Maintenance and Managment of the Wireless Network


22. What tools do I need to check my wireless network?

Spectrum analyzers, 802.11 protocol analyzers (aka 802.11 network analyzer, 802.11 sniffer), and site-survey kits are used in conjunction with tools available on the wireless  controller and wired infrastructure. Please see the table below, which outlines some examples of issues that prevent wireless communication and how different tools could be useful for debugging. Please note that the table is not comprehensive. The order of checks moves up the stack because none of the higher layers will work unless the lower layers are in place. That is why debugging a client that won’t connect begins with checking to see whether the client is transmitting, followed by 802.11 connectivity, authentication, and then IP-level connectivity.

For proprietary networks such as those that support WMTS, tools other than a spectrum analyzer are typically only available if provided by the vendor.

Problem 802.11 Protocol Analyzer (Sniffer) Radius Server Logs Spectrum Analyzer Wireless Controller and Wired Network
No or Unreliable
802.11 Connection
• Determine if client is transmitting packets and, if so, the retry rate
for the client and the AP
• Verify client packets are
• Data rate of the
• 802.11 channels in use
N/A • Is client
• Signal strength
and SNR of AP(s)
at client
• Signal strength and
SNR of client at AP
• Duty cycle of
• Any traffic from client?
• Signal strength of
client as seen by the
• Retry rate of packets
transmitted to client
• Data rate of received
and transmitted
No IP Connection • Verify authentication
is received from
authentication server
• Verify DHCP request/
response occurs
• Verify gratuitous ARP
Verify 4-way
N/A Verify authentication packets are received form the client
Authentication Failure
Verify 4-way handshake
occurs properly
Verify 4-way
Roaming Issues Is full or fast
authentication occurring
at each roam?
Verify server is only
contacted for initial
connection to Wi-Fi
N/A Verify fast roaming is enabled

NOTE: AP = access point; ARP = Address Resolution Protocol; DHCP = Dynamic Host Configuration Protocol;

RADIUS = Remote Authentication Dial-In User Service; SNR = signal-to-noise ratio

23. How do I know if my devices/wireless network are experiencing a high rate of interference? How can I troubleshoot it?

Interference occurs when two or more transmissions occur at the same time, in the same place, and in the same frequency band. It is analogous to having two people talking to you at the same time. A whispered comment causes little interference compared to a loud voice. If the interference is strong enough and occurs often enough to cause unacceptable delays, jitter, or transmission failures, the term “harmful interference” might be applied.

RF emissions may be characterized as intentional and unintentional. Intentional transmissions are due to devices such as radios that purposely transmit data. Unintentional interference is due to emissions that occur as a consequence of device operation, such as sparks on motor bushings, faulty/failing fluorescent light ballasts, high-speed switching of data and address lines in a computer, etc.

A symptom of interference is the user having connection problems. These might be exhibited by dropped calls, missing audio and/or video, or a device that can’t reliably connect or stay connected. Devices might display an error message akin to “network connection lost.” Possible causes include low signal strength, software issues, compatibility issues (for example, authentication mismatch), or interference. When there is a low signal strength, interference is more likely to cause the symptoms listed above.

To troubleshoot, check the RF performance of the devices at both ends (and possibly in the middle with a sniffer or spectrum analyzer) while the symptoms are evident. Check signal strength, retry rates, noise level, data rate, and existence of acknowledgement packets. For examples and more detail, see Appendix C, Troubleshooting 802.11 Connectivity Issues.

24. Do I have enough capacity for all our wireless initiatives?

Network capacity issues are typically the result of inadequate planning by HDOs to understand how they use wireless technology and ensure a proper design and installation of infrastructure. Acute changes in capacity can be caused by sudden increases in the number of wireless clients, physical changes to the building, and “bugs” in software/firmware upgrades.

The best way to solve these problems is to plan for network growth in the first place, following the guidance from ANSI/AAMI/IEC 80001-1:2010 and its technical report, ANSI/AAMI/IEC TIR80001-2-3:2012. Use the tools mentioned in Question 22, “What tools do I need to check my wireless network?” to determine whether there truly is a bandwidth issue. It may be that data isn’t arriving as intended because of interference.

Assuming more bandwidth is required, one possible solution is to take advantage of the large number of channels available in the 5 GHz band. It is possible to reuse channels (analogous to the solution used by cellular providers: install more APs with lower transmission powers). Ensure that all areas are covered by strong signal (at least -65 dBm for 802.11a/g) so that devices can transmit at the highest data rates. Upgrade to 802.11n and 802.11ac where there is high spectral efficiency (the number of bits that can be transmitted per hertz of bandwidth).

It is important to understand that wireless networks can comprise several service set identifiers (SSIDs) or network names that cater to different user/device types. These various SSIDs have to share the limited bandwidth and contend with each other for air time over the 2.4 GHz and 5 GHz frequencies. When evaluating capacity, it is important to remember that as the number of SSIDs increases, the overhead burden of wireless traffic management increases, which ultimately decreases the available bandwidth. It often makes sense to have several SSIDs (e.g., for separate guest and medical networks), but try to minimize the number of SSIDs used.

With respect to WMTS systems, the FCC-allocated bandwidth is limited to about 14 MHz. Working with a vendor that provides a higher spectral efficiency than older telemetry systems can make better use of the 14 MHz available for WMTS.

25. Which team should own the wireless network and/or manage spectrum use?

Successful management of a wireless network that supports medical devices depends on strong collaboration and good communication between IT and HTM groups so that medical device, clinical, and IT needs are all considered. Some hospitals have an employee whose role includes spectrum management. The HTM group can bring in concepts including clinical workflows, patient safety, IEC 80001, and IEC 60601-1-2. Ideally, HTM has at least read-access to the appropriate wireless controllers and understands the operation of the wireless network as it pertains to medical devices.

