Enforce Dynamic, Identity-Based Network Segmentation at Scale
Use Foxpass to assign users and devices to the right VLANs or networks automatically based on identity, role, and group membership.
The Problem
Static network segmentation using MAC address lists, SSIDs, or manually assigned VLANs is:
Inflexible and hard to scale
Vulnerable to spoofing and lateral movement
Labor-intensive for onboarding and access changes
Blind to user identity and device trust level
As organizations adopt zero-trust architecture and BYOD/remote access models, legacy segmentation tools fall short.
The Foxpass Solution
Foxpass enables dynamic VLAN assignment and network segmentation using identity-driven RADIUS authentication:
Tie access to directory group membership (via Google, Okta, Entra ID, OneLogin, LDAP)
Assign users and devices to VLANs during authentication
Support both EAP-TTLS (identity/password) and EAP-TLS (certificate-based) auth
Use Foxpass RADIUS to enforce segmentation across Wi-Fi, VPN, and wired networks
This helps IT teams enforce least privilege and contain lateral movement—without manually managing VLANs per user or device.
How It Works
User connects to Wi-Fi or VPN
Foxpass RADIUS authenticates user or device (via EAP-TLS or EAP-TTLS)
Group membership is checked via synced identity provider (Google, Entra ID, etc.)
RADIUS response includes VLAN assignment
User is placed on the appropriate segment (e.g., guest, admin, IoT, dev, student)
Benefits of Identity-Based Segmentation
Enforce least privilege across departments, devices, and roles
Automatically separate student, faculty, and guest traffic in campus environments
Keep development, staging, and production environments logically isolated
Secure BYOD and unmanaged devices using certificate-based VLAN assignment
Support zero-trust and compliance frameworks (HIPAA, SOC 2, NIST 800-207)
Common Use Cases
Use Cases | Description |
|---|---|
Education | Place students, faculty, and guests in different VLANs using directory groups |
Enterprises | Isolate engineering/dev environments from finance, HR, or internal apps |
Retail/Branch Locations | Separate point-of-sale, guest Wi-Fi, and internal back-office traffic |
Healthcare | Segment access to PHI vs non-regulated systems |
BYOD Networks | Place unmanaged personal devices on low-trust VLANs automatically |
Related Foxpass Capabilities
Cloud RADIUS – Supports VLAN assignment via group mapping
Directory Sync – Pull user roles from Entra ID, Okta, Google Workspace, or LDAP
Certificate Management – Use EAP-TLS and MDM/BYOD enrollment to enforce trust
Cloud LDAP – Manage group logic for on-prem or hybrid setups
Real-Time Logging – Track access attempts by VLAN and policy
Learn more about Foxpass Cloud RADIUS
Ready to Automate Your Network Segmentation?
Foxpass gives your team dynamic VLAN enforcement without legacy RADIUS maintenance or manual VLAN headaches.