Why don't you call human resources and discipline the employee? Technology isn't the solution to every problem, and it's practically impossible to stop someone from abusing a computer if they are really determined. Instead, make the employee sign an Acceptable Computer Usage Agreement that states they can't do things like change their IP address. If they do it again, take disciplinary actions.
If you're really set on using technology to stop the Internet access, you may be able to block the computer's MAC address, either by explicitly forbidding traffic from that MAC address or by creating a list of acceptable MAC addresses for each of the other clients on your network. Of course, there's nothing to stop the employee from changing their MAC address, so it's hardly foolproof. Other than that, you could setup a proxy server that requires authentication, and give authentication credentials to the other users on your network. If you had the ability to control the software configuration on the employees computer, I would suggest using Group Policy Objects to restrict the employee from running Internet applications, and to remove the employees privileges to change the IP configuration—but it doesn't sound like you can control the software on the computer.
This was first published in February 2004