Showing results for 
Search instead for 
Did you mean: 
asus zowey

APs not supporting ELM, what WIPS features supported on normal Local mode not ELM ?


for access points not supporting ELM, and only operating in normal local mode with no submode, does the access point also go off-channel scanning and detects threats etc.. ?

what is the difference between an access point operating in normal Local mode and ELM in terms of WIPS, IDS, detecting threats etc... ?

Prakash Parvathala

Local Mode with wIPS provides wIPS detection “on-channel”, which means attackers will be detected on the channel that is serving clients. For all other channels, ELM provides best effort wIPS detection. This means that every frame the radio would go “off-channel” for a short period of time. While “off-channel”, if an attack occurs while that channel is scanned, the attack will be detected.

An AP in local mode with wIPS spends only 50 ms for off-channel scanning; it will take a long time if the attacks are off-channel. This is why ELM only provides the best effort with regard to off-channels attacks. It is recommended to use monitoring mode (MM) AP to detect off-channel attacks. On the other hand, because ELM is on operating channel most of time, it detects on-channel attacks much faster than MM AP.

To get the best output, ELM AP with WSM module is the recommended solution for WIPS deployment. Threshold-based alarms tend to cause more false positives compared to non threshold-based ones. But for some of them, the accuracy of alarms can be increased when out of sequence (OOS) logic is also taken into consideration. Therefore, these alarms are subjects for administrators to monitor, review, and fine-tune.

The features of ELM are:

  • Adds wIPS security scanning for 7x24 on channel scanning (2.4 GHz and 5 GHz), with best effort off channel support
  • The access point is additionally serving clients and with the G2 Series of Access Points enables CleanAir spectrum analysis on channel (2.4 GHz and 5 GHz)
  • Adaptive wIPS scanning in data serving local and FlexConnect APs
  • Protection without requiring a separate overlay network
  • Supports PCI compliance for the wireless LANs
  • Full 802.11 and non-802.11 attack detection
  • Adds forensics and reporting capabilities
  • Flexibility to set integrated or dedicated MM APs
  • Pre-processing at APs minimize data backhaul (that is, works over very low bandwidth links)
  • Low impact on the serving data

Hello Prakash,

what can the access points without ELM support ( only Local Mode without WIPS submode) do in terms of detection, on/off channel scanning ?


if the access point doesn't support ELM, can it still detect on and off channel ?

Recognize Your Peers
Content for Community-Ad