Aerospace industrial Wi-Fi network design

No. Our scope is commercial integrator, MRO, and supply-chain tenant facilities operating on the tenant’s own corporate boundary. We do not hold the facility clearances, personnel clearances, or DD-254 authority to work on classified prime-contractor networks, ITAR-controlled flight-test enclaves, or SCIFs. That work is scoped to the prime’s cleared integrators under a separate authority framework.

What we do deliver is the commercial network infrastructure the tenant owns: the contractor offices, the engineering wing, the hangar, MRO shop, clean-room, and fabrication floor wireless, and the boundary controls that satisfy NIST SP 800-171 r3 and CMMC 2.0 Level 2 for Controlled Unclassified Information on that commercial network.

If your scope requires classified-system wireless work, we will refer you to a cleared integrator and step out cleanly.

Two separate constraints apply. First, the entire 5600 to 5650 MHz band is closed to unlicensed U-NII device operation anywhere in the country for outdoor and radiating-outdoor equipment — that is a flat FCC rule with no distance dependency.

Second, within a 35 kilometer radius of a Terminal Doppler Weather Radar site, FCC KDB 443999 requires a 30 MHz center-frequency separation between the Wi-Fi operating channel and the TDWR center frequency.

We build the channel plan against both rules in parallel.

The practical output is a per-site channel exclusion list that documents which UNII-2 / UNII-2-Extended channels are eliminated by TDWR proximity, a default primary channel plan drawn from UNII-1, the remaining DFS-safe UNII-2 slots, and UNII-3, and a 6 GHz Wi-Fi 6E overlay for interior-only high-density coverage.

The exclusion list is part of the design document appendix and is re-verified if a new TDWR site comes online within range.

NIST SP 800-171 r3 control 03.13.11 (Cryptographic Protection) requires that cryptography used to protect Controlled Unclassified Information is implemented using mechanisms that comply with applicable federal standards — in practice, modules on the NIST CMVP active certificate list under FIPS 140-2 or FIPS 140-3. A deployment on non-validated firmware fails 03.13.11, and a failure there cascades into 03.13.08 (Transmission Confidentiality) and a material CMMC Level 2 finding.

For ITAR-controlled technical data the stakes are higher.

The 22 CFR § 120.54 end-to-end FIPS encryption carve-out only applies when every crypto module in the chain is FIPS-validated.

A single non-validated cipher suite negotiated on one AP breaks the carve-out, and transmission of technical data over that link is no longer covered. Our deliverable includes the CMVP certificate number per platform and a negotiated-cipher verification log per SSID.

The empty-bay back-of-envelope is one AP per 3,500 to 4,000 square feet of open floor plate. That target covers an empty hangar with no aircraft, no tooling, and no people — it is the baseline for a coverage-only deployment and almost never matches the operational load.

Once an aircraft is present, work stands are in position, paint curtains drop, and handheld and IIoT device populations light up, the RF environment shifts by 10 to 20 dB across large zones and the empty-bay density target is no longer sufficient.

We design to the occupied-bay target: AP pairs above each maintenance position, directional coverage down the fuselage centerline, cross-bay APs staged to hold -65 dBm RSSI and 25 dB SNR at every work location, and minimum-RSSI enforcement tuned against the actual handheld and scanner models in the fleet.

The Ekahau predictive model captures the empty-bay baseline; the AP-on-a-stick validation pass captures the occupied-bay behavior before the placement drawing is final.

Our primary deliverable is engineering — predictive modeling, channel and power plan, AP placement drawing in AutoCAD, controller configuration guide, validation pass, and the FIPS / 800-171 evidence package. We coordinate with the tenant’s approved structured-cabling and electrical contractors on the install rather than running the install ourselves, and we are on-site during the install cut-over to catch placement and mount deviations against the drawing.

Hazardous-location installations (Class I Div 2 paint cells, composite autoclaves, specific MRO areas) are always coordinated with the operator’s approved hazardous-location electrical contractor — we are RF engineers, not hazardous-location installers.

