Can IPS/IDS detects data link layer attacks?

Blind spot on the other level and the security tools capability.

Attack on the data link layer is a attacking method that IPS/IDS cannot detect with their rules/signatures. Address Resolution Protocol  (ARP) cache poisoning for wired clients to de-authentication of wireless clients are easily to exploit because the attacking can comes from trusted network.

You can find a good open source solution to detect this attack. Such as scapy.