802.1x instead of switch ACLs SSSD (Linux) or Active Directory (Windows) or other more custom solutions for dynamic DNS Firewalls rules that use those dynamic DNS names

Bonus: the relatively recent RFC 9686 that I hope will get some good traction: https://datatracker.ietf.org/doc/rfc9686/

Dynamic DNS, DHCP, and static assignment are all still part of IPv6. Putting single IPs in switch ACLs is an anti pattern. Consider zero trust or working with whole subnets(they're plentiful in v6) instead.

Turn off temp addresses. If your prefix changes then use ULA addresses.

"Build yourself an IPAM solution, at great operational cost and complexity."