For straight commercial mounts on high-bay steel, catwalk, or column-line structure the tenant’s cabling vendor runs the pathway, we mark and verify, and the AP-on-a-stick validation pass closes the drawing.

Wi-Fi 6E (6 GHz indoor LPI) is useful for interior-only high-density zones — integrator office floors, engineering pods, conference rooms, and a specific subset of clean-room fabrication where the operational device fleet supports 6 GHz client radios.

Outdoor and radiating-outdoor hangar coverage stays on 5 GHz because AFC (Automated Frequency Coordination) standard-power 6 GHz operation in industrial outdoor adjacency is constrained and the operational device fleet is rarely 6 GHz-capable end-to-end.

Wi-Fi 7 is a new-construction and major-refresh conversation, not a forklift-upgrade driver for a working hangar.

Where the tenant is building new space or refreshing an aging controller and AP fleet, we scope Wi-Fi 7 with Cisco Catalyst 9176 (or platform equivalents) on the baseline and carry the same FIPS, 802.11w PMF, and 802.11r/k/v roaming posture forward.

For a live hangar on Cisco 9166 / IW9167E with a stable channel plan, a Wi-Fi 7 swap is rarely the right first move.

Engine test cells are typically built with reinforced concrete and, in some configurations, copper mesh in the ceiling or walls for acoustic and RF isolation. We treat them as their own coverage zones with dedicated APs inside the cell, hardened cabling penetration through an engineered wall port, and a channel and power plan that keeps the cell RF inside the cell.

Leak-from-adjacent-bay coverage is not a reliable design for a test cell and we do not scope it that way.

Composite layup rooms and autoclave bays absorb 5 GHz against the carbon fiber inventory and reflect 6 GHz unpredictably against tooling.

Those spaces get AP-on-a-stick validation before the placement drawing is final, and the final drawing is tuned to the measured behavior rather than the predictive model alone.

Hazardous-location zones adjacent to bonding cells or resin handling use the Cisco Catalyst IW9167E hazardous-location variant where required and are installed by the operator’s approved Class I Div 2 electrical contractor.

Yes. NDA is standard on every aerospace-adjacent engagement and we sign before any floor plans, drawings, or tenant-specific information cross our network. Our public references are anonymized by vertical and scale (“commercial integrator supporting a tier-1 prime supply chain”, “MRO facility under NIST 800-171 and CMMC Level 2 scope”). We do not publish tenant identities, site-specific case studies, photographs of tenant facilities, or named-customer logos.

That posture is deliberate.

Aerospace-adjacent tenants live downstream of prime-contractor relationships that do not tolerate supplier marketing of the engagement, and we have built the practice to respect that constraint.

The deliverables, the design artifacts, and the evidence package are yours; the marketing value of the engagement stays yours too.

DFARS clause 252.204-7021 becomes enforceable on 2025-11-10, which is the date the Department begins incorporating CMMC assessment requirements into applicable procurements. Implementation rolls out in four phases over three years under 32 CFR 170.3(e).

Level 1 (17 practices from FAR 52.204-21) and a narrow subset of Level 2 contracts permit an annual self-assessment scored in SPRS. The majority of Level 2 contracts — those involving CUI of higher criticality — require a triennial third-party assessment by an accredited C3PAO.

Level 3 is DCMA DIBCAC government-led.

Aerospace tier-2 and tier-3 suppliers with CUI riding a wireless-accessible system need the wireless access-control evidence set built in from the predictive design stage, not reconstructed for the assessor.

Control 03.01.16 Wireless Access obligates the organization to establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system — authorize every type before connection, disable unused wireless capabilities prior to deployment, and protect wireless access through authentication and encryption. Rev 3, published May 2024, consolidated the Rev 2 pair 3.1.16 plus 3.1.17 into a single 03.01.16 with embedded authentication and encryption language.

“Each type of wireless access” is assessable per-SSID — guest, corporate, machine-to-machine IoT, and any peer-to-peer Wi-Fi Direct or BLE path each need their own authorization record, config baseline (SSID, VLAN, encryption, auth method), and written connection policy.

Unused radios, bands, and SSIDs must be off on the AP console output the assessor reviews.

