network security is a critical component of running an IT infrastructure. With so many security threats that IT organizations and MSPs need to defend against, network security remains a key aspect of that defensive posturing. One way of doing so is with VLAN steering. Because of this, the question many business owners and executives have is why use VLAN steering?

What is VLAN Steering?

Before diving into the benefits of VLAN steering, which is also referred to as VLAN assignment or VLAN tagging, we should dive into what it is. Historically, most IT networks are flat, that is, the network is joined via a wired or WiFi connection, with open traverse to any IT resource connected to the network. End users can interact with applications, files, and other server functions, regardless of whether they require access to it or not. Security in this scenario is based at the IT resources level, so accessing resources is secured by simply logging into them with username/password combinations.

Over time, sophisticated MSPs and IT admins started to ask why a user or group of users that aren’t permitted into a particular resource could access it from a networking perspective. Why wouldn’t the IT resource simply be invisible to those that should not access it? After all, since anyone could access the login screen of the resource, any bad actor with hacked credentials could access it just by making their way on to the network.

So, in attempts to preemptively protect network security, VLAN steering was developed. By segmenting the network into various tiers based on how much of the network they could access, less impactful credentials received access to less of the network. Unlike a flat network, this tiered network limited users to solely the segment they belonged in. That way, hackers outside or inside the network would need higher level credentials with access to the particular target of their attempted breach.

For example, a developer would not have access to the financial systems, while the finance team wouldn’t have access to the source code repository. Through the 802.1x networking protocol, MSPs and IT organizations are able to accomplish VLAN steering with wired networks and on-prem switches.

VLAN Steering in the Modern Era

wireless security

In theory, this all made a great deal of sense and dramatically increased network security. The challenge of VLAN steering, however, was that doing it with traditional wired networks was difficult to implement. There were too many moving parts with too many integrations between different solutions. So, while the concept made a great deal of sense, the process didn’t.

With the advent of new technology and innovations, such as the cloud RADIUS infrastructure, the heavy lifting of implementing VLAN steering has been largely eliminated or at least significantly reduced. Now, an organization can quickly and easily implement the process of dynamically placing users into VLANs based on their group, and subsequently control the access that particular VLAN has to critical IT resources.

The benefits of this approach with VLAN steering is the ability to dramatically increase security and control over the network. By placing users in segmented VLANs, the chances that an infection can spread to other areas of the network is greatly reduced. Another important benefit of VLAN steering is compliance with regulations and statutes around network security, such as PCI DSS.

Learn More About Why You Should Use VLAN Steering

It almost goes without saying that VLAN steering is one of the simplest and immediately effective forms of stepping up network security. There is, however, a way to make the process even easier. By leveraging a RADIUS-enabled directory service, network admins and MSPs can directly tie user identities to their VLAN, making it simpler to group users into their proper VLAN. Of course, IT admins following this approach can reap the benefits of a cloud directory service as well.

Such a solution is available from JumpCloud® Directory-as-a-Service®. Admins and MSPs utilizing the Directory-as-a-Service (DaaS) product can take advantage of world-class user and system management on all major systems (Windows®, Mac®, Linux®), on top of effective network management through RADIUS. Using the JumpCloud PowerShell Module, admins can assign VLANs to both users and user groups with a single command.

To learn more about why you should use VLAN steering with Directory-as-a-Service, contact us or check out our YouTube channel. The DaaS product is available completely free for your first ten users; simply sign up to take advantage of what JumpCloud has to offer.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter