Adding a full policy management solution is really the only solution. ClearPass can detect MAC spoofing and take appropriate action.
Also, just FYI, on most platforms, no third party software is required to spoof a MAC. On Linux and Mac, it's a simple command. Not even a reboot is needed.