DHCP Snooping Issue with Static IPs and 802.1x Port Auth

Hello.

I am trying to implement DHCP snooping and Dynamic ARP inspection into an environment with 802.1x and some static IPs.

I am able to get a connection on hosts who do not have static IPs, but the hosts who do are unable to reach out to anything. I created an ARP access list and applied it to the user VLAN. In the logs, it looks like the traffic is being permitted and the 802.1x authentication is going through, but the devices still seem to be offline.

I also tried disabling 802.1x on a port that connects to a device with a static IP, and that seems to work (no idea why). I set a port to trusted for ARP inspection and it failed, but setting it to trust for only dhcp snooping allows it to connect and identify the network (this is for a port thast has a host with a static IP and 802.1x enabled). I am using Cisco 2960x's and Microsoft NPS with Windows 11 hosts. I feel like I am missing something here.

Thank you.