Couple of things:

First it needs to be mentionned that strong encryption itself isn't the silver bullet when it comes to man in the middle attack: while the encryption itself is strong, the weakness is in the key exchange and authentication. For example, it's possible to conduct a MITM on SSL and SSH connections and if the user ignores the warnings from the browser/ssh client that the certificate is invalid or that the host fingerprint is wrong, you'll be able to sniff the session....
So it's only strong *mutual*authentication, combined with strong encryptiong that really aleviates this problem.

As for prevention mesures you can:
-as nebulus mentionned, use port security on your managed switches. The easiest way to set this up is to run the network in a known trusted state first, let the switch build it's MAC table and then freeze the MAC table on the switch.

-use port level authentication with 802.1x

-use the arpwatch software to monitor ip/mac associations on the network.

Other than that I'm not aware of much more that can help...


Ammo