Home
/
Digi
/
XBee
/
User Manual

Digi XBee, User Manual, Page: 103 / 307

Share

Page: 103 / 307

Digi XBee User Manual Download Page 103

ZigBee security

ZigBee security model

XBee/XBee-PRO® S2C ZigBee® RF Module

103

uncommon for most applications. The following table shows the required time for the frame counter
to reach its maximum value.

Average Transmission Rate

Time until 32-bit frame counter expires

1 / second

136 years

10 / second

13.6 years

To clear the frame counters without compromising security, you can change the network key in the
network. When the network key is updated, the frame counters on all devices reset to 0. See

for details.

Message integrity code

The network header, APS header, and application data are all authenticated with 128-bit AES. The
device performs a hash on these fields and is appended as a 4-byte message integrity code (MIC) to
the end of the packet. The MIC allows receiving devices to ensure the message has not been changed.
The MIC provides message integrity in the ZigBee security model. If a device receives a packet and the
MIC does not match the device’s own hash of the data, it drops the packet.

Network layer encryption and decryption

Packets with network layer encryption are encrypted and decrypted by each hop in a route. When a
device receives a packet with network encryption, it decrypts the packet and authenticates the
packet. If the device is not the destination, it then encrypts and authenticates the packet, using its
own frame counter and source address in the network header section.

Since the device performs network encryption at each hop, packet latency is slightly longer in an
encrypted network than in a non-encrypted network. Also, security requires 18 bytes of overhead to
include a 32-bit frame counter, an 8-byte source address, 4-byte MIC, and 2 other bytes. This reduces
the number of payload bytes that can be sent in a data packet.

Network key updates

ZigBee supports a mechanism for changing the network key in a network. When the network key is
changed, the frame counters in all devices reset to 0.

APS layer security

APS layer security can be used to encrypt application data using a key that is shared between source
and destination devices. Where network layer security is applied to all data transmissions and is
decrypted and reencrypted on a hop-by-hop basis, APS security is optional and provides end-to-end
security using an APS link key known by only the source and destination device. APS security cannot
be applied to broadcast transmissions.

If you enable APS security, the APS header and data payload are authenticated with 128-bit AES as
shown in the following image:

«
...
101
102
103
104
105
...
»

Summary of Contents for XBee

Page 1: ...XBee XBee PRO S2C ZigBee RF Module User Guide ...

Page 2: ...ication information as required by RED Radio Equipment Directive Trademarks and copyright Digi Digi International and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide All other trademarks mentioned in this document are the property of their respective owners 2017 Digi International Inc All rights reserved Disclaimers Information in this docum...

Page 3: ...technical support plans and service packages to help our customers get the most out of their Digi product For information on Technical Support plans and pricing contact us at 1 952 912 3444 or visit us at www digi com support XBee XBee PRO S2C ZigBee RF Module 3 ...

Page 4: ... UART pin assignments 19 SPI pin assignments 19 GPIO specifications 19 Hardware specifications for the programmable variant 20 Hardware Mechanical drawings 23 Pin signals for the surface mount module 24 Pin signals for the through hole module 26 EM357 pin mappings 27 Design notes 28 Power supply design 28 Board layout 29 Antenna performance 29 Recommended pin connections 30 Design notes for PCB an...

Page 5: ...nd mode 49 Sleep mode 50 ZigBee networks About the ZigBee specification 52 ZigBee stack layers 52 ZigBee networking concepts 53 Device types 53 PAN ID 55 Operating channels 56 Zigbee application layers in depth 56 Application Support Sublayer APS 56 Application profiles 56 ZigBee coordinator operation 58 Form a network 58 Security policy 58 Channel selection 58 PAN ID selection 58 Persistent data ...

Page 6: ...4 Transmission addressing and routing Addressing 76 64 bit device addresses 76 16 bit device addresses 76 Application layer addressing 76 Data transmission 76 Broadcast transmissions 76 Unicast transmissions 77 Address resolution 78 Address table 78 Group table 79 Binding transmissions 79 Address resolution 79 Binding table 80 Multicast transmissions 80 Address resolution 80 Fragmentation 80 Data ...

Page 7: ... trust center 107 Security examples 107 Network commissioning and diagnostics Place devices 109 Test links in a network loopback cluster 109 RSSI indicators 110 Device discovery 110 Network discovery 110 ZDO discovery 110 Joining Announce 111 Commissioning pushbutton and associate LED 111 Commissioning pushbutton 111 Associate LED 112 Binding 113 End_Device_Bind_req 113 Example of a End_Device_Bin...

Page 8: ...ods 141 Sleep examples 141 Analog and digital I O lines Configurable I O pins and configuration commands 144 XBee ZB through hole RF module 144 I O Configuration 145 I O sampling 146 Queried sampling 147 Periodic I O sampling 148 Change detection sampling 148 RSSI PWM 148 I O examples 149 PWM1 149 API Operation API frame format 151 API operation AP parameter 1 151 API operation with escaped charac...

Page 9: ...ands with the API 209 Example 212 Send Public Profile Commands with the API 214 Frame specific data 214 Example 217 AT commands Addressing commands 221 DH Destination Address High 221 DL Destination Address Low 221 MY 16 bit Network Address 221 MP 16 bit Parent Network Address 221 NC Number of Remaining Children 222 SH Serial Number High 222 SL Serial Number Low 222 NI Node Identifier 222 SE Sourc...

Page 10: ...te 238 IC Digital Change Detection 238 P0 RSSI PWM0 Configuration 239 P1 DIO11 PWM1 Configuration 239 P2 DIO12 Configuration 240 P3 DIO13 DOUT Configuration 240 P4 DIO14 DIN 241 P5 DIO15 SPI_MISO 241 P6 SPI_MOSI Configuration 241 P7 DIO17 SPI_SSEL 242 P8 DIO18 SPI_SCLK 242 P9 DIO19 SPI_ATTN PTI_DATA 242 D0 AD0 DIO0 Configuration 243 D1 AD1 DIO1 PTI_En Configuration 243 D2 AD2 DIO2 Configuration 24...

Page 11: ... Network Reset 256 SI Sleep Immediately 257 CB Commissioning Pushbutton 257 X Clear Binding and Group Tables 257 ND Node Discovery 257 DN Destination Node 258 IS Force Sample 258 Module support XCTU configuration tool 261 Customizing XBee ZigBee firmware 261 XBee Bootloader 261 Programming XBee modules 261 Serial firmware updates 261 Invoke the XBee Bootloader 262 Send a firmware image 262 Writing...

Page 12: ... through hole 286 Transmitters for detachable antennas 286 Detachable antenna 287 For XBee S2D SMT 287 RF Exposure 287 Australia RCM 288 ANATEL Brazil 288 South Korea 291 Migrating from XBee through hole to XBee surface mount devices Pin mapping 296 Mounting 297 Manufacturing information Recommended solder reflow cycle 300 Recommended footprint 300 Flux and cleaning 302 Reworking 302 Load ZigBee f...

Page 13: ...rable with other ZigBee devices including devices from other vendors With the XBee users can have their ZigBee network up and running in a matter of minutes without configuration or additional development The XBee XBee PRO ZigBee RF Modules are compatible with other devices that use XBee ZigBee technology These include ConnectPortX gateways XBee and XBee PRO Adapters Wall Routers XBee Sensors and ...

Page 14: ...e information for the S2D is part of the S2C guide because the hardware is very similar Applicable firmware and hardware Hardware S2C Firmware 401x 402x 403x 404x 405x Hardware S2D Firmware 705x Firmware release notes You can view the current release notes in the Firmware Explorer section of XCTU For instructions on downloading and using XCTU go to http www digi com products xbee rf solutions xctu...

Page 15: ...ecifications 16 Networking and security specifications 17 Communication interface specifications 17 Regulatory conformity summary 18 Serial communication specifications 19 GPIO specifications 19 Hardware specifications for the programmable variant 20 XBee XBee PRO S2C ZigBee RF Module 15 ...

Page 16: ...ty 102 dBm boost mode 100 dBm normal mode 101 dBm 102 dBm boost mode 100 dBm normal mode Power requirements The following table describes the power requirements for the XBee XBee PRO ZigBee RF Module Specification XBee ZigBee S2C XBee PRO ZigBee S2C XBee ZigBee S2D Adjustable power Yes Supply voltage 2 1 3 6 V 2 2 3 6 V for programmable version 2 7 3 6 V 2 1 3 6 V Operating current transmit 45 mA ...

Page 17: ...rated wire surface mount RF pad PCB antenna or U FL connector Networking and security specifications The following table describes the networking and security specifications for the devices Specification XBee ZigBee S2C XBee PRO ZigBee S2C XBee ZigBee S2D Supported network topologies Point to point point to multipoint peer to peer and DigiMesh Number of channels 16 Direct sequence channels 15 Dire...

Page 18: ...47 FCC ID MCQ XBS2C FCC ID MCQ XBPS2C revision K and earlier FCC ID MCQ PS2CSM revision L and later FCC ID MCQ S2CTH FCC ID MCQ PS2CTH FCC ID MCQ S2DSM Industry Canada IC IC 1846A XBS2C IC 1846A XBPS2C revision K and earlier IC 1846A PS2CSM revision L and later IC 1846A S2CTH IC 1846A PS2CTH IC 1846A S2DSM FCC IC Test Transmit Power Output range 26 to 8 dBm 0 7 to 19 4 dBm 26 to 8 dBm 1 to 19 dBm ...

Page 19: ... see Operation SPI pin assignments The SC2 Serial Communication Port 2 of the Ember 357 is connected to the SPI port Specifications Device pin number SPI pins XBee surface mount XBee through hole SPI_SCLK 14 18 SPI_SSEL 15 17 SPI_MOSI 16 11 SPI_MISO 17 4 For more information on SPI operation see SPI operation GPIO specifications XBee XBee PRO ZigBee RF Modules have 15 General Purpose Input Output ...

Page 20: ...ers 7 8 24 31 and 33 on the SMT modules 8 mA Output source sink current for pin numbers 6 7 11 18 and 20 on the TH modules 8 mA Total output current for GPIO pads 40 mA Hardware specifications for the programmable variant If the module has the programmable secondary processor add the following table values to the specifications listed For example if the secondary processor is running at 20 MHz and...

Page 21: ...the programmable variant XBee XBee PRO S2C ZigBee RF Module 21 Optional secondary processor specification Add to RX TX and sleep currents specifications depending on mode of operation Minimum Reset low pulse time for EM357 26 µS VREF Range 1 8 VDC to VCC ...

Page 22: ...Hardware Mechanical drawings 23 Pin signals for the surface mount module 24 Pin signals for the through hole module 26 EM357 pin mappings 27 Design notes 28 XBee XBee PRO S2C ZigBee RF Module 22 ...

Page 23: ...ollowing mechanical drawings of the XBee XBee PRO ZigBee RF Modules show all dimensions in inches The first drawing shows the XBee XBee PRO surface mount model antenna options not shown The drawings below show the XBee through hole model The drawings below show the XBee PRO through hole model ...

Page 24: ...Hardware Pin signals for the surface mount module XBee XBee PRO S2C ZigBee RF Module 24 Pin signals for the surface mount module The following drawing shows the surface mount SMT pin locations ...

Page 25: ...PIO 9 reserved Disabled Do not connect 10 DTR SLEEP_RQ DIO8 Both Input Pin sleep control Line GPIO 11 GND Ground 12 SPI_ATTN BOOTMODE DIO19 Output Output Serial peripheral interface attention Do not tie low on reset 13 GND Ground 14 SPI_CLK DIO18 Input Input Serial peripheral interface clock GPIO 15 SPI_SSEL DIO17 Input Input Serial peripheral interface not select GPIO 16 SPI_MOSI DIO16 Input Inpu...

Page 26: ...est to send flow control GPIO 30 AD3 DIO3 Both Disabled Analog input GPIO 31 AD2 DIO2 Both Disabled Analog input GPIO 32 AD1 DIO1 Both Disabled Analog input GPIO 33 AD0 DIO0 Both Input Analog input GPIO Commissioning button 34 reserved Disabled Do not connect 35 GND Ground 36 RF Both RF I O for RF pad variant 37 reserved Disabled Do not connect Signal direction is specified with respect to the dev...

Page 27: ...3 ON_SLEEP DIO9 Both Output Device status indicator GPIO 14 VREF Not connected 15 ASSOCIATE DIO5 Both Output Associate indicator GPIO 16 RTS DIO6 Both Input Request to send flow control GPIO 17 AD3 DIO3 SPI_SSEL Both Disabled Analog input GPIO SPI slave select 18 AD2 DIO2 SPI_CLK Both Disabled Analog input GPIO SPI clock 19 AD1 DIO1 SPI_ATTN Both Disabled Analog input GPIO SPI attention 20 AD0 DIO...

Page 28: ...are 35 PC4 JTMS SWDIO 5 4 JTAG see Writing custom firmware 36 PB0 10 9 38 PC1 ADC3 30 17 41 PB7 ADC2 31 18 42 PB6 ADC1 33 20 43 PB5 ADC0 Temperature sensor on PRO version Design notes The XBee modules do not require any external circuitry or specific connections for proper operation However there are some general design guidelines that we recommend to build and troubleshoot a robust design Power s...

Page 29: ...endicular to the direction they point so a vertical antenna s omnidirectional radiation pattern is strongest across the horizon Position the antennas away from metal objects whenever possible Metal objects between the transmitter and receiver can block the radiation path or reduce the transmission distance Objects that are often overlooked include n Metal poles n Metal studs n Structure beams n Co...

Page 30: ...ashes differently depending on the state of the module and a pushbutton attached to pin 20 can enable various deployment and troubleshooting functions without you sending UART commands For more information see Commissioning pushbutton and associate LED For analog sampling attach the VREF pin pin 14 to a voltage reference Design notes for PCB antenna devices Position PCB antenna devices so there ar...

Page 31: ...enna 2 Keep metal chassis or mounting structures in the keepout area at least 2 54 cm 1 in from the antenna 3 Maximize the distance between the antenna and metal objects that might be mounted in the keepout area 4 These keepout area guidelines do not apply for wire whip antennas or external RF connectors Wire whip antennas radiate best over the center of a ground plane ...

Page 32: ...e whip antennas or external RF connectors Wire whip antennas radiate best over the center of a ground plane Design notes for SMT RF pad devices The RF pad is a soldered antenna connection The RF signal travels from pin 36 on the device to the antenna through an RF trace transmission line on the PCB Any additional components between the device and antenna violates modular certification The controll...

