WiFi VLAN Tagging

Written by Zach DeMeyer on December 26, 2018

Share This Article

Now more than ever, network security is of the utmost importance. Thankfully, a major step-up in network security can be accomplished via WiFi VLAN tagging. The challenge with the approach historically, however, has been the difficulty behind implementing dynamic VLAN tagging on a network. In this article, we will walk through the value of tagged vs. untagged VLAN, why it is so challenging, and how, with the right tools, you can implement it with relative ease.

What is VLAN Tagging?

With WiFi security being a hot topic and security breaches being discussed every day, it is no wonder that IT admins are focused on stepping up security at all layers of the stack – identity, data, application, system, and network. VLAN tagging is a method of increasing security at the network layer by segmenting the network into smaller, more controllable parts. By placing users in VLANs appropriate to their roles and responsibilities, IT admins can regulate which users have access to which network resources. This approach to security limits the chances of a breach by reducing the overall attack surface. Further, should a breach occur, the VLAN limits it to a smaller scope.

VLAN tagging, which is also known as VLAN steering or VLAN assignment among other names, has historically been difficult to implement. There are a large number of moving parts and integrations that are required to accomplish dynamic VLAN assignments. The first step is that the network needs to be segmented at the WiFi access point (WAP) or wired switches/routers. Next, users and user groups need to be assigned to the proper VLANs and subsequently loaded into the RADIUS infrastructure. Finally, the WAPs, RADIUS servers, and identity provider (IdP) all need to be integrated to ensure that an authentication request can be handled properly along with the proper RADIUS reply attributes, which signal the proper VLAN assignment. All of these systems need to work in concert to ensure that users are authenticated quickly, properly, and placed appropriately within the network.

WiFi VLAN Tagging Made Easy

For IT admins interested in WiFi VLAN tagging, but not interested in the heavy lifting of the above, there is a new approach that is gaining momentum. Called JumpCloud® Directory-as-a-Service® (DaaS), this cloud RADIUS and hosted identity provider are providing a SaaS-based solution to dynamic VLAN assignment. IT admins simply point their WAPs to the RADIUS-as-a-Service platform and assign their users to the proper VLANs and the cloud identity and access management solution does the rest.

Seem too good to be true? Well, you can try RADIUS-as-a-Service and the rest of the DaaS suite yourself to see what it can offer your organization. What’s more, you can sign up absolutely free with ten users included to properly get you started. To learn more about WiFi VLAN tagging and the other facets of JumpCloud Directory-as-a-Service, be sure to contact us with questions or check out our Knowledge Base.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter