Digi S2DSM User Manual

XBee/XBee-PRO ZigBee RF Module
User Guide
XBee/XBee-PRO ZigBee RF Modules User Guide
90002002 v
Revision Date Description
A-R Various Initial release and subsequent releases for various editorial updates and technical content updates
to keep current with product changes.
S May 2015 Update the SMT dimensions drawing. Added a section on deep sleep and sleep current
measurements. Updated the baud rates supported by the BD command. Updated the Brazil ANATEL certification information.
T July 2015 Revised the Maximum RF payload size section. Frames 0x90 and 0x91 no longer report the 0x40
indicator - removed it.
U December 2015 Updated XBee-PRO Surface Mount agency approvals. Added missing Extended Modem Status
status code descriptions to the 0x98 frame. Added ANATEL labels.
V April 2016 Updated the firmware release notes section. Updated several hardware specifications with S2D
hardware information. Updated regulatory information. Revised the Programmable XBee SDK section. Added the ED command. Updated the BD command. Added antennas for the S2D hardware.
Product documentation
To find up-to-date documentation for all Digi products, visit www.digi.com/documentation.
To provide feedback on this documentation, send your comments to techcomm@digi.com.
Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
© 2016 Digi International. All rights reserved.
Disclaimers
Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose. Digi may make improvements and/or changes in this manual or in the product(s) and/or the program(s) described in this manual at any time.
Warranty
To view product warranties online, visit www.digi.com/howtobuy/terms.
Customer support
Digi offers multiple technical support plans and service packages to help our customers get the most out of their Digi product. For information on Technical Support plans and pricing, please contact us at 952.912.3456 or visit
www.digi.com/support.
XBee/XBee-PRO ZigBee RF Modules User Guide 2
If you have a customer account, sign in to the Customer Support Web Portal at www.digi.com/support.
Applicable firmware and hardware
Hardware: S2C
Firmware: 401x, 402x, 403x, 404x, 405x
Hardware: S2D
Firmware: 705x
XBee/XBee-PRO ZigBee RF Modules User Guide 3
Contents
Overview of the XBee ZigBee RF Module
Worldwide acceptance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Firmware release notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Agency approvals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Serial communications specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
UART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
SPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
GPIO specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hardware specifications for the programmable variant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Mechanical drawings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Pin signals for the surface mount module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Pin signals for the through-hole module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
EM357 pin mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Design notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Power supply design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Recommended pin connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Board layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Module operation for the programmable variant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Programmable XBee SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Module operation
Serial communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
UART data flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
SPI communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Serial buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
UART flow control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Break control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Serial interface protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Modes of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Idle Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Transmit Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Receive Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Command Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Sleep Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
XBee/XBee-PRO ZigBee RF Modules User Guide 4
ZigBee networks
Introduction to ZigBee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
ZigBee stack layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
ZigBee networking concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Device types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
PAN ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Operating channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
ZigBee application layers: in depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Application Support Sublayer (APS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Application profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
ZigBee Coordinator operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Forming a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Channel selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
PAN ID selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Persistent data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
XBee ZigBee Coordinator startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Permit joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Resetting the Coordinator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Leaving a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Replacing a Coordinator (security disabled only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Example: starting a Coordinator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Example: replacing a Coordinator (security disabled) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
ZigBee Router operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Discovering ZigBee networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Joining a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Persistent data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
ZB Router joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Permit joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Joining always enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Joining temporarily enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Router network connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Leaving a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Locator option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Resetting the Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Example: joining a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
End Device operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Discovering ZigBee networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Joining a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Parent child relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
End Device capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Persistent data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Orphan scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
ZigBee End Device joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Parent Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Resetting the End Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Leaving a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Example: joining a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
ZigBee channel scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Managing multiple ZigBee networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
PAN ID filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
51
XBee/XBee-PRO ZigBee RF Modules User Guide 5
Pre-configured security keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Permit joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Application messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Transmission, addressing, and routing
Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
64-bit device addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
16-bit device addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Application layer addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Data transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Broadcast transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Unicast transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Binding transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Multicast transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Data transmission examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
RF packet routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Link status transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
AODV Mesh routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Many-to-One routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
High/Low RAM Concentrator mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Source routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Encrypted transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Maximum RF payload size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Throughput . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Latency timing specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
ZDO transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
ZDO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Sending a ZDO command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Receiving ZDO commands and responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Transmission timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Unicast timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Extended timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Transmission examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
ZigBee Security
Security modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
ZigBee security model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Network layer security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Frame counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Message integrity code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Network layer encryption and decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Network key updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
APS layer security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Message integrity code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
APS link keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
APS layer encryption and decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Network and APS layer encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Trust center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Forming and joining a secure network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Implementing security on the XBee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Enabling security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
XBee/XBee-PRO ZigBee RF Modules User Guide 6
Setting the Network Security Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Setting the APS Trust Center Link Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Enabling APS encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Using a Trust Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
XBee security examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Example 1: forming a network with security (pre-configured link keys) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Example 2: forming a network with security (obtaining keys during joining) . . . . . . . . . . . . . . . . . . . . . . . . . 90
Network commissioning and diagnostics
Device configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Device placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Link testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
RSSI indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Device discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Network discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
ZDO discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Joining Announce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Commissioning Pushbutton and Associate LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Commissioning Pushbutton . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Associate LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Group Table API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Managing End Devices
End Device operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Parent operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
End Device poll timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Packet buffer usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Non-Parent device operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
XBee End Device configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Pin sleep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Cyclic sleep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Recommended sleep current measurements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Transmitting RF data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Receiving RF data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
I/O sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Waking end devices with the Commissioning Pushbutton . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Parent verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Rejoining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
XBee Router/Coordinator configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
RF packet buffering timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Child poll timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Transmission timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Putting it all together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Short sleep periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Extended sleep periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Sleep examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Analog and digital I/O lines
XBee ZB through-hole RF module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
I/O configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
XBee/XBee-PRO ZigBee RF Modules User Guide 7
I/O sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Queried sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Periodic I/O sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Change detection sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
RSSI PWM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
I/O examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
PWM1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
API Operation
API frame specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
API examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
API serial port exchanges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
AT commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Transmitting and receiving RF data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Remote AT commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Source routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Supporting the API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
API frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
AT command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
AT command - Queue Parameter Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
ZigBee Transmit Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Explicit Addressing ZigBee Command frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Remote AT Command Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Create Source Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
AT Command Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Modem Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
ZigBee Transmit Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
ZigBee Receive Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
ZigBee Explicit Rx Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
ZigBee IO Data Sample Rx Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
XBee Sensor Read Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Node Identification Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Remote Command Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Extended Modem Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Over-the-Air firmware update status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Route Record Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Many-to-One Route Request Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Sending ZigBee Device Objects (ZDO) commands with the API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Sending ZigBee Cluster Library (ZCL) commands with the API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Sending Public Profile Commands with the API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Command reference tables
Addressing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Networking commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Security commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
RF interfacing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Serial interfacing (I/O) commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
I/O commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Diagnostics commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
AT command options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Sleep commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Execution commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
XBee/XBee-PRO ZigBee RF Modules User Guide 8
Module support
XCTU configuration tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Customizing XBee ZB firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Design considerations for Digi drop-in networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
XBee Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Programming XBee Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Serial firmware updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Invoke the XBee Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Send a firmware image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Writing custom firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Regulatory compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Enabling GPIO 1 and 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Detecting XBee versus XBee-PRO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Special instructions for using the JTAG interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Agency certifications
United States FCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
OEM Labeling Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
FCC notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
FCC-approved antennas (2.4 GHz) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Associated antenna descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
RF exposure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Europe (ETSI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
OEM labeling requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Declarations of Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
IC (Industry Canada) Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Labeling requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
For XBee ZB surface mount: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
For XBee-PRO ZB surface mount: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
For XBee ZB through hole: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
For XBee-PRO ZB through hole: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Transmitters for detachable antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Detachable antenna . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
For XBee S2D SMT: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Australia (RCM/C-Tick) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
ANATEL (Brazil) certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Migrating from XBee through-hole to XBee surface-mount modules
Pin mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Manufacturing information
Definitions
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
XBee/XBee-PRO ZigBee RF Modules User Guide 9

Overview of the XBee ZigBee RF Module

This manual describes the operation of the XBee/XBee-PRO ZigBee RF Module, which consists of ZigBee firmware loaded onto XBee S2C and PRO S2C hardware.
XBee/XBee-PRO ZigBee RF Modules provide wireless connectivity to end-point devices in ZigBee mesh networks. Using the ZigBee PRO Feature Set, these modules are inter-operable with other ZigBee devices, including devices from other vendors. With the XBee, users can have their ZigBee network up-and-running in a matter of minutes without configuration or additional development.
The XBee/XBee-PRO ZigBee RF Modules are compatible with other devices that use XBee ZigBee technology. These include ConnectPortX gateways, XBee and XBee-PRO Adapters, Wall Routers, XBee Sensors, and other products with the ZB name.

Worldwide acceptance

FCC Approval (USA): Refer to Agency certifications on page 203 for FCC Requirements. Systems that
contain XBee/XBee-PRO ZB RF Modules inherit Digi Certifications
ISM (Industrial, Scientific & Medical) 2.4 GHz frequency band
Manufactured under ISO 9001:2000 registered standards
XBee/XBee-PRO ZB RF Modules are optimized for use in US, Canada, Australia, Europe (XBee only) and Japan
(XBee only). Contact Digi for a complete list of agency approvals

Firmware release notes

You can view the current release notes in the Firmware Explorer section of XCTU.

Specifications

Hardware specifications

The following table provides the specifications for the module.
XBee/XBee-PRO ZigBee RF Modules User Guide 10
Specifications
Specification XBee ZigBee S2C XBee-PRO ZigBee S2C XBee ZigBee S2D
Performance
Indoor/Urban Range Up to 200 ft. (60 m) Up to 300 ft. (90 m) Up to 200 ft. (60m)
Outdoor RF line-of-sight Range Up to 4000 ft. (1200 m) Up to 2 miles (3200 m) Up to 4000 ft. (1200m)
Transmit Power Output (maximum)
RF Data Rate 250,000 b/s
Receiver Sensitivity -102 dBm, Boost mode
Power Requirements
Adjustable Power Yes
Supply Voltage 2.1 - 3.6 V
Operating Current (Transmit) 45mA (+8 dBm, Boost mode)
Operating Current (Receive) 31mA (Boost mode)
Power-down Current < 1 µA @ 25°C < 3 uA @ 25 °C
General
6.3mW (+8dBm), Boost mode
3.1mW (+5dBm), Normal mode Channel 26 max power is +3dBm
-100 dBm, Normal mode
2.2 - 3.6 V for Programmable Version
33mA (+5 dBm, Normal mode)
28mA (Normal mode)
63mW (+18 dBm) 6.3 mW(+8 dBm)
Channel 26 max power is +1 dBm
-101 dBm -102 dBm, Boost mode
-100 dBm, Normal mode
2.7 - 3.6 V 2.1 - 3.6 V
120mA @ +3.3 V, +18 dBm 45 mA
31mA 31 mA
Operating Frequency Band ISM 2.4 - 2.5 GHz
Form Factor Through-Hole, Surface Mount Surface Mount
Dimensions Through-Hole: 0.960 x 1.087 in (2.438 x
2.761 cm)
SMT: 0.866 x 1.33 x 0.120 in (2.199 x 3.4 x 0.305 cm)
Operating Temperature -40 to 85°C (industrial)
Antenna Options Through-Hole: PCB antenna, U.FL connector, RPSMA connector, or integrated wire
SMT: RF pad, PCB antenna, or U.FL connector
Networking and Security
Supported Network Topologies Point-to-point, Point-to-multipoint, Peer-to-peer, and Mesh
Number of Channels 16 Direct Sequence Channels 15 Direct Sequence
Interface Immunity DSSS (Direct Sequence Spread Spectrum)
XBee/XBee-PRO ZigBee RF Modules User Guide 11
Through-Hole: 0.960 x
1.297 in (2.438 x 3.294 cm)
SMT: 0.866 x 1.33 x 0.120 in (2.199 x 3.4 x 0.305 cm)
Channels
SMT: 0.866 x 1.33 x
0.120 in (2.199 x 3.4 x
0.305 cm)
16 Direct Sequence Channels
Specifications
Specification XBee ZigBee S2C XBee-PRO ZigBee S2C XBee ZigBee S2D
Channels 11 to 26
Addressing Options PAN ID and Addresses, Cluster IDs and Endpoints (optional)
Interface Options
UART 1 Mb/s maximum (burst)
SPI 5 Mb/s maximum (burst)

Agency approvals

The following table provides the agency approvals for the module.
Note Legacy XBee-PRO SMT (model: PRO S2C; hardware version 21xx) has different FCC and IC IDs; see Agency
certifications on page 203.
Approval
United States (FCC Part
15.247)
Industry Canada (IC)
FCC/IC Test Transmit Power Output range
Europe (CE)
XBee (Surface Mount)
FCC ID: MCQ-XBS2C FCC ID: MCQ-XBPS2C
IC: 1846A-XBS2C IC: 1846A-XBPS2C
-26 to +8 dBm -0.7 to +19.4 dBm -26 to +8 dBm +1 to +19 dBm -10 to +8 dBm
ETSI ETSI ETSI
XBee-PRO (Surface Mount)
(revision K and earlier)
FCC ID: MCQ-PS2CSM (revision L and later)
(revision K and earlier)
IC: 1846A-PS2CSM (revision L and later)
XBee (Through-hole)
FCC ID: MCQ-S2CTH FCC ID: MCQ-PS2CTH FCC ID: MCQ-
IC: 1846A-S2CTH IC: 1846A-PS2CTH IC: 1846A-S2DSM
XBee-PRO (Through-hole)
XBee S2D SMT
S2DSM
Australia C-Tick RCM RCM RCM
Japan R201WW10215369 R210-105563
Brazil (Res.
506)
RoHS Compliant
XBee/XBee-PRO ZigBee RF Modules User Guide 12
ANATEL: 0616-15­1209
ANATEL: 1533-15­1209
ANATEL: 4556-15­1209
ANATEL: 4077-15­1209

Serial communications specifications

Serial communications specifications
XBee RF modules support both UART (Universal Asynchronous Receiver / Transmitter) and SPI (Serial Peripheral Interface) serial connections.

UART

The SC1 (Serial Communication Port 1) of the Ember 357 is connected to the UART port. The following table provides the UART pin assignments.
Specifications Module Pin Number
UART Pins XBee (surface-mount) XBee (through-hole)
DOUT 3 2
DIN / CONFIG
CTS
/ DIO7 25 12
RTS
/ DIO6 29 16
More information on UART operation is found in the UART section in Module operation on page 28.
43
SPI
The SC2 (Serial Communication Port 2) of the Ember 357 is connected to the SPI port.
Specifications Module Pin Number
SPI Pins XBee (surface mount) XBee (through-hole)
SPI_SCLK 14 18
SPI_SSEL
SPI_MOSI 16 11
SPI_MISO 17 4
For more information on SPI operation, see the SPI section in Module operation on page 28.
15 17

GPIO specifications

XBee RF modules have 15 General Purpose Input / Output (GPIO) ports available. The exact list will depend on the module configuration, as some GPIO pads are used for purposes such as serial communication.
See Enabling GPIO 1 and 2 on page 201 for more information on configuring and using GPIO ports.
GPIO Electrical Specification Value
Voltage - Supply 2.1 - 3.6 V
Low Schmitt switching threshold 0.42 - 0.5 x VCC
High Schmitt switching threshold 0.62 - 0.8 x VCC
Input current for logic 0 -0.5 A
Input current for logic 1 0.5 A
XBee/XBee-PRO ZigBee RF Modules User Guide 13

Hardware specifications for the programmable variant

GPIO Electrical Specification Value
Input pull-up resistor value 29 k
Input pull-down resistor value 29 k
Output voltage for logic 0 0.18 x VCC (maximum)
Output voltage for logic 1 0.82 x VCC (minimum)
Output source/sink current for pad numbers 3, 4, 5, 10, 12, 14, 15, 16, 17, 25, 26,
4 mA
28, 29, 30, and 32 on the SMT modules
Output source/sink current for pin numbers 2, 3, 4, 9, 12, 13, 15, 16, 17, and 19
4 mA
on the TH modules
Output source/sink current for pad numbers 7, 8, 24, 31, and 33 on the SMT
8 mA
modules
Output source/sink current for pin numbers 6, 7, 11, 18, and 20 on the TH
8 mA
modules
Total output current (for GPIO pads) 40 mA
Hardware specifications for the programmable variant
If the module has the programmable secondary processor, add the following table values to the specifications listed on page 8. For example, if the secondary processor is running at 20 MHz and the primary processor is in receive mode then the new current value will be I
current of the secondary processor and I
is the receive current of the primary.
rx
Optional Secondary Processor Specification
total
= Ir2 + I
= 14 mA + 9 mA = 23 mA, where I
rx
These numbers add to specifications (Add to RX, TX, and sleep currents depending on mode of operation)
is the runtime
r2
Runtime current for 32k running at 20MHz +14mA
Runtime current for 32k running at 1MHz +1mA
Sleep current +0.5A typical
For additional specifications see Freescale
MC9S08QE32
Datasheet and Manual
Minimum Reset low pulse time for EM357 +26S
VREF Range 1.8VDC to VCC

Mechanical drawings

The following mechanical drawings of the XBee/XBee-PRO ZigBee RF ModuleRF Modules show all dimensions in inches. The first drawing shows the surface-mount model (antenna options not shown).
XBee/XBee-PRO ZigBee RF Modules User Guide 14
Mechanical drawings








3,1
3,1
3,1

















5360$
8)/
:,5(:+,3
3&%$17(11$
The drawings below show the XBee through-hole module.
l
XBee/XBee-PRO ZigBee RF Modules User Guide 15
The drawings below show the XBee-PRO through-hole model.
3&%$17(11$
:,5(:+,3
8)/
5360$








3,1
3,1
3,1


















Pin signals for the surface mount module

Pin signals for the surface mount module
Pin # Name Direction Default State Description
1GND --
2VCC --
3DOUT / DIO13 BothOutput
4 DIN / CONFIG
5DIO12 Both
6RESET
7 RSSI PWM / DIO10 Both Output
8PWM1 / DIO11 BothDisabled
9 [reserved] - Disabled
10 DTR
11 GND - -
/ DIO14 Both Input
Input
/ SLEEP_RQ / DIO8 Both Input
Ground
Power Supply
UART Data Out / GPIO
UART Data In / GPIO
GPIO
Module Reset
RX Signal Strength Indicator / GPIO
Pulse Width Modulator / GPIO
Do Not Connect
Pin Sleep Control Line / GPIO
Ground
XBee/XBee-PRO ZigBee RF Modules User Guide 16
Pin signals for the surface mount module
Pin # Name Direction Default State Description
12 SPI_ATTN
13 GND - -
14 SPI_CLK / DIO18 Input Input
15 SPI_SSEL
16 SPI_MOSI / DIO16 Input Input
17 SPI_MISO / DIO15 Output Output
18 [reserved]* - Disabled
19 [reserved]* - Disabled
20 [reserved]* - Disabled
21 [reserved]* - Disabled
22 GND - -
23 [reserved] - Disabled
24 DIO4 Both Disabled
25 CTS
/ BOOTMODE / DIO19 Output Output
/ DIO 17 Input Input
/ DIO7 Both Output
Serial Peripheral Interface Attention
Do not tie low on reset
Ground
Serial Peripheral Interface Clock / GPIO
Serial Peripheral Interface not Select / GPIO
Serial Peripheral Interface Data In / GPIO
Serial Peripheral Interface Data Out / GPIO
Do Not Connect
Do Not Connect
Do Not Connect
Do Not Connect
Ground
Do Not Connect
GPIO
Clear to Send Flow Control / GPIO
26 ON / SLEEP
27 VREF Input -
28 ASSOCIATE / DIO5 Both Output
29 RTS
30 AD3 / DIO3 Both Disabled
31 AD2 / DIO2 Both Disabled
32 AD1 / DIO1 Both Disabled
33 AD0 / DIO0 Both Input
34 [reserved] - Disabled
35 GND - -
36 RF Both -
/ DIO9 Both Output
/ DIO6 Both Input
Module Status Indicator / GPIO
Not used for EM357. Used for programmable secondary processor. For compatibility with other XBee modules, we recommend connecting this pin to the voltage reference if Analog Sampling is desired. Otherwise, connect to GND.
Associate Indicator / GPIO
Request to Send Flow Control / GPIO
Analog Input / GPIO
Analog Input / GPIO
Analog Input / GPIO
Analog Input / GPIO / Commissioning Button
Do Not Connect
Ground
RF IO for RF Pad Variant
XBee/XBee-PRO ZigBee RF Modules User Guide 17

