In a campus network, a computer is usually setup with one or more fixed IP addresses. If the computer is dedicated to some user, the IP address can then be used to identify the user. However, the IP address can be counterfeited or abused. A user can change the IP address with other's and then can do any wicked network behavior without worrying be caught. The user whose IP address is used by others then becomes a victim. We propose a novel concept of network management by using the combination of a authentication server and a firewall to implement a user-level packet filter system. The system is also well suitable to a network environment which uses dynamic IP address assignment, like DHCP.