XBee3® Zigbee® RF Module User Guide

XBee3® Zigbee®
RF Module
User Guide
Revision history—90001539
Revision
Date
Description
A
October 2017
Initial release.
B
January 2018
Added the XBee3 through-hole form factor information.
C
March 2018
Added the Get started with MicroPython section.
Trademarks and copyright
Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United
States and other countries worldwide. All other trademarks mentioned in this document are the
property of their respective owners.
© 2017 Digi International Inc. All rights reserved.
Disclaimers
Information in this document is subject to change without notice and does not represent a
commitment on the part of Digi International. Digi provides this document “as is,” without warranty of
any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or
merchantability for a particular purpose. Digi may make improvements and/or changes in this manual
or in the product(s) and/or the program(s) described in this manual at any time.
Warranty
To view product warranty information, go to the following website:
www.digi.com/howtobuy/terms
Send comments
Documentation feedback: To provide feedback on this document, send your comments to
techcomm@digi.com.
Customer support
Digi Technical Support: Digi offers multiple technical support plans and service packages to help our
customers get the most out of their Digi product. For information on Technical Support plans and
pricing, contact us at +1 952.912.3444 or visit us at www.digi.com/support.
XBee3® Zigbee® RF Module User Guide
2
Contents
XBee3® Zigbee® RF Module User Guide
Applicable firmware and hardware
13
Module support
Configure the device using XCTU
Customize XBee Zigbee firmware
XBee bootloader
Send a firmware image
Software libraries
15
15
15
15
16
Update the firmware over-the-air
Add the device to XCTU
Update to the latest firmware
18
18
Get started with MicroPython
About MicroPython
MicroPython on the XBee3 Zigbee RF Module
Use XCTU to enter the MicroPython environment
Use the MicroPython Terminal in XCTU
MicroPython examples
Example: hello world
Example: enter MicroPython paste mode
Example: using the time module
Example: AT commands using MicroPython
MicroPython networking and communication examples
Zigbee networks with MicroPython
Example: forming and joining a Zigbee network using MicroPython
Example: network Discovery using MicroPython
Examples: transmitting data
Receiving data
Example: communication between two XBee3 Zigbee modules
Exit MicroPython mode
Other terminal programs
Tera Term for Windows
Use picocom in Linux
XBee3® Zigbee® RF Module User Guide
20
20
20
21
21
21
21
22
22
23
23
24
25
26
27
29
31
31
31
33
3
Operation
Serial interface
UART data flow
Serial data
Serial buffers
Serial receive buffer
Serial transmit buffer
UART flow control
CTS flow control
RTS flow control
Break control
36
36
36
37
37
37
38
38
38
38
Modes
Transparent operating mode
Serial-to-RF packetization
API operating mode
Compare Transparent and API operation
Command mode
Enter Command mode
Send AT commands
Apply command changes
Exit Command mode
Idle mode
Transmit mode
Receive mode
Sleep mode
40
40
40
40
41
41
42
43
43
43
43
44
44
Zigbee networks
About the Zigbee specification
Zigbee stack layers
Zigbee networking concepts
Device types
PAN ID
Operating channels
Zigbee application layers: in depth
Application Support Sublayer (APS)
Application profiles
Zigbee coordinator operation
Form a network
Security policy
Channel selection
PAN ID selection
Persistent data
Coordinator startup
Permit joining
Reset the coordinator
Leave a network
Replace a coordinator (security disabled only)
Example: start a coordinator
Example: replace a coordinator (security disabled)
Router operation
XBee3® Zigbee® RF Module User Guide
46
46
47
47
49
50
50
50
50
52
52
52
52
52
52
53
54
54
55
55
56
56
57
4
Discover Zigbee networks
Join a network
Persistent data
Zigbee router joining
Router network connectivity
End device operation
Discover Zigbee networks
Join a network
End device capacity
Persistent data
Orphan scans
End device joining
Parent connectivity
Reset the end device
Zigbee channel scanning
Manage multiple Zigbee networks
Filter PAN ID
Configure security keys
Prevent unwanted devices from joining
Application messaging framework
57
57
57
58
59
61
61
62
62
62
63
63
64
64
64
65
65
65
65
66
Transmission, addressing, and routing
Addressing
64-bit device addresses
16-bit device addresses
Application layer addressing
Data transmission
Broadcast transmissions
Unicast transmissions
Address resolution
Address table
Group table
Binding transmissions
Address resolution
Binding table
Multicast transmissions
Address resolution
Fragmentation
Data transmission examples
Transparent mode
API mode
API frame
RF packet routing
Link status transmission
AODV mesh routing
Many-to-One routing
High/Low RAM Concentrator mode
Source routing
Encrypted transmissions
Maximum RF payload size
Throughput
ZDO transmissions
Send a ZDO command
Receiving ZDO command and responses
XBee3® Zigbee® RF Module User Guide
68
68
68
68
68
68
69
69
70
71
71
71
71
72
72
72
72
72
73
74
74
75
76
79
79
79
84
84
86
86
87
87
5
Transmission timeouts
Unicast timeout
Extended timeout
Transmission examples
89
89
90
90
Zigbee security
Security overview
Network key
Link key
Preconfigured link key - moderate security
Well-known default link key - low security
Install code derived link key - high security
Join window
Key management
Centralized security
Distributed security
Device registration
Centralized trust center
Distributed trust center
Example: Forming a secure network
Example: Joining a secure network using a preconfigured link key
Example: Registering a joining node without a preconfigured link key
Example: Registration of a joining node using an install code
Example: Deregistering a previously registered device
Registration scenario
94
94
94
94
95
95
95
96
96
96
96
97
97
97
98
99
100
100
101
Network commissioning and diagnostics
Place devices
Test links in a network - loopback cluster
RSSI indicators
Device discovery
Network discovery
ZDO discovery
Joining Announce
Commissioning pushbutton and associate LED
XBee3 SMT
XBee3 Micro
XBee3 Through-hole
Commissioning pushbutton
Associate LED
Binding
End_Device_Bind_req
Example of a End_Device_Bind_req
Group Table API
Add Group command
View group
Get Group Membership
Remove Group
Remove All Groups
Default responses
Common status codes
XBee3® Zigbee® RF Module User Guide
103
103
103
104
104
104
104
104
105
105
106
106
107
108
108
110
111
111
112
113
116
117
118
118
6
Manage End Devices
End device operation
Parent operation
End Device poll timeouts
Packet buffer usage
Non-Parent device operation
End Device configuration
Pin sleep
Cyclic sleep
Recommended sleep current measurements
Achieve the lowest sleep current
Compensate for switching time
Internal pin pull-ups
Transmit RF data
Receiving RF data
I/O sampling
Wake end devices with the Commissioning Pushbutton
Parent verification
Rejoining
Router/Coordinator configuration
RF packet buffering timeout
Child poll timeout
Transmission timeout
Short sleep periods
Extended sleep periods
Sleep examples
Example 1: Configure a device to sleep for 20 seconds, but set SN such that the On/sleep
line will remain de-asserted for up to 1 minute.
Example 2: Configure an end device to sleep for 20 seconds, send 4 I/O samples in 2
seconds, and return to sleep.
Example 3: configure a device for extended sleep: to sleep for 4 minutes.
121
121
122
122
123
123
124
126
130
130
130
131
131
131
132
132
132
132
133
133
133
134
134
134
134
135
135
135
Analog and digital I/O lines
I/O configuration
I/O sampling
I/O examples
Example 1: Configure the following I/O settings on the XBee
Example 2: Calculate the PWM counts for a packet received with an RSSI of -84 dBm
Example 3: Configure the RSSI/PWM pin to operate for 2 seconds after each received RF
packet
Queried sampling
Periodic I/O sampling
Change detection sampling
RSSI PWM
138
138
140
140
140
140
141
141
141
142
AT commands
Network commands
CE (Device Role)
ID (Extended PAN ID)
II (Initial 16-bit PAN ID)
XBee3® Zigbee® RF Module User Guide
144
144
144
144
7
ZS (Zigbee Stack Profile)
CR (Conflict Report)
NJ (Node Join Time)
DJ (Disable Joining)
NW (Network Watchdog Timeout)
JV (Coordinator Join Verification)
JN (Join Notification)
DO (Miscellaneous Device Options)
DC (Joining Device Controls)
CB (Commissioning Pushbutton)
NR (Network Reset)
Operational Network Parameters commands
AI (Association Indication)
OP (Operating Extended PAN ID)
OI (Operating 16-bit PAN ID)
CH (Operating Channel)
NC (Number of Remaining Children)
Security commands
EE (Encryption Enable)
EO (Encryption Options)
KY (Link Key)
NK (Trust Center Network Key)
KT (Trust Center Link Key Registration Timeout)
I? (Install Code)
Addressing commands
SH (Serial Number High)
SL (Serial Number Low)
MY (16-bit Network Address)
MP (16-bit Parent Network Address)
DH (Destination Address High)
DL command
NI (Node Identifier)
NH (Maximum Unicast Hops)
BH (Broadcast Hops)
AR (Aggregate Routing Notification)
DD (Device Type Identifier)
ND (Network Discovery)
DN (Discover Node)
NT (Node Discover Timeout)
NO (Network Discovery Options)
NP (Maximum Packet Payload Bytes)
Zigbee addressing commands
TO (Transmit Options)
SE (Source Endpoint)
DE (Destination Endpoint)
CI (Cluster ID)
RF interfacing commands
PL (TX Power Level)
PP (Power at PL4)
SC (Scan Channels)
SD (Scan Duration)
AS (Active Scan)
ED (Energy Detect)
DB command
Serial interfacing commands
XBee3® Zigbee® RF Module User Guide
145
145
145
146
146
147
147
147
148
149
149
149
149
150
150
151
151
151
151
152
152
152
153
153
153
153
154
154
154
154
155
155
155
156
156
156
157
157
158
158
158
159
159
159
160
160
160
160
161
161
162
162
163
163
163
8
BD (UART Baud Rate)
NB (Parity)
SB (Stop Bits)
AP (API Enable)
AO (API Options)
RO (Packetization Timeout)
D6 (DIO6/RTS)
D7 (DIO7/CTS)
P3 (DIO13/DOUT Configuration)
P4 (DIO14/DIN Configuration)
Command mode options
CN (Exit Command mode)
CT (Command Mode Timeout)
GT (Guard Times)
CC (Command Character)
MicroPython commands
PS (Python Startup)
PY (MicroPython Command)
Sleep commands
SM (Sleep Mode)
SP (Cyclic Sleep Period)
ST (Cyclic Sleep Wake Time)
SN (Number of Cycles Between ON_SLEEP)
SO (Sleep Options)
WH (Wake Host Delay)
PO command
SI command
I/O settings commands
D0 (DIO0/AD0/Commissioning Button Configuration)
D1 (AD1/DIO1 Configuration)
D2 (DIO2/AD2 Configuration)
D3 (DIO3/AD3 Configuration)
D4 (DIO4 Configuration)
D5 (DIO5/Associate Configuration)
D8 (DIO8/DTR/SLP_RQ)
D9 (DIO9/ON_SLEEP)
P0 (DIO10/RSSI Configuration)
P1 (DIO11 Configuration)
P2 (DIO12 Configuration)
P5 (DIO15 Configuration)
P6 (DIO16 Configuration)
P7 (DIO17 Configuration )
P8 (DIO18 Configuration)
P9 (DIO19 Configuration)
PR (Pull-up/Down Resistor Enable)
PD (Pull Up/Down Direction)
LT (Associate LED Blink Time)
RP (RSSI PWM Timer)
I/O sampling commands
IR (I/O Sample Rate)
IC (Digital Change Detection)
IS (Force Sample)
V+ (Supply Voltage Threshold)
Diagnostic commands
VR (Firmware Version)
XBee3® Zigbee® RF Module User Guide
164
164
165
165
165
166
166
167
167
167
168
168
168
168
169
169
169
169
170
170
171
171
171
172
172
172
173
173
173
173
174
174
175
175
176
176
176
177
177
178
178
178
179
179
180
181
181
181
182
182
182
183
183
183
183
9
VL (Version Long)
VH (Bootloader Version)
HV (Hardware Version)
%V (Voltage Supply Monitoring)
TP (Temperature)
CK (Configuration Checksum)
FR (Software Reset)
Memory access commands
AC (Apply Changes)
WR (Write)
RE (Restore Defaults)
184
184
184
184
184
185
185
185
185
186
186
API Operation
API frame format
API operation (AP parameter = 1)
API operation with escaped characters (AP parameter = 2)
API serial exchanges
AT commands
Transmit and Receive RF data
Remote AT commands
Source routing
Device Registration
Frame descriptions
AT Command Frame - 0x08
AT Command - Queue Parameter Value frame - 0x09
Transmit Request frame - 0x10
Explicit Addressing Command frame - 0x11
Remote AT Command Request frame - 0x17
Create Source Route - 0x21
Register Joining Device - 0x24
AT Command Response frame - 0x88
Modem Status frame - 0x8A
Transmit Status frame - 0x8B
Receive Packet frame - 0x90
Explicit Rx Indicator frame - 0x91
I/O Data Sample Rx Indicator frame - 0x92
Node Identification Indicator frame - 0x95
Remote Command Response frame - 0x97
Extended Modem Status frame - 0x98
Route Record Indicator - 0xA1
Register Device Status - 0xA4
Many-to-One Route Request Indicator - 0xA3
Send ZDO commands with the API
Example
Send Zigbee cluster library (ZCL) commands with the API
Example
Send Public Profile Commands with the API
Frame specific data
Example
188
188
188
191
191
192
192
192
193
194
194
196
198
201
204
206
208
213
215
216
218
220
222
225
228
230
237
238
240
241
243
244
247
249
249
252
In-depth OTA firmware upgrade process for Zigbee 3.0
OTA file
XBee3® Zigbee® RF Module User Guide
256
10
Storage
ZCL OTA messaging
Image Notify
Create the Image Notify request
Query Next Image request
Query Next Image response
Image Block request
Image Block response
Upgrade End request
Upgrade End response
ZCL OTA cluster status codes
XBee3® Zigbee® RF Module User Guide
256
256
257
257
259
261
263
265
271
273
276
11
XBee3® Zigbee® RF Module User Guide
This manual describes the operation of the XBee3 Zigbee RF Module, which consists of Zigbee
firmware loaded onto XBee3 hardware.
The XBee3 Zigbee RF Modules provide wireless connectivity to end-point devices in Zigbee mesh
networks. Using the Zigbee 3.0 feature set, these devices are inter-operable with other Zigbee
devices, including devices from other vendors. With theXBee3 Zigbee RF Module, users can have their
Zigbee network up-and-running in a matter of minutes without configuration or additional
development.
For information about XBee3 hardware, see the XBee3 RF Module Hardware Reference Manual.
Applicable firmware and hardware
XBee3® Zigbee® RF Module User Guide
13
12
XBee3® Zigbee® RF Module User Guide
Applicable firmware and hardware
Applicable firmware and hardware
This manual supports the following firmware:
n
v.10xx Zigbee
It supports the following hardware:
n XBee3
XBee3® Zigbee® RF Module User Guide
13
Module support
This section provides customization information for the XBee3 Zigbee RF Module. You can customize
default parameters, or write or load custom firmware for the Ember EM357 chip.
Configure the device using XCTU
Customize XBee Zigbee firmware
XBee bootloader
Send a firmware image
Software libraries
XBee3® Zigbee® RF Module User Guide
15
15
15
15
16
14
Module support
Configure the device using XCTU
Configure the device using XCTU
XBee Configuration and Test Utility (XCTU) is a multi-platform program that enables users to interact
with Digi radio frequency (RF) devices through a graphical interface. The application includes built-in
tools that make it easy to set up, configure, and test Digi RF devices.
For instructions on downloading and using XCTU, see the XCTU User Guide.
Customize XBee Zigbee firmware
Once device parameters are tested in an application and finalized, Digi can manufacture devices with
specific, customer-defined configurations. These custom configurations can lock in a firmware version
or set command values when the devices are manufactured, eliminating the need for customers to
adjust device parameters on arrival.
XBee bootloader
You can update firmware on the XBee3 Zigbee RF Module serially. This is done by invoking the XBee3
bootloader and transferring the firmware image using XMODEM.
This process is also used for updating a local device's firmware using XCTU.
XBee devices use a modified version of Silicon Labs' Gecko bootloader. This bootloader version
supports a custom entry mechanism that uses module pins DIN, DTR / SLEEP_RQ, and RTS.
To invoke the bootloader, do the following:
1. Set DTR/SLEEP_RQ low (CMOS0V) and RTS high.
2. Send a serial break to the DIN pin and power cycle or reset the module.
3. When the device powers up, set DTR/SLEEP_RQ and DIN to low (CMOS0V) and RTS should be
high.
4. Terminate the serial break and send a carriage return at 115200 baud to the device.
5. If successful, the device sends the Silicon Labs' Gecko bootloader menu out the DOUT pin at
115200 baud.
6. You can send commands can be sent to the bootloader at 115200 baud.
Note Disable hardware flow control when entering and communicating with the bootloader.
All serial communications with the module use 8 data bits, no parity bit, and 1 stop bit.
You can update firmware on the XBee3 Zigbee RF Module serially. This is done by invoking the XBee3
bootloader and transferring the firmware image using XMODEM.
This process is also used for updating a local device's firmware using XCTU.
Send a firmware image
After invoking the bootloader, a menu is sent out the UART at 115200 baud. To upload a firmware
image through the UART interface:
1. Look for the bootloader prompt BL > to ensure the bootloader is active.
2. Send an ASCII 1 character to initiate a firmware update.
XBee3® Zigbee® RF Module User Guide
15
Module support
Software libraries
3. After sending a 1, the device waits for an XModem CRC upload of a .gbl image over the serial
line at 115200 baud. Send the .gbl file to the device using standard XMODEM-CRC.
If the firmware image is successfully loaded, the bootloader outputs a “complete” string. Invoke the
newly loaded firmware by sending a 2 to the device.
If the firmware image is not successfully loaded, the bootloader outputs an "aborted string". It return
to the main bootloader menu. Some causes for failure are:
n Over 1 minute passes after the command to send the firmware image and the first block of the
image has not yet been sent.
n
A power cycle or reset event occurs during the firmware load.
n
A file error or a flash error occurs during the firmware load.
Software libraries
One way to communicate with the XBee3 Zigbee RF Module is by using a software library. The libraries
available for use with the XBee3 Zigbee RF Module include:
n XBee Java library
n
XBee Python library
The XBee Java Library is a Java API. The package includes the XBee library, its source code and a
collection of samples that help you develop Java applications to communicate with your XBee devices.
The XBee Python Library is a Python API that dramatically reduces the time to market of XBee
projects developed in Python and facilitates the development of these types of applications, making it
an easy process.
XBee3® Zigbee® RF Module User Guide
16
Update the firmware over-the-air
The XBee3 Zigbee RF Module supports over-the-air (OTA) firmware updates. To perform an OTA
update, the device to be updated must be associated and communicable with a Zigbee network. In
this section, the node performing the update is considered the server and the node being updated is
the client.
Use XCTU to perform the OTA firmware update using the following process:
Add the device to XCTU
Update to the latest firmware
XBee3® Zigbee® RF Module User Guide
18
18
17
Update the firmware over-the-air
Add the device to XCTU
Add the device to XCTU
You must have a local device connected to your computer in order to perform firmware updates,
either to update local firmware through the serial connection or to use the local device to remotely
upgrade another device in the same network. With a local device properly attached to your computer,
follow these steps:
1. Add the local device attached to your computer to XCTU so it displays in the radio modules list.
2. Add the remote module in the network to XCTU:
a. Configure the local module you added to work in API mode.
b. Click Discover radio nodes in the same network to start a search for the remote
device.
c. When a remote device is found, it is listed in the Discovering remote devices
dialog.
d. Select the device and click Add selected devices. The remote device is added to
the radio modules list as a subordinate to the local device.
Update to the latest firmware
Firmware is the program code stored in the device's persistent memory that provides the control
program for the device. Use XCTU to update the firmware.
1. Click the Configuration working modes button
.
2. Select a local XBee module from the Radio Modules list.
3. Click the Update firmware button
.
The Update firmware dialog displays the available and compatible firmware for the selected
XBee module.
4. Select the product family of the XBee module, the function set, and the latest firmware version.
Note XBee3 Zigbee 3.0 does not support forced upgrades to the same version of the firmware.
5. Click Update. A dialog displays update progress. Click Show details for details of the firmware
update process.
Note Once you add your device to the radio modules list in XCTU, the update process is exactly the
same whether it is a local or remote device.
Note If there are instances where the upgrade fails with a transmission/waiting for image block
request error, retry the update process.
See How to update the firmware of your modules in the XCTU User Guide for more information.
For information about performing an over-the-air (OTA) firmware update outside of XCTU, see Indepth OTA firmware upgrade process for Zigbee 3.0.
XBee3® Zigbee® RF Module User Guide
18
Get started with MicroPython
This user guide provides an overview of how to use MicroPython with the XBee3 Zigbee RF Module.
For in-depth information and more complex code examples, refer to the Digi MicroPython
Programming Guide. Continue with this user guide for simple examples to get started using
MicroPython on the XBee3 Zigbee RF Module.
About MicroPython
MicroPython on the XBee3 Zigbee RF Module
Use XCTU to enter the MicroPython environment
Use the MicroPython Terminal in XCTU
MicroPython examples
MicroPython networking and communication examples
Exit MicroPython mode
Other terminal programs
Use picocom in Linux
XBee3® Zigbee® RF Module User Guide
20
20
20
21
21
23
31
31
33
19
Get started with MicroPython
About MicroPython
About MicroPython
MicroPython is an open-source programming language based on Python 3.0, with much of the same
syntax and functionality, but modified to fit on small devices with limited hardware resources, such as
an XBee3 Zigbee RF Module.
For more information about MicroPython, see www.micropython.org.
For more information about Python, see www.python.org.
MicroPython on the XBee3 Zigbee RF Module
The XBee3 Zigbee RF Module has MicroPython running on the device itself. You can access a
MicroPython prompt from the XBee3 Zigbee RF Module when you install it in an appropriate
development board (XBDB or XBIB), and connect it to a computer via a USB cable.
Note MicroPython is only available through the UART interface and does not work with SPI.
The examples in this user guide assume:
n You have XCTU on your computer. See Configure the device using XCTU.
n
You have a serial terminal program installed on your computer. For more information, see Use
the MicroPython Terminal in XCTU. This requires XCTU 6.3.10 or higher.
n
You have an XBee3 Zigbee RF Module installed on an appropriate development board such as
an XBIB-U-DEV or an XBDB-U-ZB.
n
The XBee3 Zigbee RF Module is connected to the computer via a USB cable and XCTU
recognizes it.
Use XCTU to enter the MicroPython environment
To use the XBee3 Zigbee RF Module in the MicroPython environment:
1. Use XCTU to add the device(s); see Configure the device using XCTU and Add devices to XCTU.
2. The XBee3 Zigbee RF Module appears as a box in the Radio Modules information panel. Each
module displays identifying information about itself.
3. Click this box to select the device and load its current settings.
Note To ensure that MicroPython is responsive to input, Digi recommends setting the XBee
UART baud rate to 115200 baud. To set the UART baud rate, select 115200 [7] in the BD field
and click the Write button. We strongly recommend using hardware flow control to avoid data
loss, especially when pasting large amounts of code or text. For more information, see UART
flow control.
4. To put the XBee3 Zigbee RF Module into MicroPython mode, in the AP field select MicroPython
REPL [4] and click the Write button
.
5. Note which COM port the XBee3 Zigbee RF Module is using, because you will need this
information when you use the MicroPython terminal.
XBee3® Zigbee® RF Module User Guide
20
Get started with MicroPython
Use the MicroPython Terminal in XCTU
Use the MicroPython Terminal in XCTU
You can use the MicroPython Terminal to communicate with the XBee3 Zigbee RF Module when it is in
MicroPython mode.1 This requires XCTU 6.3.10 or higher. To enter MicroPython mode, follow the steps
in Use XCTU to enter the MicroPython environment. To use the MicroPython Terminal:
1. Click the Tools drop-down menu
and select MicroPython Terminal. The terminal window
opens.
2. Click Open to open the Serial Port Configuration window.
3. In the Select the Serial/USB port area, click the COM port that the device uses.
4. Verify that the baud rate and other settings are correct.
5. Click OK. The Open icon changes to Close
, indicating that the device is properly connected.
If the >>> prompt appears, you are connected properly. You can now type or paste MicroPython code
in the terminal.
MicroPython examples
This section provides examples of how to use some of the basic functionality of MicroPython with the
XBee3 Zigbee RF Module.
Example: hello world
1. At the MicroPython >>> prompt, type the Python command: print("Hello, World!")
2. Press Enter to execute the command. The terminal echos back Hello, World!
Example: enter MicroPython paste mode
In the following examples it is helpful to know that MicroPython supports paste mode, where you can
copy a large block of code from this user guide and paste it instead of typing it character by character.
To use paste mode:
1. Copy the code you want to run. For example, copy the following code that is the code from the
"Hello world" example:
print("Hello World")
Note You can easily copy and paste code from the online version of this user guide. Use caution with
the PDF version, as it may not maintain essential indentations.
2. In the terminal, at the MicroPython >>> prompt type Ctrl-+E to enter paste mode. The terminal
displays paste mode; Ctrl-C to cancel, Ctrl-D to finish.
3. Right-click in the MicroPython terminal window and click Paste or press Ctrl+Shift+V to paste.
4. The code appears in the terminal occupying one line. Each line starts with its line number and
three "=" symbols. For example, line 1 starts with 1===.
1See Other terminal programs if you do not use the MicroPython Terminal in XCTU.
XBee3® Zigbee® RF Module User Guide
21
Get started with MicroPython
MicroPython examples
5. If the code is correct, press Ctrl+D to run the code; “Hello World” should print.
Note If you want to exit paste mode without running the code, or if the code did not copy
correctly, press Ctrl+C to cancel and return to the normal MicroPython >>> prompt).
Example: using the time module
The time module is used for time-sensitive operations such as introducing a delay in your routine or a
timer.
The following time functions are supported by the XBee3 Zigbee RF Module:
n ticks_ms() returns the current millisecond counter value. This counter rolls over at
0x40000000.
n
ticks_diff() compares the difference between two timestamps in milliseconds.
n
sleep() delays operation for a set number of seconds.
n
sleep_ms() delays operation for a set number of milliseconds.
n
sleep_us() delays operation for a set number of microseconds.
Note The standard time.time() function cannot be used, because this function produces the number
of seconds since the epoch. The XBee3 module lacks a realtime clock and cannot provide any date or
time data.
The following example exercises the various sleep functions and uses ticks_diff() to measure
duration:
import time
start = time.ticks_ms()
# Get the value from the millisecond counter
time.sleep(1)
time.sleep_ms(500)
time.sleep_us(1000)
# sleep for 1 second
# sleep for 500 milliseconds
# sleep for 1000 microseconds
delta = time.ticks_diff(time.ticks_ms(), start)
print("Operation took {} ms to execute".format(delta))
Example: AT commands using MicroPython
AT commands control the XBee3 Zigbee RF Module. The "AT" is an abbreviation for "attention", and
the prefix "AT" notifies the module about the start of a command line. For a list of AT commands that
can be used on the XBee3 Zigbee RF Module, see AT commands.
MicroPython provides an atcmd() method to process AT commands, similar to how you can use
Command mode or API frames.
The atcmd() method accepts two parameters:
1. The two character AT command, entered as a string.
2. An optional second parameter used to set the AT command value. If this parameter is not
provided, the AT command is queried instead of being set. This value is an integer, bytes object,
or string, depending on the AT command.
XBee3® Zigbee® RF Module User Guide
22
Get started with MicroPython
MicroPython networking and communication examples
Note The xbee.atcmd() method does not support the following AT commands: IS, AS, ED, ND, or DN.
The following is example code that queries and sets a variety of AT commands using xbee.atcmd():
import xbee
# Set the NI string of the radio
xbee.atcmd("NI", "XBee3 module")
# Configure a destination address using two different data types
xbee.atcmd("DH", 0x0013A200)
# Hex
xbee.atcmd("DL", b'\x12\x25\x89\xF5') # Bytes
# Read some AT commands and display the value and data type:
print("\nAT command parameter values:")
commands =["DH", "DL", "NI", "OI"]
for cmd in commands:
val = xbee.atcmd(cmd)
print("{}: {:20} of type {}".format(cmd, repr(val), type(val))
This example code outputs the following:
AT command parameter values:
DH: b'\x00\x13\xa2\x00' of type
DL: b'\x12%\x89\xf5'
of type
NI: 'XBee3 module'
of type
OI: 65535
of type
<class
<class
<class
<class
'bytes'>
'bytes'>
'str'>
'int'>
Note Parameters that store values larger than 16-bits in length are represented as bytes. Python
attempts to print out ASCII characters whenever possible, which can result in some unexpected
output (such as the "%" in the above output). If you want the output from MicroPython to match
XCTU, you can use the following example to convert bytes to hex:
dl_value = xbee.atcmd("DL")
hex_dl_value = hex(int.from_bytes(dl_value, 'big'))
MicroPython networking and communication examples
This section provides networking and communication examples for using MicroPython with the XBee3
Zigbee RF Module.
Zigbee networks with MicroPython
For small networks, it is suitable to use MicroPython on every node. However, there are some inherit
limitations that may prevent you from using MicroPython on some heavily trafficked nodes:
n When running MicroPython, any received messages will be stored in a small receive queue. This
queue only has room for 4 packets and must be regularly read to prevent data loss. For
networks that will be generating a lot of traffic, the data aggregator may need to operate in
API mode in order to capture all incoming data.
n
MicroPython does not have support for all of the XBee API frame types, particularly for source
routing. If you are planning to operate with a network of more than 40 nodes, Digi highly
recommends that you operate with the aggregator in API mode and implement source routing.
XBee3® Zigbee® RF Module User Guide
23
Get started with MicroPython
MicroPython networking and communication examples
For the examples in this section, we use MicroPython to manage a Zigbee network and send and
receive data between modules. To follow the upcoming examples, we need to configure a second
XBee3 Zigbee RF Module to use MicroPython.
XCTU only allows a single MicroPython terminal. We will be running example code on both modules,
which requires a second terminal window.
Open a second instance of XCTU, and configure a different XBee3 module for MicroPython following
the steps in Use XCTU to enter the MicroPython environment.
WARNING! The upcoming examples form and join an unencrypted Zigbee network. If the
modules were previously associated with a network, they will be disassociated.
Example: forming and joining a Zigbee network using MicroPython
This example forms a two-node Zigbee network using MicroPython. This is a pre-requisite for
subsequent networking examples.
This example assumes that you have two XBee3 Zigbee RF Modules configured for MicroPython and
two terminals open, one for each radio.