Page 33: ...th the entire RF pad area This ground plane is a distance d the thickness of the dielectric below the top layer n The top layer has an RF trace running from pin 36 of the device to the RF pin of the RPSMA connector n The RF trace width determines the impedance of the transmission line with relation to the ground plane Many online tools can estimate this value although you should consult the PCB ma...

Page 34: ...ee RF Module 34 Number Description 1 Maintain a distance of at least 2 d between microstrip and ground fill 2 Device pin 36 3 50 Ω microstrip trace 4 RF connection of RPSMA jack The following illustration shows PCB layer 2 of an example RF layout ...

Page 35: ...and RESET lines to allow it to be in control of the data transmitted and received All other lines are in parallel and can be controlled by either the EM357 or the MC9SO8QE micro See the following block diagram for details The Programmable XBee SDK native APIs automatically handle pin use For the secondary processor to sample with ADCs the XBee VREF pin 27 SMT 14 TH must be connected to a reference...

Page 36: ...t also download CodeWarrior The download links are n CodeWarrior IDE http ftp1 digi com support sampleapplications 40003004_B exe n Programmable XBee SDK http ftp1 digi com support sampleapplications 40003003_D exe If these revisions change search for the part number on Digi s website For example search for 40003003 Install the IDE first and then install the SDK The documentation for the Programma...

Page 37: ...Programmable XBee SDK Programmable connections XBee XBee PRO S2C ZigBee RF Module 37 Programmable connections The following figure shows the programmable connections for the SMT ...

Page 38: ...Programmable XBee SDK Programmable connections XBee XBee PRO S2C ZigBee RF Module 38 The following illustration shows the programmable connections for the TH Module ...

Page 39: ...between devices Transmitting in close proximity of other devices can damage the device s front end Serial interface 40 UART data flow 40 SPI communications 41 Serial buffers 42 UART flow control 43 Break control 44 Serial interface protocols 44 Modes of operation 47 XBee XBee PRO S2C ZigBee RF Module 39 ...

Page 40: ...d signals have a horizontal line over the signal name Serial data A device sends data to the XBee XBee PRO ZigBee RF Module s UART through TH pin 4 SMT pin 4 DIN as an asynchronous serial signal When the device is not transmitting data the signals should idle high For serial communication to occur you must configure the UART of both devices the microcontroller and the XBee XBee PRO ZigBee RF Modul...

Page 41: ... data from the module SPI_ATTN asserts whenever it has data to send and it remains asserted until all available data has been shifted out to the SPImaster In this mode n Data clock rates of up to 5 Mb s are possible n Data is most significant bit MSB first n Frame Format mode 0 is used This means CPOL 0 idle clock is low and CPHA 0 data is sampled on the clock s leading edge The following diagram ...

Page 42: ...hold DOUT low during boot then the XBee device only uses the SPI Once SPI is in use do not attempt to apply changes AC which change the UART or SPI settings Instead use the following n 0x09 frames to reconfigure UART SPI other settings n WR to save the settings n FR to reset the XBee XBee PRO ZigBee RF Module and use the new configuration settings If neither serial port is enabled then UART remain...

Page 43: ...l port there is a potential of dropping data In situations where the serial transmit buffer may become full resulting in dropped RF packets 1 If the RF data rate is set higher than the interface data rate of the device the device may receive data faster than it can send the data to the host Even occasional transmissions from a large number of devices can quickly accumulate and overflow the transmi...

Page 44: ...lowing n No serial characters for the amount of time determined by the RO Packetization Timeout parameter If RO 0 packetization begins when the device received a character n Command Mode Sequence GT CC GT Any character buffered in the serial receive buffer before the device transmits the sequence n Maximum number of characters that fit in an RF packet API operating mode API operating mode is an al...

Page 45: ...eived RF data API frames indicate the source address Advanced ZigBee addressing support API transmit and receive frames can expose ZigBee addressing fields including source and destination endpoints cluster ID and profile ID This makes it easy to support ZDO commands and public profile traffic Advanced networking diagnostics API frames can provide indication of I O samples from remote devices and ...

Page 46: ...igBee RF Module 46 If the above conditions do not apply for example a sensor node router or a simple application then Transparent operating mode might be suitable It is acceptable to use a mixture of devices running API mode and Transparent mode in a network ...

Page 47: ...ule is in Receive Mode when it is not transmitting data The device shifts into the other modes of operation under the following conditions n Transmit Mode Serial data in the serial receive buffer is ready to be packetized n Sleep Mode n Command Mode Command Mode Sequence is issued not available when using the SPI port ...

Page 48: ...oute to the destination node If a device with a matching network address is not discovered it discards the packet The device transmits the data once a route is established If route discovery fails to establish a route the device discards the packet The following diagram shows the Transmit Mode sequence When ZigBee data is transmitted from one node to another the destination node transmits a networ...

Page 49: ...r 0x2B n No characters sent for one second GT Guard Times parameter 0x3E8 When you send the Command mode sequence the device sends OK out the UART pin The device may delay sending the OK if it has not transmitted all of the serial data it received When the device is in Command mode it starts the Command mode timer CT command and can receive AT commands on the UART port You can customize the comman...

Page 50: ...nd errors the device returns an ERROR message Apply command changes Any changes you make to the configuration command registers using AT commands do not take effect until you apply the changes For example if you send the BD command to change the baud rate the actual baud rate does not change until you apply the changes To apply changes 1 Send the AC Apply Changes command or 2 Exit Command mode Exi...

Page 51: ...ion 52 ZigBee stack layers 52 ZigBee networking concepts 53 Zigbee application layers in depth 56 ZigBee coordinator operation 58 ZigBee router operation 62 End device operation 68 ZigBee channel scanning 73 XBee XBee PRO S2C ZigBee RF Module 51 ...

Page 52: ...gBee stack layers Most network protocols use the concept of layers to separate different components and functions into independent modules that can be assembled in different ways ZigBee is built on the Physical PHY layer and Medium Access Control MAC sub layer defined in the IEEE 802 15 4 standard These layers handle low level network operations such as addressing and message transmission receptio...

Page 53: ...e discovery features and advanced network management capabilities ZigBee networking concepts Device types ZigBee defines three different device types coordinator router and end device Coordinator ZigBee networks always have a single coordinator device This device n Starts the network selecting the channel and PAN ID both 64 bit and 16 bit n Distributes addresses allowing routers and end devices to...

Page 54: ...r and at least one other device router or end device In ZigBee networks the coordinator must select a PAN ID 64 bit and 16 bit and channel to start a network After that it behaves essentially like a router The coordinator and routers can allow other devices to join the network and can route data After an end device joins a router or coordinator it must be able to transmit or receive RF data throug...

Page 55: ...oduct deployment In general it is your responsibility to ensure that parameters are set to be compatible with the new device type when changing device types PAN ID ZigBee networks are called personal area networks PANs Each network is defined with a unique PAN identifier PAN ID which is common among all devices of the same network ZigBee devices are either preconfigured with a PAN ID to join or th...

Page 56: ...rovide a more in depth look at the ZigBee application stack layers APS ZDO including a discussion on ZigBee endpoints clusters and profiles Much of the material in these topics discuss details of the ZigBee stack that are not required in many cases Read these topics if n The XBee XBee PRO ZigBee RF Module may talk to non Digi ZigBee devices n The XBee XBee PRO ZigBee RF Module requires network man...

Page 57: ...portal might send a load control event to a load controller in order to schedule turning on or off an appliance Upon executing the event the load controller sends a load control report message back to the gateway Devices that operate in an application profile private or public must respond correctly to all required clusters For example a light switch that operates in the home automation public pro...

Page 58: ...ecurity policy determines which devices are allowed to join the network and which device s can authenticate joining devices See ZigBee security for a detailed discussion of various security policies Channel selection When starting a network the coordinator must select a good channel for the network to operate on To do this it performs an energy scan on multiple channels that is frequencies to dete...

Page 59: ...It will then perform a PAN ID scan SD Set the scan duration or time that the router will listen for beacons on each channel ZS Set the ZigBee stack profile for the network EE Enable or disable security in the network NK Set the network security key for the network If set to 0 default the coordinator uses a random network security key KY Set the trust center link key for the network If set to 0 def...

Page 60: ...based on the NJ parameter Once the XBee XBee PRO ZigBee RF Module joins a network the timer starts The coordinator does not re enable joining if the device is power cycled or reset The following actions restart the permit joining timer n Changing NJ to a different value and applying changes with the AC or CN commands n Pressing the Commissioning button twice n Issuing the CB command with a paramet...

Page 61: ...are occasions it may become necessary to replace an existing coordinator in a network with a new physical device If security is not enabled in the network you can configure a replacement XBee coordinator with the PAN ID 16 bit and 64 bit channel and stack profile settings of a running network in order to replace an existing coordinator Note Avoid having two coordinators on the same channel stack p...

Page 62: ...changes make SC and ID changes take effect either by sending the AC command or by exiting AT command mode 5 If an Associate LED has been connected it starts blinking once the coordinator has selected a channel and PAN ID 6 The API Modem Status frame Coordinator Started is sent out the serial port when using API mode 7 Reading the AI command association status returns a value of 0 indicating a succ...

Page 63: ...ounter scans all channels and does not discover a valid PAN it scans all channels again The ZigBee Alliance requires that certified solutions not send beacon request messages too frequently To meet certification requirements the XBee firmware attempts nine scans per minute for the first five minutes and three scans per minute thereafter If a valid PAN is within range of a joining router it typical...

Page 64: ...h channel ZS Set the stack profile on the device EE Enable or disable security in the network This must be set to match the EE value security policy of the coordinator KY Set the trust center link key If set to 0 default the link key is expected to be obtained unencrypted during joining Configuration changes delay the start of joining for five seconds after the last change Once the router joins a ...

Page 65: ...inute if NJ is 0x0 or 0xFF Otherwise the Commissioning button and the CB2 command enable joining for NJ seconds Router network connectivity Once a router joins a ZigBee network it remains connected to the network on the same channel and PAN ID unless it is forced to leave see Leave a network If the scan channels SC PAN ID ID and security settings EE KY do not change after a power cycle the router ...

Page 66: ...ce n Change the value of NW If the watchdog timer expires no valid data received for NW time the router attempts to discover the 64 bit address of the coordinator If the router cannot discover the address it records one watchdog timeout After three consecutive network watchdog timeouts expire 3 NW and the coordinator has not responded to the address discovery attempts the router leaves the network...

Page 67: ... PAN ID is invalid n Change the SC command such that the current channel CH is not included in the channel mask n Change the ZS or any of the security command values excluding NK n Issue the NR0 command to cause the coordinator to leave n Issue the NR1 command to send a broadcast transmission causing all devices in the network to leave and migrate to a different channel n Press the commissioning b...

Page 68: ...sed on its network joining command values To prevent the router from leaving an existing network issue the WR command after all network joining commands have been configured this retains the settings through power cycle or reset events Example join a network After starting a coordinator that is allowing joins the following steps cause a router to join the network 1 Set ID to the desired 64 bit PAN...

Page 69: ...s per minute thereafter Note The XBee ZigBee end device will not enter sleep until it has completed scanning all SC channels for a valid network Join a network Once the end device discovers a valid network it joins the network similar to a router by sending an association request to the device that sent a valid beacon to request a join on the ZigBee network The device allowing the join then sends ...

Page 70: ...as a valid parent The device sends the orphan scan as a broadcast transmission and contains the 64 bit address of the end device Nearby routers and coordinator devices that receive the broadcast check their child tables for an entry that contains the end device s 64 bit address If the devices find an entry with a matching 64 bit address they send a coordinator realignment command to the end device...

Page 71: ...associated out the serial port when using API mode n Attempts to enter low power modes You can use the following commands to configure these behaviors Command Description D5 Enables the Associate LED functionality LT Sets the Associate LED blink time when joined Default is 2 blinks per second end devices SM SP ST SN SO Parameters that configure the sleep mode characteristics Parent connectivity Th...

Page 72: ...el n Press the commissioning button four times or issue the CB command with a parameter of 4 n The parent of the end device parent powers down or the end device moves out of range of the parent such that the end device fails to receive poll acknowledgment messages Note Changes to command values only take effect when changes are applied AC or CN commands Example join a network After starting a coor...

Page 73: ...ns a PAN on channel 12 0x0C if the XBee XBee PRO ZigBee RF Module leaves the channel it starts scanning on channel 13 followed by channels 14 and 25 if it does not find a valid network Once all channels have been scanned the next join attempt starts scanning on the lowest channel specified in the SC bitmask Manage multiple ZigBee networks In some applications multiple ZigBee networks may exist in ...

Page 74: ...twork commissioning and diagnostics Application messaging framework If none of the previous mechanisms are feasible you can build a messaging framework between the coordinator and devices that join its network into the application For example the application code in joining devices could send a transmission to the coordinator after joining a network and wait to receive a defined reply message If t...

Page 75: ... Binding transmissions 79 Multicast transmissions 80 Fragmentation 80 Data transmission examples 80 RF packet routing 83 Encrypted transmissions 92 Maximum RF payload size 92 Throughput 94 ZDO transmissions 95 Transmission timeouts 97 XBee XBee PRO S2C ZigBee RF Module 75 ...

Page 76: ...k However since the 16 bit address is not static it is not a reliable way to identify a device To solve this problem the 64 bit destination address is often included in data transmissions to guarantee data is delivered to the correct destination The ZigBee stack can discover the 16 bit address if unknown before transmitting data to a remote Application layer addressing ZigBee devices support multi...

Page 77: ...econds and the broadcast transmission table holds 8 entries For each broadcast transmission the ZigBee stack reserves buffer space for a copy of the data packet that retransmits the packet as needed Large broadcast packets require more buffer space Users cannot change any buffer spacing information on buffer space is for general knowledge only The XBee XBee PRO ZigBee RF Module handles buffer spac...

Page 78: ...6 bit address as a destination address and the 64 bit address is unknown 0xFFFFFFFFFFFFFFFF the modem status message shows a delivery status code of 0x21 network ack failure and a discovery status of 0x00 no discovery overhead If you use a non existent 64 bit address as a destination address and the 16 bit address is unknown 0xFFFE the device attempts address discovery and the modem status message...

