Digi XBS2C XBee ZB module User Manual XBee S2C Users Manual

Digi International Inc XBee ZB module XBee S2C Users Manual

UserManual.wiki >

Digi >

XBS2C User Manual HTML Version

User Manual

XBee®/XBee‐PRO® SMT ZB RF Modules

XBee®/XBee-PRO® SMT ZB RF Modules

This manual describes the operation of the XBee® /XBee-PRO® SMT ZB RF module, which consists of ZigBee

firmware loaded onto XBee® S2C and S2C PRO hardware. The XBee® /XBee-PRO® SMT ZB RF Modules are

designed to operate within the ZigBee protocol and support the unique needs of low-cost, low-power wireless

sensor networks. The modules require minimal power and provide reliable delivery of data between remote

devices. The modules operate within the ISM 2.4 GHz frequency band.

Digi International Inc.

11001 Bren Road East

Minnetonka, MN 55343 877 912-3444 or 952 912-3444

XBee®/XBee‐PRO® SMT ZB RF Modules

http://www.digi.com

No part of the contents of this manual may be transmitted or reproduced in any form or by any means without the

written permission of Digi International, Inc.

ZigBee® is a registered trademark of the ZigBee Alliance.

XBee® and XBee-PRO® are registered trademarks of Digi International, Inc.

Technical Support: Phone: (866) 765-9885 toll-free U.S.A. & Canada

(801) 765-9885 Worldwide

8:00 am - 5:00 pm [U.S. Mountain Time]

Live Chat: www.digi.com

Online Support: http://www.digi.com/support/eservice/login.jsp

Email: rf-experts@digi.com

XBee®/XBee‐PRO® SMT ZB RF Modules

Contents

1. Overview ....................................................................................................................................... 13

Specifications .................................................................................................................................... 13

General Specifications ................................................................................................................... 13

RF Specifications ............................................................................................................................ 13

Electrical Specifications .................................................................................................................. 14

Environmental Specifications ......................................................................................................... 14

Serial Communications Specifications ............................................................................................ 14

Network and Security .................................................................................................................... 15

GPIO Specifications ........................................................................................................................ 15

Agency Approvals .......................................................................................................................... 16

Hardware Specifications for Programmable Variant ....................................................................... 16

What’s New ....................................................................................................................................... 17

Firmware ....................................................................................................................................... 17

Manual .......................................................................................................................................... 17

Pin Signals ......................................................................................................................................... 18

EM357 Pin Mappings ......................................................................................................................... 19

Design Notes ..................................................................................................................................... 19

Power Supply ................................................................................................................................. 19

Recommended Pin Connections..................................................................................................... 20

Board Layout ................................................................................................................................. 20

Module Operation for Programmable Variant ................................................................................ 23

XBEE Programmable Bootloader ........................................................................................................ 25

Overview ....................................................................................................................................... 25

Bootloader Software Specifics........................................................................................................ 25

Bootloader Menu Commands ........................................................................................................ 30

Firmware Updates ......................................................................................................................... 31

Output File Configuration .............................................................................................................. 32

1. RF Module Operation .................................................................................................................... 33

Serial Communications ...................................................................................................................... 33

UART Communications .................................................................................................................. 33

SPI Communications ...................................................................................................................... 34

XBee®/XBee‐PRO® SMT ZB RF Modules

Serial Buffers ................................................................................................................................. 35

Serial Flow Control ......................................................................................................................... 36

Serial Interface Protocols ............................................................................................................... 36

Modes of Operation .......................................................................................................................... 39

Idle Mode ...................................................................................................................................... 39

Transmit Mode .............................................................................................................................. 39

Receive Mode ................................................................................................................................ 40

Command Mode ............................................................................................................................ 40

Sleep Mode ................................................................................................................................... 42

3. XBee ZigBee Networks ....................................................................................................................... 43

Introduction to ZigBee ....................................................................................................................... 43

ZigBee Stack Layers............................................................................................................................ 43

Networking concepts ......................................................................................................................... 43

Device Types .................................................................................................................................. 43

PAN ID ........................................................................................................................................... 44

Operating Channel ......................................................................................................................... 45

ZigBee Application Layers: In Depth ................................................................................................... 45

Application Support Sublayer (APS) ................................................................................................ 45

Application Profiles ........................................................................................................................ 45

Clusters ......................................................................................................................................... 46

Endpoints ...................................................................................................................................... 46

ZigBee Device Profile ..................................................................................................................... 47

ZigBee Device Objects (ZDO) .......................................................................................................... 47

Coordinator Operation ...................................................................................................................... 47

Forming a Network ........................................................................................................................ 47

Channel Selection .......................................................................................................................... 47

PAN ID Selection ............................................................................................................................ 47

Security Policy ............................................................................................................................... 47

Persistent Data .............................................................................................................................. 47

XBee ZB Coordinator Startup ............................................................................................................. 48

Permit Joining ................................................................................................................................ 49

Resetting the Coordinator .............................................................................................................. 49

XBee®/XBee‐PRO® SMT ZB RF Modules

Leaving a Network ......................................................................................................................... 49

Replacing a Coordinator (Security Disabled Only) ........................................................................... 50

Example: Starting a Coordinator .................................................................................................... 50

Example: Replacing a Coordinator (security disabled) .................................................................... 51

Router Operation .............................................................................................................................. 51

Discovering ZigBee Networks ........................................................................................................ 51

Joining a Network ......................................................................................................................... 51

Authentication .............................................................................................................................. 52

Persistent Data .............................................................................................................................. 52

XBee ZB Router Joining ................................................................................................................. 52

Permit Joining ............................................................................................................................... 53

Joining Always Enabled ................................................................................................................. 53

Joining Temporarily Enabled ......................................................................................................... 53

Router Network Connectivity ........................................................................................................ 53

Leaving a Network ........................................................................................................................ 55

Resetting the Router ..................................................................................................................... 56

Example: Joining a Network ......................................................................................................... 56

End Device Operation ....................................................................................................................... 56

Discovering ZigBee Networks ........................................................................................................ 56

Joining a Network ......................................................................................................................... 57

Parent Child Relationship .............................................................................................................. 57

End Device Capacity ...................................................................................................................... 57

Authentication .............................................................................................................................. 57

Persistent Data .............................................................................................................................. 57

Orphan Scans ................................................................................................................................ 57

XBee: ZB End Device Joining .......................................................................................................... 57

Parent Connectivity ....................................................................................................................... 58

Resetting the End Device .............................................................................................................. 59

Leaving a Network ........................................................................................................................ 59

Example: Joining a Network .......................................................................................................... 59

Channel Scanning .............................................................................................................................. 60

Managing Multiple ZigBee Networks ................................................................................................ 60

XBee®/XBee‐PRO® SMT ZB RF Modules

Pan ID Filtering.................................................................................................................................. 60

Preconfigured Security Keys .......................................................................................................... 60

Permit Joining ............................................................................................................................... 60

Application Messaging .................................................................................................................. 60

4. Transmission, Addressing, and Routing ............................................................................................ 62

Addressing ........................................................................................................................................ 62

64-bit device Address .................................................................................................................... 62

16-bit Device Address ................................................................................................................... 62

Application Layer Addressing ........................................................................................................ 62

Data Transmission ......................................................................................................................... 62

Broadcast Transmissions ............................................................................................................... 62

Unicast Transmissions ................................................................................................................... 63

DATA Transmission Examples ....................................................................................................... 65

RF Packet Routing ............................................................................................................................. 66

Link Status Transmission ................................................................................................................... 67

AODV Mesh Routing ......................................................................................................................... 68

Many-to-One Routing ....................................................................................................................... 70

Source Routing .................................................................................................................................. 71

Acquiring Source Routes ............................................................................................................... 72

Storing Source Routes ....................................................................................................................... 72

Sending a Source Routed Transmission ......................................................................................... 72

Repairing Source Routes ............................................................................................................... 73

Retries and Acknowledgments ...................................................................................................... 73

Encrypted Transmissions .................................................................................................................. 74

Maximum RF Payload Size ................................................................................................................ 74

Throughput ....................................................................................................................................... 74

ZDO Transmissions ............................................................................................................................ 75

ZigBee Device Objects (ZDO) ......................................................................................................... 75

Sending a ZDO Command .............................................................................................................. 76

Receiving ZDO Commands and Responses .................................................................................... 76

Transmission Timeouts ..................................................................................................................... 77

Unicast Timeout ............................................................................................................................ 78

XBee®/XBee‐PRO® SMT ZB RF Modules

Extended Timeout ......................................................................................................................... 78

Transmission Examples ................................................................................................................. 79

5. Security ......................................................................................................................................... 81

Security Modes ................................................................................................................................. 81

ZigBee Security Model ...................................................................................................................... 81

Network Layer Security ................................................................................................................. 81

Frame Counter .............................................................................................................................. 82

Message Integrity code ................................................................................................................. 82

Network Layer Encryption and Decryption ................................................................................... 82

Network Key Updates ................................................................................................................... 82

APS Layer Security ......................................................................................................................... 82

Message Integrity Code ................................................................................................................. 83

APS Link Keys ................................................................................................................................ 83

APS Layer Encryption and Decryption ........................................................................................... 83

Network and APS Layer Encryption ............................................................................................... 83

Trust Center .................................................................................................................................. 84

Forming and Joining a secure Network ......................................................................................... 84

Implementing Security on the XBee .................................................................................................. 84

Enabling Security ........................................................................................................................... 84

Setting the Network Security Key ................................................................................................. 85

Setting the APS Trust Center Link Key ........................................................................................... 85

Enabling APS Encryption ............................................................................................................... 85

Using a Trust Center ...................................................................................................................... 85

XBee Security Examples .................................................................................................................... 86

Example 1: Forming a network with security (pre-configured link keys) ....................................... 86

Example 1: Forming a network with security (obtaining keys during joining) ............................... 86

6. Network Commissioning and Diagnostics ..................................................................................... 88

Device Configuration......................................................................................................................... 88

Device Placement ............................................................................................................................. 88

Link Testing ................................................................................................................................... 88

RSSI Indicators .............................................................................................................................. 89

Device Discovery ............................................................................................................................... 89

XBee®/XBee‐PRO® SMT ZB RF Modules

Network Discovery ........................................................................................................................ 89

ZDO Discovery ............................................................................................................................... 89

Joining Announce .......................................................................................................................... 89

Commissioning Pushbutton and Associate LED ................................................................................. 89

Commissioning Pushbutton .......................................................................................................... 90

Associate LDE ................................................................................................................................ 90

7. Managing End Devices .................................................................................................................. 93

End Device Operation ....................................................................................................................... 93

Parent Operation .............................................................................................................................. 93

End Device Poll Timeouts .............................................................................................................. 94

Packet Buffer Usage ...................................................................................................................... 94

Non-Parent Device Operation ........................................................................................................... 94

XBee End Device Configuration ......................................................................................................... 95

Pin Sleep ....................................................................................................................................... 95

Cyclic Sleep ................................................................................................................................... 97

Transmitting RF Data................................................................................................................... 100

Receiving RF Data ........................................................................................................................ 100

IO Sampling ................................................................................................................................. 101

Waking End Devices with the Commissioning Pushbutton.......................................................... 101

Parent Verification ...................................................................................................................... 101

Rejoining ..................................................................................................................................... 101

XBee Router/Coordinator Configuration......................................................................................... 101

RF Packet Buffering Timeout ....................................................................................................... 102

Child Poll Timeout ....................................................................................................................... 102

Transmission Timeout ................................................................................................................. 102

Putting it all Together ..................................................................................................................... 102

Short Sleep Periods ..................................................................................................................... 102

Extended Sleep Periods ............................................................................................................... 103

Sleep Examples ............................................................................................................................... 103

Configure a device to sleep for 20 seconds, but set SN such that the On/Sleep line will remain

deasserted for up to 1 minute. .................................................................................................... 103

XBee®/XBee‐PRO® SMT ZB RF Modules

Configure an end device to sleep for 20 seconds, send 4 IO samples in 2 seconds, and return to

sleep. .......................................................................................................................................... 103

Configure a device for extended sleep: to sleep for 4 minutes. .................................................. 104

8. XBee Analog and Digital IO Lines................................................................................................. 105

IO Configuration.............................................................................................................................. 105

IO Sampling ..................................................................................................................................... 106

Queried Sampling........................................................................................................................ 107

Periodic IO Sampling ................................................................................................................... 108

Change Detection Sampling ........................................................................................................ 108

RSSI PWM ....................................................................................................................................... 108

IO Examples .................................................................................................................................... 109

Example 1: Configure the following IO settings on the XBee....................................................... 109

Example 2: Calculate the PWM counts for a packet received with an RSSI of -84dBm. ............... 109

Example 3: Configure the RSSI/PWM pin to operate for 2 seconds after each received RF packet.

.................................................................................................................................................... 109

9. API Operation ............................................................................................................................. 110

API Frame Specifications ................................................................................................................. 110

API Operation (AP parameter = 1) ............................................................................................... 110

API Operation-with Escape Characters (AP parameter = 2) ......................................................... 110

API Examples ............................................................................................................................... 112

API UART and SPI Exchanges ........................................................................................................... 112

AT Commands ............................................................................................................................. 112

Transmitting and Receiving RF Data ............................................................................................ 113

Remote AT commands ................................................................................................................ 113

Source Routing ............................................................................................................................ 114

Supporting the API .......................................................................................................................... 114

API Frames ...................................................................................................................................... 115

AT Command............................................................................................................................... 115

AT Command-Queue Parameter Value ....................................................................................... 115

ZigBee Transmit Request............................................................................................................. 116

Explicit Addressing ZigBee Command Frame ............................................................................... 118

Remote AT Command Request ................................................................................................... 120

XBee®/XBee‐PRO® SMT ZB RF Modules

Create Source Route ................................................................................................................... 120

AT Command Response .............................................................................................................. 122

Modem Status ............................................................................................................................. 122

ZigBee Transmit Status ................................................................................................................ 123

ZigBee Receive Packet ................................................................................................................. 124

ZigBee Explicit RX Indicator ......................................................................................................... 125

ZigBee IO Data Sample RX Indicator ............................................................................................ 126

XBee Sensor Read Indicator ........................................................................................................ 127

Node Identification Indicator ...................................................................................................... 129

Remote Command Response ...................................................................................................... 130

Over-the-Air Firmware Update Status......................................................................................... 131

Route Record Indicator ............................................................................................................... 132

Many-to-One Route Request Indicator ....................................................................................... 133

Sending ZigBee device objects (ZDO) Commands with the API ................................................... 134

Sending ZigBee Cluster Library (ZCL) Commands with the API .................................................... 136

Sending Public Profile Commands with the API .......................................................................... 139

10. XBee Command Reference Tables ........................................................................................... 142

Addressing ...................................................................................................................................... 142

Networking ..................................................................................................................................... 143

Security ........................................................................................................................................... 145

RF Interfacing .................................................................................................................................. 146

Serial Interfacing ............................................................................................................................. 148

Serial Interfacing ............................................................................................................................. 149

Diagnostics Interfacing .................................................................................................................... 152

AT Command Options ..................................................................................................................... 153

Sleep Commands ............................................................................................................................ 153

Execution Commands ..................................................................................................................... 154

11. Module Support ...................................................................................................................... 156

X-CTU Configuration Tool ................................................................................................................ 156

Customizing XBee ZB Firmware....................................................................................................... 156

Design Considerations for Digi Drop-In Networking ........................................................................ 156