Execute the following code on the first radio; it will be our network coordinator:
import xbee, time
# Set the identifying string of the radio
xbee.atcmd("NI", "Coordinator")
# Configure some basic network settings
network_settings = {"CE": 1, "ID": 0xABCD, "EE": 0, "NJ": 0xFF}
for command, value in network_settings.items():
xbee.atcmd(command, value)
xbee.atcmd("AC") # Apply changes
time.sleep(1)
while xbee.atcmd("AI") != 0:
time.sleep(0.1)
print("Network Established")
operating_network = ["OI", "OP", "CH"]
print("Operating network parameters:")
for cmd in operating_network:
print("{}: {}".format(cmd, xbee.atcmd(cmd)))
Run the following code on the second radio, it will be a router that will join the established network:
import xbee, time
# Set the identifying string of the radio
xbee.atcmd("NI", "Router")
# Configure some basic network settings
network_settings = {"CE": 0, "ID": 0xABCD, "EE": 0}
for command, value in network_settings.items():
xbee.atcmd(command, value)
xbee.atcmd("AC") # Apply changes
XBee3® Zigbee® RF Module User Guide
24
Get started with MicroPython
MicroPython networking and communication examples
time.sleep(1)
# Query AI until it reports success
print("Connecting to network, please wait...")
while return xbee.atcmd("AI") != 0:
time.sleep(0.1)
print("Connected to Network")
operating_network = ["OI", "OP", "CH"]
print("Operating network parameters:")
for cmd in operating_network:
print("{}: {}".format(cmd, xbee.atcmd(cmd)))
After the code has been executed on both radios, the radio reports the operating network
parameters. Make sure both radios report the same values to ensure they are on the same network.
Example: network Discovery using MicroPython
The xbee.discover() method returns an iterator that blocks while waiting for results, similar to
executing an ND request. For more information, see ND (Network Discovery).
Each result is a dictionary with fields based on an ND response:
n sender_nwk: 16-bit network address.
n
sender_eui64: 8-byte bytes object with EUI-64 address.
n
parent_nwk: Set to 0xFFFE on the coordinator and routers; otherwise, this is set to the
network address of the end device's parent.
n
node_id: The device's NI value (a string of up to 20 characters, also referred to as Node
Identification).
n
node_type: Value of 0, 1 or 2 for coordinator, router, or end device.
n
device_type: The device's 32-bit DD value, also referred to as Digi Device Type; this is used to
identify different types of devices or hardware.
n
rssi: Relative signal strength indicator (in dBm) of the node discovery request packet received
by the sending node.
Note When printing the dictionary, fields for device_type, sender_nwk and parent_nwk appear in
decimal form. You can use the MicroPython hex() method to print an integer in hexadecimal. Check
the function code for format_eui64 from the Example: communication between two XBee3 Zigbee
modules topic for code to convert the sender_eui64 field into a hexadecimal string with a colon
between each byte value.
Use the following example code to perform a network discovery:
import xbee, time
# Set the network discovery options to include self
xbee.atcmd("NO", 2)
xbee.atcmd("AC")
time.sleep(.5)
# Perform Network Discovery and print out the results
XBee3® Zigbee® RF Module User Guide
25
Get started with MicroPython
MicroPython networking and communication examples
print ("Network Discovery in process...")
nodes = list(xbee.discover())
if nodes:
for node in nodes:
print("\nRadio discovered:")
for key, value in node.items():
print("\t{:<12} : {}".format(key, value))
# Set NO back to the default value
xbee.atcmd("NO", 0)
xbee.atcmd("AC")
This produces the following output from two discovered nodes:
Radio discovered:
rssi
node_id
device_type
parent_nwk
sender_nwk
sender_eui64
node_type
:
:
:
:
:
:
:
-63
Coordinator
1179648
65534
0
b'\x00\x13\xa2\xff h\x98T'
0
Radio discovered:
rssi
node_id
device_type
parent_nwk
sender_nwk
sender_eui64
node_type
:
:
:
:
:
:
:
-75
Router
1179648
65534
23125
b'\x00\x13\xa2\xffh\x98c&'
1
Examples: transmitting data
This section provides examples for transmitting data using MicroPython. These examples assume you
have followed the above examples and the two radios are on the same network.
Example: transmit message
Use the xbee module to transmit a message from the XBee3 Zigbee device. The transmit() function
call consists of the following parameters:
1. The Destination Address, which can be any of the following:
n
Integer for 16-bit addressing
n
8-byte bytes object for 64-bit addressing
n
Constant xbee.ADDR_BROADCAST to indicate a broadcast destination
n
Constant xbee.ADDR_COORDINATOR to indicate the coordinator
2. The Message as a character string.
If the message is sent successfully, transmit() returns None. If the transmission fails due to an ACK
failure or lack of free buffer space on the receiver, the sent packet will be silently discarded.
Example: transmit a message to the network coordinator
1. From the router, access the MicroPython environment.
2. At the MicroPython >>> prompt, type import xbee and press Enter.
XBee3® Zigbee® RF Module User Guide
26
Get started with MicroPython
MicroPython networking and communication examples
3. At the MicroPython >>> prompt, type xbee.transmit(xbee.ADDR_COORDINATOR, "Hello
World!") and press Enter.
4. On the coordinator, you can issue an xbee.receive() call to output the received packet.
Example: transmit custom messages to all nodes in a network
This program performs a network discovery and sends the message 'Hello <Destination Node
Identifier>!' to individual nodes in the network. For more information, see Example: network
Discovery using MicroPython.
import xbee
# Perform a network discovery to gather destination address:
print("Discovering remote nodes, please wait...")
node_list = list(xbee.discover())
if not node_list:
raise Exception("Network discovery did not find any remote devices")
for node in node_list:
dest_addr = node['sender_nwk'] # 'sender_eui64' can also be used
dest_node_id = node['node_id']
payload_data = "Hello, " + dest_node_id + "!"
try:
print("Sending \"{}\" to {}".format(payload_data, hex(dest_addr)))
xbee.transmit(dest_addr, payload_data)
except Exception as err:
print(err)
print("complete")
Receiving data
Use the receive() function from the xbee module to receive messages. When MicroPython is active on
a device (AP is set to 4), all incoming messages are saved to a receive queue within MicroPython. This
receive queue is limited in size and only has room for 4 messages. To ensure that data is not lost, it is
important to continuously iterate through the receive queue and process any of the packets within.
If the receive queue is full and another message is sent to the device, it will not acknowledge the
packet and the sender generates a failure status of 0x24 (Address not found).
The receive() function returns one of the following:
XBee3® Zigbee® RF Module User Guide
27
Get started with MicroPython
MicroPython networking and communication examples
n
None: No message (the receive queue is empty).
n
Message dictionary consisting of:
l
sender_nwk: 16-bit network address of the sending node.
l
sender_eui64: 64-bit address (as a "bytes object") of the sending node.
l
source_ep: source endpoint as an integer.
l
dest_ep: destination endpoint as an integer.
l
cluster: cluster id as an integer.
l
profile: profile id as an integer.
l
broadcast: True or False depending on whether the frame was broadcast or unicast.
l
payload: "Bytes object" of the payload. This is a bytes object instead of a string, because
the payload can contain binary data.
Example: continuously receive data
In this example, the format_packet() helper formats the contents of the dictionary and format_eui64
() formats the bytes object holding the EUI-64. The while loop shows how to poll for packets
continually to ensure that the receive buffer does not become full.
def format_eui64(addr):
return ':'.join('%02x' % b for b in addr)
def format_packet(p):
type = 'Broadcast' if p['broadcast'] else 'Unicast'
print("%s message from EUI-64 %s (network 0x%04X)" % (type,
format_eui64(p['sender_eui64']), p['sender_nwk']))
print("
from ep 0x%02X to ep 0x%02X, cluster 0x%04X, profile 0x%04X:" %
(p['source_ep'], p['dest_ep'], p['cluster'], p['profile']))
print(p['payload'])
import xbee, time
while True:
print("Receiving data...")
print("Press CTRL+C to cancel.")
p = xbee.receive()
if p:
format_packet(p)
else:
time.sleep(0.25)
# wait 0.25 seconds before checking again
If this node had previously received a packet, it outputs as follows:
Unicast message from EUI-64 00:13:a2:00:41:74:ca:70 (network 0x6D81)
from ep 0xE8 to ep 0xE8, cluster 0x0011, profile 0xC105:
b'Hello World!'
Note Digi recommends calling the receive() function in a loop so no data is lost. On modules where
there is a high volume of network traffic, there could be data lost if the messages are not pulled from
the queue fast enough.
XBee3® Zigbee® RF Module User Guide
28
Get started with MicroPython
MicroPython networking and communication examples
Example: communication between two XBee3 Zigbee modules
This example combines all of the previous examples and represents a full application that configures a
network, discovers remote nodes, and sends and receives messages.
First, we will upload some utility functions into the flash space of MicroPython so that the following
examples will be easier to read.
Complete the following steps to compile and execute utility functions using flash mode on both
devices:
1. Access the MicroPython environment.
2. Press Ctrl + F.
3. Copy the following code:
import xbee, time
# Utility functions to perform XBee3 Zigbee operations
def format_eui64(addr):
return ':'.join('%02x' % b for b in addr)
def format_packet(p):
type = 'Broadcast' if p['broadcast'] else 'Unicast'
print("%s message from EUI-64 %s (network 0x%04X)" %
(type, format_eui64(p['sender_eui64']), p['sender_nwk']))
print("from ep 0x%02X to ep 0x%02X, cluster 0x%04X, profile 0x%04X:" %
(p['source_ep'], p['dest_ep'], p['cluster'], p['profile']))
print(p['payload'],"\n")
def network_status():
# If the value of AI is non zero, the module is not connected to a network
return xbee.atcmd("AI"))
4. At the MicroPython 1^^^ prompt, right-click and select the Paste option.
5. Press Ctrl+D to finish. The code is uploaded to the flash memory and then compiled. At the
"Automatically run this code at startup" [Y/N]?" prompt, select Y.
6. Press Ctrl+R to run the compiled code; this provides access to these utility functions for the
next examples.
Example code on the coordinator module
The following example code forms a Zigbee network as a coordinator, performs a network discovery
to find the remote node, and continuously prints out any incoming data.
1. Access the MicroPython environment.
2. Copy the following sample code:
print("Forming a new network as a coordinator...")
xbee.atcmd("NI", "Coordinator")
network_settings = {"CE": 1, "ID": 0x3332, "EE": 0, "NJ": 0xFF}
for command, value in network_settings.items():
xbee.atcmd(command, value)
xbee.atcmd("AC") # Apply changes
time.sleep(1)
while network_status() != 0:
time.sleep(0.1)
XBee3® Zigbee® RF Module User Guide
29
Get started with MicroPython
MicroPython networking and communication examples
print("Network Established\n")
print("Waiting for a remote node to join...")
node_list = []
while len(node_list) == 0:
# Perform a network discovery until the router joins
node_list = list(xbee.discover())
print("Remote node found, transmitting data")
for node in node_list:
dest_addr = node['sender_nwk'] # using 16 bit addressing
dest_node_id = node['node_id']
payload_data = "Hello, " + dest_node_id + "!"
print("Sending \"{}\" to {}".format(payload_data, hex(dest_addr)))
xbee.transmit(dest_addr, payload_data)
# Start the receive loop
print("Receiving data...")
print("Hit CTRL+C to cancel")
while True:
p = xbee.receive()
if p:
format_packet(p)
else:
time.sleep(0.25)
3. Press Ctrl+E to enter paste mode.
4. At the MicroPython >>> prompt, right-click and select the Paste option. Once you paste the
code, it executes immediately.
Example code on the router module
The following example code joins the Zigbee network from the previous example, and continuously
prints out any incoming data. This device also sends its temperature data every 5 seconds to the
coordinator address.
1. Access the MicroPython environment.
2. Copy the following sample code:
print("Joining network as a router...")
xbee.atcmd("NI", "Router")
network_settings = {"CE": 0, "ID": 0x3332, "EE": 0}
for command, value in network_settings.items():
xbee.atcmd(command, value)
xbee.atcmd("AC") # Apply changes
time.sleep(1)
while network_status() != 0:
time.sleep(0.1)
print("Connected to Network\n")
last_sent = time.ticks_ms()
interval = 5000 # How often to send a message
# Start the transmit/receive loop
print("Sending temp data every {} seconds".format(interval/1000))
XBee3® Zigbee® RF Module User Guide
30
Get started with MicroPython
Exit MicroPython mode
while True:
p = xbee.receive()
if p:
format_packet(p)
else:
# Transmit temperature if ready
if time.ticks_diff(time.ticks_ms(), last_sent) > interval:
temp = "Temperature: {}C".format(xbee.atcmd("TP"))
print("\tsending " + temp)
try:
xbee.transmit(xbee.ADDR_COORDINATOR, temp)
except Exception as err:
print(err)
last_sent = time.ticks_ms()
time.sleep(0.25)
3. Press Ctrl+E to enter paste mode.
4. At the MicroPython >>> prompt, right-click and select the Paste option. Once you paste the
code, it executes immediately.
Exit MicroPython mode
To exit MicroPython mode:
1. In the XCTU MicroPython terminal, click the green Close button
.
2. Click Close at the bottom of the terminal to exit the terminal.
3. In XCTU's Configuration working mode
the Write button
, change AP API Enable to another mode and click
. We recommend changing to Transparent mode [0], as most of the
examples use this mode.
Other terminal programs
If you do not use the MicroPython terminal in XCTU, you can use other terminal programs to
communicate with the XBee3 Zigbee RF Module. If you use Microsoft Windows, follow the instructions
for Tera Term; if you use Linux, follow the instructions for picocom. To download these programs:
n Tera Term for Windows, see ttssh2.osdn.jp/index.html.en.
n
Picocom for Linux, see developer.ridgerun.com/wiki/index.php/Setting_up_Picocom_-_Ubuntu
n
Source code and in-depth information, see github.com/npat-efault/picocom.
Tera Term for Windows
With the XBee3 Zigbee RF Module in MicroPython mode (AP = 4), you can access the MicroPython
prompt using a terminal.
1. Open Tera Term. The Tera Term: New connection window appears.
2. Click the Serial radio button to select a serial connection.
3. From the Port: drop-down menu, select the COM port that the XBee3 Zigbee RF Module is
connected to.
XBee3® Zigbee® RF Module User Guide
31
Get started with MicroPython
Other terminal programs
4. Click OK. The COMxx - Tera Term VT terminal window appears and Tera Term attempts to
connect to the device at a baud rate of 9600 bps. The terminal will not allow communication
with the device since the baud rate setting is incorrect. You must change this rate as it was
previously set to 115200 bps.
5. Click Setup and Serial Port. The Tera Term: Serial port setup window appears.
6. In the Tera Term: Serial port setup window, set the parameters to the following values:
n
Port: Shows the port that the XBee3 Zigbee RF Module is connected on.
n
Baud rate: 115200
n
Data: 8 bit
n
Parity: none
n
Stop: 1 bit
n
Flow control: hardware
n
Transmit delay: N/A
7. Click OK to apply the changes to the serial port settings. The settings should go into effect
right away.
8. To verify that local echo is not enabled and that extra line-feeds are not enabled:
a. In Tera Term, click Setup and select Terminal.
b. In the New-line area of the Tera Term: Serial port setup window, click the
Receive drop-down menu and select AUTO if it does not already show that value.
c. Make sure the Local echo box is not checked.
9. Click OK.
10. Press Ctrl+B to get the MicroPython version banner and prompt.
MicroPython v1.9.3-716-g507d0512 on 2018-02-20; XBee3 Zigbee with EFR32MG
Type "help()" for more information.
>>>
Now you can type MicroPython commands at the >>> prompt.
XBee3® Zigbee® RF Module User Guide
32
Get started with MicroPython
Use picocom in Linux
Use picocom in Linux
With the XBee3 Zigbee RF Module in MicroPython mode (AP = 4), you can access the MicroPython
prompt using a terminal.
Note The user must have read and write permission for the serial port the XBee3 Zigbee RF Module is
connected to in order to communicate with the device.
1. Open a terminal in Linux and type picocom -b 115200 /dev/ttyUSB0. This assumes you have
no other USB-to-serial devices attached to the system.
2. Press Ctrl+B to get the MicroPython version banner and prompt. You can also press Enter to
bring up the prompt.
If you do have other USB-to-serial devices attached:
1. Before attaching the XBee3 Zigbee RF Module, check the directory /dev/ for any devices
named ttyUSBx, where x is a number. An easy way to list these is to type: ls /dev/ttyUSB*.
This produces a list of any device with a name that starts with ttyUSB.
2. Take note of the devices present with that name, and then connect the XBee3 Zigbee RF
Module.
3. Check the directory again and you should see one additional device, which is the XBee3 Zigbee
RF Module.
4. In this case, replace /dev/ttyUSB0 at the top with /dev/ttyUSB<number>, where <number>
is the new number that appeared.
It connects and shows "Terminal ready".
XBee3® Zigbee® RF Module User Guide
33
Get started with MicroPython
Use picocom in Linux
You can now type MicroPython commands at the >>> prompt.
XBee3® Zigbee® RF Module User Guide
34
Operation
Serial interface
UART data flow
Serial buffers
UART flow control
Break control
XBee3® Zigbee® RF Module User Guide
36
36
37
38
38
35
Operation
Serial interface
Serial interface
The XBee3 Zigbee RF Module interfaces to a host device through a serial port. The device can
communicate with any logic and voltage compatible UART, through a level translator to any serial
device (for example, through a RS-232 or USB interface board).
UART data flow
Devices that have a UART interface connect directly to the pins of the XBee3 Zigbee RF Module as
shown in the following figure. The figure shows system data flow in a UART-interfaced environment.
Low-asserted signals have a horizontal line over the signal name.
For more information about hardware specifications for the UART, see the XBee3 Hardware Reference
Manual.
Serial data
A device sends data to the XBee3 Zigbee RF Module's UART as an asynchronous serial signal. When the
device is not transmitting data, the signals should idle high.
For serial communication to occur, you must configure the UART of both devices (the microcontroller
and the XBee3 Zigbee RF Module) with compatible settings for the baud rate, parity, start bits, stop
bits, and data bits.
Each data byte consists of a start bit (low), 8 data bits (least significant bit first) and a stop bit (high).
The following diagram illustrates the serial bit pattern of data passing through the device. The
diagram shows UART data packet 0x1F (decimal number 31) as transmitted through the device.
You can configure the UART baud rate, parity, and stop bits settings on the device with the BD, NB,
and SB commands respectively. For more information, see Serial interfacing commands.
XBee3® Zigbee® RF Module User Guide
36
Operation
Serial buffers
Serial buffers
The XBee3 Zigbee RF Module maintains internal buffers to collect serial and RF data that it receives.
The serial receive buffer collects incoming serial characters and holds them until the device can
process them. The serial transmit buffer collects the data it receives via the RF link until it transmits
that data out the serial port. The following figure shows the process of device buffers collecting
received serial data.
Serial receive buffer
When serial data enters the XBee3 Zigbee RF Module through the serial port, the device stores the
data in the serial receive buffer until it can be processed. Under certain conditions, the device may
receive data when the serial receive buffer is already full. In that case, the device discards the data.
The serial receive buffer becomes full when data is streaming into the serial port faster than it can be
processed and sent over the air (OTA). While the speed of receiving the data on the serial port can be
much faster than the speed of transmitting data for a short period, sustained operation in that mode
causes the device to drop data due to running out of places to put the data. Some things that may
delay over the air transmissions are address discovery, route discovery, and retransmissions.
Processing received RF data can also take away time and resources for processing incoming serial
data.
If the UART is the serial port and you enable the CTS flow control, the device alerts the external data
source when the receive buffer is almost full. The host delays sending data to the device until the
module asserts CTS again, allowing more data to come in.
Serial transmit buffer
When the device receives RF data, it moves the data into the serial transmit buffer and sends it out
the UART. If the serial transmit buffer becomes full and the system buffers are also full, then it drops
the entire RF data packet. Whenever the device receives data faster than it can process and transmit
the data out the serial port, there is a potential of dropping data.
In situations where the serial transmit buffer may become full, resulting in dropped RF packets:
1. If the RF data rate is set higher than the interface data rate of the device, the device may
receive data faster than it can send the data to the host. Even occasional transmissions from a
large number of devices can quickly accumulate and overflow the transmit buffer.
2. If the host does not allow the device to transmit data out from the serial transmit buffer due to
being held off by hardware flow control.
XBee3® Zigbee® RF Module User Guide
37
Operation
UART flow control
UART flow control
You can use the RTS and CTS pins to provide RTS and/or CTS flow control. CTS flow control provides an
indication to the host to stop sending serial data to the device. RTS flow control allows the host to
signal the device to not send data in the serial transmit buffer out the UART. To enable RTS/CTS flow
control, use the D6 and D7 commands.
CTS flow control
If you enable CTS flow control (D7 command), when the serial receive buffer is 17 bytes away from
being full, the device de-asserts CTS (sets it high) to signal to the host device to stop sending serial
data.
In either case, CTS is not re-asserted until the serial receive buffer has FT-17 or less bytes in use.
RTS flow control
If you send the D6 command to enable RTS flow control, the device does not send data in the serial
transmit buffer out the DOUT pin as long as RTS is de-asserted (set high). Do not de-assert RTS for
long periods of time or the serial transmit buffer will fill. If the device receives an RF data packet and
the serial transmit buffer does not have enough space for all of the data bytes, it discards the entire
RF data packet.
If the device sends data out the UART when RTS is de-asserted (set high) the device could send up to
five characters out the UART port after RTS is de-asserted.
Break control
If a serial break (DIN held low) signal is sent for over five seconds, the device resets, and it boots into
Command mode with default baud settings (9600 baud). If either P3 or P4 are not enabled, this break
function is disabled.
XBee3® Zigbee® RF Module User Guide
38
Modes
The XBee3 Zigbee RF Module is in Receive Mode when it is not transmitting data. The device shifts into
the other modes of operation under the following conditions:
n Transmit mode (Serial data in the serial receive buffer is ready to be packetized)
n
Sleep mode
n
Command mode (Command mode sequence is issued)
Transparent operating mode
API operating mode
Compare Transparent and API operation
Command mode
Idle mode
Transmit mode
Receive mode
Sleep mode
XBee3® Zigbee® RF Module User Guide
40
40
40
41
43
43
44
44
39
Modes
Transparent operating mode
Transparent operating mode
When operating in Transparent mode, the devices act as a serial line replacement. The device queues
up all UART or SPI data received through the DIN or MOSI pin for RF transmission. When RF data is
received, the device sends the data out through the serial port. Use the Command mode interface to
configure the device configuration parameters.
Serial-to-RF packetization
The device buffers data in the serial receive buffer and packetizes and transmits the data when it
receives the following:
n No serial characters for the amount of time determined by the RO (Packetization Timeout)
parameter. If RO = 0, packetization begins when the device received a character.
n
Command mode Sequence (GT + CC + GT). Any character buffered in the serial receive buffer
before the device transmits the sequence.
n
Maximum number of characters that fit in an RF packet.
API operating mode
API operating mode is an alternative to Transparent operating mode. The frame-based API extends
the level to which a host application can interact with the networking capabilities of the device. When
in API mode, the device contains all data entering and leaving in frames that define operations or
events within the device.
The API provides alternative means of configuring devices and routing data at the host application
layer. A host application can send data frames to the device that contain address and payload
information instead of using Command mode to modify addresses. The device sends data frames to
the application containing status packets, as well as source and payload information from received
data packets.
The API operation option facilitates many operations such as:
n Transmitting data to multiple destinations without entering Command mode
n
Receive success/failure status of each transmitted RF packet
n
Identify the source address of each received packet
Compare Transparent and API operation
The following tables compare the advantages of Transparent and API operating modes:
Transparent operation
Simple
interface
The device transmits all received serial data unless it is in Command mode.
Easy to support
It is easier for an application to support transparent operation and Command
mode.
XBee3® Zigbee® RF Module User Guide
40
Modes
Command mode
API operation
Easy to manage data transmissions
to multiple
destinations
Transmitting RF data to multiple remotes only requires changing the address
in the API frame. This process is much faster than in transparent operation
where the application must enter Command mode, change the address, exit
Command mode, and then transmit data. Each API transmission can return a
transmit status frame indicating the success or reason for failure.
Received data
frames indicate
the sender's
address
All received RF data API frames indicate the source address.
Advanced Zigbee
addressing
support
API transmit and receive frames can expose Zigbee addressing fields including
source and destination endpoints, cluster ID and profile ID. This makes it easy
to support ZDO commands and public profile traffic.
Advanced
networking
diagnostics
API frames can provide indication of I/O samples from remote devices, and
node identification messages.
Remote
configuration
Set and read configuration commands can be sent to remote devices to
configure them as needed using the API.
Generally, API mode is recommended when a device:
n Sends RF data to multiple destinations.
n
Sends remote configuration commands to manage devices in the network.
n
Receives RF data packets from multiple devices, and the application needs to know which
device sent which packet.
n
Must support multiple Zigbee endpoints, cluster IDs, and/or profile IDs.
n
Uses the Zigbee device profile services.
API mode is required when:
n Receiving I/O samples from remote devices.
n
Using source routing.
If the above conditions do not apply (for example a sensor node, router, or a simple application), then
Transparent operating mode might be suitable. It is acceptable to use a mixture of devices running
API mode and Transparent mode in a network.
Command mode
Command mode is a state in which the firmware interprets incoming characters as commands. It is
only available over the UART. API operation describes an alternate means for configuring devices that
is available over the UART with Zigbee code.
Enter Command mode
To get a device to switch into this mode, you must issue the following sequence: GT + CC(+++) + GT
and observe guard times before and after the command character.
The default sequence to transition to Command mode is:
XBee3® Zigbee® RF Module User Guide
41
Modes
Command mode
n
No characters sent for one second [GT (Guard Times) parameter = 0x3E8].
n
Three plus characters (+++) input within one second [CC (Command Sequence Character)
parameter = 0x2B.].
n
No characters sent for one second [GT (Guard Times) parameter = 0x3E8].
When you send the Command mode sequence, the device sends OK out the UART pin. The device may
delay sending the OK if it has not transmitted all of the serial data it received.
When the device is in Command mode, it starts the Command mode timer (CT command) and can
receive AT commands on the UART port.
You can customize the command character, the guard times and the timeout in the device’s
configuration settings. For more information, see CC (Command Character), CT (Command Mode
Timeout) and GT (Guard Times).
Troubleshooting
Failure to enter Command mode is often due to baud rate mismatch. Ensure that the baud rate of the
connection matches the baud rate of the device. By default, the BD parameter = 3 (9600 baud).
Send AT commands
Once the device enters Command mode, use the syntax in the following figure to send AT commands.
Every AT command starts with the letters AT, which stands for "attention." The AT is followed by two
characters that indicate which command is being issued, then by some optional configuration values.
To read a parameter value stored in the device’s register, omit the parameter field.
The preceding example changes the device's destination address (Low) to 0x1F.
To store the new value to non-volatile (long term) memory, send the WR (Write) command. This allows
parameter values that you modify to persist in the device's registry after a reset. Otherwise, the
device restores parameters to the previous values after a reset.
Multiple AT commands
You can send multiple AT commands at a time when they are separated by a comma in Command
mode; for example, ATSH,SL.
Parameter format
Refer to the list of AT commands for the format of individual AT command parameters. Numeric
parameters will always be represented in hexadecimal format. Some AT commands have ASCII string
parameter, which will be represented as ASCII characters in Command mode and bytes in API mode.
Valid formats for hexadecimal values include with or without a leading 0x for example FFFF or 0xFFFF.
Response to AT commands
When you send a command to the device, the device parses and runs the command. If the command
runs successfully, the device returns an OK message. If the command errors, the device returns an
ERROR message.
XBee3® Zigbee® RF Module User Guide
42
Modes
Idle mode
Apply command changes
Any changes you make to the configuration command registers using AT commands do not take effect
until you apply the changes. For example, if you send the BD command to change the baud rate, the
actual baud rate does not change until you apply the changes. To apply changes:
1. Send the AC (Apply Changes) command.
or:
2. Exit Command mode.
Exit Command mode
1. Send the CN (Exit Command mode) command followed by a carriage return.
or:
2. If the device does not receive any valid AT commands within the time specified by CT
(Command mode Timeout), it returns to Idle Mode.
For an example of programming the device using AT commands and descriptions of each configurable
parameter, see AT commands.
Idle mode
When not receiving or transmitting data, the device is in Idle mode. During Idle mode, the device
listens for valid data on both the RF and serial ports.
The device shifts into the other modes of operation under the following conditions:
n Transmit mode (serial data in the serial receive buffer is ready to be packetized).
n
Receive mode (valid RF data received through the antenna).
n
Command mode (Command mode sequence issued).
Transmit mode
Prior to transmitting data, the module ensures that a 16-bit network address and route to the
destination node have been established.
If a 16-bit network address is not provided, a Network Address Discovery takes place. In order for
data to be sent, a route discovery takes place for the purpose of establishing a route to the
destination node. If a device with a matching network address is not discovered, it discards the
packet. The device transmits the data once a route is established. If route discovery fails to establish
a route, the device discards the packet. The following diagram shows the Transmit Mode sequence.
XBee3® Zigbee® RF Module User Guide
43
Modes
Receive mode
When Zigbee data is transmitted from one node to another, the destination node transmits a
network-level acknowledgment back across the established route to the source node. This
acknowledgment packet indicates to the source node that the destination node received the data
packet. If the source node does not receive a network acknowledgment, it retransmits the data.
It is possible in rare circumstances for the destination to receive a data packet, but for the source to
not receive the network acknowledgment. In this case, the source retransmits the data, which can
cause the destination to receive the same data packet multiple times. The XBee modules do not filter
out duplicate packets. We recommend that the application includes provisions to address this issue.
For more information, see Transmission, addressing, and routing.
Receive mode
When data is received over the air, the module sends the data out the serial port.
The AP and AO parameters can be used to adjust the types of messages are filtered out by the XBee3.
By default, the module operates in transparent mode where the the device will only output the
payload of received packets. In API modes, the entire packet is emitted, and AO adjusts whether raw
ZDO messages should be emitted.
Sleep mode
Sleep modes allow the device to enter states of low power consumption when not in use. The XBee3
Zigbee RF Module supports both pin sleep (Sleep mode entered on pin transition) and cyclic sleep
(device sleeps for a fixed time).
Sleep modes are discussed in detail in Manage End Devices.
Sleep modes allow the device to enter states of low power consumption when not in use. The device is
almost completely off during sleep, and is incapable of sending or receiving data until it wakes up.
XBee devices support pin sleep, where the device enters sleep mode upon pin transition, and cyclic
sleep, where the device sleeps for a fixed time.
For more information, see Manage End Devices.
XBee3® Zigbee® RF Module User Guide
44
Zigbee networks
About the Zigbee specification
Zigbee stack layers
Zigbee networking concepts
Zigbee application layers: in depth
Zigbee coordinator operation
Router operation
End device operation
Zigbee channel scanning
XBee3® Zigbee® RF Module User Guide
46
46
47
50
52
57
61
64
45
Zigbee networks
About the Zigbee specification
About the Zigbee specification
Zigbee is an open global standard for low-power, low-cost, low-data-rate, wireless mesh networking
based on the IEEE 802.15.4 standard. It represents a network layer above the 802.15.4 layers to
support advanced mesh routing capabilities. The Zigbee specification is developed by a consortium of
companies that make up the Zigbee Alliance. The alliance is made up of over 300 members, including
semiconductor, module, stack, and software developers. For more information, see
http://www.zigbee.org/.
Zigbee stack layers
Most network protocols use the concept of layers to separate different components and functions
into independent modules that can be assembled in different ways.
Zigbee is built on the Physical (PHY) layer and Medium Access Control (MAC) sub-layer defined in the
IEEE 802.15.4 standard. These layers handle low-level network operations such as addressing and
message transmission/reception.