Pin signals for the through-hole module

Pin # Name Direction Default State Description
37 [reserved] - Disabled
Signal Direction is specified with respect to the module
See Design notes for SMT RF pad modules on page 23 for details on pin connections
* Refer to the Writing Custom Firmware section for instructions on using these pins if JTAG functions are needed
Do Not Connect
Pin signals for the through-hole module
Pin # Name Direction Default State Description
1VCC --
2DOUT / DIO13 BothOutput
3 DIN / CONFIG
4 DIO12 / SPI_MISO Both Disabled
5RESET
6 RSSI PWM / PWMO DIO10 Both Output
7PWM1 / DIO11 BothDisabled
8[reserved] --
/ DIO14 Both Input
Input Input
Power Supply
UART Data Out
UART Data In
GPIO/ SPI slave out
Module Reset
RX signal strength indicator / GPIO
GPIO
Do Not Connect
9DTR
10 GND - -
11 SPI_MOSI / DIO4 Both Disabled
12 CTS
13 ON_SLEEP
14 VREF - -
15 ASSOCIATE / DIO5 Both Output
16 RTS
17 AD3 / DIO3 / SPI_SSE
18 AD2 / DIO2 / SPI_CLK Both Disabled
19 AD1 / DIO1 / SPI_ATTN
20 AD0 / DIO0 / CB Both Disabled
/ SLEEP_RQ / DIO8 Both Input
/ DIO7 Both Output
/ DIO9 Both Output
/ DIO6 Both Input
L Both Disabled
Both Disabled
Pin Sleep Control Line / GPIO
Ground
GPIO/ SPI slave in
Clear-to-Send Flow Control / GPIO
Module Status Indicator / GPIO
Not connected
Associate Indicator / GPIO
Request to Send Flow Control / GPIO
Analog Input / GPIO / SPI Slave Select
Analog Input / GPIO / SPI Clock
Analog Input / GPIO / SPI Attention
Analog Input / GPIO / Commissioning Button
XBee/XBee-PRO ZigBee RF Modules User Guide 18
Pin signals for the through-hole module

EM357 pin mappings

The following table shows how the EM357 pins are used on the XBee.
Note Some lines may not go to the external XBee pins in the programmable secondary processor version.
EM357 Pin # EM357 Pin Name
12
18
19
20
21
22
24
25
26
27
29
30
RST
PA7
PB3
PB4
PA0 / SC2MOSI
PA1 / SC2MISO
PA2 / SC2SCLK
PA3 / SC2SSEL
PA4 / PTI_EN
PA5 / PTI_DATA / BOOTMODE
PA6
PB1 / SC1TXD
XBee (SMT) Pad #
65
87
29 16
25 12
16 11
17 4
14 18
15 17
32 19
12 NA
76
32
XBee (TH) Pin #
Other Usage
Programming
Used for UART
Used for UART
Used for SPI
Used for SPI
Used for SPI
Used for SPI
OTA packet tracing
OTA packet tracing, force embedded serial bootloader, and SPI attention line
Used for UART
31
33
34
35
36
38
41
42
43
PB2 / SC1RXD
PC2 / JTDO / SWO
PC3 / JTDI
PC4 / JTMS / SWDIO
PB0
PC1 / ADC3
PB7 / ADC2
PB6 / ADC1
PB5 / ADC0 Temperature sensor on PRO version
43
26 13
28 15
54
10 9
30 17
31 18
33 20
Used for UART
JTAG (see Writing custom firmware on page 201)
JTAG (see Writing custom firmware on page 201)
JTAG (see Writing custom firmware on page 201)
XBee/XBee-PRO ZigBee RF Modules User Guide 19

Design notes

Design notes
The XBee modules do not specifically require any external circuitry or specific connections for proper operation. However, there are some general design guidelines that are recommended for help in troubleshooting and building a robust design.

Power supply design

Poor power supply can lead to poor radio performance, especially if the supply voltage is not kept within tolerance or is excessively noisy. To help reduce noise, we recommend placing both a 1F and 8.2pF capacitor as near to (pad 2/SMT, pin 1/TH) on the PCB as possible. If using a switching regulator for your power supply, switching frequencies above 500kHz are preferred. Power supply ripple should be limited to a maximum 50mV peak to peak.
Note For designs using the programmable modules, an additional 10F decoupling cap is recommended near
(pad 2/SMT, pin 1/TH) of the module. The nearest proximity to (pad 2/SMT, pin 1/TH) of the three caps should be in the following order: 8.2pf, 1F followed by 10F.

Recommended pin connections

The only required pin connections are VCC, GND, DOUT and DIN. To support serial firmware updates, VCC, GND, DOUT, DIN, RTS, and DTR should be connected.
All unused pins should be left disconnected. All inputs on the radio can be pulled high or low with 30k internal pull-up or pull-down resistors using the PR and PD software commands. No specific treatment is needed for unused outputs.
For applications that need to ensure the lowest sleep current, unconnected inputs should never be left floating. Use internal or external pull-up or pull-down resistors, or set the unused I/O lines to outputs.
Other pins may be connected to external circuitry for convenience of operation, including the Associate LED pad (pad 28/SMT, pin 15/TH) and the Commissioning pad (pad 33/SMT, pin 20/TH). The Associate LED pad will flash differently depending on the state of the module to the network, and a pushbutton attached to pad 33 can enable various join functions without having to send serial port commands. See Commissioning Pushbutton and
Associate LED on page 93 for more details. The source and sink capabilities are limited to 4mA for pad numbers 3,
4, 5, 10, 12, 14, 15, 16, 17, 25, 26, 28, 29, 30 and 32, and 8mA for pad numbers 7, 8, 24, 31 and 33 on the SMT module. The source and sink capabilities are limited to 4mA for pin numbers 2, 3, 4, 9, 12, 13, 15, 16, 17, and 19, and 8mA for pin numbers 6, 7, 11, 18, and 20 on the TH module.
The VRef pad (pad 27) is only used on the programmable versions of the SMT modules. For the TH modules, a VRef pin (Pin #14) is used. For compatibility with other XBee modules, we recommend connecting this pin to a voltage reference if analog sampling is desired. Otherwise, connect to GND.

Board layout

XBee modules are designed to be self sufficient and have minimal sensitivity to nearby processors, crystals or other PCB components. As with all PCB designs, Power and Ground traces should be thicker than signal traces and able to comfortably support the maximum current specifications. A recommended PCB footprint for the module can be found in Manufacturing information on page 228. No other special PCB design considerations are required for integrating XBee radios except in the antenna section.
The choice of antenna and antenna location is very important for correct performance. With the exception of the RF Pad variant, XBees do not require additional ground planes on the host PCB. In general, antenna elements
XBee/XBee-PRO ZigBee RF Modules User Guide 20
Design notes
radiate perpendicular to the direction they point. Thus a vertical antenna emits across the horizon. Metal objects near the antenna cause reflections and may reduce the ability for an antenna to radiate efficiently. Metal objects between the transmitter and receiver can also block the radiation path or reduce the transmission distance, so external antennas should be positioned away from them as much as possible. Some objects that are often overlooked are metal poles, metal studs or beams in structures, concrete (it is usually reinforced with metal rods), metal enclosures, vehicles, elevators, ventilation ducts, refrigerators, microwave ovens, batteries, and tall electrolytic capacitors.
Design notes for PCB antenna modules
PCB Antenna modules should not have any ground planes or metal objects above or below the antenna. For best results, the module should not be placed in a metal enclosure, which may greatly reduce the range. The module should be placed at the edge of the PCB on which it is mounted. The ground, power and signal planes should be vacant immediately below the antenna section. The drawings on the following pages illustrate important recommendations when designing with PCB antenna modules. It should be noted that for optimal performance, this module should not be mounted on the RF Pad footprint described in the next section because the footprint requires a ground plane within the PCB Antenna keep out area.
XBee/XBee-PRO ZigBee RF Modules User Guide 21
Surface-mount keepout area
Design notes
XBee/XBee-PRO ZigBee RF Modules User Guide 22
Through-hole keepout area
Design notes
Design notes for SMT RF pad modules
The RF Pad is a soldered antenna connection. The RF signal travels from pin 36 on the module to the antenna through an RF trace transmission line on the PCB. Note that any additional components between the module and antenna will violate modular certification. The RF trace should have a controlled impedance of 50 ohms. We recommend using a microstrip trace, although coplanar waveguide may also be used if more isolation is needed. Microstrip generally requires less area on the PCB than coplanar waveguide. Stripline is not recommended because sending the signal to different PCB layers can introduce matching and performance problems.
It is essential to follow good design practices when implementing the RF trace on a PCB. The following figures show a layout example of a host PCB that connects an RF Pad module to a right angle, through hole RPSMA jack. The top two layers of the PCB have a controlled thickness dielectric material in between. The second layer has a ground plane which runs underneath the entire RF Pad area. This ground plane is a distance d, the thickness of the dielectric, below the top layer. The top layer has an RF trace running from pin 36 of the module to the RF pin of the RPSMA connector. The RF trace's width determines the impedance of the transmission line with relation to
XBee/XBee-PRO ZigBee RF Modules User Guide 23
Design notes
the ground plane. Many online tools can estimate this value, although the PCB manufacturer should be consulted for the exact width. Assuming d=0.025”, and that the dielectric has a relative permittivity of 4.4, the width in this example will be approximately 0.045" for a 50 ohm trace. This trace width is a good fit with the module footprint's
0.060" pad width. Using a trace wider than the pad width is not recommended, and using a very narrow trace (under 0.010") can cause unwanted RF loss. The length of the trace is minimized by placing the RPSMA jack close to the module. All of the grounds on the jack and the module are connected to the ground planes directly or through closely placed vias. Any ground fill on the top layer should be spaced at least twice the distance d (in this case, at least 0.050") from the microstrip to minimize their interaction.
Implementing these design suggestions will help ensure that the RF Pad module performs to its specifications. The following illustration shows PCB layer 1 of an example RF layout.
The following illustration shows PCB layer 2 of an example RF layout.
XBee/XBee-PRO ZigBee RF Modules User Guide 24

Module operation for the programmable variant

Module operation for the programmable variant
The modules with the programmable option have a secondary processor with 32k of flash and 2k of RAM. This allows module integrators to put custom code on the XBee module to fit their own unique needs. The DIN, DOUT, RTS, CTS, and RESET lines are intercepted by the secondary processor to allow it to be in control of the data transmitted and received. All other lines are in parallel and can be controlled by either the EM357 or the MC9SO8QE micro (see the Block Diagram for details). The pin use is automatically handled by the Programmable XBee SDK native APIs.
In order for the secondary processor to sample with ADCs, the XBee VREF pin (27/SMT, 14/TH) must be connected to a reference voltage.
Digi provides a bootloader that can take care of programming the processor over the air or through the serial interface. This means that over the air updates can be supported through an XMODEM protocol. The processor can also be programmed and debugged through a one wire interface BKGD (Pin 9/SMT, Pin 8/TH).

Programmable XBee SDK

The XBee Programmable module is equipped with a Freescale MC9S08QE32 application processor. This application processor comes with a supplied bootloader. To interface your application code running on this processor to the XBee Programmable module's supplied bootloader, use the Programmable XBee SDK.
To use the SDK, you must also download CodeWarrior. The download links are:
CodeWarrior IDE: http://ftp1.digi.com/support/sampleapplications/40003004_B.exe
Programmable XBee SDK: http://ftp1.digi.com/support/sampleapplications/40003003_D.exe
If these revisions change, search for the part number on Digi’s website. For example, search for “40003003”.
Install the IDE first, then install the SDK.
The documentation for the Programmable XBee SDK is built into the SDK, so the Getting Started guide appears when you open CodeWarrior.
XBee/XBee-PRO ZigBee RF Modules User Guide 25
The following figure shows the programmable connections for the SMT.
Overview of the XBee ZigBee RF Module
XBee/XBee-PRO ZigBee RF Modules User Guide 26
The following illustration shows the programmable connections for the TH Module.
Overview of the XBee ZigBee RF Module
XBee/XBee-PRO ZigBee RF Modules User Guide 27

Module operation

Serial communications

XBee RF Modules interface to a host device through a serial port. Through its serial port, the module can communicate with any logic and voltage compatible UART, through a level translator to any serial device (for example, through a RS-232 or USB interface board), or through a Serial Peripheral Interface, which is a synchronous interface to be described later.
Two Wire serial Interface (TWI) is also available, but not supported by Digi. For information on the TWI, see the EM357 specification.

UART data flow

Devices that have a UART interface can connect directly to the pins of the RF module as shown in the figure below.
System data flow diagram in a UART-interfaced environment (Low-asserted signals distinguished with horizontal line over signal name.)
Serial data
Data enters the module UART through the DIN (pin 4) as an asynchronous serial signal. The signal should idle high when no data is being transmitted.
Each data byte consists of a start bit (low), 8 data bits (least significant bit first) and a stop bit (high). The following figure illustrates the serial bit pattern of data passing through the module.
XBee/XBee-PRO ZigBee RF Modules User Guide 28
Serial communications
UART data packet 0x1F (decimal number “31”) as transmitted through the RF module Example Data Format is 8-N-1 (bits - parity - # of stop bits)
Serial communications depend on the two UARTs (the microcontroller's and the RF module's) to be configured with compatible settings (baud rate, parity, start bits, stop bits, data bits).
The UART baud rate, parity, and stop bits settings on the XBee module can be configured with the BD, NB, and SB commands respectively. See Serial interfacing (I/O) commands on page 186 for details.

SPI communications

The XBee modules support SPI communications in slave mode. Slave mode receives the clock signal and data from the master and returns data to the master. The SPI port uses the following signals on the XBee:
SPI_MOSI (Master Out, Slave In) - inputs serial data from the master
SPI_MISO (Master In, Slave Out) - outputs serial data to the master
SPI_SCLK (Serial Clock) - clocks data transfers on MOSI and MISO
SPI_SSEL (Slave Select) - enables serial communication with the slave
The above four pins are standard for SPI. This module also supports an additional pin, which may be configured to alert the SPI master when it has data to send. This pin is called SPI_ATTN (through polling or interrupts), it can know when it needs to receive data from the module. SPI_ATTN whenever it has data to send and it remains asserted until all available data has been shifted out to the SPI master.
In this mode, the following apply:
. If the master monitors this pin
asserts
Data/clock rates of up to 5 Mb/s are possible
Data is MSB first
Frame format mode 0 is used (see below)
The following illustration shows the frame format for SPI communications.
XBee/XBee-PRO ZigBee RF Modules User Guide 29
Serial communications
Serial
Receiver
Buffer
RF TX
Buffer
Transmitter
RF Switch
Antenna
Port
Receiver
Serial Transmit
Buffer
RF RX
Buffer
Processor
DIN
DOUT
CTS
RTS
SPI operation
When the slave select (SPI_SSEL) signal is asserted by the master, SPI transmit data is driven to the output pin (SPI_MISO), and SPI data is received from the input pin SPI_MOSI. The SPI_SSEL the transmit serializer to drive data to the output signal SPI_MISO. A rising edge on SPI_SSEL shift registers.
pin has to be asserted to enable
resets the SPI slave
If the SPI_SCLK is present, the SPI_MISO line is always driven whether with or without the SPI_SSEL
line driven. This is a known issue with the Ember EM357 chip, and makes additional hardware necessary if multiple slaves are using the same bus as the XBee.
If the input buffer is empty, the SPI serializer transmits a busy token (0xFF). Otherwise, all transactions on the SPI port use API operation. See API Operation on page 130 for more information.
The SPI slave controller must guarantee that there is time to move new transmit data from the transmit buffer into the hardware serializer. To provide sufficient time, the SPI slave controller inserts a byte of padding at the start of every new string of transmit data. Whenever the transmit buffer is empty and data is placed into the transmit buffer, the SPI hardware inserts a byte of padding onto the front of the transmission as if this byte were placed there by software.
Serial port selection
In the default configuration the UART and SPI ports will both be configured for serial port operation. In this case, serial data will go out the UART until the SPI_SSEL signal is asserted. Thereafter all serial communications will operate only on the SPI interface until a reset occurs.
If only the UART is enabled, then only the UART will be used, and SPI_SSEL will be ignored.
If only the SPI is enabled, then only the SPI will be used, and UART communications will be ignored. If DOUT is held low during boot, then only the SPI will be used.
Once SPI is in use, do not attempt to apply changes (AC) which change the UART or SPI settings. Instead, use 0x09 frames to reconfigure UART/SPI/other settings, use WR to save the settings, then FR to reset the XBee and use the new configuration settings.
If neither serial port is enabled, then UART will remain enabled, only the UART will be used, and SPI_SSEL will be ignored.

Serial buffers

The XBee modules maintain small buffers to collect received serial and RF data, which is illustrated in the figure below. The serial receive buffer collects incoming serial characters and holds them until they can be processed. The serial transmit buffer collects data that is received via the RF link that will be transmitted out the UART or SPI port. The following figure shows an internal data flow diagram.
XBee/XBee-PRO ZigBee RF Modules User Guide 30
Serial communications
Serial receive buffer
When serial data enters the RF module through the serial port, the data is stored in the serial receive buffer until it can be processed. Under certain conditions, the module may receive data when the serial receive buffer is already full. In that case the data is discarded.
The serial receive buffer becomes full when data is streaming into the serial port faster than it can be processed and sent over the air (OTA). While the speed of receiving the data on the serial port can be much faster than the speed of transmitting to data for a short period, sustained operation in that mode will cause data to be dropped due to running out of places in the module to put the data. Some things that may delay over the air transmissions are address discovery, route discovery, and retransmissions. Processing received RF data can also take away time and resources for processing incoming serial data.
If the UART is the serial port and CTS flow control is enabled, the external data source is alerted when the receive buffer is almost full. Then the host holds off sending data to the module until the module asserts CTS again, allowing more data to come in.
If the SPI is the serial port, no hardware flow control is available. It is the user's responsibility to ensure that receive buffer is not overflowed. One reliable strategy is to wait for a TX_STATUS response after each frame sent to ensure that the module has had time to process it.
Serial transmit buffer
When RF data is received, the data is moved into the serial transmit buffer and sent out the UART or SPI port. If the serial transmit buffer becomes full enough such that all data in a received RF packet won't fit in the serial transmit buffer, the entire RF data packet is dropped.
Cases in which the serial transmit buffer may become full resulting in dropped RF packets:
1. If the RF data rate is set higher than the interface data rate of the module, the module could receive data
faster than it can send the data to the host.
2. If the host does not allow the module to transmit data out from the serial transmit buffer because of being
held off by hardware flow control.

UART flow control

The RTS and CTS module pins can be used to provide RTS and/or CTS flow control. CTS flow control provides an indication to the host to stop sending serial data to the module. RTS flow control allows the host to signal the module to not send data in the serial transmit buffer out the UART. RTS and CTS flow control are enabled using the D6 and D7 commands. Note that serial port flow control is not possible when using the SPI port.
CTS flow control
If CTS flow control is enabled (D7 command), when the serial receive buffer is 17 bytes away from being full, the module de-asserts CTS after the serial receive buffer has 34 bytes of space.
(sets it high) to signal to the host device to stop sending serial data. CTS is re-asserted
RTS flow control
If RTS flow control is enabled (D6 command), data in the serial transmit buffer will not be sent out the DOUT pin as long as RTS filling the serial transmit buffer. If an RF data packet is received, and the serial transmit buffer does not have enough space for all of the data bytes, the entire RF data packet will be discarded.
XBee/XBee-PRO ZigBee RF Modules User Guide 31
is de-asserted (set high). The host device should not de-assert RTS for long periods of time to avoid
Serial communications
Note If the XBee is sending data out the UART when RTS is de-asserted (set high), the XBee could send up to 5
characters out the UART or SPI port after RTS is de-asserted.

Break control

If break is enabled for over five seconds, the XBee will reset. Then it will boot with default baud settings into command mode.
This break function will be disabled if either P3 or P4 are not enabled.