XBee Bootloader ............................................................................................................................. 156

XBee®/XBee‐PRO® SMT ZB RF Modules

Programming XBee Modules........................................................................................................... 157

Serial Firmware Updates ............................................................................................................. 157

Invoke XBee Bootloader .............................................................................................................. 157

Send Firmware Image ................................................................................................................. 157

Writing Custom Firmware ............................................................................................................... 158

Regulatory Compliance ............................................................................................................... 158

Configuring GPIOs ....................................................................................................................... 159

Detecting XBee vs. XBee-PRO...................................................................................................... 159

12. Agency Certifications ............................................................................................................... 160

United States FCC ............................................................................................................................ 160

OEM Labeling Requirements ....................................................................................................... 160

FCC Notices ................................................................................................................................. 160

FCC-Approved Antennas (2.4 GHz) .............................................................................................. 161

RF Exposure................................................................................................................................. 164

Europe (ETSI) ................................................................................................................................... 165

OEM Labeling Requirements ....................................................................................................... 165

Restrictions ................................................................................................................................. 165

Declarations of Conformity ......................................................................................................... 165

Approved Antennas .................................................................................................................... 166

XBee RF Module .......................................................................................................................... 166

Canada (IC) ...................................................................................................................................... 167

Transmitters with Detachable Antennas ..................................................................................... 167

Detachable Antenna ................................................................................................................... 167

Australia (C-Tick) ............................................................................................................................. 167

13. Migrating from XBee S2B to XBee S2C .................................................................................... 168

Pin Mapping .................................................................................................................................... 168

Mounting ........................................................................................................................................ 168

14. Manufacturing Information ..................................................................................................... 170

Recommended Solder Reflow Cycle ................................................................................................ 170

Recommended Footprint ................................................................................................................ 171

Flux and Cleaning ............................................................................................................................ 171

Reworking ....................................................................................................................................... 172

XBee®/XBee‐PRO® SMT ZB RF Modules

15. Warranty Information ............................................................................................................. 173

1-Year Warranty ............................................................................................................................. 173

Appendix A: Definitions ..................................................................................................................... 174

Definitions ...................................................................................................................................... 174

ZigBee Node Types ...................................................................................................................... 174

ZigBee Protocol ........................................................................................................................... 175

XBee®/XBee‐PRO® SMT ZB RF Modules

1. Overview

XBee® and XBee-PRO® S2C SMT ZB embedded RF modules provide wireless connectivity to end-point

devices in ZigBee mesh networks. Utilizing the ZigBee PRO Feature Set, these modules are interoperable

with other ZigBee devices, including devices from other vendors. With XBee, users can have their ZigBee

network up-and-running in a matter of minutes without configuration or additional development. The

programmable XBee® and XBee-PRO® S2C SMT ZB modules incorporate a Freescale SO8 microprocessor

for customization and application development.

XBee® and XBee-PRO® ZB Modules are compatible with other devices that use XBee® “ZB" technology.

These include ConnectPort X gateways, XBee® and XBee-PRO® Adapters, XBee Wall Routers, XBee

Sensors, and other products when designated with the "ZB" product name. Devices that do not have the

"ZB" product name, including Digi's line of DigiMesh and 802.15.4 XBee products, are not compatible with

XBee® and XBee-PRO® ZB Modules.

Network interoperability with ZigBee devices from other vendors requires that the ZigBee Feature Set or

ZigBee PRO Feature Set be deployed on all devices. Contact Digi Support for details.

Specifications

General Specifications

Specification XBee (S2C) XBee-PRO (S2C)

Performance

Dimensions 0.866 X 1.3" (2.199 X 3.302 cm)

Operating Temperature -40 to 85° C (Industrial)

Antenna Options RF Pad, PCB Antenna, or U.FL Connector

RF Specifications

Specification XBee

(S2C) XBee-PRO

(S2C)

Performance

Frequency ISM 2.4-2.5GHz

Number of Channels 16 Direct Sequence Channels 16

Channels 11 to 26 11 to 26

Adjustable Power Yes

Interface immunity DSSS (Direct Sequence Spread Spectrum)

Indoor/Urban Range 200 ft 300 Ft

Outdoor RF line-of-sight

Range up to 4000 ft (1200m) Up to 2 miles

Transmit Power Output

3mW (8dBm) Boost mode,

2mW (3dBm) Normal mode

Channel 26 max power is 3dBm

360mW (18dBm)

XBee®/XBee‐PRO® SMT ZB RF Modules

RF Data Rate 250,000 bps

Receiver Sensitivity -

102dBm, Boost mode

-100dBm, Normal mode

-101dBm, Boost mode

99dBm, Normal mode

Electrical Specifications

Specification XBee

(S2C) XBee-PRO

(S2C)

Performance

Supply Voltage

2.1

3.6 V

2.2 – 3.6V for Programmable

Version

2.7 -3.6V

Operating Current

(transmit, max output power)

45mA (@3.3V Boost mode

)

33mA (@3.3V, Normal mode) 100mA at 18dBm

Operating Current

(Receive)

31mA

(@3.3V Boost mode)

28mA (@3.3V, Normal mode)

Idle Current (Receiver off) 9mA 9mA

Power-down Current <1uA @25C <1uA @ 25C

Environmental Specifications

Specification XBee (S2C) XBee-PRO (S2C)

Performance

ESD 3000 V HBM >4000 V HBM

MSL 3 3

ROHS Compliant

Serial Communications Specifications

The XBee® /XBee-PRO® SMT ZB RF modules support both UART (Universal Asynchronous

Receiver/Transmitter) and SPI (Serial Peripheral Interface, in master or slave mode) serial connections.

UART

The SC1 (Serial Communication Port 1) of the Ember 357 is connected to the UART port.

UART Pin Assignments

Specification XBee (S2C) XBee-PRO (S2C)

UART Pins Module Pin Number

DOUT 3

DIN/nCONFIG 4

nCTS/DIO7 25

nRTS/DIO6 29

XBee®/XBee‐PRO® SMT ZB RF Modules

More information on UART operation is found in the UART section in chapter 2

SPI

The SC2 (Serial Communication Port 2) of the Ember 357 is connected to the SPI port.

SPI Pin Assignments

Specification XBee (S2C) XBee-PRO (S2C)

SPI Pins Module Pin Number

SPI_SCLK/DIO18 14

SPI_nSSEL/DIO17 15

SPI_MOSI/DIO16 16

SPI_MISO/DIO15 17

For more information on SPI operation see the SPI section in chapter 2

Network and Security

Specification XBee (S2C) XBee-PRO (S2C)

Performance

Supported Network

Topologies

Point-to-point, Point-to-multipoint,

Peer-to-peer, and Mesh

Addressing Options

PAN ID and Addresses, Cluster IDs

and Endpoints (optional)

GPIO Specifications

The XBee® /XBee-PRO® SMT ZB RF modules have 16 GPIO (General Purpose Input Output) ports available.

Those available will depend on the module configuration as some GPIO pads are consumed by serial

communication, etc.

See GPIO section for more information on configuring and using GPIO ports

Electrical Specification for GPIO pads

Specification XBee (S2C) XBee-PRO (S2C)

Performance Module Pin Number

Voltage Supply 2.1 to 3.6V

Low Schmitt switching

threshold 0.42 to 0.5 X VDD

High Schmitt switching

threshold 0.62 to 0.8 X VDD

Input current for logic 0 -0.5uA

Input current for logic 1 0.5uA

Input pull-up resistor value 29kΩ

XBee®/XBee‐PRO® SMT ZB RF Modules

Input pull-down resistor value 29kΩ

Output voltage for logic 0 0.18 X VDD (Max)

Output voltage for logic 1 0.82 X VDD (Min)

Output source current for pad

numbers 3, 4, 5, 10, 12, 14,

16, 17, 26, 28, 29, 30, and 32

4mA

Output sink current for pad

numbers 3, 4, 5, 10, 12, 14,

16, 17, 26, 28, 29, 30, and 33

4mA

Output source current for pad

numbers 7,8,24,31, and 33 8mA

Output sink current for pad

numbers 7,8,24,31, and 34 8mA

Total output current (for I/O

Pads) 40mA

Agency Approvals

Specification XBee (S2C) XBee-PRO (S2C)

Performance

United States (FCC Part

15.247) FCC ID: MCQ-XBS2C FCC ID: MCQ-XBPS2C

Industry Canada (IC) IC: 1846A-XBS2C IC: 1846A-XBPS2C

Europe (DC) ETSI

Australia C-Tick C-Tick

Japan Pending

FCC Approval (USA) Refer to Chapter 12 FCC Requirements. Systems that contain XBee®/ XBee-PRO® ZB RF Modules inherit Digi

Certifications.

Hardware Specifications for Programmable Variant

The following specifications need to be added to the current measurement of the previous table if the module

has the programmable secondary processor. For example, if the secondary processor is running and constantly

collecting DIO samples at a rate while having the RF portion of the XBEE sleeping the new current will be I total

= Ir2 + Is. Where Ir2 is the runtime current of the secondary processor and is the sleep current of the RF

portion of the module of the XBEE-PRO (S2B) listed in the table below.

Specifications of the programmable secondary processor

XBee®/XBee‐PRO® SMT ZB RF Modules

Optional Secondary Processor Specification

These numbers add to S2C

specifications (Add to RX, TX and Sleep

currents depending on mode of

operation)

Runtime current for 32K

running at 20MHz

+14mA

Runtime current for 32K running at 1MHz

+1mA

Sleep current

+0.5uA typical

For additional Specifications see Freescale

Datasheet and Manual

MC9S08QE32

Minimum Reset low pulse time for EM357

26uS

VREF Range

1.8VDC to VCC

What’s New

Firmware

Manual

XBee®/XBee‐PRO® SMT ZB RF Modules

Pin Signals

Pin Assignments for the XBee S2C and XBee S2C Pro modules

(Low-asserted signals are distinguished with a lower case n before the signal name.)

Pin # Name Direction Default State Description

1 GND - - Ground

2 VCC - - Power Supply

3 DOUT/DIO13 Both Output Uart Data out/GPIO

4 Din/nConfig/DIO14 Both Input Uart Data In/GPIO

5 DIO12 Both GPIO

6 nRESET Both Module Reset

7 RSSI PWM/ DIO10 Both RX Signal Strength Indicator/ GPIO

8 PWM1/DIO11 Both Pulse Width Modulator/GPIO

9 reserved - Disabled Do Not Connect

10 nDTR/SLEEP_RQ/DIO8 Both Input Pin Sleep Control line /GPIO

11 GND - - Ground

12 SPI_Attn/nBOOTMODE Output Output Serial Peripheral

Interface Attention

Do not tie low on reset

13 GND - - Ground

14 SPI_CLK/DIO18 Both Serial Peripheral Interface Clock/GPIO

15 SPI_nSSEL/DIO17 Both Serial Peripheral Interface not

Select/GPIO

16 SPI_MOSI/DOI16 Both Serial Peripheral Interface Data

Input/GPIO

17 SPI_MOSO/DOI15 Both Serial Peripheral Interface Data

Output/GPIO

18 JTCK/SWCLK Input JTAG Clock/Serial Wire Clock

19 JTDO/SWO Output JTAG Data Output/Serial Wire Data

Output

20 JTDI Input JTAG Data Input

21 JTMS/SWDIO Both

22 GND - - Ground

23 reserved - Disabled Do Not Connect

24 DIO4 Both GPIO

25 nCTS/DIO7 Both Output Clear-to-Send Flow Control/GPIO

26 On /SLEEP/DIO9 Output Output Module Status Indicator/GPIO

27 VREF Input -

Not used for EM357. Used for

programmable

secondary processor.

For compatibility with other XBEE

modules, we

recommend connecting this pin to the

voltage reference

if Analog sampling is desired.

Otherwise, connect to GND.

28 Associate/DIO5 Both Output Associate Indicator/GPIO

29 nRTS/DIO6/SCLK2 Both Input Request-to-Send Flow Control/GPIO

30 AD3/DIO3 Both Analog Input/GPIO

31 AD2/DIO2 Both Analog Input/GPIO

32 AD0/DIO0 Both Analog Input/GPIO

33 AD1/DIO2 Both Analog Input/GPIO

34 reserved - Disabled Do Not Connect

35 GND - - Ground

36 RF Both - RF IO for RF Pad Variant

37 reserved - Disabled Do Not Connect

XBee®/XBee‐PRO® SMT ZB RF Modules

EM357 Pin Mappings

The Following table shows how the EM357 pins are used on the XBee.

EM357 Pin # EM357 Name XBee Pin # Other Usage

12 nRst 6 Programming

18 GPIO PB3 8

19 GPIO PA7 29

20 GPIO PB4 25

21 GPIO PA0/SC2MOSI 16

22 GPIO PA1/SC2MOSO 17

24 GPIO PA2/SC2SCLK 14

25 GPIO PA3/SC2nSSEL 15

26 GPIO PA4 32 Programming

27 GPIO PA5/nBOOTMODE 12 Programming

29 GPIO PA6 7

30 GPIO PB1 3

31 GPIO PB2 4

32 SWCLK,JTCK 18 Programming

33 GPIO PC2/JTDO/SWO 19 Programming

34 GPIO PC3/JTDI 20 Programming

35 GPIO PC4/JTMS/SWDIO 21 Programming

36 GPIO PB0 10

38 GPIO PC1 30

41 GPIO PB7,ADC2 31

42 GPIO PB6,ADC1 33

43 GPIO PB5,ADC0 Temp Sensor on PRO Version

NOTE: Some lines may not go to the external XBEE pads in the programmable secondary processor version

Design Notes

The XBee modules do not specifically require any external circuitry or specific connections for proper

operation. However, there are some general design guidelines that are recommended for help in

troubleshooting and building a robust design.

Power Supply

Poor power supply can lead to poor radio performance especially if the supply voltage is not kept within

tolerance or is excessively noisy. To help reduce noise a 1uF and 8.2pF capacitor are recommended to be

placed as near to pin1 on the PCB as possible. If using a switching regulator for your power supply, switching

frequencies above 500 kHz are preferred. Power supply ripple should be limited to a maximum 250mV peak to

peak.

XBee®/XBee‐PRO® SMT ZB RF Modules

Note – For designs using the programmable modules an additional 10uF decoupling cap is recommended near

pin 1 of the module. The nearest proximity to pin 1 of the 3 caps should be in the following order: 8.2pf, 1uF

followed by 10uF.

Recommended Pin Connections

The only required pin connections are VCC, GND, DOUT and DIN. To support serial firmware updates, VCC,

GND, DOUT, DIN, RTS, and DTR should be connected.

All unused pins should be left disconnected. All inputs on the radio can be pulled high with 30k internal pull-up

resistors using the PR software command. No specific treatment is needed for unused outputs.

For applications that need to ensure the lowest sleep current, inputs should never be left floating. Use internal

or external pull-up or pull-down resistors, or set the unused I/O lines to outputs.

Other pins may be connected to external circuitry for convenience of operation including the Associate LED

pad (pad 28) and the Commissioning pad (pad 33). The Associate LED pin will flash differently depending on

the state of the module to the network, and a pushbutton attached to pad 33 can enable various join

functions without having to send UART commands. Please see the commissioning pushbutton and associate

LED section in chapter 7 for more details. The source and sink capabilities are limited to 4mA for pad numbers

3, 4, 5, 10, 12, 14, 15, 16, 17, 25, 26, 28, 29, 30, and 32, and 8mA for pad numbers 7, 8, 24, 31, and 33 on the

module.