The Zigbee specification defines the Network (NWK) layer and the framework for the application (APL)
layer. The Network layer takes care of the network structure, routing, and security. The application
layer framework consists of the Application Support sub-layer (APS), the Zigbee device objects (ZDO)
and user-defined applications that give the device its specific functionality.
This table describes the Zigbee layers.
XBee3® Zigbee® RF Module User Guide
46
Zigbee networks
Zigbee networking concepts
Zigbee layer Descriptions
PHY
Defines the physical operation of the Zigbee device including receive sensitivity,
channel rejection, output power, number of channels, chip modulation, and
transmission rate specifications. Most Zigbee applications operate on the 2.4 GHz
ISM band at a 250 kb/s data rate. See the IEEE 802.15.4 specification for details.
MAC
Manages RF data transactions between neighboring devices (point to point). The
MAC includes services such as transmission retry and acknowledgment
management, and collision avoidance techniques (CSMA-CA).
Network
Adds routing capabilities that allows RF data packets to traverse multiple devices
(multiple hops) to route data from source to destination (peer to peer).
APS (AF)
Application layer that defines various addressing objects including profiles, clusters,
and endpoints.
ZDO
Application layer that provides device and service discovery features and advanced
network management capabilities.
Zigbee networking concepts
Device types
Zigbee defines three different device types: coordinator, router, and end device.
Coordinator
Zigbee networks may only have a single coordinator device. This device:
n Starts the network, selecting the channel and PAN ID (both 64-bit and 16-bit).
n
Distributes 16-bit network addresses, allowing routers and end devices to join the network.
Assists in routing data.
n
Buffers wireless data packets for sleeping end device children.
n
Manages the other functions that define the network, secure it, and keep it healthy.
n
Cannot sleep; the coordinator must be powered on all the time.
Router
A router is a full-featured Zigbee node. This device:
n Can join existing networks and send, receive, and route information. Routing involves acting as
a messenger for communications between other devices that are too far apart to convey
information on their own.
n
Can buffer wireless data packets for sleeping end device children. Can allow other routers and
end devices to join the network.
n
Cannot sleep; router(s) must be powered on all the time.
n
May have multiple router devices in a network.
XBee3® Zigbee® RF Module User Guide
47
Zigbee networks
Zigbee networking concepts
End device
An end device is essentially a reduced version of a router. This device:
n Can join existing networks and send and receive information, but cannot act as messenger
between any other devices.
n
Cannot allow other devices to join the network.
n
Uses less expensive hardware and can power itself down intermittently, saving energy by
temporarily entering a non responsive sleep mode.
n
Always needs a router or the coordinator to be its parent device. The parent helps end devices
join the network, and stores messages for them when they are asleep.
Zigbee networks may have any number of end devices. In fact, a network can be composed of one
coordinator, multiple end devices, and zero routers.
The following diagram shows a generic Zigbee network.
Note Each Zigbee network must be formed by one, and only one, coordinator and at least one other
device (router or end device).
In Zigbee networks, the coordinator must select a PAN ID (64-bit and 16-bit) and channel to start a
network. After that, it behaves essentially like a router. The coordinator and routers can allow other
devices to join the network and can route data.
After an end device joins a router or coordinator, it must be able to transmit or receive RF data
through that router or coordinator. The router or coordinator that allowed an end device to join
becomes the “parent” of the end device. Since the end device can sleep, the parent must be able to
buffer or retain incoming data packets destined for the end device until the end device is able to wake
and receive the data.
A device can only operate as one of the three device types. The device type is selected by
configuration rather than by firmware image as was the case on earlier hardware platforms.
By default, the device operates as a router. To select coordinator operation, set CE to 1. To select end
device operation, set SM to a non-zero value. To select router operation, both CE and SM must be 0.
If a device is a coordinator and it needs to be changed into an end device, you must set CE to 0 first. If
not, the SM configuration will conflict with the CE configuration. Likewise, to change an end device into
a coordinator, you must change it into a router first.
XBee3® Zigbee® RF Module User Guide
48
Zigbee networks
Zigbee networking concepts
Another complication is that default parameters do not always work well for a coordinator.
For example:
n DH/DL is 0 by default, which allows routers and end devices to send transparent data to the
coordinator when they first come up. If DH/DL is not changed from the default value when the
device is changed to a coordinator, then the device sends data to itself, causing characters to
be echoed back to the screen as they are typed. Since this is probably not the desired
operation, set DH/DL to the broadcast address or some specific unicast address when the
device is changed to a coordinator.
In general, it is your responsibility to ensure that parameters are set to be compatible with the new
device type when changing device types.
PAN ID
Zigbee networks are called personal area networks (PANs). Each network is defined with a unique
PAN identifier (PAN ID), which is common among all devices of the same network. Zigbee devices are
either preconfigured with a PAN ID to join, or they can discover nearby networks and select a PAN ID
to join.
Zigbee supports both a 64-bit and a 16-bit PAN ID. Both PAN IDs are used to uniquely identify a
network. Devices on the same Zigbee network must share the same 64-bit and 16-bit PAN IDs. If
multiple Zigbee networks are operating within range of each other, each should have unique PAN IDs.
16-bit PAN ID
The 16-bit PAN ID is used as a MAC layer addressing field in all RF data transmissions between devices
in a network. However, due to the limited addressing space of the 16-bit PAN ID (65,535 possibilities),
there is a possibility that multiple Zigbee networks (within range of each other) could use the same
16-bit PAN ID. To resolve potential 16-bit PAN ID conflicts, the Zigbee Alliance created a 64-bit PAN ID.
64-bit PAN ID
The 64-bit PAN ID (also called the extended PAN ID), is intended to be a unique, non-duplicated value.
When a coordinator starts a network, it can either start a network on a preconfigured 64-bit PAN ID,
or it can select a random 64-bit PAN ID. Devices use a 64-bit PAN ID during joining; if a device has a
preconfigured 64-bit PAN ID, it will only join a network with the same 64-bit PAN ID. Otherwise, a
device could join any detected PAN and inherit the PAN ID from the network when it joins. All Zigbee
beacons include the 64-bit PAN ID and is used in 16- bit PAN ID conflict resolution.
Routers and end devices
Routers and end devices are typically configured to join a network with any 16-bit PAN ID as long as
the 64-bit PAN ID is valid. Coordinators typically select a random 16-bit PAN ID for their network.
Since the 16-bit PAN ID only allows up to 65,535 unique values, and the device randomly selects the
16-bit PAN ID, provisions exist in Zigbee to detect if two networks (with different 64-bit PAN IDs) are
operating on the same 16- bit PAN ID. If the device detects a conflict, the Zigbee stack can perform
PAN ID conflict resolution to change the 16- bit PAN ID of the network in order to resolve the conflict.
See the Zigbee specification for details.
Zigbee routers and end devices should be configured with the 64-bit PAN ID of the network they want
to join, and they typically acquire the 16-bit PAN ID when they join a network.
Only enable CE on one device to avoid PAN ID conflicts and network problems.
XBee3® Zigbee® RF Module User Guide
49
Zigbee networks
Zigbee application layers: in depth
Operating channels
Zigbee uses direct-sequence spread spectrum modulation and operates on a fixed channel. The
802.15.4 PHY defines 16 operating channels (channels 11 to 26) in the 2.4 GHz frequency band. XBee
modules support all 16 channels.
FCC regulations mandate lower power levels on channel 26, so if you fix your network to channel 26,
you will experience significantly less range on the devices.
Zigbee application layers: in depth
The following topics provide a more in-depth look at the Zigbee application stack layers (APS, ZDO)
including a discussion on Zigbee endpoints, clusters, and profiles. Much of the material in these topics
discuss details of the Zigbee stack that are not required in many cases.
Read these topics if:
n The XBee3 Zigbee RF Module may talk to non-Digi Zigbee devices.
n
The XBee3 Zigbee RF Module requires network management and discovery capabilities of the
ZDO layer.
n
The XBee3 Zigbee RF Module needs to operate in a public application profile (for example,
smart energy, home automation, and so on).
Skip these topics if:
n The XBee3 Zigbee RF Module does not need to interoperate or talk to non-Digi Zigbee devices.
n
The XBee3 Zigbee RF Module simply needs to send data between devices.
Application Support Sublayer (APS)
The APS layer in Zigbee adds support for application profiles, cluster IDs, and endpoints.
Application profiles
Application profiles specify various device descriptions including required functionality for various
devices. The collection of device descriptions forms an application profile. Application profiles are
defined as Public or Private profiles. Private profiles are defined by a manufacturer whereas public
profiles are defined, developed, and maintained by the Zigbee Alliance. Each application profile has a
unique profile identifier assigned by the Zigbee Alliance.
Examples of public profiles include:
n Home automation
n
Smart Energy
n
Commercial building automation
For example, the Smart Energy profile defines various device types including an energy service portal,
load controller, thermostat, in-home display, and so on. The Smart Energy profile defines required
functionality for each device type. For example, a load controller must respond to a defined command
to turn a load on or off. By defining standard communication protocols and device functionality, public
profiles allow interoperable Zigbee solutions to be developed by independent manufacturers.
Digi XBee Zigbee firmware operates on a private profile called the Digi Drop-In Networking profile.
However, in many cases the XBee3 Zigbee RF Module can use API mode to talk to devices in public
profiles or non-Digi private profiles. For more information, see API Operation.
XBee3® Zigbee® RF Module User Guide
50
Zigbee networks
Zigbee application layers: in depth
Clusters
A cluster is an application message type defined within a profile. You can use clusters to specify a
unique function, service, or action. The following examples are some clusters defined in the home
automation profile:
n On/Off - Used to switch devices on or off (lights, thermostats, and so forth)
n
Level Control - Used to control devices that can be set to a level between on and off
n
Color Control - Controls the color of color capable devices
Each cluster has an associated 2-byte cluster identifier (cluster ID). All application transmissions
include the cluster ID. Clusters often have associated request and response messages. For example, a
smart energy gateway (service portal) might send a load control event to a load controller in order to
schedule turning on or off an appliance. Upon executing the event, the load controller sends a load
control report message back to the gateway.
Devices that operate in an application profile (private or public) must respond correctly to all required
clusters. For example, a light switch that operates in the home automation public profile must
correctly implement the On/Off and other required clusters in order to interoperate with other home
automation devices. The Zigbee Alliance has defined a Zigbee cluster library (ZCL) that contains
definitions or various general use clusters that could be implemented in any profile.
XBee modules implement various clusters in the Digi private profile. You can also use the API to send
or receive messages on any cluster ID (and profile ID or endpoint). For more information, see Explicit
Rx Indicator frame - 0x91.
Endpoints
The APS layer includes supports for endpoints. An endpoint can be thought of as a running application,
similar to a TCP/IP port. A single device can support one or more endpoints. A 1- byte value identifies
each application endpoint, ranging from 1 to 240. Each defined endpoint on a device is tied to an
application profile. A device could, for example, implement one endpoint that supports a Smart Energy
load controller, and another endpoint that supports other functionality on a private profile.
No TX Status frame is generated for API frames that have both 0xE6 as the destination endpoint and
0xC105 as the Profile ID as this combination is reserved for internal XBee3 Zigbee RF Module
operations.
Zigbee device profile
Profile ID 0x0000 is reserved for the Zigbee device profile. This profile is implemented on all Zigbee
devices. Device Profile defines many device and service discovery features and network management
capabilities. Endpoint 0 is a reserved endpoint that supports the Zigbee device profile. This endpoint is
called the Zigbee device objects (ZDO) endpoint.
Zigbee device objects
The ZDO (endpoint 0) supports the discovery and management capabilities of the Zigbee device
profile. See the Zigbee specification for a complete listing of all ZDP services. Each service has an
associated cluster ID.
The XBee Zigbee firmware allows applications to easily send ZDO messages to devices in the network
using the API. For more information, see ZDO transmissions.
XBee3® Zigbee® RF Module User Guide
51
Zigbee networks
Zigbee coordinator operation
Zigbee coordinator operation
Form a network
The coordinator is responsible for selecting the channel, PAN ID, security policy, and stack profile for a
network. Since a coordinator is the only device type that can start a network, each Zigbee network
must have one coordinator. After the coordinator has started a network, it can allow new devices to
join the network. It can also route data packets and communicate with other devices on the network.
To ensure the coordinator starts on a good channel and unused PAN ID, the coordinator performs a
series of scans to discover any RF activity on different channels (energy scan) and to discover any
nearby operating PANs (PAN scan). The process for selecting the channel and PAN ID are described in
the following topics.
Security policy
The security policy determines which devices are allowed to join the network, and which device(s) can
authenticate joining devices. See Zigbee security for a detailed discussion of various security policies.
Channel selection
When starting a network, the coordinator must select a “good” channel for the network to operate
on. To do this, it performs an energy scan on multiple channels (that is, frequencies) to detect energy
levels on each channel. The coordinator removes channels with excessive energy levels from its list of
potential channels to start on.
PAN ID selection
After completing the energy scan, the coordinator scans its list of potential channels (remaining
channels after the energy scan) to obtain a list of neighboring PANs. To do this, the coordinator sends
a beacon request (broadcast) transmission on each potential channel. All nearby coordinators and
routers that have already joined a Zigbee network respond to the beacon request by sending a
beacon back to the coordinator. The beacon contains information about which PAN the device is on,
including the PAN identifiers (16-bit and 64-bit). This scan (collecting beacons on the potential
channels) is typically called an active scan or PAN scan.
After the coordinator completes the channel and PAN scan, it selects a random channel and unused
16-bit PAN ID to start on.
Persistent data
Once a coordinator starts a network, it retains the following information through power cycle or reset
events:
n
PAN ID
n
Operating channel
n
Security policy and frame counter value
n
Child table (end device children that are joined to the coordinator)
n
Binding table
n
Group table
XBee3® Zigbee® RF Module User Guide
52
Zigbee networks
Zigbee coordinator operation
The coordinator retains this information indefinitely until it leaves the network. When the coordinator
leaves a network and starts a new network, the previous PAN ID, operating channel, link key table,
and child table data are lost.
Coordinator startup
The following table provides the network formation commands that the coordinator uses to form a
network.
Command Description
CE
Must be set to 1 to specify that the device will act as a coordinator and form a network.
ID
Used to determine the 64-bit PAN ID. If set to 0 (default), a random 64-bit PAN ID will
be selected.
SC
Determines the scan channels bitmask used by the coordinator when forming a
network. The coordinator will perform an energy scan on all enabled SC channels. It will
then perform a PAN ID scan.
SD
Set the scan duration, or time that the router will listen for beacons on each channel.
ZS
Set the Zigbee stack profile for the network.
EE
Enable or disable security in the network.
KY
If encryption is enabled, a preconfigured link key can be set. Any device with a matching
link key will be allowed to join when the join window is open. If KY is set to 0, a random
link key will be assigned, and devices will have to be registered to join or allowed to
insecurely join using a default link key.
NK
Set a preconfigured network key for secured networks. NK is only applicable to the
device with CE = 1 and defines the initial network key. In most situations you should
leave this value at 0.
EO
Set the security policy for the network if encryption is enabled. EO defines whether the
coordinator should act as a centralized trust center or form the network as a router in
a distributed trust center network. You can also optionally allow insecure devices to
join using a well-known link key.
Configuration changes delay the start of network formation for five seconds after the last change.
Once the coordinator starts a network, the network configuration settings and child table data
persist through power cycles as mentioned in Persistent data.
When the coordinator has successfully started a network, it:
n Allows other devices to join the network for a time; see NJ (Node Join Time)
n
Sets AI = 0
n
Starts blinking the Associate LED
n
Sends an API modem status frame (“coordinator started”) out the serial port when using API
mode
These behaviors are configurable using the following commands:
XBee3® Zigbee® RF Module User Guide
53
Zigbee networks
Zigbee coordinator operation
Command Description
NJ
Sets the permit-join time on the coordinator, measured in seconds.
D5
Enables the Associate LED functionality.
LT
Sets the Associate LED blink time when joined. If LT = 0, the default is 1 blink per 500
ms (coordinator) 250 ms (router/end device).
If any of the command values in the network formation commands table changes, the coordinator
leaves its current network and starts a new network, possibly on a different channel.
Note Command changes must be applied (AC or CN command) before taking effect.
Permit joining
You can use NJ (Node Join Time) to configure the permit joining attribute on the coordinator. You can
configure NJ to always allow joining, or to allow joining for a short time. By default, the join window
opens for 254 seconds, after which joining will not be allowed until the join window opens again.
Joining temporarily enabled
Set NJ < 0xFF, to enable joining for only a number of seconds, based on the NJ parameter. Once the
XBee3 Zigbee RF Module joins a network, the timer starts. The coordinator does not re-enable joining
if the device is power cycled or reset. The following actions restart the permit-joining timer:
n Changing NJ to a different value (and applying changes with the AC or CN commands).
n
Pressing the Commissioning button twice.
n
Issuing the CB command with a parameter of 2.
The last two actions enable joining for one minute if NJ is 0x0. Otherwise, the Commissioning button
and the CB2 command enable joining for NJ seconds.
Joining always enabled
If NJ = 0xFF, joining is permanently enabled.
Use this mode carefully. Once a network has been deployed, we strongly recommend
that the application consider disabling joining to prevent unwanted joins from occurring.
An always-open network operates outside of the Zigbee 3.0 specifications.
Reset the coordinator
When you reset or power cycle the coordinator, it checks its PAN ID, operating channel and stack
profile against the network configuration settings (ID, CH, ZS). It also verifies the saved security policy
against the security configuration settings (EE, NK, KY). If the coordinator's PAN ID, operating channel,
stack profile, or security policy is not valid based on its network and security configuration settings,
the coordinator leaves the network and attempts to form a new network based on its network
formation command values.
To prevent the coordinator from leaving an existing network, issue the WR command after all network
formation commands have been configured in order to retain these settings through power cycle or
reset events.
XBee3® Zigbee® RF Module User Guide
54
Zigbee networks
Zigbee coordinator operation
Leave a network
The following mechanisms cause the coordinator to leave its current PAN and start a new network
based on its network formation parameter values.
n
Change the ID command such that the current 64-bit PAN ID is invalid.
n
Change the SC command such that the current channel (CH) is not included in the channel
mask.
n
Change the ZS or any of the security command values.
n
Issue the NR0 command to cause the coordinator to leave.
n
Issue the NR1 command to send a broadcast transmission, causing all devices in the network
to leave and migrate to a different channel.
n
Press the commissioning button four times or issue the CB command with a parameter of 4.
This restores the device to a default configuration state.
n
Issue a network ZDO leave command.
Note Changes to ID, SC, ZS, and security command values only take effect when changes are applied
(AC or CN commands).
Replace a coordinator (security disabled only)
On rare occasions, it may become necessary to replace an existing coordinator in a network with a
new physical device. If security is not enabled in the network, you can configure a replacement XBee
coordinator with the PAN ID (16-bit and 64-bit), channel, and stack profile settings of a running
network in order to replace an existing coordinator.
Note Avoid having two coordinators on the same channel, stack profile, and PAN ID (16-bit and 64-bit)
as it can cause problems in the network. When replacing a coordinator, turn off the old coordinator
before starting the new coordinator.
To replace a coordinator, read the following commands from a device on the network:
Command
Description
OP
Read the operating 64-bit PAN ID.
OI
Read the operating 16-bit PAN ID.
CH
Read the operating channel.
ZS
Read the stack profile.
Each of the commands listed above can be read from any device on the network. These parameters
will be the same on all devices in the network. After reading the commands from a device on the
network, program the parameter values into the new coordinator using the following commands.
XBee3® Zigbee® RF Module User Guide
55
Zigbee networks
Zigbee coordinator operation
Command Description
ID
Set the 64-bit PAN ID to match the read OP value.
II
Set the initial 16-bit PAN ID to match the read OI value.
SC
Set the scan channels bitmask to enable the read operating channel (CH command).
For example, if the operating channel is 0x0B, set SC to 0x0001. If the operating
channel is 0x17, set SC to 0x1000.
ZS
Set the stack profile to match the read ZS value.
II is the initial 16-bit PAN ID. Under certain conditions, the Zigbee stack can change the 16-bit PAN ID
of the network. For this reason, you cannot save the II command using the WR command. Once II is
set, the coordinator leaves the network and starts on the 16-bit PAN ID specified by II.
Example: start a coordinator
1. Set CE (Device Role) to 1 to indicate to the local device that it should form a network. Use WR
(Write) to save the changes.
2. Set SC and ID to the desired scan channels and PAN ID values. The defaults are usually
sufficient.
3. If you change SC or ID from the default, issue the WR command to save the changes.
4. If you change SC or ID from the default, apply changes (make SC and ID changes take effect)
either by sending the AC command or by exiting AT Command mode.
5. If an Associate LED has been connected, it starts blinking once the coordinator has selected a
channel and PAN ID and the network has started.
6. The API Modem Status frame (Coordinator Started) is sent out the serial port when using API
mode.
7. Reading the AI command (association status) returns a value of 0, indicating a successful
startup.
8. Reading the MY command (16-bit address) returns a value of 0, the Zigbee-defined 16-bit
address of the coordinator.
After startup, the coordinator allows joining based on its NJ value. We highly recommend that you
issue a WR command to write all applied settings to flash.
Example: replace a coordinator (security disabled)
1. Read the OP, OI, CH, and ZS commands on the running coordinator.
2. Set the CE, ID, SC, and ZS parameters on the new coordinator to match the existing
coordinator, followed by WR command to save these parameter values.
3. Turn off the running coordinator.
4. Set the II (Initial 16-bit PAN ID) parameter on the new coordinator to match the read OI value
on the old coordinator.
5. Wait for the new coordinator to start (AI = 0).
XBee3® Zigbee® RF Module User Guide
56
Zigbee networks
Router operation
Router operation
Routers must discover and join a valid Zigbee network before they can participate in a Zigbee
network. After a router has joined a network, it can allow new devices to join the network. It can also
route data packets and communicate with other devices on the network.
Discover Zigbee networks
To discover nearby Zigbee networks, the router performs a PAN (or active) scan, just like the
coordinator does when it starts a network. During the PAN scan, the router sends a beacon request
(broadcast) transmission on the first channel in its scan channels list. All nearby coordinators and
routers operating on that channel that are already part of a Zigbee network respond to the beacon
request by sending a beacon back to the router.
The beacon contains information about the PAN the nearby device is on, including the PAN identifier
(PAN ID), and whether or not joining is allowed. The router evaluates each beacon received on the
channel to determine if it finds a valid PAN. A PAN is valid if any of the following exist:
n
Has a valid 64-bit PAN ID (PAN ID matches ID if ID > 0)
n
Has the correct stack profile (ZS command)
n
Allows joining the network
If the router does not find a valid PAN, it performs the PAN scan on the next channel in its scan
channels list and continues scanning until it finds a valid network, or until all channels have been
scanned. If the rounter scans all channels and does not discover a valid PAN, it scans all channels
again.
The Zigbee Alliance requires that certified solutions not send beacon request messages too
frequently. To meet certification requirements, the XBee firmware attempts nine scans per minute for
the first five minutes, and three scans per minute thereafter. If a valid PAN is within range of a joining
router, it typically discovers the PAN within a few seconds.
Join a network
Once the router discovers a valid network, it sends an association request to the device that sent a
valid beacon requesting a join on the Zigbee network. The device allowing the join then sends an
association response frame that either allows or denies the join.
When a router joins a network, it receives a 16-bit address from the device that allowed the join. The
device that allowed the join randomly selects the 16-bit address.
Authentication
In a network where security is enabled, the router must follow an authentication process. See Zigbee
security for a discussion on security and authentication.
After the router is joined (and authenticated, in a secure network), it can allow new devices to join the
network.
Persistent data
Once a router joins a network, it retains the following information through power cycle or reset
events:
n
PAN ID
n
Operating channel
XBee3® Zigbee® RF Module User Guide
57
Zigbee networks
Router operation
n
Security policy and frame counter values
n
Child table (end device children that are joined to the coordinator)
n
Binding table
n
Group table
The router retains this information indefinitely until it leaves the network. When the router leaves a
network, it loses the previous PAN ID, operating channel, and child table data.
Zigbee router joining
When the router powers on, if it is not already joined to a valid Zigbee network, it immediately
attempts to find and join a valid Zigbee network.
Set DJ (Disable Joining) to 1 to disable joining. You cannot write the DJ parameter with the WR
command, so a power cycle always clears the DJ setting.
The following commands control the router joining process.
Command Description
ID
Sets the 64-bit PAN ID to join. Setting ID = 0 allows the router to join any 64-bit PAN ID.
SC
Set the scan channels bitmask that determines which channels a router scans to find a
valid network. Set SC on the router to match SC on the coordinator. For example,
setting SC to 0x281 enables scanning on channels 11, 18 and 20, in that order.
SD
Set the scan duration, or time that the router listens for beacons on each channel.
ZS
Set the stack profile on the device.
EE
Enable or disable security in the network. This must be set to match the EE value
(security policy) of the coordinator.
KY
Set the trust center link key. If set to 0 (default), the link key is expected to be obtained
(unencrypted) during joining.
EO
If encryption is enabled (EE = 1), set the joining device's Encryption Options to match
the Encryption Options of the network.
Configuration changes delay the start of joining for five seconds after the last change.
Once the router joins a network, the network configuration settings and child table data persist
through power cycles as mentioned in Persistent data. If joining fails, read the status of the last join
attempt in the AI command register.
If any of the above command values change, when command register changes are applied (AC or CN
commands), the router leaves its current network and attempts to discover and join a new valid
network. When a Zigbee router has successfully joined a network, it:
n
Allows other devices to join the network for a time
n
Sets AI = 0
n
Starts blinking the Associate LED
n
Sends an API modem status frame (associated) out the serial port when using API mode
You can configure these behaviors using the following commands:
XBee3® Zigbee® RF Module User Guide
58
Zigbee networks
Router operation
Command Description
NJ
Sets the permit-join time on the router, or the time that it allows new devices to join
the network, measured in seconds. Set NJ = 0xFF to always enable permit joining.
D5
Enables the Associate LED functionality.
LT
Sets the Associate LED blink time when joined. The default is 2 blinks per second
(router).
Router network connectivity
Once a router joins a Zigbee network, it remains connected to the network on the same channel and
PAN ID unless it is forced to leave (see Leave a network). If the scan channels (SC), PAN ID (ID) and
security settings (EE, KY) do not change after a power cycle, the router remains connected to the
network after a power cycle.
If a router is physically moved out of range of the network it initially joined, make sure the application
includes provisions to detect if the router can still communicate with the original network. If
communication with the original network is lost, the application may choose to force the router to
leave the network. The XBee firmware includes two provisions to automatically detect the presence
of a network and leave if the check fails.
Power-On join verification
JV (Coordinator Join Verification) enables the power-on join verification check. If enabled, the XBee3
Zigbee RF Module attempts to discover the 64-bit address of the coordinator when it first joins a
network. Once it has joined, it also attempts to discover the 64-bit address of the coordinator after a
power cycle event. If 3 discovery attempts fail, the router leaves the network and try to join a new
network. The default setting for Power-on join verification is disabled (JV defaults to 0).
Network watchdog
Use NW (Network Watchdog Timeout) for a powered router to periodically check for the presence of a
coordinator to verify network connectivity. The NW command specifies a timeout in minutes where
the router must receive communication from the coordinator or data collector. The following events
restart the network watchdog timer:
n RF data received from the coordinator
n
RF data sent to the coordinator and an acknowledgment was received
n
Many-to-one route request was received (from any device)
n
Change the value of NW
If the watchdog timer expires (no valid data received for NW time), the router attempts to discover
the 64-bit address of the coordinator. If the router cannot discover the address, it records one
watchdog timeout. After three consecutive network watchdog timeouts expire (3 * NW) and the
coordinator has not responded to the address discovery attempts, the router leaves the network and
attempts to join a new network.
Anytime a router receives valid data from the coordinator or data collector, it clears the watchdog
timeouts counter and restarts the watchdog timer. You can set the network watchdog timer (NW
command) to several days. The default setting for the network watchdog feature is disabled (NW
defaults to 0). The following flowchart illustrates network watchdog behavior:
XBee3® Zigbee® RF Module User Guide
59
Zigbee networks
Router operation
Network Locator option
The Device Options Network Locator option supports swapping or replacing a Coordinator in a running
network. The Network Locator option, if enabled (DO= 80), modifies the behavior of the JV and NW
options. If there is no communication with the Coordinator, the radio starts a search for the network
across the channels of the Search Channel mask (SC) rather than leaving the network.
If the device finds a network on the old channel with the same OI (operating ID), the search mode
ends and reschedules NW if enabled. If the device finds a network with a new OI but satisfies the
radio's search for a matching ID and ZS, the device leaves the old network and joins the new network
with the new OI.
Reset the Router
When you reset or power cycle the router, it checks its PAN ID, operating channel and stack profile
against the network configuration settings (ID, SC, ZS). It also verifies the saved security policy is valid
based on the security configuration commands (EE, KY). If the router's PAN ID, operating channel,
stack profile, or security policy is invalid, the router leaves the network and attempts to join a new
network based on its network joining command values.
XBee3® Zigbee® RF Module User Guide
60
Zigbee networks
End device operation
To prevent the router from leaving an existing network, issue the WR command after all network
joining commands have been configured; this retains the settings through power cycle or reset
events.
Example: join a network
After starting a coordinator that is allowing joins, the following steps cause a router to join the
network:
1. Set ID to the desired 64-bit PAN ID, or to 0 to join any PAN.
2. Set SC to the list of channels to scan to find a valid network.
3. Set the security settings to match the coordinator.
4. If you SC or ID from the default, apply changes (that is, make SC and ID changes take effect) by
issuing the AC or CN command.
5. The Associate LED starts blinking once the router has joined a PAN.
6. If the Associate LED is not blinking, read the AI command to determine the cause of join failure.
7. Once the router joins, the OP and CH commands indicate the operating 64-bit PAN ID and
channel the router joined.
8. The MY command reflects the 16-bit address the router received when it joined.
9. The API Modem Status frame (“Associated”) is sent out the serial port when using API mode.
10. The joined router allows other devices to join for a time based on its NJ setting.
End device operation
Similar to routers, end devices must discover and join a valid Zigbee network before they can
participate in the network. After an end device joins a network, it can communicate with other devices
on the network. Because end devices are battery powered and support low power (sleep) modes, they
cannot allow other devices to join or route data packets.
Discover Zigbee networks
End devices go through the same process as routers to discover networks by issuing a PAN scan. After
sending the broadcast beacon request transmission, the end device listens for a short time in order to
receive beacons sent by nearby routers and coordinators on the same channel. The end device
evaluates each beacon received on the channel to determine if it finds a valid PAN. A PAN is valid if any
of the following exist:
n Has a valid 64-bit PAN ID (PAN ID matches ID if ID > 0)
n
Has the correct stack profile (ZS command)
n
Allows joining the network
n
Has capacity for additional end devices
If the end device does not find a valid PAN, it performs the PAN scan on the next channel in its scan
channels list and continues this process until it finds a valid network, or until all channels have been
scanned. If the end device scan all channels and does not discover a valid PAN, it may enter a low
power sleep state and scan again later.
