Keywords: intranet management, network security, wireless LAN, DHCP, MAC bridges, IP spoofing

DHCP (Dynamic Host Configuration Protocol) [1, 2] is widely deployed in resource allocation and intranet management. However, DHCP mechanism is not mandatory, and DHCP server can neither force DHCP clients to release their leases, nor enforce cooperation from externally configured hosts that are DHCP-unaware. Although new DHCP options such as DHCP reconfigure extension [3] have been proposed, the basic problems inherent in DHCP mechanism cannot be solved without first strengthening its operations. In this paper, a DHCP-based infrastructure for intranet management was proposed by combining the resource allocation functions of DHCP server with the packet filtering features of MAC (Medium Access Control) bridges [4] such as Ethernet switches and wireless access points. DHCP clients that do not follow DHCP mechanism as well as DHCP-unaware hosts that do not abide by our management policy will be denied network accesses by MAC bridges. Through the cooperation of DHCP server and MAC bridges, resource allocation and access control can be integrated and local configuration conflicts can be reduced to the minimum.