The VREF pin (pad 27) is not used on this module. For compatibility with other XBee modules, we recommend

connecting this pin to a voltage reference if analog sampling is desired. Otherwise, connect to GND.

Board Layout

XBee modules do not have any specific sensitivity to nearby processors, crystals or other PCB components.

Other than mechanical considerations, no special PCB placement is required for integrating XBee radios except

for those with integral antennas. In general, Power and GND traces should be thicker than signal traces and be

able to comfortably support the maximum currents.

The radios are also designed to be self sufficient and work with the integrated and external antennas without

the need for additional ground planes on the host PCB. However, considerations should be taken on the

choice of antenna and antenna location. Metal objects that are near an antenna cause reflections and may

reduce the ability for an antenna to efficiently radiate. Using an integral antenna in an enclosed metal box will

greatly reduce the range of a radio. For this type of application an external antenna would be a better choice.

External antennas should be positioned away from metal objects as much as possible. Metal objects next to

the antenna or between transmitting and receiving antennas can often block or reduce the transmission

distance. Some objects that are often overlooked are metal poles, metal studs or beams in structures,

concrete (it is usually reinforced with metal rods), metal enclosures, vehicles, elevators, ventilation ducts,

refrigerators and microwave ovens.

Antennas should reside above or away from any metal objects like batteries, tall electrolytic capacitors or

metal enclosures. Antenna elements radiate perpendicular to the direction they point. Thus a vertical

antenna emits across the horizon.

XBee®/XBee‐PRO® SMT ZB RF Modules

PCB Antennas should not have any ground planes or metal objects above or below the module at the antenna

location. For best results the module should be in a plastic enclosure, instead of metal one. It should be placed

at the edge of the PCB to which it is mounted. The ground, power and signal planes should be vacant

immediately below the antenna section (See drawing for recommended keep out area).

XBee®/XBee‐PRO® SMT ZB RF Modules

Module Operation for Programmable Variant

The S2C modules with the programmable option have a secondary processor with 32k of flash and 2k of RAM.

This allows module integrators to put custom code on the XBEE module to fit their own unique needs. The

DIN, DOUT, RTS, CTS, and RESET lines are intercepted by the secondary processor to allow it to be in control of

the data transmitted and received. All other lines are in parallel and can be controlled by either the EM357 or

the MC9SO8QE micro (see Block Diagram for details). The EM357 by default has control of certain lines. These

lines can be released by the EM357 by sending the proper command(s) to disable the desired DIO line(s) (see

XBEE Command Reference Tables).

In order for the secondary processor to sample with ADCs, the XBEE pin 27 (VREF) needs to be connected to a

reference voltage.

Digi provides a bootloader that can take care of programming the processor over the air or through the serial

interface. This means that over the air updates can be supported through an XMODEM protocol. The

processor can also be programmed and debugged through a one wire interface BKGD (Pin 9).

XBee®/XBee‐PRO® SMT ZB RF Modules

XBEE Programmable Bootloader

Overview

The XBee Programmable module is equipped with a Freescale MC9S08QExx application processor. This

application processor comes with a supplied bootloader. The following section describes how to interface the

customer's application code running on this processor to the XBee Programmable module's supplied

bootloader. This section discusses how to initiate firmware updates using the supplied bootloader for wired

and over-the-air updates.

Bootloader Software Specifics

Memory Layout

Figure 1 shows the memory map for the MC9S08QE32 application processor.

The supplied bootloader occupies the bottom pages of the flash from 0xF200 to 0xFFFF. Application code

cannot write to this space.

The application code can exist in Flash from address 0x8400 to 0xF1BC. 1k of Flash from 0x8000 to 0x83FF is

reserved for Non Volatile Application Data that will not be erased by the bootloader during a flash update.

A portion of RAM is accessible by both the application and the bootloader. Specifically, there is a shared data

region used by both the application and the bootloader that is located at RAM address 0x200 to 0x215.

Application code should not write anything to AppResetCause or BLResetCause unless informing the

bootloader of the impending reset reason.

XBee®/XBee‐PRO® SMT ZB RF Modules

Operation

Upon reset of any kind, the execution control begins with the bootloader.

If the reset cause is Power-On reset (POR), Pin reset (PIN), or Low Voltage Detect(LVD) reset the bootloader

will not jump to the application code if the override bits are set to RTS(D7)=1, DTR(D5)=0, and DIN(B0)=0.

Otherwise, the bootloader writes the reset cause "NOTHING" to the shared data region, and jumps to the

Application.

Reset causes are defined in the file common. h in an enumeration with the following definitions:

typedef enum {

BL_CAUSE_NOTHING = 0x0000, //PIN, LVD, POR

BL_CAUSE_NOTHING_COUNT = 0x0001,//BL_Reset_Cause counter

// Bootloader increments cause every reset

BL_CAUSE_BAD_APP = 0x0010,//Bootloader considers APP invalid

} BL_RESET_CAUSES;

typedef enum {

APP_CAUSE_NOTHING = 0x0000,

APP_CAUSE_USE001 = 0x0001,

// 0x0000 to 0x00FF are considered valid for APP use.

APP_CAUSE_USE255 = 0x00FF,

APP_CAUSE_FIRMWARE_UPDATE = 0x5981,

APP_CAUSE_BYPASS_MODE = 0x4682,

APP_CAUSE_BOOTLOADER_MENU = 0x6A18,

} APP_RESET_CAUSES;

Otherwise, if the reset cause is a "watchdog" or other reset, the bootloader checks the shared memory region for

the APP_RESET_CAUSE. If the reset cause is:

1. "APP_CAUSE_NOTHING" or 0x0000 to 0x00FF, the bootloader increments the  BL_RESET_CAUSES,

verifies that it is still less than BL_CAUSE_BAD_APP, and jumps back to the application. If the

Application does not clear the BL_RESET_CAUSE, it can prevent an infinite loop of running a bad

application that continues to perform illegal instructions or watchdog resets.

2. "APP_CAUSE_FIRMWARE_UPDATE", the bootloader has been instructed to update the application

"over-the-air" from a specific 64 bit address. In this case, the bootloader will attempt to initiate an

Xmodem transfer from the 64 bit address located in Shared RAM.

3. "APP_CAUSE_BYPASS_MODE", the bootloader executes bypass mode. This mode passes the  local

UART data directly to the EM250 allowing for direct communication with the EM250. The only way

XBee®/XBee‐PRO® SMT ZB RF Modules

to exit bypass mode is to reset or power cycle the module. If none of the above is true, the

bootloader will enter "Command mode". In this mode, users can initiate firmware downloads both

wired and over-the-air, check application/bootloader version strings, and enter Bypass mode.

If none of the above is true, the bootloader will enter "Command mode". In this mode, users can initiate firmware

downloads both wired and over-the-air, check application/bootloader version strings, and enter Bypass mode.

Application Version String

Figure 1 shows an "Application version string pointer" area in application flash which holds the pointer to where

the application version string resides. The application's linker command file ultimately determines where this

string is placed in application flash.

It is preferable that the application version string be located at address 0x8400 for MC9S08QE32 parts. The

application string can be any characters terminated by the NULL character (0x00). There is not a strict limit on the

number of characters in the string, but for practical purposes should be kept under 100 bytes including the

terminating NULL character. During an update the bootloader erases the entire application from 0x8400 on. The

last page has the vector table specifically the redirected reset vector. The version string pointer and reset vector

are used to determine if the application is valid.

Application Interrupt Vector Table and Linker Command File

Since the bootloader flash region is read-only, the interrupt vector table is redirected to the region 0xF1C0 to

0xF1FD so that application developers can use hardware interrupts. Note that in order for Application interrupts to

function properly, the Application's linker command file (*.prm extension) must be modified appropriately to allow

the linker to place the developers code in the correct place in memory. For example, the developer desires to use

the serial communications port SCI1 receive interrupt. The developer would add the following line to the

Codewarrior linker command file for the project…

VECTOR ADDRESS 0x0000F1E0 vSci1Rx

This will inform the linker that the interrupt function "vSci1Rx()" should be placed at address 0x0000F1E0. Next,

the developer should add a file to their project "vector_table.c" that creates an array of function pointers to the

ISR routines used by the application…Eg.

extern void _Startup(void);/* _Startup located in Start08.c */

extern void vSci1Rx(void);/* sci1 rx isr */

extern short iWriteToSci1(unsigned char *);

void vDummyIsr(void);

#pragma CONST_SEG VECTORS

void (* const vector_table[])(void) = /* Relocated Interrupt vector table */{

vDummyIsr,/* Int.no. 0 Vtpm3ovf (at F1C0)Unassigned */

vDummyIsr, /* Int.no. 1 Vtpm3ch5 (at F1C2) Unassigned */

XBee®/XBee‐PRO® SMT ZB RF Modules

vDummyIsr, /* Int.no. 2 Vtpm3ch4 (at F1C4) Unassigned */

vDummyIsr, /* Int.no. 3 Vtpm3ch3 (at F1C6) Unassigned */

vDummyIsr, /* Int.no. 4 Vtpm3ch2 (at F1C8) Unassigned */

vDummyIsr, /* Int.no. 5 Vtpm3ch1 (at F1CA) Unassigned */

vDummyIsr, /* Int.no. 6 Vtpm3ch0 (at F1CC) Unassigned */

vDummyIsr, /* Int.no. 7 Vrtc (at F1CE) Unassigned */

vDummyIsr, /* Int.no. 8 Vsci2tx (at F1D0) Unassigned */

vDummyIsr, /* Int.no. 9 Vsci2rx (at F1D2) Unassigned */

vDummyIsr, /* Int.no. 10 Vsci2err (at F1D4) Unassigned */

vDummyIsr, /* Int.no. 11 Vacmpx (at F1D6) Unassigned */

vDummyIsr, /* Int.no. 12 Vadc (at F1D8) Unassigned */

vDummyIsr, /* Int.no. 13 Vkeyboard (at F1DA) Unassigned */

vDummyIsr, /* Int.no. 14 Viic (at F1DC) Unassigned */

vDummyIsr, /* Int.no. 15 Vsci1tx (at F1DE) Unassigned */

vSci1Rx, /* Int.no. 16 Vsci1rx (at F1E0) SCI1RX */

vDummyIsr, /* Int.no. 17 Vsci1err (at F1E2) Unassigned */

vDummyIsr, /* Int.no. 18 Vspi (at F1E4) Unassigned */

vDummyIsr, /* Int.no. 19 VReserved12 (at F1E6) Unassigned */

vDummyIsr, /* Int.no. 20 Vtpm2ovf (at F1E8) Unassigned */

vDummyIsr, /* Int.no. 21 Vtpm2ch2 (at F1EA) Unassigned */

vDummyIsr, /* Int.no. 22 Vtpm2ch1 (at F1EC) Unassigned */

vDummyIsr, /* Int.no. 23 Vtpm2ch0 (at F1EE) Unassigned */

vDummyIsr, /* Int.no. 24 Vtpm1ovf (at F1F0) Unassigned */

vDummyIsr, /* Int.no. 25 Vtpm1ch2 (at F1F2) Unassigned */

vDummyIsr, /* Int.no. 26 Vtpm1ch1 (at F1F4) Unassigned */

vDummyIsr, /* Int.no. 27 Vtpm1ch0 (at F1F6) Unassigned */

vDummyIsr, /* Int.no. 28 Vlvd (at F1F8) Unassigned */

XBee®/XBee‐PRO® SMT ZB RF Modules

vDummyIsr, /* Int.no. 29 Virq (at F1FA) Unassigned */

vDummyIsr, /* Int.no. 30 Vswi (at F1FC) Unassigned */

_Startup /* Int.no. 31 Vreset (at F1FE) Reset vector */

};

void vDummyIsr(void){

for(;;){

if(iWriteToSci1("STUCK IN UNASSIGNED ISR\n\r>"));

}

The interrupt routines themselves can be defined in separate files. The "vDummyIsr" function is used in

conjunction with "iWritetoSci1" for debugging purposes.

Bootloader Menu Commands

The bootloader accepts commands from both the local UART and OTA. All OTA commands sent must be Unicast

with only 1 byte in the payload for each command. A response will be returned to the sender. All Broadcast and

multiple byte OTA packets are dropped to help prevent general OTA traffic from being interpreted as a command

to the bootloader while in the menu.

Bypass Mode – “B”

The bootloader provides a "bypass" mode of operation that essentially connects the SCI1 serial communications

peripheral of the Freescale MCU to the EM357's serial Uart channel. This allows direct communication to the

EM357 radio for the purpose of firmware and radio configuration changes. Once in bypass mode, the XCTU utility

can change modem configuration and/or update EM357 firmware. Bypass mode automatically handles any baud

rate up to 115.2kbps. Note that this command is unavailable when module is accessed remotely.

Update Firmware – “F”

The "F" command initiates a firmware download for both wired and over-the-air configurations. Depending on the

source of the command (received via local UART/SPI, or Over the Air), the download will proceed via wired or over-

the-air respectively.

Adjust Timeout for Update Firmware – “T”

The "T" command changes the timeout before sending a NAK by Base-Time*2^(T). The Base-Time for the local

UART is different than the Base-Time for Over the Air. During a firmware update, the bootloader will automatically

increase the Timeout if repeat packets are received or multiple NAKs for the same packet without success occur.

Application Version String – “A”

The "A" command provides the version of the currently loaded application. If no application is present, "Unkown"

will be returned.

XBee®/XBee‐PRO® SMT ZB RF Modules

Bootloader Version String – “V”

The "V" command provides the version of the currently loaded bootloader.

The version will return a string in the format BLFFF-HHH-XYZ_DDD where FFF represents the Flash size in kilo bytes,

HHH is the hardware, XYZ is the version, and DDD is the preferred XMODEM packet size for updates. Double the

preferred packet size is also possible, but not guaranteed. For example "BL032-2B0-023_064" will take 64 byte CRC

XMODEM payloads and may take 128 byte CRC XMODEM payloads also. In this case, both 64 and 128 payloads are

handled, but the 64 byte payload is preferred for better Over the Air reliability.

Firmware Updates

Wired Updates

A user can update their application using the bootloader in a wired configuration with the following steps…

a. Plug XBee programmable module into a suitable serial port on a PC.

b. Open a hyperterminal (or similar dumb terminal application) session with 9600 baud, no parity, and 8

data bits with one stop bit.

c. Hit Enter to display the bootloader menu.

d. Hit the "F" key to initiate a wired firmware update.

e. A series of "C" characters Will be displayed within the hyperterminal window. At this point, select the

"transfer->send file" menu item. Select the desired flat binary output file. (The file should start at 0x8400

not 0x0000).

f. Select "Xmodem" as the protocol.

g. Click "Send" on the "Send File" dialog. The file will be downloaded to the XBee Programmable module.

Upon a successful update, the bootloader will jump to the newly loaded application.

Over-The-Air Updates

A user can update their application using the bootloader in an "over-the-air" configuration with the following

steps…(This procedure assumes that the bootloader is running and not the application. The EM357 baud rate must

be set to 9600 baud. The bootloader only operates at 9600 baud. The application must be programmed with some

way to support returning to the bootloader in order to support Over the Air (OTA) updates without local

intervention.)

a. The XBee module sending the file OTA (Host module) should be set up with a series 2 XBee module with

transparent mode firmware.

b. The XBee Programmable module receiving the update (remote module) is configured with API

firmware.

c. Open a hyperterminal session to the host module with 9600 baud, no parity, no hardwareflow control,

8 data bits and 1 stop bit.

d. Enter 3 pluses "+++" to place the EM357 in command mode.