If scanning all SC channels fails to discover a valid PAN, XBee Zigbee devices attempt to enter a low
power state and retries scanning all SC channels after the device wakes from sleeping. If the device
XBee3® Zigbee® RF Module User Guide
61
Zigbee networks
End device operation
cannot enter a low power state, it retries scanning all channels, similar to the router. To meet Zigbee
Alliance requirements, the end device attempts up to nine scans per minute for the first five minutes,
and three scans per minute thereafter.
Note The XBee Zigbee end device will not enter sleep until it has completed scanning all SC channels
for a valid network.
Join a network
Once the end device discovers a valid network, it joins the network, similar to a router, by sending an
association request (to the device that sent a valid beacon) to request a join on the Zigbee network.
The device allowing the join then sends an association response frame that either allows or denies the
join.
When an end device joins a network, it receives a 16-bit address from the device that allowed the join.
The device that allowed the join randomly selects the 16-bit address.
Parent child relationship
Since an end device may enter low power sleep modes and not be immediately responsive, the end
device relies on the device that allowed the join to receive and buffer incoming messages on its behalf
until it is able to wake and receive those messages. The device that allowed an end device to join
becomes the parent of the end device, and the end device becomes a child of the device that allowed
the join.
End device capacity
Routers and coordinators maintain a table of all child devices that have joined called the child table.
This table is a finite size and determines how many end devices can join. If a router or coordinator has
at least one unused entry in its child table, the device has end device capacity. In other words, it can
allow one or more additional end devices to join. Zigbee networks have sufficient routers to ensure
adequate end device capacity.
The initial release of software on this platform supports up to 20 end devices when configured as a
coordinator or a router.
In Zigbee firmware, use the NC command (number of remaining end device children) to determine
how many additional end devices can join a router or coordinator. If NC returns 0, then the router or
coordinator device has no more end device capacity.
Note Because routers cannot sleep, there is no equivalent need for routers or coordinators to track
joined routers. There is no limit to the number of routers that can join a given router or coordinator
device and no “router capacity” metric.
Authentication
In a network where security is enabled, the end device must then go through an authentication
process. For more information, see Zigbee security.
Persistent data
The end device can retain its PAN ID, operating channel, and security policy information through a
power cycle. However, since end devices rely heavily on a parent, the end device does an orphan scan
to try and contact its parent. If the end device does not receive an orphan scan response (coordinator
XBee3® Zigbee® RF Module User Guide
62
Zigbee networks
End device operation
realignment command), it leaves the network and tries to discover and join a new network. When the
end device leaves a network, it loses the previous PAN ID and operating channel settings.
Orphan scans
When an end device comes up from a power cycle, it performs an orphan scan to verify it still has a
valid parent. The device sends the orphan scan as a broadcast transmission and contains the 64-bit
address of the end device. Nearby routers and coordinator devices that receive the broadcast check
their child tables for an entry that contains the end device's 64-bit address. If the devices find an entry
with a matching 64-bit address, they send a coordinator realignment command to the end device that
includes the 16-bit address of the end device, 16-bit PAN ID, operating channel, and the parent's 64-bit
and 16-bit addresses.
If the orphaned end device receives a coordinator realignment command, it joins the network.
Otherwise, it attempts to discover and join a valid network.
End device joining
When you power on an end device, if it is not joined to a valid Zigbee network, or if the orphan scan
fails to find a parent, the device attempts to find and join a valid Zigbee network.
Note Set the DJ command to 1 to disable joining. You cannot write the DJ parameter with WR, so a
power cycle always clears the DJ setting.
The following commands control the end device joining process.
Command Description
ID
Sets the 64-bit PAN ID to join. Setting ID = 0 allows the router to join any 64-bit PAN ID.
SC
Set the scan channels bitmask that determines which channels an end device will scan
to find a valid network. SC on the end device should be set to match SC on the
coordinator and routers in the desired network. For example, setting SC to 0x281
enables scanning on channels 0x0B, 0x12, and 0x14, in that order.
SD
Set the scan duration, or time that the end device will listen for beacons on each
channel.
ZS
Set the stack profile on the device.
EE
Enable or disable security in the network. This must be set to match the EE value
(security policy) of the coordinator.
KY
Set the trust center link key. If set to 0 (default), the link key is expected to be obtained
(unencrypted) during joining.
EO
If encryption is enabled (EE = 1), set the joining device's Encryption Options to match
the Encryption Options of the network.
Once the end device joins a network, the network configuration settings persist through power cycles
as mentioned in Persistent data. If joining fails, read the status of the last join attempt in the AI
command register.
If any of these command values change when command register changes are applied, the end device
leaves its current network and attempts to discover and join a new valid network.
When a Zigbee end device has successfully started a network, it:
XBee3® Zigbee® RF Module User Guide
63
Zigbee networks
Zigbee channel scanning
n
Sets AI equal to 0
n
Starts blinking the Associate LED if one has been connected to the device's ASSC pin (Micro pin
26/SMT pin 28/TH pin 15)
n
Sends an API modem status frame (“associated”) out the serial port when using API mode
n
Attempts to enter the sleep mode defined by the SM parameter
You can use the following commands to configure these behaviors:
Command
Description
D5
Enables the Associate LED functionality.
LT
Sets the Associate LED blink time when joined. Default is 2 blinks per second (end
devices).
SM, SP, ST, SN,
SO
Parameters that configure the sleep mode characteristics. See End Device
configuration.
Parent connectivity
The XBee3 Zigbee RF Module end device sends regular poll transmissions to its parent when it is
awake. These poll transmissions query the parent for any new received data packets. The parent
always sends a MAC layer acknowledgment back to the end device. The acknowledgment indicates
whether the parent has data for the end device.
If the end device does not receive an acknowledgment for three consecutive poll requests, it
considers itself disconnected from its parent and attempts to discover and join a valid Zigbee
network. For more information, see Manage End Devices.
Reset the end device
When the end device is reset or power cycled, if the orphan scan successfully locates a parent, the end
device then checks its PAN ID, operating channel and stack profile against the network configuration
settings (ID, SC, ZS). It also verifies the saved security policy is valid based on the security
configuration commands (EE, EO, KY). If the end device's PAN ID, operating channel, stack profile, or
security policy is invalid, the end device will leave the network and attempt to join a new network
based on its network joining command values.
To prevent the end device from leaving an existing network, the WR command should be issued after
all network joining commands have been configured in order to retain these settings through power
cycle or reset events.
Zigbee channel scanning
Routers and end devices must scan one or more channels to discover a valid network to join. When a
join attempt begins, the device sends a beacon request transmission on the lowest channel specified
in the SC (Scan Channels) bitmask. If the device finds a valid PAN on the channel, it attempts to join
the PAN on that channel. Otherwise, if the device does not find a valid PAN on the channel, it attempts
scanning on the next higher channel in the SC bitmask.
The device continues to scan each channel (from lowest to highest) in the SC bitmask until it finds a
valid PAN or all channels have been scanned. Once the device scans all channels, the next join attempt
starts scanning on the lowest channel specified in the SC bitmask.
XBee3® Zigbee® RF Module User Guide
64
Zigbee networks
Zigbee channel scanning
For example, if the SC command is set to 0x400F, the device starts scanning on channel 11 (0x0B) and
scans until it finds a valid beacon, or until it scans channels 11, 12, 13, 14, and 25 have been scanned
(in that order).
Once an XBee router or end device joins a network on a given channel, if the XBee device receives a
network leave command (see Leave a network), it leaves the channel it joined on and continues
scanning on the next higher channel in the SC bitmask.
For example, if the SC command is set to 0x400F and the device joins a PAN on channel 12 (0x0C), if
the XBee3 Zigbee RF Module leaves the channel, it starts scanning on channel 13, followed by
channels 14 and 25 if it does not find a valid network. Once all channels have been scanned, the next
join attempt starts scanning on the lowest channel specified in the SC bitmask.
Manage multiple Zigbee networks
In some applications, multiple Zigbee networks may exist in proximity of each other. The application
may need provisions to ensure the device joins the desired network. There are a number of features in
Zigbee to manage joining among multiple networks. These include the following:
n PAN ID filtering
n
Preconfigured security keys
n
Permit joining
n
Application messaging
Filter PAN ID
Set ID (Extended PAN ID) to a non-zero value to configure the XBee3 Zigbee RF Module with a fixed
PAN ID.
If you set the PAN ID to a non-zero value, the device will only join a network with the same PAN ID.
Configure security keys
Similar to PAN ID filtering, this method requires that you install a known security key on a router to
ensure it joins a Zigbee network with the same security key.
1. Use EE (Encryption Enable) to enable security.
2. Use KY (AES Encryption Key) to set the preconfigured link key to a non-zero value.
Now the XBee router or end device will only join a network with the same security key.
Prevent unwanted devices from joining
You can disable the permit-joining parameter in a network to prevent unwanted devices from joining.
When you need to add a new device to a network, enable permit-joining for a short time on the
desired network.
In the XBee firmware:
1. Set NJ (Node Join Time) to a value less than 0xFF on all routers and coordinator devices to
restrict joining (recommended).
2. Use the Commissioning pushbutton or CB (Commissioning Pushbutton) to allow joining for a
short time; for more information, see Network commissioning and diagnostics.
XBee3® Zigbee® RF Module User Guide
65
Zigbee networks
Zigbee channel scanning
Application messaging framework
If none of the previous mechanisms are feasible, you can build a messaging framework between the
coordinator and devices that join its network into the application. For example, the application code in
joining devices could send a transmission to the coordinator after joining a network, and wait to
receive a defined reply message. If the application does not receive the expected response message
after joining, it could force the device to leave and continue scanning; see NR (Network Reset).
XBee3® Zigbee® RF Module User Guide
66
Transmission, addressing, and routing
Addressing
Data transmission
Binding transmissions
Multicast transmissions
Fragmentation
Data transmission examples
RF packet routing
Encrypted transmissions
Maximum RF payload size
Throughput
ZDO transmissions
Transmission timeouts
XBee3® Zigbee® RF Module User Guide
68
68
71
72
72
72
74
84
84
86
86
89
67
Transmission, addressing, and routing
Addressing
Addressing
All Zigbee devices have two different addresses, a 64-bit and a 16-bit address. This section describes
the characteristics of each.
64-bit device addresses
The 64-bit address is a device address which is unique to each physical device. It is sometimes also
called the MAC address or extended address and is assigned during the manufacturing process. The
first three bytes of the 64-bit address is a Organizationally Unique Identifier (OUI) assigned to the
manufacturer by the IEEE. The OUI of XBee devices is 0x0013A2.
16-bit device addresses
A device receives a 16-bit address when it joins a Zigbee network. For this reason, the 16-bit address
is also called the network address. The 16-bit address of 0x0000 is reserved for the coordinator. All
other devices receive a randomly generated address from the router or coordinator device that allows
the join. The 16-bit address can change under certain conditions:
n An address conflict is detected where two devices are found to have the same 16-bit address
n
A device leaves the network and later joins (it can receive a different address)
All Zigbee transmissions are sent using the source and destination 16-bit addresses. The routing
tables on Zigbee devices also use 16-bit addresses to determine how to route data packets through
the network. However, since the 16-bit address is not static, it is not a reliable way to identify a
device.
To solve this problem, the 64-bit destination address is often included in data transmissions to
guarantee data is delivered to the correct destination. The Zigbee stack can discover the 16-bit
address, if unknown, before transmitting data to a remote.
Application layer addressing
Zigbee devices support multiple application profiles, cluster IDs, and endpoints (for more information,
see Zigbee application layers: in depth). Application layer addressing allows data transmissions to be
addressed to specific profile IDs, cluster IDs, and endpoints. Application layer addressing is useful if an
application must do any of the following:
n Interoperate with other Zigbee devices outside of the Digi application profile.
n
Use service and network management capabilities of the ZDO.
n
Operate on a public application profile such as Home Automation or Smart Energy.
API mode provides a simple yet powerful interface that easily sends data to any profile ID, endpoint,
and cluster ID combination on any device in a Zigbee network.
Data transmission
You can send Zigbee data packets as either unicast or broadcast transmissions. Unicast transmissions
route data from one source device to one destination device, whereas broadcast transmissions are
sent to many or all devices in the network.
Broadcast transmissions
Broadcast transmissions within the Zigbee protocol are intended to be propagated throughout the
entire network such that all nodes receive the transmission. To accomplish this, the coordinator and
XBee3® Zigbee® RF Module User Guide
68
Transmission, addressing, and routing
Data transmission
all routers that receive a broadcast transmission retransmits the packet three times.
Note When a router or coordinator delivers a broadcast transmission to an end device child, the
transmission is only sent once (immediately after the end device wakes and polls the parent for any
new data). For more information, see Parent operation.
Each node that transmits the broadcast also creates an entry in a local broadcast transmission table.
This entry to keeps track of each received broadcast packet to ensure the packets are not
transmitted endlessly. Each entry persists for 8 seconds, and the broadcast transmission table holds 8
entries, effectively limiting network broadcast transmissions to once per second.
For each broadcast transmission, the Zigbee stack reserves buffer space for a copy of the data packet
that retransmits the packet as needed. Large broadcast packets require more buffer space. Users
cannot change any buffer spacing; information on buffer space is for general knowledge only. The
XBee3 Zigbee RF Module handles buffer spacing automatically.
Since each device in the network retransmits broadcast transmissions, use broadcast messages
sparingly to avoid network congestion.
Unicast transmissions
Unicast transmissions are sent from one source device to another destination device. The destination
device could be an immediate neighbor of the source, or it could be several hops away. Unicast
transmissions sent along a multiple hop path require some means of establishing a route to the
destination device. For more information, see RF packet routing.
Address resolution
Each device in a Zigbee network has both a 16-bit (network) address and a 64-bit (extended) address.
The 64-bit address is unique and assigned to the device during manufacturing, and the 16-bit address
XBee3® Zigbee® RF Module User Guide
69
Transmission, addressing, and routing
Data transmission
is obtained after joining a network. The 16-bit address can also change under certain conditions.
When sending a unicast transmission, the Zigbee network layer uses the 16-bit address of the
destination and each hop to route the data packet. If you do not know the 16-bit address of the
destination, the Zigbee stack includes a discovery provision to automatically discover the destination
16-bit address of the device before routing the data.
To discover a 16-bit address of a remote, the device initiating the discovery sends a broadcast address
discovery transmission. The address discovery broadcast includes the 64-bit address of the remote
device with the 16-bit address being requested. All nodes that receive this transmission check the 64bit address in the payload and compare it to their own 64-bit address. If the addresses match, the
device sends a response packet back to the initiator. This response includes the remote's 16-bit
address. When the device receives the discovery response, the initiator transmits the data.
You can address frames using either the extended or the network address. If you use the extended
address form, set the 16-bit network address field to 0xFFFE (unknown). If you use the 16-bit
network address form, set the 64-bit extended address field to 0xFFFFFFFFFFFFFFFF (unknown).
If you use an invalid 16-bit address as a destination address, and the 64-bit address is unknown
(0xFFFFFFFFFFFFFFFF), the modem status message shows a delivery status code of 0x21 (network
ack failure) and a discovery status of 0x00 (no discovery overhead). If you use a non-existent 64-bit
address as a destination address, and the 16-bit address is unknown (0xFFFE), the device attempts
address discovery and the modem status message shows a delivery status code of 0x24 (address not
found) and a discovery status code of 0x01 (address discovery was attempted).
Address table
Each Zigbee device maintains an address table that maps a 64-bit address to a 16-bit address. When a
transmission is addressed to a 64-bit address, the Zigbee stack searches the address table for an
entry with a matching 64-bit address to determining the destination's 16-bit address. If the Zigbee
stack does not find a known 16-bit address, it performs address discovery to discover the device's
current 16-bit address.
64-bit address
16-bit address
0013 A200 4000 0001
0x4414
0013 A200 400A 3568
0x1234
0013 A200 4004 1122
0xC200
0013 A200 4002 1123
0xFFFE (unknown)
The module supports up to 20 address table entries. For applications where a single device (for
example, coordinator) sends unicast transmissions to more than 10 devices, the application
implements an address table to store the 16-bit and 64-bit addresses for each remote device. Use API
mode for any XBee device that sends data to more than 10 remotes. The application can then send
both the 16-bit and 64-bit addresses to the XBee device in the API transmit frames which significantly
reduces the number of 16-bit address discoveries and greatly improves data throughput.
If an application supports an address table, the size should be larger than the maximum number of
destination addresses the device communicates with. Each entry in the address table should contain a
64-bit destination address and its last known 16-bit address.
When sending a transmission to a destination 64-bit address, the application searches the address
table for a matching 64-bit address. If it finds a match, the application populates the 16-bit address
into the 16-bit address field of the API frame. If it does not find a match, set the 16-bit address to
XBee3® Zigbee® RF Module User Guide
70
Transmission, addressing, and routing
Binding transmissions
0xFFFE (unknown) in the API transmit frame. The API provides indication of a remote device's 16-bit
address in the following frames:
n All receive data frames
n
Rx Data (0x90)
n
Rx Explicit Data (0x91)
n
I/O Sample Data (0x92)
n
Node Identification Indicator (0x95)
n
Route Record Indicator (0xA1) and so forth
n
Transmit status frame (0x8B)
Group table
Each router and the coordinator maintain a persistent group table. Each entry contains the following: n Endpoint value
n
Two byte group ID
n
Optional name string of zero to 16 ASCII characters
n
Index into the binding table
More than one endpoint may be associated with a group ID, and more than one group ID may be
associated with a given endpoint. The capacity of the group table is 16 entries.
The application always updates the 16-bit address in the address table when it receives one of the
frames to ensure the table has the most recently known 16-bit address. If a transmission failure
occurs, the application sets the 16-bit address in the table to 0xFFFE (unknown).
Binding transmissions
Binding transmissions use indirect addressing to send one or more messages to other destination
devices. The device handles an Explicit Addressing Command frame - 0x11 using the Indirect Tx Option
(0x04) as a binding transmission request.
Address resolution
The XBee3 Zigbee RF Module use the source endpoint and cluster ID values of a binding transmission
as keys to lookup matching binding table entries. For each matching binding table entry, the type field
of the entry indicates whether to send a unicast or a multicast message. In the case of a unicast
entry, the transmission request is updated with the Destination Endpoint and MAC Address, and
unicast to its destination. In the case of a multicast entry, the device updates the message using the
two least significant bytes of the Destination MAC Address as the groupID, and multicast to its
destinations.
Binding table
Each router and coordinator maintain a persistent binding table to map source endpoint and cluster
ID values into 64 bit destination address and endpoint values. The capacity of the binding table is 16
entries.
XBee3® Zigbee® RF Module User Guide
71
Transmission, addressing, and routing
Multicast transmissions
Multicast transmissions
XBee modules use multicast transmissions to broadcast a message to destination devices that have
active endpoints associated with a common group ID. The device handles an Explicit Addressing
Command frame - 0x11 using the Multicast Tx Option (0x08) as a multicast transmission request.
Address resolution
The 64 bit destination address value does not matter and we recommend that it be set to
0xFFFFFFFFFFFFFFFF. Set the 16 bit destination address value to the destination groupID.
Fragmentation
Each unicast transmission may support up to 84 bytes of RF payload, although enabling security or
using source routing can reduce this number. For more information, see NP (Maximum Packet
Payload Bytes). However, the XBee Zigbee firmware supports a Zigbee feature called fragmentation
that allows a single large data packet to be broken up into multiple RF transmissions and
reassembled by the receiver before sending data out its serial port.
The transmit frame can include up to 255 bytes of data broken up into multiple transmissions and
reassembled on the receiving side. If one or more of the fragmented messages are not received by
the receiving device, it drops the entire message, and the sender indicates a transmission failure in
Transmit Status frame - 0x8B.
Applications that do not wish to use fragmentation should avoid sending more than the maximum
number of bytes in a single RF transmission (see Maximum RF payload size.
If you enable RTS flow control on the receiving device (using the D6 command) it receives a
fragmented message, it ignores RTS flow control.
Note Broadcast transmissions do not support fragmentation. Maximum payload size = up to 84 bytes.
Data transmission examples
This section provides examples for data transmission.
Transparent mode
To send a data packet in Transparent mode (AP=0), set the DH and DL commands to match the 64- bit
address of the destination device. DH must match the upper 4-bytes, and DL must match the lower 4
bytes. Since the coordinator always receives a 16-bit address of 0x0000, a 64-bit address of
XBee3® Zigbee® RF Module User Guide
72
Transmission, addressing, and routing
Data transmission examples
0x0000000000000000 is the coordinator's address (in ZB firmware). The default values of DH and DL
are 0x00, which sends data to the coordinator.
Example 1: Send a transmission to the coordinator.
In this example, a '\r' refers to a carriage return character.
A router or end device can send data in two ways. First, set the destination address (DH and DL
commands) to 0x00.
1. Enter Command mode ('+++').
2. After receiving an OK\r, issue the following commands:
n
ATDH0\r
n
ATDL0\r
n
ATCN\r
3. Verify that each of the three commands returned an OK\r response.
4. After setting these command values, all serial characters received on the UART are sent as a
unicast transmission to the coordinator.
Alternatively, if the coordinator's 64-bit address is known, you can set DH and DL to the coordinator's
64-bit address. Suppose the coordinator's address is 0x0013A200404A2244.
1. Enter Command mode ('+++')
2. After receiving an OK\r, issue the following commands:
a. ATDH13A200\r
b. ATDL404A2244\r
c. ATCN\r
3. Verify that each of the three commands returned an OK\r response.
4. After setting these command values, all serial characters received on the UART are sent as a
unicast transmission to the coordinator.
API mode
API mode is used exclusively for outgoing and incoming messages when the AP parameter is non-zero.
Use the transmit request, or explicit transmit request frame (0x10 and 0x11 respectively) to send
data to the coordinator. The 64-bit address can either be set to 0x0000000000000000, or to the 64-bit
address of the coordinator. The 16-bit address should be set to 0xFFFE when using the 64-bit address
of all 0x00s.
To send an ASCII “1” to the coordinator's 0x00 address, use the following API frame:
7E 00 0F 10 01 0000 0000 0000 0000 FFFE 00 00 31 C0
If you use the explicit transmit frame, set the the cluster ID to 0x0011, the profile ID to 0xC105, and
the source and destination endpoints to 0xE8. These are the recommended defaults for data
transmissions in the Digi profile.
You can send the same transmission using the following explicit transmit frame:
7E 00 15 11 01 0000 0000 0000 0000 FFFE E8 E8 0011 C105 00 00 31 18
The 16-bit address is set to 0xFFFE. This is required when sending to a 64-bit address of 0x00s.
Suppose the coordinator's 64-bit address is 0x0013A200404A2244. The following transmit request API
frame (0x10) sends an ASCII “1” to the coordinator:
7E 00 0F 10 01 0013 A200 404A 2244 0000 0000 31 18
XBee3® Zigbee® RF Module User Guide
73
Transmission, addressing, and routing
RF packet routing
Example 2: Send a broadcast transmission
In this example, a '\r' refers to a carriage return character.
Perform the following steps to configure a broadcast transmission:
1. Enter Command mode ('+++')
2. After receiving an OK\r, issue the following commands:
n
ATDH0\r
n
ATDLffff\r
n
ATCN\r
3. Verify that each of the three commands returned an OK\r response.
4. After setting these command values, all serial characters are sent as a broadcast transmission.
API frame
A transmit request API frame (0x10) can send an ASCII “1” in a broadcast transmission using the
following API frame:
7E 00 0F 10 01 0000 0000 0000 FFFF FFFE 00 00 31 C2
The destination 16-bit address is set to 0xFFFE for broadcast transmissions.
Example 3: Send an indirect (binding) transmission.
This example uses the explicit transmit request frame (0x11) to send a transmission using indirect
addressing through the binding table. It assumes the binding table has already been set up to map a
source endpoint of 0xE7 and cluster ID of 0x0011 to a destination endpoint and 64 bit destination
address. The message data is a manufacturing specific profile message using profile ID 0xC105,
command ID 0x00, a ZCL Header of 151E10, transaction number EE, and a ZCL payload of
000102030405:
7E 001E 11 e4 FFFFFFFFFFFFFFFF FFFE E7 FF 0011 C105 00 04 151E10EE000102030405 14
Note The 64 bit destination address has been set to all 0xFF values, and the destination endpoint set
to 0xFF. The Tx Option 0x04 indicates indirect addressing. The 64 bit destination address and
destination endpoint are completed by looking up data associated with binding table entries. This
matches the following example.
Example 4: Send a multicast (group ID) broadcast.
This example uses the explicit transmit request frame (0x11) to send a transmission using
multicasting. It assumes the destination devices already have their group tables set up to associate
an active endpoint with the group ID (0x1234) of the multicast transmission. The message data is a
manufacturing specific profile message using profile ID 0xC105command ID 0x00, a ZCL Header of
151E10, transaction number EE, and a ZCL payload of 000102030405:
7E 001E 11 01 FFFFFFFFFFFFFFFF 1234 E6 FE 0001 C105 00 08 151E10EE000102030405 BC
Note The 64 bit destination address has been set to all 0xFF values, and the destination endpoint set
to 0xFE. The Tx Option 0x08 indicates use of multicast (group) addressing.
RF packet routing
Unicast transmissions may require some type of routing. Zigbee includes several different methods to
route data, each with its own advantages and disadvantages as summarized in the following table.
XBee3® Zigbee® RF Module User Guide
74
Transmission, addressing, and routing
Routing
approach
RF packet routing
Description
When to use
Ad hoc Ondemand
Distance Vector
(AODV) Mesh
Routing
Routing paths are created between source and
destination, possibly traversing multiple nodes
(“hops”). Each device knows where to send data next
to eventually reach the destination.
Use in networks that will
not scale beyond about
40 destination devices.
Many-to-One
Routing
A single broadcast transmission configures reverse
routes on all devices into the device that sends the
broadcast.
Useful when many
remote devices must
send data to a single
gateway or collector
device.
Source Routing
Data packets include the entire route the packet
should traverse to get from source to destination.
Improves routing
efficiency in large
networks (over 40
remote devices).
Note End devices do not make use of these routing protocols. Rather, an end device sends a unicast
transmission to its parent and allows the parent to route the data packet in its behalf.
Note To revert from Many-to-One routing to AODV routing, a network must first do a network reset
(NR).
Link status transmission
Before discussing the various routing protocols, it is worth understanding the primary mechanism in
Zigbee for establishing reliable bi-directional links. This mechanism is especially useful in networks
that may have a mixture of devices with varying output power and/or receiver sensitivity levels.
Each coordinator or router device periodically sends a link status message as a 1-hop broadcast
transmission, received only by one-hop neighbors. The link status message contains a list of
neighboring devices and incoming and outgoing link qualities for each neighbor. Using these
messages, neighboring devices determines the quality of a bi-directional link with each neighbor and
uses that information to select a route that works well in both directions.
For example, consider a network of two neighboring devices that send periodic link status messages.
Suppose that the output power of device A is +18 dBm, and the output power of device B is +3 dBm
(considerably less than the output power of device A). The link status messages might indicate the
following:
XBee3® Zigbee® RF Module User Guide
75
Transmission, addressing, and routing
RF packet routing
This mechanism enables devices A and B to recognize that the link is not reliable in both directions
and select a different neighbor when establishing routes. Such links are called asymmetric links,
meaning the link quality is not similar in both directions.
When a router or coordinator device powers on, it sends link status messages every couple seconds to
attempt to discover link qualities with its neighbors quickly. After being powered on for some time,
the link status messages are sent at a much slower rate, about every 3-4 times per minute.
AODV mesh routing
Zigbee employs mesh routing to establish a route between the source device and the destination.
Mesh routing allows data packets to traverse multiple nodes (hops) in a network to route data from a
source to a destination. Routers and coordinators can participate in establishing routes between
source and destination devices using a process called route discovery. The Route discovery process is
based on the Ad-hoc On-demand Distance Vector routing (AODV) protocol.
Sample transmission through a mesh network:
XBee3® Zigbee® RF Module User Guide
76
Transmission, addressing, and routing
RF packet routing
AODV routing algorithm
Routing under the AODV protocol uses tables in each node that store the next hop (intermediary node
between source and destination nodes) for a destination node. If a next hop is unknown, route
discovery takes place to find a path. Since only a limited number of routes can be stored on a router,
route discovery takes place more often on a large network with communication between many
different nodes.
Node
Destination address
Next hop address
R3
Router 6
Coordinator
C
Router 6
Router 5
R5
Router 6
Router 6
When a source node discovers a route to a destination node, it sends a broadcast route request
command. The route request command contains the source network address, the destination
network address and a path cost field (a metric for measuring route quality). As the route request
command propagates through the network (refer to Broadcast transmissions), each node that rebroadcasts the message updates the path cost field and creates a temporary entry in its route
discovery table.
The following graphic is a sample route request (broadcast) transmission where R3 is trying to
discover a route to R6:
XBee3® Zigbee® RF Module User Guide
77
Transmission, addressing, and routing
RF packet routing
When the destination node receives a route request, it compares the ‘path cost’ field against
previously received route request commands. If the path cost stored in the route request is better
than any previously received, the destination node transmits a route reply packet to the node that
originated the route request. Intermediate nodes receive and forward the route reply packet to the
source node (the node that originated route request).
The following graphic is a sample route reply (unicast) where R6 sends a route reply to R3:
Note R6 could send multiple replies if it identifies a better route.
Retries and acknowledgments
Zigbee includes acknowledgment packets at both the Mac and Application Support (APS) layers. When
data is transmitted to a remote device, it may traverse multiple hops to reach the destination. As the
device transmits data from one node to its neighbor, it transmits an acknowledgment packet (Ack) in
the opposite direction to indicate that the transmission was successfully received. If the Ack is not
received, the transmitting device retransmits the data, up to 4 times.
This Ack is called the Mac layer acknowledgment. In addition, the device that originated the
transmission expects to receive an acknowledgment packet (Ack) from the destination device. This
Ack traverses the same path the data traversed, but in the opposite direction. If the originator fails to
XBee3® Zigbee® RF Module User Guide
78
Transmission, addressing, and routing
RF packet routing
receive this Ack, it retransmits the data, up to 2 times until it receives an Ack. This Ack is called the
Zigbee APS layer acknowledgment.
Note Refer to the Zigbee specification for more details.
Many-to-One routing
In networks where many devices must send data to a central collector or gateway device, AODV mesh
routing requires significant overhead. If every device in the network had to discover a route before it
could send data to the data collector, the network could easily become inundated with broadcast
route discovery messages.
Many-to-one routing is an optimization for these kinds of networks. Rather than require each device
to do its own route discovery, the device sends a single many-to-one broadcast transmission from the
data collector to establish reverse routes on all devices.
The many-to-one broadcast is a route request message with the target discovery address set to the
address of the data collector. Devices that receive this route request create a reverse many-to-one
routing table entry to create a path back to the data collector. The Zigbee stack on a device uses
historical link quality information about each neighbor to select a reliable neighbor for the reverse
route.
When a device sends data to a data collector, and it finds a many-to-one route in its routing table, it
transmits the data without performing a route discovery. Send the many-to-one route request
periodically to update and refresh the reverse routes in the network.
Applications that require multiple data collectors can also use many-to-one routing. If more than one
data collector device sends a many-to-one broadcast, devices create one reverse routing table entry
for each collector.
The ZB firmware uses AR (Aggregate Routing Notification) to enable many-to-one broadcasting on a
device. AR sets a time interval (measured in 10 second units) for sending the many to one broadcast
transmission.