Page 79: ...aracters n Index into the binding table More than one endpoint may be associated with a group ID and more than one group ID may be associated with a given endpoint The capacity of the group table is 16 entries The application always updates the 16 bit address in the address table when it receives one of the frames to ensure the table has the most recently known 16 bit address If a transmission fai...

Page 80: ...ting can reduce this number For more information see NP Maximum Packet Payload Bytes However the XBee ZigBee firmware supports a ZigBee feature called fragmentation that allows a single large data packet to be broken up into multiple RF transmissions and reassembled by the receiver before sending data out its serial port The transmit frame can include up to 255 bytes of data broken up into multipl...

Page 81: ...or s 64 bit address is known you can set DH and DL to the coordinator s 64 bit address Suppose the coordinator s address is 0x0013A200404A2244 1 Enter command mode 2 After receiving an OK r issue the following commands a ATDH13A200 r b ATDL404A2244 c ATCN r 3 Verify that each of the three commands returned an OK r response 4 After setting these command values all serial characters are sent as a un...

Page 82: ... send a transmission using indirect addressing through the binding table It assumes the binding table has already been set up to map a source endpoint of 0xE7 and cluster ID of 0x0011 to a destination endpoint and 64 bit destination address The message data is a manufacturing specific profile message using profile ID 0xC105 command ID 0x00 a ZCL Header of 151E10 transaction number EE and a ZCL pay...

Page 83: ... networks over 40 remote devices Note End devices do not make use of these routing protocols Rather an end device sends a unicast transmission to its parent and allows the parent to route the data packet in its behalf Note To revert from Many to One routing to AODV routing a network must first do a network reset NR Link status transmission Before discussing the various routing protocols it is wort...

Page 84: ...ities with its neighbors quickly After being powered on for some time the link status messages are sent at a much slower rate about every 3 4 times per minute AODV mesh routing ZigBee employs mesh routing to establish a route between the source device and the destination Mesh routing allows data packets to traverse multiple nodes hops in a network to route data from a source to a destination Route...

Page 85: ...t nodes Node Destination address Next hop address R3 Router 6 Coordinator C Router 6 Router 5 R5 Router 6 Router 6 When a source node discovers a route to a destination node it sends a broadcast route request command The route request command contains the source network address the destination network address and a path cost field a metric for measuring route quality As the route request command p...

Page 86: ...send multiple replies if it identifies a better route Retries and acknowledgments ZigBee includes acknowledgment packets at both the Mac and Application Support APS layers When data is transmitted to a remote device it may traverse multiple hops to reach the destination As the device transmits data from one node to its neighbor it transmits an acknowledgment packet Ack in the opposite direction to...

Page 87: ...ollector device sends a many to one broadcast devices create one reverse routing table entry for each collector The ZB firmware uses the AR command to enable many to one broadcasting on a device The AR command sets a time interval measured in 10 second units for sending the many to one broadcast transmission See the command table for details High Low RAM Concentrator mode When Many to One MTO requ...

Page 88: ... When the route record reaches the data collector it contains the address of the sender and the 16 bit address of each hop in the route The data collector can store the routing information and retrieve it later to send a source routed packet to the remote as shown in the following images The data collector sends a many to one route request broadcast to create reverse routes on all devices A remote...

Page 89: ... O sample For more information see Analog and digital I O lines 4 If the NI string of the remote device is known the DN command can be issued with the NI string of the remote in the payload The remote device with a matching NI string would send a route record and a DN response Storing source routes When a data collector receives a route record it sends it out the serial port as a Route Record Indi...

Page 90: ...utes as shown in the following image To send a source routed packet to R3 the application sends a Create Source Route API frame 0x21 to the XBee with a destination of R3 and 2 hops R1 and R2 If the 64 bit address of R3 is 0x0013A200 404a1234 and the 16 bit addresses of R1 R2 and R3 are Device 16 bit address R1 0xAABB R2 0xCCDD R3 0xEEFF The Create Source Route API frame would be 7E 0012 21 00 0013...

Page 91: ...nowledgment packet Ack transmits in the opposite direction to indicate that the transmission was successfully received If the transmitting device does not receive the Ack it retransmits the data up to 4 times This Ack is called the Mac layer acknowledgment In addition the device that originated the transmission expects to receive an acknowledgment packet Ack from the destination device This Ack tr...

Page 92: ...ange the AR setting from a non 0xFF setting to 0xFF and complete an AC command To re establish periodic aggregator broadcasts change the AR setting to a non 0xFF setting and complete an AC command Encrypted transmissions Encrypted transmissions are routed similar to non encrypted transmissions with one exception As an encrypted packet propagates from one device to another each device decrypts the ...

Page 93: ...e is the number of hops n one byte is an index into the route list that increments in value at each hop n other data is a list of the 16 bit network addresses of the routing radios Firmware revisions before 4x58 support a maximum of 11 aggregator source routed hops Firmware revisions 4x58 and following support a maximum of 25 aggregator source routed hops Aggregator source routed payload maximums ...

Page 94: ...nd devices n failures route discoveries Our empirical testing showed the following throughput performance in a robust operating environment low interference Configuration Data throughput 1 hop RR SD 58 kb s 1 hop RR SE 34 kb s 1 hop RE SD Not yet available 1 hop RR SE Not yet available 1 hop ER SD Not yet available 1 hop ER SE Not yet available 4 hops RR SD Not yet available 4 hops RR SE Not yet a...

Page 95: ...table entry data from a remote device Refer to the ZigBee specification for a detailed description of all ZigBee Device Profile services Sending a ZDO command You must use an explicit transmit API frame to send a ZDO command and it must be formatted correctly Set the source and destination endpoints and profile ID to 0 Set the cluster ID to match the cluster ID of the appropriate service For examp...

Page 96: ... non zero value to enable the transmit status message or set to 0 to disable 0x0013A200 40401234 64 bit address of the remote 0xFFFE 16 bit address of the remote 0xFFFE unknown Optionally set to the 16 bit address of the destination if known 0x00 Source endpoint 0x00 Destination endpoint 0x0031 Cluster ID LQI Request or Neighbor table request 0x0000 Profile ID ZigBee Device Profile 0x00 Broadcast ...

Page 97: ...1300 00 00 Required payload for Network Address Request command 0x33 Checksum 0xFF SUM all bytes after length Description This API frame sends a broadcast ZDO Network Address Request to obtain the 16 bit address of a device with a 64 bit address of 0x0013A200 40401234 We inserted the bytes for the 64 bit address in little endian byte order You must insert data for all multi byte fields in the API ...

Page 98: ...0 NH 100 The default NH value is 30 which equates to a 1 6 second timeout The unicast timeout includes 3 transmission attempts 1 attempt and 2 retries The maximum total timeout is approximately 3 50 NH 100 For example if NH 30 0x1E the unicast timeout is approximately 3 50 30 100 or one of the following n 3 1500 100 n 3 1600 n 4800 ms n 4 8 seconds Extended timeout The worst case transmission time...

Page 99: ... set greater than 0 to enable the TX status response 0x00000000 00000000 64 bit address of coordinator ZB definition 0xFFFE Required 16 bit address if sending data to 64 bit address of 0 0x00 Broadcast radius 0 max hops 0x00 Tx options 0x54 78 44 61 74 61 ASCII representation of TxData string 0xAB Checksum 0xFF SUM all bytes after length Description This transmission sends the string TxData to the...

Page 100: ...orts all received data frames in the explicit format 0x91 to indicate the source and destination endpoints cluster ID and profile ID where each packet was received Status messages like modem status and route record indicators are not affected To enable receiver application addressing set the AO command to 1 using the AT Command Frame 0x08 as follows API frame 7E 0005 08 01 414F 01 65 Field composi...

Page 101: ...oining n Support for a trust center n Provisions to ensure message integrity confidentiality and authentication This section describes various security features defined in the ZigBee specification and illustrates how you can configure the XBee XBee PRO ZigBee RF Modules to support these features Security modes 102 ZigBee security model 102 Implementing security on the XBee XBee PRO ZigBee RF Modul...

Page 102: ...k Routers and end devices that will communicate on a secure network must obtain the correct security keys Network layer security The network key is used to encrypt the APS layer and application data In addition to encrypting application messages network security is also applied to route request and reply messages APS commands and ZDO commands Network encryption is not applied to MAC layer transmis...

Page 103: ...e receives a packet with network encryption it decrypts the packet and authenticates the packet If the device is not the destination it then encrypts and authenticates the packet using its own frame counter and source address in the network header section Since the device performs network encryption at each hop packet latency is slightly longer in an encrypted network than in a non encrypted netwo...

Page 104: ...ink keys There are two kinds of APS link keys trust center link keys and application link keys A trust center link key is established between a device and the trust center where an application link key is established between a device and another device in the network where neither device is the trust center APS layer encryption and decryption Packets with APS layer encryption are encrypted at the ...

Page 105: ...work and link keys can be sent to the joining device If the joining device has a preconfigured trust center link key the network key will be sent to the joining device encrypted by the link key Otherwise if the joining device is not preconfigured with the link key the device could only join the network if the network key is sent unencrypted in the clear The trust center must decide whether or not ...

Page 106: ...red link key with the coordinator Note In ZigBee if EE and EO are set to 0x01 then the device sends the network key in the clear unencrypted with the link key at association time This may be a useful setting in development environments but we discourage it for product deployment for security reasons Set the APS trust center link key The coordinator must also select the trust center link key using ...

Page 107: ...k update their network key increment their network key sequence number and restore their frame counters to 0 Updating the network key without a trust center If the coordinator is not running as a trust center the Network Reset NR1 command can be used to force all devices in the network to leave the current network and rejoin the network on another channel When devices leave and reform then network...

Page 108: ...the pre configured link key KY sendt the network key encrypted when the devices joined Example 2 Forming a network with security obtaining keys during joining 1 Start a coordinator with the following settings a ID 2235 b EE 1 c NK 0 d KY 0 e WR save networking parameters to persist through power cycle 2 Configure one or more routers or end devices with the following settings a ID 2235 b EE 1 c KY ...

Page 109: ... installation to be successful you must determine where to place individual devices in order to establish reliable links throughout a network To measure the performance of a network you can send unicast data through the network from one device to another to determine the success rate of several transmissions To simplify link testing the devices support a Loopback cluster ID 0x12 on the data endpoi...

Page 110: ...ink Determine the DB value in hardware using the RSSI PWM device pin TH pin 6 SMT pin 7 If you enable the RSSI PWM functionality P0 command when the device receives data it sets the RSSI PWM to a value based on the RSSI of the received packet this value only indicates the quality of the last hop You could connect this pin to an LED to indicate if the link is stable or not Device discovery Network ...

Page 111: ... specification for details Commissioning pushbutton and associate LED XBee devices support a set of commissioning pushbutton and LED behaviors to aid in device deployment and commissioning These include the commissioning push button definitions and associate LED behaviors The following features can be supported in hardware A pushbutton and an LED can be connected to XBee XBee PRO ZigBee RF Module ...

Page 112: ... frame is similar to the node discovery response frame it contains the device s address node identifier string NI command and other relevant data All API devices that receive the node identification frame send it out their serial interface as a Node Identification Indicator frame 0x95 Associate LED The Associate pin pin 28 SMT pin 33 TH provides an indication of the device s network status and dia...

Page 113: ...not joined a network causing the associate pin to blink to indicate the AI Code where AI blinks 0x20 In this example AI 0x22 The following image illustrates the behavior pressing the button once on a remote device causing a broadcast node identification transmission to be sent All devices that receive this transmission blink their associate pin rapidly for one second if the associate LED functiona...

Page 114: ... subsequently send End_Device_ Bind_req messages to the Coordinator the Coordinator would detect they were already bound and then send Unbind_req messages to remove the binding An installer can use this to remove a binding which was made incorrectly say from a switch to the wrong lamp by repeating the commissioning button sequence used beforehand R1 C End_Device_Bind_req R2 C End_Device_Bind_req R...

Page 115: ...oint ZDO endpoint 0020 Cluster 0x0020 End_Device_Bind_req 0000 ProfileID ZDO 00 Radius default maximum hops 00 Transmit Options 01f2995cb5474000a21300e605c1010100010200 RFData ZDO payload 46 Checksum Here is the RFData the ZDO payload broken into labeled fields Note the multi byte fields of a ZDO payload are represented in little endian format 01 Transaction Sequence Number f299 Binding Target 16 ...

Page 116: ...able API of the XBee firmware derives from the ZCL Group Cluster 0x0006 Use the Explicit API frame 0x11 addressed to the Digi Device Object endpoint 0xE6 with the Digi XBee ProfileID 0xC105 to send commands and requests to the local device The ZigBee Home Automation Public Application Profile says groups should only be used for sets of more than five devices This implies sets of five or fewer devi...

Page 117: ...coded form ZigBee Explicit Rx Indicator API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6 ClusterID 0x8006 ProfileID 0xC105 Options 0x00 RF_Data 0x09EE00003412 The response in terms of Preamble ZCL Header and ZCL payload Preamble 910013a2004047b55cfffee7e68006c10500 The packet has its endpoint values reversed from the request and the clusterID is 0x8006 indicating a G...

Page 118: ... packet in raw hex byte form 7e001911010013a2004047b55cfffee6e70006c105000001ee013412d4 The response in raw hex byte form consisting of two packets 7e001d910013a2004047b55cfffee7e68006c1050009ee01003412044142434424 7e00078b01fffe00000076 The command response in decoded form ZigBee Explicit Rx Indicator API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6 ClusterID 0x8006...

Page 119: ...1 01 LocalDevice64Addr FFFE E6 E7 0006 C105 00 00 The packet is addressed to the local node using a source endpoint of 0xE6 clusterID of 0x0006 and profileID of 0xC105 The destination endpoint E7 holds the endpoint parameter for the Get Group Membership command ZCL_header 01 ee 02 The first field byte is a frame control field which specifies a Cluster Specific command 0x02 using a Client Server di...

Page 120: ...equest If the FrameId value in the original command request had been zero or if no space was available in the transmit UART buffer then no Tx Status message would occur ZigBee Tx Status API 0x8B FrameID 0x01 16DestAddr 0xFFFE Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success Get Group Membership 2 of 2 The purpose of this second form of the Get Group Membership command is to...

Page 121: ... a Server Client direction 0x08 The second field is a transaction sequence number which is used to associate the response with the command request The third field is the command identifier Get Group Membership 0x02 1 ZCL_payload FF 01 3412 The first byte is the remaining capacity of the group table 0xFF means unknown The XBee returns this value because the capacity of the group table is dependent ...