Serial interface protocols

The XBee modules support both transparent and Application Programming Interface (API) serial interfaces.
Transparent operation
When operating in transparent mode, the modules act as a serial line replacement. All UART or SPI data received through the DIN or MOSI pin is queued up for RF transmission. When RF data is received, the data is sent out through the serial port. The module configuration parameters are configured using the AT command mode interface. Note that transparent operation is not provided when using the SPI.
Data is buffered in the serial receive buffer until one of the following causes the data to be packetized and transmitted:
No serial characters are received for the amount of time determined by the RO (Packetization Timeout)
parameter. If RO = 0, packetization begins when a character is received.
The Command Mode Sequence (GT + CC + GT) is received. Any character buffered in the serial receive buffer
before the sequence is transmitted.
The maximum number of characters that will fit in an RF packet is received.
API operation
API operation is an alternative to transparent operation. The frame-based API extends the level to which a host application can interact with the networking capabilities of the module. When in API mode, all data entering and leaving the module is contained in frames that define operations or events within the module.
Transmit Data Frames (received through the serial port) include:
RF Transmit Data Frame
Command Frame (equivalent to AT commands)
Receive Data Frames (sent out the serial port) include:
RF-received data frame
Command response
Event notifications such as reset, associate, disassociate, etc.
The API provides alternative means of configuring modules and routing data at the host application layer. A host application can send data frames to the module that contain address and payload information instead of using command mode to modify addresses. The module will send data frames to the application containing status packets; as well as source, and payload information from received data packets.
The API operation option facilitates many operations such as the examples cited below:
XBee/XBee-PRO ZigBee RF Modules User Guide 32
Serial communications
Transmitting data to multiple destinations without entering Command Mode
Receive success/failure status of each transmitted RF packet
Identify the source address of each received packet
Comparing Transparent and API operation
The following table compares the advantages of transparent and API modes of operation:
Transparent Operation Features
Simple Interface All received serial data is transmitted unless the module is in command mode.
Easy to support It is easier for an application to support transparent operation and command mode
API Operation Features
Easy to manage data transmissions to multiple destinations
Received data frames indicate the sender's address
Advanced ZigBee addressing support
Advanced networking diagnostics
Remote Configuration Set / read configuration commands can be sent to remote devices to configure them as needed
Generally, API mode is recommended when a device:
Transmitting RF data to multiple remotes only requires changing the address in the API frame. This process is much faster than in transparent operation where the application must enter AT command mode, change the address, exit command mode, and then transmit data.
Each API transmission can return a transmit status frame indicating the success or reason for failure.
All received RF data API frames indicate the source address.
API transmit and receive frames can expose ZigBee addressing fields including source and destination endpoints, cluster ID and profile ID. This makes it easy to support ZDO commands and public profile traffic.
API frames can provide indication of IO samples from remote devices, and node identification messages.
using the API.
sends RF data to multiple destinations
sends remote configuration commands to manage devices in the network
receives RF data packets from multiple devices, and the application needs to know which device sent which
packet
must support multiple ZigBee endpoints, cluster IDs, and/or profile IDs
uses the ZigBee Device Profile services.
API mode is required when:
using Smart Energy firmware
using SPI for the serial port
receiving I/O samples from remote devices
using source routing
XBee/XBee-PRO ZigBee RF Modules User Guide 33

Modes of operation

If the above conditions do not apply (e.g. a sensor node, router, or a simple application), then transparent operation might be suitable. It is acceptable to use a mixture of devices running API mode and transparent mode in a network.
Modes of operation

Idle Mode

When not receiving or transmitting data, the RF module is in Idle Mode. The module shifts into the other modes of operation under the following conditions:
Transmit Mode (Serial data in the serial receive buffer is ready to be packetized)
Receive Mode (Valid RF data is received through the antenna)
Sleep Mode (End Devices only)
Command Mode (Command Mode Sequence is issued, not available with Smart Energy software or when
using the SPI port)

Transmit Mode

When serial data is received and is ready for packetization, the RF module will exit Idle Mode and attempt to transmit the data. The destination address determines which node(s) will receive the data.
Prior to transmitting the data, the module ensures that a 16-bit network address and route to the destination node have been established.
If the destination 16-bit network address is not known, network address discovery will take place. If a route is not known, route discovery will take place for the purpose of establishing a route to the destination node. If a module with a matching network address is not discovered, the packet is discarded. The data will be transmitted once a route is established. If route discovery fails to establish a route, the packet will be discarded. The following figure shows the Transmit Mode sequence.
XBee/XBee-PRO ZigBee RF Modules User Guide 34
Modes of operation
16-bit Network
Address Discovery
Data Discarded
Successful
Transmi ssion
Yes
No
New Transmission
16-bit Network
Add ress D iscovered?
Route Known?
Rou te Dis covered ?
16-bit Network
Address Known?
Rou te Discovery
Transmit Data
Idle Mode
No
Yes
No No
Yes Yes
When data is transmitted from one node to another, a network-level acknowledgment is transmitted back across the established route to the source node. This acknowledgment packet indicates to the source node that the data packet was received by the destination node. If a network acknowledgment is not received, the source node will re-transmit the data.
It is possible in rare circumstances for the destination to receive a data packet, but for the source to not receive the network acknowledgment. In this case, the source will retransmit the data, which could cause the destination to receive the same data packet multiple times. The XBee modules do not filter out duplicate packets. The application should include provisions to address this potential issue
See Transmission, addressing, and routing on page 59 for more information.

Receive Mode

If a valid RF packet is received, the data is transferred to the serial transmit buffer.

Command Mode

To modify or read RF Module parameters, the module must first enter into Command Mode - a state in which incoming serial characters are interpreted as commands. Command Mode is only available over the UART when not using the Smart Energy firmware. API Operation on page 130 describes an alternate means for configuring modules which is available with the SPI and with Smart Energy, as well as over the UART with ZB code.
AT Command Mode
To Enter AT Command Mode:
Send the 3-character command sequence “+++” and observe guard times before and after the command characters. [Refer to the “Default AT Command Mode Sequence” below.]
Default AT Command Mode Sequence (for transition to Command Mode):
XBee/XBee-PRO ZigBee RF Modules User Guide 35
Modes of operation
Example: ATDL 1F<CR>
“AT” Prex
ASCII Command
Space
(optional)
Parameter
(optional, HEX)
Carriage Return
No characters sent for one second [GT (Guard Times) parameter = 0x3E8]
Input three plus characters (“+++”) within one second [CC (Command Sequence Character) parameter =
0x2B.]
No characters sent for one second [GT (Guard Times) parameter = 0x3E8]
Once the AT command mode sequence has been issued, the module sends an “OK\r” out the UART pad. The “OK\r” characters can be delayed if the module has not finished transmitting received serial data.
When command mode has been entered, the command mode timer is started (CT command), and the module is able to receive AT commands on the UART port.
All of the parameter values in the sequence can be modified to reflect user preferences.
Note Failure to enter AT Command Mode is most commonly due to baud rate mismatch. By default, the BD
(Baud Rate) parameter = 3 (9600 b/s).
To send AT commands:
Send AT commands and parameters using the syntax shown below.
Note To read a parameter value stored in the RF module’s register, omit the parameter field.
The preceding example would change the RF module Destination Address (Low) to “0x1F”. To store the new value to non-volatile (long term) memory, subsequently send the WR (Write) command.
For modified parameter values to persist in the module’s registry after a reset, changes must be saved to non­volatile memory using the WR (Write) Command. Otherwise, parameters are restored to previously saved values after the module is reset.
Command response
When a command is sent to the module, the module will parse and execute the command. Upon successful execution of a command, the module returns an “OK” message. If execution of a command results in an error, the module returns an “ERROR” message.
Applying command changes
Any changes made to the configuration command registers through AT commands will not take effect until the changes are applied. For example, sending the BD command to change the baud rate will not change the actual baud rate until changes are applied. Changes can be applied in one of the following ways:
The AC (Apply Changes) command is issued.
AT command mode is exited.
To exit AT Command Mode:
1. Send the ATCN (Exit Command Mode) command (followed by a carriage return).
XBee/XBee-PRO ZigBee RF Modules User Guide 36
Modes of operation
[OR]
2. If no valid AT Commands are received within the time specified by CT (Command Mode Timeout) Command, the
RF module automatically returns to Idle Mode.
Note For an example of programming the RF module using AT Commands and descriptions of each configurable
parameter, see Command reference tables on page 178.

Sleep Mode

Sleep modes allow the RF module to enter states of low power consumption when not in use. XBee RF modules support both pin sleep (sleep mode entered on pin transition) and cyclic sleep (module sleeps for a fixed time). XBee sleep modes are discussed in detail in Managing End Devices on page 107.
XBee/XBee-PRO ZigBee RF Modules User Guide 37

ZigBee networks

Introduction to ZigBee

ZigBee is an open global standard built on the IEEE 802.15.4 MAC/PHY. ZigBee defines a network layer above the
802.15.4 layers to support advanced mesh routing capabilities. The ZigBee specification is developed by a growing consortium of companies that make up the ZigBee Alliance. The Alliance is made up of over 300 members, including semiconductor, module, stack, and software developers.

ZigBee stack layers

The ZigBee stack consists of several layers including the PHY, MAC, Network, Application Support Sublayer (APS), and ZigBee Device Objects (ZDO) layers. Technically, an Application Framework (AF) layer also exists, but will be grouped with the APS layer in remaining discussions. The ZigBee layers are shown in the figure below.
XBee/XBee-PRO ZigBee RF Modules User Guide 38

ZigBee networking concepts

A description of each layer appears in the following table:
ZigBee Layer Description
PHY Defines the physical operation of the ZigBee device including receive sensitivity, channel rejection, output
power, number of channels, chip modulation, and transmission rate specifications. Most ZigBee applications operate on the 2.4 GHz ISM band at a 250kb/s data rate. See the IEEE 802.15.4 specification for details.
MAC Manages RF data transactions between neighboring devices (point to point). The MAC includes services
such as transmission retry and acknowledgment management, and collision avoidance techniques (CSMA­CA).
Network Adds routing capabilities that allows RF data packets to traverse multiple devices (multiple "hops") to
route data from source to destination (peer to peer).
APS (AF) Application layer that defines various addressing objects including profiles, clusters, and endpoints.
ZDO Application layer that provides device and service discovery features and advanced network management
capabilities.
ZigBee networking concepts

Device types

ZigBee defines three different device types: coordinator, router, and end device.
Node Types / Sample of a Basic ZigBee Network Topology
A coordinator has the following characteristics: It:
Selects a channel and PAN ID (both 64-bit and 16-bit) to start the network
Can allow routers and end devices to join the network
Can assist in routing data
Cannot sleep--should be mains powered
Can buffer RF data packets for sleeping end device children
A router has the following characteristics: It:
Must join a ZigBee PAN before it can transmit, receive, or route data
After joining, can allow routers and end devices to join the network
After joining, can assist in routing data
Cannot sleep--should be mains powered
Can buffer RF data packets for sleeping end device children
An end device has the following characteristics: It:
Must join a ZigBee PAN before it can transmit or receive data
Cannot allow devices to join the network
Must always transmit and receive RF data through its parent, and cannot route data
Can enter low power modes to conserve power and can be battery-powered
An example of such a network is shown below:
XBee/XBee-PRO ZigBee RF Modules User Guide 39
ZigBee networking concepts
In ZigBee networks, the coordinator must select a PAN ID (64-bit and 16-bit) and channel to start a network. After that, it behaves essentially like a router. The coordinator and routers can allow other devices to join the network and can route data.
After an end device joins a router or coordinator, it must be able to transmit or receive RF data through that router or coordinator. The router or coordinator that allowed an end device to join becomes the “parent” of the end device. Since the end device can sleep, the parent must be able to buffer or retain incoming data packets destined for the end device until the end device is able to wake and receive the data.
A module can only operate as one of the three device types. The device type is selected by configuration rather than by firmware image as was the case on earlier hardware platforms.
By default, the module operates as a router in transparent mode. To select coordinator operation, set CE to 1. To select end device operation, set SM to a non-zero value. To select router operation, both CE and SM must be 0.
One complication is that if a device is a coordinator and it needs to be changed into an end device, CE must be set back to 0 first. If not, the SM configuration will conflict with the CE configuration. Likewise, to change an end device into a coordinator, it must be changed into a router first.
Another complication is that default parameters for a router build don't always work very well for a coordinator build. For example:
DH/DL is 0 by default, which allows routers and end devices to send data to the coordinator when they first come up. If DH/DL is not changed from the default value when the device is changed to a coordinator, then the device will send data to itself, causing characters to be echoed back to the screen as they are typed. Since this is probably not the desired operation, DH/DL should be set to the broadcast address or some specific unicast address when the device is changed to a coordinator.
Another example is EO for smart energy builds. This value should be 08 for routers and end devices and it should be 02 for the coordinator to designate it as the trust center. Therefore, if using authentication, which is the normal case for Smart Energy builds, EO should be changed from 02 to 08 when CE is set to 1.
Another example is EO for ZigBee builds. By default the value is 0x00. But if it and EE are set to 0x01 on all radios in a network, then the network key will be sent in the clear (unencrypted) at association time. This may be a useful setting in development environments, but is discouraged for security reasons for product deployment.
In general, when changing device types, it is the user's responsibility to ensure that parameters are set to be compatible with the new device type.
XBee/XBee-PRO ZigBee RF Modules User Guide 40

ZigBee application layers: in depth

PAN ID

ZigBee networks are called personal area networks or PANs. Each network is defined with a unique PAN identifier (PAN ID). This identifier is common among all devices of the same network. ZigBee devices are either preconfigured with a PAN ID to join, or they can discover nearby networks and select a PAN ID to join.
ZigBee supports both a 64-bit and a 16-bit PAN ID. Both PAN IDs are used to uniquely identify a network. Devices on the same ZigBee network must share the same 64-bit and 16-bit PAN IDs. If multiple ZigBee networks are operating within range of each other, each should have unique PAN IDs.
The 16-bit PAN ID is used as a MAC layer addressing field in all RF data transmissions between devices in a network. However, due to the limited addressing space of the 16-bit PAN ID (65,535 possibilities), there is a possibility that multiple ZigBee networks (within range of each other) could use the same 16-bit PAN ID. To resolve potential 16-bit PAN ID conflicts, the ZigBee Alliance created a 64-bit PAN ID.
The 64-bit PAN ID (also called the extended PAN ID), is intended to be a unique, non-duplicated value. When a coordinator starts a network, it can either start a network on a preconfigured 64-bit PAN ID, or it can select a random 64-bit PAN ID. The 64-bit PAN ID is used during joining; if a device has a preconfigured 64-bit PAN ID, it will only join a network with the same 64-bit PAN ID. Otherwise, a device could join any detected PAN and inherit the PAN ID from the network when it joins. The 64-bit PAN ID is included in all ZigBee beacons and is used in 16­bit PAN ID conflict resolution.
Routers and end devices are typically configured to join a network with any 16-bit PAN ID as long as the 64-bit PAN ID is valid. Coordinators typically select a random 16-bit PAN ID for their network.
Since the 16-bit PAN ID only allows up to 65,535 unique values, and since the 16-bit PAN ID is randomly selected, provisions exist in ZigBee to detect if two networks (with different 64-bit PAN IDs) are operating on the same 16­bit PAN ID. If such a conflict is detected, the ZigBee stack can perform PAN ID conflict resolution to change the 16­bit PAN ID of the network in order to resolve the conflict. See the ZigBee specification for details.
To summarize, ZigBee routers and end devices should be configured with the 64-bit PAN ID of the network they want to join. They typically acquire the 16-bit PAN ID when they join a network.

Operating channel

ZigBee uses direct-sequence spread spectrum modulation and operates on a fixed channel. The 802.15.4 PHY defines 16 operating channels (channels 11 to 26) in the 2.4 GHz frequency band. XBee modules support all 16 channels.
ZigBee application layers: in depth
This section provides a more in-depth look at the ZigBee application stack layers (APS, ZDO) including a discussion on ZigBee endpoints, clusters, and profiles. Much of the material in this section can introduce unnecessary details of the ZigBee stack that are not required in many cases.
Skip this section if
The XBee does not need to interoperate or talk to non-Digi ZigBee devices
The XBee simply needs to send data between devices
Read this section if
The XBee may talk to non-Digi ZigBee devices
The XBee requires network management and discovery capabilities of the ZDO layer
The XBee needs to operate in a public application profile (smart energy, home automation, etc.)
XBee/XBee-PRO ZigBee RF Modules User Guide 41
ZigBee application layers: in depth

Application Support Sublayer (APS)

The APS layer in ZigBee adds support for application profiles, cluster IDs, and endpoints.

Application profiles

Application profiles specify various device descriptions including required functionality for various devices. The collection of device descriptions forms an application profile. Application profiles can be defined as “Public” or “Private” profiles. Private profiles are defined by a manufacturer whereas public profiles are defined, developed, and maintained by the ZigBee Alliance. Each application profile has a unique profile identifier assigned by the ZigBee Alliance.
Examples of public profiles include:
Home Automation
Smart Energy
Commercial Building Automation
The Smart Energy profile, for example, defines various device types including an energy service portal, load controller, thermostat, in-home display, etc. The Smart Energy profile defines required functionality for each device type. For example, a load controller must respond to a defined command to turn a load on or off. By defining standard communication protocols and device functionality, public profiles allow interoperable ZigBee solutions to be developed by independent manufacturers.
Digi XBee ZB firmware operates on a private profile called the Digi Drop-In Networking profile. However, API mode can be used in many cases to talk to devices in public profiles or non-Digi private profiles. See API
Operation on page 130 for details.
Clusters
A cluster is an application message type defined within a profile. Clusters are used to specify a unique function, service, or action. For example, the following are some clusters defined in the home automation profile:
On/Off - Used to switch devices on or off (lights, thermostats, etc.)
Level Control - Used to control devices that can be set to a level between on and off
Color Control - Controls the color of color capable devices
Each cluster has an associated 2-byte cluster identifier (cluster ID). The cluster ID is included in all application transmissions. Clusters often have associated request and response messages. For example, a smart energy gateway (service portal) might send a load control event to a load controller in order to schedule turning on or off an appliance. Upon executing the event, the load controller would send a load control report message back to the gateway.
Devices that operate in an application profile (private or public) must respond correctly to all required clusters. For example, a light switch that will operate in the home automation public profile must correctly implement the On/Off and other required clusters in order to interoperate with other home automation devices. The ZigBee Alliance has defined a ZigBee Cluster Library (ZCL) that contains definitions or various general use clusters that could be implemented in any profile.
XBee modules implement various clusters in the Digi private profile. In addition, the API can be used to send or receive messages on any cluster ID (and profile ID or endpoint). See Explicit Addressing ZigBee Command frame on page 139 for details.
Endpoints
XBee/XBee-PRO ZigBee RF Modules User Guide 42

ZigBee Coordinator operation

The APS layer includes supports for endpoints. An endpoint can be thought of as a running application, similar to a TCP/IP port. A single device can support one or more endpoints. Each application endpoint is identified by a 1­byte value, ranging from 1 to 240. Each defined endpoint on a device is tied to an application profile. A device could, for example, implement one endpoint that supports a Smart Energy load controller, and another endpoint that supports other functionality on a private profile.
ZigBee Device Profile
Profile ID 0x0000 is reserved for the ZigBee Device Profile. This profile is implemented on all ZigBee devices. Device Profile defines many device and service discovery features and network management capabilities. Endpoint 0 is a reserved endpoint that supports the ZigBee Device Profile. This endpoint is called the ZigBee Device Objects (ZDO) endpoint.
ZigBee Device Objects (ZDO)
The ZDO (endpoint 0) supports the discovery and management capabilities of the ZigBee Device Profile. A complete listing of all ZDP services is included in the ZigBee specification. Each service has an associated cluster ID.
The XBee ZB firmware allows applications to easily send ZDO messages to devices in the network using the API. See ZDO transmissions on page 77 for details.
ZigBee Coordinator operation

Forming a network

The coordinator is responsible for selecting the channel, PAN ID (16-bit and 64-bit), security policy, and stack profile for a network. Since a coordinator is the only device type that can start a network, each ZigBee network must have one coordinator. After the coordinator has started a network, it can allow new devices to join the network. It can also route data packets and communicate with other devices on the network.
To ensure the coordinator starts on a good channel and unused PAN ID, the coordinator performs a series of scans to discover any RF activity on different channels (energy scan) and to discover any nearby operating PANs (PAN scan). The process for selecting the channel and PAN ID are described in the following sections.

Channel selection

When starting a network, the coordinator must select a “good” channel for the network to operate on. To do this, it performs an energy scan on multiple channels (frequencies) to detect energy levels on each channel. Channels with excessive energy levels are removed from its list of potential channels to start on.

PAN ID selection

After completing the energy scan, the coordinator scans its list of potential channels (remaining channels after the energy scan) to obtain a list of neighboring PANs. To do this, the coordinator sends a beacon request (broadcast) transmission on each potential channel. All nearby coordinators and routers (that have already joined a ZigBee network) will respond to the beacon request by sending a beacon back to the coordinator. The beacon contains information about the PAN the device is on, including the PAN identifiers (16-bit and 64-bit). This scan (collecting beacons on the potential channels) is typically called an active scan or PAN scan.
After the coordinator completes the channel and PAN scan, it selects a random channel and unused 16-bit PAN ID to start on.
XBee/XBee-PRO ZigBee RF Modules User Guide 43
ZigBee Coordinator operation

Security policy

The security policy determines which devices are allowed to join the network, and which device(s) can authenticate joining devices. See ZigBee Security on page 84 for a detailed discussion of various security policies.

Persistent data

Once a coordinator has started a network, it retains the following information through power cycle or reset events:
PAN ID
Operating channel
Security policy and frame counter values
Child table (end device children that are joined to the coordinator).
Binding Table
Group Table
The coordinator will retain this information indefinitely until it leaves the network. When the coordinator leaves a network and starts a new network, the previous PAN ID, operating channel, and child table data are lost.