XBee®/XBee‐PRO® SMT ZB RF Modules

e. Set the Host Module destination address to the target module’s 64 bit address that the host module

will update (ATDH aabbccdd, ATDL eeffgghh, ATCN, where aabbccddeeffgghh is the hexa-decimal 64 bit

address of the target module).

f. Hit Enter and the bootloader command menu will be displayed from the remote module. (Note that the

option "B" doesn't exist for OTA)

g. Hit the "F" key to cause the remote module to request the new firmware file over-the-air.

h. The host module will begin receiving "C" characters indicating that the remote module is requesting an

Xmodem CRC transfer. Using XCTU or another terminal program, Select "XMODEM" file transfer. Select

the Binary file to upload/transfer. Click Send to start the transfer. At the con-clusion of a successful

transfer, the bootloader will jump to the newly loaded application.

Output File Configuration

BKGD Programming

P&E Micro provides a background debug tool that allows flashing applications on the MC9S08QE parts through

their background debug mode port. By default, the Codewarrior tool produces an "ABS" output file for use in

programming parts through the background debug interface. The programmable XBee from the factory has the

BKGD debugging capability disabled. In order to debug, a bootloader with the debug interface enabled needs to be

loaded on the secondary processor or a stand-alone app needs to be loaded.

Bootloader Updates

The supplied bootloader requires files in a "flat binary" format which differs from the default ABS file produced.

The Codewarrior tool also produces a S19 output file. In order to successfully flash new applications, the S19 file

must be converted into the flat binary format. Utilities are available on the web that will convert S19 output to

"BIN" outputs. Often times, the "BIN" file conversion will pad the addresses from 0x0000 to the code space with

the same number. (Often 0x00 or 0xFF) These extra bytes before the APP code starts will need to be deleted from

the bin file before the file can be transferred to the bootloader.

XBee®/XBee‐PRO® SMT ZB RF Modules

1. RF Module Operation

Serial Communications

The XBee RF Modules interface to a host device through a logic-level asynchronous serial port, or a Serial

Peripheral Interface (SPI) port. Through its serial ports, the module can communicate with any logic and

voltage compatible UART or SPI; or through a level translator to any serial device (for example: through a RS-

232 or USB interface board).

Two wire serial interface (TWI) is also available, but not supported by Digi. For information on the TWI see the

EM357 specification.

UART Communications

UART Data Flow

Devices that have a UART interface can connect directly to the pins of the RF module as shown in the figure

below.

UART Serial Data

Data enters the module UART through the DIN (pin 4) as an asynchronous serial signal. The signal should idle

high when no data is being transmitted. Each data byte consists of a start bit (low), 8 data bits (least significant

bit first) and a stop bit (high). The following figure illustrates the serial bit pattern of data passing through the

module.

XBee®/XBee‐PRO® SMT ZB RF Modules

Serial communications depend on the two UARTs (the microcontroller's and the RF module's) to be configured

with compatible settings (baud rate, parity, start bits, stop bits, data bits).

The UART baud rate, parity, and stop bits settings on the XBee module can be configured with the BD, NB, and

SB commands respectively. See the command table in chapter 10 for details.

SPI Communications

The XBee modules support SPI communications in the slave mode. Slave mode receives the clock signal and data

from the master and returns data to the master. The SPI port uses the following signals on the XBee:

• SPI_MOSI (Master Out, Slave In) – inputs serial data from the master

• SPI_MISO (Master In, Slave Out) – outputs serial data to the master

• SPI_SCLK (Serial Clock) – clocks data transfers on MOSI and MISO

• SPI_nSSEL (Slave Select) – enables serial communication with the slave

In this mode the following apply:

• Data/Clock rates up to 5MBPS are possible.

• Data is MSB first

• Frame Format mode 0 is used (see below)

Frame Format for SPI communications

SPI mode is chip to chip communication. Digi does not supply SPI communication option of Device Development

Evaluation Boards.

SPI Operation

When the slave select (SPI_nSSEL) signal is asserted by the master, SPI transmit data is driven to the output pin

SPI_MISO, and SPI data is received from the input pin SPI_MOSI. The SPI_nSSEL pin has to be asserted to enable

the transmit serializer to drive data to the output signal SPI_MISO. A falling edge on SPI_nSSEL resets the SPI slave

shift registers.

If the input buffer is empty, the SPI serializer transmits a busy token (0xFF).

The SPI slave controller must guarantee that there is time to move new transmit data from the transmit buffer into

the hardware serializer. To provide sufficient time, the SPI slave controller inserts a byte of padding at the start of

every new string of transmit data. Whenever the transmit buffer is empty and data is placed into the transmit

buffer the SPI hardware inserts a byte of padding onto the front of the transmission as if this byte was placed there

by software.

XBee®/XBee‐PRO® SMT ZB RF Modules

Serial Buffers

The XBee modules maintain small buffers to collect received serial and RF data, which is illustrated in the

figure below. The serial receive buffer collects incoming serial characters and holds them until they can be

processed. The serial transmit buffer collects data that is received via the RF link that will be transmitted out

the UART or SPI port.

Serial Receive Buffer

When serial data enters the RF module through the DIN Pin (pin 4), the data is stored in the serial receive buffer

until it can be processed. Under certain conditions, the module may not be able to process data in the serial

receive buffer immediately. If large amounts of serial data are sent to the module, CTS flow control may be

required to avoid overflowing the serial receive buffer.

Cases in which the serial receive buffer may become full and possibly overflow:

1. If the module is receiving a continuous stream of RF data, the data in the serial receive buffer

will not be transmitted until the module is no longer receiving RF data.

2. If the module is transmitting an RF data packet, the module may need to discover the

destination address or establish a route to the destination. After transmitting the data, the

module may need to retransmit the data if an acknowledgment is not received, or if the

transmission is a broad-cast. These issues could delay the processing of data in the serial receive

buffer.

Serial Transmit Buffer

When RF data is received, the data is moved into the serial transmit buffer and sent out the UART or SPI port. If the

serial transmit buffer becomes full enough such that all data in a received RF packet won’t fit in the serial transmit

buffer, the entire RF data packet is dropped.

Cases in which the serial transmit buffer may become full resulting in dropped RF packets

1. If the RF data rate is set higher than the interface data rate of the module, the module could

receive data faster than it can send the data to the host.

XBee®/XBee‐PRO® SMT ZB RF Modules

2. If the host does not allow the module to transmit data out from the serial transmit buffer

because of being held off by hardware flow control.

Serial Flow Control

The nRTS and nCTS module pins can be used to provide RTS and/or CTS flow control. CTS flow control provides an

indication to the host to stop sending serial data to the module. RTS flow control allows the host to signal the

module to not send data in the serial transmit buffer out the UART or SPI port. RTS and CTS flow control are

enabled using the D6 and D7 commands.

nCTS Flow Control

If CTS flow control is enabled (D7 command), when the serial receive buffer is 17 bytes away from being full, the

module de-asserts nCTS (sets it high) to signal to the host device to stop sending serial data. nCTS is re-asserted

after the serial receive buffer has 34 bytes of space.

nRTS Flow Control

If RTS flow control is enabled (D6 command), data in the serial transmit buffer will not be sent out the DOUT pin as

long as nRTS is de-asserted (set high). The host device should not de-assert nRTS for long periods of time to avoid

filling the serial transmit buffer. If an RF data packet is received, and the serial transmit buffer does not have

enough space for all of the data bytes, the entire RF data packet will be discarded.

Note: If the XBee is sending data out the UART or SPI port when nRTS is de-asserted (set high), the XBee could

send up to 5 characters out the UART or SPI port after RTS is de-asserted.

Serial Interface Protocols

The XBee modules support both transparent and API (Application Programming Interface) serial interfaces.

Transparent Operation

When operating in transparent mode, the modules act as a serial line replacement. All UART or SPI data received

through the respective ports is queued up for RF transmission. When RF data is received, the data is sent out

through the UART or SPI port. The module configuration parameters are configured using the AT command mode

interface.

Data is buffered in the serial receive buffer until one of the following causes the data to be packetized and

transmitted:

•No serial characters are received for the amount of time determined by the RO (Packetization Time-out)

parameter. If RO = 0, packetization begins when a character is received.

•The Command Mode Sequence (GT + CC + GT) is received. Any character buffered in the serial receive

buffer before the sequence is transmitted.

•The maximum number of characters that will fit in an RF packet is received.

API Operation

XBee®/XBee‐PRO® SMT ZB RF Modules

API operation is an alternative to transparent operation. The frame-based API extends the level to which a host

application can interact with the networking capabilities of the module. When in API mode, all data entering and

leaving the module is contained in frames that define operations or events within the module.

Transmit Data Frames (received through the DIN pin (pin 3)) include:

•RF Transmit Data Frame

•Command Frame (equivalent to AT commands) Receive Data Frames (sent out the DOUT pin (pin 2))

include:

•RF-received data frame •Command response

•Event notifications such as reset, associate, disassociate, etc.

The API provides alternative means of configuring modules and routing data at the host application layer. A host

application can send data frames to the module that contain address and payload information instead of using

command mode to modify addresses. The module will send data frames to the application containing status

packets; as well as source, and payload information from received data packets. The API operation option

facilitates many operations such as the examples cited below:

-> Transmitting data to multiple destinations without entering Command Mode

-> Receive success/failure status of each transmitted RF packet

-> Identify the source address of each received packet

A Comparison of Transparent and API Operation

The following table compares the advantages of transparent and API modes of operation:

Transparent Operation Features

Simple Interface All received serial data is transmitted unless the module is in command mode.

Easy to support It is easier for an application to support transparent operation and command mode.

API Operation Features

Easy to manage data

transmissions to

multiple destinations

Transmitting RF data to multiple remotes only requires changing the address in the API frame.

This Process is much faster than transparent operation where the application must enter AT

command mode, change the address, exit command mode, and then transmit data.

Each API transmission can return a transmit status frame indicating the success or reason for

failure

Received data frames

indicate the sender's

address

All received RF data API frames indicate the source address.

Advanced ZigBee

addressing support

API transmit and receive frames can expose ZigBee addressing fields including source and

destination endpoints, cluster ID and profile ID. This makes it easy to support ZDO commands

and public profile traffic.

XBee®/XBee‐PRO® SMT ZB RF Modules

Advanced Networking

diagnostics

API frames can provide indication of IO samples from remote devices, and node identification

messages.

Remote Configuration Set/read configuration commands can be sent to remote devices to configure them as needed

using the API.

As a general rule of thumb, API firmware is recommended when a device:

•sends RF data to multiple destinations

•sends remote configuration commands to manage devices in the network

•receives IO samples from remote devices

•receives RF data packets from multiple devices, and the application needs to know which device sent

which packet

•must support multiple ZigBee endpoints, cluster IDs, and/or profile IDs

•uses the ZigBee Device Profile services.

If the above conditions do not apply (e.g. a sensor node, router, or a simple application), then AT firmware might

be suitable. It is acceptable to use a mixture of devices running API and AT firmware in a network.

XBee®/XBee‐PRO® SMT ZB RF Modules

Modes of Operation

Idle Mode

When not receiving or transmitting data, the RF module is in Idle Mode. The module shifts into the other modes of

operation under the following conditions:

•Transmit Mode (Serial data in the serial receive buffer is ready to be packetized)

•Receive Mode (Valid RF data is received through the antenna)

•Sleep Mode (End Devices only)

•Command Mode (Command Mode Sequence is issued)

Transmit Mode

When serial data is received and is ready for packetization, the RF module will exit Idle Mode and attempt to

transmit the data. The destination address determines which node(s) will receive the data.

Prior to transmitting the data, the module ensures that a 16-bit network address and route to the destination node

have been established.

If the destination 16-bit network address is not known, network address discovery will take place. If a route is not

known, route discovery will take place for the purpose of establishing a route to the destination node. If a module

with a matching network address is not discovered, the packet is discarded. The data will be transmitted once a

route is established. If route discovery fails to establish a route, the packet will be discarded.

When data is transmitted from one node to another, a network-level acknowledgement is transmitted back across

the established route to the source node. This acknowledgement packet indicates to the source node that the data

XBee®/XBee‐PRO® SMT ZB RF Modules

packet was received by the destination node. If a network acknowledgement is not received, the source node will

re-transmit the data.

It is possible in rare circumstances for the destination to receive a data packet, but for the source to not receive

the network acknowledgment. In this case, the source will retransmit the data, which could cause the destination

to receive the same data packet multiple times. The XBee modules do not filter out duplicate packets. The

application should include provisions to address this potential issue

See Data Transmission and Routing in chapter 4 for more information.

Receive Mode

If a valid RF packet is received, the data is transferred to the serial transmit buffer.

Command Mode

To modify or read RF Module parameters, the module must first enter into Command Mode - a state in which

incoming serial characters are interpreted as commands. Refer to the API Mode section in chapter 9 for an

alternate means of configuring modules.

AT Command Mode

To Enter AT Command Mode:

Send the 3-character command sequence “+++” and observe guard times before and

after the command characters. [Refer to the “Default AT Command Mode Sequence”

below.]

Default AT Command Mode Sequence (for transition to Command Mode):

•No characters sent for one second [GT (Guard Times) parameter = 0x3E8]

•Input three plus characters (“+++”) within one second [CC (Command Sequence

Character) parameter = 0x2B.]

•No characters sent for one second [GT (Guard Times) parameter = 0x3E8]

Once the AT command mode sequence has been issued, the module sends an "OK\r" out the

UART or SPI pad. The "OK\r" characters can be delayed if the module has not finished

transmitting received serial data.

When command mode has been entered, the command mode timer is started (CT command),

and the module is able to receive AT commands on the UART or SPI port.

All of the parameter values in the sequence can be modified to reflect user preferences.

NOTE: Failure to enter AT Command Mode is most commonly due to baud rate

mismatch. By default, the BD (Baud Rate) parameter = 3 (9600 bps).

To Send AT Commands:

Send AT commands and parameters using the syntax shown below.

XBee®/XBee‐PRO® SMT ZB RF Modules

To read a parameter value stored in the RF module’s register, omit the parameter field.

The preceding example would change the RF module Destination Address (Low) to “0x1F”. To

store the new value to non-volatile (long term) memory, subsequently send the WR (Write)

command.

For modified parameter values to persist in the module’s registry after a reset, changes must be

saved to non-volatile memory using the WR (Write) Command. Otherwise, parameters are

restored to previously saved values after the module is reset.

Command Response

When a command is sent to the module, the module will parse and execute the command. Upon

successful execution of a command, the module returns an “OK” message. If execution of a

command results in an error, the module returns an “ERROR” message.

Applying Command Changes

Any changes made to the configuration command registers through AT commands will not take

effect until the changes are applied. For example, sending the BD command to change the baud

rate will not change the actual baud rate until changes are applied. Changes can be applied in

one of the following ways:

•The AC (Apply Changes) command is issued.

•AT command mode is exited.

To Exit AT Command Mode:

1. Send the ATCN (Exit Command Mode) command (followed by a carriage return).

[OR]

2. If no valid AT Commands are received within the time specified by CT (Command Mode Timeout)

Command, the RF module automatically returns to Idle Mode.

For an example of programming the RF module using AT Commands and descriptions of each

configurable parameter, please see the Command Reference Table chapter.