Page 122: ...ex byte form 7e001911010013a2004047b55cfffee6e70006c105000001ee033412d2 The response in raw hex byte form consisting of two packets 7e0018910013a2004047b55cfffee7e68006c1050009ee0300341235 7e00078b01fffe00000076 The command response in decoded form ZigBee Explicit Rx Indicator API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcE 0xE DestEP 0xE6 ClusterID 0x8006 ProfileID 0xC105 Options 0x...

Page 123: ...t endpoint The following example removes all groups associated with endpoint E7 The packet Preamble 11 01 LocalDevice64Addr FFFE E6 E7 0006 C105 00 00 The packet is addressed to the local node using a source endpoint of 0xE6 clusterId of 0x0006 and profileID of 0xC105 The destination endpoint E7 is the endpoint parameter for the Remove All Groups command ZCL_header 01 ee 04 The first field is a fr...

Page 124: ...sing a Server Client direction 0x08 The second field is a transaction sequence number which is used to associate the response with the command request The third field is the command identifier Remove All Groups 0x04 1 ZCL_payload 00 The first byte is a status byte SUCCESS 0x00 4 And here is the decoded second message which is a Tx Status for the original command request If the FrameID value in the...

Page 125: ...from what is expected 0x81 EMBER_ZCL_STATUS_UNSUP_CLUSTER_COMMAND unexpected direction in the Frame Control Field of the ZCL Header unexpected command identifier code value in the ZCL header 0x82 EMBER_ZCL_STATUS_UNSUP_GENERAL_COMMAND unexpected frametype in the Frame Control Field of the ZCL Header 0x84 EMBER_ZCL_STATUS_UNSUP_MANUF_GENERAL_COMMAND unexpected manufacturer specific indication in th...

Page 126: ...and extended transmission timeouts to ensure reliable data delivery to end devices End Device operation 127 Parent operation 127 Non Parent device operation 129 End Device configuration 129 Recommended sleep current measurements 136 Transmitting RF data 137 Receiving RF data 137 I O sampling 138 Waking end devices with the Commissioning Pushbutton 138 Parent verification 138 Rejoining 138 Router C...

Page 127: ... directly to its parent If an end device must send a broadcast or a unicast transmission to other devices in the network it sends the message directly to its parent and the parent performs any necessary route or address discoveries to route the packet to the final destination The parent of the receiving device does not send the network ACK back to the originator until the sleeping end device wakes...

Page 128: ...ces end devices that can move within a network parent router and coordinator devices have a poll timeout for each end device child If an end device does not send a poll request to its parent within the poll timeout the parent removes the end device from its child table This allows the child table on a router or coordinator to better accommodate mobile end devices in the network Packet buffer usage...

Page 129: ...vice can be awakened before the sleep period expires by lowering the SLEEP_RQ line The SM command configures the sleep mode In both pin and cyclic sleep modes XBee end devices poll their parent every 100 ms while they are awake to retrieve buffered data When the end device sends a poll request it enables the receiver until it receives an acknowledgment from the parent It typically takes less than ...

Page 130: ...bled by setting the SM command to 1 When the device asserts high SLEEP_RQ it finishes any transmit or receive operations and enters a low power state For example if the device has not joined a network and SLEEP_RQ is asserted high it sleeps once the current join attempt completes that is when scanning for a valid network completes The device wakes from pin sleep when the SLEEP_RQ pin is de asserte...

Page 131: ... use adequate transmission timeouts For more information see Router Coordinator configuration Cyclic sleep Cyclic sleep allows the device to sleep for a specified time and wake for a short time to poll its parent for any buffered data messages before returning to sleep again Enable cyclic sleep mode by setting the SM command to 4 or 5 SM5 is a slight variation of SM4 that allows the device to wake...

Page 132: ...anage End Devices End Device configuration XBee XBee PRO S2C ZigBee RF Module 132 Surface mount cyclic sleep pins S2C Through hole cyclic sleep pins The following figure shows the cyclic sleep waveforms ...

Page 133: ...e until sleep In cyclic sleep mode SM 4 or 5 if the device receives serial or RF data it starts a sleep timer time until sleep Any data received serially or over the RF link restarts the timer Set the sleep timer value with the ST command While the module is awake it sends poll request transmissions every 100ms to check its parent for buffered data messages The device returns to sleep when the sle...

Page 134: ...res the XBee module sends a poll request transmission to its parent to determine if the parent has any buffered data waiting for the end device Since router and coordinator devices can buffer data for end device children up to 30 seconds the SP range up to 28 seconds allows the end device to poll regularly enough to receive buffered data If the parent has data for the end device the end device sta...

Page 135: ...cation when an end device is awake before they can send data to it End devices that use extended cyclic sleep should send a transmission such as an I O sample when they wake to inform other devices that they are awake and can receive data We recommended that extended sleep end devices set SO to wake for the full ST time to provide other devices with enough time to send messages to the end device S...

Page 136: ...odes Even if the measurement equipment automatically changes current ranges it is often too slow and cannot keep up with the necessary sudden short bursts During long cyclic sleep periods the device can wake every 10 to 30 seconds to reset timers and perform other necessary steps These wake times are small and you may not notice them when measuring sleep currents Compensate for switching time To c...

Page 137: ...that you may not observe at room temperature Transmitting RF data An end device may transmit data when it wakes from sleep and has joined a network End devices transmit directly to their parent and then wait for an acknowledgment to be received The parent performs any required address and route discoveries to help ensure the packet reaches the intended destination before reporting the transmission...

Page 138: ...om sleep it sends a poll request to its parent In cyclic sleep if the end device does not receive RF or serial data and the sleep timer is not started it polls one time and returns to sleep for another sleep period Otherwise the end device continues polling every 100ms If the parent does not send an acknowledgment response to three consecutive poll request transmissions the end device assumes the ...

Page 139: ...tions that require sleeping longer than 30 seconds end devices should transmit an I O sample or other data when they wake to alert other devices that they can send data to the end device Child poll timeout Router and coordinator devices maintain a timestamp for each end device child indicating when the end device sent its last poll request to check for buffered data packets If an end device does n...

Page 140: ... Module 140 Transmission timeout When you are sending RF data to a remote router because routers are always on the timeout is based on the number of hops the transmission may traverse Set the timeout using the NH command For more information see Transmission addressing and routing ...

Page 141: ...n 30 seconds cannot receive data transmissions reliably unless you take certain design approaches Specifically the end devices should use I O sampling or another mechanism to transmit data when they wake to inform the network they can receive data SP and SN should be set on routers and coordinators such that SP SN matches the longest expected sleep time This configures the poll timeout so end devi...

Page 142: ...evice This ensures that RF packet buffering times and transmission timeouts are set correctly Example 3 configure a device for extended sleep to sleep for 4 minutes n SP and SN must be set such that SP SN 4 minutes Since SP is measured in 10ms units use the following settings to obtain 4 minute sleep n SM 4 cyclic sleep or 5 cyclic sleep pin wake SP 0x7D0 2000 decimal or 20 seconds n SN 0x0B 12 de...

Page 143: ...og and digital I O pins that are configured through software commands Analog and digital I O lines can be set or queried Configurable I O pins and configuration commands 144 I O Configuration 145 I O sampling 146 RSSI PWM 148 PWM1 149 XBee XBee PRO S2C ZigBee RF Module 143 ...

Page 144: ...11 8 P1 0 1 3 5 DTR SLEEP_RQ DIO8 10 D8 0 1 3 5 SPI_ATTN BOOTMODE DIO19 12 P9 0 1 6 SPI_SClk DIO18 14 P8 0 1 SPI_SSEl DIO17 15 P7 0 1 SPI_MOSI DIO16 16 P6 0 1 SPI_MISO DIO15 17 P5 0 1 reserved 21 P2 0 3 5 DIO4 24 D4 0 3 5 CTS DIO7 25 D7 0 1 3 7 ON SLEEP DIO9 26 D9 0 1 3 5 ASSOCIATE DIO5 28 D5 0 1 3 5 RTS DIO6 29 D6 0 1 3 5 AD3 DIO3 30 D3 0 2 5 AD2 DIO2 31 D2 0 2 5 AD1 DIO1 32 D1 0 2 6 AD0 DIO0 33 ...

Page 145: ...gBee RF Module pin you must issue the appropriate configuration command with the correct parameter After issuing the configuration command you must apply changes on the device for the I O settings to take effect Pin command parameter Description 0 Disabled see the information following the table 1 Peripheral control 2 Analog 3 Data in monitored see the information following the table 4 Data out de...

Page 146: ...ll down resistor I O sampling The XBee XBee PRO ZigBee RF Modules have the ability to monitor and sample the analog and digital I O lines I O samples can be read locally or transmitted to a remote device to provide an indication of the current I O line states You must enable API mode on the receiving device to send I O samples out the serial port If you do not enable this mode the device discards ...

Page 147: ... setting them to a value of 3 4 or 5 The digital I O data is only relevant if the same bit is enabled in the digital I O mask Analog samples are returned as 10 bit values The device scales the analog reading such that 0x0000 represents 0 V and 0x3FF 1 2 V The analog inputs on the device cannot read more than 1 2 V The device returns analog samples in order starting with AIN0 and finishing with AIN...

Page 148: ...esume sleeping Change detection sampling You can configure devices to transmit a data sample immediately whenever a monitored digital I O pin changes state The IC command is a bitmask used to set which digital I O lines to monitor for a state change If one or more bits in IC is set the device transmits an I O sample as soon as it observes a state change in one of the monitored digital I O lines Us...

Page 149: ...es Issue the AC or CN commands to apply changes for example AC Example 2 Calculate the PWM counts for a packet received with an RSSI of 84 dBm n RSSI 84 0xAC 172 decimal unsigned n PWM counts 41 172 5928 n PWM counts 1124 With a total of 2400 counts this yields an ON time of 1124 2400 46 8 Example 3 Configure the RSSI PWM pin to operate for 2 seconds after each received RF packet First make sure t...

Page 150: ...efined order The API specifies how the device sends and receives commands command responses and module status messages using a serial port Data Frame API frame format 151 Data bytes that need to be escaped 152 API serial exchanges 155 Frame descriptions 158 Send ZDO commands with the API 206 Send ZigBee Cluster Library ZCL commands with the API 209 Send Public Profile Commands with the API 214 XBe...

Page 151: ...ecksum n 1 1 byte The firmware silently discards any data it receives prior to the start delimiter If the device does not receive the frame correctly or if the checksum fails the device replies with a device status frame indicating the nature of the failure API operation with escaped characters AP parameter 2 This mode is only available on the UART not on the SPI serial port The following table sh...

Page 152: ...4 0xCB Length The length field specifies the total number of bytes included in the frame s data field Its two byte value excludes the start delimiter the length and the checksum Frame data This field contains the information that a device receives or transmits The structure of frame data depends on the purpose of the API frame Start delimiter Length Frame data Checksum API identifier Identifier sp...

Page 153: ... Over the Air Firmware Update Status 0xA0 Route Record Indicator 0xA1 Many to One Route Request Indicator 0xA3 Calculate and verify checksums To test data integrity the device calculates and verifies a checksum on non escaped data To calculate the checksum of an API frame 1 Add all bytes of the packet except the start delimiter 0x7E and the length the second and third bytes 2 Keep only the lowest ...

Page 154: ... an API data packet is composed with an incorrect checksum the XBee XBee PRO ZigBee RF Module will consider the packet invalid and will ignore the data To verify the check sum of an API packet add all bytes including the checksum do not include the delimiter and length and if correct the last two far right digits of the sum will equal FF 01 01 50 01 00 48 65 6C 6C 6F B8 2FF API examples Example Cr...

Page 155: ...h 16 bytes excluding checksum n 0x17 Remote Command API frame type n 0x01 Frame ID n 0x0000000000000000 Coordinator s address can be replaced with coordinator s actual 64 bit address if known n 0xFFFE 16 bit Destination Address n 0x02 Apply Changes Remote Command Options n 0x4431 AT command D1 n 0x03 Command Parameter the parameter could also be sent as 0x0003 or 0x00000003 0x70 Checksum API seria...

Page 156: ...he frame ID is set to 0 in the TX request If the packet cannot be delivered to the destination the transmit status frame indicates the cause of failure The received data frame type 0x90 or 0x91 is determined by the AO command Remote AT commands The following image shows the API frame exchanges that take place at the serial interface when sending a remote AT command The device does not send out a r...

Page 157: ...ration API serial exchanges XBee XBee PRO S2C ZigBee RF Module 157 Source routing The following image shows the API frame exchanges that take place at the serial port when sending a source routed transmission ...

Page 158: ... Format The following table provides the contents of the frame For details on frame structure see API frame format Frame data fields Offset Description Frame type 3 0x08 Frame ID 4 AT command 5 6 Command name two ASCII characters that identify the AT command Parameter value 7 n If present indicates the requested parameter value to set the given register If no characters are present it queries the ...

Page 159: ...API Operation Frame descriptions XBee XBee PRO S2C ZigBee RF Module 159 Frame data fields Offset Example Parameter value optional Checksum 7 0x0D ...

Page 160: ...he changes Format The following table provides the contents of the frame For details on frame structure see API frame format Frame data fields Offset Description Frame type 3 0x09 Frame ID 4 Identifies the data frame for the host to correlate with a subsequent ACK If set to 0 the device does not send a response AT command 5 6 Command name two ASCII characters that identify the AT command Parameter...

Page 161: ...PI Operation Frame descriptions XBee XBee PRO S2C ZigBee RF Module 161 Frame data fields Offset Example Frame ID 4 0x01 AT command 5 0x42 B 6 0x44 D Parameter value BD7 115200 baud 7 0x07 Checksum 8 0x68 ...

Page 162: ...es the broadcast radius recommended This parameter is only used for broadcast transmissions You can read the maximum number of payload bytes with the NP command Note Using source routing reduces the RF payload by two bytes per intermediate hop in the source route Format The following table provides the contents of the frame For details on the frame structure see API frame format Frame data fields ...

Page 163: ...t for the destination address See Transmission addressing and routing All unused and unsupported bits must be set to 0 RF data 17 n Data sent to the destination device Example The example shows how to send a transmission to a device if you disable escaping AP 1 with destination address 0x0013A200 40014011 and payload TxData1B Frame data fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x0...

