Excellent that you got it sorted out. I'm not using it so much these days so if I run into issues is you I have to go ask
In any case - what you can also do is limit the bandwidth for the unauthorized persons (on the "free WiFi") so that it doesn't pull too hard on your resources.
Another thing you can do is implement MAC pass-through for those at your office while others that may try to connect to your office have a login portal to use - captive portal with or without active directory authentication. You could even get a custom page for the login.
Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".