XBee ZigBee Coordinator startup

The following table provides the network formation commands used by the coordinator to form a network.
Command Description
ID Used to determine the 64-bit PAN ID. If set to 0 (default), a random 64-bit PAN ID will be selected.
SC Determines the scan channels bitmask (up to 16 channels) used by the coordinator when forming a network.
The coordinator will perform an energy scan on all enabled SC channels. It will then perform a PAN ID scan
SD Set the scan duration period. This value determines how long the coordinator performs an energy scan or
ZS Set the ZigBee stack profile for the network.
EE Enable or disable security in the network.
NK Set the network security key for the network. If set to 0 (default), a random network security key will be used.
KY Set the trust center link key for the network. If set to 0 (default), a random link key will be used.
EO Set the security policy for the network.
Configuration changes will delay the start of network formation for 5 seconds after the last change is made.
Once the coordinator starts a network, the network configuration settings and child table data persist through power cycles as mentioned in the “Persistent Data” section.
When the coordinator has successfully started a network, it
Allows other devices to join the network for a time (see NJ command)
Sets AI=0
Starts blinking the Associate LED
Sends an API modem status frame (“coordinator started”) out the serial port when using API mode
XBee/XBee-PRO ZigBee RF Modules User Guide 44
ZigBee Coordinator operation
These behaviors are configurable using the following commands:
Command Description
NJ Sets the permit-join time on the coordinator, measured in seconds.
D5 Enables the Associate LED functionality.
LT Sets the Associate LED blink time when joined. Default is 1 blink per second.
If any of the command values in the network formation commands table changes, the coordinator will leave its current network and start a new network, possibly on a different channel. Note that command changes must be applied (AC or CN command) before taking effect.

Permit joining

The permit joining attribute on the coordinator is configurable with the NJ command. NJ can be configured to always allow joining, or to allow joining for a short time.
Joining always enabled
If NJ=0xFF (default), joining is permanently enabled. This mode should be used carefully. Once a network has been deployed, the application should strongly consider disabling joining to prevent unwanted joins from occurring.
Joining temporarily enabled
If NJ < 0xFF, joining will be enabled only for a number of seconds, based on the NJ parameter. The timer is started once the XBee joins a network. Joining will not be re-enabled if the module is power cycled or reset. The following mechanisms can restart the permit-joining timer:
Changing NJ to a different value (and applying changes with the AC or CN commands)
Pressing the commissioning button twice
Issuing the CB command with a parameter of 2
The last two cases enable joining for one minute if NJ is 0x0 or 0xFF. Otherwise, the commissioning button and the CB2 command enable joining for NJ seconds.

Resetting the Coordinator

When the coordinator is reset or power cycled, it checks its PAN ID, operating channel and stack profile against the network configuration settings (ID, CH, ZS). It also verifies the saved security policy against the security configuration settings (EE, NK, KY). If the coordinator's PAN ID, operating channel, stack profile, or security policy is not valid based on its network and security configuration settings, then the coordinator will leave the network and attempt to form a new network based on its network formation command values.
To prevent the coordinator from leaving an existing network, the WR command should be issued after all network formation commands have been configured in order to retain these settings through power cycle or reset events.
XBee/XBee-PRO ZigBee RF Modules User Guide 45
ZigBee Coordinator operation

Leaving a network

There are a couple of mechanisms that will cause the coordinator to leave its current PAN and start a new network based on its network formation parameter values. These include the following:
Change the ID command such that the current 64-bit PAN ID is invalid
Change the SC command such that the current channel (CH) is not included in the channel mask
Change the ZS or any of the security command values (excluding NK)
Issue the NR0 command to cause the coordinator to leave
Issue the NR1 command to send a broadcast transmission, causing all devices in the network to leave and
migrate to a different channel
Press the commissioning button 4 times or issue the CB command with a parameter of 4
Issue a network leave command
Note that changes to ID, SC, ZS, and security command values only take effect when changes are applied (AC or CN commands).

Replacing a Coordinator (security disabled only)

In rare occasions, it may become necessary to replace an existing coordinator in a network with a new physical device. If security is not enabled in the network, a replacement XBee coordinator can be configured with the PAN ID (16-bit and 64-bit), channel, and stack profile settings of a running network in order to replace an existing coordinator.
Note Having two coordinators on the same channel, stack profile, and PAN ID (16-bit and 64-bit) can cause
problems in the network and should be avoided. When replacing a coordinator, the old coordinator should be turned off before starting the new coordinator.
To replace a coordinator, the following commands should be read from a device on the network:
AT Command Description
OP Read the operating 64-bit PAN ID.
OI Read the operating 16-bit PAN ID.
CH Read the operating channel.
ZS Read the stack profile.
Each of the commands listed above can be read from any device on the network. (These parameters will be the same on all devices in the network.) After reading these commands from a device on the network, these parameter values should be programmed into the new coordinator using the following commands.
XBee/XBee-PRO ZigBee RF Modules User Guide 46

ZigBee Router operation

AT Command Description
ID Set the 64-bit PAN ID to match the read OP value.
II Set the initial 16-bit PAN ID to match the read OI value.
SC Set the scan channels bitmask to enable the read operating channel (CH command). For example, if the
operating channel is 0x0B, set SC to 0x0001. If the operating channel is 0x17, set SC to 0x1000.
ZS Set the stack profile to match the read ZS value.
Note II is the initial 16-bit PAN ID. Under certain conditions, the ZigBee stack can change the 16-bit PAN ID of
the network. For this reason, the II command cannot be saved using the WR command. Once II is set, the coordinator leaves the network and starts on the 16-bit PAN ID specified by II.

Example: starting a Coordinator

1. Set CE (Coordinator Enable) to 1, and use the WR command to save the changes.
1. Set SC and ID to the desired scan channels and PAN ID values. (The defaults should suffice.)
2. If SC or ID is changed from the default, issue the WR command to save the changes.
3. If SC or ID is changed from the default, apply changes (make SC and ID changes take effect) either by sending
the AC command or by exiting AT command mode.
4. The Associate LED will start blinking once the coordinator has selected a channel and PAN ID.
5. The API Modem Status frame (“Coordinator Started”) is sent out the serial port when using API mode.
6. Reading the AI command (association status) will return a value of 0, indicating a successful startup.
7. Reading the MY command (16-bit address) will return a value of 0, the ZigBee-defined 16-bit address of the
coordinator.
After startup, the coordinator will allow joining based on its NJ value.

Example: replacing a Coordinator (security disabled)

1. Read the OP, OI, CH, and ZS commands on the running coordinator.
2. Set the CE, ID, SC, and ZS parameters on the new coordinator, followed by WR command to save these
parameter values.
3. Turn off the running coordinator.
4. Set the II parameter on the new coordinator to match the read OI value on the old coordinator.
5. Wait for the new coordinator to start (AI=0).
ZigBee Router operation
Routers must discover and join a valid ZigBee network before they can participate in a ZigBee network. After a router has joined a network, it can allow new devices to join the network. It can also route data packets and communicate with other devices on the network.
XBee/XBee-PRO ZigBee RF Modules User Guide 47
ZigBee Router operation

Discovering ZigBee networks

To discover nearby ZigBee networks, the router performs a PAN (or active) scan, just like the coordinator does when it starts a network. During the PAN scan, the router sends a beacon request (broadcast) transmission on the first channel in its scan channels list. All nearby coordinators and routers operating on that channel (that are already part of a ZigBee network) respond to the beacon request by sending a beacon back to the router. The beacon contains information about the PAN the nearby device is on, including the PAN identifier (PAN ID), and whether or not joining is allowed. The router evaluates each beacon received on the channel to determine if a valid PAN is found. A router considers a PAN to be valid if the PAN:
Has a valid 64-bit PAN ID (PAN ID matches ID if ID > 0)
Has the correct stack profile (ZS command)
Is allowing joining
If a valid PAN is not found, the router performs the PAN scan on the next channel in its scan channels list and continues scanning until a valid network is found, or until all channels have been scanned. If all channels have been scanned and a valid PAN was not discovered, all channels will be scanned again.
The ZigBee Alliance requires that certified solutions not send beacon request messages too frequently. To meet certification requirements, the XBee firmware attempts nine scans per minute for the first five minutes, and three scans per minute thereafter. If a valid PAN is within range of a joining router, it should typically be discovered within a few seconds.

Joining a network

Once the router discovers a valid network, it sends an association request to the device that sent a valid beacon requesting a join on the ZigBee network. The device allowing the join then sends an association response frame that either allows or denies the join.
When a router joins a network, it receives a 16-bit address from the device that allowed the join. The 16-bit address is randomly selected by the device that allowed the join.

Authentication

In a network where security is enabled, the router must then go through an authentication process. SeeZigBee
Security on page 84 for a discussion on security and authentication.
After the router is joined (and authenticated, in a secure network), it can allow new devices to join the network.

Persistent data

Once a router has joined a network, it retains the following information through power cycle or reset events:
PAN ID
Operating channel
Security policy and frame counter values
Child table (end device children that are joined to the coordinator).
Binding Table
Group Table
The router will retain this information indefinitely until it leaves the network. When the router leaves a network, the previous PAN ID, operating channel, and child table data are lost.
XBee/XBee-PRO ZigBee RF Modules User Guide 48
ZigBee Router operation

ZB Router joining

When the router is powered on, if it is not already joined to a valid ZigBee network, it immediately attempts to find and join a valid ZigBee network.
Note The DJ command can be set to 1 to disable joining. The DJ parameter cannot be written with WR, so a
power cycle always clears the DJ setting.
The following commands control the router joining process.
Command Description
ID Sets the 64-bit PAN ID to join. Setting ID=0 allows the router to join any 64-bit PAN ID.
SC Set the scan channels bitmask that determines which channels a router will scan to find a valid network. SC on
the router should be set to match SC on the coordinator. For example, setting SC to 0x281 enables scanning on channels 0x0B, 0x12, and 0x14, in that order.
SD Set the scan duration, or time that the router will listen for beacons on each channel.
ZS Set the stack profile on the device.
EE Enable or disable security in the network. This must be set to match the EE value (security policy) of the
coordinator.
KY Set the trust center link key. If set to 0 (default), the link key is expected to be obtained (unencrypted) during
joining.
Configuration changes will delay the start of joining for 5 seconds after the last change is made.
Once the router joins a network, the network configuration settings and child table data persist through power cycles as mentioned in the “Persistent Data” section previously. If joining fails, the status of the last join attempt can be read in the AI command register.
If any of the above command values change, when command register changes are applied (AC or CN commands), the router will leave its current network and attempt to discover and join a new valid network.
When a ZB router has successfully joined a network, it:
Allows other devices to join the network for a time
Sets AI=0
Starts blinking the Associate LED
Sends an API modem status frame (“associated”) out the serial port when using API mode.
These behaviors are configurable using the following commands:
Command Description
NJ Sets the permit-join time on the router, or the time that it will allow new devices to join the
network, measured in seconds. If NJ=0xFF, permit joining will always be enabled.
D5 Enables the Associate LED functionality.
LT Sets the Associate LED blink time when joined. Default is 2 blinks per second (router).
XBee/XBee-PRO ZigBee RF Modules User Guide 49
ZigBee Router operation

Permit joining

The permit joining attribute on the router is configurable with the NJ command. NJ can be configured to always allow joining, or to allow joining for a short time.

Joining always enabled

If NJ=0xFF (default), joining is permanently enabled. This mode should be used carefully. Once a network has been deployed, the application should strongly consider disabling joining to prevent unwanted joins from occurring.

Joining temporarily enabled

If NJ < 0xFF, joining will be enabled only for a number of seconds, based on the NJ parameter. The timer is started once the XBee joins a network. Joining will not be re-enabled if the module is power cycled or reset. The following mechanisms can restart the permit-joining timer:
Changing NJ to a different value (and applying changes with the AC or CN commands)
Pressing the commissioning button twice
Issuing the CB command with a parameter of 2 (software emulation of a 2 button press)
Causing the router to leave and rejoin the network
The middle two cases enable joining for one minute if NJ is 0x0 or 0xFF. Otherwise, the commissioning button and the CB2 command enable joining for NJ seconds.

Router network connectivity

Once a router joins a ZigBee network, it remains connected to the network on the same channel and PAN ID as long as it is not forced to leave (see Leaving a network on page 46 for details). If the scan channels (SC), PAN ID (ID) and security settings (EE, KY) do not change after a power cycle, the router will remain connected to the network after a power cycle.
If a router may physically move out of range of the network it initially joined, the application should include provisions to detect if the router can still communicate with the original network. If communication with the original network is lost, the application may choose to force the router to leave the network (see Leaving a
network on page 46 for details). The XBee firmware includes two provisions to automatically detect the presence
of a network, and leave if the check fails.
Power-On join verification
The JV command (join verification) enables the power-on join verification check. If enabled, the XBee will attempt to discover the 64-bit address of the coordinator when it first joins a network. Once it has joined, it will also attempt to discover the 64-bit address of the coordinator after a power cycle event. If 3 discovery attempts fail, the router will leave the network and try to join a new network. Power-on join verification is disabled by default (JV defaults to 0).
Network Watchdog
The NW command (network watchdog timeout) can be used for a powered router to periodically check for the presence of a coordinator to verify network connectivity. The NW command specifies a timeout in minutes where the router must receive communication from the coordinator or data collector. The following events restart the network watchdog timer:
XBee/XBee-PRO ZigBee RF Modules User Guide 50
ZigBee Router operation
RF data received from the coordinator
RF data sent to the coordinator and an acknowledgment was received
Many-to-one route request was received (from any device)
Changing the value of NW
If the watchdog timer expires (no valid data received for NW time), the router will attempt to discover the 64-bit address of the coordinator. If the address cannot be discovered, the router records one watchdog timeout. Once three consecutive network watchdog timeouts have expired (3 * NW) and the coordinator has not responded to the address discovery attempts, the router will leave the network and attempt to join a new network. Anytime a router receives valid data from the coordinator or data collector, it will clear the watchdog timeouts counter and restart the watchdog timer. The watchdog timer (NW command) is settable to several days. The network watchdog feature is disabled by default (NW defaults to 0).

Leaving a network

There are a couple of mechanisms that will cause the router to leave its current PAN and attempt to discover and join a new network based on its network joining parameter values.
These include the following:
Change the ID command such that the current 64-bit PAN ID is invalid
Change the SC command such that the current channel (CH) is not included in the channel mask
Change the ZS or any of the security command values
XBee/XBee-PRO ZigBee RF Modules User Guide 51
ZigBee Router operation
Issue the NR0 command to cause the router to leave.
Issue the NR1 command to send a broadcast transmission, causing all devices in the network to leave and
migrate to a different channel
Press the commissioning button 4 times or issue the CB command with a parameter of 4
Issue a network leave command
Note that changes to ID, SC, ZS, and security command values only take effect when changes are applied (AC or CN commands).

Network Locator option

The Device Options Network Locator option is provided to support the swapping or replacement of a Coordinator in a running network. The Network Locator option, if enabled (ATDO80), modifies the behavior of the JV and NW options. Failure to communicate with the Coordinator does not result in the radio leaving the network, but instead the radio starts a search for the network across the channels of the Search Channel mask (SC). If the network is found on the old channel with the same OI (operating ID) the search mode ends and if NW is enabled, NW is rescheduled. If the network is found with a new OI but satisfies the radio's search for a matching ID and ZS, the radio leaves the old network and joins the new network with the new OI.

Resetting the Router

When the router is reset or power cycled, it checks its PAN ID, operating channel and stack profile against the network configuration settings (ID, SC, ZS). It also verifies the saved security policy is valid based on the security configuration commands (EE, KY). If the router's PAN ID, operating channel, stack profile, or security policy is invalid, the router will leave the network and attempt to join a new network based on its network joining command values.
To prevent the router from leaving an existing network, the WR command should be issued after all network joining commands have been configured in order to retain these settings through power cycle or reset events.

Example: joining a network

After starting a coordinator (that is allowing joins), the following steps will cause a router to join the network:
1. Set ID to the desired 64-bit PAN ID, or to 0 to join any PAN.
2. Set SC to the list of channels to scan to find a valid network.
3. If SC or ID is changed from the default, apply changes (make SC and ID changes take effect) by issuing the AC
or CN command.
4. The Associate LED will start blinking once the router has joined a PAN.
5. If the Associate LED is not blinking, the AI command can be read to determine the cause of join failure.
6. Once the router has joined, the OP and CH commands will indicate the operating 64-bit PAN ID and channel
the router joined.
7. The MY command will reflect the 16-bit address the router received when it joined.
8. The API Modem Status frame (“Associated”) is sent out the serial port when using API mode.
9. The joined router will allow other devices to join for a time based on its NJ setting.
XBee/XBee-PRO ZigBee RF Modules User Guide 52

End Device operation

End Device operation
Similar to routers, end devices must also discover and join a valid ZigBee network before they can participate in a network. After an end device has joined a network, it can communicate with other devices on the network. Since end devices are intended to be battery powered and therefore support low power (sleep) modes, end devices cannot allow other devices to join, nor can they route data packets.

Discovering ZigBee networks

End devices go through the same process as routers to discover networks by issuing a PAN scan. After sending the broadcast beacon request transmission, the end device listens for a short time in order to receive beacons sent by nearby routers and coordinators on the same channel. The end device evaluates each beacon received on the channel to determine if a valid PAN is found. An end device considers a PAN to be valid if the PAN:
Has a valid 64-bit PAN ID (PAN ID matches ID if ID > 0)
Has the correct stack profile (ZS command)
Is allowing joining
Has capacity for additional end devices (see End Device capacity on page 54).
If a valid PAN is not found, the end device performs the PAN scan on the next channel in its scan channels list and continues this process until a valid network is found, or until all channels have been scanned. If all channels have been scanned and a valid PAN was not discovered, the end device may enter a low power sleep state and scan again later.
If scanning all SC channels fails to discover a valid PAN, XBee ZB modules will attempt to enter a low power state and will retry scanning all SC channels after the module wakes from sleeping. If the module cannot enter a low power state, it will retry scanning all channels, similar to the router. To meet ZigBee Alliance requirements, the end device will attempt up to nine scans per minute for the first five minutes, and three scans per minute thereafter.
Note The XBee ZB end device will not enter sleep until it has completed scanning all SC channels for a valid
network.

Joining a network

Once the end device discovers a valid network, it joins the network, similar to a router, by sending an association request (to the device that sent a valid beacon) to request a join on the ZigBee network. The device allowing the join then sends an association response frame that either allows or denies the join.
When an end device joins a network, it receives a 16-bit address from the device that allowed the join. The 16-bit address is randomly selected by the device that allowed the join.

Parent child relationship

Since an end device may enter low power sleep modes and not be immediately responsive, the end device relies on the device that allowed the join to receive and buffer incoming messages in its behalf until it is able to wake and receive those messages. The device that allowed an end device to join becomes the parent of the end device, and the end device becomes a child of the device that allowed the join.
XBee/XBee-PRO ZigBee RF Modules User Guide 53
End Device operation

End Device capacity

Routers and coordinators maintain a table of all child devices that have joined called the child table. This table is a finite size and determines how many end devices can join. If a router or coordinator has at least one unused entry in its child table, the device is said to have end device capacity. In other words, it can allow one or more additional end devices to join. ZigBee networks should have sufficient routers to ensure adequate end device capacity.
The initial release of software on this platform supports up to 20 end devices when configured as a coordinator or a router.
In ZB firmware, the NC command (number of remaining end device children) can be used to determine how many additional end devices can join a router or coordinator. If NC returns 0, then the router or coordinator device has no more end device capacity (Its child table is full).
Also of note, since routers cannot sleep, there is no equivalent need for routers or coordinators to track joined routers. Therefore, there is no limit to the number of routers that can join a given router or coordinator device. There is no “router capacity” metric.

Authentication

In a network where security is enabled, the end device must then go through an authentication process; see
ZigBee Security on page 84.

Persistent data

The end device can retain its PAN ID, operating channel, and security policy information through a power cycle. However, since end devices rely heavily on a parent, the end device does an orphan scan to try and contact its parent. If the end device does not receive an orphan scan response (called a coordinator realignment command), it will leave the network and try to discover and join a new network. When the end device leaves a network, the previous PAN ID and operating channel settings are lost.

Orphan scans

When an end device comes up from a power cycle, it performs an orphan scan to verify it still has a valid parent. The orphan scan is sent as a broadcast transmission and contains the 64-bit address of the end device. Nearby routers and coordinator devices that receive the broadcast check their child tables for an entry that contains the end device's 64-bit address. If an entry is found with a matching 64-bit address, the device sends a coordinator realignment command to the end device that includes the end device's 16-bit address, 16-bit PAN ID, operating channel, and the parent's 64-bit and 16-bit addresses.
If the orphaned end device receives a coordinator realignment command, it is considered joined to the network. Otherwise, it will attempt to discover and join a valid network.