Control 03.13.08 Transmission and Storage Confidentiality requires cryptographic mechanisms to protect the confidentiality of CUI during transmission and storage. Paired control 03.13.11 Cryptographic Protection requires the organization to specify and implement the types of cryptography used to protect CUI, and the discussion notes that FIPS-validated cryptography is recommended for CUI protection.

At the wireless layer this reads as WPA3-Enterprise minimum, AES-256-GCMP over 802.1X with EAP-TLS, management plane on SSHv2, and controller-to-AP CAPWAP with DTLS in FIPS mode.

Any SSID carrying CUI that is configured for WPA2-PSK or Open fails the transmission confidentiality review on first inspection.

Our wireless design and validation documents the cipher suite negotiated per SSID and the CMVP certificate number per platform.

Yes, for unclassified technical data, under tightly drawn conditions. 22 CFR § 120.54 carves specific activities out of the “export” definition when unclassified technical data is secured end-to-end using cryptographic modules compliant with FIPS 140-2 or its successor,

with NIST-compliant key management, or by cryptographic means of strength at least equivalent to AES-128. Classified technical data is not covered. The carve-out does not apply to storage in 22 CFR 126.1-embargoed countries or the Russian Federation.

Operationally, the WPA3-Enterprise RF link is not sufficient on its own — the CUI itself must be separately encrypted (TLS 1.2 or higher with FIPS cipher suites) to the application endpoint.

If any hop drops out of FIPS mode, the § 120.54 carve-out collapses and the data movement can be construed as a regulated export.

Cisco Catalyst 9800 Wireless Controllers running IOS-XE 16.10 are listed under FIPS 140-2 CMVP certificate #3656 (Overall Level 1), with the underlying ACT2Lite crypto module under certificate #3637. Additional 140-2 security policies cover later IOS-XE trains under separate 140sp entries.

CMVP stopped accepting new 140-2 submissions after 2022-03-31 and FIPS 140-3 is now the standard for new validations; buyers should verify the specific IOS-XE version in service against the active CMVP list or the Modules in Process list before purchase.

C3PAO assessors ask for the certificate number matching the exact firmware train running in the hangar, not a generic “Cisco is FIPS-validated” statement.

The firmware-to-certificate-number mapping is load-bearing evidence.

The FCC Office of Engineering and Technology approved an initial set of seven 6 GHz AFC systems on February 23, 2024 (FCC OET DA-24-166). C3Spectra received commercial approval in July 2025 and Axon Networks in September 2025, bringing the total to nine commercially-approved AFC system operators as of 2026-04-27. AFC-governed Standard Power is required on UNII-5 (5925–6425 MHz) and UNII-7 (6525–6875 MHz). UNII-6 and UNII-8 remain Low Power Indoor without AFC coordination.

Outdoor flight-line, tarmac, and marshalling-area APs cannot use UNII-5 or UNII-7 Standard Power unless paired to an approved AFC operator, with each AP registered by latitude, longitude, height, antenna gain, and azimuth.

Interior-only hangar 6 GHz stays on UNII-6/8 LPI and does not touch AFC.

See our wireless design workflow for how the AFC question is resolved before the channel plan is drafted.

NFPA 70 Article 500 classifies hazardous locations by Class (I gases/vapors, II dusts, III fibers), Division (1 present under normal operation, 2 present only under abnormal conditions), and Group. ANSI/UL 1203 is the test standard for explosion-proof and dust-ignition-proof electrical equipment intended for Division 1.

Equipment installed in a classified zone must match the classification — explosion-proof enclosure, intrinsically safe, or purged/pressurized — or the install is a code violation and an insurance-loss event waiting to happen.

Paint bays and fuel-transfer zones are routinely Class I Division 1 or 2 depending on ventilation and process state.

A generic IP67 outdoor AP lacks UL 1203 certification.

The facility’s area classification (typically a Dow/Mond index or process-safety review) is an input to the predictive design, not an afterthought at install time.

