Wi-Fi for OT environments: industrial wireless in manufacturing and logistics

OT devices and their wireless requirements

OT – operational technology – refers to the hardware and software that controls and monitors physical equipment and processes. In a factory or warehouse, that means AGVs (Automated Guided Vehicles), conveyor control terminals, SCADA HMIs (Human Machine Interfaces), handheld barcode scanners and RFID readers, forklift-mounted terminals, quality control sensors with IP interfaces, and WMS (Warehouse Management System) terminals. These are the devices that need wireless connectivity in industrial environments, and they have fundamentally different requirements from laptops and smartphones.

AGVs are the most demanding case. They move continuously around the facility and require seamless fast roaming between access points – any roaming interruption causes the AGV controller to declare a connectivity fault and stop the vehicle. That's not a minor inconvenience; it's a production halt. Handheld barcode scanners need reliable coverage across the full floor area, including deep into racking aisles where signal naturally degrades. Forklift-mounted terminals operate in high-vibration environments that place additional physical stress on both the terminal and its wireless connection. WMS terminals at fixed workstations are a different proposition – many of these are better served by wired connections, removing them from the wireless problem entirely.

The key distinction between OT and IT devices is failure behaviour. A laptop or smartphone that loses Wi-Fi for a second reconnects, the user barely notices. An OT device that loses connectivity for the same second may halt a conveyor, stop an AGV or drop a SCADA reading. OT devices often can't retry failed connections gracefully – they're designed to fail safe, which means they stop. That asymmetry defines the entire design approach.

The industrial RF environment

Factory and warehouse environments are among the most demanding for radio frequency propagation. Metal racking, structural steelwork and machinery all cause multipath reflections – signals bouncing off surfaces and arriving at the receiver out of phase with the direct signal. This creates unpredictable coverage patterns that don't behave the way a predictive RF model suggests they will.

The environment is also dynamic. Moving metal – forklifts, AGVs, goods on conveyors – changes the RF environment throughout the day. A coverage measurement taken in an empty building at 7am will not represent conditions at 2pm when the floor is fully operational. A site survey conducted in a racked, loaded, running facility tells you something useful. One conducted in an empty shell tells you very little.

Electrical machinery and motors generate RF interference, particularly in the 2.4GHz band. Variable frequency drives, welding equipment and conveyor motors are all common sources. The 5GHz band is generally cleaner in industrial environments, but it has shorter range and worse penetration through obstructions – trade-offs that affect access point density requirements.

The practical implication is that a standard office Wi-Fi design – based on a predictive model or a passive site survey of an empty building – will not produce a reliable industrial Wi-Fi network. The correct starting point is an active survey under representative operating conditions: racking loaded, machinery running, vehicles moving.

Access point selection for industrial environments

There is a meaningful difference between indoor enterprise access points and industrial or ruggedised access points, and the wrong choice creates maintenance problems that compound over time.

Industrial APs are built for the environment: IP66 or IP67 ratings for dust and moisture resistance, operating temperature ranges that cover unheated warehouses and hot manufacturing floors, vibration-resistant mounting and physical robustness suited to environments where forklifts pass nearby. They're designed to accept PoE++ power delivery and to keep running when the building conditions are not what an office AP expects.

Standard enterprise APs are appropriate in factory offices, control rooms and areas that are environmentally similar to standard commercial premises. On the production floor, in the racking aisles or in areas exposed to the elements, they're the wrong specification. The marginal cost saving is offset by higher failure rates, shorter lifespan and the operational impact of AP outages in a production environment.

Placement principles for industrial environments differ from office design. Access points mounted above racking height provide coverage across the top of the racking but poor penetration into the aisles where most scanning activity happens. Mounting APs at mid-column height – typically 3 to 5 metres – gives better aisle penetration. Cable routing must run through conduit in industrial environments to protect against mechanical damage and comply with installation standards. Access point positions need to account for forklift routes – an AP mounted where a forklift mast regularly passes will not last long.

