D-Link DGS-3200 Series User Manual page 247

DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch
Figure-5
Prevent ARP Spoofing via Packet Content ACL
D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content
ACL.
For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC
information, there is a need for further inspections of ARP packets. To prevent ARP spoofing attack, we will demonstrate here via
using Packet Content ACL on the Switch to block the invalid ARP packets which contain faked gateway's MAC and IP binding.
Example topology
233