High/Low RAM Concentrator mode
When Many to One (MTO) requests are broadcast, DO = 40 (bit 6) determines if the concentrator is
operating in high or low RAM mode. High RAM mode indicates the concentrator has enough memory
to store source routes for the whole network, and remote nodes may stop sending route records
after the concentrator has successfully received one. Low RAM mode indicates the concentrator lacks
RAM to store route records, and that route records be sent to the concentrator to precede every
inbound APS unicast message. By default the device uses high RAM mode. If you have a network with
more than 40 devices or will be using a Digi gateway, we recommend operating in low RAM
concentrator mode and externally manage source routing.
Source routing
In applications where a device must transmit data to many remotes, AODV routing requires
performing one route discovery for each destination device to establish a route. If there are more
destination devices than there are routing table entries, new routes overwrite established AODV
routes, causing route discoveries to occur more regularly. This can result in larger packet delays and
poor network performance.
Zigbee source routing helps solve these problems. In contrast to many-to-one routing that establishes
routing paths from many devices to one data collector, source routing allows the collector to store
and specify routes for many remotes.
XBee3® Zigbee® RF Module User Guide
79
Transmission, addressing, and routing
RF packet routing
To use source routing, a device must use the API mode, and it must send periodic many-to-one route
request broadcasts (AR command) to create a many-to-one route to it on all devices. When remote
devices send RF data using a many-to-one route, they first send a route record transmission. The
route record transmission is unicast along the many-to-one route until it reaches the data collector.
As the route record traverses the many-to-one route, it appends the 16-bit address of each device in
the route into the RF payload. When the route record reaches the data collector, it contains the
address of the sender, and the 16-bit address of each hop in the route. The data collector can store
the routing information and retrieve it later to send a source routed packet to the remote as shown in
the following images.
The data collector sends a many-to-one route request broadcast to create reverse routes on all
devices.
XBee3® Zigbee® RF Module User Guide
80
Transmission, addressing, and routing
RF packet routing
A remote device sends an RF data packet to the data collector. This is prefaced by a route record
transmission to the data collector.
After obtaining a source route, the data collector sends a source routed transmission to the remote
device.
Acquiring source routes
Acquiring source routes requires the remote devices to send a unicast to a data collector (device that
sends many-to-one route request broadcasts). There are several ways to force remotes to send route
record transmissions.
1. If the application on remote devices periodically sends data to the data collector, each
transmission forces a route record to occur.
2. The data collector can issue a network discovery command (ND command) to force all XBee
devices to send a network discovery response. A route record prefaces each network discovery
response.
3. You can enable periodic I/O sampling on remotes to force them to send data at a regular rate.
A route record prefaces each I/O sample. For more information, see Analog and digital I/O
lines.
4. If the NI string of the remote device is known, the DN command can be issued with the NI
string of the remote in the payload. The remote device with a matching NI string would send a
route record and a DN response.
Store source routes
When a data collector receives a route record, it sends it out the serial port as a Route Record
Indicator - 0xA1. To use source routing, the application receives these frames and stores the source
route information.
Send a source routed transmission
To send a source routed transmission, the application must send a Create Source Route - 0x21 to the
XBee3 Zigbee RF Module to create a source route in its internal source route table. After sending the
Create Source Route frame, the application can send data transmission or remote command request
frames as needed to the same destination, or any destination in the source route. Once data must be
XBee3® Zigbee® RF Module User Guide
81
Transmission, addressing, and routing
RF packet routing
sent to a new destination (a destination not included in the last source route), the application must
first send a new Create Source Route - 0x21.
Note If a Create Source Route API frame does not precede the data frames, you may encounter data
loss.
The XBee3 Zigbee RF Module can buffer one source route that includes up to 11 hops (excluding
source and destination). For example, suppose a network exists with a coordinator and 5 routers (R1,
R2, R3, R4, R5) with known source routes as shown in the following image.
To send a source-routed packet to R3, the application sends a Create Source Route API frame (0x21)
to the XBee, with a destination of R3, and 2 hops (R1 and R2). If the 64- bit address of R3 is
0x0013A200 404a1234 and the 16-bit addresses of R1, R2, and R3 are:
Device
16-bit address
R1
0xAABB
R2
0xCCDD
R3
0xEEFF
The Create Source Route API frame would be:
7E 0012 21 00 0013A200 404A1234 EEFF 00 02 CCDD AABB 5C
Field composition
0x0012
length
0x21
API ID (create source route)
0x00
frame ID (set to 0 always)
XBee3® Zigbee® RF Module User Guide
82
Transmission, addressing, and routing
RF packet routing
0x0013A200 404A1234
64-bit address of R3 (destination)
0xEEFF
16-bit address of R3 (destination)
0x00
Route options (set to 0)
0x02
Number of intermediate devices in the source route
0xCCDD
Address of furthest device (1-hop from target)
0xAABB
Address of next-closer device
0x5C
Checksum (0xFF - SUM (all bytes after length))
Repair source routes
It is possible for a network to have an existing source route fail (for example, a device in the route
moves or goes down). If a device goes down in a source routed network, all routes that used the
device will be broken.
As mentioned previously, source routing must be used with many-to-one routing. A device that uses
source routing must also send a periodic many-to-one broadcast in order to keep routes fresh. If a
source route breaks, remote devices send in new route record transmissions to the data collector to
provide it with a new source route. This requires that remote devices periodically send data
transmissions into the data collector. For more information, see Acquiring source routes.
Retries and acknowledgments
Zigbee includes acknowledgment packets at both the Mac and Application Support (APS) layers. When
data transmits to a remote device, it may traverse multiple hops to reach the destination. As data
transmits from one node to its neighbor, an acknowledgment packet (Ack) transmits in the opposite
direction to indicate that the transmission was successfully received. If the transmitting device does
not receive the Ack, it retransmits the data up to four times. This Ack is called the Mac layer
acknowledgment.
In addition, the device that originated the transmission expects to receive an acknowledgment packet
(Ack) from the destination device. This Ack traverses the same path that the data traversed, but in the
opposite direction. If the originator fails to receive this Ack, it retransmits the data, up to two times
until an Ack is received. This Ack is called the Zigbee APS layer acknowledgment.
Note Refer to the Zigbee specification for more details.
Disable MTO routing
To disable MTO (many-to-one) routing in a network, first reconfigure the AR setting on the aggregator
and then broadcast a network wide power reset to rebuild the routing tables.
1. Set AR on the aggregator to 0xFF.
2. Complete an AC command to enact the change.
3. Complete a WR command if the saved configuration setting value for AR is not 0xFF.
This ends the periodic broadcast of aggregator messages if the previous setting was 0x01 - 0xFE, and
prevents a single broadcast after a power reset if the previous setting was 0x00. Broadcast a FR
remote command to the network and wait for the network to reform. This removes the aggregator's
status as an aggregator from the network's routing tables so that no more route records will be sent
to the aggregator.
XBee3® Zigbee® RF Module User Guide
83
Transmission, addressing, and routing
Encrypted transmissions
Disable route records
If an aggregator collects route records from the nodes of the network and no longer needs route
records sent (which consume network throughput) :
1. Set Bit 6 of DO to Enable High RAM Concentrator mode. High RAM mode means the aggregator
has sufficient memory to hold route records for its potential destinations.
2. Set AR to 0x00 for a one-time broadcast (which some nodes might miss), or a value in the
range of 0x01 to 0xFE (in units of 10 seconds) to periodically send a broadcast to inform the
network that the aggregator is operating in High RAM Concentrator mode and no longer needs
to receive route records.
3. Use Create Source Route - 0x21 to load the route record for a destination into the local
device's source route table.
4. Send a unicast to the destination. The route record embeds in the payload and determines the
sequence of routers to use in transmitting the unicast to the destination. After receiving the
unicast, the destination no longer sends route records to the aggregator, now that it has
confirmed the High RAM Concentrator aggregator 'knows' its route record.
Clear the source route table
To clear the source route table, change the AR setting from a non-0xFF setting to 0xFF and complete
an AC command. To re-establish periodic aggregator broadcasts, change the AR setting to a non-0xFF
setting and complete an AC command.
Encrypted transmissions
Encrypted transmissions are routed similar to non-encrypted transmissions with one exception. As an
encrypted packet propagates from one device to another, each device decrypts the packet using the
network key and authenticates the packet by verifying packet integrity. It then re-encrypts the
packet with its own source address and frame counter values and sends the message to the next hop.
This process adds some overhead latency to unicast transmissions, but it helps prevent replay
attacks. For more information see Zigbee security.
Maximum RF payload size
The NP command returns the maximum payload size in bytes. The actual maximum payload is a
function of the following:
n message type (broadcast or unicast)
n
AP setting
n
APS encryption option
n
Source-routing
Broadcasts, which cannot be encrypted with APS or fragmented have a maximum payload of 0x54
bytes (84 bytes).
For broadcast messages and unicast messages when AP==0, the maximum payload is 0x54 bytes.
For unicast messages, the maximum payload is 0xFF (255 bytes) bytes. If the combination of payload
and optional APS encryption overhead (EE1, TxOption 0x20) is too high, the message fragments into a
XBee3® Zigbee® RF Module User Guide
84
Transmission, addressing, and routing
Maximum RF payload size
maximum of five fragments. The firmware encrypts and transmits each fragment separately. The
destination radio reassembles the fragments into a full message.
The maximum payload is calculated to estimate for aggregator source-routing. To reduce the
maximum payload, when an aggregator sends a source-routed message it embeds the route into the
message as overhead, or into each fragment of the message, if fragmentation is necessary. If you use
APS encryption (EE1, Tx Option 0x20), it reduces the number further.
The route overhead is 2 bytes plus 2 bytes per hop. The bytes are:
n One byte is the number of hops
n
One byte is an index into the route list that increments in value at each hop
n
Other data is a list of the 16-bit network addresses of the routing radios
Aggregator source-routed payload maximums do not apply to messages that are sourced by nonaggregator nodes, which send route records ahead of their messages to aggregators. Aggregators
are either Coordinators or Routers which have the following:
n Source routing enabled or
n
AR setting which is not 0xFF
The following table shows the aggregator source-routed payload maximums as a function of hops and
APS encryption:
Hops
Maximum encrypted payload
Maximum unencrypted payload
1
255
255
2
255
255
3
255
255
4
255
255
5
255
255
6
215
255
7
205
250
8
195
240
9
185
230
10
175
220
11
165
210
12
155
200
13
145
190
14
135
180
15
125
170
16
115
160
17
105
150
XBee3® Zigbee® RF Module User Guide
85
Transmission, addressing, and routing
Throughput
Hops
Maximum encrypted payload
Maximum unencrypted payload
18
95
140
19
85
130
20
75
120
21
65
110
22
55
100
23
45
90
24
35
80
25
25
70
Throughput
Throughput in a Zigbee network can differ by a number of variables, including:
n Number of hops
n
Encryption enabled/disabled
n
Sleeping end devices
n
Failures/route discoveries
ZDO transmissions
Zigbee defines a Zigbee device objects layer (ZDO) that provides device and service discovery and
network management capabilities.
Cluster name
Cluster
ID
Description
Network Address Request
0x0000
Request a 16-bit address of the radio with a matching 64-bit
address (required parameter).
Active Endpoints Request
0x0005
Request a list of endpoints from a remote device.
LQI Request
0x0031
Request data from a neighbor table of a remote device.
Routing Table Request
0x0032
Request to retrieve routing table entries from a remote
device.
Network Address Response 0x8000
Response that includes the 16-bit address of a device.
LQI Response
0x8031
Response that includes neighbor table data from a remote
device.
Routing Table Response
0x8032
Response that includes routing table entry data from a
remote device.
Refer to the Zigbee specification for a detailed description of all Zigbee device profile services.
XBee3® Zigbee® RF Module User Guide
86
Transmission, addressing, and routing
ZDO transmissions
Send a ZDO command
You must use an explicit transmit API frame (0x11) to send a ZDO command, and you must format it
correctly.
1. Set the source and destination endpoints and profile ID to 0.
2. Set the cluster ID to match the cluster ID of the appropriate service. For example, to send an
active endpoints request, set the cluster ID to 0x0005.
3. The first byte of payload in the API frame is an application sequence number (transaction
sequence number) that can be set to any single byte value. The first byte of the ZDO response
uses this same value.
4. All remaining payload bytes must be set as required by the ZDO. All multi-byte values must be
sent in little endian byte order.
Receiving ZDO command and responses
In XBee ZB firmware, you can easily send ZDO commands using the API. To receive incoming ZDO
commands, enable receiver application addressingwith the AO command. See the examples later in
this section. Not all incoming ZDO commands are passed up to the application.
When a ZDO message is received on endpoint 0 and profile ID 0, the cluster ID indicates the type of
ZDO message received. The first byte of payload is generally a sequence number that corresponds to
a sequence number of a request. The remaining bytes are set as defined by the ZDO. Similar to a ZDO
request, all multi-byte values in the response are in little endian byte order.
Example 1: Send a ZDO LQI request to read the neighbor table contents of a
remote
Looking at the Zigbee specification, the cluster ID for an LQI Request is 0x0031, and the payload only
requires a single byte (start index). This example sends an LQI request to a remote device with a 64bit address of 0x0013A200 40401234. The start index is set to 0, and the transaction sequence
number is set to 0x76.
API Frame
7E 0016 11 01 0013A200 40401234 FFFE 00 00 0031 0000 00 00 76 00 CE
Field composition
0x0016
length
0x11
Explicit transmit request
0x01
Frame ID (set to a non-zero value to enable the transmit status message, or set
to 0 to disable)
0x0013A200
40401234
64-bit address of the remote
0xFFFE
16-bit address of the remote (0xFFFE = unknown). Optionally, set to the 16-bit
address of the destination if known.
XBee3® Zigbee® RF Module User Guide
87
Transmission, addressing, and routing
0x00
Source endpoint
0x00
Destination endpoint
0x0031
Cluster ID (LQI Request, or Neighbor table request)
0x0000
Profile ID (Zigbee device profile)
0x00
Broadcast radius
0x00
Tx Options
0x76
Transaction sequence number
0x00
Required payload for LQI request command
0xCE
Checksum (0xFF - SUM (all bytes after length))
ZDO transmissions
Description
This API frame sends a ZDO LQI request (neighbor table request) to a remote device to obtain data
from its neighbor table. You must set the AO command correctly on an API device to enable the
explicit API receive frames to receive the ZDO response.
Example 2: Send a ZDO network Address Request to discover the 16-bit address of
a remote
Looking at the Zigbee specification, the cluster ID for a network Address Request is 0x0000, and the
payload only requires the following:
[64-bit address] + [Request Type] + [Start Index]
This example sends a Network Address Request as a broadcast transmission to discover the 16-bit
address of the device with a 64-bit address of 0x0013A200 40401234. The request type and start
index are set to 0, and the transaction sequence number is set to 0x44.
API frame
7E 001F 11 01 00000000 0000FFFF FFFE 00 00 0000 0000 00 00 44 34124040 00A21300 00 00 33
Field composition
0x001F
length
0x11
Explicit transmit request
0x01
Frame ID (set to a non-zero value to enable the transmit status message,
or set to 0 to disable)
0x00000000 0000FFFF 64-bit address for a broadcast transmission
0xFFFE
Set to this value for a broadcast transmission
0x00
Source endpoint
0x00
Destination endpoint
0x0000
Cluster ID (Network Address Request)
XBee3® Zigbee® RF Module User Guide
88
Transmission, addressing, and routing
0x0000
Profile ID (Zigbee device profile)
0x00
Broadcast radius
0x00
Tx Options
0x44
Transaction sequence number
Transmission timeouts
0x34124040 00A21300 Required payload for Network Address Request command
00 00
0x33
Checksum (0xFF - SUM (all bytes after length))
Description
This API frame sends a broadcast ZDO Network Address Request to obtain the 16-bit address of a
device with a 64-bit address of 0x0013A200 40401234. We inserted the bytes for the 64-bit address in
little endian byte order. You must insert data for all multi-byte fields in the API payload of a ZDO
command in little endian byte order. You must set the AO command correctly on an API device to
enable the explicit API receive frames to receive the ZDO response.
Transmission timeouts
The Zigbee stack includes two kinds of transmission timeouts, depending on the nature of the
destination device. Destination devices such as routers with receivers always on use a unicast
timeout. The unicast timeout estimates a timeout based on the number of unicast hops the packet
should traverse to get data to the destination device. For transmissions destined for end devices, the
Zigbee stack uses an extended timeout that includes the unicast timeout (to route data to the end
device's parent), and it includes a timeout for the end device to finish sleeping, wake, and poll the
parent for data.
The Zigbee stack includes some provisions for a device to detect if the destination is an end device.
The Zigbee stack uses the unicast timeout unless it knows the destination is an end device.
The XBee API includes a transmit options bit that you can set to specify the extended timeout used for
a given transmission. If you set this bit, the extended timeout will be used when sending RF data to
the specified destination. To improve routing reliability, applications set the extended timeout bit
when sending data to end devices if:
n The application sends data to 10 or more remote devices, some of which are end devices.
n
The end devices may sleep longer than the unicast timeout.
Equations for these timeouts are computed in the following sections.
Note The timeouts in this section are worst-case timeouts and should be padded by a few hundred
milliseconds. These worst-case timeouts apply when an existing route breaks down (for example,
intermediate hop or destination device moved).
Unicast timeout
Set the unicast timeout with the NH command. The actual unicast timeout is computed as ((50 * NH)
+ 100). The default NH value is 30 which equates to a 1.6 second timeout.
The unicast timeout includes 3 transmission attempts (1 attempt and 2 retries).
The maximum total timeout is approximately:
3 * ((50 * NH) + 100)
XBee3® Zigbee® RF Module User Guide
89
Transmission, addressing, and routing
Transmission timeouts
For example, if NH=30 (0x1E), the unicast timeout is approximately 3 * ((50 * 30) + 100) or one of the
following:
n 3 * (1500 + 100)
n
3 * (1600)
n
4800 ms
n
4.8 seconds
Extended timeout
The worst-case transmission timeout when you are sending data to an end device is a larger issue
than when transmitting to a router or coordinator. As described in Parent operation, RF data packets
are sent to the parent of the end device, which buffers the packet until the end device wakes to
receive it. The parent buffers an RF data packet for up to (1.2 * SP) time.
To ensure the end device has adequate time to wake and receive the data, the extended transmission
timeout to an end device is:
(50 * NH) + (1.2 * SP)
This timeout includes the packet buffering timeout (1.2 * SP) and time to account for routing through
the mesh network (50 * NH).
If no acknowledgment is received within this time, the sender resends the transmission up to two
more times. With retries included, the longest transmission timeout when sending data to an end
device is:
3 * ((50 * NH) + (1.2 * SP))
The SP value in both equations must be entered in millisecond units. The SP command setting uses 10
ms units and must be converted to milliseconds to be used in this equation.
For example, suppose a router is configured with NH=30 (0x1E) and SP=0x3E8 (10,000 ms), and that it
is either trying to send data to one of its end device children, or to a remote end device. The total
extended timeout to the end device is approximately:
3 * ((50 * NH) + (1.2 * SP)) or one of the following:
n 3 * (1500 + 12000)
n
3 * (13500)
n
40500 ms
n
40.5 seconds
Transmission examples
Example 1: Send a unicast API data transmission to the coordinator using 64-bit address 0, with
payload “TxData”.
API frame
7E 0014 10 01 00000000 00000000 FFFE 00 00 54 78 44 61 74 61 AB
Field composition
0x0014
XBee3® Zigbee® RF Module User Guide
length
90
Transmission, addressing, and routing
Transmission timeouts
0x10
API ID (TX data)
0x01
Frame ID (set greater than 0 to enable the TX-status response)
0x00000000 00000000
64-bit address of coordinator (ZB definition)
0xFFFE
Required 16-bit address if sending data to 64-bit address of 0
0x00
Broadcast radius (0 = max hops)
0x00
Tx options
0x54 78 44 61 74 61
ASCII representation of “TxData” string
0xAB
Checksum (0xFF - SUM (all bytes after length))
Description
This transmission sends the string “TxData” to the coordinator, without knowing the 64-bit address of
the coordinator device. ZB firmware defines a 64-bit address of 0 as the coordinator. If the
coordinator's 64-bit address was known, the 64-bit address of 0 could be replaced with the
coordinator's 64-bit address, and the 16-bit address could be set to 0.
Example 2: Send a broadcast API data transmission that all devices can receive (including sleeping end
devices), with payload “TxData”.
API frame
7E 0014 10 01 00000000 0000FFFF FFFE 00 00 54 78 44 61 74 61 AD
Field composition
0x0014
length
0x10
API ID (TX data)
0x01
Frame ID (set to a non-zero value to enable the TX-status response)
0x00000000 0000FFFF
Broadcast definition (including sleeping end devices)
0xFFFE
Required 16-bit address to send broadcast transmission
0x00
Broadcast radius (0 = max hops)
0x00
Tx options
0x54 78 44 61 74 61
ASCII representation of “TxData” string
0xAD
Checksum (0xFF - SUM (all bytes after length))
Description
This transmission sends the string “TxData” as a broadcast transmission. Since the destination
address is set to 0xFFFF, all devices, including sleeping end devices can receive this broadcast.
If receiver application addressing is enabled, the XBee3 Zigbee RF Module reports all received data
frames in the explicit format (0x91) to indicate the source and destination endpoints, cluster ID, and
XBee3® Zigbee® RF Module User Guide
91
Transmission, addressing, and routing
Transmission timeouts
profile ID where each packet was received. Status messages like modem status and route record
indicators are not affected.
To enable receiver application addressing, set the AO command to 1 using the AT Command Frame 0x08 as follows:
API frame
7E 0005 08 01 414F 01 65
Field composition
0x0005
length
0x08
API ID (AT command)
0x01
Frame ID (set to a non-zero value to enable AT command response frames)
0x414F
ASCII representation of 'A','O' (the command being issued)
0x01
Parameter value
0x65
Checksum (0xFF - SUM (all bytes after length))
Description
Setting AO = 1 is required for the XBee3 Zigbee RF Module to use the Explicit Rx Indicator frame - 0x91
when receiving RF data packets. This is required if the application needs indication of source or
destination endpoint, cluster ID, or profile ID values used in received Zigbee data packets. ZDO
messages can only be received if AO = 1.
XBee3® Zigbee® RF Module User Guide
92
Zigbee security
Security overview
Network key
Link key
Join window
Key management
Device registration
XBee3® Zigbee® RF Module User Guide
94
94
94
95
96
96
93
Zigbee security
Security overview
Security overview
Zigbee security protects network traffic using 128-bit AES cryptography techniques. A standard
security model is defined for supporting authentication and key management. Security is a very
important factor in designing a mesh network. Digi makes it easy to find the right level of security for
your specific application, ranging from a completely open and unencrypted network to a high security
model with out-of-band device registration.
WARNING! The out-of-the-box default configuration is an unencrypted network with a
generous join window. These defaults are meant for ease of development and should not
be used on the finished product. Enabling security is highly recommended.
Enabling encryption also enables source routing with the coordinator acting as a high RAM
concentrator by default. For smaller networks (less than 40 nodes) and low-throughput applications,
this will not have a significant impact to the network, as source routing will automatically be handled
by the XBee application. If you are deploying a larger network, you will likely require a full source
routing implementation with the coordinator configured as a low RAM concentrator. For more
information, see Source routing.
Network key
The network key encrypts and decrypts over the air messages at the network layer. When you enable
encryption, each node on the network is required to have the network key to communicate with other
nodes. The network key is shared by every device on the network and only needs to be set on the
network coordinator. Use the NK parameter to set a user-defined network key; this parameter is only
applicable to a coordinator (CE = 1). In most situations, the network key should be randomly
generated (NK = 0) and managed by the network.
If you are running a centralized trust center, you can change the NK parameter on the trust center
which propagates to the rest of the network a few seconds later. This is useful for high-security
applications where regular network key rotation may be desired. In a distributed trust center, the key
is defined when the network is formed and cannot be changed without reforming the network.
Optionally, network keys can be sent and received in-the-clear by setting the EO bit 0 (EO = 1) on the
forming and joining nodes. Digi strongly discourages this setting, because it could allow unauthorized
devices to obtain a copy of the network key.
Link key
Link keys are used at the APS layer to provide an extra level of encryption for end-to-end security. The
XBee3 Zigbee application uses global link keys for both joining and APS-encrypted transmissions.
When joining a network with encryption enabled, the network key is securely exchanged by encrypting
it with the link key.
When using a centralized trust center, the link key that is used to join is exchanged with a more
secure key that is randomly generated by the trust center.
This section provides information about the types of link keys.
Preconfigured link key - moderate security
Using a preconfigured global link key provides a very simple way to secure a network, which is
accomplished by configuring the same write-only KY value on every node on the network. Defining a
XBee3® Zigbee® RF Module User Guide
94
Zigbee security
Join window
link key in this manner provides a moderate level of security while allowing for easy network
deployment. The security configuration can be done during manufacturing rather than at deployment.
If the joining node has a preconfigured link key that the trust center is not aware of, then it must be
registered using an out-of-band method. Issue a 0x24 registration frame on the trust center, which
contains the link key and serial number of the joining device.
Well-known default link key - low security
The Zigbee Alliance specifies a well-known default link key. You can use this link key to allow unsecure
devices to easily join a secured network. By default, the XBee3 rejects any device that attempts to join
using this well-known key. To allow these devices to join, set the EO bit 4 (EO=0x10) on the centralized
trust center.
If a joining device has KY=0 (default), it attempts to use the well-known default link key to join.
Install code derived link key - high security
Every device supporting Zigbee 3.0 is required to have an install code. Read the install code by
querying the I? command, which consists of a 16-byte install code + 2 byte CRC. The install code must
be read from the joining node and entered to the trust center through an out-of-band method.
Typically, the user reads an install code from some type of display or application on the joining node; it
cannot be printed on label or physical unit. The user then provides the joiner's install code and serial
number to the trust center using a locally issued 0x24 registration API frame and setting bit 0 of the
options field.
Using install codes for generating link keys is the most secure method, because it allows users to
clearly identify the joining node to the trust center, and it guarantees that each joining device has a
random link key.
For a joining device to use an install code, DC bit 0 (DC=1) must be set on the joining device. This
generates a link key based on the install code and the KY parameter will be ignored.
Join window
Zigbee imposes a limited window of time in which a network can permit joining. The maximum joining
window time allowed by the Zigbee specifications is 254 seconds (NJ=0xFE). Whenever the join
window opens, the NJ value of the device that opens the window is used. This timeout value is not
shared by the rest of the network.
The following conditions cause the network join window to open for NJ seconds:
n A network is formed.
n
A router joins the network. This uses the router's NJ value to open the window.
n
The commissioning button is enabled (D0=1) and pressed twice on a router or coordinator on
the network.
n
A CB2 command is issued to a router or coordinator on the network.
n
A device is successfully registered to the trust center via 0x24 API frame.
When the join window opens, the device sends a broadcast to the rest of the network. The joining
device does not need to be adjacent to the device that opened the joining window.
If NJ is set to 0, the join window remains closed unless explicitly opened via the commissioning button
or CB command. In this scenario, the join window open for a fixed period of 60 second when opened.
For a highly-secured network, Digi recommends setting NJ to 0 on every device so the join window
does not open inadvertently.
XBee3® Zigbee® RF Module User Guide
95
Zigbee security
Key management
WARNING! An always-open join window is permitted (NJ=0xFF), but this causes the
network to operate outside of the Zigbee specifications. This option is provided for ease
of development and should not be used on the finished product.
Key management
Zigbee defines two security models for key management: centralized security model and distributed
security model.
Centralized security
A centralized trust center network is defined as a Zigbee network where one node acts as the
centralized key athority. This centralized trust center defines the network key and manages its
distribution, determines when and if nodes can join the network, and issues application link keys.
Upon formation of the network, the network coordinator assumes the role of the trust center. The
trust center has a reserved address of 0 on the network, and any traffic sent to this address is routed
to the trust center.
When a node attempts to join, it first establishes a MAC association with a router on the network. The
router sends a request to the trust center, indicating the node wants to join. The trust center decides
if the node can join based on the current join policy (Open join window + EO options). If the trust
center approves the attempt to join, the network key is encrypted using a trust center link key and
sent to the joining node. The joining node must have a copy of the link key in order to decrypt the
network key and successfully join the network.
If the joining node does not have a link key that matches the network or has an install code derived
link key, then it must be registered to the trust center. Registration is the means by which a link key is
given to the trust center using an out-of-band method. Registration requires the trust center operate
in API mode (AP=1 or 2) and cannot be performed in Command or Transparent mode.
Distributed security
A distributed trust center does not have a node designated as a coordinator. All routers in the
network have a copy of the network key and are able to authorize joining devices, meaning every
router on the network is a trust center. The network key is set at the time the network is formed and
cannot change. The network forms on the device that has CE=1, and there will be no coordinator on
the network (the device forms the network as a router.) This means any traffic directed to a 0 address
fails.
When a node joins a distributed trust center network, an adjacent router shares a copy of the network
key to the joining device. The network key is protected by encrypting the exchange with the joining
device with a global link key. The network key can optionally be sent in-the-clear by setting EO bit 1 on
every device on the network. Digi strongly discourages this setting, because it allows unsecure
devices access the network key.
You can perform device registration on a distributed trust center, but the 0x24 registration frame
must be issued on a router that is adjacent to the joining device; registration information is not shared
with the rest of the network.
Device registration
When a device attempts to joins a secure network, it must obtain a copy of the network key to
successfully communicate.
XBee3® Zigbee® RF Module User Guide
96
Zigbee security
Device registration
You can send the network key in the clear, but in most situations it will be encrypted with a link key. If
the link key is not preconfigured on both devices, the trust center must be told the link key the joining
device will be using to join. Digi calls this process "registration" and is the method by which a link key
and serial number of the joining device is securely given to the trust center through the physical serial
interface. Because the registration information is not provided over-the-air, this is considered out-ofband registration and provides the highest level of security since the credentials cannot be extracted
through RF channels.
Registration is performed using a 0x24 frame and is issued to the trust center (either centralized or
distributed). The registration frame is used to register a link key, register an install code derived link
key, or remove a previously registered device.
Centralized trust center
On a centralized trust center (EO=2), registration is transient, meaning that the registered device will
only be authorized to join for a fixed period of time. This period is separate from the network join
window and is defined by the KT parameter on the centralized trust center. By default, a registered
device is authorized to join for a period of five minutes. If the device fails to join within this period, it
must be re-registered. After joining, it securely rejoins and does not need to be registered again
unless the device is explicitly removed from the network using an NR command or leave request. The
0x24 registration frame must be issued to the centralized trust center in this scenario, and routers
that are adjacent to the joining device route the join request to the trust center. The key table entries
on a centralized trust center is stored in RAM and is not preserved across a power cycle.
Distributed trust center
On a distributed trust center (EO=0), registration is persistent, meaning that the registered device will
always be authorized to join as long as the join window is open. Registration information is not shared
to the rest of the network, so the 0x24 registration frame must be issued to a router that is adjacent
to the joining device. Because the link key table has a limited number of entries, you must explicitly
remove key table entries by deregistering devices using a 0x24 frame after they successfully join to
add subsequent devices. The key table on a distributed trust center is stored in flash and persists
across a power cycle.
Once a device joins the network and obtains a copy of the network key, it retains information about
the network and performs a secure rejoin, if power cycled. If you change a network parameter on the
device, it receives a leave request or a secure rejoin fails after three tries. The device must join the
network via association which requires registration.
