First offof all check if there is a "Port Guard" options in yours swichyour switch/router. There you can specify which port is trusted to work with dhcpDHCP. A Layer 2+ swichswitch can do this.
Second. IfSecondly if you dontdon't have this you should block all incoming dhcpDHCP offers that arentaren't from yoursyour server ipIP. And make validation MAC-IP.IP; iptables can do that.
Third. YouFinally, you can useruse VLANVLANs's for that if yours dhcp-server supportyour DHCP server supports that.