You are probably correct when stating that MAC addresses are easily spoofed. What may help in such a sitiuation is to use the role-based firewall to limit network access to the required minimum.
For a network printer, this may be only DHCP, als no other traffic from the printer to the network is required typically.
You can create a new role for you printer, with such strict firewalling rules, and assign that during the MAC authentication.
If you have ClearPass, you can use profiler to even get more information and fingerprint the device (and block it as soon as is shows to be another device than a printer).
From a security view, I consider MAC authentication a convenience feature that can be circumvented. Strict security controls in the firewall limit the impact.