Example: Forming a secure network
The following example show how to form a secure Zigbee 3.0 network. This is the recommended
configuration for most networks, because it allows for ease of deployment while also maintaining a
moderate level of security.
Configure an XBee3 device with the following parameters:
n CE = 1
n
This indicates that the device attempts to form a network rather than join an existing one.
EE = 1
n
This enables encryption for the network.
EO = 2
l
This forms the network as a centralized trust center. If you want a distributed trust center,
set this parameter to 0.
XBee3® Zigbee® RF Module User Guide
97
Zigbee security
Device registration
l
Any joining device must have the same value set to properly handle any key exchanges that
occur.
n
KY = non-zero
l
This defines a preconfigured link key for the network.
l
This key can be configured on joining devices as a preconfigured global link key.
l
If joining devices do not use the preconfigured link key, they must be registered to the
trust center before joining.
n
NK = 0
l
Using a zero NK value is preferred, as the XBee will generate a random network key that
cannot be read.
l
If acting as a centralized trust center, this parameter can be changed after network
formation to update the network key for all devices on the network.
n
NJ < 0xFF
This defines the amount of time you want to allow devices to join when the join window opens.
You can modify this after the network forms.
If you want to increase the level of security for this network, set KY=0 on the forming node. This
generates a random link key that cannot be read and requires every joining device to be individually
registered. This configuration guarantees that only authorized devices can join the network, because
the global link key is unclear and cannot be read.
Example: Joining a secure network using a preconfigured link key
The following examples show you how join an existing network that has security enabled and the
preconfigured link key configured on the network is known. Using this example, it is easy to deploy a
secure network, because each device is preconfigured to join the network. An installer only needs to
be concerned with opening the join window for new devices.
Configure a joining XBee3 device with the following parameters:
n EE = 1
n
The joining node must have the same encryption settings as the network it will be joining.
EO = 2
l
If joining a centralized trust center, EO bit 1 must be set so the joining device is aware that
a link key exchange is needed.
l
If joining a distributed trust center, clear EO bit 1.
n
KY = KY from trust center
n
Because the KY value is known, it should be preconfigured on the joining device. Provided the
KY values match, it will be able to obtain the network key and join.
NJ < 0xFF
Consider the join time that is configured on joining devices. If the device successfully joins the
network as a router (SM=0), it immediately opens the join window for NJ seconds, effectively
refreshing the window. If you do not wish to reopen the join window in this manner, set NJ=0
on all joining devices.
To join the device to the network, write the previous configuration to flash with a WR command, and
bring it within RF range of the network.
XBee3® Zigbee® RF Module User Guide
98
Zigbee security
Device registration
To open the join window, press the commissioning button twice on a network router or the trust
center. If the pushbutton is not availble, you can issue a CB2 command.
Joining devices continuously attempt to join a network (unless explicitly told not to via a DJ=0
command). However, if you want to have the module immediately attempt to join, press the
commissioning button once, or issue a CB1 command on the joining node.
Example: Registering a joining node without a preconfigured link
key
Using the previous example for joining a network, if the joining node is not aware of the link key on the
trust center (that is, it is either obscured (KY=0) or otherwise unknown to the joining device) then it
must be registered to the trust center.
Configure a joining XBee3 device with the following parameters:
n EE = 1
n
The joining node must have the same encryption settings as the network it will be joining.
EO = 2
l
If joining a centralized trust center, EO bit 1 must be set so the joining device is aware that
a link key exchange is needed.
l
n
If joining a distributed trust center, clear EO bit 1.
KY = non-zero value
Configure a known link key value for this particular joining device. This value must be known by
the installer, because it must be passed to the trust center out-of-band.
On the trust center, you must register this device using an API frame. Generate a 0x24 frame that
contains the following information:
n The link key (KY) of the joining device.
n
The serial number of the joining device.
Link Key registration example
A device with the serial number 0013A200 12345678 that has a KY of 12345 is trying to join a secure
network.
The following 0x24 frame is generated and passed into the UART of the trust center:
7E 00 10 24 7B 00 13 A2 00 12 34 56 78 FF FE 00 01 23 45 31
The trust center will respond with the following 0xA4 registration response frame:
7E 00 03 A4 7B 00 E0
Note The Frame ID (0x7B) in the response corresponds with the Frame ID of the registration attempt.
A 00 result indicates that the key was successfully registered.
When the registration succeeds, the join window automatically opens for NJ seconds (or 60 seconds if
NJ=0).
If the trust center is centralized, this registered key table entry is transient and expires after KT
seconds. In a distributed trust center, it persist until it is explicitly cleared.
XBee3® Zigbee® RF Module User Guide
99
Zigbee security
Device registration
Example: Registration of a joining node using an install code
To provide the highest level of security, Digi recommends using install codes to register devices. Install
codes are randomly assigned to each Zigbee 3.0 device at the factory for the purpose of securely
joining a network. The process to register a device using an install code is similar to registering a link
key, but with some additional steps:
Configure a joining XBee3 device with the following parameters:
n EE = 1
n
The joining node must have the same encryption settings as the network it is joining.
EO = 2
l
If joining a centralized trust center, EO bit 1 must be set so the joining device is aware a
link key exchange is needed.
l
n
If joining a distributed trust center, clear EO bit 1.
DC = 1
This tells the joining device to generate a link key from the install code of the device. If this bit
is enabled, then the device ignores and does not use the KY parameter.
On the trust center, you must register this device using an API frame. Generate a 0x24 frame that
contains the following information:
n The install code (I?) of the joining device.
n
The serial number of the joining device.
Link key registration example
A device with the serial number 0013A200 12345678 that has a I? value of
F6F1913D834A08D6ADAF1F91BAF4052D7316 is trying to join a secure network.
The following 0x24 frame is generated and passed into the UART of the trust center. Set the options
field of the API frame to 01 to indicate that the supplied key is actually an install code:
7E 00 1F 24 D5 00 13 A2 00 12 34 56 78 FF FE 01 F6 F1 91 3D 83 4A 08 D6 AD AF 1F 91 BA
F4 05 2D 73 16 6A
The trust center will respond with the following 0xA4 registration response frame:
7E 00 03 A4 D5 00 86
Note The Frame ID (0xD5) in the response corresponds with the Frame ID of the registration attempt.
A 00 result indicates that the key was successfully registered.
When the registration succeeds, the join window automatically opens for NJ seconds (or 60 seconds if
NJ=0).
If the trust center is centralized, this registered key table entry is transient and expires after KT
seconds. In a distributed trust center, it persists until explicitly cleared.
Example: Deregistering a previously registered device
This feature is only needed in a distributed trust center, because the key table entries are persistent
and stored in flash. In a distributed trust center, there are only a limited number of entries available,
proper management of the key table is required if more than 10 devices will be joining using
registration.
To deregister a device, issue a 0x24 registration frame on the trust center with the serial number of
the registered device and a null (blank) key.
XBee3® Zigbee® RF Module User Guide
100
Zigbee security
Device registration
Link key registration example
A device with the serial number 0013A200 12345678 that was previously registered has successfully
joined the network, and needs to be deregistered to make room for subsequently joining devices.
The following 0x24 frame is generated and passed into the UART of the trust center. Note, that there
is no key field, indicating that the key entry should be removed:
7E 00 0D 24 C4 00 13 A2 00 12 34 56 78 FF FE 00 51
The trust center will respond with the following 0xA4 registration response frame:
7E 00 03 A4 C4 00 86
Note The Frame ID (0xC4) in the response corresponds with the Frame ID of the registration attempt.
A 00 result indicates that the key was successfully removed from the table.
Registration scenario
It is possible to combine some of the previously mentioned security features to maintain a high level
of security with simplified deployment, while also providing a means for authorized devices to securely
join via registration.
For example, an established Zigbee network with a centralized trust center is exhibiting some issues
that require analysis by a network engineer. Due to the nature of the deployment, the end user does
not want to disclose any of the security credentials to the contracted network engineer.
To allow the network engineer onto the network, the end user must be authorized to join via
registration. The network administrator sets the KT parameter on the centralized trust center to
0x7080, which sets the registration timeout to 8 hours. Because the network engineer is not yet onsite, the NJ parameter is set to 0xFF to allow open joining.
A 0x24 frame is issued to the trust center that contains the serial number of the network engineer's
device and a one-time-use link key. The network engineer can then use this link key to join the
network and perform whatever work is necessary.
After the analysis has been performed and the network engineer has left the site, the network
administrator closes the join window by setting NJ to 0. Additionally, the network key (NK) on the
trust center is updated, which then propogates to the rest of the network, further securing the
network. Deregistration is not needed, because this is a centralized trust center. The temporary link
key expires after KT seconds.
XBee3® Zigbee® RF Module User Guide
101
Network commissioning and diagnostics
We call the process of discovering and configuring devices in a network for operation, "network
commissioning." Devices include several device discovery and configuration features. In addition to
configuring devices, you must develop a strategy to place devices to ensure reliable routes. To
accommodate these requirements, modules include features to aid in placing devices, configuring
devices, and network diagnostics.
Place devices
Device discovery
Commissioning pushbutton and associate LED
Binding
Group Table API
XBee3® Zigbee® RF Module User Guide
103
104
104
108
111
102
Network commissioning and diagnostics
Place devices
Place devices
For a network installation to be successful, installers must be able to determine where to place
individual XBee devices to establish reliable links throughout the network.
Test links in a network - loopback cluster
To measure the performance of a network, you can send unicast data through the network from one
device to another to determine the success rate of several transmissions. To simplify link testing, the
devices support a Loopback cluster ID (0x12) on the data endpoint (0xE8). The cluster ID on the data
endpoint sends any data transmitted to it back to the sender.
The following figure demonstrates how you can use the Loopback cluster ID and data endpoint to
measure the link quality in a mesh network.
The configuration steps for sending data to the loopback cluster ID depend on what mode the device
is in. For details on setting the mode, see AP (API Enable). The following sections list the steps based
on the device's mode.
Transparent operating mode configuration (AP = 0)
To send data to the loopback cluster ID on the data endpoint of a remote device:
1. Set the CI command to 0x12.
2. Set the SE and DE commands to 0xE8 (default value).
3. Set the DH and DL commands to the address of the remote (0 for the coordinator, or the 64-bit
address of the remote).
After exiting Command mode, the device transmits any serial characters it received to the remote
device, which returns those characters to the sending device.
API operating mode configuration (AP = 1 or AP = 2)
Send an Explicit Addressing Command frame - 0x11 using 0x12 as the cluster ID and 0xE8 as both the
source and destination endpoint.
The remote device echoes back the data packets it receives to the sending device.
RSSI indicators
It is possible to measure the received signal strength on a device using the DB command. DB returns
the RSSI value (measured in -dBm) of the last received packet. However, this number can be
misleading in DigiMeshZigbee networks. The DB value only indicates the received signal strength of
XBee3® Zigbee® RF Module User Guide
103
Network commissioning and diagnostics
Device discovery
the last hop. If a transmission spans multiple hops, the DB value provides no indication of the overall
transmission path, or the quality of the worst link; it only indicates the quality of the last link.
Determine the DB value in hardware using the RSSI/PWM device pin (Micro pin 7/SMT pin 7/TH pin 6).
If you enable the RSSI PWM functionality (P0 command), when the device receives data, it sets the
RSSI PWM to a value based on the RSSI of the received packet (this value only indicates the quality of
the last hop). You could connect this pin to an LED to indicate if the link is stable or not.
Device discovery
Network discovery
Use the network discovery command to discover all devices that have joined a network. Issuing the
ND command sends a broadcast network discovery command throughout the network. All devices
that receive the command send a response that includes:
n Device addressing information
n
Node identifier string (see NI (Node Identifier))
n
Other relevant information
You can use this command for generating a list of all module addresses in a network.
ZDO discovery
The Zigbee device profile includes provisions to discover devices in a network that are supported on all
Zigbee devices (including non-Digi products). These include the LQI Request (cluster ID 0x0031) and
the Network Update Request (cluster ID 0x0038). You can use the LQI Request to read the devices in
the neighbor table of a remote device, and the Network Update Request for a remote device to
complete an active scan to discover all nearby Zigbee devices. You can send both of these ZDO
commands using the XBee Explicit API transmit frame (0x11). For more information, see API
Operation. Refer to the Zigbee specification for formatting details of these two ZDO frames.
Joining Announce
All Zigbee devices send a ZDO Device Announce broadcast transmission when they join a Zigbee
network (ZDO cluster ID 0x0013). These frames are sent out the device's serial port as an Explicit Rx
Indicator API frame (0x91) if AO is set to 1. The device announce payload includes the following
information:
[Sequence Number] + [16-bit address] + [64-bit address] + [Capability]
The 16-bit and 64-bit addresses are received in little-endian byte order (LSB first). See the Zigbee
specification for details.
Commissioning pushbutton and associate LED
XBee devices support a set of commissioning pushbutton and LED behaviors to aid in device
deployment and commissioning. These include the commissioning push button definitions and
associate LED behaviors. The following features can be supported in hardware:
XBee3® Zigbee® RF Module User Guide
104
Network commissioning and diagnostics
Commissioning pushbutton and associate LED
XBee3 SMT
A pushbutton and an LED can be connected to the surface-mount device to support the commissioning
pushbutton and associate LED functionalities.
XBee3 Micro
XBee3® Zigbee® RF Module User Guide
105
Network commissioning and diagnostics
Commissioning pushbutton and associate LED
A pushbutton and an LED can be connected to the Micro device to support the commissioning
pushbutton and associate LED functionalities.
XBee3 Through-hole
A pushbutton and an LED can be connected to the through-hole-mount device to support the
commissioning pushbutton and associate LED functionalities.
Commissioning pushbutton
The commissioning pushbutton definitions provide a variety of simple functions to help with deploying
devices in a network. Enable the commissioning button functionality by setting D0
(DIO0/AD0/Commissioning Button Configuration) to 1 (enabled by default).
Button
presses
Description
1
Start Joining. Wakes a sleeping end device for 30 seconds, regardless of the ST/SN
setting. It also sends node identification broadcast if joined to a network.
A Zigbee device blinks a numeric error code on the Associate pin indicating the cause of
join failure for (AI - 32) times.
A SE router or SE end device which is associated but not authenticated to a network
leaves its network; then attempt to join.
2
Enable Joining. Broadcast a Mgmt_Permit_Joining_req (ZDO ClusterID 0x0036) with TC_
Significance set to 0x00.
If NJ is 0x00 or 0xFF, PermitDuration is set to one minute, otherwise PermitDuration is
set to NJ.
4
Restore configuration to default values and leave the network. Equivalent to issuing NR,
RE, and AC commands.
XBee3® Zigbee® RF Module User Guide
106
Network commissioning and diagnostics
Commissioning pushbutton and associate LED
Use CB (Commissioning Pushbutton) to simulate button presses in software. Issue a CB command
with a parameter set to the number of button presses you want executed. For example, sending CB1
executes the actions associated with a single button press.
The node identification frame is similar to the node discovery response frame; it contains the device’s
address, node identifier string (NI command), and other relevant data. All API devices that receive the
node identification frame send it out their serial interface as a Node Identification Indicator frame 0x95.
Associate LED
The Associate pin provides an indication of the device’s network status and diagnostics information.
Connect an LED to the Associate pin as shown in the figure in Commissioning pushbutton and
associate LED. Enable the Associate LED functionality the D5 command to 1 (enabled by default). If the
Associate pin is enabled, it configured as an output.
Joined indication
The Associate pin indicates the network status of a device. If the device is not joined to a network, the
Associate pin is set high. Once the device successfully joins a network, the Associate pin blinks at a
regular time interval. The following figure shows the joined status of a device.
The associate pin can indicate the joined status of a device. Once the device has joined a network, the
associate pin toggles state at a regular interval (∆t). Use the LT command to set the time.
The LT command defines the blink time of the Associate pin. If it is set to 0, the device uses the default
blink time (500 ms for coordinator, 250 ms for routers and end devices).
Diagnostics support
The Associate pin works with the commissioning pushbutton to provide additional diagnostics
behaviors to aid in deploying and testing a network. If the commissioning push button is pressed once,
and the device has not joined a network, the Associate pin blinks a numeric error code to indicate the
cause of join failure. The number of blinks is equal to (AI value – 0x20). For example, if AI = 0x22, 2
blinks occur.
If the commissioning push button is pressed once and the device has joined a network, the device
transmits a broadcast node identification packet. If the Associate LED functionality is enabled (D5
command), a device that receives this transmission will blink its Associate pin rapidly for 1 second.
The following image illustrates the behavior pressing the commissioning button press once when the
device has not joined a network, causing the associate pin to blink to indicate the AI Code where: AI =
# blinks + 0x20. In this example, AI = 0x22.
XBee3® Zigbee® RF Module User Guide
107
Network commissioning and diagnostics
Binding
The following image illustrates the behavior pressing the button once on a remote device, causing a
broadcast node identification transmission to be sent. All devices that receive this transmission blink
their associate pin rapidly for one second if the associate LED functionality is enabled (D5 = 1).
Binding
The Digi XBee firmware supports three binding request messages:
n End Device Bind
n
Bind
n
Unbind
End_Device_Bind_req
The End Device Bind request (ZDO cluster 0x0020) is described in the Zigbee Specification.
During a deployment, an installer may need to bind a switch to a light. After pressing a commissioning
button sequence on each device, this causes them to send End_Device_Bind_req messages to the
Coordinator within a time window (60 s). The payload of each message is a simple descriptor which
lists input and output clusterIDs. The Coordinator matches the requests by pairing complementary
clusterIDs. After a match has been made, it sends messages to bind the devices together. When the
process is over, both devices will have entries in their binding tables which support indirect addressing
of messages between their bound endpoints.
R1->C End_Device_Bind_req
R2->C End_Device_Bind_req
R1, R2 send End_Device_Bind_req within 60 s of each other to C
C matches the requests.
C tests one to see if binding is already in place:
R2<-C Unbind_req
R2->C Unbind-rsp (status code - NO_ENTRY)
C proceeds to create binding table entries on the two devices.
R1<-C Bind_req
XBee3® Zigbee® RF Module User Guide
108
Network commissioning and diagnostics
Binding
R1->C Bind_rsp
R2<-C Bind_req
R2->C Bind_rsp
C sends responses to the original End_Device_Bind_req messages.
R1-<C End_Device_Bind_rsp
R2-<C End_Device_Bind_rsp
End Device binding sequence (binding)
This message has a toggle action. If the same two devices were to subsequently send End_Device_
Bind_req messages to the Coordinator, the Coordinator would detect they were already bound, and
then send Unbind_req messages to remove the binding.
An installer can use this to remove a binding which was made incorrectly, say from a switch to the
wrong lamp, by repeating the commissioning button sequence used beforehand.
R1->C End_Device_Bind_req
R2->C End_Device_Bind_req
R1, R2 send End_Device_Bind_req within 60 s of each other to C
C matches the requests.
C tests one to see if binding is already in place:
R2<-C Unbind_req
R2->C Unbind-rsp (status code - SUCCESS)
C proceeds to remove binding table entries from the two devices.
R1<-C Unbind_req
R1->C Unbind_rsp
R2<-C Unbind_req
R2->C Unbind_rsp
C sends responses to the original End_Device_Bind_req messages.
R1-<C End_Device_Bind_rsp
R2-<C End_Device_Bind_rsp
End Device binding sequence (removal)
This example shows a correctly formatted End_Device_Bind_req (ZDO cluster 0x0020) using a Digi
0x11 Explicit API Frame:
The frame as a bytelist:
7e002811010000000000000000fffe000000200000000001f2995cb5474000a21300e605c10101000102
0046
Same frame broken into labeled fields.
Note Multibyte fields are represented in big-endian format.
7e
Frame Delimiter
0028
Frame Length
XBee3® Zigbee® RF Module User Guide
109
Network commissioning and diagnostics
Binding
11
API Frame Type (Explicit Frame)
01
Frame Identifier (for response matching)
0000000000000000
Coordinator address
fffe
Code for unknown network address
00
Source Endpoint (need not be 0x00)
00
Destination Endpoint (ZDO endpoint)
0020
Cluster 0x0020 (End_Device_Bind_req)
0000
ProfileID (ZDO)
00
Radius (default, maximum hops)
00
Transmit Options
01f2995cb5474000a21300e605c1010100010200
RFData (ZDO payload)
46
Checksum
Here is the RFData (the ZDO payload) broken into labeled fields. Note the multi-byte fields of a ZDO
payload are represented in little-endian format.
01
Transaction Sequence Number
f299
Binding Target (16 bit network address of sending device)
5cb5474000a21300
(64 bit address of sending device)
e6
Source Endpoint on sending device
05c1
ProfileID (0xC105) - used when matching End_Device_Bind_requests
01
Number of input clusters
0100
Input cluster ID list (0x0100)
01
Number of output clusters
0200
Output cluster ID list (0x0200)
Example of a End_Device_Bind_req
Bind_req
The Bind request (ZDO cluster 0x0021) is described in the Zigbee Specification. A binding may be coded
for either a unicast or a multicast/groupID message.
Unbind_req
The Unbind request (ZDO cluster 0x0022) is described in the Zigbee Specification.
XBee3® Zigbee® RF Module User Guide
110
Network commissioning and diagnostics
Group Table API
Group Table API
Unlike the Binding Table that is managed with ZDO commands, a Zigbee group table is managed by
the Zigbee cluster library Groups Cluster (0x0006) with ZCL commands.
The Digi Zigbee XBee firmware is intended to work with an external processor where a Public
Application Profile with endpoints and clusters is implemented, including a Groups Cluster. Configure
the Zigbee XBee firmware to forward all ZCL commands addressed to this Group Cluster out the UART
(see ATAO3). The XBee Zigbee will not use remote Groups Cluster commands to manage its own
Group Table.
But to implement multicast (group) addressing within the XBee, the external processor must keep the
XBee device's group table state in sync with its own. For this reason, a Group Table API has been
defined where the external processor can manage the state of the XBee3 Zigbee RF Module group
table.
The design of the Group Table API of the XBee firmware derives from the ZCL Group Cluster 0x0006.
Use the Explicit Addressing Command frame - 0x11 addressed to the Digi Device Object endpoint
(0xE6) with the Digi XBee ProfileID (0xC105) to send commands and requests to the local device.
The Zigbee home automation public application profile says groups should only be used for sets of
more than five devices. This implies sets of five or fewer devices should be managed with multiple
binding table entries.
There are five commands implemented in the API:
n Add Group command
n
View group
n
Get Group Membership
n
Remove Group
n
Remove All Groups
There is a sixth command of the Group Cluster described in the ZCL: Add Group If Identifying. This
command is not supported in this API, because its implementation requires access to the Identify
Cluster, which is not maintained on the XBee. The external processor needs to implement that server
command while using the Group Table API to keep the XBee device's group table in sync using the five
command primitives.
Add Group command
The purpose of the Add Group command is to add a group table entry to associate an active endpoint
with a groupID and optionally a groupName. The groupID is a two byte value. The groupName consists
of zero to 16 ASCII characters.
The following example adds a group table entry which associates endpoint E7 with groupID 1234 and
groupName “ABCD”.
The example packet is given in three parts, the preamble, ZCL Header, and ZCL payload:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and
profileID of 0xC105. The destination endpoint E7 holds the endpoint parameter for the “Add Group”
command.
ZCL_header = “01 ee 00"
The first field (byte) is a frame control field which specifies a Cluster Specific command (0x01) using a
Client->Server direction(0x00). The second field is a transaction sequence number used to associate
the response with the command request. The third field is the command identifier for “Add Group”
(0x00).
XBee3® Zigbee® RF Module User Guide
111
Network commissioning and diagnostics
Group Table API
ZCL_payload = “3412 04 41 42 43 44"
The first two bytes is the group Id to add in little endian representation. The next byte is the string
name length (00 if there is no string). The other bytes are the descriptive ASCII string name (“ABCD”)
for the group table entry. The string is represented with its length in the first byte, and the other
bytes containing the ASCII characters.
The example packet in raw hex byte form:
7e001e11010013a2004047b55cfffee6e70006c105000001ee0034120441424344c7
The response in raw hex byte form, consisting of two packets:
7e0018910013a2004047b55cfffee7e68006c1050009ee0000341238
7e00078b01fffe00000076
The response in decoded form:
Zigbee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6
ClusterID 0x8006 ProfileID 0xC105 Options 0x00
RF_Data 0x09EE00003412
The response in terms of Preamble, ZCL Header, and ZCL payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has its endpoint values reversed from the request, and the clusterID is 0x8006 indicating a
Group cluster response.
ZCL_header = “09 ee 00"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server> Client direction. The second field is a transaction sequence number used to associate the response
with the command request. The third field is the command identifier “Add Group” (0x00).
ZCL_payload = “00 3412"
The first byte is a status byte (SUCCESS=0x00). The next two bytes hold the group ID (0x1234) in little
endian form.
This is the decoded second message, which is a Tx Status for the original command request. If the
FrameId value in the original command request had been zero, or if no space was available in the
transmit UART buffer, then no Tx Status message occurs.
Zigbee Tx Status
API 0x8B FrameID 0x01 16DestAddr 0xFFFE
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
View group
The purpose of the View Group command is to get the name string which is associated with a
particular endpoint and groupID.
The following example gets the name string associated with the endpoint E7 and groupID 1234.
The packet:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and
profileID of 0xC105. The destination endpoint E7 is the endpoint parameter for the “View Group”
command.
ZCL_header = “01 ee 01"
XBee3® Zigbee® RF Module User Guide
112
Network commissioning and diagnostics
Group Table API
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Client>Server direction(0x00). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “View Group”
(0x01) .
ZCL_payload = “3412”
The two byte value is the groupID in little-endian representation.
The packet in raw hex byte form:
7e001911010013a2004047b55cfffee6e70006c105000001ee013412d4
The response in raw hex byte form, consisting of two packets:
7e001d910013a2004047b55cfffee7e68006c1050009ee01003412044142434424
7e00078b01fffe00000076
The command response in decoded form:
Zigbee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6
ClusterID 0x8006 ProfileID 0xC105 Options 0x00
RF_Data 0x09EE010034120441424344
The response in terms of Preamble, ZCL Header, and ZCL payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has its endpoint values reversed from the request, and the clusterID is 0x8006 indicating a
Group cluster response.
ZCL_header = “09 ee 01"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server>Client direction (0x08). The second field is a transaction sequence number which associates the
response with the command request. The third field is the command identifier “View Group” (0x01) .
ZCL_payload = “00 3412 0441424344"
The first byte is a status byte (SUCCESS=0x00). The next two bytes hold the groupID (0x1234) in littleendian form. The next byte is the name string length (0x04). The remaining bytes are the ASCII name
string characters (“ABCD”).
The following is the decoded second message, which is a Tx Status for the original command request.
If the FrameId value in the original command request had been zero, or if no space was available in
the transmit UART buffer, then no Tx Status message would occur.
Zigbee Tx Status
API 0x8B FrameID 0x01 16DestAddr 0xFFF
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
Get Group Membership
Get Group Membership (1 of 2)
The purpose of this first form of the Get Group Membership command is to get all the groupIDs
associated with a particular endpoint.
XBee3® Zigbee® RF Module User Guide
113
Network commissioning and diagnostics
Group Table API
The intent of the example is to get all the groupIDs associated with endpoint E7.
The example packet is given in three parts, the preamble, ZCL Header, and ZCL payload:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and
profileID of 0xC105. The destination endpoint E7 holds the endpoint parameter for the “Get Group
Membership” command.
ZCL_header = “01 ee 02"
The first field (byte) is a frame control field which specifies a Cluster Specific command (0x02) using a
Client->Server direction(0x00). The second field is a transaction sequence number which is used to
associate the response with the command request. The third field is the command identifier for “Get
Group Membership” (0x02) .
ZCL_payload = “00”
The first byte is the group count. If it is zero, then all groupIDs with an endpoint value which matches
the given endpoint parameter will be returned in the response.
The example packet in raw hex byte form:
7e001811010013a2004047b55cfffee6e70006c105000001ee020019
The response in raw hex byte form, consisting of two packets:
7e0019910013a2004047b55cfffee7e68006c1050009ee02ff01341235
7e00078b01fffe00000076
The response in decoded form:
Zigbee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE SrcEP 0xE7 DestEP 0xE6
ClusterID 0x8006 ProfileID 0xC105 Options 0x00
RF_Data 0x09EE02FF013412
The response in terms of Preamble, ZCL Header, and ZCL Payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has the endpoints reversed from the request, and the clusterID is 0x8006 indicating a
Group cluster response.
ZCL_header = “09 ee 02"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server>Client direction (0x08). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “Get Group
Membership” (0x02) .
ZCL_payload = “FF 01 3412"
The first byte is the remaining capacity of the group table. 0xFF means unknown. The XBee returns
this value because the capacity of the group table is dependent on the remaining capacity of the
binding table, thus the capacity of the group table is unknown. The second byte is the group count
(0x01). The remaining bytes are the groupIDs in little-endian representation.
XBee3® Zigbee® RF Module User Guide
114
Network commissioning and diagnostics
Group Table API
The following is the decoded second message, which is a Tx Status for the original command request.
If the FrameId value in the original command request had been zero, or if no space was available in
the transmit UART buffer, then no Tx Status message would occur.
Zigbee Tx Status
API 0x8B FrameID 0x01 16DestAddr 0xFFFE
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
Get Group Membership (2 of 2)
The purpose of this second form of the Get Group Membership command is to get the set of groupIDs
associated with a particular endpoint which are a subset of a list of given groupIDs.
The following example gets the groupIDs associated with endpoint E7 which are a subset of a given
list of groupIDs (0x1234, 0x5678).
The example packet is given in three parts, the preamble, ZCL Header, and ZCL payload:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and
profileID of 0xC105. The destination endpoint E7 is the endpoint parameter for the “Get Group
Membership” command.
ZCL_header = “01 ee 02"
The first field (byte) is a frame control field which specifies a Cluster Specific command (0x02) using a
Client->Server direction(0x00). The second field is a transaction sequence number which is used to
associate the response with the command request. The third field is the command identifier for “Get
Group Membership” (0x02) .
ZCL_payload = “02 34127856"
The first byte is the group count. The remaining bytes are a groupIDs which use little-endian
representation.
The example packet in raw hex byte form:
7e001c11010013a2004047b55cfffee6e70006c105000001ee02023412785603
The response in raw hex byte form, consisting of two packets:
7e0019910013a2004047b55cfffee7e68006c1050009ee02ff01341235
7e00078b01fffe00000076
The response in decoded form:
Zigbee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE
0xE6
ClusterID 0x8006 ProfileID 0xC105
Options 0x00
RF_Data 0x09EE02FF013412
SrcEP 0xE7
DestEP
The response in terms of Preamble, ZCL Header, and ZCL Payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has the endpoints reversed from the request, the clusterID is 0x8006 indicating a Group
cluster response.
XBee3® Zigbee® RF Module User Guide
115
Network commissioning and diagnostics
Group Table API
ZCL_header = “09 ee 02"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server>Client direction (0x08). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “Get Group
Membership” (0x02) .
ZCL_payload = “FF 01 3412"
The first byte is the remaining capacity of the group table. 0xFF means unknown. The XBee returns
this value because the capacity of the group table is dependent on the remaining capacity of the
binding table, thus the capacity of the group table is unknown. The second byte is the group count
(0x01). The remaining bytes are the groupIDs in little-endian representation.
