Ip Hopping disrupting network

Good day
I am experiencing issues where people on the No Internet rule are hopping over and stealing connected peoples Ip addresses. The users do get flagged and are put back into the No internet zone, but that leaves them with a minute of internet, and when it expires they just hop to the next one, disrupting the network.
This is what their profile looks like…

Any way of stopping that?
I believe it could be fixed with using Service workers to deliver the rules to the end device as was something you had planned but that was a half year ago.
Thanks in advance
Matt Hofer

Hey @matt_hofr, it would be possible to use static ARP mode to prevent that from happening. It does require more maintenance because every device will require a DHCP reservation before it can connect.

See https://docs.netgate.com/pfsense/en/latest/dhcp/dhcp-server.html#deny-unknown-clients-static-arp for more information on the static ARP feature.

Another option is to use 802.1X on your network switches/wireless infrastructure.