Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
3
Replies

APs not supporting ELM, what WIPS features supported on normal Local mode not ELM ?

asus zowey
Level 1
Level 1

‎03-16-2016 06:10 AM - edited ‎07-05-2021 04:47 AM

Hi 

for access points not supporting ELM, and only operating in normal local mode with no submode, does the access point also go off-channel scanning and detects threats etc.. ?

what is the difference between an access point operating in normal Local mode and ELM in terms of WIPS, IDS, detecting threats etc... ?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Prakash Parvathala
Level 4
Level 4

‎03-17-2016 06:52 AM

Local Mode with wIPS provides wIPS detection “on-channel”, which means attackers will be detected on the channel that is serving clients. For all other channels, ELM provides best effort wIPS detection. This means that every frame the radio would go “off-channel” for a short period of time. While “off-channel”, if an attack occurs while that channel is scanned, the attack will be detected.

An AP in local mode with wIPS spends only 50 ms for off-channel scanning; it will take a long time if the attacks are off-channel. This is why ELM only provides the best effort with regard to off-channels attacks. It is recommended to use monitoring mode (MM) AP to detect off-channel attacks. On the other hand, because ELM is on operating channel most of time, it detects on-channel attacks much faster than MM AP.

To get the best output, ELM AP with WSM module is the recommended solution for WIPS deployment. Threshold-based alarms tend to cause more false positives compared to non threshold-based ones. But for some of them, the accuracy of alarms can be increased when out of sequence (OOS) logic is also taken into consideration. Therefore, these alarms are subjects for administrators to monitor, review, and fine-tune.

The features of ELM are:

  • Adds wIPS security scanning for 7x24 on channel scanning (2.4 GHz and 5 GHz), with best effort off channel support
  • The access point is additionally serving clients and with the G2 Series of Access Points enables CleanAir spectrum analysis on channel (2.4 GHz and 5 GHz)
  • Adaptive wIPS scanning in data serving local and FlexConnect APs
  • Protection without requiring a separate overlay network
  • Supports PCI compliance for the wireless LANs
  • Full 802.11 and non-802.11 attack detection
  • Adds forensics and reporting capabilities
  • Flexibility to set integrated or dedicated MM APs
  • Pre-processing at APs minimize data backhaul (that is, works over very low bandwidth links)
  • Low impact on the serving data
0 Helpful

asus zowey
Level 1
Level 1
In response to Prakash Parvathala

‎03-20-2016 01:22 AM

Hello Prakash,

what can the access points without ELM support ( only Local Mode without WIPS submode) do in terms of detection, on/off channel scanning ?

0 Helpful

asus zowey
Level 1
Level 1
In response to asus zowey

‎03-21-2016 11:14 PM

Bump

if the access point doesn't support ELM, can it still detect on and off channel ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card