You can assign static IPs to your clients and you can manage security in the ARP in the Firewall, allowing only the IPs that you have assigned to connect.

You also have several options available that can provide robust security and efficient network management. Here I describe some viable alternatives:

1. IPsec VPN

IPsec (Internet Protocol Security) is a suite of protocols to secure network communications through authentication and encryption of data packets at the network level. In MikroTik, you can configure IPsec to encrypt and secure communication between the client and the server or between two points on a network. This is a strong option for protecting data in transit over the last mile.

2. L2TP with IPsec

L2TP (Layer 2 Tunneling Protocol) combined with IPsec is another robust solution for last mile security. L2TP creates a tunnel between two connection points, and using IPsec adds a layer of encryption. This combination is quite common for secure connections and can be a direct alternative to PPPoE, providing both security and encapsulation.

3. SSTP (Secure Socket Tunneling Protocol)

SSTP is a VPN protocol that encapsulates PPP traffic over the HTTPS protocol. It offers good integration with Windows systems and is relatively easy to configure on RouterOS. SSTP uses SSL/TLS for encryption, which provides a level of security comparable to IPsec and is a suitable option for the last mile if endpoints support SSL/TLS.

4. EoIP with IPsec

Ethernet over IP (EoIP) is MikroTik's own protocol that creates an Ethernet tunnel over an IP connection. By adding IPsec, you can secure the tunnel, protecting data from unauthorized access. This is useful for creating secure last mile links with strong encryption.

5. Secure VLANs

Although they do not provide encryption by themselves, VLANs (Virtual Local Area Networks) can segment the network and limit traffic to specific broadcast domains, thus improving overall security. You can use VLANs in combination with any of the above methods to improve last mile security.

6. Firewall-Based Security and Authentication

In addition to tunnels and encryption, it is crucial to implement strong and effective firewall policies on MikroTik devices to control access and protect data. Firewall configuration can include filters by MAC addresses, IP addresses, ports, and other attributes to control access and monitor traffic.

Each of these alternatives has its own advantages and may be more suitable depending on your specific setup, security requirements, and existing infrastructure.

It is important to evaluate your specific security needs and device compatibility when selecting an alternative solution to PPPoE for last mile security.