AGV roaming: the hardest problem in industrial Wi-Fi

AGV connectivity is the use case that exposes the limits of a poorly designed wireless network faster than anything else. AGVs move continuously and require sub-50ms roaming handoff between access points to maintain the connectivity their control systems expect. Standard 802.11 roaming – where the client device decides when to roam and how – can take 200 to 500ms. That's enough time for the AGV controller to declare a fault and stop the vehicle.

The solution requires several things working together correctly. 802.11r (Fast BSS Transition) reduces roaming time by pre-authenticating the client with the target AP before it disconnects from the current one. 802.11k and 802.11v provide assisted roaming – the network helps the client make better roaming decisions by advertising which APs are available and suggesting transitions before signal degrades. These are standards-based features, but they need to be correctly configured on both the controller and the client devices.

AP placement for AGV roaming requires careful overlap design. Roaming decisions need to happen while the AGV still has a strong signal from the current AP – not when it's already at the edge of coverage. That means higher AP density along AGV routes and precise overlap calibration. The AGV must always see at least two APs with acceptable signal strength, so it can transition before the current connection degrades.

The roaming zone must use the same SSID and subnet throughout. If an AGV crosses a subnet boundary mid-route, it will lose its IP address and connection – a fundamental design error that no amount of fast roaming configuration will fix. Testing must happen under live AGV movement, not just with a handheld spectrum analyser walking the route. The RF environment the AGV experiences at floor level and at speed is different from what a human walking the same path measures.

OT network segmentation and Wi-Fi VLANs

OT wireless devices should not share a network segment with corporate IT traffic or guest users. This is both a security requirement and a performance one.

The security case is straightforward: OT devices often run firmware that isn't regularly updated and wasn't designed with enterprise security in mind. AGV controllers, SCADA HMIs and barcode scanner management systems may have known vulnerabilities that can't be patched without operational disruption. Placing them on the same flat network as corporate systems creates an attack surface that's entirely avoidable.

The implementation uses separate SSIDs mapped to separate VLANs, with firewall rules controlling what can communicate across boundaries. A typical industrial Wi-Fi deployment runs three SSIDs: one for OT devices – AGVs, scanners, WMS terminals – one for corporate and IT use and one for guest access where required. The OT SSID should have no internet access, no direct route to corporate systems and traffic should be monitored for anomalies.

Not all access points and controllers handle multiple SSIDs at scale correctly. Each additional SSID adds management frame overhead to the air – a factor that matters in high-density deployments. The Wi-Fi design must account for the VLAN architecture from the start. Retrofitting segmentation onto a network that was designed as a flat single-SSID deployment is more disruptive than doing it right at specification stage.

Specifying industrial Wi-Fi: what to get right before you start

The specification process for an industrial Wi-Fi deployment has a clear sequence. Getting the order wrong – buying hardware before conducting a survey, or designing the wireless layer without understanding the OT device requirements – produces the expensive problems that are difficult to fix post-installation.

Start with a device inventory. Document every OT device that needs wireless connectivity: what it is, what protocol it uses, what its roaming requirements are, whether it supports 802.11r, what frequency bands it operates on and what application latency it can tolerate. This inventory drives the entire design. An AGV that doesn't support 802.11r on its current firmware may need a firmware update before the wireless infrastructure is installed – that's a project dependency that needs to be identified early.

Conduct a physical site survey under operating conditions. Passive surveys of empty buildings are a starting point at best. The survey needs to capture real RF conditions with racking loaded and machinery running.

Specify access points, controllers and cabling to match the environment and the device requirements. Don't mix office-grade and industrial-grade APs on the same floor if the environment is uniformly industrial – the failure rate of the office-grade units will create asymmetric maintenance demand.

Test AGV roaming before go-live, not after. Roaming testing with the AGVs actually moving – on their full routes, at operational speed – is the only reliable validation. A roaming handoff that looks correct in the controller logs needs to be confirmed against the AGV's own connectivity behaviour.

Plan for capacity growth. Adding AGVs or scanners later shouldn't require a redesign. Design the AP density and controller capacity to accommodate the device count you expect in three years, not just the device count at go-live.