XBee®/XBee‐PRO® SMT ZB RF Modules

Sleep Mode

Sleep modes allow the RF module to enter states of low power consumption when not in use. The XBee RF

modules support both pin sleep (sleep mode entered on pin transition) and cyclic sleep (module sleeps for a fixed

time). XBee sleep modes are discussed in detail in chapter 6.

XBee®/XBee‐PRO® SMT ZB RF Modules

3. XBee ZigBee Networks

Introduction to ZigBee

ZigBee is an open global standard built on the IEEE 802.15.4 MAC/PHY. ZigBee defines a network layer above the

802.15.4 layers to support advanced mesh routing capabilities. The ZigBee specification is developed by a growing

consortium of companies that make up the ZigBee Alliance. The Alliance is made up of over 300 members,

including semiconductor, module, stack, and software developers.

ZigBee Stack Layers

The ZigBee stack consists of several layers including the PHY, MAC, Network, Application Support Sublayer (APS),

and ZigBee Device Objects (ZDO) layers. Technically, an Application Framework (AF) layer also exists, but will be

grouped with the APS layer in remaining discussions. The ZigBee layers are shown in the figure below.

A description of each layer appears in the following table:

ZigBee Layer Description

PHY

Defines the physical operation of the ZigBee device including

receive sensitivity, channel rejection, output power, number

of channels, chip modulation, and transmission rate

specifications. Most ZigBee applications operate on the 2.4

GHz ISM band at a 250kbps data rate. See the IEEE 802.15.4

specification for details.

MAC

Manages RF data transactions between neighboring devices

(point to point). The MAC includes services such as

transmission retry and acknowledgement management, and

collision avoidance techniques (CSMA-CA)

Network

Adds routing capabilities that allow RF data packets to

traverse multiple devices (multiple "hops") to route data from

source to destination (peer to peer).

APS (AF) Application layer that defines various addressing objects

including profiles, clusters, and endpoints.

ZDO Application layer that provides device and service discovery

features and advanced network management capabilities.

Networking concepts

Device Types

ZigBee defines three different device types: coordinator, router, and end device.

Node Types / Sample of a Basic ZigBee Network Topology

A coordinator has the following characteristics: it

XBee®/XBee‐PRO® SMT ZB RF Modules

•Selects a channel and PAN ID (both 64-bit and 16-bit) to start the network

•Can allow routers and end devices to join the network

•Can assist in routing data

•Cannot sleep--should be mains powered

•Can buffer RF data packets for sleeping end device children.

A router has the following characteristics: it

•Must join a ZigBee PAN before it can transmit, receive, or route data

•After joining, can allow routers and end devices to join the network

•After joining, can assist in routing data

•Cannot sleep--should be mains powered.

•Can buffer RF data packets for sleeping end device children.

An end device has the following characteristics: it

•Must join a ZigBee PAN before it can transmit or receive data

•Cannot allow devices to join the network

•Must always transmit and receive RF data through its parent. Cannot route data.

•Can enter low power modes to conserve power and can be battery-powered.

An example of such a network is shown below:

In ZigBee networks, the coordinator must select a PAN ID (64-bit and 16-bit) and channel to start a network. After

that, it behaves essentially like a router. The coordinator and routers can allow other devices to join the network

and can route data.

After an end device joins a router or coordinator, it must be able to transmit or receive RF data through that router

or coordinator. The router or coordinator that allowed an end device to join becomes the "parent" of the end

device. Since the end device can sleep, the parent must be able to buffer or retain incoming data packets destined

for the end device until the end device is able to wake and receive the data.

PAN ID

ZigBee networks are called personal area networks or PANs. Each network is defined with a unique PAN identifier

(PAN ID). This identifier is common among all devices of the same network. ZigBee devices are either

preconfigured with a PAN ID to join, or they can discovery nearby networks and select a PAN ID to join.

ZigBee supports both a 64-bit and a 16-bit PAN ID. Both PAN IDs are used to uniquely identify a network. Devices

on the same ZigBee network must share the same 64-bit and 16-bit PAN IDs. If multiple ZigBee networks are

operating within range of each other, each should have unique PAN IDs.

XBee®/XBee‐PRO® SMT ZB RF Modules

The 16-bit PAN ID is used as a MAC layer addressing field in all RF data transmissions between devices in a

network. However, due to the limited addressing space of the 16-bit PAN ID (65,535 possibilities); there is a

possibility that multiple ZigBee networks (within range of each other) could use the same 16-bit PAN ID. To resolve

potential 16-bit PAN ID conflicts, the ZigBee Alliance created a 64-bit PAN ID.

The 64-bit PAN ID (also called the extended PAN ID), is intended to be a unique, non-duplicated value. When a

coordinator starts a network, it can either start a network on a preconfigured 64-bit PAN ID, or it can select a

random 64-bit PAN ID. The 64-bit PAN ID is used during joining; if a device has a preconfigured 64-bit PAN ID, it will

only join a network with the same 64-bit PAN ID. Otherwise, a device could join any detected PAN and inherit the

PAN ID from the network when it joins. The 64-bit PAN ID is included in all ZigBee beacons and is used in 16-bit

PAN ID conflict resolution.

Routers and end devices are typically configured to join a network with any 16-bit PAN ID as long as the 64-bit PAN

ID is valid. Coordinators typically select a random 16-bit PAN ID for their network.

Since the 16-bit PAN ID only allows up to 65,535 unique values, and since the 16-bit PAN ID is randomly selected,

provisions exist in ZigBee to detect if two networks (with different 64-bit PAN IDs) are operating on the same 16-

bit PAN ID. If such a conflict is detected, the ZigBee stack can perform PAN ID conflict resolution to change the 16-

bit PAN ID of the network in order to resolve the conflict. See the ZigBee specification for details.

To summarize, ZigBee routers and end devices should be configured with the 64-bit PAN ID of the network they

want to join. They typically acquire the 16-bit PAN ID when they join a network.

Operating Channel

ZigBee utilizes direct-sequence spread spectrum modulation and operates on a fixed channel. The 802.15.4 PHY

defines 16 operating channels (channels 11 to 26) in the 2.4 GHz frequency band. XBee modules support all 16

channels.

ZigBee Application Layers: In Depth

This section provides a more in-depth look at the ZigBee application stack layers (APS, ZDO) including a discussion

on ZigBee endpoints, clusters, and profiles. Much of the material in this section can introduce unnecessary details

of the ZigBee stack that are not required in many cases.

Skip this section if

•The XBee does not need to interoperate or talk to non-Digi ZigBee devices

•The XBee simply needs to send data between devices.

Read this section if

•The XBee may talk to non-Digi ZigBee devices

•The XBee requires network management and discovery capabilities of the ZDO layer

•The XBee needs to operate in a public application profile (smart energy, home automation, etc.)

Application Support Sublayer (APS)

The APS layer in ZigBee adds support for application profiles, cluster IDs, and endpoints.

Application Profiles

Application profiles specify various device descriptions including required functionality for various devices. The

collection of device descriptions forms an application profile. Application profiles can be defined as "Public" or

"Private" profiles. Private profiles are defined by a manufacturer whereas public profiles are defined, developed,

XBee®/XBee‐PRO® SMT ZB RF Modules

and maintained by the ZigBee Alliance. Each application profile has a unique profile identifier assigned by the

ZigBee Alliance.

Examples of public profiles include:

•Home Automation

•Smart Energy

•Commercial Building Automation

The Smart Energy profile, for example, defines various device types including an energy service portal, load

controller, thermostat, in-home display, etc. The Smart Energy profile defines required functionality for each

device type. For example, a load controller must respond to a defined command to turn a load on or off. By

defining standard communication protocols and device functionality, public profiles allow interoperable ZigBee

solutions to be developed by independent manufacturers.

Digi XBee ZB firmware operates on a private profile called the Digi Drop-In Networking profile. However, the API

firmware in the module can be used in many cases to talk to devices in public profiles or non-Digi private profiles.

See the API Operations chapter for details.

Clusters

A cluster is an application message type defined within a profile. Clusters are used to specify a unique function,

service, or action. For example, the following are some clusters defined in the home automation profile:

•On/Off - Used to switch devices on or off (lights, thermostats, etc.)

•Level Control - Used to control devices that can be set to a level between on and off

•Color Control - Controls the color of color capable devices.

Each cluster has an associated 2-byte cluster identifier (cluster ID). The cluster ID is included in all application

transmissions. Clusters often have associated request and response messages. For example, a smart energy

gateway (service portal) might send a load control event to a load controller in order to schedule turning on or off

an appliance. Upon executing the event, the load controller would send a load control report message back to the

gateway.

Devices that operate in an application profile (private or public) must respond correctly to all required clusters. For

example, a light switch that will operate in the home automation public profile must correctly implement the

On/Off and other required clusters in order to interoperate with other home automation devices. The ZigBee

Alliance has defined a ZigBee Cluster Library (ZCL) that contains definitions or various general use clusters that

could be implemented in any profile. XBee modules implement various clusters in the Digi private profile. In

addition, the API can be used to send or receive messages on any cluster ID (and profile ID or endpoint). See the

Explicit Addressing ZigBee Command API frame in chapter 3 for details.

Endpoints

The APS layer includes supports for endpoints. An endpoint can be thought of as a running application, similar to a

TCP/IP port. A single device can support one or more endpoints. Each application endpoint is identified by a 1-byte

value, ranging from 1 to 240. Each defined endpoint on a device is tied to an application profile. A device could, for

example, implement one endpoint that supports a Smart Energy load controller, and another endpoint that

supports other functionality on a private profile.

XBee®/XBee‐PRO® SMT ZB RF Modules

ZigBee Device Profile

Profile ID 0x0000 is reserved for the ZigBee Device Profile. This profile is implemented on all ZigBee devices. Device

Profile defines many device and service discovery features and network management capabilities. Endpoint 0 is a

reserved endpoint that supports the ZigBee Device Profile. This endpoint is called the ZigBee Device Objects (ZDO)

endpoint.

ZigBee Device Objects (ZDO)

The ZDO (endpoint 0) supports the discovery and management capabilities of the ZigBee Device Profile. A

complete listing of all ZDP services is included in the ZigBee specification. Each service has an associated cluster ID.

The XBee ZB firmware allows applications to easily send ZDO messages to devices in the network using the API. See

the ZDO Transmissions section in chapter 4 for details.

Coordinator Operation

Forming a Network

The coordinator is responsible for selecting the channel, PAN ID (16-bit and 64-bit), security policy, and stack

profile for a network. Since a coordinator is the only device type that can start a network, each ZigBee network

must have one coordinator. After the coordinator has started a network, it can allow new devices to join the

network. It can also route data packets and communicate with other devices on the network.

To ensure the coordinator starts on a good channel and unused PAN ID, the coordinator performs a series of scans

to discover any RF activity on different channels (energy scan) and to discover any nearby operating PANs (PAN

scan). The process for selecting the channel and PAN ID are described in the following sections.

Channel Selection

When starting a network, the coordinator must select a "good" channel for the network to operate on. To do this,

it performs an energy scan on multiple channels (frequencies) to detect energy levels on each channel. Channels

with excessive energy levels are removed from its list of potential channels to start on.

PAN ID Selection

After completing the energy scan, the coordinator scans its list of potential channels (remaining channels after the

energy scan) to obtain a list of neighboring PANs. To do this, the coordinator sends a beacon request (broadcast)

transmission on each potential channel. All nearby coordinators and routers (that have already joined a ZigBee

network) will respond to the beacon request by sending a beacon back to the coordinator. The beacon contains

information about the PAN the device is on, including the PAN identifiers (16-bit and 64-bit). This scan (collecting

beacons on the potential channels) is typically called an active scan or PAN scan.

After the coordinator completes the channel and PAN scan, it selects a random channel and unused 16-bit PAN ID

to start on.

Security Policy

The security policy determines which devices are allowed to join the network, and which device(s) can

authenticate joining devices. See chapter 5 for a detailed discussion of various security policies.

Persistent Data

Once a coordinator has started a network, it retains the following information through power cycle or reset events:

XBee®/XBee‐PRO® SMT ZB RF Modules

•PAN ID

•Operating channel

•Security policy and frame counter values

•Child table (end device children that are joined to the coordinator).

The coordinator will retain this information indefinitely until it leaves the network. When the coordinator leaves a

network and starts a new network, the previous PAN ID, operating channel, and child table data are lost.

XBee ZB Coordinator Startup

The following commands control the coordinator network formation process.

Network formation commands used by the coordinator to form a network.

Command Description

ID Used to determine the 64-bit PAN ID. If set to 0 (default), a random 64-bit PAN ID

will be selected.

Determines the scan channels bitmask (up to 16 channels) used by the coordinator

when forming a network. The coordinator will perform an energy scan on all

enabled SC channels. It will then perform a PAN ID scan and then form the

network on one of the SC channels

SD Set the scan duration period. This value determined how long the coordinator

performs an energy scan or PAN ID scan on a given channel.

ZS Set the ZigBee Stack profile for the network.

EE Enable or disable security in the network.

NK Set the network security key for the network. If set to 0 (default), a random

network security key will be used.

KY Set the trust center link key for the network. If set to 0 (default), a random link key

will be used.

EO Set the security policy for the network.

Once the coordinator starts a network, the network configuration settings and child table data persist through

power cycles as mentioned in the "Persistent Data" section.

When the coordinator has successfully started a network, it

•Allows other devices to join the network for a time (see NJ command)

•Sets AI=0 •Starts blinking the Associate LED

•Sends an API modem status frame ("coordinator started") out the UART (API firmware only).

These behaviors are configurable using the following commands:

Command Description

NJ Sets the permit-join time on the coordinator, measured in seconds.

D5 Enables the Associate LED functionality

LT Sets the Associate LED blink time when joined. Default is 1 blink per second.

XBee®/XBee‐PRO® SMT ZB RF Modules

If any of the command values in the network formation commands table changes, the coordinator will leave its

current network and start a new network, possibly on a different channel. Note that command changes must be

applied (AC or CN command) before taking effect.

Permit Joining

The permit joining attribute on the coordinator is configurable with the NJ command. NJ can be configured to

always allow joining, or to allow joining for a short time.

Joining Always Enabled

If NJ=0xFF (default), joining is permanently enabled. This mode should be used carefully. Once a network has been

deployed, the application should strongly consider disabling joining to prevent unwanted joins from occurring.

Joining Temporarily Enabled

If NJ < 0xFF, joining will be enabled only for a number of seconds, based on the NJ parameter. The timer is started

once the XBee joins a network. Joining will not be re-enabled if the module is power cycled or reset. The following

mechanisms can restart the permit-joining timer:

•Changing NJ to a different value (and applying changes with the AC or CN commands)

•Pressing the commissioning button twice (enables joining for 1 minute)

•Issuing the CB command with a parameter of 2 (software emulation of a 2 button press - enables joining

for 1 minute).

Resetting the Coordinator

When the coordinator is reset or power cycled, it checks its PAN ID, operating channel and stack profile against the

network configuration settings (ID, CH, and ZS). It also verifies the saved security policy against the security

configuration settings (EE, NK, KY). If the coordinator's PAN ID, operating channel, stack profile, or security policy is

not valid based on its network and security configuration settings, then the coordinator will leave the network and

attempt to form a new network based on its network formation command values.

To prevent the coordinator from leaving an existing network, the WR command should be issued after all network

formation commands have been configured in order to retain these settings through power cycle or reset events.

