Simples, just block DHCP requests from unknown devices, or otherwise restrict network access of unknown devices.
A 1st layer of controls could use a MAC address white-list (devices registered by authorised people) and/or MAC address to IP address mapping, extra control layers could include on-line auth. e.g. encrypted user auth.
I use MAC address to IP address mapping at home, to simplify device use and as a 1st security layer, I can then limit access via the IP address and encrypted user auth.