Let's look at this from a Security Perspective


You will get alerts for any new devices on this LAN, no matter what you're using. 
You will be alerted for any new device plugged into any hub, managed or unmanaged switch as long as you're on the same broadcast domain (LAN).

For ARP Spoofing defense what are the attack vectors?
In the vast majority of environments, your valuable targets are servers, workstations, routers, and mainframes. Workstations don't typically connect to other workstations, and a hacker would not normally try to intercept traffic from workstation to workstation.









Two Sides to an ARP Spoofing Attack

There are 2 sides to an ARP Spoofing attack - source and destination. Both sides are spoofed for a successful attack. The hacker will always need to spoof one 'valuable' end - whether that be a local server, mainframe, or the router.

Therefore, you can use your managed router's SPAN ability to protect your 'valuable' switched assets on the LAN - the points where clients must connect to get at valuable data. Only a few ports need be monitored for adequate protection.






What to Monitor

Routers (now any connection to anything outside the LAN will be monitored against ARP Spoofing from within the LAN)
Mainframes / Core Processors
File & Application Servers
Any other targets of value