Leaving a Network

There are a couple of mechanisms that will cause the coordinator to leave its current PAN and start a new network

based on its network formation parameter values. These include the following:

•Change the ID command such that the current 64-bit PAN ID is invalid.

•Change the SC command such that the current channel (CH) is not included in the channel mask.

•Change the ZS or any of the security command values (excluding NK).

•Issue the NR0 command to cause the coordinator to leave.

•Issue the NR1 command to send a broadcast transmission, causing all devices in the network to leave

and migrate to a different channel.

•Press the commissioning button 4 times or issue the CB command with a parameter of 4.

Note that changes to ID, SC, ZS, and security command values only take effect when changes are applied (AC or CN

commands).

XBee®/XBee‐PRO® SMT ZB RF Modules

Replacing a Coordinator (Security Disabled Only)

In rare occasions, it may become necessary to replace an existing coordinator in a network with a new physical

device. If security is not enabled in the network, a replacement XBee coordinator can be configured with the PAN

ID (16-bit and 64-bit), channel, and stack profile settings of a running network in order to replace an existing

coordinator.

NOTE: Having two coordinators on the same channel, stack profile, and PAN ID (16-bit and 64-bit) can cause

problems in the network and should be avoided. When replacing a coordinator, the old coordinator should be

turned off before starting the new coordinator.

To replace a coordinator, the following commands should be read from a device on the network:

AT Command Description

OP Read the operating 64-bit PAD ID.

OI Read the operating 16-bit PAN ID.

CH Read the operating channel.

ZS Read the stack profile.

Each of the commands listed above can be read from any device on the network. (These parameters will be the

same on all devices in the network.) After reading these commands from a device on the network, these

parameter values should be programmed into the new coordinator using the following commands.

AT Command Description

ID Set the 64-bit PAN ID to match

the read OP value.

II Set the initial 16-bit PAN ID to

match the read OI value.

Set the scan channels bitmask to

enable the read operating

channel (CH command). For

example, if the operating channel

is 0x0B, set SC to 0x0001. If the

operating channel is 0x17, set SC

to 0x1000.

ZS Set the stack profile to match the

read ZS value.

Note: II is the initial 16-bit PAN ID. Under certain conditions, the ZigBee stack can change the 16-bit PAN ID of the

network. For this reason, the II command cannot be saved using the WR command. Once II is set, the coordinator

leaves the network and starts on the 16-bit PAN ID specified by II.

Example: Starting a Coordinator

1. Set SC and ID to the desired scan channels and PAN ID values. (The defaults should suffice.)

2. If SC or ID is changed from the default, issue the WR command to save the changes.

XBee®/XBee‐PRO® SMT ZB RF Modules

3. If SC or ID is changed from the default, apply changes (make SC and ID changes take effect) either by

sending the AC command or by exiting AT command mode.

4. The Associate LED will start blinking once the coordinator has selected a channel and PAN ID.

5. The API Modem Status frame ("Coordinator Started") is sent out the UART (API firmware only).

6. Reading the AI command (association status) will return a value of 0, indicating a successful startup.

7. Reading the MY command (16-bit address) will return a value of 0, the ZigBee-defined 16-bit address of

the coordinator.

After startup, the coordinator will allow joining based on its NJ value.

Example: Replacing a Coordinator (security disabled)

1. Read the OP, OI, CH, and ZS commands on the running coordinator.

2. Set the ID, SC, and ZS parameters on the new coordinator, followed by WR command to save these parameter

values.

3. Turn off the running coordinator.

4. Set the II parameter on the new coordinator to match the read OI value on the old coordinator.

5. Wait for the new coordinator to start (AI=0).

Router Operation

Routers must discover and join a valid ZigBee network before they can participate in a ZigBee network. After a

router has joined a network, it can allow new devices to join the network. It can also route data packets and

communicate with other devices on the network.

Discovering ZigBee Networks

To discover nearby ZigBee networks, the router performs a PAN (or active) scan, just like the coordinator does

when it starts a network. During the PAN scan, the router sends a beacon request (broadcast) transmission on the

first channel in its scan channels list. All nearby coordinators and routers operating on that channel (that are

already part of a ZigBee network) respond to the beacon request by sending a beacon back to the router. The

beacon contains information about the PAN the nearby device is on, including the PAN identifier (PAN ID), and

whether or not joining is allowed. The router evaluates each beacon received on the channel to determine if a

valid PAN is found. A router considers a PAN to be valid if the PAN:

•Has a valid 64-bit PAN ID (PAN ID matches ID if ID > 0)

•Has the correct stack profile (ZS command)

•Is allowing joining.

If a valid PAN is not found, the router performs the PAN scan on the next channel in its scan channels list and

continues scanning until a valid network is found, or until all channels have been scanned. If all channels have been

scanned and a valid PAN was not discovered, all channels will be scanned again.

The ZigBee Alliance requires that certified solutions not send beacon request messages too frequently. To meet

certification requirements, the XBee firmware attempts 9 scans per minute for the first 5 minutes, and 3 scans per

minute thereafter. If a valid PAN is within range of a joining router, it should typically be discovered within a few

seconds.

Joining a Network

Once the router discovers a valid network, it sends an association request to the device that sent a valid beacon

requesting a join on the ZigBee network. The device allowing the join then sends an association response frame

that either allows or denies the join.

XBee®/XBee‐PRO® SMT ZB RF Modules

When a router joins a network, it receives a 16-bit address from the device that allowed the join. The 16-bit

address is randomly selected by the device that allowed the join.

Authentication

In a network where security is enabled, the router must then go through an authentication process. See the

Security chapter for a discussion on security and authentication.

After the router is joined (and authenticated, in a secure network), it can allow new devices to join the network.

Persistent Data

Once a router has joined a network, it retains the following information through power cycle or reset events:

•PAN ID

•Operating channel

•Security policy and frame counter values

•Child table (end device children that are joined to the coordinator).

The router will retain this information indefinitely until it leaves the network. When the router leaves a network,

the previous PAN ID, operating channel, and child table data are lost.

XBee ZB Router Joining

When the router is powered on, if it is not already joined to a valid ZigBee network, it immediately attempts to find

and join a valid ZigBee network.

Note: The DJ command can be set to 1 to disable joining. The DJ parameter cannot be written with WR, so a power

cycle always clears the DJ setting.

The following commands control the router joining process.

Command Description

ID Sets the 64-bit PAN ID to join. Setting ID=0 allows the router to join any 64-bit PAN

ID.

Set the scan channels bitmask that determines which channels a router will scan to

find a valid network. SC on the router should be set to match SC on the

coordinator. For example, setting SC to 0x281 enables scanning on channels 0x0b,

0x12, and 0x14, in that order.

SD Set the scan duration, or time that the router will listen for beacons on each

channel.

ZS Sets the stack profile on the device.

EE Enable or disable security in the network. This must be set to match the EE value

(security policy) of the coordinator.

KY Set the trust center link key. If set to 0 (default), the link key is expected to be

obtained (unencrypted) during joining.

XBee®/XBee‐PRO® SMT ZB RF Modules

Once the router joins a network, the network configuration settings and child table data persist through power

cycles as mentioned in the "Persistent Data" section previously. If joining fails, the status of the last join attempt

can be read in the AI command register.

If any of the above command values change, when command register changes are applied (AC or CN commands),

the router will leave its current network and attempt to discover and join a new valid network. When a ZB router

has successfully joined a network, it:

•Allows other devices to join the network for a time

•Sets AI=0

•Starts blinking the Associate LED

•Sends an API modem status frame ("associated") out the UART (API firmware only).

These behaviors are configurable using the following commands:

Command Description

Sets the permit-join time on the router, or the time that it will allow new devices to

join the network, measured in seconds. If NJ=0xFF, permit joining will always be

enabled.

D5 Enables the Associate LED functionality.

LT Sets the Associate LED blink time when joined. Default is 2 blinks per second

(router).

Permit Joining

The permit joining attribute on the router is configurable with the NJ command. NJ can be configured to always

allow joining, or to allow joining for a short time.

Joining Always Enabled

If NJ=0xFF (default), joining is permanently enabled. This mode should be used carefully. Once a network has been

deployed, the application should strongly consider disabling joining to prevent unwanted joins from occurring.

Joining Temporarily Enabled

If NJ < 0xFF, joining will be enabled only for a number of seconds, based on the NJ parameter. The timer is started

once the XBee joins a network. Joining will not be re-enabled if the module is power cycled or reset. The following

mechanisms can restart the permit-joining timer:

•Changing NJ to a different value (and applying changes with the AC or CN commands)

•Pressing the commissioning button twice (enables joining for 1 minute)

•Issuing the CB command with a parameter of 2 (software emulation of a 2 button press - enables joining

for 1 minute)

•Causing the router to leave and rejoin the network.

Router Network Connectivity

Once a router joins a ZigBee network, it remains connected to the network on the same channel and PAN ID as

long as it is not forced to leave. (See Leaving a Network section for details.) If the scan channels (SC), PAN ID (ID)

and security settings (EE, KY) do not change after a power cycle; the router will remain connected to the network

after a power cycle.

If a router may physically move out of range of the network it initially joined, the application should include

provisions to detect if the router can still communicate with the original network. If communication with the

XBee®/XBee‐PRO® SMT ZB RF Modules

original network is lost, the application may choose to force the router to leave the network (see Leaving a

Network section for details). The XBee firmware includes two provisions to automatically detect the presence of a

network, and leave if the check fails.

Power-On Join Verification

The JV command (join verification) enables the power-on join verification check. If enabled, the XBee will attempt

to discover the 64-bit address of the coordinator when it first joins a network. Once it has joined, it will also

attempt to discover the 64-bit address of the coordinator after a power cycle event. If 3 discovery attempts fail,

the router will leave the network and try to join a new network. Power-on join verification is disabled by default

(JV defaults to 0).

Network Watchdog

The NW command (network watchdog timeout) can be used for a powered router to periodically check for the

presence of a coordinator to verify network connectivity. The NW command specifies a timeout in minutes where

the router must receive communication from the coordinator or data collector. The following events restart the

network watchdog timer:

•RF data received from the coordinator

•RF data sent to the coordinator and an acknowledgment was received

•Many-to-one route request was received (from any device)

•Changing the value of NW.

If the watchdog timer expires (no valid data received for NW time), the router will attempt to discover the 64-bit

address of the coordinator. If the address cannot be discovered, the router records one watchdog timeout. Once

three consecutive network watchdog timeouts have expired (3 * NW) and the coordinator has not responded to

the address discovery attempts, the router will leave the network and attempt to join a new network. Anytime a

router receives valid data from the coordinator or data collector, it will clear the watchdog timeouts counter and

restart the watchdog timer. The watchdog timer (NW command) is settable to several days. The network watchdog

feature is disabled by default (NW defaults to 0).

XBee®/XBee‐PRO® SMT ZB RF Modules

Leaving a Network

There are a couple of mechanisms that will cause the router to leave its current PAN and attempt to discover and

join a new network based on its network joining parameter values.

These include the following:

•Change the ID command such that the current 64-bit PAN ID is invalid.

•Change the SC command such that the current channel (CH) is not included in the channel mask.

•Change the ZS or any of the security command values.

•Issue the NR0 command to cause the router to leave.

•Issue the NR1 command to send a broadcast transmission, causing all devices in the network to leave

and migrate to a different channel.

•Press the commissioning button 4 times or issue the CB command with a parameter of 4.

Note that changes to ID, SC, ZS, and security command values only take effect when changes are applied (AC or CN

commands).

XBee®/XBee‐PRO® SMT ZB RF Modules

Resetting the Router

When the router is reset or power cycled, it checks its PAN ID, operating channel and stack profile against the

network configuration settings (ID, SC, and ZS). It also verifies the saved security policy is valid based on the

security configuration commands (EE, KY). If the router's PAN ID, operating channel, stack profile, or security policy

is invalid, the router will leave the network and attempt to join a new network based on its network joining

command values.

To prevent the router from leaving an existing network, the WR command should be issued after all network

joining commands have been configured in order to retain these settings through power cycle or reset events.

Example: Joining a Network

After starting a coordinator (that is allowing joins), the following steps will cause a router to join the network:

1. Set ID to the desired 64-bit PAN ID, or to 0 to join any PAN.

2. Set SC to the list of channels to scan to find a valid network.

3. If SC or ID is changed from the default, apply changes (make SC and ID changes take effect) by issuing

the AC or CN command.

4. The Associate LED will start blinking once the router has joined a PAN.

5. If the Associate LED is not blinking, the AI command can be read to determine the cause of join failure.

6. Once the router has joined, the OP and CH commands will indicate the operating 64-bit PAN ID and

channel the router joined.

7. The MY command will reflect the 16-bit address the router received when it joined.

8. The API Modem Status frame ("Associated") is sent out the UART (API firmware only).

9. The joined router will allow other devices to join for a time based on its NJ setting.

End Device Operation

Similar to routers, end devices must also discover and join a valid ZigBee network before they can participate in a

network. After an end device has joined a network, it can communicate with other devices on the network. Since

end devices are intended to be battery powered and therefore support low power (sleep) modes, end devices

cannot allow other devices to join, nor can they route data packets.

Discovering ZigBee Networks

End devices go through the same process as routers to discover networks by issuing a PAN scan. After sending the

broadcast beacon request transmission, the end device listens for a short time in order to receive beacons sent by

nearby routers and coordinators on the same channel. The end device evaluates each beacon received on the

channel to determine if a valid PAN is found. An end device considers a PAN to be valid if the PAN:

•Has a valid 64-bit PAN ID (PAN ID matches ID if ID > 0)

•Has the correct stack profile (ZS command)

•Is allowing joining

•Has capacity for additional end devices (see End Device Capacity section below).

If a valid PAN is not found, the end device performs the PAN scan on the next channel in its scan channels list and

continues this process until a valid network is found, or until all channels have been scanned. If all channels have

been scanned and a valid PAN was not discovered, the end device may enter a low power sleep state and scan

again later.

If scanning all SC channels fails to discover a valid PAN, XBee ZB modules will attempt to enter a low power state

and will retry scanning all SC channels after the module wakes from sleeping. If the module cannot enter a low

power state, it will retry scanning all channels, similar to the router. To meet ZigBee Alliance requirements, the end

device will attempt up to 9 scans per minute for the first 5 minutes, and 3 scans per minute thereafter.

Note: The XBee ZB end device will not enter sleep until it has completed scanning all SC channels for a valid

network.

XBee®/XBee‐PRO® SMT ZB RF Modules

Joining a Network

Once the end device discovers a valid network, it joins the network, similar to a router, by sending an association

request (to the device that sent a valid beacon) to request a join on the ZigBee network. The device allowing the

join then sends an association response frame that either allows or denies the join. When an end device joins a

network, it receives a 16-bit address from the device that allowed the join. The 16- bit address is randomly

selected by the device that allowed the join.

Parent Child Relationship

Since an end device may enter low power sleep modes and not be immediately responsive, the end device relies

on the device that allowed the join to receive and buffer incoming messages in its behalf until it is able to wake

and receive those messages. The device that allowed an end device to join becomes the parent of the end device,

and the end device becomes a child of the device that allowed the join.

End Device Capacity

Routers and coordinators maintain a table of all child devices that have joined called the child table. This table is a

finite size and determines how many end devices can join. If a router or coordinator has at least one unused entry

in its child table, the device is said to have end device capacity. In other words, it can allow one or more additional

end devices to join. ZigBee networks should have sufficient routers to ensure adequate end device capacity.