ZigBee End Device joining

When an end device is powered on, if it is not joined to a valid ZigBee network, or if the orphan scan fails to find a parent, it immediately attempts to find and join a valid ZigBee network.
Note The DJ command can be set to 1 to disable joining. The DJ parameter cannot be written with WR, so a
power cycle always clears the DJ setting.
Similar to a router, the following commands control the end device joining process.
XBee/XBee-PRO ZigBee RF Modules User Guide 54
End Device operation
Command Description
ID Sets the 64-bit PAN ID to join. Setting ID=0 allows the router to join any 64-bit PAN ID.
SC Set the scan channels bitmask that determines which channels an end device will scan to find a valid network.
SC on the end device should be set to match SC on the coordinator and routers in the desired network. For example, setting SC to 0x281 enables scanning on channels 0x0B, 0x12, and 0x14, in that order.
SD Set the scan duration, or time that the end device will listen for beacons on each channel.
ZS Set the stack profile on the device.
EE Enable or disable security in the network. This must be set to match the EE value (security policy) of the
coordinator.
KY Set the trust center link key. If set to 0 (default), the link key is expected to be obtained (unencrypted) during
joining.
Once the end device joins a network, the network configuration settings can persist through power cycles as mentioned in Persistent data on page 44. If joining fails, the status of the last join attempt can be read in the AI command register.
If any of these command values changes, when command register changes are applied, the end device will leave its current network and attempt to discover and join a new valid network.
When a ZB end device has successfully started a network, it
Sets AI=0
Starts blinking the Associate LED
Sends an API modem status frame (“associated”) out the serial port when using API mode
Attempts to enter low power modes
These behaviors are configurable using the following commands:
Command Description
D5 Enables the Associate LED functionality.
LT Sets the Associate LED blink time when joined. Default is 2 blinks per second (end devices).
SM, SP, ST, SN, SO Parameters that configure the sleep mode characteristics. See Managing End Devices on page 107 for
details.

Parent Connectivity

The XBee ZB end device sends regular poll transmissions to its parent when it is awake. These poll transmissions query the parent for any new received data packets. The parent always sends a MAC layer acknowledgment back to the end device. The acknowledgment indicates whether the parent has data for the end device or not.
If the end device does not receive an acknowledgment for 3 consecutive poll requests, it considers itself disconnected from its parent and will attempt to discover and join a valid ZigBee network. See Managing End
Devices on page 107 for details.
XBee/XBee-PRO ZigBee RF Modules User Guide 55
End Device operation

Resetting the End Device

When the end device is reset or power cycled, if the orphan scan successfully locates a parent, the end device then checks its PAN ID, operating channel and stack profile against the network configuration settings (ID, SC, ZS). It also verifies the saved security policy is valid based on the security configuration commands (EE, KY). If the end device's PAN ID, operating channel, stack profile, or security policy is invalid, the end device will leave the network and attempt to join a new network based on its network joining command values.
To prevent the end device from leaving an existing network, the WR command should be issued after all network joining commands have been configured in order to retain these settings through power cycle or reset events.

Leaving a network

There are a couple of mechanisms that will cause the router to leave its current PAN and attempt to discover and join a new network based on its network joining parameter values. These include the following:
The ID command changes such that the current 64-bit PAN ID is invalid
The SC command changes such that the current operating channel (CH) is not included in the channel mask
The ZS or any of the security command values change
The NR0 command is issued to cause the end device to leave
The NR1 command is issued to send a broadcast transmission, causing all devices in the network to leave and
migrate to a different channel
The commissioning button is pressed 4 times or the CB command is issued with a parameter of 4
The end device's parent is powered down or the end device is moved out of range of the parent such that the
end device fails to receive poll acknowledgment messages
Note that changes to command values only take effect when changes are applied (AC or CN commands).

Example: joining a network

After starting a coordinator (that is allowing joins), the following steps will cause an XBee end device to join the network:
1. Set ID to the desired 64-bit PAN ID, or to 0 to join any PAN.
2. Set SC to the list of channels to scan to find a valid network.
3. If SC or ID is changed from the default, apply changes (make SC and ID changes take effect) by issuing the AC
or CN command.
4. The Associate LED will start blinking once the end device has joined a PAN.
5. If the Associate LED is not blinking, the AI command can be read to determine the cause of join failure.
6. Once the end device has joined, the OP and CH commands will indicate the operating 64-bit PAN ID and
channel the end device joined.
7. The MY command will reflect the 16-bit address the router received when it joined.
8. The API Modem Status frame (“Associated”) is sent out the serial port when using API mode.
9. The joined end device will attempt to enter low power sleep modes based on its sleep configuration
commands (SM, SP, SN, ST, SO).
XBee/XBee-PRO ZigBee RF Modules User Guide 56

ZigBee channel scanning

ZigBee channel scanning
As mentioned previously, routers and end devices must scan one or more channels to discover a valid network to join. When a join attempt begins, the XBee sends a beacon request transmission on the lowest channel specified in the SC (scan channels) command bitmask. If a valid PAN is found on the channel, the XBee will attempt to join the PAN on that channel. Otherwise, if a valid PAN is not found on the channel, it will attempt scanning on the next higher channel in the SC command bitmask. The XBee will continue to scan each channel (from lowest to highest) in the SC bitmask until a valid PAN is found or all channels have been scanned. Once all channels have been scanned, the next join attempt will start scanning on the lowest channel specified in the SC command bitmask.
For example, if the SC command is set to 0x400F, the XBee would start scanning on channel 11 (0x0B) and scan until a valid beacon is found, or until channels 11, 12, 13, 14, and 25 have been scanned (in that order).
Once an XBee router or end device joins a network on a given channel, if the XBee is told to leave (see Leaving a
network on page 46), it will leave the channel it joined on and continue scanning on the next higher channel in
the SC bitmask.
For example, if the SC command is set to 0x400F, and the XBee joins a PAN on channel 12 (0x0C), if the XBee leaves the channel, it will start scanning on channel 13, followed by channels 14 and 25 if a valid network is not found. Once all channels have been scanned, the next join attempt will start scanning on the lowest channel specified in the SC command bitmask.

Managing multiple ZigBee networks

In some applications, multiple ZigBee networks may exist in proximity of each other. The application may need provisions to ensure the XBee joins the desired network. There are a number of features in ZigBee to manage joining among multiple networks. These include the following:
PAN ID Filtering
Preconfigured Security Keys
Permit Joining
Application Messaging

PAN ID filtering

The XBee can be configured with a fixed PAN ID by setting the ID command to a non-zero value. If the PAN ID is set to a non-zero value, the XBee will only join a network with the same PAN ID.

Pre-configured security keys

Similar to PAN ID filtering, this method requires a known security key be installed on a router to ensure it will join a ZigBee network with the same security key. If the security key (KY command) is set to a non-zero value, and if security is enabled (EE command), an XBee router or end device will only join a network with the same security key.

Permit joining

The Permit Joining parameter can be disabled in a network to prevent unwanted devices from joining. When a new device must be added to a network, permit-joining can be enabled for a short time on the desired network. In the XBee firmware, joining is disabled by setting the NJ command to a value less than 0xFF on all routers and coordinator devices. Joining can be enabled for a short time using the commissioning push-button (see Network
commissioning and diagnostics on page 91 for details) or the CB command.
XBee/XBee-PRO ZigBee RF Modules User Guide 57
ZigBee channel scanning

Application messaging

If the above mechanisms are not feasible, the application could build in a messaging framework between the coordinator and devices that join its network. For example, the application code in joining devices could send a transmission to the coordinator after joining a network, and wait to receive a defined reply message. If the application does not receive the expected response message after joining, the application could force the XBee to leave and continue scanning (see the NR parameter).
XBee/XBee-PRO ZigBee RF Modules User Guide 58

Transmission, addressing, and routing

Addressing

All ZigBee devices have two different addresses, a 64-bit and a 16-bit address. The characteristics of each are described below.

64-bit device addresses

The 64-bit address is a device address which is unique to each physical device. It is sometimes also called the MAC address or extended address. It is assigned during the manufacturing process. The first three bytes of the 64-bit address is a Organizationally Unique Identifier (OUI) assigned to the manufacturer by the IEEE. The OUI of XBee devices is 0x0013A2.

16-bit device addresses

A device receives a 16-bit address when it joins a ZigBee network. For this reason, the 16-bit address is also called the network address. The 16-bit address of 0x0000 is reserved for the coordinator. All other devices receive a randomly generated address from the router or coordinator device that allows the join. The 16-bit address can change under certain conditions:
An address conflict is detected where two devices are found to have the same 16-bit address
A device leaves the network and later joins (it can receive a different address)
All ZigBee transmissions are sent using the source and destination 16-bit addresses. The routing tables on ZigBee devices also use 16-bit addresses to determine how to route data packets through the network. However, since the 16-bit address is not static, it is not a reliable way to identify a device.
To solve this problem, the 64-bit destination address is often included in data transmissions to guarantee data is delivered to the correct destination. The ZigBee stack can discover the 16-bit address, if unknown, before transmitting data to a remote.

Application layer addressing

ZigBee devices can support multiple application profiles, cluster IDs, and endpoints (see ZigBee application layers: in
depth on page 41). Application layer addressing allows data transmissions to be addressed to specific profile IDs,
cluster IDs, and endpoints. Application layer addressing is useful if an application must
Interoperate with other ZigBee devices outside of the Digi application profile
XBee/XBee-PRO ZigBee RF Modules User Guide 59

Data transmission

C
R
R
E
R
E
R
E
E
R
E
R
Legend
C=Coordinator R=R outer E=En d D evice
E
use service and network management capabilities of the ZDO
Operate on a public application profile such as Home Controls or Smart Energy
API mode provides a simple yet powerful interface that can easily send data to any profile ID, endpoint, and cluster ID combination on any device in a ZigBee network.
Data transmission
ZigBee data packets can be sent as either unicast or broadcast transmissions. Unicast transmissions route data from one source device to one destination device, whereas broadcast transmissions are sent to many or all devices in the network.

Broadcast transmissions

Broadcast transmissions within the ZigBee protocol are intended to be propagated throughout the entire network such that all nodes receive the transmission. To accomplish this, the coordinator and all routers that receive a broadcast transmission will retransmit the packet three times.
Note When a router or coordinator delivers a broadcast transmission to an end device child, the transmission
is only sent once (immediately after the end device wakes and polls the parent for any new data). See
Parent operation on page 108 for details.
Broadcast data transmission
XBee/XBee-PRO ZigBee RF Modules User Guide 60
Each node that transmits the broadcast will also create an entry in a local broadcast transmission table. This entry is used to keep track of each received broadcast packet to ensure the packets are not endlessly transmitted. Each entry persists for 8 seconds. The broadcast transmission table holds 8 entries.
Data transmission
For each broadcast transmission, the ZigBee stack must reserve buffer space for a copy of the data packet. This copy is used to retransmit the packet as needed. Large broadcast packets will require more buffer space. This information on buffer space is provided for general knowledge; the user does not and cannot change any buffer spacing. Buffer spacing is handled automatically by the XBee module.
Since broadcast transmissions are retransmitted by each device in the network, broadcast messages should be used sparingly.

Unicast transmissions

Unicast transmissions are sent from one source device to another destination device. The destination device could be an immediate neighbor of the source, or it could be several hops away. Unicast transmissions that are sent along a multiple hop path require some means of establishing a route to the destination device. See RF
packet routing on page 66 for details.
Address resolution
As mentioned previously, each device in a ZigBee network has both a 16-bit (network) address and a 64-bit (extended) address. The 64-bit address is unique and assigned to the device during manufacturing, and the 16-bit address is obtained after joining a network. The 16-bit address can also change under certain conditions.
When sending a unicast transmission, the ZigBee network layer uses the 16-bit address of the destination and each hop to route the data packet. If the 16-bit address of the destination is not known, the ZigBee stack includes a discovery provision to automatically discover the destination device's 16-bit address before routing the data.
To discover a 16-bit address of a remote, the device initiating the discovery sends a broadcast address discovery transmission. The address discovery broadcast includes the 64-bit address of the remote device whose 16-bit address is being requested. All nodes that receive this transmission check the 64-bit address in the payload and compare it to their own 64-bit address. If the addresses match, the device sends a response packet back to the initiator. This response includes the remote's 16-bit address. When the discovery response is received, the initiator will then transmit the data.
Frames may be addressed using either the extended or the network address. If the extended address form is used, then the network address field should be set to 0xFFFE (unknown). If the network address form is used, then the extended address field should be set to 0xFFFFFFFFFFFFFFFF (unknown).
If an invalid 16-bit address is used as a destination address, and the 64-bit address is unknown (0xFFFFFFFFFFFFFFFF), the modem status message will show a delivery status code of 0x21 (network ack failure) and a discovery status of 0x00 (no discovery overhead). If a non-existent 64-bit address is used as a destination address, and the 16-bit address is unknown (0xFFFE), address discovery will be attempted and the modem status message will show a delivery status code of 0x24 (address not found) and a discovery status code of 0x01 (address discovery was attempted).
XBee/XBee-PRO ZigBee RF Modules User Guide 61
Data transmission
Address table
Each ZigBee device maintains an address table that maps a 64-bit address to a 16-bit address. When a transmission is addressed to a 64-bit address, the ZigBee stack searches the address table for an entry with a matching 64-bit address, in hopes of determining the destination's 16-bit address. If a known 16-bit address is not found, the ZigBee stack will perform address discovery to discover the device's current 16-bit address.
64-bit Address 16-bit Address
0013 A200 4000 0001 0x4414
0013 A200 400A 3568 0x1234
0013 A200 4004 1122 0xC200
0013 A200 4002 1123 0xFFFE (unknown)
The XBee modules can store up to 10 address table entries. For applications where a single device (e.g. coordinator) may send unicast transmissions to more than 10 devices, the application should implement an address table to store the 16-bit and 64-bit addresses for each remote device. Any XBee that will send data to more than 10 remotes should also use API mode. The application can then send both the 16-bit and 64-bit addresses to the XBee in the API transmit frames which will significantly reduce the number of 16-bit address discoveries and greatly improve data throughput.
If an application will support an address table, the size should ideally be larger than the maximum number of destination addresses the device will communicate with. Each entry in the address table should contain a 64-bit destination address and its last known 16-bit address.
When sending a transmission to a destination 64-bit address, the application should search the address table for a matching 64-bit address. If a match is found, the 16-bit address should be populated into the 16-bit address field of the API frame. If a match is not found, the 16-bit address should be set to 0xFFFE (unknown) in the API transmit frame.
The API provides indication of a remote device's 16-bit address in the following frames:
All receive data frames
Rx Data (0x90)
Rx Explicit Data (0x91)
I/O Sample Data (0x92)
Node Identification Indicator (0x95)
Route Record Indicator (0xA1) etc.
Transmit status frame (0x8B)
Group table
Each router and the coordinator maintain a persistent group table. Each entry contains an endpoint value, a two byte group ID, and an optional name string of zero to 16 ASCII characters, and an index into the binding table. More than one endpoint may be associated with a group ID, and more than one group ID may be associated with a given endpoint. The capacity of the group table is 16 entries.
The application should always update the 16-bit address in the address table when one of these frames is received to ensure the table has the most recently known 16-bit address. If a transmission failure occurs, the application should set the 16-bit address in the table to 0xFFFE (unknown).
XBee/XBee-PRO ZigBee RF Modules User Guide 62
Data transmission

Binding transmissions

Binding transmissions use indirect addressing to send one or more messages to other destination devices. An Explicit Addressing ZigBee Command Frame (0x11) using the Indirect Tx Option (0x04) is treated as a binding transmission request.
Address resolution
The source endpoint and cluster ID values of a binding transmission are used as keys to lookup matching binding table entries. For each matching binding table entry, the type field of the entry indicates whether a unicast or a multicast message should be sent.
In the case of a unicast entry, the transmission request is updated with the Destination Endpoint and MAC Address, and unicast to its destination. In the case of a multicast entry, the message is updated using the two least significant bytes of the Destination MAC Address as the groupID, and multicast to its destination(s).
Binding table
Each router and the coordinator maintain a persistent binding table to map source endpoint and cluster ID values into 64 bit destination address and endpoint values. The capacity of the binding table is 16 entries.

Multicast transmissions

Multicast transmissions are used to broadcast a message to destination devices which have active endpoints associated with a common group ID. An explicit transmit request frame (0x11) using the Multicast Tx Option (0x08) is treated as a multicast transmission request.
Address resolution
The 64 bit destination address value does not matter and it is recommended it be set to 0xFFFFFFFFFFFFFFFF. The 16 bit destination address value should be set to the destination groupID.

Fragmentation

Each unicast transmission may support up to 84 bytes of RF payload. (Enabling security or using source routing can reduce this number. See the NP command for details.) However, the XBee ZB firmware supports a ZigBee feature called fragmentation that allows a single large data packet to be broken up into multiple RF transmissions and reassembled by the receiver before sending data out its serial port. This is shown in the image below.
XBee/XBee-PRO ZigBee RF Modules User Guide 63
Data transmission
The transmit frame can include up to 255 bytes of data, which will be broken up into multiple transmissions and reassembled on the receiving side. If one or more of the fragmented messages are not received by the receiving device, the receiver will drop the entire message, and the sender will indicate a transmission failure in the Tx Status API frame.
Applications that do not wish to use fragmentation should avoid sending more than the maximum number of bytes in a single RF transmission. See Maximum RF payload size on page 75 for details.
If RTS flow control is enabled on the receiving module (using the D6 command) and a fragmented message is received, then RTS flow control will be ignored.
Note Broadcast transmissions do not support fragmentation. Maximum payload size = up to 84 bytes.

Data transmission examples

AT firmware
To send a data packet in transparent mode, the DH and DL commands must be set to match the 64-bit address of the destination device. DH must match the upper 4-bytes, and DL must match the lower 4 bytes. Since the coordinator always receives a 16-bit address of 0x0000, a 64-bit address of 0x0000000000000000 is defined as the coordinator's address (in ZB firmware). The default values of DH and DL are 0x00, which sends data to the coordinator.
Example 1: send a transmission to the coordinator.
(In this example, a '\r' refers to a carriage return character.)
A router or end device can send data in two ways. First, set the destination address (DH and DL commands) to 0x00.
1. Enter command mode ('+++')
2. After receiving an OK\r, issue the following commands:
3. ATDH0\r
a. ATDL0\r
b. ATCN\r
4. Verify that each of the 3 commands returned an OK\r response.
5. After setting these command values, all serial characters will be sent as a unicast transmission to the
coordinator.
Alternatively, if the coordinator's 64-bit address is known, DH and DL can be set to the coordinator's 64-bit address. Suppose the coordinator's address is 0x0013A200404A2244.
1. Enter command mode ('+++')
2. After receiving an OK\r, issue the following commands:
3. ATDH13A200\r
a. ATDL404A2244\
b. ATCN\r
4. Verify that each of the three commands returned an OK\r response.
XBee/XBee-PRO ZigBee RF Modules User Guide 64
Data transmission
5. After setting these command values, all serial characters will be sent as a unicast transmission to the
coordinator.
API firmware
Use the transmit request, or explicit transmit request frame (0x10 and 0x11 respectively) to send data to the coordinator. The 64-bit address can either be set to 0x0000000000000000, or to the 64-bit address of the coordinator. The 16-bit address should be set to 0xFFFE when using the 64-bit address of all 0x00s.
To send an ASCII “1” to the coordinator's 0x00 address, the following API frame can be used:
7E 00 0F 10 01 0000 0000 0000 0000 FFFE 00 00 31 C0
If the explicit transmit frame is used, the cluster ID should be set to 0x0011, the profile ID to 0xC105, and the source and destination endpoints to 0xE8 (recommended defaults for data transmissions in the Digi profile.) The same transmission could be sent using the following explicit transmit frame:
7E 00 15 11 01 0000 0000 0000 0000 FFFE E8 E8 0011 C105 00 00 31 18
Notice the 16-bit address is set to 0xFFFE. This is required when sending to a 64-bit address of 0x00s.
Now suppose the coordinator's 64-bit address is 0x0013A200404A2244. The following transmit request API frame (0x10) will send an ASCII “1” to the coordinator:
7E 00 0F 10 01 0013 A200 404A 2244 0000 0000 31 18
Example 2: send a broadcast transmission.
(In this example, a '\r' refers to a carriage return character.)
Perform the following steps to configure a broadcast transmission:
1. Enter command mode ('+++')
2. After receiving an OK\r, issue the following commands:
a. ATDH0\r
b. ATDLffff\r
c. ATCN\r
3. Verify that each of the three commands returned an OK\r response
4. After setting these command values, all serial characters will be sent as a broadcast transmission.
API firmware
This example will use the transmit request API frame (0x10) to send an ASCII “1” in a broadcast transmission.
To send an ASCII “1” as a broadcast transmission, the following API frame can be used:
7E 00 0F 10 01 0000 0000 0000 FFFF FFFE 00 00 31 C2
Notice the destination 16-bit address is set to 0xFFFE for broadcast transmissions.
Example 3: send an indirect (binding) transmission.
This example will use the explicit transmit request frame (0x11) to send a transmission using indirect addressing through the binding table. It assumes the binding table has already been set up to map a source endpoint of 0xE7 and cluster ID of 0x0011 to a destination endpoint and 64 bit destination address. The message data is a
XBee/XBee-PRO ZigBee RF Modules User Guide 65

