There are some security mechanisms against arp spoofing. At device level, you have software for windows/linux/android. For example "arp guard" for android or "arptables" for linux, etc. At switch level, there are some advanced switches (CISCO) which have a feature called "port security", but this kind of switches are more expensive. You can check how it works here.
If your switch is a layer 2 of the OSI model (data-link) standard switch, it doesn't understand about ips, true, and it's not going to have an own ip because it is not a configurable switch and can't be arp poisoned as a direct victim. But all the switches have a cache memory to store arp macs. They memorize which ports have which arp addresses... so a victim can be arp-poisoned through it because it doesn't care.
It only take the packages, look what is the arp destiny address and the launch it only through that port to avoid the "old hub behaviour" on which all packets travel through all ports causing a lot of collissions and letting the hackers to sniff on any port all the network.
Anyway, there are more kind of attacks that can be done to the switches. If your switch is CISCO and has a fixed size dynamic Content Addressable Memory (CAM) table, can be attacked in other way, MAC flooding. The CAM table stores information such as MAC addresses available on physical ports with their associated VLAN parameters. The hackers can use some tools (like macof) create requests with random generated macs to fill all the table because what happens when CAM table is full? it enters in fail open mode. On this state, the switch change its behavior and starts to broadcast every packet to every port acting as an old hub. Nice for sniffing.
Of course, you can also try to detect this configuring snmp traps on switches to have alerts and that kind of stuff.