Hi,
Use packet filtering setting, this inspect each packet two and fro..however this is just a preventive measure.
Secondly rely on VPN ..thats the best trick.
To my knowledge CISCO routers inspect these ARP Spoofing to detect poisoned ARP packets. This uses STATIC ARP across your router (2 hosts).
We can't completely free from these like Chop-Chop attack, Fragmentation Forge attack too is there however victim online is mandate
ARP attack sends spawned (malicious) packets to the victim ip address..when the router replies it ..MAC ID of it gets associated with the attacker IP..so we can't prevent it
Try STATIC ARP Changer tool..which uses virtual ARP table on the session..
In our terminology we call it as MAN IN THE MIDDLE ATTACK over LAN