In the XBee ZB firmware, a coordinator can support 20 end devices, and a router can support 24 end devices.

In ZB firmware, the NC command (number of remaining end device children) can be used to determine how many

additional end devices can join a router or coordinator. If NC returns 0, then the router or coordinator device has

no more end device capacity. (Its child table is full.)

Also of note, since routers cannot sleep, there is no equivalent need for routers or coordinators to track joined

routers. Therefore, there is no limit to the number of routers that can join a given router or coordinator device.

(There is no "router capacity" metric.)

Authentication

In a network where security is enabled, the end device must then go through an authentication process. See

chapter 5 for a discussion on security and authentication.

Persistent Data

The end device can retain its PAN ID, operating channel, and security policy information through a power cycle.

However, since end devices rely heavily on a parent, the end device does an orphan scan to try and contact its

parent. If the end device does not receive an orphan scan response (called a coordinator realignment command), it

will leave the network and try to discover and join a new network. When the end device leaves a network, the

previous PAN ID and operating channel settings are lost.

Orphan Scans

When an end device comes up from a power cycle, it performs an orphan scan to verify it still has a valid parent.

The orphan scan is sent as a broadcast transmission and contains the 64-bit address of the end device. Nearby

routers and coordinator devices that receive the broadcast check their child tables for an entry that contains the

end device's 64-bit address. If an entry is found with a matching 64-bit address, the device sends a coordinator

realignment command to the end device that includes the end device's 16-bit address, 16-bit PAN ID, operating

channel, and the parent's 64-bit and 16-bit addresses.

If the orphaned end device receives a coordinator realignment command, it is considered joined to the network.

Otherwise, it will attempt to discover and join a valid network.

XBee: ZB End Device Joining

XBee®/XBee‐PRO® SMT ZB RF Modules

When an end device is powered on, if it is not joined to a valid ZigBee network, or if the orphan scan fails to find a

parent, it immediately attempts to find and join a valid ZigBee network.

Note: The DJ command can be set to 1 to disable joining. The DJ parameter cannot be written with WR, so a power

cycle always clears the DJ setting.

Similar to a router, the following commands control the end device joining process.

Network joining commands used by an end device to join a network.

Command Description

ID Sets the 64-bit PAN ID to join. Setting ID=0 allows the router to join any 64-bit PAN

ID.

Set the scan channels bitmask that determines which channels a router will scan to

find a valid network. SC on the end device should be set to match SC on the

coordinator and router. For example, setting SC to 0x281 enables scanning on

channels 0x0b, 0x12, and 0x14, in that order.

SD Set the scan duration, or time that the end device will listen for beacons on each

channel.

ZS Sets the stack profile on the device.

EE Enable or disable security in the network. This must be set to match the EE value

(security policy) of the coordinator.

KY Set the trust center link key. If set to 0 (default), the link key is expected to be

obtained (unencrypted) during joining.

Once the end device joins a network, the network configuration settings can persist through power cycles as

mentioned in the "Persistent Data" section previously. If joining fails, the status of the last join attempt can be read

in the AI command register.

If any of these command values changes, when command register changes are applied, the end device will leave

its current network and attempt to discover and join a new valid network.

When a ZB end device has successfully started a network, it

•Sets AI=0

•Starts blinking the Associate LED

•Sends an API modem status frame ("associated") out the UART (API firmware only)

•Attempts to enter low power modes.

These behaviors are configurable using the following commands:

Command Description

D5 Enables the Associate LED functionality.

LT Sets the Associate LED blink time when joined. Default is 2 blinks per second

(router).

SM, SP, ST,

SN, SO

Parameters that configure the sleep mode characteristics. (See Managing End

Devices chapter for details.)

Parent Connectivity

XBee®/XBee‐PRO® SMT ZB RF Modules

The XBee ZB end device sends regular poll transmissions to its parent when it is awake. These poll transmissions

query the parent for any new received data packets. The parent always sends a MAC layer acknowledgment back

to the end device. The acknowledgment indicates whether the parent has data for the end device or not.

If the end device does not receive an acknowledgment for 3 consecutive poll requests, it considers itself

disconnected from its parent and will attempt to discover and join a valid ZigBee network. (See "Managing End

Devices" chapter for details.)

Resetting the End Device

When the end device is reset or power cycled, if the orphan scan successfully locates a parent, the end device then

checks its PAN ID, operating channel and stack profile against the network configuration settings (ID, SC, and ZS). It

also verifies the saved security policy is valid based on the security configuration commands (EE, KY). If the end

device's PAN ID, operating channel, stack profile, or security policy is invalid, the end device will leave the network

and attempt to join a new network based on its network joining command values.

To prevent the end device from leaving an existing network, the WR command should be issued after all network

joining commands have been configured in order to retain these settings through power cycle or reset events.

Leaving a Network

There are a couple of mechanisms that will cause the end device to leave its current PAN and attempt to discover

and join a new network based on its network joining parameter values. These include the following:

•The ID command changes such that the current 64-bit PAN ID is invalid.

•The SC command changes such that the current operating channel (CH) is not included in the channel

mask.

•The ZS or any of the security command values change.

•The NR0 command is issued to cause the end device to leave.

•The NR1 command is issued to send a broadcast transmission, causing all devices in the network to leave

and migrate to a different channel.

•The commissioning button is pressed 4 times or the CB command is issued with a parameter of 4.

•The end device's parent is powered down or the end device is moved out of range of the parent such

that the end device fails to receive poll acknowledgment messages.

Note that changes to command values only take effect when changes are applied (AC or CN commands).

Example: Joining a Network

After starting a coordinator (that is allowing joins), the following steps will cause an XBee end device to join the

network:

1. Set ID to the desired 64-bit PAN ID, or to 0 to join any PAN.

2. Set SC to the list of channels to scan to find a valid network.

3. If SC or ID is changed from the default, apply changes (make SC and ID changes take effect) by issuing

the AC or CN command.

4. The Associate LED will start blinking once the end device has joined a PAN.

5. If the Associate LED is not blinking, the AI command can be read to determine the cause of join failure.

6. Once the end device has joined, the OP and CH commands will indicate the operating 64-bit PAN ID and

channel the end device joined.

7. The MY command will reflect the 16-bit address the router received when it joined.

8. The API Modem Status frame ("Associated") is sent out the UART (API firmware only).

9. The joined end device will attempt to enter low power sleep modes based on its sleep configuration

commands (SM, SP, SN, ST, SO).

XBee®/XBee‐PRO® SMT ZB RF Modules

Channel Scanning

As mentioned previously, routers and end devices must scan one or more channels to discover a valid network to

join. When a join attempt begins, the XBee sends a beacon request transmission on the lowest channel specified in

the SC (scan channels) command bitmask. If a valid PAN is found on the channel, the XBee will attempt to join the

PAN on that channel. Otherwise, if a valid PAN is not found on the channel, it will attempt scanning on the next

higher channel in the SC command bitmask.

The XBee will continue to scan each channel (from lowest to highest) in the SC bitmask until a valid PAN is found or

all channels have been scanned. Once all channels have been scanned, the next join attempt will start scanning on

the lowest channel specified in the SC command bitmask.

For example, if the SC command is set to 0x400F, the XBee would start scanning on channel 11 (0x0B) and scan

until a valid beacon is found, or until channels 11, 12, 13, 14, and 25 have been scanned (in that order). Once an

XBee router or end device joins a network on a given channel, if the XBee is told to leave (see "Leaving a Network"

section), it will leave the channel it joined on and continue scanning on the next higher channel in the SC bitmask.

For example, if the SC command is set to 0x400F, and the XBee joins a PAN on channel 12 (0x0C), if the XBee leaves

the channel, it will start scanning on channel 13, followed by channels 14 and 25 if a valid network is not found.

Once all channels have been scanned, the next join attempt will start scanning on the lowest channel specified in

the SC command bitmask.

Managing Multiple ZigBee Networks

In some applications, multiple ZigBee networks may exist in proximity of each other. The application may need

provisions to ensure the XBee joins the desired network. There are a number of features in ZigBee to manage

joining among multiple networks. These include the following:

•PAN ID Filtering

•Preconfigured Security Keys

•Permit Joining

•Application Messaging

Pan ID Filtering

The XBee can be configured with a fixed PAN ID by setting the ID command to a non-zero value. If the PAN ID is set

to a non-zero value, the XBee will only join a network with the same PAN ID.

Preconfigured Security Keys

Similar to PAN ID filtering, this method requires a known security key be installed on a router to ensure it will join a

ZigBee network with the same security key. If the security key (KY command) is set to a non-zero value, and if

security is enabled (EE command), an XBee router or end device will only join a network with the same security

key.

Permit Joining

The Permit Joining parameter can be disabled in a network to prevent unwanted devices from joining. When a new

device must be added to a network, permit-joining can be enabled for a short time on the desired network. In the

XBee firmware, joining is disabled by setting the NJ command to a value less than 0xFF on all routers and

coordinator devices. Joining can be enabled for a short time using the commissioning push-button (see Network

Commissioning chapter for details) or the CB command.

Application Messaging

If the above mechanisms are not feasible, the application could build in a messaging framework between the

coordinator and devices that join its network. For example, the application code in joining devices could send a

transmission to the coordinator after joining a network, and wait to receive a defined reply message. If the

XBee®/XBee‐PRO® SMT ZB RF Modules

application does not receive the expected response message after joining, the application could force the XBee to

leave and continue scanning (see NR parameter).

XBee®/XBee‐PRO® SMT ZB RF Modules

4. Transmission, Addressing, and Routing

Addressing

All ZigBee devices have two different addresses, a 64-bit and a 16-bit address. The characteristics of each are

described below.

64-bit device Address

The 64-bit address is a unique device address assigned during manufacturing. This address is unique to each

physical device. The 64-bit address includes a 3-byte Organizationally Unique Identifier (OUI) assigned by the IEEE.

The 64-bit address is also called the extended address.

16-bit Device Address

A device receives a 16-bit address when it joins a ZigBee network. For this reason, the 16-bit address is also called

the "network address". The 16-bit address of 0x0000 is reserved for the coordinator. All other devices receive a

randomly generated address from the router or coordinator device that allows the join. The 16-bit address can

change under certain conditions:

•An address conflict is detected where two devices are found to have the same 16-bit address

•A device leaves the network and later joins (it can receive a different address)

All ZigBee transmissions are sent using the source and destination 16-bit addresses. The routing tables on ZigBee

devices also use 16-bit addresses to determine how to route data packets through the network. However, since

the 16-bit address is not static, it is not a reliable way to identify a device.

To solve this problem, the 64-bit destination address is often included in data transmissions to guarantee data is

delivered to the correct destination. The ZigBee stack can discover the 16-bit address, if unknown, before

transmitting data to a remote.

Application Layer Addressing

ZigBee devices can support multiple application profiles, cluster IDs, and endpoints. (See "ZigBee Application

Layers - In Depth" in chapter 3.) Application layer addressing allows data transmissions to be addressed to specific

profile IDs, cluster IDs, and endpoints. Application layer addressing is useful if an application must •Interoperate

with other ZigBee devices outside of the Digi application profile

•Utilize service and network management capabilities of the ZDO

•Operate on a public application profile such as Home Controls or Smart Energy.

The API firmware provides a simple yet powerful interface that can easily send data to any profile ID, endpoint,

and cluster ID combination on any device in a ZigBee network.

Data Transmission

ZigBee data packets can be sent as either unicast or broadcast transmissions. Unicast transmissions route data

from one source device to one destination device, whereas broadcast transmissions are sent to many or all devices

in the network.

Broadcast Transmissions

Broadcast transmissions within the ZigBee protocol are intended to be propagated throughout the entire network

such that all nodes receive the transmission. To accomplish this, the coordinator and all routers that receive a

broadcast transmission will retransmit the packet three times.

Note: when a router or coordinator delivers a broadcast transmission to an end device child, the transmission is

only sent once (immediately after the end device wakes and polls the parent for any new data). See Parent

Operation section in chapter 6 for details.

XBee®/XBee‐PRO® SMT ZB RF Modules

Each node that transmits the broadcast will also create an entry in a local broadcast transmission table. This entry

is used to keep track of each received broadcast packet to ensure the packets are not endlessly transmitted. Each

entry persists for 8 seconds. The broadcast transmission table holds 8 entries.

For each broadcast transmission, the ZigBee stack must reserve buffer space for a copy of the data packet. This

copy is used to retransmit the packet as needed. Large broadcast packets will require more buffer space. This

information on buffer space is provided for general knowledge; the user does not and cannot change any buffer

spacing. Buffer spacing is handled automatically by the XBee module.

Since broadcast transmissions are retransmitted by each device in the network, broadcast messages should be

used sparingly.

Unicast Transmissions

Unicast transmissions are sent from one source device to another destination device. The destination device could

be an immediate neighbor of the source, or it could be several hops away. Unicast transmissions that are sent

along a multiple hop path require some means of establishing a route to the destination device. See the "RF Packet

Routing" section in chapter 4 for details.

Address Resolution

As mentioned previously, each device in a ZigBee network has both a 16-bit (network) address and a 64-bit

(extended) address. The 64-bit address is unique and assigned to the device during manufacturing, and the 16-bit

address is obtained after joining a network. The 16-bit address can also change under certain conditions.

XBee®/XBee‐PRO® SMT ZB RF Modules

When sending a unicast transmission, the ZigBee network layer uses the 16-bit address of the destination and each

hop to route the data packet. If the 16-bit address of the destination is not known, the ZigBee stack includes a

discovery provision to automatically discover the destination device's 16-bit address before routing the data.

To discover a 16-bit address of a remote, the device initiating the discovery sends a broadcast address discovery

transmission. The address discovery broadcast includes the 64-bit address of the remote device whose 16-bit

address is being requested. All nodes that receive this transmission check the 64-bit address in the payload and

compare it to their own 64-bit address. If the addresses match, the device sends a response packet back to the

initiator. This response includes the remote's 16-bit address. When the discovery response is received, the initiator

will then transmit the data.

Address Table

Each ZigBee device maintains an address table that maps a 64-bit address to a 16-bit address. When a transmission

is addressed to a 64-bit address, the ZigBee stack searches the address table for an entry with a matching 64-bit

address, in hopes of determining the destination's 16-bit address. If a known 16-bit address is not found, the

ZigBee stack will perform address discovery to discover the device's current 16- bit address.

Sample Address Table

64-bit Address 16-bit Address

0013 A200 4000 0001 0x4414

0013 A200 400A 3568 0x1234

0013 A200 4004 1122 0xC200

0013 A200 4002 1123 0xFFFE (unknown)

The XBee modules can store up to 20 address table entries. For applications where a single device (e.g.

coordinator) may send unicast transmissions to more than 20 devices, the application should implement an

address table to store the 16-bit and 64-bit addresses for each remote device. Any XBee that will send data to

more than 20 remotes should also use API firmware. The application can then send both the 16-bit and 64-bit

addresses to the XBee in the API transmit frames which will significantly reduce the number of 16-bit address

discoveries and greatly improve data throughput.

If an application will support an address table, the size should ideally be larger than the maximum number of

destination addresses the device will communicate with. Each entry in the address table should contain a 64-bit

destination address and its last known 16-bit address.

When sending a transmission to a destination 64-bit address, the application should search the address table for a

matching 64-bit address. If a match is found, the 16-bit address should be populated into the 16-bit address field of

the API frame. If a match is not found, the 16-bit address should be set to 0xFFFE (unknown) in the API transmit

frame.