Page 164: ...API transmit request frame should look like 0x7E 0x00 0x16 0x10 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xFF 0xFE 0x00 0x00 0x54 0x78 032 0x43 0x6F 0x6F 0x72 0x64 0xFC Where 0x16 length 22 bytes excluding checksum Frame data fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x16 Frame type 3 0x10 Frame ID 4 0x01 64 bit destination address MSB 5 0x00 6 0x13 7 0xA2 8 0x00 9 0...

Page 165: ...criptions XBee XBee PRO S2C ZigBee RF Module 165 Frame data fields Offset Example Broadcast radius 15 0x00 Options 16 0x00 Data payload Tx2Coord 17 0x54 18 0x78 19 0x32 20 0x43 21 0x6F 22 0x6F 23 0x72 24 0x64 Checksum 25 0xFC ...

Page 166: ... field to 0xFFFE unknown If successful the Transmit Status frame 0x8B indicates the discovered 16 bit address You can set the broadcast radius from 0 up to NH to 0xFF If set to 0 the value of NH specifies the broadcast radius recommended This parameter is only used for broadcast transmissions You can read the maximum number of payload bytes with the NP command Note Using source routing reduces the...

Page 167: ...4 Indirect Addressing 0x08 Multicast Addressing 0x20 Enable APS encryption if EE 1 0x40 Use the extended transmission timeout for this destination Enabling APS encryption decreases the maximum number of RF payload bytes by 4 below the value reported by NP Setting the extended timeout bit causes the stack to set the extended transmission timeout for the destination address See Transmission addressi...

Page 168: ... 0x00 6 0x00 7 0x00 8 0x00 9 0x00 10 0x00 11 0x00 LSB12 0x00 16 bit destination Network Address MSB 13 0xFF LSB 14 0xFE Source endpoint 15 0xA0 Destination endpoint 16 0xA1 Cluster ID 17 0x15 18 0x54 Profile ID 19 0xC1 20 0x05 Broadcast radius 21 0x00 Transmit options 22 0x00 Data payload 23 0x54 24 0x78 25 0x44 26 0x61 27 0x74 28 0x61 Checksum 29 0x3A ...

Page 169: ...ination device Reserved 64 bit address for the coordinator 0x0000000000000000 16 bit destination address 13 14 Set to 0xFFFE if the address is unknown or if sending a broadcast Remote command options 15 Bitfield to enable various remote command options Supported values include 0x01 Disable ACK 0x40 Use the extended transmission timeout for this destination Setting the extended timeout bit causes t...

Page 170: ...limiter 0 0x7E Length MSB 1 0x00 LSB 2 0x10 Frame type 3 0x17 Frame ID 4 0x01 64 bit destination address MSB 5 0x00 6 0x13 7 0xA2 8 0x00 9 0x40 10 0x40 11 0x11 LSB 12 0x22 Reserved 13 0xFF 14 0xFE Remote command options 15 0x02 apply changes AT command 16 0x42 B 17 0x48 H Command parameter 18 0x01 Checksum 19 0xF5 ...

Page 171: ... Description Frame type 3 Frame ID 4 Always set the Frame ID to 0 64 bit destination address 5 12 MSB first LSB last Set to the 64 bit address of the destination device Reserved 64 bit address for the coordinator 0x0000000000000000 Broadcast 0x000000000000FFFF 16 bit destination network address 13 14 Set to 0xFFFE if the address is unknown or if sending a broadcast Route command options 15 Set to ...

Page 172: ...bit and 16 bit addresses of 0x0013A200 40401122 and 0x3344 and if devices B C and D have the following 16 bit addresses B 0xAABB C 0xCCDD D 0xEEFF This example shows how to send the Create Source Route frame to establish a source route between A and E Frame data fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x14 Frame type 3 0x21 Frame ID 4 0x00 64 bit destination address MS...

Page 173: ...Operation Frame descriptions XBee XBee PRO S2C ZigBee RF Module 173 Frame data fields Offset Example Address 1 17 0xEE 18 0xFF Address 2 closer hop 19 0xCC 20 0xDD Address 3 21 0xAA 22 0xBB Checksum 23 0x01 ...

Page 174: ...ng reported If Frame ID 0 inATCommand Mode the device does not give anATCommand Response AT command 5 6 Command name two ASCII characters that identify the command Command status 7 0 OK 1 ERROR 2 Invalid command 3 Invalid parameter 4 Tx failure Command data The register data in binary format If the host sets the register the device does not return this field Example If you change the BD parameter ...

Page 175: ...API Operation Frame descriptions XBee XBee PRO S2C ZigBee RF Module 175 Frame data fields Offset Example Command data Checksum 8 0xF0 ...

Page 176: ... Description Frame type 3 0x8A Status 4 0 Hardware reset 1 Watchdog timer reset 2 Joined network routers and end devices 3 Disassociated 6 Coordinator started 7 Network security key was updated 0x0D Voltage supply limit exceeded PRO only 0x11 Modem configuration changed while join in progress 0x80 Ember ZigBee stack error Example When a device powers up it returns the following API frame Frame dat...

Page 177: ... retry count 7 The number of application transmission retries that occur Delivery status 8 0x00 Success 0x01 MAC ACK Failure 0x02 CCA Failure 0x15 Invalid destination endpoint 0x21 Network ACK Failure 0x22 Not Joined to Network 0x23 Self addressed 0x24 Address Not Found 0x25 Route Not Found 0x26 Broadcast source failed to hear a neighbor relay the message 0x2B Invalid binding table index 0x2C Reso...

Page 178: ...dress set to 0x7D84 or 0xFFFE Frame Fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x07 Frame type 3 0x8B Frame ID 4 0x01 16 bit destination address 5 0x7D 6 0x84 Transmit retry count 7 0x00 Delivery status 8 0x00 Discovery status 9 0x01 Checksum 10 0x71 ...

Page 179: ...ss MSB 12 The sender s 16 bit address LSB 13 Receive options 14 0x01 Packet Acknowledged 0x02 Packet was a broadcast packet 0x20 Packet encrypted with APS encryption 0x40 Packet was sent from an end device if known Note Option values can be combined For example a 0x20 and a 0x01 show as a 0x21 Other possible values 0x00 0x21 0x22 0x60 0x61 0x62 Received data 15 n The RF data that the device receiv...

Page 180: ...fields Offset Example Frame type 3 0x90 64 bit source address MSB 4 0x00 5 0x13 6 0xA2 7 0x00 8 0x40 9 0x52 10 0x2B LSB 11 0xAA 16 bit source network address MSB 12 0x7D LSB 13 0x84 Receive options 14 0x01 Received data 15 0x52 16 0x78 17 0x44 18 0x61 19 0x74 20 0x61 Checksum 21 0x0D ...

Page 181: ...he sender s 16 bit address Source endpoint 14 Endpoint of the source that initiates transmission Destination endpoint 15 Endpoint of the destination that the message is addressed to Cluster ID 16 17 The Cluster ID that the frame is addressed to Profile ID 18 19 The Profile ID that the fame is addressed to Receive options 20 0x01 Packet Acknowledged 0x02 Packet was a broadcast packet 0x20 Packet en...

Page 182: ... type 3 0x91 64 bit source address MSB 4 0x00 5 0x13 6 0xA2 7 0x00 8 0x40 9 0x52 10 0x2B LSB 11 0xAA 16 bit Source Network Address MSB 12 0x7D LSB 13 0x84 Source endpoint 14 0xE0 Destination endpoint 15 0xE0 Cluster ID 16 0x22 17 0x11 Profile ID 18 0xC1 19 0x05 Receive options 20 0x02 Received data 21 0x52 22 0x78 23 0x44 24 0x61 25 0x74 26 0x61 Checksum 27 0x52 ...

Page 183: ... options 14 Bit field 0x01 Packet acknowledged 0x02 Packet is a broadcast packet Ignore all other bits Number of samples 15 The number of sample sets included in the payload Always set to 1 Digital channel mask 1 16 17 Bitmask field that indicates which digital I O lines on the remote have sampling enabled if any Analog channel mask 2 18 Bitmask field that indicates which analog I O lines on the r...

Page 184: ... remove device with a 64 bit serial number of 0x0013A20040522BAA and a 16 bit address of 0x7D84 If you enable pin AD1 DIO1 as an analog input enable AD2 DIO2 and DIO4 as digital inputs currently high and enable AD3 DIO3 as a digital output low the I O sample is shown in the API example in the following table Frame fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x14 Frame type...

Page 185: ...API Operation Frame descriptions XBee XBee PRO S2C ZigBee RF Module 185 Frame fields Offset Example Digital samples if included 19 0x00 20 0x14 Analog sample 21 0x02 22 0x25 Checksum 23 0xF5 ...

Page 186: ... 14 0x01 Packet acknowledged 0x02 Packet is a broadcast packet 1 Wire Sensors 15 0x01 A D Sensor Read 0x02 Temperature Sensor Read 0x60 Water present module CD pin low A D Values 16 Indicates a two byte value for each of four A D sensors A B C D Set to 0xFFFFFFFFFFFFFFFF if no A Ds are found 17 18 19 20 21 22 23 Temperature Read 24 Indicates the two byte value read from a digital thermometer if pr...

Page 187: ...idity Relative Humidity 1 0546 0 00216 Temperature C Looking at the sample data we have Vsupply 234 5 1 255 4 68 Voutput 82 5 1 255 1 64 Temperature 362 16 22 625 C Relative H 161 2903 1 64 4 68 0 16 161 2903 0 19043 30 71 True H 30 71 1 0546 0 00216 22 625 30 71 1 00573 30 54 Frame fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x17 Frame type 3 0x94 64 bit source address MS...

Page 188: ...on Frame descriptions XBee XBee PRO S2C ZigBee RF Module 188 Frame fields Offset Example A D Values 16 0x00 17 0x02 18 0x00 19 0xCE 20 0x00 21 0xEA 22 0x00 23 0x52 Temperature Read 24 0x01 25 0x6A Checksum 26 0x8B ...

Page 189: ...dged 0x02 Packet was a broadcast packet Source 16 bit address 15 16 Set to the 16 bit network address of the remote device Set to 0xFFFE if unknown 64 bit network address 17 24 Indicates the 64 bit address of the remote device that transmitted the Node Identification Indicator frame NI string 25 26 Node identifier string on the remote device The NI string is terminated with a NULL byte 0x00 Device...

Page 190: ...tification all devices on the network receive the following node identification indicator If you press the commissioning button on a remote router device with 64 bit address 0x0013A200 40522BAA 16 bit address 0x7D84 and default NI string devices on the network receive the node identification indicator Frame data fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x20 Frame type 3...

Page 191: ...Offset Example 64 bit network address 17 0x00 18 0x13 19 0xA2 20 0x00 21 0x40 22 0x52 23 0x2B 24 0xAA NI string 25 0x20 26 0x00 Parent 16 bit address 27 0xFF 28 0xFE Device type 29 0x01 Source event 30 0x01 Digi Profile ID 31 0xC1 32 0x05 Digi Manufacturer ID 33 0x10 34 0x1E Checksum 35 0x1B ...

Page 192: ...emote address 5 12 The address of the remote device returning this response 16 bit source remote address 13 14 Set to the 16 bit network address of the remote device returning this response Set to 0xFFFE if unknown AT commands 15 16 The name of the command Command status 17 0 OK 1 ERROR 2 Invalid Command 3 Invalid Parameter 4 Remote Command Transmission Failed Command data 18 n The register data i...

Page 193: ... fields Offset Example 64 bit source remote address MSB 5 0x00 6 0x13 7 0xA2 8 0x00 9 0x40 10 0x52 11 0x2B LSB 12 0xAA 16 bit source remote address MSB 13 0x7D LSB 14 0x84 AT commands 15 0x53 16 0x4C Command status 17 0x00 Command data 18 0x40 19 0x52 20 0x2B 21 0xAA Checksum 22 0xF4 ...

Page 194: ...essages are disabled while the device is operating in Command mode Prior to that revision Verbose Join messages are interspersed with serial communications Format The following table provides the contents of the frame For details on frame structure see API frame format Frame data fields Offset Description Frame type 3 0x98 Status code 4 See the following table for status code descriptions Status d...

Page 195: ...ring Description Status data Description 0x00 Rejoin A join attempt is being started rejoinState 1 The rejoinState is a count of join attempts 0x01 Stack Status Shows status and state EmberStatus 1 0x00 no network 0x01 joining 0x02 joined 0x03 joined no parent 0x04 leaving emberNetworkStat e 1 0x90 Network is up and ready to receive transmit 0x91 Network is down and cannot receive transmit 0x94 Jo...

Page 196: ...ata received from a neighboring node in response to a beacon request ZS stackProfile 1 See ZS ZigBee Stack Profile extendedPanId 8 64 bit PAN Identifier for network allowingJoin 1 0x00 not permitting joins to its network 0x01 permitting joins to its network radioChannel 1 channel number ranging from 11 to 26 0x0B to 0x1A panid 2 16 bit PAN Identifier for network rssi 1 maximum relative signal stre...

Page 197: ...d 2 16 bit PAN Identifier for network extendedPanId 8 64 bit PAN Identifier for network 0x0B AI AI value has changed AIStatusCode 1 See a description of AI Association Indication 0x0C Permit Join NJ setting Permit Join Duration has changed value 1 See a description of the NJ Node Join Time command 0x0D Scanning Active scanning has begun ChannelMask 4 A 32 bit value driven by the SC setting where b...

Page 198: ...r ranging from 11 to 26 0x0B to 0x1A 0x19 Scan Mode Shows phase of Ordered Association mode 1 0 first bestcandidate 1 ordered association by extpanid then by channel 0x1A Scan Init Starting a scan channel 1 TxPower 1 channel being scanned low level radio transmit power setting 0x1D Energy Scan channel mask Starting energy scan SC mask 4 Scan channel mask 0x1E Energy Scan energies Channel Energies ...

Page 199: ...ace messages to explain the content and are preceded by an ellipsis OK atid3151 OK configured pan identifier has been changed atdc10 OK and verbose join enabled atac OK applying changes to the configuration V AI Searching for Parent FF search has started V AI Searching for Parent FF and started again V Scanning 03FFF800 Channels 11 through 25 are enabled by the SC setting for the Active Search V B...

Page 200: ...t ZS beacon response s ZS does not match this radio s ZS setting of 0x00 V Beacon Rsp 000000000000003151010EE29FDFFF V Beacon Saved 0E05E29F0000000000003151 this beacon response is acceptable as a candidate for association V Joining 0E05E29F0000000000003151 sending association request V Stack Status joined network up 0290 we are joined the network is up we can send and transmit V Joined V AI Assoc...

