ip neighbor!
ip neighbor add ${IP} lladdr ${MAC} dev ${DEV} nud permanent
BUT, this will not prevent any sniffing on the link, and it does not prevent the usage of any mac address, it will simply "bind" an IP addr to an MAC addr. (And this introduces a rotten can of worms. Trust me/us.)
If you want / If you think you will need other forms of "protection": Go ahead, buy Cisco gear and drink the ASA Cool Aid.
If you want to secure your network, read up on 802.1x how it can help you to secure your local network.
802.1x is more or less the standard to secure a network against unknown/untrusted user and devices.
In Europe, almost every University uses 802.1x on Eduroam for authentication and accounting. (One user account from your home university and you get network access on all the other universities.) And most of bigger enterprises (I have seen) uses it, too, on their office networks...
If you can not trust who connects to your network, then use 802.1x and dynamic VLANs (private tunnel group id), and everyone else will get put either in a "wan only"/guest network, or will get no access to any resource on the network at all.
Edit: PS: And, like @lleachii suggests, allow only traffic from known mac addresses, but still, this would not solve every issue... If you want to ensure who is allowed to connect: Use 802.1x.