Recreational Web Filtering in a Boarding School Environment

By Smoothwall
Published 15 August, 2019
3 minute read

How to authenticate and protect students on their own devices with 802.1x and transparent filtering.


Allowing students to connect their own smartphones, tablets
and laptops to the school wireless network isbecoming commonplace acrosssecondary and tertiary education. 

This is particularly relevant to boarding schools who have a need toprovide recreational Internet access out of school hours. 

Students’ own devices still need to be authenticated and filtered – so that we know who is using which device and to apply appropriate filtering.The combination of two key technologies within Smoothwall Filter makes this possible – transparent filtering and 802.1x BYOD authentication. 

Transparent filtering means that there isminimalconfiguration required on each device to speak to the filter – all network traffic that passes across the Smoothwall Filter is automaticallyfiltered, and after installation of the HTTPS filtering certificate, the secure traffic can be inspected. 

802.1x BYOD authentication is an advanced form of network-level authentication.  It is possible with Smoothwall Filter to implement authentication likea hotel or conferenceWiFi– where the user’s details are input to a web page when they connect to the wireless.  

However,this can be frustrating for users that connect daily to the network – frequently having to re-enter their credentials. 

802.1x on Smoothwall Filter works in combination with an enterprisewirelessnetwork to authenticate the user when they connect (often using WPA2-Enterprise security) and store these credentials on the device.  The device will then automatically reconnect to the wireless when in range and provide the credentialswithout any action needed bythe user. 

Step 1– Student connects to the wireless network 

Graphic with information about Smoothwall

Step 2 Wireless network sends back authentication request and the client provides username/password

Step 3 – Wireless network validates credentials withadirectoryservice(e.g. Active Directory)using the RADIUS protocol andreceives an acceptance message from the directory server indicating the credentials are correct

Step 4  The wireless access point allows the device to connect to the network, an IP address is assigned to the device, and Smoothwall is informed of this new connection

Graphic with information about Smoothwall

Step 5 – As the user browses the internet, traffic traverses the Smoothwall Filter andthe filter knows which filtering policies to apply and who to associate the traffic with, based on the IP address equalling a specific username

Graphic with information about Smoothwall

Step 6 – Periodically, the wireless network automatically sends anupdate to the filter, to let it know that the user is still connected

Graphic with information about Smoothwall

Step 7 – When the user disconnects, the wireless network sends a stop message to the filter, so that it knows to no longer associate that IP address with the student

Graphic with information about Smoothwall

802.1x BYOD filtering is supportedby mostenterprise wireless systemswhich areintegrated with directory services.  They also need tosupport RADIUS Accounting with Framed-IP-Addresses. Popular systems include those by Cisco/Meraki,HP/Aruba, Ruckus, Aerohive,and Ubiquiti.

Want to learn more?

If you have a question or would like to learn more about the UK’s No.1 Web Filter, speak to one of our experts. We’d be delighted to help.

Get in touch