RF packet routing

manufacturing specific profile message using profile ID 0xC105, command ID 0x00, a ZCL Header of 151E10, transaction number EE, and a ZCL payload of 000102030405.
7E 001E 11 e4 FFFFFFFFFFFFFFFF FFFE E7 FF 0011 C105 00 04 151E10EE000102030405 14
Note The 64 bit destination address has been set to all 0xFF values, and the destination endpoint set to 0xFF.
The Tx Option 0x04 indicates indirect addressing is to be used. The 64 bit destination address and destination endpoint will be filled in by looking up data associated with binding table entries which match Example 5: Send a multicast (group ID) broadcast.
Example 4: send a multicast (group ID) broadcast.
This example will use the explicit transmit request frame (0x11) to send a transmission using multicasting. It assumes the destination devices already have their group tables set up to associate an active endpoint with the group ID (0x1234) of the multicast transmission. The message data is a manufacturing specific profile message using profile ID 0xC105command ID 0x00, a ZCL Header of 151E10, transaction number EE, and a ZCL payload of
000102030405.
7E 001E 11 01 FFFFFFFFFFFFFFFF 1234 E6 FE 0001 C105 00 08 151E10EE000102030405 BC
Note The 64 bit destination address has been set to all 0xFF values, and the destination endpoint set to 0xFE.
The Tx Option 0x08 indicates multicast (group) addressing is to be used.
RF packet routing
Unicast transmissions may require some type of routing. ZigBee includes several different ways to route data, each with its own advantages and disadvantages. These are summarized in the table below.
Routing Approach Description When to Use
Ad hoc On-demand Distance Vector (AODV) Mesh Routing
Many-to-One Routing A single broadcast transmission configures
Source Routing Data packets include the entire route the packet
Note End devices do not make use of these routing protocols. Rather, an end device sends a unicast
Routing paths are created between source and destination, possibly traversing multiple nodes (“hops”). Each device knows who to send data to next to eventually reach the destination
reverse routes on all devices into the device that sends the broadcast
should traverse to get from source to destination
transmission to its parent and allows the parent to route the data packet in its behalf.
Use in networks that will not scale beyond about 40 destination devices.
Useful when many remote devices must send data to a single gateway or collector device.
Improves routing efficiency in large networks (over 40 remote devices)
Note A network cannot revert from Many-to-One routing to AODV routing without first doing a network reset
(NR).
XBee/XBee-PRO ZigBee RF Modules User Guide 66
RF packet routing
Device A
Device B
Neighbor A:
Outgoing cost: very poor
Incoming cost: very good
Neighbor B:
Outgoing cost: very good
Incoming cost: very poor
Link status (A to B)
Link status (B to A)
+18 dBm TX power
+3 dBm TX power

Link status transmission

Before discussing the various routing protocols, it is worth understanding the primary mechanism in ZigBee for establishing reliable bi-directional links. This mechanism is especially useful in networks that may have a mixture of devices with varying output power and/or receiver sensitivity levels.
Each coordinator or router device periodically sends a link status message. This message is sent as a 1-hop broadcast transmission, received only by one-hop neighbors. The link status message contains a list of neighboring devices and incoming and outgoing link qualities for each neighbor. Using these messages, neighboring devices can determine the quality of a bi-directional link with each neighbor and use that information to select a route that works well in both directions.
For example, consider a network of two neighboring devices that send periodic link status messages. Suppose that the output power of device A is +18dBm, and the output power of device B is +3dBm (considerably less than the output power of device A). The link status messages might indicate the following:
This mechanism enables devices A and B to recognize that the link is not reliable in both directions and select a different neighbor when establishing routes. (Such links are called asymmetric links, meaning the link quality is not similar in both directions.)
When a router or coordinator device powers on, it sends link status messages every couple seconds to attempt to discover link qualities with its neighbors quickly. After being powered on for some time, the link status messages are sent at a much slower rate (about every 3-4 times per minute).

AODV Mesh routing

ZigBee employs mesh routing to establish a route between the source device and the destination. Mesh routing allows data packets to traverse multiple nodes (hops) in a network to route data from a source to a destination. Routers and coordinators can participate in establishing routes between source and destination devices using a process called route discovery. The Route discovery process is based on the Ad-hoc On-demand Distance Vector routing (AODV) protocol.
Sample transmission through a Mesh network:
XBee/XBee-PRO ZigBee RF Modules User Guide 67
AODV routing algorithm
RF packet routing
Routing under the AODV protocol is accomplished using tables in each node that store the next hop (intermediary node between source and destination nodes) for a destination node. If a next hop is not known, route discovery must take place in order to find a path. Since only a limited number of routes can be stored on a Router, route discovery will take place more often on a large network with communication between many different nodes.
Node Destination Address Next Hop Address
R3 Router 6 Coordinator
C Router 6 Router 5
R5 Router 6 Router 6
When a source node must discover a route to a destination node, it sends a broadcast route request command. The route request command contains the source network address, the destination network address and a path cost field (a metric for measuring route quality). As the route request command is propagated through the network (refer to the Broadcast Transmission), each node that re-broadcasts the message updates the path cost field and creates a temporary entry in its route discovery table.
Sample route request (broadcast) transmission where R3 is trying to discover a route to R6:
When the destination node receives a route request, it compares the ‘path cost’ field against previously received route request commands. If the path cost stored in the route request is better than any previously received, the
XBee/XBee-PRO ZigBee RF Modules User Guide 68
RF packet routing
destination node will transmit a route reply packet to the node that originated the route request. Intermediate nodes receive and forward the route reply packet to the source node (the node that originated route request).
Sample route reply (unicast) where R6 sends a route reply to R3:
Note R6 could send multiple replies if it identifies a better route.
Retries and acknowledgments
ZigBee includes acknowledgment packets at both the Mac and Application Support (APS) layers. When data is transmitted to a remote device, it may traverse multiple hops to reach the destination. As data is transmitted from one node to its neighbor, an acknowledgment packet (Ack) is transmitted in the opposite direction to indicate that the transmission was successfully received. If the Ack is not received, the transmitting device will retransmit the data, up to 4 times. This Ack is called the Mac layer acknowledgment.
In addition, the device that originated the transmission expects to receive an acknowledgment packet (Ack) from the destination device. This Ack will traverse the same path that the data traversed, but in the opposite direction. If the originator fails to receive this Ack, it will retransmit the data, up to 2 times until an Ack is received. This Ack is called the ZigBee APS layer acknowledgment.
Note Refer to the ZigBee specification for more details.

Many-to-One routing

In networks where many devices must send data to a central collector or gateway device, AODV mesh routing requires significant overhead. If every device in the network had to discover a route before it could send data to the data collector, the network could easily become inundated with broadcast route discovery messages.
Many-to-one routing is an optimization for these kinds of networks. Rather than require each device to do its own route discovery, a single many-to-one broadcast transmission is sent from the data collector to establish reverse routes on all devices. This is shown in the figure below. The left side shows the many broadcasts the devices can send when they create their own routes and the route replies generated by the data collector. The right side shows the benefits of many-to-one routing where a single broadcast creates reverse routes to the data collector on all routers.
The many-to-one broadcast is a route request message with the target discovery address set to the address of the data collector. Devices that receive this route request create a reverse many-to-one routing table entry to create
XBee/XBee-PRO ZigBee RF Modules User Guide 69
RF packet routing
a path back to the data collector. The ZigBee stack on a device uses historical link quality information about each neighbor to select a reliable neighbor for the reverse route.
When a device sends data to a data collector, and it finds a many-to-one route in its routing table, it will transmit the data without performing a route discovery. The many-to-one route request should be sent periodically to update and refresh the reverse routes in the network.
Applications that require multiple data collectors can also use many-to-one routing. If more than one data collector device sends a many-to-one broadcast, devices will create one reverse routing table entry for each collector.
In ZB firmware, the AR command is used to enable many-to-one broadcasting on a device. The AR command sets a time interval (measured in 10 second units) for sending the many to one broadcast transmission. (See the command table for details).

High/Low RAM Concentrator mode

When Many to One (MTO) requests are broadcast, DO40 (bit6) determines if the concentrator is operating in high or low RAM mode. High RAM mode indicates the concentrator has enough memory to store source routes for the whole network, and remote nodes may stop sending route records after the concentrator has successfully received one. Low RAM mode indicates the concentrator lacks RAM to store route records, and that route records should be sent to the concentrator to precede every inbound APS unicast message. By default the XBee uses low RAM mode.

Source routing

In applications where a device must transmit data to many remotes, AODV routing would require performing one route discovery for each destination device to establish a route. If there are more destination devices than there are routing table entries, established AODV routes would be overwritten with new routes, causing route discoveries to occur more regularly. This could result in larger packet delays and poor network performance.
ZigBee source routing helps solve these problems. In contrast to many-to-one routing that establishes routing paths from many devices to one data collector, source routing allows the collector to store and specify routes for many remotes.
To use source routing, a device must use the API mode, and it must send periodic many-to-one route request broadcasts (AR command) to create a many-to-one route to it on all devices. When remote devices send RF data using a many-to-one route, they first send a route record transmission. The route record transmission is unicast along the many-to-one route until it reaches the data collector. As the route record traverses the many-to-one route, it appends the 16-bit address of each device in the route into the RF payload. When the route record reaches the data collector, it contains the address of the sender, and the 16-bit address of each hop in the route. The data collector can store the routing information and retrieve it later to send a source routed packet to the remote. This is shown in the images below.
XBee/XBee-PRO ZigBee RF Modules User Guide 70
RF packet routing
The data collector sends a many-to-one route request broadcast to create reverse routes on all devices.
A r emo te d evi ce s ends an R F da ta p ack et t o th e da ta c oll ect or. This is prefaced by a route record transmission to the data collector.
Route request broadcast
Route reply unicast
Data collector
Router
After obtaining a source route, the data collector sends a source routed transmission to the remote device.
Acquiring source routes
Acquiring source routes requires the remote devices to send a unicast to a data collector (device that sends many-to-one route request broadcasts). There are several ways to force remotes to send route record transmissions.
1. If the application on remote devices periodically sends data to the data collector, each transmission will force
a route record to occur.
XBee/XBee-PRO ZigBee RF Modules User Guide 71
RF packet routing
Coordinator
R1
R2
R3
R4
R5
2. The data collector can issue a network discovery command (ND command) to force all XBee devices to send a
network discovery response. Each network discovery response will be prefaced by a route record.
3. Periodic IO sampling can be enabled on remotes to force them to send data at a regular rate. Each IO sample
would be prefaced by a route record. See Analog and digital I/O lines on page 123 for details.
4. If the NI string of the remote device is known, the DN command can be issued with the NI string of the remote
in the payload. The remote device with a matching NI string would send a route record and a DN response.
Storing source routes
When a data collector receives a route record, it sends it out the serial port as a Route Record Indicator API frame (0xA1). To use source routing, the application should receive these frames and store the source route information.
Sending a source routed transmission
To send a source routed transmission, the application must send a Create Source Route API frame (0x21) to the XBee to create a source route in its internal source route table. After sending the Create Source Route API frame, the application can send data transmission or remote command request frames as needed to the same destination, or any destination in the source route. Once data must be sent to a new destination (a destination not included in the last source route), the application must first send a new Create Source Route API frame.
Note If a Create Source Route API frame does not precede data frames, data loss may be encountered.
The XBee can buffer one source route that includes up to 11 hops (excluding source and destination). For example, suppose a network exists with a coordinator and 5 routers (R1, R2, R3, R4, R5) with known source routes as shown below.
To send a source-routed packet to R3, the application must send a Create Source Route API frame (0x21) to the XBee, with a destination of R3, and 2 hops (R1 and R2). If the 64- bit address of R3 is 0x0013A200 404a1234 and the 16-bit addresses of R1, R2, and R3 are:
XBee/XBee-PRO ZigBee RF Modules User Guide 72
Device 16-bit address
R1 0xAABB
R2 0xCCDD
R3 0xEEFF
Then the Create Source Route API frame would be:
7E 0012 21 00 0013A200 404A1234 EEFF 00 02 CCDD AABB 5C
Where:
0x0012 - length
0x21 - API ID (create source route)
0x00 - frame ID (set to 0 always)
0x0013A200 404A1234 - 64-bit address of R3 (destination)
0xEEFF - 16-bit address of R3 (destination)
0x00 - Route options (set to 0)
RF packet routing
0x02 - Number of intermediate devices in the source route
0xCCDD - Address of furthest device (1-hop from target)
0xAABB - Address of next-closer device
0x5C - Checksum (0xFF - SUM (all bytes after length))
Repairing source routes
It is possible in a network to have an existing source route fail (i.e. a device in the route moves or goes down, etc.). If a device goes down in a source routed network, all routes that used the device will be broken.
As mentioned previously, source routing must be used with many-to-one routing. (A device that uses source routing must also send a periodic many-to-one broadcast in order to keep routes fresh). If a source route is broken, remote devices must send in new route record transmissions to the data collector to provide it with a new source route. This requires that remote devices periodically send data transmissions into the data collector. See Acquiring source routes on page 71 for details.
Retries and acknowledgments
ZigBee includes acknowledgment packets at both the Mac and Application Support (APS) layers. When data is transmitted to a remote device, it may traverse multiple hops to reach the destination. As data is transmitted from one node to its neighbor, an acknowledgment packet (Ack) is transmitted in the opposite direction to indicate that the transmission was successfully received. If the Ack is not received, the transmitting device will retransmit the data, up to 4 times. This Ack is called the Mac layer acknowledgment.
In addition, the device that originated the transmission expects to receive an acknowledgment packet (Ack) from the destination device. This Ack will traverse the same path that the data traversed, but in the opposite direction. If the originator fails to receive this Ack, it will retransmit the data, up to two times until an Ack is received. This Ack is called the ZigBee APS layer acknowledgment.
Note Refer to the ZigBee specification for more details.
XBee/XBee-PRO ZigBee RF Modules User Guide 73

Encrypted transmissions

Disabling MTO routing
To disable MTO (many-to-one) routing in a network, first reconfigure the AR setting on the aggregator and then broadcast a network wide power reset (0x08 of the RE command) to rebuild the routing tables.
1. Set AR on the aggregator to 0xFF.
2. Do an AC command to enact the change.
3. Do a WR command if the saved configuration setting value for AR is not 0xFF.
This ends the periodic broadcast of aggregator messages if the previous setting was 0x01-0xFE, and prevents a single broadcast after a power reset if the previous setting was 0x00. Broadcast a FR remote command to the network and wait for the network to reform. This removes the aggregator's status as an aggregator from the network's routing tables so that no more route records will be sent to the aggregator.
Disabling route records
If an aggregator has collected route records from the nodes of the network and no longer needs to have route records (which consume network throughput) sent:
1. Set Bit 6 of DO to Enable High RAM Concentrator mode. High RAM mode means the aggregator has sufficient
memory to hold route records for its potential destinations.
2. Set AR to 0x00 for a one-time broadcast (which some nodes might miss), or a value in the range of 0x01 to
0xFE (in units of 10 seconds) to periodically send a broadcast to inform the network that the aggregator is operating in High RAM Concentrator mode and no longer needs to receive route records.
3. Use Create Source Route (API frame type 0x21) to load the route record for a destination into the local XBee's
source route table.
4. Send a unicast to the destination. The route record will be embedded in the payload and determine the
sequence of routers to use in transmitting the unicast to the destination. After receiving the unicast, the destination will no longer send route records to the aggregator, now that it has confirmed the High RAM Concentrator aggregator 'knows' its route record.
Clearing the source route table
To clear the source route table, change the AR setting from a non-0xFF setting to 0xFF and do an AC command. To re-establish periodic aggregator broadcasts, change the AR setting to a non-0xFF setting and do an AC command.
Encrypted transmissions
Encrypted transmissions are routed similar to non-encrypted transmissions with one exception. As an encrypted packet propagates from one device to another, each device decrypts the packet using the network key, and authenticates the packet by verifying packet integrity. It then re-encrypts the packet with its own source address and frame counter values, and sends the message to the next hop. This process adds some overhead latency to unicast transmissions, but it helps prevent replay attacks. See ZigBee Security on page 84 for details.
XBee/XBee-PRO ZigBee RF Modules User Guide 74

Maximum RF payload size

Maximum RF payload size
The NP command returns the maximum payload size in bytes. The actual maximum payload is a function of:
message type (broadcast or unicast)
AP setting
APS encryption option
source-routing.
Broadcasts, which are neither APS encryptable or fragmentable, have a maximum payload of 0x54 bytes. Unicasts where AP is 0 also have a maximum payload of 0x54 bytes. A non-zero AP means NP will be 0xFF or 255 bytes.
For broadcast messages and unicast messages when AP==0, the maximum payload is 0x54 bytes.
For unicast messages when AP is nonzero (API mode) the maximum payload is 0xFF (255 decimal) bytes. As needed, if the combination of payload and optional APS encryption overhead (EE1, TxOption 0x20) is too high, the message fragments into a maximum of five fragments. The firmware encrypts and transmits each fragment separately. The destination radio reassembles the fragments into a full message.
For Smart Energy firmware revision 5x32 and earlier, NP==0x80. As of 5x56, NP==0xFF.
The maximum payload is complicated to estimate for aggregator source-routing. To reduce the maximum payload, when an aggregator sends a source-routed message it embeds the route into the message as overhead, or into each fragment of the message if fragmentation is necessary. If you use APS encryption (EE1, Tx Option 0x20), it reduces the number further.
The route overhead is 2 bytes plus 2 bytes per hop. The bytes are:
one byte is the number of hops
one byte is an index into the route list that increments in value at each hop
the other data is a list of the 16-bit network addresses of the routing radios
Firmware revisions before 4x58 support a maximum of 11 aggregator source-routed hops. Firmware revisions 4x58 and following support a maximum of 25 aggregator source-routed hops.
Aggregator source-routed payload maximums do not apply to messages that are sourced by non-aggregator nodes, which send route records ahead of their messages to aggregators. Aggregators are either Coordinators or Routers which:
have source routing enabled
or
have an AR setting which is not 0xFF
The following table shows the aggregator source-routed payload maximums as a function of hops and APS encryption:
Hops Maximum encrypted payload Maximum unencrypted payload
1 255 255
2 255 255
3 245 255
4 235 255
5 225 255
XBee/XBee-PRO ZigBee RF Modules User Guide 75
Hops Maximum encrypted payload Maximum unencrypted payload
6 215 255
7 205 250
8 195 240
9 185 230
10 175 220
11 165 210
12 155 200
13 145 190
14 135 180
15 125 170
16 115 160
17 105 150
18 95 140

Throughput

19 85 130
20 75 120
21 65 110
22 55 100
23 45 90
24 35 80
25 25 70
Throughput
Throughput in a ZigBee network can vary by a number of variables, including: number of hops, encryption enabled/disabled, sleeping end devices, failures/route discoveries. Our empirical testing showed the following throughput performance in a robust operating environment (low interference).
Data throughput
Configuration Data Throughput
1 hop, RR, SD 58 kb/s
1 hop, RR, SE 34 kb/s
1 hop, RE, SD Not yet available
1
1 hop, RE, SE Not yet available
1 hop, ER, SD Not yet available
1 hop, ER, SE Not yet available
4 hops, RR, SD Not yet available
4 hops, RR, SE Not yet available
XBee/XBee-PRO ZigBee RF Modules User Guide 76

Latency timing specifications

Configuration Data Throughput
RR = router to router RE = router to end device (non-sleeping) ER = end device (non-sleeping) to router SD = security disabled SE = security enabled 4 hops = 5 nodes total, 3 intermediate router nodes
1. Data throughput measurements were made setting the serial interface rate to 115200 b/s, and measuring the time to send 100,000 bytes from source to destination. During the test, no route discoveries or failures occurred.
Latency timing specifications
Network Depth 100 Node Network 200 Node Network
1
2
4
1-byte packet:
32-byte packet:
1-byte packet:
32-byte packet:
1-byte packet:
32-byte packet:
1-byte packet:
32-byte packet:
1-byte packet:
32-byte packet:
1-byte packet:
32-byte packet:

ZDO transmissions

ZigBee defines a ZigBee Device Objects layer (ZDO) that can provide device and service discovery and network management capabilities. This layer is described below.
ZDO
The ZDO is supported to some extent on all ZigBee devices. The ZDO is an endpoint that implements services described in the ZigBee Device Profile in the ZigBee specification. Each service has an assigned cluster ID, and most service requests have an associated response. The following table describes some common ZDO services.
Cluster Name Cluster ID Description
Network Address Request 0x0000 Request a 16-bit address of the radio with a matching 64-bit address
(required parameter).
Active Endpoints Request 0x0005 Request a list of endpoints from a remote device.
LQI Request 0x0031 Request data from a neighbor table of a remote device.
Routing Table Request 0x0032 Request to retrieve routing table entries from a remote device.
Network Address Response 0x8000 Response that includes the 16-bit address of a device.
LQI Response 0x8031 Response that includes neighbor table data from a remote device.
Routing Table Response 0x8032 Response that includes routing table entry data from a remote device.
XBee/XBee-PRO ZigBee RF Modules User Guide 77
ZDO transmissions
Refer to the ZigBee specification for a detailed description of all ZigBee Device Profile services.

