In local networks, security weaknesses in the data link layer enable internal attacks. Althoughswitches and routers have some built in security features, they are not enough to fully ensure thesecurity of local networks. Moreover, these features require network administrators' involvement andare prone to miss-configuration. In addition, data link layer protocols used in local area networks(LANs) are not designed with built-in security features. The most dangerous attacks on layer 2 are ARPspoofing and MAC flooding attacks. Several schemes to mitigate, detect and prevent these attacks havebeen proposed, but each has its limitations. This paper proposes a detection and prevention system forARP spoofing attacks. The system consists of two back to back servers. An application on the serversallows authentication of users to a centralized server. The server, in turn, retrieves logged users to theswitch. Hence filtering of untrusted users is performed by telneting the main switch. The Performancestudy has shown the efficiency and superiority of the proposed system, as compared to the previouswork. Several performance metrics have been measured to show its fast response to detection andprevention of the ARP spoofing attacks. The system has been compared to one of the famouscommercial tools. The comparison has shown the superiority of our system, since the system detectiontime is 20 time faster than that of the commercial tool.