The following is the decoded second message, which is a Tx Status for the original command request.
If the FrameId value in the original command request had been zero, or if no space was available in
the transmit UART buffer, then no Tx Status message occurs.
Zigbee Tx Status
API 0x8B
FrameID 0x01
16DestAddr 0xFFFE
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
Remove Group
The purpose of the Remote Group command is to remove a Group Table entry which associates a
given endpoint with a given groupID.
The intent of the example is to remove the association of groupID [TBD] with endpoint E7.
The example packet is given in three parts: the preamble, ZCL Header, and ZCL payload.
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterID of 0x0006, and
profileID of 0xC105. The destination endpoint E7 is the endpoint parameter for the “Remove Group”
command.
ZCL_header = “01 ee 03"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Client>Server direction(0x00). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “Remove Group”
(0x03) .
ZCL_payload = “3412”
The two bytes value is the groupID to be removed in little-endian representation.
The packet in raw hex byte form:
7e001911010013a2004047b55cfffee6e70006c105000001ee033412d2
The response in raw hex byte form, consisting of two packets:
7e0018910013a2004047b55cfffee7e68006c1050009ee0300341235
7e00078b01fffe00000076
The command response in decoded form:
XBee3® Zigbee® RF Module User Guide
116
Network commissioning and diagnostics
Zigbee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE
ClusterID 0x8006 ProfileID 0xC105
Options 0x00
RF_Data 0x09EE03003412
Group Table API
SrcE 0xE DestEP 0xE6
The response in terms of Preamble, ZCL Header, and ZCL payload:
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has its endpoint values reversed from the request, and the clusterID is 0x8006 indicating a
Group cluster response.
ZCL_header = “09 ee 03"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server>Client direction (0x08). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “Remove Group”
(0x03) .
ZCL_payload = “00 3412"
The first byte is a status byte (SUCCESS=0x00). The next two bytes is the groupID (0x1234) value in
little- endian form.
The following is the decoded second message, which is a Tx Status for the original command request.
If the FrameId value in the original command request had been zero, or if no space was available in
the transmit UART buffer, then no Tx Status message would occur.
Zigbee Tx Status
API 0x8B
FrameID 0x01
16DestAddr 0xFFFE
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
Remove All Groups
The purpose of the Remove All Groups command is to clear all entries from the group table which are
associated with a target endpoint.
The following example removes all groups associated with endpoint E7.
The packet:
Preamble = “11 01 “+LocalDevice64Addr+”FFFE E6 E7 0006 C105 00 00"
The packet is addressed to the local node, using a source endpoint of 0xE6, clusterId of 0x0006, and
profileID of 0xC105. The destination endpoint E7 is the endpoint parameter for the “Remove All
Groups” command.
ZCL_header = “01 ee 04"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Client>Server direction(0x00). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “Remove All
Groups” (0x04) .
ZCL_payload = “”
No payload is needed for this command.
XBee3® Zigbee® RF Module User Guide
117
Network commissioning and diagnostics
Group Table API
The packet in raw hex byte form:
7e001711010013a2004047b55cfffee6e70006c105000001ee0417
The response in raw hex byte form, consisting of two packets:
7e0016910013a2004047b55cfffee7e68006c1050009ee04007c
7e00078b01fffe00000076
The command response in decoded form:
Zigbee Explicit Rx Indicator
API 0x91 64DestAddr 0x0013A2004047B55C 16DestAddr 0xFFFE
0xE6
ClusterID 0x8006 ProfileID 0xC105
Options 0x00
RF_Data 0x09ee0400
SrcEP 0xE7
DestEP
The response in terms of Preamble, ZCL Header, and ZCL payload.
Preamble = “910013a2004047b55cfffee7e68006c10500”
The packet has its endpoints values reversed from the request, and the clusterID is 0x8006 indicating
a Group cluster response.
ZCL_header = “09 ee 04"
The first field is a frame control field which specifies a Cluster Specific command (0x01) using a Server>Client direction (0x08). The second field is a transaction sequence number which is used to associate
the response with the command request. The third field is the command identifier “Remove All
Groups” (0x04) .
ZCL_payload = “00”
The first byte is a status byte (SUCCESS=0x00)[4].
And here is the decoded second message, which is a Tx Status for the original command request. If
the FrameID value in the original command request had been zero, or if no space was available in the
transmit UART buffer, then no Tx Status message would occur.
Zigbee Tx Status
API 0x8B
FrameID 0x01
16DestAddr 0xFFFE
Transmit Retries 0x00 Delivery Status 0x00 Discovery Status 0x00 Success
Default responses
Many errors are returned as a default response. For example, an RFData payload of a response
containing 08010b788b would be decoded as:
ZCL_header = “08 01 03" - general command/server-to-client, transseqnum=1,
default_response_command(0x03)
ZCL_payload = “78 8b” - original cmdID, status code (0x8b)
EMBER_ZCL_STATUS_NOT_FOUND
Common status codes
This section lists some of the more frequently occurring status codes.
XBee3® Zigbee® RF Module User Guide
118
Network commissioning and diagnostics
Group Table API
0x00 EMBER_ZCL_STATUS_SUCCESS: Command request was successful
0x01 EMBER_ZCL_STATUS_FAILURE: Command request failed - for example,
a call to remove an entry from the group table returned an error
0x80 EMBER_ZCL_STATUS_MALFORMED_COMMAND: no RFData in the API frame;
ZCL Payload appears truncated from what is expected
0x81 EMBER_ZCL_STATUS_UNSUP_CLUSTER_COMMAND: unexpected direction
in the Frame Control Field of the ZCL Header; unexpected command identifier code
value
in the ZCL header
0x82 EMBER_ZCL_STATUS_UNSUP_GENERAL_COMMAND: unexpected frametype
in the Frame Control Field of the ZCL Header
0x84 EMBER_ZCL_STATUS_UNSUP_MANUF_GENERAL_COMMAND: unexpected
manufacturer specific indication in the Frame Control Field of the ZCL Header
0x8b EMBER_ZCL_STATUS_NOT_FOUND: An attempt at Get Group Membership or
Remove Group could not find a matching entry in the group table
XBee3® Zigbee® RF Module User Guide
119
Manage End Devices
Zigbee end devices are intended to be battery-powered devices capable of sleeping for extended
periods of time. Since end devices may not be awake to receive RF data at a given time, routers and
coordinators are equipped with additional capabilities (including packet buffering and extended
transmission timeouts) to ensure reliable data delivery to end devices.
End device operation
Parent operation
Non-Parent device operation
End Device configuration
Recommended sleep current measurements
Transmit RF data
Receiving RF data
I/O sampling
Wake end devices with the Commissioning Pushbutton
Parent verification
Rejoining
Router/Coordinator configuration
Short sleep periods
Extended sleep periods
Sleep examples
XBee3® Zigbee® RF Module User Guide
121
121
123
123
130
131
131
132
132
132
132
133
134
134
134
120
Manage End Devices
End device operation
End device operation
When an end device joins a Zigbee network, it must find a router or coordinator device that is allowing
end devices to join. Once the end device joins a network, it forms a parent-child relationship with the
end device and the router or coordinator that allowed it to join. For more information, see Zigbee
networks.
When the end device is awake, it sends poll request messages to its parent. When the parent receives
a poll request, it checks a packet queue to see if it has any buffered messages for the end device. It
then sends a MAC layer acknowledgment back to the end device that indicates if it has data to send to
the end device or not.
If the end device receives the acknowledgment and finds that the parent has no data for it, the end
device can return to idle mode or sleep. Otherwise, it remains awake to receive the data. This polling
mechanism allows the end device to enter idle mode and turn its receiver off when RF data is not
expected in order to reduce current consumption and conserve battery life.
The end device can only send data directly to its parent. If an end device must send a broadcast or a
unicast transmission to other devices in the network, it sends the message directly to its parent and
the parent performs any necessary route or address discoveries to route the packet to the final
destination.
The parent of the receiving device does not send the network ACK back to the originator until the
sleeping end device wakes and polls the data or until the timeout occurs.
Parent operation
Each router or coordinator maintains a child table that contains the addresses of its end device
children. A router or coordinator that has unused entries in its child table has end device capacity, or
the ability to allow new end devices to join. If the child table is completely filled (such that the number
of its end device children matches the number of child table entries), the device cannot allow any
more end devices to join.
Since the end device children are not guaranteed to be awake at a given time, the parent is
responsible for managing incoming data packets of its end device children. If a parent receives an RF
data transmission destined for one of its end device children, and if the parent has enough unused
buffer space, it buffers the packet. The data packet remains buffered until a timeout expires, or until
the end device sends a poll request to retrieve the data.
XBee3® Zigbee® RF Module User Guide
121
Manage End Devices
Parent operation
The parent can buffer one broadcast transmission for all of its end device children. When the parent
receives and buffers a broadcast transmission, it sets a flag in its child table when each child polls and
retrieves the packet. Once all children have received the broadcast packet, the parent discards the
buffered broadcast packet. If all children have not received a buffered broadcast packet and the
parent receives a new broadcast, it discards the old broadcast packet, clears the child table flags, and
buffers the new broadcast packet for the end device children as shown in the following figure.
When an end device sends data to its parent that is destined for a remote device in the network, the
parent buffers the data packet until it can establish a route to the destination. The parent may
perform a route or 16-bit address discovery of its end device children. Once a route is established, the
parent sends the data transmission to the remote device.
End Device poll timeouts
To better support mobile end devices (end devices that can move within a network), parent router
and coordinator devices have a poll timeout for each end device child. If an end device does not send a
poll request to its parent within the poll timeout, the parent removes the end device from its child
table. This allows the child table on a router or coordinator to better accommodate mobile end
devices in the network.
Packet buffer usage
Packet buffer usage on a router or coordinator varies depending on the application. The following
activities can require use of packet buffers for up to several seconds:
n Route and address discoveries
n
Application broadcast transmissions
n
Stack broadcasts (for example ZDO “Device Announce” messages when devices join a network)
n
Unicast transmissions buffered until acknowledgment is received from destination or retries
exhausted
n
Unicast messages waiting for end device to wake
Applications that use regular broadcasting or that require regular address or route discoveries use up
a significant number of buffers, reducing the buffer availability for managing packets for end device
children. Applications can reduce the number of required application broadcasts, and consider
implementing an external address table or many-to-one and source routing if necessary to improve
routing efficiency.
XBee3® Zigbee® RF Module User Guide
122
Manage End Devices
Non-Parent device operation
Non-Parent device operation
Devices in the Zigbee network treat data transmissions to end devices differently than transmissions
to other routers and coordinators. When a device sends a unicast transmission, if it does not receive a
network acknowledgment within a timeout, the device resends the transmission. When transmitting
data to remote coordinator or router devices, the transmission timeout is relatively short since these
devices are powered and responsive.
However, since end devices may sleep for some time, unicast transmissions to end devices use an
extended timeout mechanism in order to allow enough time for the end device to wake and receive
the data transmission from its parent.
If a non-parent device does not know the destination is an end device, it uses the standard unicast
timeout for the transmission. However, provisions exist in the Silicon Labs Zigbee stack for the parent
to inform the message sender that the destination is an end device. Once the sender discovers the
destination device is an end device, future transmissions will use the extended timeout. For more
information see Router/Coordinator configuration.
If a non-parent device does not know the destination is an end device, it uses the standard unicast
timeout for the transmission. However, provisions exist in the Ember Zigbee stack for the parent to
inform the message sender that the destination is an end device. Once the sender discovers the
destination device is an end device, future transmissions will use the extended timeout. For more
information see Router/Coordinator configuration.
End Device configuration
XBee end devices support three different sleep modes:
n Pin sleep
n
Cyclic sleep
n
Cyclic sleep with pin wake-up
Pin sleep allows an external microcontroller to determine when the XBee3 Zigbee RF Module sleeps
and when it wakes by controlling the Sleep_RQ pin. In contrast, cyclic sleep allows the sleep period
and wake times to be configured through the use of AT commands. Cyclic sleep with pin wake-up is
the same as cyclic sleep except the device can be awakened before the sleep period expires by
lowering the SLEEP_RQ line. The SM command configures the sleep mode.
In both pin and cyclic sleep modes, XBee end devices poll their parent every 100 ms while they are
awake to retrieve buffered data. When the end device sends a poll request, it enables the receiver
until it receives an acknowledgment from the parent. It typically takes less than 10 ms between
sending the poll request to receiving the acknowledgment. The acknowledgment indicates if the
parent has buffered data for the end device child. If the acknowledgment indicates the parent has
pending data, the end device leaves the receiver on to receive the data. Otherwise, the end device
turns off the receiver and enter idle mode (until it sends the next poll request) to reduce current
consumption (and improve battery life).
Once the device enters sleep mode, the On/Sleep pin (Micro pin 25/SMT pin 26) it de-asserts (low) to
indicate the device is entering sleep mode. If the device enables CTS hardware flow control (D7
command), it de-asserts (high) the CTS pin (Micro pin 24/SMT pin 25) when entering sleep to indicate
that serial data should not be sent to the device.
If the Associate LED pin is configured (D5 command), the associate pin is driven low to avoid using
power to light the LED. The Sleep_Rq pin is configured as a pulled-down input so that an external
device must drive it low to wake the device. All other pins are left unmodified during sleep so that they
can operate as previously configured by the user. The device does not respond to serial or RF data
when it is sleeping.
XBee3® Zigbee® RF Module User Guide
123
Manage End Devices
End Device configuration
Applications that must communicate serially to sleeping end devices are encouraged to observe CTS
flow control.
When the device wakes from sleep, it asserts (high) the On/Sleep pin, and if it enables flow control, it
also asserts (low) the CTS pin. The associate LED and all other pins resume their former configured
operation. If the device has not joined a network, it scans all SC channels after waking to try and find a
valid network to join.
Pin sleep
Pin sleep allows the module to sleep and wake according to the state of the SLEEP_RQ pin (Micro pin
9/SMT pin 10/TH pin 9). Pin sleep mode is enabled by setting the SM command to 1.
When the device asserts (high) SLEEP_RQ, it finishes any transmit or receive operations for the
current packet that is processing and enters a low power state. For example, if the device has not
joined a network and SLEEP_RQ is asserted (high), it sleeps once the current join attempt completes
(that is, when scanning for a valid network completes). The device wakes from pin sleep when the
SLEEP_RQ pin is de-asserted (low). The following figures show the device's sleep pins.
XBee surface-mount sleep pins
Surface-mount sleep pins
XBee3® Zigbee® RF Module User Guide
124
Manage End Devices
End Device configuration
Through-hole sleep pins
XBee3 Micro sleep pins
The following figure show the pin sleep waveforms:
XBee3® Zigbee® RF Module User Guide
125
Manage End Devices
End Device configuration
In the previous figure, t1, t2, t3 and t4 represent the following events:
n t1 - Time when Sleep_RQ is asserted (high)
n
t2 - Time when the device enters sleep (CTS state change only if hardware flow control is
enabled)
n
t3 - Time when Sleep_RQ is de-asserted (low) and the device wakes
n
t4 - Time when the module sends a poll request to its parent
The time between t1 and t2 varies depending on the state of the module. In the worst case scenario,
if the end device is trying to join a network, or if it is waiting for an acknowledgment from a data
transmission, the delay could be up to a few seconds. The time between t3 and t4 is 1-2 ms for a
regular device and about 6 ms for a PRO device.
When the XBee3 Zigbee RF Module is awake and is joined to a network, it sends a poll request to its
parent to see if the parent has any buffered data. The end device continues to send poll requests
every 100 ms while it is awake.
Demonstration of pin sleep
Parent and remote devices must be configured to buffer data correctly and to use adequate
transmission timeouts. For more information, see Router/Coordinator configuration.
Cyclic sleep
Cyclic sleep allows the device to sleep for a specified time and wake for a short time to poll its parent
for any buffered data messages before returning to sleep again. Enable cyclic sleep mode by setting
the SM command to 4 or 5. SM5 is a slight variation of SM4 that allows the device to wake up
prematurely by asserting the Sleep_RQ pin(pin 10/SMT, pin 9/TH). In SM5, the XBee device can wake
after the sleep period expires, or if a high-to- low transition occurs on the Sleep_RQ pin. Setting SM to
4 disables the pin wake option.
In cyclic sleep, the device sleeps for a specified time, and then wakes and sends a poll request to its
parent to discover if the parent has any pending data for the end device. If the parent has buffered
data for the end device, or if it receives serial data, the device remains awake for a time. Otherwise, it
enters sleep mode immediately.
When the device wakes, it asserts (high) the On/Sleep line, and de-asserted (low) when the device
sleeps. If you enable hardware flow control (D7 command), the CTS pin asserts (low) when the device
wakes and can receive serial data, and de-assert (high) when the device sleeps.
XBee3® Zigbee® RF Module User Guide
126
Manage End Devices
End Device configuration
The following figure shows the XBee sleep pins.
The following figure shows the cyclic sleep waveforms.
In the figure above, t1, t2, and t3 represent the following events:
n t1 - Time when the device wakes from cyclic sleep
n
t2 - Time when the device returns to sleep
n
t3 - Later time when the device wakes from cyclic sleep
The wake time and sleep time are configurable with software commands.
Wake time (until sleep)
In cyclic sleep mode (SM = 4 or 5), if the device receives serial or RF data, it starts a sleep timer (time
until sleep). Any data received serially or over the RF link restarts the timer. Set the sleep timer value
with ST (Cyclic Sleep Wake Time). While the device is awake, it sends poll request transmissions every
100 ms to check its parent for buffered data messages. The device returns to sleep when the sleep
timer expires, or if it receives SI command as shown in the following image.
Sleep period
Configure the sleep period based on the SP, SN, and SO commands. The following table lists the
behavior of these commands.
XBee3® Zigbee® RF Module User Guide
127
Manage End Devices
End Device configuration
Command
Range
Description
SP
0x20 - 0xAF0 (x 10 ms)
(320 - 28,000 ms)
Configures the sleep period of the device.
SN
1 - 0xFFFF
Configures the number of sleep periods multiplier.
SO
0 - 0xFF
Defines options for sleep mode behavior.
0x02 - Always wake for full ST time
0x04 - Enable extended sleep (sleep for full (SP * SN) time)
The device supports both a Short cyclic sleep and an Extended cyclic sleep that make use of these
commands. These two modes allow the sleep period to be configured according to the application
requirements.
Short cyclic sleep
In short cyclic sleep mode, define the sleep behavior of the device by the SP and SN commands, and
the SO command must be set to 0x00 (default) or 0x02. In short cyclic sleep mode, the SP command
defines the sleep period and you can set it for up to 28 seconds. When the device enters short cyclic
sleep, it remains in a low power state until the SP time has expired.
After the sleep period expires, the XBee3 Zigbee RF Module sends a poll request transmission to its
parent to determine if the parent has any buffered data waiting for the end device. Since router and
coordinator devices can buffer data for end device children up to 30 seconds, the SP range (up to 28
seconds) allows the end device to poll regularly enough to receive buffered data. If the parent has
data for the end device, the end device starts its sleep timer (ST) and continues polling every 100 ms
to receive data. If the end device wakes and finds that its parent has no data for it, the end device can
return to sleep immediately.
Use the SN command to control when the On/Sleep line is asserted (high). If you SN to 1 (default), the
On/Sleep line sets high each time the device wakes from sleep. Otherwise, if SN is greater than 1, the
On/ Sleep line only sets high if RF data is received, or after SN wake cycles occur. This allows an
external device to remain powered off until it receives RF data, or until a number of sleep periods have
expired (SN sleep periods). This mechanism allows the device to wake at regular intervals to poll its
parent for data without waking an external device for an extended time (SP * SN time) as shown in
the following figure.
XBee3® Zigbee® RF Module User Guide
128
Manage End Devices
End Device configuration
Note SP controls the packet buffer time on routers and coordinators. Set SP on all router and
coordinator devices to match the longest end device SP time. For more information, see
Router/Coordinator configuration.
Extended cyclic sleep
In extended cyclic sleep operation, an end device can sleep for a multiple of SP time which can extend
the sleep time up to several days. Configure the sleep period using the SP and SN commands. The
total sleep period is equal to (SP * SN) where SP is measured in 10ms units. The SO command must be
set correctly to enable extended sleep.
Since routers and coordinators can only buffer incoming RF data for their end device children for up to
30 seconds, if an end device sleeps longer than 30 seconds, devices in the network need some
indication when an end device is awake before they can send data to it. End devices that use extended
cyclic sleep should send a transmission (such as an I/O sample) when they wake to inform other
devices that they are awake and can receive data. We recommended that extended sleep end devices
set SO to wake for the full ST time to provide other devices with enough time to send messages to the
end device.
Similar to short cyclic sleep, end devices running in this mode return to sleep when the sleep timer
expires, or when they receive the SI command.
Deep sleep
The following are preconditions for maintaining low current draw during sleep:
n You must maintain the supply voltage within a valid operating range (2.1 to 3.6 V for the XBee,
3.0 to 3.6 V for the XBee-PRO (S2), 2.7 to 3. V for the XBee-PRO S2B).
n
Each GPIO input line with a pullup resistor which is driven low draws about 100 uA current
through the internal pullup resistor.
n
If circuitry external to the XBee drives such input lines low, then the current draw rises above
expected deep sleep levels.
XBee3® Zigbee® RF Module User Guide
129
Manage End Devices
n
Recommended sleep current measurements
Each GPIO input line that has no pullup or pull-down resistor (is floating) has an indeterminate
voltage which can change over time and temperature in an indeterminate manner.
Recommended sleep current measurements
Properly measuring the sleep current helps to accurately estimate battery life requirements. To
ensure that you take proper measurements without upsetting the normal operation of the unit under
test, read the following steps.
When you measure sleep currents, it can cause problems with the devices because the equipment
that measures very low currents accurately requires a large resistor in series with the power supply.
This large resistor starves current from the device during a momentary wake cycle, forcing the
voltage to drop to brownout levels rapidly. This voltage drop places the device in a state that may
require a reset to resolve the problem.
Achieve the lowest sleep current
To achieve the lowest sleep current, you must disable brownout detectors during sleep modes. Even if
the measurement equipment automatically changes current ranges, it is often too slow and cannot
keep up with the necessary sudden short bursts. During long cyclic sleep periods, the device can wake
every 10 to 30 seconds to reset timers and perform other necessary steps. These wake times are
small and you may not notice them when measuring sleep currents.
Compensate for switching time
To compensate for the switching time of the equipment you must temporarily add an additional large
cap when you need measurements to allow for short pulses of current draw (see the following
schematic for details). A cap of 100 uF is enough to handle 1.5 milliseconds with 20 mA of current. You
can increase or decrease the capacitor based on the switching time of the measurement circuitry and
the momentary on time of the unit. Measure the leakage current of the additional cap to verify that it
does not skew the low current reading. The capacitor averages the spike in current draw. The actual
magnitude of the current spike is no longer visible, but you can account for the total energy consumed
by integrating the current over time and multiplying by the voltage.
The sleep current may be less for an S2C than an S2D, because the S2D has more RAM to maintain
during sleep (64K versus 12K RAM).
XBee3® Zigbee® RF Module User Guide
130
Manage End Devices
Transmit RF data
Internal pin pull-ups
Internal pull-up/down resistors only apply to GPIO lines that are configured as disabled (0) or digital
input (3). Use PR (Pull-up/Down Resistor Enable) to enable them on a per-pin basis and use PD (Pull
Up/Down Direction) to determine the direction.
Internal pin pull-ups can pull excess current and cause the sleep current readings to be higher than
desired if you drive or float the pull-ups.
n Disable all pull-ups for input lines that have a low driven state during sleep.
n
Enable pull-ups for floating lines or inputs that do not connect to other circuitry.
If you use an analog-to-digital converter (ADC) to read the analog voltage of a pin, it may not be
possible to stop all leakage current unless you can disconnect the voltage during sleep. Each floating
input that is not at a valid high or low level can cause leakage depending on the temperature and
charge buildup that you may not observe at room temperature.
Transmit RF data
An end device may transmit data when it wakes from sleep and has joined a network. End devices
transmit directly to their parent and then wait for an acknowledgment to be received. The parent
performs any required address and route discoveries to help ensure the packet reaches the intended
destination before reporting the transmission status to the end device.
Receiving RF data
After waking from sleep, an end device sends a poll request to its parent to determine if the parent
has any buffered data for it. In pin sleep mode, the end device polls every 100 ms while the Sleep_RQ
XBee3® Zigbee® RF Module User Guide
131
Manage End Devices
I/O sampling
pin is de-asserted (low). In cyclic sleep mode, the end device will only poll once before returning to
sleep unless the sleep timer (ST) is started (serial or RF data is received). If the sleep timer is started,
the end device will continue to poll every 100 ms until the sleep timer expires.
This firmware includes an adaptive polling enhancement where, if an end device receives RF data from
its parent, it sends another poll after a very short delay to check for more data. The end device
continues to poll at a faster rate as long as it receives data from its parent. This feature greatly
improves data throughput to end devices. When the end device no longer receives data from its
parent, it resumes polling every 100 ms.
I/O sampling
End devices can be configured to send one or more I/O samples when they wake from sleep. To
enable I/O sampling on an end device, the IR command must be set to a non-zero value, and at least
one analog or digital I/O pin must be enabled for sampling (D0 - D9, P0 - P4 commands). If I/O
sampling is enabled, an end device sends an I/O sample when it wakes and starts the ST timer. It will
continue sampling at the IR rate until the sleep timer (ST) has expired. For more information, see
Analog and digital I/O lines.
Wake end devices with the Commissioning Pushbutton
If you use D0 (DIO0/AD0/Commissioning Button Configuration) to enable the Commissioning
Pushbutton functionality, a high-to-low transition on the AD0/DIO0 pin (Micro pin 31/SMT pin 33/TH pin
20) causes an end device to wake for 30 seconds. For more information, see Commissioning
pushbutton and associate LED.
Parent verification
Since an end device relies on its parent to maintain connectivity with other devices in the network,
XBee end devices include provisions to verify the connection with its parent. End devices monitor the
link with their parent when sending poll messages and after a power cycle or reset event as described
below.
When an end device wakes from sleep, it sends a poll request to its parent. In cyclic sleep, if the end
device does not receive RF or serial data and the sleep timer is not started, it polls one time and
returns to sleep for another sleep period. Otherwise, the end device continues polling every 100ms. If
the parent does not send an acknowledgment response to three consecutive poll request
transmissions, the end device assumes the parent is out of range, and attempts to find a new parent.
After a power-up or reset event, the end device does an orphan scan to locate its parent. If the parent
does not send a response to the orphan scan, the end device attempts to find a new parent.
Rejoining
Once all devices have joined a Zigbee network, disable the permit-joining attribute disabled such that
new devices are no longer allowed to join the network. You can enable permit-joining later as needed
for short times. This provides some protection in preventing other devices from joining a live network.
If an end device cannot communicate with its parent, the end device must be able to join a new parent
to maintain network connectivity. However, if permit-joining is disabled in the network, the end device
will not find a device that is allowing new joins.
To overcome this problem, Zigbee supports rejoining, where an end device can obtain a new parent in
the same network even if joining is not enabled. When an end device joins using rejoining, it performs a
PAN ID scan to discover nearby networks. If a network is discovered that has the same 64-bit PAN ID
XBee3® Zigbee® RF Module User Guide
132
Manage End Devices
Router/Coordinator configuration
as the end device, it joins the network by sending a rejoin request to one of the discovered devices.
The device that receives the rejoin request sends a rejoin response if it can allow the device to join the
network (that is, the child table is not full). You can use the rejoin mechanism to allow a device to join
the same network even if permit-joining is disabled.
To enable rejoining, set NJ to less than 0xFF on the device joining. If NJ < 0xFF, the device assumes
the network is not allowing joining and first tries to join a network using rejoining. If multiple rejoining
attempts fail, or if NJ = 0xFF, the device attempts to join using association.
Router/Coordinator configuration
XBee routers and coordinators may require some configuration to ensure the following are set
correctly.
n RF Packet buffering timeout
n
Child poll timeout
n
Transmission timeout
The value of these timeouts depends on the sleep time used by the end devices.
RF packet buffering timeout
When a router or coordinator receives an RF data packet intended for one of its end device children, it
buffers the packet until the end device wakes and polls for the data, or until a packet buffering
timeout occurs. Use the SP command to set the timeout . The actual timeout is (1.2 * SP), with a
minimum timeout of 1.2 seconds and a maximum of 30 seconds. Since the packet buffering timeout is
set slightly larger than the SP setting, set SP the same on routers and coordinators as it is on cyclic
sleep end devices. For pin sleep devices, set SP as long as the pin sleep device can sleep, up to 30
seconds.
Note In pin sleep and extended cyclic sleep, end devices can sleep longer than 30 seconds. If end
devices sleep longer than 30 seconds, parent and non-parent devices must know when the end device
is awake in order to reliably send data. For applications that require sleeping longer than 30 seconds,
end devices should transmit an I/O sample or other data when they wake to alert other devices that
they can send data to the end device.
Child poll timeout
Router and coordinator devices maintain a timestamp for each end device child indicating when the
end device sent its last poll request to check for buffered data packets. If an end device does not send
a poll request to its parent for a certain period of time, the parent assumes the end device has moved
out of range and removes the end device from its child table. This allows routers and coordinators to
be responsive to changing network conditions. You can issue the NC command at any time to read the
number of remaining (unused) child table entries on a router or coordinator.
Set the child poll timeout with the SP and SN commands. SP and SN should be set such that SP * SN
matches the longest expected sleep time of any end devices in the network. The device calculates the
actual timeout as (3* SP * SN), with a minimum of 5 seconds. For networks consisting of pin sleep end
devices, set the SP and SN values on the coordinator and routers so the SP * SN matches the longest
expected sleep period of any pin sleep device. The 3 multiplier ensures the end device will not be
removed unless 3 sleep cycles pass without receiving a poll request. You can set the poll timeout up to
two months.
XBee3® Zigbee® RF Module User Guide
133
Manage End Devices
Short sleep periods
Adaptive polling
The PO command determines the regular polling rate. However, if RF data has been recently received
by an end device, it is likely that more RF data could be on the way. Therefore, the end device polls at
a faster rate, gradually decreasing its adaptive poll rate until polling resumes at the regular rate as
defined by the PO command.
Transmission timeout
When you are sending RF data to a remote router, because routers are always on, the timeout is
based on the number of hops the transmission may traverse. Set the timeout using the NH command.
For more information, see Transmission, addressing, and routing.
Since end devices may sleep for lengthy periods of time, the transmission timeout to end devices also
allows for the sleep period of the end device. When sending data to a remote end device, the
transmission timeout is calculated using the SP and NH commands. If the timeout occurs with no
acknowledgment received, the source device re-sends the transmission until it receives an
acknowledgment, up to two more times.
The transmission timeout per attempt is:
3 * ((unicast router timeout) + (end device sleep time))
3 * ((50 * NH) + (1.2 * SP)), where SP is measured in 10 ms units.
Short sleep periods
Pin and cyclic sleep devices that sleep less than 30 seconds can receive data transmissions at any
time since their parent devices are able to buffer data long enough for the end devices to wake and
poll to receive the data. Set SP the same on all devices in the network. If end devices in a network
have more than one SP setting, set SP on the routers and coordinators to match the largest SP
setting of any end device. This ensure the RF packet buffering, poll timeout, and transmission
timeouts are set correctly.
