Telegesis (UK) Limited
TG-ETRXn-UG-01-103
27
User Guide
1.04
ETRX1 and ETRX2
©2008 Telegesis (UK) Ltd
ETRXn User Guide (Rev 1.04)
With the meshing stack EmberZNet2.x the coordinator is free to leave the network once it is
established. So, for example, the coordinator could be a PDA or laptop used to set up the network
and if it is configured as a trust centre and all other nodes are set up accordingly, then no
additional nodes are allowed to join once the network has been set up and the coordinator
removed.
Alternatively joining can be simply disabled by altering the settings of the main function register.
As the main function register contains security relevant settings, this register is password protected
in the same way as the encryption key, the OEM word and the password itself. These registers
can be written locally as well as over the air provided the user knows the password.
Looking at register S06 in more detail it can be seen that by default bits 2 and 3 are set allowing
new nodes to join both secured as well as unsecured via the local node. This is the most flexible
way and is ideally suited to initiating a network quickly.
If for example only bit 0 was set on all nodes in the network, a device trying to join would require to
already know the network‟s key (in S03) and have bit 4 set in order to use that key when
requesting to join. Any node receiving the request to join will pass this request on to the
coordinator, which in this configuration is the only device which is allowed to let the new device
join.
However if only bit 1 was set on all devices the new device can join unsecured. This means that
bit 4 does not have to be set on the joining device and the joining device doesn‟t need to know the
network‟s key in order to join. The joining device will request to join without using encryption and
the coordinator (trust centre) will pass the network‟s encryption key to the new node when allowing
it to join. This method is less secure as the encryption key is passed over the air and could be
intercepted.
To avoid requiring the coordinator in order to let a new node join the network this decision can also
be made by any routing node (FFD) in the same way, given that bit 2 or bit 3 respectively is set on
all nodes in the network.
When setting bit 11 on all nodes in the network, joining is no longer possible. The only chance of
admitting a new node to join the PAN with bit 11 of S06 set, is the built in functionality 0017, which
when triggered (as described in section 10) will allow joining for 60 seconds. This allows a
scenario in which a user pushes a button on an existing node to allow other nodes to join the
network and then pushes a button on the new node for it to join the network.
9 Network commissioning
In most cases it is sufficient to command one device to establish a PAN, after which the other
devices will join it automatically. As mentioned in section 2, it may be necessary to disassociate
devices from a pre-existing PAN first. A particular situation has arisen when some users are using
a pre-defined radio channel and PAN ID as follows:
All the user‟s devices are given a chosen radio channel and PAN ID. At each installation, one
device is commanded to establish a PAN. In the factory, there is also a PAN for configuring the
devices; modules join this PAN, are powered down without being disassociated from the PAN and
are delivered to site in that state. It is assumed that when powered up they will immediately
communicate with the local coordinator, since they are already in a PAN with the correct
parameters, but in fact they are found to be completely out of contact with the rest of the network.
The cause of this problem is the security key in register S03. When left with its default value of all-
zeros, the key chosen by the coordinator is not all-zeros but a random value. Therefore devices
commissioned in the factory are almost certain to have a different key from the ones at each site
and so cannot communicate with the local coordinator. The key is always used for message
encryption even if secured joining is not in effect.