Page 201: ...e radio returning this response 16 bit destination address 12 13 The 16 bit address of the updater device Receive options 14 0x01 Packet Acknowledged 0x02 Packet was a broadcast Bootloader message type 15 0x06 ACK 0x15 NACK 0x40 No Mac ACK 0x51 Query received if the bootloader is not active on the target 0x52 Query Response Block number 16 Block number used in the update request Set to 0 if not ap...

Page 202: ...ype 3 0xA0 64 bit source remote address MSB 4 0x00 5 0x13 6 0xA2 7 0x00 8 0x40 9 0x3E 10 0x07 11 0x50 16 bit destination address 12 0x00 13 0x00 Receive options 14 0x01 Bootloader message type 15 0x52 Block number 16 0x00 64 bit target address 17 0x00 18 0x13 19 0xA2 20 0x00 21 0x40 22 0x52 23 0x2B 24 0xAA Checksum 25 0x66 ...

Page 203: ... bit address of the device that initiated the route record Receive options 14 0x01 Packet Acknowledged 0x02 Packet was a broadcast Number of addresses 15 The number of addresses in the source route excluding source and destination Address 1 16 17 neighbor of destination Address 2 closer hop 18 19 Address of intermediate hop Address n neighbor of source 20 Two bytes per 16 bit address 21 Example Su...

Page 204: ...ype 3 0xA1 64 bit source remote address MSB 4 0x00 5 0x13 6 0xA2 7 0x00 8 0x40 9 0x40 10 0x11 11 0x22 Source updater 16 bit address 12 0x33 13 0x44 Receive options 14 0x01 Number of Addresses 15 0x03 Address 1 16 0xEE 17 0xFF Address 2 closer hop 18 0xCC 19 0xDD Address n neighbor of source 20 0xAA 21 0xBB Checksum 22 0x80 ...

Page 205: ...mote address 4 11 MSB first LSB last The 64 bit address of the device that sent the many to one route request Source 16 bit address 12 13 MSB first LSB last The 16 bit address of the device that initiated the many to one route request Reserved 14 Set to 0 Example Suppose a device with a 64 bit address of 0x0013A200 40401122 and 16 bit address of 0x0000 sends a many to one route request All remote ...

Page 206: ...ation or smart energy or when communicating with ZigBee devices from other vendors You can also use the ZDO to perform several management functions such as frequency agility energy detect and channel changes Mgmt Network Update Request discovering routes Mgmt Routing Request and neighbors Mgmt LQI Request and managing device connectivity Mgmt Leave and Permit Join Request The following table shows...

Page 207: ...ies the data frame for the host to correlate with a subsequent transmit status If set to 0 the device does not send a response out the serial port 64 bit destination address 5 12 MSB first LSB last The 64 bit address of the destination device big endian byte order For unicast transmissions set to the 64 bit address of the destination device or to 0x0000000000000000 to send a unicast to the coordin...

Page 208: ...bit address in the API example 0x1234 is sent in little endian byte order 0x3412 24 25 Example The following example shows how you can use the Explicit API frame to send an Active Endpoints request to discover the active endpoints on a device with a 16 bit address of 0x1234 Frame data fields Offset Example Start delimiter 0 0x7E Length MSB 1 0x00 LSB 2 0x17 Frame type 3 0x11 Frame ID 4 0x01 64 bit...

Page 209: ...ic profile or for interoperability applications can skip this section The following table shows some prominent clusters with their respective attributes and commands Cluster Cluster ID Attributes Attribute ID Cluster ID Basic 0x0000 Application Version 0x0001 Hardware Version 0x0003 Model Identifier 0x0005 Reset to defaults 0x00 Identify 0x0003 Identify Time 0x0000 Identify 0x00 Identify Query 0x0...

Page 210: ... the ZCL command API Payload for example u16 u32 64 bit addresses must be sent in little endian byte order for the command to be executed correctly on a remote device Note When sending ZCL commands set the AO command to 1 to enable the explicit receive API frame This provides indication of the source 64 and 16 bit addresses cluster ID profile ID and endpoint information for each received packet Th...

Page 211: ...B 14 Source endpoint 15 Set to the source endpoint on the sending device 0x41 arbitrarily selected Destination endpoint 16 Set to the destination endpoint on the remote device 0x42 arbitrarily selected Cluster ID MSB 17 Set to the cluster ID that corresponds to the ZCL command being sent 0x0000 Basic Cluster LSB 18 Profile ID MSB 19 Set to the profile ID supported on the device 0xD123 arbitrarily ...

Page 212: ...ote The 16 bit Attribute ID 0x0003 is sent in little endian byte order 0x0300 All multi byte ZCL header and payload values must be sent in little endian byte order 27 0xFF minus the 8 bit sum of bytes from offset 3 to this byte Example In this example the Frame Control field offset 23 is constructed as follows Name Bits Example Value Description Frame Type 0 1 00 Command acts across the entire pro...

Page 213: ...11 0x12 LSB12 0x34 16 bit destination network address MSB 13 0xFF LSB 14 0xFE Source endpoint 15 0x41 Destination endpoint 16 0x42 Cluster ID MSB 17 0x00 LSB 18 0x00 Profile ID MSB 19 0xD1 LSB 20 0x23 Broadcast radius 21 0x00 Transmit options 22 0x00 Data payload ZCL frame header Frame control 23 0x00 Transaction sequence number 24 0x01 Command ID 25 0x00 ZCL payload Attribute ID 26 0x03 27 0x00 C...

Page 214: ...rs and smart appliances for a duration of 1 minute starting immediately Note When sending public profile commands set the AO command to 1 to enable the explicit receive API frame This provides indication of the source 64 and 16 bit addresses cluster ID profile ID and endpoint information for each received packet This information is required to properly decode received data Frame specific data Fram...

Page 215: ... to 0 Data payload ZCL frame header Frame control 23 Bitfield that defines the command type and other relevant information in the ZCL command For more information see the ZCL specification Transaction sequence number 24 A sequence number used to correlate a ZCL command with a ZCL response The hardware version response will include this byte as a sequence number in the response The value 0x01 was a...

Page 216: ...6 Duration in minutes 37 This 2 byte value must be sent in little endian byte order 38 Criticality level 39 Indicates the criticality level of the event In this example the level is voluntary Cooling temperature 40 Requested offset to apply to the normal cooling set point A value of 0xFF indicates the temperature offset value is not used Heating temperature offset 41 Requested offset to apply to t...

Page 217: ... indicates the duty cycle is not used in this event Duty cycle event control 48 A bitmap describing event options Example In this example the Frame Control field offset 23 is constructed as follows Name Bits Example Value Description Frame Type 0 1 01 Command is specific to a cluster Manufacturer Specific 2 0 The manufacturer code field is omitted from the ZCL Frame Header Direction 3 1 The comman...

Page 218: ...64 bit destination address MSB 5 0x00 6 0x13 7 0xA2 8 0x00 9 0x40 10 0x40 11 0x12 LSB 12 0x34 16 bit destination network address MSB 13 0x56 LSB 14 0x78 Source endpoint 15 0x41 Destination endpoint 16 0x42 Cluster ID MSB 17 0x07 LSB 18 0x01 Profile ID MSB 19 0x01 LSB 20 0x09 Broadcast radius 21 0x00 Transmit options 22 0x00 ...

Page 219: ... ID 26 0x78 27 0x56 28 0x34 29 0x12 Device class 30 0x14 31 0x00 Utility enrollment group 32 0x00 Start time 33 0x00 34 0x00 35 0x00 36 0x00 Duration in Minutes 37 0x01 38 0x00 Criticality level 39 0x04 Cooling temperature 40 0xFF Heating temperature offset 41 0xFF Cooling temperature set point 42 0x00 43 0x80 Heating temperature set point 44 0x00 45 0x80 Average load adjustment percentage 46 0x80...

Page 220: ...mmands 225 Security commands 231 RF interfacing commands 232 Serial interfacing commands 234 I O settings commands 238 Diagnostic commands 250 Command mode options 251 Sleep commands 252 Execution commands 255 XBee XBee PRO S2C ZigBee RF Module 220 ...

Page 221: ...FFFFF Default 0 DL Destination Address Low Set or read the upper 32 bits of the 64 bit destination address When you combine DH with DL it defines the 64 bit destination address that the device uses for data transmission Special definitions for DH and DL include 0x000000000000FFFF broadcast and 0x0000000000000000 coordinator Parameter range 0 0xFFFFFFFF Default 0xFFFF Coordinator 0 Router End Devic...

Page 222: ... XBee in the factory The 64 bit source address is always enabled This value is read only and it never changes Parameter range 0 0xFFFFFFFF read only Default Set in the factory NI Node Identifier Stores the node identifier string for a device which is a user defined name or description of the device This can be up to 20 ASCII characters n XCTU prevents you from exceeding the string limit of 20 char...

Page 223: ...or all data transmissions The default value 0xE8 is the Digi data endpoint Parameter range 0 0xFF Default 0xE8 CI Cluster ID XBee XBee PRO ZigBee RF Module Sets or reads the application layer ID value Use this value as the cluster ID for all data transmissions CI is only used in transparent mode Parameter range 0 0xFFFF Default 0x11 Transparent data cluster ID TO Transmit Options The bitfield that...

Page 224: ...ing AR 0xFF further reduces the maximum payload size Note NP returns a hexadecimal value For example if NP returns 0x54 this is equivalent to 84 bytes Parameter range 0 0xFFFF bytes read only Default read only DD Device Type Identifier Stores the Digi device type identifier value Use this value to differentiate between multiple XBee devices Digi reserves the range 0 0xFFFFFF For the XBee ZB SMT de...

Page 225: ...e 0 0x0B 0x19 XBee PRO Channels 11 25 Default read only CE Coordinator Enable Sets or reads whether the device is a coordinator Parameter range Parameter Description 0 Not a Coordinator 1 Coordinator SM must be 0 to set CE to 1 Default 0 ID Extended PAN ID Set or read the 64 bit extended PAN ID If set to 0 the coordinator selects a random extended PAN ID and the router end device joins any extende...

Page 226: ... is enough time for data and the acknowledgment to traverse approximately 8 hops Parameter range 0 0xFF Default 0x1E BH Broadcast Hops The maximum transmission hops for broadcast data transmissions Parameter range 0 0x1E Default 0 OI Operating 16 bit PAN ID Read the 16 bit PAN ID The OI value reflects the actual 16 bit PAN ID where the device is running Parameter range 0 0xFFFF Default read only N...

Page 227: ...ame Parameter range 0 0x03 bit field Bit field Option Description 0x01 Append the DD Digi Device Identifier value to ND responses or API node identification frames 0x02 Local device sends ND response frame when the ND is issued Default 0x0 SC Scan Channels Set or read the list of channels to scan Coordinator Bit field list of channels to choose from prior to starting network Router End Device Bit ...

Page 228: ...llowed to transmit at more than 6 dBm n For the XBee PRO TH module Channel 26 is not allowed to transmit at more than 2 dBm Default 0x7FFF SD Scan Duration Sets or reads the scan duration exponent Write changes to SD using the WR command Note If you enable channel 26 0x8000 in the search channel mask SC the device caps transmit power on all channels at 3 dBm during network formation or joining Coo...

Page 229: ...lliseconds to scan IEEE 802 15 4 channels 11 through 26 The device loops through all 16 channels until the time elapses and returns the maximal energy on each channel In Transparent mode a comma must follow each value with the list ending with a carriage return The values returned reflect the detected energy level in units of dBm Convert an ED response of 49 3A and so on to decimal to become 73 dB...

Page 230: ... detected the router or end device leaves its current channel and attempts to join a new PAN If JV 0 the router or end device continues operating on its current channel even if a coordinator is not detected Parameter range 0 Channel verification disabled 1 Channel verification enabled Default 0 NW Network Watchdog Timeout Set or read the network watchdog timeout value If NW is set 0 the router mon...

Page 231: ...d units Parameter range 0 0xFF x10 sec Default 0xFF disabled Security commands The following AT commands are security commands EE Encryption Enable Set or read the encryption enable setting Parameter range 0 1 Parameter Description 0 Disabled 1 Enabled Default 0 EO Encryption Options Configure options for encryption when EE 1 Set unused option bits to 0 Options include Options Description 0x01 Zig...

Page 232: ...key in the clear when joining Parameter range 128 bit value Default 0 RF interfacing commands The following AT commands are RF interfacing commands PL TX Power Level Sets or reads the power level at which the device transmits conducted power For XBee PRO PL 4 is calibrated and the remaining power levels are approximate The device recalibrates its power setting every 15 seconds based on factory cal...

Page 233: ...roves the receive sensitivity by 2dB and increase the transmit power by 3dB This command is disabled on the XBee PRO and is forced on by the software to provide extra sensitivity Boost mode imposes a slight increase in current draw Parameter range 0 1 Setting Meaning 0 Boost mode disabled 1 Boost mode enabled Default 1 DB Received Signal Strength This command reports the received signal strength o...

Page 234: ...PL4 Parameter range 0x0 0x12 Default read only Serial interfacing commands The following AT commands are serial interfacing commands API Enable Enables API Mode The device ignores this command when using SPI API mode 1 is always used Parameter range 0 2 Parameter Description 0 API disabled operate in Transparent mode 1 API enabled 2 API enabled with escaped control characters Default 0 AO API Opti...

Page 235: ...ll as Simple_Desc_req Active_EP_req and Match_Desc_req Default 0 BD Interface Data Rate The device interprets any value above 0x0A as an actual baud rate Standard baud rates up to 115200 are supported Non standard baud rates above 115200 are permitted but their performance is not guaranteed Parameter range Value Description 0x1 2 400 b s 0x2 4 800 b s 0x3 9 600 b s 0x4 19 200 b s 0x5 38 400 b s 0x...

Page 236: ...00 b s 0xA 921600 b s Default 0x03 9600 b s NB Parity Set or read the serial parity settings for UART communications Parameter range Parameter Description 0x00 No parity 0x01 Even parity 0x02 Odd parity 0x03 Mark parity Default 0x00 SB Stop Bits Sets or reads the number of stop bits for UART communications Parameter range 0x00 0x01 Parameter Configuration 0x00 One stop bit 0x01 Two stop bits Defau...