Sending a ZDO command

To send a ZDO command, an explicit transmit API frame must be used and formatted correctly. The source and destination endpoints must be set to 0, and the profile ID must be set to 0. The cluster ID must be set to match the cluster ID of the appropriate service. For example, to send an active endpoints request, the cluster ID must be set to 0x0005.
The first byte of payload in the API frame is an application sequence number (transaction sequence number) that can be set to any single byte value. This same value will be used in the first byte of the ZDO response. All remaining payload bytes must be set as required by the ZDO. All multi-byte values must be sent in little endian byte order.

Receiving ZDO commands and responses

In XBee ZB firmware, ZDO commands can easily be sent using the API. In order to receive incoming ZDO commands, receiver application addressing must be enabled with the AO command; see examples later in this section. Not all incoming ZDO commands are passed up to the application.
When a ZDO message is received on endpoint 0 and profile ID 0, the cluster ID indicates the type of ZDO message that was received. The first byte of payload is generally a sequence number that corresponds to a sequence number of a request. The remaining bytes are set as defined by the ZDO. Similar to a ZDO request, all multi-byte values in the response are in little endian byte order.
Example 1: send a ZDO LQI request to read the neighbor table contents of a remote.
Looking at the ZigBee specification, the cluster ID for an LQI Request is 0x0031, and the payload only requires a single byte (start index). This example will send an LQI request to a remote device with a 64-bit address of 0x0013A200 40401234. The start index will be set to 0, and the transaction sequence number will be set to 0x76
API frame
7E 0016 11 01 0013A200 40401234 FFFE 00 00 0031 0000 00 00 76 00 CE
0x0016 - length
0x11 - Explicit transmit request
0x01 - frame ID (set to a non-zero value to enable the transmit status message, or set to 0 to disable)
0x0013A200 40401234 - 64-bit address of the remote
0xFFFE - 16-bit address of the remote (0xFFFE = unknown). Optionally, set to the 16-bit address of the destination if known.
0x00 - Source endpoint
0x00 - Destination endpoint
0x0031 - Cluster ID (LQI Request, or Neighbor table request)
0x0000 - Profile ID (ZigBee Device Profile)
0x00 - Broadcast radius
0x00 - Tx Options
0x76 - Transaction sequence number
XBee/XBee-PRO ZigBee RF Modules User Guide 78
ZDO transmissions
0x00 - Required payload for LQI request command
0xCE - Checksum (0xFF - SUM (all bytes after length))
Description
This API frame sends a ZDO LQI request (neighbor table request) to a remote device to obtain data from its neighbor table. Recall that the AO command must be set correctly on an API device to enable the explicit API receive frames in order to receive the ZDO response.
Example 2: send a ZDO network Address Request to discover the 16-bit address of a remote.
Looking at the ZigBee specification, the cluster ID for a network Address Request is 0x0000, and the payload only requires the following:
[64-bit address] + [Request Type] + [Start Index]
This example will send a Network Address Request as a broadcast transmission to discover the 16-bit address of the device with a 64-bit address of 0x0013A200 40401234. The request type and start index will be set to 0, and the transaction sequence number will be set to 0x44
API frame
7E 001F 11 01 00000000 0000FFFF FFFE 00 00 0000 0000 00 00 44 34124040 00A21300 00 00 33
0x001F - length
0x11 - Explicit transmit request
0x01 - frame ID (set to a non-zero value to enable the transmit status message, or set to 0 to disable)
0x00000000 0000FFFF - 64-bit address for a broadcast transmission
0xFFFE - Set to this value for a broadcast transmission.
0x00 - Source endpoint
0x00 - Destination endpoint
0x0000 - Cluster ID (Network Address Request)
0x0000 - Profile ID (ZigBee Device Profile)
0x00 - Broadcast radius
0x00 - Tx Options
0x44 - Transaction sequence number
0x34124040 00A21300 00 00 - Required payload for Network Address Request command
0x33 - Checksum (0xFF - SUM (all bytes after length))
Description
This API frame sends a broadcast ZDO Network Address Request to obtain the 16-bit address of a device with a 64-bit address of 0x0013A200 40401234. Note the bytes for the 64-bit address were inserted in little endian byte order. All multi-byte fields in the API payload of a ZDO command must have their data inserted in little endian byte order. Also recall that the AO command must be set correctly on an API device to enable the explicit API receive frames in order to receive the ZDO response.
XBee/XBee-PRO ZigBee RF Modules User Guide 79

Transmission timeouts

Transmission timeouts
The ZigBee stack includes two kinds of transmission timeouts, depending on the nature of the destination device. For destination devices such as routers whose receiver is always on, a unicast timeout is used. The unicast timeout estimates a timeout based on the number of unicast hops the packet should traverse to get data to the destination device. For transmissions destined for end devices, the ZigBee stack uses an extended timeout that includes the unicast timeout (to route data to the end device's parent), and it includes a timeout for the end device to finish sleeping, wake, and poll the parent for data.
The ZigBee stack includes some provisions for a device to detect if the destination is an end device or not. The ZigBee stack uses the unicast timeout unless it knows the destination is an end device.
The XBee API includes a transmit options bit that can be set to specify if the extended timeout should be used for a given transmission. If this bit is set, the extended timeout will be used when sending RF data to the specified destination. To improve routing reliability, applications should set the extended timeout bit when sending data to end devices if:
The application sends data to 10 or more remote devices, some of which are end devices, AND
The end devices may sleep longer than the unicast timeout
Equations for these timeouts are computed in the following sections.
Note The timeouts in this section are worst-case timeouts and should be padded by a few hundred
milliseconds. These worst-case timeouts apply when an existing route breaks down (e.g. intermediate hop or destination device moved).

Unicast timeout

The unicast timeout is settable with the NH command. The actual unicast timeout is computed as ((50 * NH) +
100). The default NH value is 30 which equates to a 1.6 second timeout.
The unicast timeout includes 3 transmission attempts (1 attempt and 2 retries). The maximum total timeout is about:
3 * ((50 * NH) + 100).
For example, if NH=30 (0x1E), the unicast timeout is about
3 * ((50 * 30) + 100), or
3 * (1500 + 100), or
3 * (1600), or
4800 ms, or
4.8 seconds.

Extended timeout

The worst-case transmission timeout when sending data to an end device is somewhat larger than when transmitting to a router or coordinator. As described Parent operation on page 108, RF data packets are actually sent to the parent of the end device, who buffers the packet until the end device wakes to receive it. The parent will buffer an RF data packet for up to (1.2 * SP) time.
To ensure the end device has adequate time to wake and receive the data, the extended transmission timeout to an end device is:
XBee/XBee-PRO ZigBee RF Modules User Guide 80
Transmission timeouts
(50 * NH) + (1.2 * SP)
This timeout includes the packet buffering timeout (1.2 * SP) and time to account for routing through the mesh network (50 * NH).
If an acknowledgment is not received within this time, the sender will resend the transmission up to two more times. With retries included, the longest transmission timeout when sending data to an end device is:
3 * ((50 * NH) + (1.2 * SP))
The SP value in both equations must be entered in millisecond units. (The SP command setting uses 10ms units and must be converted to milliseconds to be used in this equation.)
For example, suppose a router is configured with NH=30 (0x1E) and SP=0x3E8 (10,000 ms), and that it is either trying to send data to one of its end device children, or to a remote end device. The total extended timeout to the end device is about:
3 * ((50 * NH) + (1.2 * SP)), or
3 * (1500 + 12000), or
3 * (13500), or
40500 ms, or
40.5 seconds.

Transmission examples

Example 1: send a unicast API data transmission to the coordinator using 64-bit address 0, with payload “TxData”.
API frame
7E 0014 10 01 00000000 00000000 FFFE 00 00 54 78 44 61 74 61 AB
Field composition
0x0014 - length
0x10 - API ID (TX data)
0x01 - frame ID (set greater than 0 to enable the TX-status response)
0x00000000 00000000 - 64-bit address of coordinator (ZB definition)
0xFFFE - Required 16-bit address if sending data to 64-bit address of 0.
0x00 - Broadcast radius (0 = max hops)
0x00 - Tx options
0x54 78 44 61 74 61 - ASCII representation of “TxData” string
0xAB - Checksum (0xFF - SUM (all bytes after length))
Description
This transmission sends the string “TxData” to the coordinator, without knowing the coordinator device's 64-bit address. A 64-bit address of 0 is defined as the coordinator in ZB firmware. If the coordinator's 64-bit address was
XBee/XBee-PRO ZigBee RF Modules User Guide 81
Transmission timeouts
known, the 64-bit address of 0 could be replaced with the coordinator's 64-bit address, and the 16-bit address could be set to 0.
Example 2: send a broadcast API data transmission that all devices can receive (including sleeping end devices), with payload “TxData”.
API frame
7E 0014 10 01 00000000 0000FFFF FFFE 00 00 54 78 44 61 74 61 AD
Field composition
0x0014 - length
0x10 - API ID (TX data)
0x01 - frame ID (set to a non-zero value to enable the TX-status response)
0x00000000 0000FFFF - Broadcast definition (including sleeping end devices
0xFFFE - Required 16-bit address to send broadcast transmission.
0x00 - Broadcast radius (0 = max hops)
0x00 - Tx options
0x54 78 44 61 74 61 - ASCII representation of “TxData” string
0xAD - Checksum (0xFF - SUM (all bytes after length))
Description
This transmission sends the string “TxData” as a broadcast transmission. Since the destination address is set to 0xFFFF, all devices, including sleeping end devices can receive this broadcast.
If receiver application addressing is enabled, the XBee will report all received data frames in the explicit format (0x91) to indicate the source and destination endpoints, cluster ID, and profile ID that each packet was received on. (Status messages like modem status and route record indicators are not affected.)
To enable receiver application addressing, set the AO command to 1 using the AT command frame (0x08). Here's how to do this:
API frame
7E 0005 08 01 414F 01 65
Field composition
0x0005 - length
0x08 - API ID (at command)
0x01 - frame ID (set to a non-zero value to enable AT command response frames)
0x414F - ASCII representation of 'A','O' (the command being issued)
0x01 - Parameter value
0x65 - Checksum (0xFF - SUM (all bytes after length))
Description
XBee/XBee-PRO ZigBee RF Modules User Guide 82
Transmission timeouts
Setting AO=1 is required for the XBee to use the explicit receive API frame (0x91) when RF data packets are received. This is required if the application needs indication of source or destination endpoint, cluster ID, and/or profile ID values used in received ZigBee data packets. ZDO messages can only be received if AO=1.
XBee/XBee-PRO ZigBee RF Modules User Guide 83

ZigBee Security

ZigBee supports various levels of security that can be configured depending on the needs of the application. Security provisions include:
128-bit AES encryption
Two security keys that can be preconfigured or obtained during joining
Support for a trust center
Provisions to ensure message integrity, confidentiality, and authentication
The first half of this section describes various security features defined in the ZigBee specification, while the last half illustrates how the XBee modules can be configured to support these features

Security modes

The ZigBee standard supports three security modes – residential, standard, and high security. Residential security was first supported in the ZigBee 2006 standard. This level of security requires a network key be shared among devices. Standard security adds a number of optional security enhancements over residential security, including an APS layer link key. High security adds entity authentication, and a number of other features not widely supported.
XBee ZB modules primarily support standard security, although end devices that support residential security can join and interoperate with standard security devices. The remainder of this section focuses on material that is relevant to standard security.

ZigBee security model

ZigBee security is applied to the Network and APS layers. Packets are encrypted with 128-bit AES encryption. A network key and optional link key can be used to encrypt data. Only devices with the same keys are able to communicate together in a network. Routers and end devices that will communicate on a secure network must obtain the correct security keys.

Network layer security

The network key is used to encrypt the APS layer and application data. In addition to encrypting application messages, network security is also applied to route request and reply messages, APS commands, and ZDO commands. Network encryption is not applied to MAC layer transmissions such as beacon transmissions, etc. If security is enabled in a network, all data packets will be encrypted with the network key.
XBee/XBee-PRO ZigBee RF Modules User Guide 84
ZigBee security model
Packets are encrypted and authenticated using 128-bit AES. This is shown in the figure below.

Frame counter

The network header of encrypted packets includes a 32-bit frame counter. Each device in the network maintains a 32-bit frame counter that is incremented for every transmission. In addition, devices track the last known 32-bit frame counter for each of its neighbors. If a device receives a packet from a neighbor with a smaller frame counter than it has previously seen, the packet is discarded. The frame counter is used to protect against replay attacks.
If the frame counter reaches a maximum value of 0xFFFFFFFF, it does not wrap to 0 and no more transmissions can be sent. Due to the size of the frame counters, reaching the maximum value is a very unlikely event for most applications. The following table shows the required time under different conditions, for the frame counter to reach its maximum value.
Average Transmission Rate Time until 32-bit frame counter expires
1 / second 136 years
10 / second 13.6 years
To clear the frame counters without compromising security, the network key can be changed in the network. When the network key is updated, the frame counters on all devices reset to 0. (See the Network Key Updates section for details.)

Message integrity code

The network header, APS header, and application data are all authenticated with 128-bit AES. A hash is performed on these fields and is appended as a 4-byte message integrity code (MIC) to the end of the packet. The MIC allows receiving devices to ensure the message has not been changed. The MIC provides message integrity in the ZigBee security model. If a device receives a packet and the MIC does not match the device’s own hash of the data, the packet is dropped.

Network layer encryption and decryption

Packets with network layer encryption are encrypted and decrypted by each hop in a route. When a device receives a packet with network encryption, it decrypts the packet and authenticates the packet. If the device is not the destination, it then encrypts and authenticates the packet, using its own frame counter and source address in the network header section.
XBee/XBee-PRO ZigBee RF Modules User Guide 85
ZigBee security model
Since network encryption is performed at each hop, packet latency is slightly longer in an encrypted network than in a non-encrypted network. Also, security requires 18 bytes of overhead to include a 32-bit frame counter, an 8-byte source address, 4-byte MIC, and 2 other bytes. This reduces the number of payload bytes that can be sent in a data packet.

Network key updates

ZigBee supports a mechanism for changing the network key in a network. When the network key is changed, the frame counters in all devices reset to 0.

APS layer security

APS layer security can be used to encrypt application data using a key that is shared between source and destination devices. Where network layer security is applied to all data transmissions and is decrypted and re­encrypted on a hop-by-hop basis, APS security is optional and provides end-to-end security using an APS link key that only the source and destination device know. APS security can be applied on a packet-by-packet basis. APS security cannot be applied to broadcast transmissions.
If APS security is enabled, packets are encrypted and authenticated using 128-bit AES. This is shown in the figure below:

Message integrity code

If APS security is enabled, the APS header and data payload are authenticated with 128-bit AES. A hash is performed on these fields and appended as a 4-byte message integrity code (MIC) to the end of the packet. This MIC is different than the MIC appended by the network layer. The MIC allows the destination device to ensure the message has not been changed. If the destination device receives a packet and the MIC does not match the destination device’s own hash of the data, the packet is dropped.

APS link keys

There are two kinds of APS link keys – trust center link keys and application link keys. A trust center link key is established between a device and the trust center, where an application link key is established between a device and another device in the network where neither device is the trust center.
XBee/XBee-PRO ZigBee RF Modules User Guide 86
ZigBee security model

APS layer encryption and decryption

Packets with APS layer encryption are encrypted at the source and only decrypted by the destination. Since APS encryption requires a 5-byte header and a 4-byte MIC, the maximum data payload is reduced by 9 bytes when APS encryption is used.

Network and APS layer encryption

Network and APS layer encryption can both be applied to data. The following figure demonstrates the authentication and encryption performed on the final ZigBee packet when both are applied.

Trust center

ZigBee defines a trust center device that is responsible for authenticating devices that join the network. The trust center also manages link key distribution in the network.

Forming and joining a secure network

The coordinator is responsible for selecting a network encryption key. This key can either be preconfigured or randomly selected. In addition, the coordinator generally operates as a trust center and must therefore select the trust center link key. The trust center link key can also be preconfigured or randomly selected.
Devices that join the network must obtain the network key when they join. When a device joins a secure network, the network and link keys can be sent to the joining device. If the joining device has a pre-configured trust center link key, the network key will be sent to the joining device encrypted by the link key. Otherwise, if the joining device is not pre-configured with the link key, the device could only join the network if the network key is sent unencrypted (“in the clear”). The trust center must decide whether or not to send the network key unencrypted to joining devices that are not pre-configured with the link key. Sending the network key unencrypted is not recommended as it can open a security hole in the network. To maximize security, devices should be pre­configured with the correct link key.
XBee/XBee-PRO ZigBee RF Modules User Guide 87

Implementing security on the XBee

Implementing security on the XBee
If security is enabled in the XBee ZB firmware, devices acquire the network key when they join a network. Data transmissions are always encrypted with the network key, and can optionally be end-to-end encrypted with the APS link key. The following sections discuss the security settings and options in the XBee ZB firmware.

Enabling security

To enable security on a device, the EE command must be set to 1. If the EE command value is changed and changes are applied (e.g. AC command), the XBee module will leave the network (PAN ID and channel) it was operating on, and attempt to form or join a new network.
If EE is set to 1, all data transmissions will be encrypted with the network key. When security is enabled, the maximum number of bytes in a single RF transmission will be reduced. See the NP command for details.
Note The EE command must be set the same on all devices in a network. Changes to the EE command should
be written to non-volatile memory (to be preserved through power cycle or reset events) using the WR command.

Setting the Network Security Key

The coordinator must select the network security key for the network. The NK command (write-only) is used to set the network key. If NK=0 (default), a random network key will be selected. (This should suffice for most applications.) Otherwise, if NK is set to a non-zero value, the network security key will use the value specified by NK. NK is only supported on the coordinator.
Routers and end devices with security enabled (ATEE=1) acquire the network key when they join a network. They receive the network key encrypted with the link key if they share a pre-configured link key with the coordinator. See the following section for details.
Note In ZigBee, if EE and EO are set to 0x01, then the network key is sent in the clear (unencrypted) with the
link key at association time. This may be a useful setting in development environments, but we discourage it for product deployment for security reasons.

Setting the APS Trust Center Link Key

The coordinator must also select the trust center link key, using the KY command. If KY=0 (default), the coordinator will select a random trust center link key (not recommended). Otherwise, if KY is set greater than 0, this value will be used as the pre-configured trust center link key. KY is write-only and cannot be read.
Note Application link keys (sent between two devices where neither device is the coordinator) are not
supported in ZB firmware at this time.
Random Trust Center Link keys
If the coordinator selects a random trust center link key (KY=0, default), then it will allow devices to join the network without having a pre-configured link key. However, this will cause the network key to be sent unencrypted over-the-air to joining devices and is not recommended.
Pre-configured Trust Center Link keys
XBee/XBee-PRO ZigBee RF Modules User Guide 88

XBee security examples

If the coordinator uses a pre-configured link key (KY > 0), then the coordinator will not send the network key unencrypted to joining devices. Only devices with the correct pre-configured link key will be able to join and communicate on the network.

Enabling APS encryption

APS encryption is an optional layer of security that uses the link key to encrypt the data payload. Unlike network encryption that is decrypted and encrypted on a hop-by-hop basis, APS encryption is only decrypted by the destination device. The XBee must be configured with security enabled (EE set to 1) to use APS encryption.
APS encryption can be enabled in API mode on a per-packet basis. To enable APS encryption for a given transmission, the “enable APS encryption” transmit options bit should be set in the API transmit frame. Enabling APS encryption decreases the maximum payload size by 9 bytes.

