Hello Guys
I need help. I’m working on a hotel in Brazil. Here we use the Hotspot system to authenticate guests to access the Internet from the hotel. The system works very well 
But now, I have a problem. Any client, malicious user, or with some in-depth knowledge of network invasion, can hold a ipcan or mac spoofing, and check all of my clients connected to the hotel network without authenticating. See this attached (below), I simulated with a virtual machine.
The virtual machine without authentication, is with the ip address 20.150. In this same computer, I realize one IPScan, and I can visualize all connected clients in the hotel network, including can get response (ping).
If this problem remains, anyone with deep knowledge, could change your mac address to other mac address valid and authenticated on the network through scanning.
I looked this video but could not succeed in this configuration.
https://www.youtube.com/watch?v=dySWSHjB-94
I would like to do this (below), just do not know how
https://www.youtube.com/watch?v=qEZk56cgf3k
I ask, is there any method to block or restrict this breach of security in order to avoid this problem?
Sorry about my English.