Messing with your network can be tricky, so you should first make certain which fixed ip's you already gave out, and what the scope for your dhcp server is ( you should actually have some control over the scope of your dhcp server if you are admin ). When the dhcp range is defined and/or limited, you can be sure that the rest can be for fixed ip's ( for specific servers/services).
Then afterwards, there is ( or should be ) less need to do a discovery, and you could even try to implement some more security.
You can configure your dhcpd to also administer the fixed ip's. In your dhcpd.conf edit or make a section for fixed ip-addresses :
Code:
# Put fixed IP addresses here
host whatsinaname {
hardware ethernet 00:28:50:29:DA:19;
fixed-address 10.0.0.20;
}
For additional security access lists on routers/proxies will definitely restrict unauthorized usage, and if you are really making an effort RADIUS and/or other access control could be used, but that is the next step.
But always document your changes!