Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
0
Helpful
3
Replies

Monitor and Enhance local modes - wIPS

ahmedfouad
Level 1
Level 1

‎11-12-2014 02:07 AM - edited ‎07-05-2021 01:55 AM

 

Hello ,

 

can i mix between a Monitor mode APs and Enhanced local mode ones to be both served by MSE for wIPS services ???

 

or the AP mode must be unified ?

 

 

thanks

 

 

 

Labels:
0 Helpful
3 Replies 3

Rasika Nayanajith
VIP Alumni
VIP Alumni

‎11-12-2014 09:54 AM

Hi

That should be fine.

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful

gohussai
Level 4
Level 4

‎11-25-2014 01:56 PM

Ahmed you can use.

 

check the link for ref: - http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

 

 

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎11-25-2014 06:06 PM

ELM vs Dedicated MM

Figure 4 provides a general contrast between the standard deployments of wIPS MM APs and ELM. In review, the typical coverage range for both modes suggests:

  • Dedicated wIPS MM AP typically covers 15,000-35,000 square feet

  • Client-serving AP will typically cover from 3,000-5,000 square feet

Figure 4 - Overlay of MM vs All ELM APs

 

wips-04.gif

In the traditional Adaptive wIPS deployment, Cisco recommends a ratio of 1 MM AP to every 5 local mode APs, which may also vary based on network design and expert guidance for best coverage. By considering ELM, the administrator simply enables the ELM software feature for all of the existing APs, effectively adding MM wIPS operations to local data-serving mode AP while maintaining performance.

On-Channel and Off-Channel Performance

A MM AP utilizes 100% of the radio’s time for scanning all channels, as it does not serve any WLAN clients. The primary feature for ELM operates effectively for on-channel attacks, without any compromise to the performance on data, voice and video clients and services. The primary difference is in the local mode varying off-channel scanning; depending on the activity, off-channel scanning provides minimal dwell time to gather enough information available to classify and determine attack. An example may be with voice clients that are associated and where AP’s RRM scanning is deferred until the voice client is dis-associated to make sure service is not affected. For this consideration, ELM detection during off-channel is considered best effort. Neighboring ELM APs operating on all, country or DCA channels increases effectiveness, hence the recommendation for enabling ELM on every local mode AP for maximum protection coverage. If the requirement is for dedicated scanning on all channels full-time, the recommendation will be to deploy MM APs.

These points review differences of local mode and MM APs:

  • Local Mode AP - Serves WLAN clients with time slicing off-channel scanning, listens for 50ms on each channel, and features configurable scanning for all/country/DCA channels.

  • Monitor Mode AP - Does not serve WLAN clients, dedicated to scanning only, listens for 1.2s on each channel, and scans all channels.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card