How to block non DHCP clients without the firewall
Set add-arp to yes on the DHCP server instance. See the manual for details.
Set the interface ARP mode to reply-only. See the manual for details.
At that point the router won't ARP for clients, so it can't talk to them on layer 2 and they won't receive any packets from the router. DHCP clients, however, will be added to the ARP table by the DHCP server and will work as usual.
This can be combined with static DHCP leases - simply set the pool to static-only and add manual IP to MAC mappings under DHCP server leases.