Using a Trust Center

The EO command can be used to define the coordinator as a trust center. If the coordinator is a trust center, it will be alerted to all new join attempts in the network. The trust center also has the ability to update or change the network key on the network.
In ZB firmware, a secure network can be established with or without a trust center. Network and APS layer encryption are supported if a trust center is used or not.
Updating the Network Key with a Trust Center
If the trust center has started a network and the NK value is changed, the coordinator will update the network key on all devices in the network. (Changes to NK will not force the device to leave the network.) The network will continue to operate on the same channel and PAN ID, but the devices in the network will update their network key, increment their network key sequence number, and restore their frame counters to 0.
Updating the Network Key without a Trust Center
If the coordinator is not running as a trust center, the network reset command (NR1) can be used to force all devices in the network to leave the current network and rejoin the network on another channel. When devices leave and reform then network, the frame counters are reset to 0. This approach will cause the coordinator to form a new network that the remaining devices should join. Resetting the network in this manner will bring the coordinator and routers in the network down for about 10 seconds, and will likely cause the 16-bit PAN ID and 16­bit addresses of the devices to change.
XBee security examples
This section covers some sample XBee configurations to support different security modes. Several AT commands are listed with suggested parameter values. The notation in this section includes an '=' sign to indicate what each command register should be set to - for example, EE=1. This is not the correct notation for setting command values in the XBee. In AT command mode, each command is issued with a leading 'AT' and no '=' sign - for example ATEE1. In the API, the two byte command is used in the command field, and parameters are populated as binary values in the parameter field.

Example 1: forming a network with security (pre-configured link keys)

1. Start a coordinator with the following settings:
2. ID=2234 (arbitrarily selected)
XBee/XBee-PRO ZigBee RF Modules User Guide 89
XBee security examples
d. EE=1
e. NK=0
f. KY=4455
g. WR (save networking parameters to preserve them through power cycle)
3. Configure one or more routers or end devices with the following settings:
a. ID=2234
b. EE=1
c. KY=4455
d. WR (save networking parameters to preserve them through power cycle)
4. Read the AI setting on the coordinator and joining devices until they return 0 (formed or joined a network).
In this example, EE, ID, and KY are set the same on all devices. After successfully joining the secure network, all application data transmissions will be encrypted by the network key. Since NK was set to 0 on the coordinator, a random network key was selected. And since the link key (KY) was configured the same on all devices, to a non­zero value, the network key was sent encrypted by the pre-configured link key (KY) when the devices joined.

Example 2: forming a network with security (obtaining keys during joining)

1. Start a coordinator with the following settings:
a. ID=2235
b. EE=1
c. NK=0
d. KY=0
e. WR (save networking parameters to preserve them through power cycle)
2. Configure one or more routers or end devices with the following settings:
a. ID=2235
b. EE=1
c. KY=0
d. WR (save networking parameters to preserve them through power cycle)
3. Read the AI setting on the coordinator and joining devices until they return 0 (formed or joined a network).
In this example, EE, ID, and KY are set the same on all devices. Since NK was set to 0 on the coordinator, a random network key was selected. And since KY was set to 0 on all devices, the network key was sent unencrypted (“in the clear”) when the devices joined. This approach introduces a security vulnerability into the network and is not recommended.
XBee/XBee-PRO ZigBee RF Modules User Guide 90

Network commissioning and diagnostics

Network commissioning is the process whereby devices in a mesh network are discovered and configured for operation. The XBee modules include several features to support device discovery and configuration. In addition to configuring devices, a strategy must be developed to place devices to ensure reliable routes.
To accommodate these requirements, the XBee modules include various features to aid in device placement, configuration, and network diagnostics.

Device configuration

XBee modules can be configured locally through serial commands (AT or API), or remotely through remote API commands. API devices can send configuration commands to set or read the configuration settings of any device in the network.

Device placement

For a mesh network installation to be successful, the installer must be able to determine where to place individual XBee devices to establish reliable links throughout the mesh network.

Link testing

A good way to measure the performance of a mesh network is to send unicast data through the network from one device to another to determine the success rate of many transmissions. To simplify link testing, the modules support a loopback cluster ID (0x12) on the data endpoint (0xE8). Any data sent to this cluster ID on the data endpoint will be transmitted back to the sender. This is shown in the figure below:
XBee/XBee-PRO ZigBee RF Modules User Guide 91

Device discovery

The configuration steps to send data to the loopback cluster ID depend on the serial port mode as determined by the AP command.
Transparent Mode
To send data to the loopback cluster ID on the data endpoint of a remote device, set the CI command value to 0x12. The SE and DE commands should be set to 0xE8 (default value). The DH and DL commands should be set to the address of the remote (0 for the coordinator, or the 64-bit address of the remote). After exiting command mode, any received serial characters will be transmitted to the remote device, and returned to the sender.
API Mode
Send an Explicit Addressing ZigBee Command API frame (0x11) using 0x12 as the cluster ID and 0xE8 as the source and destination endpoint. Data packets received by the remote will be echoed back to the sender.

RSSI indicators

It is possible to measure the received signal strength on a device using the DB command. DB returns the RSSI value (measured in –dBm) of the last received packet. However, this number can be misleading. The DB value only indicates the received signal strength of the last hop. If a transmission spans multiple hops, the DB value provides no indication of the overall transmission path, or the quality of the worst link – it only indicates the quality of the last link and should be used sparingly.
The DB value can be determined in hardware using the RSSI/PWM module pin (pin 6). If the RSSI PWM functionality is enabled (P0 command), when the module receives data, the RSSI PWM is set to a value based on the RSSI of the received packet. (Again, this value only indicates the quality of the last hop.) This pin could potentially be connected to an LED to indicate if the link is stable or not.
Device discovery

Network discovery

The network discovery command can be used to discover all Digi modules that have joined a network. Issuing the ND command sends a broadcast node discovery command throughout the network. All devices that receive the command will send a response that includes the device’s addressing information, node identifier string (see NI command), and other relevant information. This command is useful for generating a list of all module addresses in a network.
When a device receives the node discovery command, it waits a random time before sending its own response. The maximum time delay is set on the ND sender with the NT command. The ND originator includes its NT setting
XBee/XBee-PRO ZigBee RF Modules User Guide 92

Commissioning Pushbutton and Associate LED

A pushbutton and an LED can be connected to module pins 33 and 28 (SMT), or pins 20 and 15 (TH) respectively to support the commissioning pushbutton and Associate LED functionalities.
in the transmission to provide a delay window for all devices in the network. Large networks may need to increase NT to improve network discovery reliability. The default NT value is 0x3C (6 seconds).

ZDO discovery

The ZigBee Device Profile includes provisions to discover devices in a network that are supported on all ZigBee devices (including non-Digi products). These include the LQI Request (cluster ID 0x0031) and the Network Update Request (cluster ID 0x0038). The LQI Request can be used to read the devices in the neighbor table of a remote device, and the Network Update Request can be used to have a remote device do an active scan to discover all nearby ZigBee devices. Both of these ZDO commands can be sent using the XBee Explicit API transmit frame (0x11). See API Operation on page 130 for details. Refer to the ZigBee specification for formatting details of these two ZDO frames.

Joining Announce

All ZigBee devices send a ZDO Device Announce broadcast transmission when they join a ZigBee network (ZDO cluster ID 0x0013). These frames will be sent out the XBee's serial port as an Explicit Rx Indicator API frame (0x91) if AO is set to 1. The device announce payload includes the following information:
[Sequence Number] + [16-bit address] + [64-bit address] + [Capability]
The 16-bit and 64-bit addresses are received in little-endian byte order (LSB first). See the ZigBee specification for details.
Commissioning Pushbutton and Associate LED
The XBee modules support a set of commissioning and LED behaviors to aid in device deployment and commissioning. These include the commissioning pushbutton definitions and associate LED behaviors. These features can be supported in hardware. The following figure shows the Commissioning Pushbutton and Associate LED functionalities.
XBee/XBee-PRO ZigBee RF Modules User Guide 93
Button
t
Device Not Joined
Dev ice has joi ned a netw ork
Associate
The associate pin can indicate the joined status of a device . Once the device has joined a
network, the associate pin toggles state at a regular interval (t). The time can be set by
using the LT command.
Presses
Commissioning Pushbutton and Associate LED

Commissioning Pushbutton

The commissioning pushbutton definitions provide a variety of simple functions to aid in deploying devices in a network. The commissioning button functionality on pin 33 (SMT) or pin 20 (TH) is enabled by setting the D0 command to 1 (enabled by default).
If module is joined to a network If module is not joined to a network
Wakes an end device for 30 seconds
1
Sends a node identification broadcast transmission
Wakes an end device for 30 seconds Blinks a numeric error code on the Associate pin indicating the cause of join failure.
Sends a broadcast transmission to enable joining on
2
the coordinator and all devices in the network for 1 minute. (If joining is permanently enabled on a device
N/A
(NJ = 0xFF), this action has no effect on that device.)
Causes the device to leave the PAN. Issues ATRE to restore module parameters to default
4
values, including ID and SC. The device attempts to join a network based on its ID
Issues ATRE to restore module parameters to default values, including ID and SC. The device attempts to join a network based on its ID and SC settings.
and SC settings.
Button presses may be simulated in software using the ATCB command. ATCB should be issued with a parameter set to the number of button presses to execute. (e.g. sending ATCB1 will execute the action(s) associated with a single button press.)
The node identification frame is similar to the node discovery response frame – it contains the device’s address, node identifier string (NI command), and other relevant data. All API devices that receive the node identification frame send it out their serial port as an API Node Identification Indicator frame (0x95).

Associate LED

The Associate pin (pin 28/SMT, pin 33/TH) can provide indication of the device’s network status and diagnostics information. To take advantage of these indications, an LED can be connected to the Associate pin as shown in the figure above. The Associate LED functionality is enabled by setting the D5 command to 1 (enabled by default). If enabled, the Associate pin is configured as an output and will behave as described in the following sections.
Joined indication
The Associate pin indicates the network status of a device. If the module is not joined to a network, the Associate pin is set high. Once the module successfully joins a network, the Associate pin blinks at a regular time interval. The following figure shows the joined status of a device
XBee/XBee-PRO ZigBee RF Modules User Guide 94
Commissioning Pushbutton and Associate LED
Associate
(D5 = 1
Device not joined)
A single commissioning button press when the device has not joined a network that causes the associate pin to blink to indicate the AI Code where: AI = # blinks + 0x20.
In this example, AI = 0x22.
AD0/DIO0
Associate Pin
(D5 = 1)
AD0/DIO0 Pi n
(Remote Device)
A single button press on a remote device causes a broadcast node identification transmission
to be sent. All devices that receive this transmission blink their associate pin rapidly for one
second if the associate LED functionality is enabled. (D5 = 1)
The LT command defines the blink time of the Associate pin. If set to 0, the device uses the default blink time (500ms for coordinator, 250ms for routers and end devices).
Diagnostics support
The Associate pin works with the commissioning pushbutton to provide additional diagnostics behaviors to aid in deploying and testing a network. If the commissioning push button is pressed once, and the device has not joined a network, the Associate pin blinks a numeric error code to indicate the cause of join failure. The number of blinks is equal to (AI value – 0x20). For example, if AI=0x22, 2 blinks occur.
If the commissioning push button is pressed once, and the device has joined a network, the device transmits a broadcast node identification packet. If the Associate LED functionality is enabled (D5 command), a device that receives this transmission will blink its Associate pin rapidly for 1 second.
The following figures demonstrate these behaviors.

Binding

There are three binding request messages supported by the Digi XBee firmware: End Device Bind, Bind, and Unbind.
End_Device_Bind_req
The End Device Bind request (ZDO cluster 0x0020) is described in the ZigBee Specification.
During a deployment, an installer may need to bind a switch to a light. He presses a commissioning button sequence on each device. This causes them to send End_Device_Bind_req messages to the Coordinator within a time window (60 s). The payload of each message is a simple descriptor which lists input and output clusterIDs. The Coordinator matches the requests by pairing complementary clusterIDs. After a match has been made, it sends messages to bind the devices together. When the process is over, both devices will have entries in their binding tables which support indirect addressing of messages between their bound endpoints.
XBee/XBee-PRO ZigBee RF Modules User Guide 95
R1->C End_Device_Bind_req
R2->C End_Device_Bind_req
R1, R2 send End_Device_Bind_req within 60 s of each other to C
C matches the requests.
C tests one to see if binding is already in place:
R2<-C Unbind_req
R2->C Unbind-rsp (status code - NO_ENTRY)
C proceeds to create binding table entries on the two devices.
R1<-C Bind_req
R1->C Bind_rsp
R2<-C Bind_req
R2->C Bind_rsp
C sends responses to the original End_Device_Bind_req messages.
R1-<C End_Device_Bind_rsp
Commissioning Pushbutton and Associate LED
R2-<C End_Device_Bind_rsp
End Device binding sequence (binding)
This message has a toggle action. If the same two devices were to subsequently send End_Device_Bind_req messages to the Coordinator, the Coordinator would detect they were already bound, and then send Unbind_req messages to remove the binding.
An installer can use this to remove a binding which was made incorrectly, say from a switch to the wrong lamp, simply by repeating the commissioning button sequence he used beforehand.
R1->C End_Device_Bind_req
R2->C End_Device_Bind_req
R1, R2 send End_Device_Bind_req within 60 s of each other to C
C matches the requests.
C tests one to see if binding is already in place:
R2<-C Unbind_req
R2->C Unbind-rsp (status code - SUCCESS)
C proceeds to remove binding table entries from the two devices.
R1<-C Unbind_req
R1->C Unbind_rsp
R2<-C Unbind_req
R2->C Unbind_rsp
C sends responses to the original End_Device_Bind_req messages.
R1-<C End_Device_Bind_rsp
R2-<C End_Device_Bind_rsp
XBee/XBee-PRO ZigBee RF Modules User Guide 96
Commissioning Pushbutton and Associate LED
End Device binding sequence (removal)
This example shows a correctly formatted End_Device_Bind_req (ZDO cluster 0x0020) using a Digi 0x11 Explicit API Frame:
The frame as a bytelist:
7e002811010000000000000000fffe000000200000000001f2995cb5474000a21300e605c101010001020046
Same frame broken into labeled fields. Note the multibyte fields are represented in big-endian format.
7e Frame Delimiter
0028 Frame Length
11 API Frame Type (Explicit Frame)
01 Frame Identifier (for response matching)
0000000000000000 Coordinator address
fffe Code for unknown network address
00 Source Endpoint (need not be 0x00)
00 Destination Endpoint (ZDO endpoint)
0020 Cluster 0x0020 (End_Device_Bind_req)
0000 ProfileID (ZDO)
00 Radius (default, maximum hops)
00 Transmit Options
01f2995cb5474000a21300e605c1010100010200 RFData (ZDO payload)
46 Checksum
Here is the RFData (the ZDO payload) broken into labeled fields. Note the multi-byte fields of a ZDO payload are represented in little-endian format.
01 Transaction Sequence Number
f299 Binding Target (16 bit network address of sending device)
5cb5474000a21300 (64 bit address of sending device)
e6 Source Endpoint on sending device
05c1 ProfileID (0xC105) - used when matching End_Device_Bind_requests
01 Number of input clusters
0100 Input cluster ID list (0x0100)
01 Number of output clusters
0200 Output cluster ID list (0x0200)
Example of a End_Device_Bind_req
XBee/XBee-PRO ZigBee RF Modules User Guide 97
Commissioning Pushbutton and Associate LED
Bind_req
The Bind request (ZDO cluster 0x0021) is described in the ZigBee Specification. A binding may be coded for either a unicast or a multicast/groupID message.
Unbind_req
The Unbind request (ZDO cluster 0x0022) is described in the ZigBee Specification.

Group Table API

Unlike the Binding Table which is managed with ZDO commands, a ZigBee Group Table is managed by the ZigBee Cluster Library Groups Cluster (0x0006) with ZCL commands.
The Digi ZigBee XBee firmware is intended to work with an external processor where a Public Application Profile with endpoints and clusters is implemented, including a Groups Cluster. The ZigBee XBee firmware should be configured to forward all ZCL commands addressed to this Group Cluster out the UART (see ATAO3). The ZigBee XBee will not use remote Groups Cluster commands to manage its own Group Table.
But for the sake of implementing multicast (group) addressing within the XBee, the external processor must keep the XBee's group table state in sync with its own. And so a Group Table API has been defined whereby the external processor can manage the state of the ZigBee XBee's group table.
The design of the Group Table API of the XBee firmware is derived from the ZCL Group Cluster 0x0006. Developers should use the Explicit API frame 0x11 addressed to the Digi Device Object endpoint (0xE6) with the Digi XBee ProfileID (0xC105) to send commands and requests to the local device.
As a design note, the ZigBee Home Automation Public Application Profile says groups should only be used for sets of more than 5 devices. This implies sets of 5 or fewer devices should be managed with multiple binding table entries.
There are five commands implemented in the API: Add Group, View Group, Get Group Membership, Remove Group, and Remove All Groups.
There is a sixth command of the Group Cluster described in the ZCL, Add Group If Identifying, which is not supported in this API, because its implementation requires access to the Identify Cluster, which is not maintained on the XBee. The external processor will need to implement that server command while using the Group Table API to keep the XBee's group table in sync using the five command primitives described hereafter.
Add Group
The purpose of the Add Group command is to add a group table entry to associate an active endpoint with a groupID and optionally a groupName. The groupID is a two byte value. The groupName consists of zero to 16 ASCII characters.
The intent of the example which follows is to add a group table entry which associates endpoint E7 with groupID 1234 and groupName “ABCD”.
The example packet is given in three parts, the preamble, ZCL Header, and ZCL payload:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and profileID of 0xC105. The destination endpoint E7 holds the endpoint parameter for the “Add Group” command.
ZCL_header = “01 ee 00"
The first field (byte) is a frame control field which specifies a Cluster Specific command (0x01) using a Client­>Server direction(0x00). The second field is a transaction sequence number which is used to associate the response with the command request. The third field is the command identifier for “Add Group” (0x00)[2].
XBee/XBee-PRO ZigBee RF Modules User Guide 98
Commissioning Pushbutton and Associate LED
ZCL_payload = “3412 04 41 42 43 44"
The first two bytes is the group Id to add in little endian representation. The next byte is the string name length (00 if no string is wanted). The other bytes are the descriptive ASCII string name (“ABCD”) for the group table entry. Note the string is represented with its length in the first byte, and the other bytes containing the ASCII characters.
The example packet in raw hex byte form:
7e001e11010013a2004047b55cfffee6e70006c105000001ee0034120441424344c7
The response in raw hex byte form, consisting of two packets:
7e0018910013a2004047b55cfffee7e68006c1050009ee0000341238
7e00078b01fffe00000076
The response in decoded form:
ZigBee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6
ClusterID 0x8006 ProfileID 0xC105 Options 0x00
RF_Data 0x09EE00003412
The response in terms of Preamble, ZCL Header, and ZCL payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has its endpoint values reversed from the request, and the clusterID is 0x8006 indicating a Group cluster response.
ZCL_header = “09 ee 00"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server-> Client direction. The second field is a transaction sequence number which is used to associate the response with the command request. The third field is the command identifier “Add Group” (0x00)[2].
ZCL_payload = “00 3412"
The first byte is a status byte (SUCCESS=0x00)[3][4]. The next two bytes hold the group ID (0x1234) in little endian form.
And here is the decoded second message, which is a Tx Status for the original command request. If the FrameId value in the original command request had been zero, or if no space was available in the transmit UART buffer, then no Tx Status message would occur.
ZigBee Tx Status
API 0x8B FrameID 0x01 16DestAddr 0xFFFE
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
XBee/XBee-PRO ZigBee RF Modules User Guide 99
Commissioning Pushbutton and Associate LED
View Group
The purpose of the View Group command is to get the name string which is associated with a particular endpoint and groupID.
The intent of the example is to get the name string associated with the endpoint E7 and groupID 1234.
The packet:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and profileID of 0xC105. The destination endpoint E7 is the endpoint parameter for the “View Group” command.
ZCL_header = “01 ee 01"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Client->Server direction(0x00). The second field is a transaction sequence number which is used to associate the response with the command request. The third field is the command identifier “View Group” (0x01) [5].
ZCL_payload = “3412”
The two byte value is the groupID in little-endian representation.
The packet in raw hex byte form:
7e001911010013a2004047b55cfffee6e70006c105000001ee013412d4
The response in raw hex byte form, consisting of two packets:
7e001d910013a2004047b55cfffee7e68006c1050009ee01003412044142434424
7e00078b01fffe00000076
The command response in decoded form:
ZigBee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6
ClusterID 0x8006 ProfileID 0xC105 Options 0x00
RF_Data 0x09EE010034120441424344
The response in terms of Preamble, ZCL Header, and ZCL payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has its endpoint values reversed from the request, and the clusterID is 0x8006 indicating a Group cluster response.
ZCL_header = “09 ee 01"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server->Client direction (0x08). The second field is a transaction sequence number which is used to associate the response with the command request. The third field is the command identifier “View Group” (0x01) [6].
ZCL_payload = “00 3412 0441424344"
The first byte is a status byte (SUCCESS=0x00)[6][4]. The next two bytes hold the groupID (0x1234) in little-endian form. The next byte is the name string length (0x04). The remaining bytes are the ASCII name string characters (“ABCD”).
And here is the decoded second message, which is a Tx Status for the original command request. If the FrameId value in the original command request had been zero, or if no space was available in the transmit UART buffer, then no Tx Status message would occur.
ZigBee Tx Status
XBee/XBee-PRO ZigBee RF Modules User Guide 100
Loading...