FCC Enforcement Bureau Public Notice DA-12-459 requires that a U-NII master or client device within 35 km of a TDWR location be separated by at least 30 MHz center-to-center from the TDWR operating frequency. U-NII devices may not operate co-frequency with TDWR at 5.6–5.65 GHz at all, and DFS radar-detection cannot be user-disabled.

Plant 42 (Palmdale), Edwards AFB, Vandenberg SFB, and several commercial airports in the region have TDWR radars, so aerospace hangars inside that ring treat UNII-2C channels 120/124/128 as unavailable and apply 30 MHz separation from the specific TDWR frequency.

This typically removes four contiguous 20 MHz channels or two 40 MHz channels near the TDWR center.

Plan the spectrum around it before running Ekahau, not after.

PROFINET RT (Real-Time) tolerates up to roughly 10 ms cycle times and can ride a well-designed Wi-Fi 6E or Wi-Fi 7 segment when the controller accepts occasional 10 to 50 ms outliers. PROFINET IRT (Isochronous Real-Time), specified under IEC 61784-2-3:2023 and IEC 61158-5-10:2023, targets cycle times under 1 ms with jitter under 1 microsecond — as fast as 31.25 microseconds for motion control.

That envelope is at the edge of what Wi-Fi can hit even with MLO and TSN, and should not be promised over standard 802.11 in production.

Keep motion-control IRT on engineered wired Ethernet.

Use wireless for supervisory HMI, RT-class telemetry, and mobile worker devices; keep the deterministic boundary at the edge switch.

Cisco URWB delivers sub-10 ms latency, 99.995% availability, and zero packet loss with make-before-break handoffs across APs as moving assets transit the coverage area. That is the right layer for AGV fleets moving wing skins, autonomous mobile robots, remotely controlled crane bridges, and autonomous tugs — handover cases where standard 802.11r Fast Transition still introduces unacceptable packet loss or handover latency.

URWB runs in a separate logical plane from client Wi-Fi, so a hangar often carries two wireless subsystems: standard Wi-Fi for mechanic tablets and handhelds, plus URWB for the moving-asset traffic.

The Catalyst IW9167E supports both modes from the same hardware, software-switchable, which keeps the platform decision simpler than running two separate AP lines.

No, not today. IEEE 802.1Qbv Time-Aware Shaper, published in 2015 as part of the IEEE 802.1 TSN suite, enforces time-gated queues so scheduled traffic flows have deterministic end-to-end delay on a shared Ethernet. Wi-Fi 7 (802.11be) Multi-Link Operation reduces jitter meaningfully but is not a drop-in 802.1Qbv carrier — TSN over Wi-Fi remains research-grade at the standards and silicon level as of 2026.

The compliant aerospace and industrial pattern is wired TSN for motion control with URWB or industrial Wi-Fi for moving assets and human-carried traffic, with the TSN boundary drawn at the edge switch.

We flag this in the design document when the spec sheet says “802.1Qbv TSN end-to-end” over wireless — the spec needs revision, or a wired path is required.

Yes, when they cross the notification threshold. 14 CFR Part 77 requires notification to the FAA (Form 7460-1, “Notice of Proposed Construction or Alteration”) for any construction or alteration exceeding 200 ft above ground level, or any construction within 20,000 ft of a public-use or military airport that exceeds a 100:1 imaginary surface slope from the nearest runway point.

Outdoor flight-line AP masts, hangar-roof relay antennas, and the temporary cranes used during install can cross that threshold on common hangar geometries.

Form 7460-1 must be submitted before construction, and the FAA aeronautical study can take 30 to 120 days.

Skipping the filing risks a “hazard” determination that forces removal and, on airport grant-assured fields, triggers airport-sponsor enforcement.

IEC 62443-3-2:2020 requires the industrial system under consideration to be partitioned into zones (assets grouped by like risk) and conduits (communications paths between zones), then assessed for risk, with a target security level established per zone and conduit. IEC 62443-3-3:2013 provides the detailed system security requirements behind those security-level targets.

In a hangar, the SCADA network for overhead cranes is one zone, the CUI-bearing mechanic-tablet network is another, and guest wireless is a third — every SSID crossing a zone boundary is a conduit.

