We had similar issues with agents and come to the same conclusion, we then had a different issue with the amount of dhcp addresses we use, essentially our users are quite mobile within our networks and its not unusual to see the same machine with 3 or 4 ip addresses in a day depending on which VLAN they are connected to
I think the agent should only use the ID and certificate to authenticate itself with maybe an approval button on the console, after that the agent should not take the IP address into account for authentication
we have managed a work around however we cant use licence recycling now and have to manage licences manually which is a burden