Before your access lists or firewall rules comes layer 2(L2). This is the Data link layer where your MAC addressing lives. Why do we need to protect L2…?
- Man in the middle attacks happen via L2
- Rogue DHCP on a single segment
- DHCP server starvation attack
- ARP attacks against your switches
Man in the middle attack
What is a man in the middle attack? Here’s what wikipedia says about it. In a nutshell I tell the router that I am you, and I tell you that I am the router. What happens is that all your traffic passes through me…while I intercept everything possible about what you are doing. I wait for you to attempt a bank transaction and hand you a bunk site certificate and steal your monies 
I do this by sending gratuitous ARPs. These are unprovoked ARP announcements. I send ARPs over and over to the router saying I’m you. I then send you ARPs over and over saying that I am the router.