Page 237: ...ted when operating in Transparent mode Parameter range 0 0xFF x character times Default 3 Sets or displays the DIO7 CTS pin configuration TH pin 12 SMT pin 25 Parameter range 0 1 3 7 Parameter Description 0 Unmonitored digital input 1 CTS flow control 3 Digital input 4 Digital output low 5 Digital output high 6 RS 485 Tx enable low Tx 7 RS 485 Tx enable high high Tx Default 0x1 D6 DIO6 RTS Sets or...

Page 238: ...nality of at least one device pin The sample rate is measured in milliseconds For more information see the following commands n D0 AD0 DIO0 Configuration through D9 DIO9 ON_SLEEP n P0 RSSI PWM0 Configuration through P4 DIO14 DIN WARNING If you set IR to 1 or 2 the device will not keep up and many samples will be lost Parameter range 0 0x32 0xFFFF ms Default 0 IC Digital Change Detection Set or rea...

Page 239: ...arameter range 0 0xFFFF bit field Default 0 P0 RSSI PWM0 Configuration Select or read the function for PWM0 Parameter range 0 1 3 5 Parameter Description 0 Unmonitored digital input 1 RSSI PWM0 3 Digital input monitored 4 Digital output default low 5 Digital output default high Default 1 P1 DIO11 PWM1 Configuration Set the configure options for the device s DIO11 line ...

Page 240: ...gh Default 0 P2 DIO12 Configuration Set the configuration options for the DIO12 line of the RF device Parameter range Parameter Description 0 Unmonitored digital input 1 SPI_MISO 3 3 Digital input monitored 4 4 Digital output default low 5 Digital output default high Default 0 P3 DIO13 DOUT Configuration Set or read the configuration options for the DIO13 line of the RF module Parameter range 0 1 ...

Page 241: ...eter Description 0 Unmonitored digital input 1 Data in for UART 3 Digital input 4 Digital output low 5 Digital output high Default 1 P5 DIO15 SPI_MISO The DIO15 SPI_MISO pin configuration pin 17 This only applies to surface mount devices Parameter range 0 1 Parameter Description 0 Unmonitored digital input 1 Output from SPI port Default 1 P6 SPI_MOSI Configuration The DIO16 SPI_MOSI pin configurat...

Page 242: ... surface mount devices Parameter range 0 1 Parameter Description 0 Unmonitored digital input 1 Input to select the SPI port Default 1 P8 DIO18 SPI_SCLK The DIO18 SPI_SCLK pin configuration TH pin 18 SMT pin 14 This only applies to surface mount devices Parameter range 0 1 Parameter Description 0 Unmonitored digital input 1 SPI clock input Default 1 P9 DIO19 SPI_ATTN PTI_DATA Sets or read the funct...

Page 243: ...0 AD0 DIO0 Configuration Sets or reads the function of AD0 DIO0 Parameter range 0 5 Parameter Description 0 Unmonitored digital input 1 Commissioning Pushbutton 2 Analog input single ended 3 Digital input 4 Digital output low 5 Digital output high Default 1 D1 AD1 DIO1 PTI_En Configuration Set or read the function for the AD1 DIO1 PTI_En configuration Parameter range 0 6 Parameter Description 0 Un...

Page 244: ...t traces for OTA sniffing Default 0 D2 AD2 DIO2 Configuration Select or read the function for AD2 DIO2 pin 18 Parameter range 0 5 0 1 Parameter Description 0 Unmonitored digital input 1 SPI_CLK for through hole devices 2 Analog input single ended 3 Digital input 4 Digital output low 5 Digital output high Default 0 D3 AD3 DIO3 Configuration Select or read the function for AD3 DIO3 Parameter range 0...

Page 245: ...ction for DIO4 Parameter range 0 1 3 5 Parameter Description 0 Unmonitored digital input 1 SPI_MOSI for the through hole device 3 Digital input 4 Digital output low 5 Digital output high Default 0 D5 DIO5 Associate Configuration Configure options for the DIO5 line of the device Parameter range 0 1 3 5 Parameter Description 0 Unmonitored digital input 1 Associate LED indicator blinks when associate...

Page 246: ...tput high Default N A D9 DIO9 ON_SLEEP The DIO9 ON_SLEEP pin configuration pin 13 for through hole pin 26 for surface mount Parameter range 0 1 3 5 Parameter Description 0 Disabled 1 ON SLEEP output 2 N A 3 Digital input 4 Digital output low 5 Digital output high Default 1 LT Associate LED Blink Time Set or read the Associate LED blink time If you use the D5 command to enable the Associate LED fun...

Page 247: ... no internal pull up down resistor The following table defines the bit field map for PR command PR and PD only affect lines that are configured as digital inputs or disabled The following table defines the bit field map for PR and PD commands Bit I O line Module pin 0 DIO4 24 SMT 11 TH 1 AD3 DIO3 30 SMT 17 TH 2 AD2 DIO2 31 SMT 18 TH 3 AD1 DIO1 32 SMT 19 TH 4 AD0 DIO0 33 SMT 20 TH 5 RTS DIO6 SMT 16...

Page 248: ...duration of pulse width modulation PWM signal output on the RSSI pin The signal duty cycle updates with each received packet and shuts off when the timer expires When RP 0xFF the output is always on Parameter range 0 0xFF x 100 ms Default 0x28 four seconds DC Device Controls Bit settings to enable or disable certain behaviors Bit Description 0 Joiner Global Link Key Indicates whether a joiner node...

Page 249: ...t 5 Disable ACK for end device I O sampling 6 Enable high ram concentrator 7 Enable NW to find new network before leaving the network Parameter range 0x00 0xFF Default 0x00 V Voltage Supply Monitoring Reads the voltage on the Vcc pin in mV Parameter range 0x 0xFFFF read only Default N A V Voltage Supply Monitoring Set the voltage supply threshold with the V command If the measured supply voltage f...

Page 250: ... 4 digit hex number Parameter range 0 0xFFFF read only Default Set in the factory VL Version Long Shows detailed version information device type time stamp for the build Ember stack version and bootloader version Parameter range N A Default N A HV Hardware Version Display the hardware version number of the device Read the device s hardware version Use this command to distinguish between different ...

Page 251: ...ate node should not be attempting to join at this time 0x27 Node Joining attempt failed typically due to incompatible security settings 0x2A Coordinator Start attempt failed 0x2B Checking for an existing coordinator 0x2C Attempt to leave the network failed 0xAB Attempted to join a device that did not respond 0xAD Secure join error network security key not received 0xAF Secure join error joining de...

Page 252: ...uired period of silence before and after the command sequence characters of the Command mode sequence GT CC GT The period of silence prevents inadvertently entering Command mode Parameter range 0x1 0x0CE4 x 1 ms max of 3 3 decimal sec Default 0x3E8 one second CC Command Character Sets or reads the ASCII character value the device uses between Guard Times of the Command mode sequence GT CC GT The C...

Page 253: ...ter 4 End device SN Number of Cycles Between ON_SLEEP Set or read the number of sleep periods value This command controls the number of sleep periods that must elapse between assertions of the ON_SLEEP line during the wake time if no RF data is waiting for the end device This command allows a host application to sleep for an extended time if no RF data is present Parameter range 1 0xFFFF Default 1...

Page 254: ... 0x02 Always wake for ST time 0x04 Sleep entire SN SP time Default 0 WH Wake Host Delay Sets or reads the wake host timer value You can use WH to give a sleeping host processor sufficient time to power up after the device asserts the ON_SLEEP line If you set WH to a non zero value this timer specifies a time in milliseconds that the device delays after waking from sleep before sending data out the...

Page 255: ...are applied with the AC command The CN command and 0x08 API command frame also apply changes Parameter range N A Default N A AS Active Scan Scans the neighborhood for beacon responses The AS command is only valid as a local command Response frames are structured as AS_type unsigned byte 2 ZB firmware uses a different format than XBee Wi Fi which is type 1 Channel unsigned byte PAN unsigned word in...

Page 256: ... device Parameter range N A Default N A FR Software Reset Resets the device The device responds immediately with an OK and performs a reset 100 ms later If you issue FR while the device is in Command Mode the reset effectively exits Command mode Parameter range N A Default N A NR Network Reset Resets network layer parameters on one or more modules within a PAN Responds immediately with an OK then ...

Page 257: ...ushbutton once See Commissioning pushbutton Parameter range 1 2 4 Default N A X Clear Binding and Group Tables Resets the binding and group tables Parameter range N A Default N A ND Node Discovery Discovers and reports all of the devices it finds on a network The command reports the following information after a jittered time delay PARENT_NETWORK ADDRESS CR 2 Bytes always 0xFFFE PARENT_NETWORK ADD...

Page 258: ...20 DN Destination Node Resolves an NI Node identifier string to a physical address case sensitive The following events occur after DN discovers the destination node When DN is sent in Command mode AT Firmware 1 The device sets DL and DH to the address of the device with the matching NI string The address selected either 16 bit short address or 64 bit extended address is chosen based on the destina...

Page 259: ...AT commands Execution commands XBee XBee PRO S2C ZigBee RF Module 259 Parameter range N A Default N A ...

Page 260: ...e XBee XBee PRO ZigBee RF Module You can customize default parameters or write or load custom firmware for the Ember EM357 chip XCTU configuration tool 261 XBee Bootloader 261 Programming XBee modules 261 Writing custom firmware 262 XBee XBee PRO S2C ZigBee RF Module 260 ...

Page 261: ...er s EZSP UART image into the devices during manufacturing Contact Digi to create a custom configuration XBee Bootloader XBee modules use a modified version of Ember s bootloader This bootloader version supports a custom entry mechanism that uses module pins DIN pin 4 SMT pin 3 TH DTR SLEEP_RQ pin 10 SMT pin9 TH and RTS pin 29 SMT pin16 TH To invoke the bootloader do the following 1 Set DTR SLEEP_...

Page 262: ...for an XModem CRC upload of an ebl image over the serial line at 115200 b s Send the ebl file to the EM357 in order If the firmware image is successfully loaded the bootloader outputs a complete string Invoke the newly loaded firmware by sending a 2 to the device If the firmware image is not successfully loaded the bootloader outputs an aborted string It return to the main bootloader menu Some cau...

Page 263: ...IO_PxIN always reads 1 Input floating 0x4 Digital input without an internal pull up or pull down Output is disabled Input pull up or pull down 0x8 Digital input with an internal pull up or pull down A set bit in GPIO_PxOUT selects pull up and a cleared bit selects pull down Output is disabled Output push pull 0x1 Push pull output GPIO_PxOUT controls the output Output open drain 0x5 Open drain outp...

Page 264: ...unctions The following table indicates the JTAG signal name the primary connection pin on the device the secondary connection pin and the secondary signal name CAUTION Do not load the secondary pins with circuitry that might interfere with JTAG programming for example an LED tied directly to the ASSOCIATE DIO5 line Any loading circuitry should be buffered to avoid conflicts for example connecting ...

Page 265: ...Regulatory information United States FCC 266 Europe CE 284 IC Industry Canada 286 Australia RCM 288 ANATEL Brazil 288 South Korea 291 XBee XBee PRO S2C ZigBee RF Module 265 ...

Page 266: ...ept any interference received including interference that may cause undesired operation Required FCC Label for OEM products containing the XBee S2C SMT RF Module Contains FCC ID MCQ XBS2C This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received inc...

Page 267: ...the module will be used for portable applications the device must undergo SAR testing This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency e...

Page 268: ...en approved for use with this module Cable loss is required when using gain antennas as shown in the tables Digi does not carry all of these antenna variants Contact Digi Sales for available antennas 1 If using the RF module in a portable application for example if the module is used in a hand held device and the antenna is less than 25 cm from the human body when the device is in operation The in...

Page 269: ...ted whip 1 5 Fixed Mobile 20 cm N A N A Dipole antennas A24 HASM 450 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed 20 cm N A N A A24 HABSM Dipole Articulated RPSMA 2 1 Fixed 20 cm N A N A 29000095 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed Mobile 20 cm N A N A A24 HABUF P5I Dipole Half wave articulated bulkhead mount U FL w 5 pigtail 2 1 Fixed Mobile 20 cm N A N A A24 HASM 525 Dipole Half...

Page 270: ...tion 7 2 Fixed 2 m N A N A A24 M7NF Omni directional Mag mount base station 7 2 Fixed 2 m N A N A A24 F15NF Omni directional Fiberglass base station 15 0 Fixed 2 m N A 5 0 Panel antennas A24 P8SF Flat Panel 8 5 Fixed 2 m N A 3 0 A24 P8NF Flat Panel 8 5 Fixed 2 m N A 3 0 A24 P13NF Flat Panel 13 0 Fixed 2 m N A 7 5 A24 P14NF Flat Panel 14 0 Fixed 2 m N A 8 5 A24 P15NF Flat Panel 15 0 Fixed 2 m N A 9...

Page 271: ...er reduction attenuation required Channels 11 25 Channel 26 A24 Y12NF Yagi 12 element 12 0 Fixed 2 m N A 6 0 A24 Y13NF Yagi 13 element 12 0 Fixed 2 m N A 6 0 A24 Y15NF Yagi 15 element 12 5 Fixed 2 m N A 6 5 A24 Y16NF Yagi 16 element 13 5 Fixed 2 m N A 7 5 A24 Y16RM Yagi 16 element RPSMA connector 13 5 Fixed 2 m N A 7 5 A24 Y18NF Yagi 18 element 15 0 Fixed 2 m N A 9 0 ...

Page 272: ...A24 QI Monopole Integrated whip 1 5 Fixed Mobile 20 cm N A N A Dipole antennas A24 HASM 450 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed 20 cm N A N A A24 HABSM Dipole Articulated RPSMA 2 1 Fixed 20 cm N A N A 29000095 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed Mobile 20 cm N A N A A24 HABUF P5I Dipole Half wave articulated bulkhead mount U FL w 5 pigtail 2 1 Fixed Mobile 20 cm N A N A A...

Page 273: ... 6 0 A24 W7NF Omni directional Fiberglass base station 7 2 Fixed 2 m N A 1 2 A24 M7NF Omni directional Mag mount base station 7 2 Fixed 2 m N A 1 2 A24 F15NF Omni directional Fiberglass base station 15 0 Fixed 2 m N A 9 0 Panel antennas A24 P8SF Flat Panel 8 5 Fixed 2 m N A 2 5 A24 P8NF Flat Panel 8 5 Fixed 2 m N A 2 5 A24 P13NF Flat Panel 13 0 Fixed 2 m N A 7 0 A24 P14NF Flat Panel 14 0 Fixed 2 m...