The API provides indication of a remote device's 16-bit address in the following frames:

• All receive data frames

Rx Data (0x90)

Rx Explicit Data (0x91)

IO Sample Data (0x92)

Node Identification Indicator (0x95)

Route Record Indicator (0xA1)

etc.

• Transmit status frame (0x8B)

The application should always update the 16-bit address in the address table when one of these frames is received

to ensure the table has the most recently known 16-bit address. If a transmission failure occurs, the application

should set the 16-bit address in the table to 0xFFFE (unknown).

XBee®/XBee‐PRO® SMT ZB RF Modules

Fragmentation

Each unicast transmission may support up to 84 bytes of RF payload. (Enabling security or using source routing can

reduce this number. See the NP command for details.) However, the XBee ZB firmware supports a ZigBee feature

called fragmentation that allows a single large data packet to be broken up into multiple RF transmissions and

reassembled by the receiver before sending data out its UART or SPI port. This is shown in the image below.

The API transmit frame can include up to 255 bytes of data, which will be broken up into multiple transmissions

and reassembled on the receiving side. If one or more of the fragmented messages are not received by the

receiving device, the receiver will drop the entire message, and the sender will indicate a transmission failure in

the Tx Status API frame.

Applications that do not wish to use fragmentation should avoid sending more than the maximum number of bytes

in a single RF transmission. See the "Maximum RF Payload Size" section for details.

Devices will not receive or reassemble fragmented RF packets if RTS flow control is enabled (D6 command).

DATA Transmission Examples

AT Firmware

To send a data packet in AT firmware, the DH and DL commands must be set to match the 64-bit address of the

destination device. DH must match the upper 4-bytes, and DL must match the lower 4 bytes. Since the coordinator

always receives a 16-bit address of 0x0000, a 64-bit address of 0x0000000000000000 is defined as the

coordinator's address (in ZB firmware). The default values of DH and DL are 0x00, which sends data to the

coordinator.

Example 1: Send a transmission to the coordinator

(In this example, a '\r' refers to a carriage return character.)

A router or end device can send data in two ways. First, set the destination address (DH and DL commands) to

0x00.

1. Enter command mode ('+++')

2. After receiving an OK\r, issue the following commands: a. ATDH0\r b. ATDL0\r c. ATCN\r

3. Verify that each of the 3 commands returned an OK\r response.

4. After setting these command values, all serial characters will be sent as a unicast transmission to the

coordinator.

Alternatively, if the coordinator's 64-bit address is known, DH and DL can be set to the coordinator's 64-bit

address. Suppose the coordinator's address is 0x0013A200404A2244.

1. Enter command mode ('+++')

2. After receiving an OK\r, issue the following commands: a. ATDH13A200\r b. ATDL404A2244\ c. ATCN\r

3. Verify that each of the 3 commands returned an OK\r response.

XBee®/XBee‐PRO® SMT ZB RF Modules

4. After setting these command values, all serial characters will be sent as a unicast transmission to the

coordinator.

API Firmware

Use the transmit request, or explicit transmit request frame (0x10 and 0x11 respectively) to send data to the

coordinator. The 64-bit address can either be set to 0x0000000000000000, or to the 64-bit address of the

coordinator. The 16-bit address should be set to 0xFFFE when using the 64-bit address of all 0x00s.

To send an ascii "1" to the coordinator's 0x00 address, the following API frame can be used:

7E 00 0F 10 01 0000 0000 0000 0000 FFFE 00 00 31 C0

If the explicit transmit frame is used, the cluster ID should be set to 0x0011, the profile ID to 0xC105, and the

source and destination endpoints to 0xE8 (recommended defaults for data transmissions in the Digi profile.) The

same transmission could be sent using the following explicit transmit frame:

7E 00 15 11 01 0000 0000 0000 0000 FFFE E8 E8 0011 C105 00 00 31 18

Notice the 16-bit address is set to 0xFFFE. This is required when sending to a 64-bit address of 0x00s.

Now suppose the coordinator's 64-bit address is 0x0013A200404A2244. The following transmit request API frame

(0x10) will send an ASCII "1" to the coordinator:

7E 00 0F 10 01 0013 A200 404A 2244 0000 0000 31 18

Example 2: Send a broadcast transmission

(In this example, a '\r' refers to a carriage return character.)

Perform the following steps to configure a broadcast transmission:

1. Enter command mode ('+++')

2. After receiving an OK\r, issue the following commands: a. ATDH0\r b. ATDLffff\r c. ATCN\r

3. Verify that each of the 3 commands returned an OK\r response

4. After setting these command values, all serial characters will be sent as a broadcast transmission.

API Firmware

This example will use the transmit request API frame (0x10) to send an ASCII "1" in a broadcast transmission.

To send an ascii "1" as a broadcast transmission, the following API frame can be used:

7E 00 0F 10 01 0000 0000 0000 FFFF FFFE 00 00 31 C2

Notice the destination 16-bit address is set to 0xFFFE for broadcast transmissions.

RF Packet Routing

Unicast transmissions may require some type of routing. ZigBee includes several different ways to route data, each

with its own advantages and disadvantages. These are summarized in the table below.

XBee®/XBee‐PRO® SMT ZB RF Modules

Routing Approach Description When to Use

Ad hoc On

demand

distance Vector

(AODV) Mesh Routing

Routing paths are created between

source and destination, possibly

traversing multiple nodes ("hops").

Each device knows who to send data to

eventually reaching the destination.

Use in networks that will not scale

beyond about 40 destination devices.

Many

One Routing

A single broadcast transmission

configured reverse routes on all devices

into the device that sends the broadcast

Useful when many remote devices must

send data to a single gateway or

collector device.

Source

Routing

Data packets include the entire route

the packet should traverse to get from

source to destination.

Improves routing

efficiency

in large

networks (over 40 remote devices)

Note – End devices do not make use of these routing protocols. Rather, an end device sends a unicast transmission

to its parent and allows the parent to route the data packet in its behalf.

Link Status Transmission

Before discussing the various routing protocols, it is worth understanding the primary mechanism in ZigBee for

establishing reliable bi-directional links. This mechanism is especially useful in networks that may have a mixture of

devices with varying output power and/or receiver sensitivity levels.

Each coordinator or router device periodically sends a link status message. This message is sent as a 1-hop

broadcast transmission, received only by one-hop neighbors. The link status message contains a list of neighboring

devices and incoming and outgoing link qualities for each neighbor. Using these messages, neighboring devices can

determine the quality of a bi-directional link with each neighbor and use that information to select a route that

works well in both directions.

For example, consider a network of two neighboring devices that send periodic link status messages. Suppose that

the output power of device A is +18dBm, and the output power of device B is +3dBm (considerably less than the

output power of device A). The link status messages might indicate the following:

XBee®/XBee‐PRO® SMT ZB RF Modules

This mechanism enables devices A and B to recognize that the link is not reliable in both directions and select a

different neighbor when establishing routes. (Such links are called asymmetric links, meaning the link quality is not

similar in both directions.)

When a router or coordinator device powers on, it sends link status messages every couple seconds to attempt to

discover link qualities with its neighbors quickly. After being powered on for some time, the link status messages

are sent at a much slower rate (about every 3-4 times per minute).

AODV Mesh Routing

ZigBee employs mesh routing to establish a route between the source device and the destination. Mesh routing

allows data packets to traverse multiple nodes (hops) in a network to route data from a source to a destination.

Routers and coordinators can participate in establishing routes between source and destination devices using a

process called route discovery. The Route discovery process is based on the AODV (Ad-hoc On-demand Distance

Vector routing) protocol.

AODV (Ad-hoc On-Demand Distance Vector) Routing Algorithm

Routing under the AODV protocol is accomplished using tables in each node that store the next hop (intermediary

node between source and destination nodes) for a destination node. If a next hop is not known, route discovery

must take place in order to find a path. Since only a limited number of routes can be stored on a Router, route

discovery will take place more often on a large network with communication between many different nodes.

Node Destination Address Next Hop Address

Router 6

Coordinator

Router 7

Router 5

Router 8

Router 6

XBee®/XBee‐PRO® SMT ZB RF Modules

When a source node must discover a route to a destination node, it sends a broadcast route request command.

The route request command contains the source network address, the destination network address and a path

cost field (a metric for measuring route quality). As the route request command is propagated through the

network (refer to the Broadcast Transmission), each node that re-broadcasts the message updates the path cost

field and creates a temporary entry in its route discovery table.

Sample Route Request (Broadcast) Transmission Where R3 is Trying to Discover a Route to R6

When the destination node receives a route request, it compares the ‘path cost’ field against previously received

route request commands. If the path cost stored in the route request is better than any previously received, the

destination node will transmit a route reply packet to the node that originated the route request. Intermediate

nodes receive and forward the route reply packet to the source node (the node that originated route request).

Sample Route Reply (Unicast) Where R6 Sends a Route Reply to R3.

Note: R6 could send multiple replies if it identifies a better route.

Retries and Acknowledgments

ZigBee includes acknowledgment packets at both the Mac and Application Support (APS) layers. When data is

transmitted to a remote device, it may traverse multiple hops to reach the destination. As data is transmitted from

one node to its neighbor, an acknowledgment packet (Ack) is transmitted in the opposite direction to indicate that

the transmission was successfully received. If the Ack is not received, the transmitting device will retransmit the

data, up to 4 times. This Ack is called the Mac layer acknowledgment.

In addition, the device that originated the transmission expects to receive an acknowledgment packet (Ack) from

the destination device. This Ack will traverse the same path that the data traversed, but in the opposite direction.

XBee®/XBee‐PRO® SMT ZB RF Modules

If the originator fails to receive this Ack, it will retransmit the data, up to 2 times until an Ack is received. This Ack is

called the ZigBee APS layer acknowledgment.

Refer to the ZigBee specification for more details.

Many-to-One Routing

In networks where many devices must send data to a central collector or gateway device, AODV mesh routing

requires significant overhead. If every device in the network had to discover a route before it could send data to

the data collector, the network could easily become inundated with broadcast route discovery messages.

Many-to-one routing is an optimization for these kinds of networks. Rather than require each device to do its own

route discovery, a single many-to-one broadcast transmission is sent from the data collector to establish reverse

routes on all devices. This is shown in the figure below. The left side shows the many broadcasts the devices can

send when they create their own routes and the route replies generated by the data collector. The right side shows

the benefits of many-to-one routing where a single broadcast creates reverse routes to the data collector on all

routers.

The many-to-one broadcast is a route request message with the target discovery address set to the address of the

data collector. Devices that receive this route request create a reverse many-to-one routing table entry to create a

path back to the data collector. The ZigBee stack on a device uses historical link quality information about each

neighbor to select a reliable neighbor for the reverse route.

When a device sends data to a data collector, and it finds a many-to-one route in its routing table, it will transmit

the data without performing a route discovery. The many-to-one route request should be sent periodically to

update and refresh the reverse routes in the network.

Applications that require multiple data collectors can also use many-to-one routing. If more than one data

collector device sends a many-to-one broadcast, devices will create one reverse routing table entry for each

collector.

XBee®/XBee‐PRO® SMT ZB RF Modules

In ZB firmware, the AR command is used to enable many-to-one broadcasting on a device. The AR command sets a

time interval (measured in 10 second units) for sending the many to one broadcast transmission. (See the

command table for details.)

Source Routing

In applications where a device must transmit data to many remotes, AODV routing would require performing one

route discovery for each destination device to establish a route. If there are more destination devices than there

are routing table entries, established AODV routes would be overwritten with new routes, causing route

discoveries to occur more regularly. This could result in larger packet delays and poor network performance.

ZigBee source routing helps solve these problems. In contrast to many-to-one routing that establishes routing

paths from many devices to one data collector, source routing allows the collector to store and specify routes for

many remotes.

To use source routing, a device must use the API firmware, and it must send periodic many-to-one route request

broadcasts (AR command) to create a many-to-one route to it on all devices. When remote devices send RF data

using a many-to-one route, they first send a route record transmission. The route record transmission is unicast

along the many-to-one route until it reaches the data collector. As the route record traverses the many-to-one

route, it appends the 16-bit address of each device in the route into the RF payload. When the route record

reaches the data collector, it contains the address of the sender, and the 16-bit address of each hop in the route.

The data collector can store the routing information and retrieve it later to send a source routed packet to the

remote. This is shown in the images below.

XBee®/XBee‐PRO® SMT ZB RF Modules

Acquiring Source Routes

Acquiring source routes requires the remote devices to send a unicast to a data collector (device that sends many-to-one route

request broadcasts). There are several ways to force remotes to send route record transmissions.

1. If the application on remote devices periodically sends data to the data collector, each transmission will force a route

record to occur.

2. The data collector can issue a network discovery command (ND command) to force all XBee devices to send a network

discovery response. Each network discovery response will be prefaced by a route record.

3. Periodic IO sampling can be enabled on remotes to force them to send data at a regular rate. Each IO sample would be

prefaced by a route record. (See chapter 8 for details.)

4. If the NI string of the remote device is known, the DN command can be issued with the NI string of the remote in the

payload. The remote device with a matching NI string would send a route record and a DN response.

Storing Source Routes

When a data collector receives a route record, it sends it out the UART as a Route Record Indicator API frame

(0xA1). To use source routing, the application should receive these frames and store the source route information.

Sending a Source Routed Transmission

To send a source routed transmission, the application should send a Create Source Route API frame (0x21) to the

XBee to create a source route in its internal source route table. After sending the Create Source Route API frame,

the application can send data transmission or remote command request frames as needed to the same

destination, or any destination in the source route. Once data must be sent to a new destination (a destination not

XBee®/XBee‐PRO® SMT ZB RF Modules

included in the last source route), the application should first send a new Create Source Route API frame. The XBee

can buffer one source route that includes up to 10 hops (excluding source and destination).

For example, suppose a network exists with a coordinator and 5 routers (R1, R2, R3, R4, and R5) with known

source routes as shown below.

To send a source-routed packet to R3, the application must send a Create Source Route API frame (0x21) to the

XBee, with a destination of R3, and 2 hops (R1 and R2). If the 64- bit address of R3 is 0x0013A200 404a1234 and

the 16-bit addresses of R1, R2, and R3 are:

Device 16-bit Address

0XAABB

0xCCDD

0xEEFF

Then the Create Source Route API frame would be:

7E 0012 21 00 0013A200 404A1234 EEFF 00 02 CCDD AABB 5C

Where:

0x0012 - length

0x21 - API ID (create source route)

0x00 - frame ID (set to 0 always)

0x0013A200 404A1234 - 64-bit address of R3 (destination)

0xEEFF - 16-bit address of R3 (destination)

0x00 - Route options (set to 0)

0x02 - Number of intermediate devices in the source route

0xCCDD - Address of furthest device (1-hop from target)

0xAABB - Address of next-closer device

0x5C - Checksum (0xFF - SUM (all bytes after length))

Repairing Source Routes

It is possible in a network to have an existing source route fail (i.e. a device in the route moves or goes down, etc.).

If a device goes down in a source routed network, all routes that used the device will be broken.

As mentioned previously, source routing must be used with many-to-one routing. (A device that uses source

routing must also send a periodic many-to-one broadcast in order to keep routes fresh). If a source route is broken,

remote devices must send in new route record transmissions to the data collector to provide it with a new source

route. This requires that remote devices periodically send data transmissions into the data collector. See the

earlier "Acquiring Source Routes" section for details.

Retries and Acknowledgments