If it is not possible to restrict at the level of network equipment using smart switches, then you can restrict at a higher level - configure some kind of PPPoE or OpenVPN, for example. Although this will not save you from destructive attacks - if someone wants to put a grid of ordinary switches, then you can only prevent him with a good blow to the kidneys.
Calculating it is quite simple - physically disconnect one of the links in the central switch, and if the attacker no longer pings (does not respond to ARP requests), then go see who is included in the switch that you cut off. Well, and so on.

In the case of normal switches, you can
- display a list of mac-addresses on the switch port, find the physical tail and the villain
- bind mac-addresses to physical ports (port security)
In the case of hubs or stupid switches, you can change them to normal =)))

*nix: arping -I [interface] [ip]
Will respond with the villain's poppy, even if he is closed for pings. And then either look for a poppy on managed switches and turn off the port, or physically pull out the tails until arping stops going if the switches are unmanaged.

smart switches? if yes, then something like www.netdisco.org/ and if not, then I trolled you

> There are evil trolls in the network who like to drive someone else's IP with their hands, which leads to conflicts.
Do you think that your "evil trolls" will not be able to change the mac-address too? This is done in an elementary way: I pinged the necessary addresses, collected the arp data into the database, then pinged again and changed my IP address and mac to the IP address and mac of some disconnected computer.
It will be possible to calculate such an impudent person only if you have “smart” routers. And it is impossible to find a pest in a network of switches and hubs!

Monitor the network for arp changes. On Linux, there is an arpwatch daemon that logs the IP address poppy and sends an alert if it changes.

The friendly pinger+dameware program should fully satisfy all your needs.

Zenmap not suitable?

You can make a list of all used mac addresses and allow access only from them. The user who tries to change mac will not be able to access the Internet and therefore it will be easy to figure it out. After that, collect all IP-mac pairs at a certain point in time and then, if you suspect a change in IP, collect all pairs again. After that, the mac address of the one who changed the IP will be known. Then you can arrange repression at the mac address.

I may say something stupid now, but in Windows there is such a tracert utility, it displays the entire route, if you know the conflicting IP, you can try to get the route. two samples, and the search field is already greatly reduced. What do you think?

Look at the equipment where such a poppy is connected, calculate the port, run there and find the client on the port.
I would advise you to think about what you will do when you find a troll. If “to hit in the eye” (at least figuratively) is permissible, then solve the problem, but if there is nothing to punish, they will play cat and mouse. In the latter case, you will have to do authorization of one kind or another (raise a VPN for clients, PPPoE, authorize somehow cleverly on a proxy), and it will obviously be opaque.
As an option, look at ISA, more precisely, authorization through its client - everything is more cunning and interesting there, but there is more fuss.
PS They wrote that it was "decided" - where did they stop, if not a secret?