Page 274: ...annels 11 25 Channel 26 A24 Y10NF Yagi 10 element 11 0 Fixed 2 m N A 5 A24 Y12NF Yagi 12 element 12 0 Fixed 2 m N A 6 5 A24 Y13NF Yagi 13 element 12 0 Fixed 2 m N A 6 5 A24 Y15NF Yagi 15 element 12 5 Fixed 2 m N A 6 5 A24 Y16NF Yagi 16 element 13 5 Fixed 2 m N A 7 5 A24 Y16RM Yagi 16 element RPSMA connector 13 5 Fixed 2 m N A 7 5 A24 Y18NF Yagi 18 element 15 0 Fixed 2 m 0 4 9 0 ...

Page 275: ... N A A24 QI Monopole Integrated whip 1 5 Fixed Mobile 20 cm N A N A Dipole antennas A24 HASM 450 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed 20 cm N A N A A24 HABSM Dipole Articulated RPSMA 2 1 Fixed 20 cm N A N A 29000095 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed Mobile 20 cm N A N A A24 HABUF P5I Dipole Half wave articulated bulkhead mount U FL w 5 pigtail 2 1 Fixed Mobile 20 cm N A ...

Page 276: ... A24 W7NF Omni directional Fiberglass base station 7 2 Fixed 2 m N A 5 A24 M7NF Omni directional Mag mount base station 7 2 Fixed 2 m N A 5 A24 F15NF Omni directional Fiberglass base station 15 0 Fixed 2 m 1 1 8 3 Panel antennas A24 P8SF Flat Panel 8 5 Fixed 2 m 2 8 4 5 A24 P8NF Flat Panel 8 5 Fixed 2 m 2 8 4 5 A24 P13NF Flat Panel 13 0 Fixed 2 m 7 3 9 0 A24 P14NF Flat Panel 14 0 Fixed 2 m 8 3 10 ...

Page 277: ...nels 11 25 Channel 26 A24 Y10NF Yagi 10 element 11 0 Fixed 2 m 4 6 6 4 A24 Y12NF Yagi 12 element 12 0 Fixed 2 m 5 6 7 4 A24 Y13NF Yagi 13 element 12 0 Fixed 2 m 5 6 7 4 A24 Y15NF Yagi 15 element 12 5 Fixed 2 m 6 1 7 9 A24 Y16NF Yagi 16 element 13 5 Fixed 2 m 7 1 8 9 A24 Y16RM Yagi 16 element RPSMA connector 13 5 Fixed 2 m 7 1 8 9 A24 Y18NF Yagi 18 element 15 0 Fixed 2 m 8 6 10 4 ...

Page 278: ...A24 QI Monopole Integrated whip 1 5 Fixed Mobile 20 cm N A N A Dipole antennas A24 HASM 450 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed Mobile 20 cm N A N A A24 HABSM Dipole Articulated RPSMA 2 1 Fixed 20 cm N A N A 29000095 Dipole Half wave articulated RPSMA 4 5 2 1 Fixed Mobile 20 cm N A N A A24 HABUF P5I Dipole Half wave articulated bulkhead mount U FL w 5 pigtail 2 1 Fixed 20 cm N A N A A...

Page 279: ...xed 2 m N A 9 A24 W7NF Omni directional base station 7 2 Fixed 2 m N A N A A24 M7NF Omni directional Mag mount base station 7 2 Fixed 2 m N A N A A24 F15NF Omni directional Fiberglass base station 15 0 Fixed 2 m 2 5 3 9 Panel antennas A24 P8SF Flat Panel 8 5 Fixed 2 m 1 1 6 A24 P8NF Flat Panel 8 5 Fixed 2 m 1 1 6 A24 P13NF Flat Panel 13 Fixed 2 m 5 5 6 1 A24 P14NF Flat Panel 14 Fixed 2 m 6 5 7 1 A...

Page 280: ...els 11 25 Channel 26 A24 Y10NF Yagi 10 element 11 0 dBi Fixed 2 m 2 5 2 0 A24 Y12NF Yagi 12 element 12 0 Fixed 2 m 3 5 3 0 A24 Y13NF Yagi 13 element 12 0 Fixed 2 m 3 5 3 0 A24 Y15NF Yagi 15 element 12 5 Fixed 2 m 4 0 3 5 A24 Y16NF Yagi 16 element 13 5 Fixed 2 m 5 0 4 5 A24 Y16RM Yagi 16 element RPSMA connector 13 5 Fixed 2 m 5 0 4 5 A24 Y18NF Yagi 18 element 15 0 Fixed 2 m 6 5 6 0 ...

Page 281: ...s 11 to 24 Required cable loss or power reduction from 8 dBm channel 25 Required cable loss or power reduction from 1 dBm channel 26 Yagi Class Antennas A24 Y6NF Yagi 6 element 8 8 Fixed 20 cm 0 0 5 A24 Y7NF Yagi 7 element 9 0 Fixed 20 cm 0 0 5 A24 Y9NF Yagi 9 element 10 0 Fixed 20 cm 0 0 6 A24 Y10NF Yagi 10 element 11 0 Fixed 20 cm 0 1 7 A24 Y12NF Yagi 12 element 12 0 Fixed 20 cm 0 2 8 A24 Y13NF ...

Page 282: ...bile 20 cm 0 0 0 A24 F5NF Omni directional Fiberglass base station 5 0 Fixed Mobile 20 cm 0 0 0 A24 F8NF Omni directional Fiberglass base station 8 0 Fixed 20 cm 0 0 0 A24 F9NF Omni directional Fiberglass base station 9 5 Fixed 20 cm 0 0 1 5 A24 F10NF Omni directional Fiberglass base station 10 0 Fixed 20 cm 0 0 2 5 A24 F12NF Omni directional Fiberglass base station 12 0 Fixed 20 cm 0 0 4 5 A24 F1...

Page 283: ...0 A24 HABSM Dipole Articulated RPSMA 2 1 Fixed 20 cm 0 0 0 A24 HABUF P5I Dipole Half wave articulated bulkhead mount U FL w 5 pigtail 2 1 Fixed 20 cm 0 0 0 A24 HASM 525 Dipole Half wave articulated RPSMA 5 25 2 1 Fixed 20 cm 0 0 0 Panel class antennas A24 P8SF Flat Panel 8 5 Fixed 20 cm 0 0 5 5 A24 P8NF Flat Panel 8 5 Fixed 20 cm 0 0 5 5 A24 P13NF Flat Panel 13 0 Fixed 20 cm 0 2 10 A24 P14NF Flat ...

Page 284: ...XBee XBee PRO ZigBee RF Modules non PRO variants have been tested for use in several European countries For a complete list refer to www digi com resources certifications If the XBee XBee PRO ZigBee RF Modules are incorporated into a product the manufacturer must ensure compliance of the final product with articles 3 1a and 3 1b of the Radio Equipment Directive A Declaration of Conformity must be ...

Page 285: ... possible on account of the nature of the apparatus n The CE marking must be affixed visibly legibly and indelibly Important note Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market Refer to the radio regulatory agency in the desired countries of operation for more information Declarations of conformity Digi has i...

Page 286: ... FCC Part 15 Sub B and Industry Canada accepts FCC test report or CISPR 22 test report for compliance with ICES 003 Note Legacy XBee PRO SMT Model PRO S2C hardware version 21xx has IC 1846A XBPS2C For XBee ZB through hole Contains Model S2CTH Radio IC 1846A S2CTH The integrator is responsible for its product to comply with IC ICES 003 FCC Part 15 Sub B Unintentional Radiators ICES 003 is the same ...

Page 287: ...m all persons and must not be co located or operating in conjunction with any other antenna or transmitter ATTENTION Cet équipement est approuvé pour la mobile et la station base dispositifs d émission seulement Antenne s utilisé pour cet émetteur doit être installé pour fournir une distance de séparation d au moins 20 cm à partir de toutes les personnes et ne doit pas être situé ou fonctionner en...

Page 288: ...l products with EMC and radio communications must have registered RCM and R NZ marks Registration to use the compliance mark will only be accepted from Australia or New Zealand manufacturers or importers or their agents In order to have a RCM or R NZ mark on an end product a company must comply with a or b below a have a company presence in Australia or New Zealand b have a company distributor age...

Page 289: ...Regulatory information ANATEL Brazil XBee XBee PRO S2C ZigBee RF Module 289 ...

Page 290: ...Regulatory information ANATEL Brazil XBee XBee PRO S2C ZigBee RF Module 290 ...

Page 291: ...ole device you can place the label on the reverse side Recommended label material Abraham Technical 700342 MFG P N TAAE 014250 The label size is 15 9 mm x 15 9 mm 0 625 in x 0 625 in The complete label information is as follows The KCC logo must be at least 5 mm tall The text shown in the label is 1 모델명 XBee S2C TH 2 인증번호 MSIP CRM DIG XBee S2C TH 3 인증자상호 DIGI INTERNATIONAL INC 4 제조자 제조국가 DIGI INTE...

Page 292: ...For the surface mount version the label will overlay the existing product label CAUTION By placing a label over the existing label the certifications for Europe CE Australia New Zealand RCM and Japan will no longer apply Recommended label material Abraham Technical TELT 000465 The label size is 15 9 mm x 20 3 mm 0 625 in x 0 8 in The complete label information is as follows ...

Page 293: ...ogo must be at least 5 mm tall The text shown in the label is 1 모델명 XBee S2C 2 인증번호 MSIP CRM DIG XBee S2C 3 인증자상호 DIGI INTERNATIONAL INC 4 제조자 제조국가 DIGI INTERNATIONAL INC 미국 If the label size does not accommodate the required content you can use the abbreviated information as follows ...

Page 294: ...Regulatory information South Korea XBee XBee PRO S2C ZigBee RF Module 294 The KCC logo must be at least 5 mm tall The text shown in the label is 인증번호 MSIP CRM DIG XBee S2C ...

Page 295: ...e designed to be compatible and offer the same basic feature set As mentioned previously the surface mount form factor has more I O pins This section provides information to help users migrate from the surface mount to the Through hole form factor Pin mapping 296 Mounting 297 XBee XBee PRO S2C ZigBee RF Module 295 ...

Page 296: ...ames are from the S2C SMT device SMT Pin Name TH Pin 1 GND 2 VCC 1 3 DOUT DIO13 2 4 DIN CONFIG DIO14 3 5 DIO12 4 6 RESET 5 7 RSSI PWM DIO10 6 8 PWM1 DIO11 7 9 reserved 8 10 DTR SLEEP_RQ DIO8 9 11 GND 10 12 SPI_ATTN BOOTMODE DIO19 13 GND 14 SPI_CLK DIO18 15 SPI_SSEL DIO17 16 SPI_MOSI DIO16 17 SPI_MISO DIO15 18 reserved 19 reserved 20 reserved 21 reserved 22 GND 23 reserved 24 DIO4 11 25 CTS DIO7 12...

Page 297: ...19 33 AD0 DIO0 20 34 reserved 35 GND 36 RF 37 reserved Mounting One important difference between the surface mount and the through hole devices is how they mount to the PCB Different mounting techniques are required We designed a footprint that allows either device to be attached to a PCB as shown in the following diagram The dimensions without brackets are in inches and those in brackets are in m...

Page 298: ...design and the semi oval pads are for the surface mount design Pin 1 of the through hole design lines up with pad 1 of the surface mount design but the pins are actually offset by one pad see Pin mapping By using diagonal traces to connect the appropriate pins the layout works for both modules For information on attaching the SMT device see Manufacturing information ...

Page 299: ...Bee RF Module is designed for surface mount on the OEM PCB It has castellated pads to allow for easy solder attach inspection The pads are all located on the edge of the device so there are no hidden solder joints on these devices Recommended solder reflow cycle 300 Recommended footprint 300 Flux and cleaning 302 Reworking 302 ...

Page 300: ...sture Sensitive Devices When using this kind of device consider the relative requirements in accordance with standard IPC JEDEC J STD 020 In addition note the following conditions a Calculated shelf life in sealed bag 12 months at 40 C and 90 relative humidity RH b Environmental condition during the production 30 C 60 RH according to IPC JEDEC J STD 033C paragraphs 5 through 7 c The time between t...

Page 301: ... set the placement speed to the slowest setting While the underside of the device is mostly coated with solder resist we recommended the copper layer directly below the device be left open to avoid unintended contacts Copper or vias must not interfere with the three exposed RF test points on the bottom of the device as shown in the following diagram These devices have a ground plane in the middle ...

Page 302: ...ctory recommended best practice is to use a no clean solder paste to avoid these issues and ensure proper device operation Reworking Never perform rework on the device itself The device has been optimized to give the best possible performance and reworking the device itself will void warranty coverage and certifications We recognize that some customers choose to rework and void the warranty The fo...

Page 303: ...Load ZigBee firmware on 802 15 4 devices Background 304 Load ZB firmware 305 XBee XBee PRO S2C ZigBee RF Module 303 ...

Page 304: ...aland Brazil and Japan XBee PRO S2C ZigBee USA Canada Australia New Zealand and Brazil XBee S2C 802 15 4 USA Canada Europe XBee PRO S2C 802 15 4 USA Canada CAUTION The antenna cable loss requirements for the 802 15 4 firmware are different than the ZigBee firmware for gain antennas exceeding 2 1 dBi If you migrate an 802 15 4 device to ZigBee firmware and are using gain antennas you must adhere to...

Page 305: ... above 2 Install the device in a Digi development board and connect it to your PC 3 The next steps involve loading firmware using XCTU To download XCTU and read detailed instructions about it go to http www digi com products xbee rf solutions xctu software xctu 4 When you get to the Update firmware dialog box in the Function set area click the ZIGBEE option and the newest firmware version 5 Click ...

Page 306: ...dinator per PAN n Establishes Organizes PAN n Can route data packets to from other nodes n Can be a data packet source and destination n Mains powered Refer to ZigBee coordinator operation for more information Router A node that creates maintains network information and uses this information to determine the best route for a data packet A router must join a network before it can allow other router...

Page 307: ...gned to a node after it has joined to another node The coordinator always has a network address of 0 Operating channel The frequency selected for data communications between nodes The operating channel is selected by the coordinator on power up Energy scan A scan of RF channels that detects the amount of energy present on the selected channels The coordinator uses the energy scan to determine the ...

Reviews:

No comments