Security level targets are set per conduit.

SL 2 or SL 3 is the typical aerospace target for CUI-bearing wireless, which requires mutual authentication, cryptographic channel protection, and controlled interface monitoring.

NIST SP 800-172 layers enhanced security requirements on top of SP 800-171 to protect CUI associated with high-value assets or critical programs against Advanced Persistent Threats. Federal agencies select which enhanced requirements apply per contractual vehicle based on mission needs and risk.

SP 800-172 maps to CMMC 2.0 Level 3, which is DCMA DIBCAC government-led, not C3PAO. Most aerospace tier-2 and supplier contracts stop at SP 800-171 Rev 3 and CMMC Level 2.

Before designing an L3-grade wireless stack, confirm the contract actually flows down 800-172.

L3 wireless adds evidence-heavy obligations — stronger segmentation, dual authorization for privileged access, decoy and deception patterns — that are not part of L2, and scoping them into an L2 deliverable inflates cost without value.

Almost always yes, at least at the classification-analysis stage. ECCN 5A002 (hardware) and 5D002 (equivalent software) under 15 CFR Part 774 cover items using cryptography for data confidentiality with symmetric key length in excess of 56 bits, which is nearly every enterprise AP and controller shipping with AES-128 or AES-256.

License Exception ENC under 15 CFR 740.17 provides broad authorization for many commercial encryption exports, but the applicable sub-paragraph depends on end-user, end-use, and destination.

A commercial aerospace integrator shipping a spare controller to a foreign MRO facility, or deploying kit where foreign-national employees will administer it, cannot assume “commercial off-the-shelf equals no license needed.”

BIS ENC notification is often required, and the classification analysis is a prerequisite to the shipment, not a post-ship cleanup.

03.05.03 requires multi-factor authentication for access to privileged and non-privileged accounts using two or more different factors — something known, something possessed, or a biometric. Legacy PEAP/MSCHAPv2 is knowledge-only and does not meet 03.05.03 on Rev 3. Device-only EAP-TLS with a machine certificate does not meet it either, because it is a single-factor (possession) authentication.

The compliant pattern at the wireless layer is EAP-TLS with a TPM-backed client certificate plus a user factor — either EAP-TEAP chaining machine and user credentials, or endpoint-side smartcard/YubiKey authentication before the 802.1X session asserts user identity.

C3PAO assessors ask for the auth event logs showing two factors per session, which the design must produce automatically on every CUI-bearing SSID.

Yes for supervisory and many control tiers. ODVA states that EtherNet/IP is compatible with commercially available Ethernet installation options including copper, fiber, fiber ring, and wireless. CIP Motion over EtherNet/IP combines deterministic, real-time, closed-loop motion control with standard unmodified Ethernet compliant with IEEE 802.3.

Neither ODVA nor PI publishes a wireless-specific cycle-time guarantee — wireless tolerance depends on the application-layer timeout and retry configuration, typically tuned to 100 to 500 ms versus 10 to 50 ms on wired.

CIP Safety over wireless requires a safety-function-response-time analysis that includes wireless jitter in the SFRT budget.

For motion and safety loops, keep the fieldbus wired.

For supervisory HMI and mobile-worker telemetry, Wi-Fi is appropriate with a tuned timeout profile.

Self-assessment wireless evidence is documentary — SSP sections, policy artifacts, configuration screenshots, SPRS scoring against the 110 SP 800-171 practices, refreshed annually. C3PAO Level 2 evidence is observational plus documentary on a triennial cycle: the assessor asks to see the WLC running-config with FIPS enabled, the CMVP certificate number mapped to that exact IOS-XE train, RADIUS or ISE authentication-server logs showing two-factor events on CUI SSIDs, and packet captures confirming AES-256-GCMP negotiation.

Under 32 CFR Part 170, the CMMC Status is stored in SPRS and additionally issued on a Certificate of CMMC Status.

The wireless design must be built to produce that evidence automatically as part of normal operation, not forensically reconstructed in the weeks before the assessment window opens.