26. What factors should I consider before upgrading my network software?

The following items are generally considered when evaluating a network software upgrade:
  • A thorough read of the release notes
  • Results of a risk analysis of not updating the software, including mitigation strategies
  • Results of a risk analysis for updating the software, including mitigation strategies
  • Installation and operational test plan (might include testing in a lab environment first)
  • Backout plan (in case the upgrade fails)

Update the network when the risk/reward ratio of updating is lower than the risk/reward ratio of not updating: compare the benefits (bug fixes, new features) and risks of updating (untested medical devices might not operate correctly) vs. benefits (stable system) and risks of not updating (e.g., security vulnerability). In an easy example, if the WLAN vendor implements a patch to support 802.11ac and the HDO has no 802.11ac devices, the reward for updating is zero, so the risk/reward ratio is infinite.

A more common scenario to consider is when there is a security patch. From an IT security vantage point, one would install the patch as soon as possible to quickly remove the risk of a security vulnerability. The hazard and probability of occurrence of the security vulnerability being exploited needs to be weighed against the probability and occurrence of potential issues that might include:
  • Infusion pumps may not be able to update formularies
  • Patient monitors may not be able to deliver alarms
  • Roaming doesn’t work
  • Picture archiving and communication systems (PACS) may not be able to upload images
  • Mobile EHR interfaces may not to be able to access patient records
  • Voice over WLAN systems may not operate correctly

Typically, an update adds more than just one feature, includes bug fixes, and sometimes introduces new bugs. The probability of hazardous events is generally higher for new releases that haven’t had time to mature. Consequently, large providers usually have very stringent and exhaustive tests to qualify new network equipment and software. Once qualified, they stick with the same versions for a long time because of the time and cost of qualification. As some are fond of saying, “Tried and true is better than new.”

The only real way to know whether the upgraded network software works is to test it, preferably in a lab environment. The highest priority is to test against those devices whose failure causes an unacceptable risk. HDOs should be prepared to do this testing because MDMs typically require weeks to months to test against a new release of WLAN firmware, while an IT department may want to immediately deploy the new release to address a security vulnerability. The presentation, “Risks, Challenges and Opportunities of Wireless Technologies in Healthcare: Wireless Testing in a Hospital,” provides guidelines for risk analysis and testing to guide a decision on whether to upgrade the WLAN operating system before the medical device companies have validated it.27

27. How do I determine the performance of medical devices on my wireless environment?

There are several tools available to gauge the performance of wireless medical devices on the network. In the interest of cooperation and communication, it is a good practice to work with your IT department here and in other areas where IT network testing is needed. Based on the performance indicators and metrics desired, this can be quite complex. The tools can be broken down into the following groups:

a. Most wireless medical devices have built-in monitoring systems to some degree or another. These will usually indicate a relative signal strength and whether the device is connected to the network. The more sophisticated systems illustrate additional metrics such as signal power (in dBm or RSSI) and number of retries.

b. Wireless medical devices typically send data to a central server, which has management functions. In some cases, these systems allow for SNMP (Simple Network Management Protocol) monitoring. SNMP monitoring can also be used on the wireless infrastructure to proactively identify when systems are offline or predefined thresholds are reached. For example, a system administrator can be notified that a wireless AP or controller is offline. In some cases, metrics such as signal strength can also be captured via SNMP.

c. Wireless management platforms and wireless controllers often offer metrics and insight into device connectivity trends.

d. Tools are also available that can provide a view of wireless performance. Combining the results of these tools with those above provides a full wireless system picture. These include 802.11 wireless sniffers (e.g., Wireshark) and they can provide a good picture of what is going on in your network with all of the different types of devices you are required to support. Wireless sniffers are useful because they detect some things that won’t be visible and/or are hard to detect at the wireless controller, e.g., a high rate of beacons and high incidence of broadcast/multicast traffic.

28. What is a wireless LAN site survey and how often should I do one?

In this context, a “site survey” is a measurement of RF performance in an area (and the adjective “wireless” or “RF” is often omitted). The performance measures can include power, interference, redundant coverage, noise levels, and signal-to-noise ratio (SNR). There are at least two types of site surveys. An “installation site survey” is typically done to increase confidence that the planned AP locations are correct. The installation site survey typically uses a single AP, always on the same channel, that is moved to each planned AP location. Once placed in a planned location, the RF signal strength is measured in the area around that location.

In contrast, a “verification site survey” is a manual measurement and mapping of the RF coverage after the WLAN is operational. Because the APs are all active, in their final locations, and transmitting on a myriad of channels, the installer is able to verify whether the final installation meets the requirements.

At a high level, to perform a site survey, one imports a facility floor map into site survey software and walks around the building while the software records the signal strength of each AP. Postprocessing provides heat maps or other ways to visualize the RF coverage. Different tools add other features, such as overlays for RF utilization and methods to indicate redundant coverage (as opposed to just the strongest coverage in that area), SNR, and co-channel interference

A verification site survey should be updated any time there is substantial change to the network or the physical environment. Since automatic RF coverage algorithms running on wireless controllers may change the AP transmission power and channels, a site survey may be used to objectively evaluate the effect of the algorithm, particularly when it is first enabled. Periodic evaluations should be run, and the time between these evaluations depends on the output of a risk analysis. As a guide, an annual site survey is prudent and may also include looking at the noise floor using either the site survey tool or a spectrum analyzer.

Some WLAN vendors’ tools and third-party applications build RF coverage maps using information each AP collects about how strong it hears other APs. If one compares this data to a manual site survey and there is a strong correlation, it may make sense to use these tools.