The question you're asking, I think, can be more generally stated to be "How can you control what devices connect to your network (virtual or real)?", and the current solution is 802.1x. The downside is that implementing .1x isn't a light lift, but if you truly want to stop devices from connecting then this would be how. As an alternative, perhaps MAC Whitelisting or Sticky MAC fits your environment. These features define a list of MACs that are allowed on a given port, and rejects traffic from other MACs. It's hard to manage in large environments, but for smaller deployments it can be a quick and easy way to implement a basic level of port security. If, as @AjitKumar suggest, you just want to stop rogue DHCP servers then DHCP snooping is a much easier feature to implement.
... View more