FYI for anyone who is trying to prevent spoofing on a PSK network, with the two firewall settings enabled (Prohibit IP Spoofing & Prohibit ARP Spoofing), if the offender knows how to deauth the existing device, It is than possible for the spoofed device to connect.
If any of the device attributes are different on the spoofed device, the endpoint database entry is updated with the attributes of the spoofed device.