Maybe this is already supported and I’ve just not figured out how to implement it.
What I want is to have a white list of MAC addresses that blocks any traffic through the router (including internal LAN traffic on the same VLAN including the untagged VLAN) from anything not on the white list, even if the device has a static IP address & so never interacted with the routers DHCP service. I realize that even with such a system, that a non-white-listed device with a valid static IP address plugged into a switch would still likely be able to communicate with other devices on that switch since the packets would never get passed up to the router.
I’m basically trying to slow down, if not stop, users just figuring out what IP addresses might not be assigned, giving their new toy that static IP address, and just plugging their toy into the network. I’m running a Surf SOHO.