Extended sleep periods
Pin and cyclic sleep devices that might sleep longer than 30 seconds cannot receive data
transmissions reliably unless you take certain design approaches. Specifically, the end devices should
use I/O sampling or another mechanism to transmit data when they wake to inform the network they
can receive data. SP and SN should be set on routers and coordinators such that (SP * SN) matches
the longest expected sleep time. This configures the poll timeout so end devices are not expired from
the child table unless routers and coordinators do not receive a poll request for 3 consecutive sleep
periods.
As a general rule, SP and SN should be set the same on all devices in almost all cases.
Sleep examples
Some sample XBee configurations to support different sleep modes follow. In Command mode, issue
each command with a leading AT and no = sign, for example, ATSM4. In the API, the two byte
command is used in the command field, and parameters are populated as binary values in the
parameter field.
XBee3® Zigbee® RF Module User Guide
134
Manage End Devices
Sleep examples
Example 1: Configure a device to sleep for 20 seconds, but set SN
such that the On/sleep line will remain de-asserted for up to 1
minute.
The following settings should be configured on the end device.
n SM = 4 (cyclic sleep) or 5 (cyclic sleep, pin wake).
n
SP = 0x7D0 (2000 decimal). This causes the end device to sleep for 20 seconds since SP is
measured in units of 10 ms.
n
SN = 3. (With this setting, the On/Sleep pin asserts once every 3 sleep cycles, or when it
receives RF data) SO = 0.
Set all router and coordinator devices on the network SP to match SP on the end device. This set the
RF packet buffering times and transmission timeouts correctly.
Since the end device wakes after each sleep period (SP), you can set the SN command to 1 on all
routers and the coordinator.
Example 2: Configure an end device to sleep for 20 seconds, send 4
I/O samples in 2 seconds, and return to sleep.
Because SP is measured in 10 ms units, and ST and IR are measured in 1 ms units, configure an end
device with the following settings:
n SM = 4 (cyclic sleep) or 5 (cyclic sleep, pin wake).
n
SP = 0x7D0 (2000 decimal). This causes the end device to sleep for 20 seconds.
n
SN = 1.
n
SO = 0.
n
ST = 0x7D0 (2000 decimal). This sets the sleep timer to 2 seconds.
n
IR = 0x258 (600 decimal). Set IR to a value greater than (2 seconds / 4) to get 4 samples in 2
seconds. The end device sends an I/O sample at the IR rate until the sleep timer has expired.
You must enable at least one analog or digital I/O line for I/O sampling to work. To enable AD1/DIO1
(Micro pin 30/SMT pin 32/TH pin 19) as a digital input line, you must set the following:
D1 = 3
Set all router and coordinator devices on the network SP to match SP on the end device. This ensures
that RF packet buffering times and transmission timeouts are set correctly.
Example 3: configure a device for extended sleep: to sleep for 4
minutes.
n
SP and SN must be set such that SP * SN = 4 minutes. Since SP is measured in 10 ms units, use
the following settings to obtain 4 minute sleep.
n
SM = 4 (cyclic sleep) or 5 (cyclic sleep, pin wake) SP = 0x7D0 (2000 decimal, or 20 seconds).
n
SN = 0x0B (12 decimal).
n
SO = 0x04 (enable extended sleep).
With these settings, the module sleeps for SP * SN time, or (20 seconds * 12) = 240 seconds = 4
minutes.
XBee3® Zigbee® RF Module User Guide
135
Manage End Devices
Sleep examples
For best results, the end device should send a transmission when it wakes to inform the coordinator
(or network) when it wakes. It should also remain awake for a short time to allow devices to send
data to it. The following are recommended settings.
n ST = 0x7D0 (2 second wake time)
n
SO = 0x06 (enable extended sleep and wake for ST time)
n
IR = 0x800 (send 1 I/O sample after waking). Enable at least one analog or digital I/O sample
enabled for I/O sampling.
With these settings, the end device wakes after 4 minutes and sends 1 I/O sample. It then remains
awake for 2 seconds before returning to sleep.
Set SP and SN to the same values on all routers and coordinators that could potentially allow the end
device to join. This ensures the parent does not timeout the end device from its child table too quickly.
The SI command can optionally be sent to the end device to cause it to sleep before the sleep timer
expires.
XBee3® Zigbee® RF Module User Guide
136
Analog and digital I/O lines
XBee ZB firmware supports a number of analog and digital I/O pins that are configured through
software commands. Analog and digital I/O lines can be set or queried.
I/O configuration
I/O sampling
I/O examples
RSSI PWM
XBee3® Zigbee® RF Module User Guide
138
138
140
142
137
Analog and digital I/O lines
I/O configuration
I/O configuration
To enable an analog or digital I/O function on one or more XBee3 Zigbee RF Module pin, you must
issue the appropriate configuration command with the correct parameter. After issuing the
configuration command, you must apply changes on the device for the I/O settings to take effect. The
available I/O lines are DIO0 through DIO19. Not every pin supports every function, so refer to the
relevant AT command (D0 - D9, P0 - P9) to know the limits and capabilities of each I/O pin.
Pin command parameter
Description
0
Disabled (Floating or pulled up/down)
1
Peripheral control (varies depending on the pin)
2
ADC - Analog input
3
Digital input (see the information following the table)
4
Digital output, low (0 V)
5
Digital output, high (3.3 V)
>6
Alternative peripheral control
When an I/O pin is configured as either disabled (0) or a digital input (3), the pin can be configured for
three different states:
n Floating
n
Pulled-up
n
Pulled-down
A floating input is appropriate if the pin is attached to an output that always drives the line. In this
case, a pull-up or pull-down resistor draws more current.
A pulled-up input is useful where there might not always be an external source to drive the pin and it is
desirable to have the line read high in the absence of an external driver.
Likewise, a pulled-down input is useful when there is not always an external source to drive the pin
and it is desirable to have the line read low in the absence of an external driver.
Two commands are available to configure the input type:
n PR determines whether or not to pull an input. If the corresponding bit in PR is set, the signal
pulls. If it is clear, then the signal floats.
n
PD determines the pull direction. It only applies when the corresponding bit in PR is set. Set the
bit in PD to enable an internal pull-up resistor; clear it to enable an internal pull-down resistor.
I/O sampling
The XBee3 Zigbee RF Modules have the ability to monitor and sample analog and digital I/O lines. I/O
samples can be read locally or transmitted to a remote device to provide an indication of the current
I/O line states. You must enable API mode on the receiving device to send I/O samples out the serial
port. If you do not enable this mode, the device discards the remote I/O samples.
There are three ways to obtain I/O samples, either locally or remotely:
XBee3® Zigbee® RF Module User Guide
138
Analog and digital I/O lines
I/O sampling
n
Queried Sampling (IS)
n
Periodic Sampling (IR)
n
Change Detection Sampling (IC)
I/O sample data is formatted as shown in the following table:
Bytes
Name
Description
1
Sample Sets
Number of sample sets in the packet (always set to 1).
2
Digital Channel Mask
Indicates which digital I/O lines have sampling enabled. Each bit
corresponds to one digital I/O line on the device.
bit 0 = DIO0
bit 1 = DIO1
bit 2 = DIO2
bit 3 = DIO3
bit 4 = DIO4
bit 5 = ASSOC/DIO5
bit 6 = RTS/DIO6
bit 7 = CTS/DIO7
bit 8 = SLP_RQ/DIO8
bit 9 = ON_SLP/DIO9
bit 10 = RSSI/DIO10
bit 11 = PWM/DIO11
bit 12 = DIO12
bit 13 = DOUT/DIO13
bit 14 = DIN/DIO14
For example, a digital channel mask of 0x002F means DIO0,1,2,3,
and 5 are enabled as digital I/O.
1
Analog Channel Mask Indicates which lines have analog inputs enabled for sampling.
Each bit in the analog channel mask corresponds to one analog
input channel.
bit 0 = AD0
bit 1 = AD1
bit 2 = AD2
bit 3 = AD3
bit 7 = Supply Voltage
Variable Sampled Data Set
XBee3® Zigbee® RF Module User Guide
A sample set consisting of 1 sample for each enabled ADC and/or
DIO channel.
If any digital I/O lines are enabled, the first two bytes of the data
set indicate the state of all enabled digital I/O. Only digital
channels that are enabled in the Digital Channel Mask bytes have
any meaning in the sample set. If no digital I/O are enabled on the
device, these 2 bytes will be omitted.
Following the digital I/O data (if any), each enabled analog channel
returns 2 bytes. The data starts with AIN0 and continues
sequentially for each enabled analog input channel up to AIN3, and
the supply voltage (if enabled) at the end.
139
Analog and digital I/O lines
I/O examples
I/O examples
Example 1: Configure the following I/O settings on the XBee
Configure AD1/DIO1 as a digital input with pullup resistor enabled Configure AD2/DIO2 as an analog
input.
Configure DIO4 as a digital output, driving high.
To configure AD1/DIO1 as an input, issue the D1 command with a parameter of 3 (“ATD13”). To enable
pull-up resistors on the same pin, issues the PR command with bit 3 set (for example, PR8, PR1FFF,
and so on).
Issue the D2 command with a parameter of 2 to enable the analog input (“D22”). Finally, set DIO4 as
an output, driving high by issuing the D4 command with a parameter value of 5 (“D45”).
After issuing these commands, apply the changes before the module I/O pins update to the new
states. Issue the AC or CN commands to apply changes (for example, AC).
Example 2: Calculate the PWM counts for a packet received with an
RSSI of -84 dBm
n
RSSI = -84 = 0xAC = 172 decimal (unsigned)
n
PWM counts = (41 * 172) - 5928
n
PWM counts = 1124
With a total of 2400 counts, this yields an ON time of (1124 / 2400) = 46.8%
Example 3: Configure the RSSI/PWM pin to operate for 2 seconds
after each received RF packet
First, make sure the RSSI/PWM functionality is enabled by reading the P0 (P-zero) command. It should
be set to 1 (default).
To configure the duration of the RSSI/PWM output, set the RP command. To achieve a 2 second PWM
output, set RP to 0x14 (20 decimal, or 2 seconds) and apply changes using the AC command.
After applying changes, all received RF data packets set the RSSI timer for 2 seconds.
The sampled data set includes 2 bytes of digital I/O data only if one or more I/O lines on the device are
configured as digital I/O. If no pins are configured as digital I/O, these 2 bytes are omitted. Pins are
configured as digital I/O by setting them to a value of 3, 4, or 5.
The digital I/O data is only relevant if the same bit is enabled in the digital I/O mask.
Analog samples are returned as 10-bit values. The device scales the analog reading such that 0x0000
represents 0 V, and 0x3FF = 1.25 V (The analog inputs on the device cannot read more than 1.25 V.).
The device returns analog samples in order starting with AD0 and finishing with AD3, and the supply
voltage. Only enabled analog input channels return data.
To convert the A/D reading to mV, do the following:
AD(mV) = (A/D reading * 1250mV) / 1023
The reading in the sample frame represents voltage inputs of 1192.57 and 356.8 mV for AD0 and AD1
respectively.
XBee3® Zigbee® RF Module User Guide
140
Analog and digital I/O lines
I/O examples
Queried sampling
You can send the IS command to a device locally, or to a remote device using the API remote
command frame (for more information, see API Operation). When you send the IS command, the
receiving device samples all enable digital I/O and analog input channels and return an I/O sample. If
you send the IS locally, the device sends the I/O sample out the serial port. If the IS command was
received as a remote command, the I/O sample is sent over-the-air to the device that sent the IS
command.
If you issue the IS command in Command mode, the device returns a carriage return-delimited list
containing the fields listed in I/O sampling. If you issue the IS command in API mode, an API command
response contains the same information.
The following table shows an example of the fields in an IS response.
Example
Sample AT Response
0x01
[1 sample set]
0x0C0C
[Digital Inputs: DIO 2, 3, 10, 11 enabled]
0x03
[Analog Inputs: A/D 0, 1 enabled]
0x0408
[Digital input states: DIO 3, 10 high, DIO 2, 11 low]
0x03D0
[Analog input ADIO 0= 0x3D0]
0x0124
[Analog input ADIO 1=0x120]
Periodic I/O sampling
Periodic sampling allows a device to take an I/O sample and transmit it to a remote device at a
periodic rate. Use the IR command to set the periodic sample rate.
n To disable periodic sampling, set IR to 0.
n
For all other IR values, the firmware samples data when IR milliseconds elapse and the sample
data transmits to a remote device.
The DH and DL commands determine the destination address of the I/O samples.
You can set DH and DL to 0 to transmit to the coordinator, or to the 64-bit address of the remote
device (SH and SL).
Only devices with API operating mode enabled send I/O data samples out their serial interface.
Devices that are in Transparent mode (AP = 0) discard the I/O data samples they receive. You must
configure at least one pin as a digital or ADC input to generate sample data.
A device with sleep enabled transmits periodic I/O samples at the IR rate until the ST time expires and
the device can resume sleeping.
Change detection sampling
You can configure devices to transmit a data sample immediately whenever a monitored digital I/O
pin changes state. The IC command is a bitmask used to set which digital I/O lines to monitor for a
state change. If one or more bits in IC is set, the device transmits an I/O sample as soon as it observes
a state change in one of the monitored digital I/O lines. Use DH and DL to specify the 64-bit address to
transmit change detection samples.
Digi does not recommend using change detection if sleep is enabled. Change detection is edgetriggered, and the change must occur while the module is awake to generate an I/O sample.
XBee3® Zigbee® RF Module User Guide
141
Analog and digital I/O lines
RSSI PWM
RSSI PWM
The XBee3 Zigbee RF Module features an RSSI/PWM pin (Micro pin 7/SMT pin 7/TH pin 6) that, if
enabled, adjusts the PWM output to indicate the signal strength of the last received packet. Use P0
(DIO10/RSSI Configuration) to enable the RSSI pulse width modulation (PWM) output on the pin. If P0
is set to 1, the RSSI/PWM pin outputs a pulse width modulated signal where the frequency adjusts
based on the received signal strength of the last packet. Otherwise, for all other P0 settings, use the
pin for general purpose IO.
When a data packet is received, if you set P0 to enable the RSSI/PWM feature, the RSSI PWM output
adjusts based on the RSSI of the last packet. The RSSI/PWM output is enabled for a time based on the
RP command. Each time the device receives an RF packet, the RSSI/PWM output adjusts based on the
RSSI of the new packet, and resets the RSSI timer. If the RSSI timer expires, the RSSI/PWM pin drives
low. RP is measured in 100 ms units and defaults to a value of 40 (4 seconds).
The RSSI PWM runs at 12 MHz and has 2400 total counts (200 µs period). RSSI (in dBm) is converted to
PWM counts using the following equation:
PWM counts = (41 * RSSI_Unsigned) - 5928
XBee3® Zigbee® RF Module User Guide
142
AT commands
Network commands
Operational Network Parameters commands
Security commands
Addressing commands
Zigbee addressing commands
RF interfacing commands
Serial interfacing commands
Command mode options
MicroPython commands
Sleep commands
I/O settings commands
I/O sampling commands
Diagnostic commands
Memory access commands
XBee3® Zigbee® RF Module User Guide
144
149
151
153
159
160
163
168
169
170
173
182
183
185
143
AT commands
Network commands
Network commands
This section lists the AT commands that are used during a form and join attempt.
Note Any changes you make to this section will cause the device to leave and rejoin or form a new
network.
CE (Device Role)
Determines whether the device should form or join a network.
When forming a network, the device acts as a Zigbee network coordinator it is unless using a
distributed trust center security model (EO bit 1 is not set) where it forms the network as a route.
Parameter range
0-1
Value
Description
0
Join Network
1
Form Network (SM must be 0 to set CE to 1)
Default
0
ID (Extended PAN ID)
The preconfigured Extended PAN ID used when forming or joining a network.
ID restricts joining to only networks with a matching OP value. If ID is set to 0, the device attempt to
join any open network.
When forming a network (CE=1), ID preconfigures the Extended PAN ID used to form the network.
When you set ID to 0, a random Extended PAN ID is generated.
Parameter range
0 - 0xFFFFFFFFFFFFFFFF
Default
0
II (Initial 16-bit PAN ID)
The preconfigured 16-bit PAN ID used when forming a network. Use this command to replace a
coordinator node on an existing network.
When you set II to the default value (recommended) the module forms a network on a random 16-bit
PAN ID.
Range
0 - 0xFFFF
XBee3® Zigbee® RF Module User Guide
144
AT commands
Network commands
Default
0xFFFF
ZS (Zigbee Stack Profile)
Set or read the initial Zigbee stack profile used by the device. This parameter must be the same on all
devices joining the same network. If XBee devices are the only type of radio on your network, leave ZS
at the default value of 0; a non-zero value allows third-party Zigbee devices to join.
Changing ZS causes all current parameters to be written to persistent storage and the module
restarts; this is equivalent to issuing WR and FR commands.
Parameter range
0-2
Value
Description
0
Digi Proprietary
1
Zigbee 2006 (legacy)
2
Zigbee-PRO (third-party)
Default
0
CR (Conflict Report)
The number of PAN ID conflict reports that must be received by the network manager within one
minute to trigger a PAN ID change.
A corrupt beacon can cause a report of a false PAN ID conflict.
A higher value reduces the chance of a false PAN ID change.
Parameter range
1 - 0x3F
Default
3
NJ (Node Join Time)
Configure the amount of time the local device’s join window is open for. The join window specified by
NJ only affects the window for the local node and does not affect the timing of the rest of the
network. This value can be changed at run time without requiring a Coordinator or Router to restart.
Zigbee 3.0 does not allow the network to be always open for joining; modules that attempt to join
when the join window is closed will report an AI value of 0x23. The join window can optionally be
persistently opened by setting NJ = 0xFF, but this causes the device to operate outside of the Zigbee
3.0 specifications.
The join window opens under the following conditions:
n NJ parameter value is changed and applied.
n
Local device is power cycled.
XBee3® Zigbee® RF Module User Guide
145
AT commands
Network commands
n
Local device forms a network (CE=1).
n
Commissioning button is enabled (D0=1) and is physically pressed twice.
n
A CB2 AT command is issued.
If you set NJ to 0, the join window will always be closed; this is the recommended setting for secure
networks. When configured with this setting, using a CB2 AT command or pressing the commissioning
button twice opens the join window for one minute.
Note When a device is rejoining a network, the join window does not need to be open. However, if the
rejoin attempt fails six times, the module attempts to join by association which requires an open
joining window.
Parameter range
0 - 0xFF (seconds)
Default
0xFE (254 seconds)
DJ (Disable Joining)
Prevent a local device from joining a network.
This does parameter does not affect end devices that are already joined to a network. It only prevents
those devices from joining another network.
Note This parameter is not written to flash with the WR command and reverts to default after a
power cycle.
Parameter range
0-1
Value
Description
0
Enable Joining
1
Disable Joining
Default
1
NW (Network Watchdog Timeout)
Set the network watchdog timeout used to ensure that a coordinator is active on the network.
If NW is set > 0, the router monitors communication from the coordinator (or data collector) and
leaves the network if it cannot communicate with the coordinator for 3 NW periods. The device resets
the timer each time it receives or sends data to a coordinator, or if it receives a many-to-one
broadcast.
Parameter range
0 - 0x64FF [x 1 minute](up to approximately 18 days)
XBee3® Zigbee® RF Module User Guide
146
AT commands
Network commands
Default
0 (disabled)
JV (Coordinator Join Verification)
Used during join and rejoin attempts to determine if a coordinator is present on the target network.
If JV = 1, a router or end device verifies the coordinator is on its operating channel when joining or
coming up from a power cycle. If a coordinator is not detected, the router or end device leaves its
current channel and attempts to join a new PAN. If JV = 0, the router or end device continues
operating on its current channel even if a coordinator is not detected.
Parameter range
0-1
Value
Description
0
No coordinator verification
1
Coordinator verification enabled
Default
0
JN (Join Notification)
Broadcast Join Notification upon successful join attempt.
If enabled, the device transmits a broadcast node identification packet on power up and when joining.
This action blinks the Associate LED rapidly on all devices that receive the transmission, and sends an
API frame out the serial port of API devices.
Digi recommends you disable this feature for large networks to prevent excessive broadcasts.
Parameter range
0-1
Parameter
Description
0
Disabled
1
Broadcast notification to network upon joining
Default
0
DO (Miscellaneous Device Options)
A bitfield that contains advanced device options that do not have dedicated AT commands.
Leave unused bits clear so future device options are not inadvertently enabled during a firmware
update.
XBee3® Zigbee® RF Module User Guide
147
AT commands
Network commands
Bit field:
Bit Description
0
Reserved.
1
Reserved.
2
Reserved.
3
Reserved.
4
Disable Tx packet extended timeout.
5
Disable ACK for end device I/O sampling.
6
Enable High-RAM concentrator.
7
Use coordinator verification to find new network when network watchdog triggers.
Parameter range
0 - 0xFF
Default
0x40
DC (Joining Device Controls)
A bitfield that contains advanced joining device controls that do not have dedicated AT commands.
These options only apply to joining devices (CE=0).
Leave unused bits clear so future device controls are not inadvertently enabled during a firmware
update.
Bit field:
Bit Description
0
Generate a preconfigured link key using device's install code (KY is ignored). Enabling this
option requires the joining device be registered to the trust center.
1
Ignore NWK leave requests after joining.
2
Enable verbose join information.
3
Join network with best response (strongest signal) instead of first responder.
415
Reserved
Parameter range
0 - 0xFFFF
Default
0
XBee3® Zigbee® RF Module User Guide
148
AT commands
Operational Network Parameters commands
CB (Commissioning Pushbutton)
Use CB to simulate Commissioning Pushbutton presses in software.
You can issue CB even if the Commissioning Button functionality is disabled (D0 is not set to 1).
Set the parameter value to the number of button presses that you want to simulate. For example,
send CB1 to perform the action of pressing the Commissioning Pushbutton once.
Parameter range
1, 2, 4
Parameter
Description
1
If disassociated:
n Join Network.
If associated:
n Wake device for 30 seconds, if sleeping.
n
Send Node Identification broadcast.
2
Enable joining for 1 minute (or NJ seconds if NJ is not 0 or 0xFF).
4
Restore device configuration to default and leave the network.
Default
N/A
NR (Network Reset)
Resets network layer parameters on one or more modules within a PAN. Responds immediately with
an OK then causes a network restart. The device loses all network configuration and routing
information.
If NR = 0: Resets network layer parameters on the node issuing the command.
If NR = 1: Sends broadcast transmission to reset network layer parameters on all nodes in the PAN.
Note NR and NR0 both perform the same function and may be used interchangeably.
Parameter range
0-1
Default
N/A
Operational Network Parameters commands
The following read-only AT commands provide information about the attached Zigbee network.
AI (Association Indication)
Read information regarding last node join request. Query AI during a join attempt to identify the
current state.
XBee3® Zigbee® RF Module User Guide
149
AT commands
Operational Network Parameters commands
You can also enable Verbose Joining (DC=4) to debug a join attempt in real-time.
Status code
Meaning
0x00
Successfully formed or joined a Zigbee network.
0x21
Scan found no PANs.
0x22
Scan found no valid PANs based on SC and ID settings.
0x23
Valid PAN found, but joining is currently disabled.
0x24
No joinable beacons were found.
0x27
Join attempt failed.
0x2A
Failed to start coordinator.
0x2B
Checking for existing coordinator.
0x40
Secure Join - Successfully attached to network, waiting for new link key.
0x40
Secure Join - Failed to receive new link key from the trust center.
0x41
Secure Join - Successfully received new link key from the trust center.
0xAB
Attempted to join a device that did not respond.
0xAD
Secure Join - A network security key was not received from the trust center.
0xAF
Secure Join - A preconfigured key is required to join the network.
Parameter range
0 - 0xFF [read-only]
Default
N/A
OP (Operating Extended PAN ID)
Read the 64-bit extended PAN ID of the attached network. The OP value reflects the operating 64-bit
extended PAN ID where the device is running.
Parameter range
1 - 0xFFFFFFFFFFFFFFFF
Default
N/A
OI (Operating 16-bit PAN ID)
Read the 16-bit PAN ID of the attached network. The OI value reflects the actual 16-bit PAN ID where
the device is running.
Parameter range
0 - 0xFFFF [read-only}
XBee3® Zigbee® RF Module User Guide
150
AT commands
Security commands
Default
N/A
CH (Operating Channel)
Read the channel number of the attached network. Channels are represented as IEEE 802.15.4
channel numbers.
A value of 0 means the device has not joined a PAN and is not operating on any channel.
Parameter range
0, 0x0B - 0x1A (Channels 11 through 26) [read-only]
Default
N/A
NC (Number of Remaining Children)
Read the number of remaining end device children that can join the device. If NC returns 0, the device
is at capacity and cannot allow any more end device children to join.
Parameter range
0 - 0x14 (20 child devices)
Default
N/A
Security commands
The following AT commands are used to set the initial security parameters.
Note Configure these parameters prior to forming/joining a network. Changing these parameters
may cause the node to leave any currently attached network.
EE (Encryption Enable)
Set or read the encryption enable setting of the local device.
Parameter range
0-1
Parameter
Description
0
Encryption Disabled
1
Encryption Enabled
Default
0
XBee3® Zigbee® RF Module User Guide
151
AT commands
Security commands
EO (Encryption Options)
A bitfield that contains advanced encryption options that do not have dedicated AT commands. These
options are only applicable when encryption is enabled (EE = 1).
Leave unused bits clear so future encryption options are not inadvertently enabled during a firmware
update.
Bit field:
Bit
Description
0
Send/receive NWK keys in the clear (unsecure).
1
1 = Centralized Trust Center.
0 = Distributed Trust Center.
2
Use EUI64-hashed link keys (used on centralized trust center only).
3
Emit join notification frames (used on centralized trust center only).
4
Allow joining using well-known default link keys (unsecure).
5 - 15
Reserved.
Parameter range
0 - 0xFF
Default
2
KY (Link Key)
The preconfigured link key used during network formation and joining. This is a write-only parameter.
On a forming node (CE=1):
KY acts as the preconfigured global link key of the trust center. If you set KY to 0, a random
link key will be generated and used to form the network; this requires joining devices to be
registered to the trust center using a 0x24 registration API frame.
On a joining node (CE=0):
KY is the preconfigured link key used during joining; it must either match the KY value set on
the trust center or be registered with the trust center via 0x24 registration frame. If you set
KY to 0 on a joining node, an unsecure well-known default link key will be used. EO bit 4 must
be set on the trust center for unsecure devices configured in this way to join.
Parameter range
0 - 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [write-only]
Default
0
NK (Trust Center Network Key)
The network key used by the trust center to encrypt network traffic. If you set NK to 0
(recommended), a random network key is used. NK is not used by joining nodes, as the network key is
XBee3® Zigbee® RF Module User Guide
152
AT commands
Addressing commands
securely obtained as part of the join process. This is a write-only parameter.
If operating with a centralized trust center (EE=1, EO=2), NK can be changed to rotate the network
key, which will be distributed to every device on the network. In a distributed trust center, every
router has a copy of the network key, so it cannot be changed after the network is formed.
Parameter range
0 - 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [write-only]
Default
0
KT (Trust Center Link Key Registration Timeout)
When registering a joining device using a 0x24 registration API frame, this parameter determines the
length of time the key table entry persists before expiring.
This timeout is separate from the NJ join time. The join window does not open when a device is
registered to the trust center.
Parameter range
0x1E - 0xFFFF (seconds)
Default
0x12C (500 Seconds)
I? (Install Code)
The install code is a random key assigned to every Zigbee 3.0 device at the factory. This install code
can be used to securely register a device to a trust center using a 0x24 registration frame and option
bit.
For the install code to be used by the joining device, DC bit 0 must be set on the joiner.
Parameter range
0 - 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [read-only]
Default
Set in the factory.
Addressing commands
The following AT commands are used for communication with a Zigbee network after association.
SH (Serial Number High)
Displays the upper 32 bits of the unique IEEE 64-bit extended address assigned to the XBee in the
factory.
This value is read-only and it never changes.
Parameter range
0x0013A200 - 0x0013A2FF [read-only]
XBee3® Zigbee® RF Module User Guide
153
AT commands
Addressing commands
Default
Set in the factory
SL (Serial Number Low)
Displays the lower 32 bits of the unique IEEE 64-bit RF extended address assigned to the XBee in the
factory.
This value is read-only and it never changes.
Parameter range
0x0013A200 - 0x0013A2FF [read-only]
Default
Set in the factory
MY (16-bit Network Address)
Reads the 16-bit network address of the device, which is randomly assigned by the network upon
association.
A value of 0xFFFE means the device has not joined a Zigbee network.
Parameter range
0 - 0xFFFF [read-only]
Default
0 - 0xFFFE
MP (16-bit Parent Network Address)
Read the 16-bit network address of the device's parent. A value of 0xFFFE means the device does not
have a parent.
Read the 16-bit network address of the device’s parent.
If MP=0xFFFE, the device is not an End Device or is not currently associated with a parent.
Parameter range
0 - 0xFFFE [read-only]
Default
0xFFFE
DH (Destination Address High)
Set or read the upper 32 bits of the 64-bit destination address.
When you combine DH with DL, it defines the 64-bit destination address that the device uses for
outgoing data transmissions in transparent mode (AP=0) and I/O sampling. This destination address
corresponds to the serial number (SH + SL) of the target device.
Reserved Zigbee network addresses:
n 0x000000000000FFFF is a broadcast address.
n
0x0000000000000000 addresses the network coordinator.
XBee3® Zigbee® RF Module User Guide
154
AT commands
Addressing commands
Parameter range
0 - 0xFFFFFFFF
Default
0
DL command
Set or display the lower 32 bits of the 64-bit destination address.
When you combine DH with DL, it defines the 64-bit destination address the device uses for outgoing
data transmissions in transparent mode (AP=0) and I/O sampling. This destination address
corresponds to the serial number (SH + SL) of the target device.
Reserved Zigbee network addresses:
n 0x000000000000FFFF is a broadcast address.
n
0x0000000000000000 addresses the network coordinator.
Parameter range
0 - 0xFFFFFFFF
Default
0
NI (Node Identifier)
A human-friendly name for the device. Use this string with network discovery commands in order to
easily identify devices on the network.
Use the ND (Network Discovery) command with this string as an argument to filter network discovery
results.
Use the DN (Discover Node) command with this string as an argument to resolve the 64-bit address of
a node with a matching NI string.
Parameter range
A string of case-sensitive ASCII printable characters from 0 to 20 bytes in length. A carriage return
or a comma automatically ends the command.
Default
0x20 (an ASCII space character)
NH (Maximum Unicast Hops)
This parameter determines the timeout value used for unicast transmissions from the local device.
The timeout is computed as (50 * NH) + 100 ms. A unicast transmission that does not receive an
acknowledgement within the timeout period is reported as a failed transmission.
The default unicast timeout of 1.6 seconds (NH=0x1E) is enough time for data and the
acknowledgment to traverse approximately 8 hops.
If BH (Broadcast Hops) = 0, NH is used to set the maximum number of hops across the network when
sending a broadcast transmission. NH is also used to set the maximum number of hops for broadcast
if BH > NH.
XBee3® Zigbee® RF Module User Guide
155
AT commands
Addressing commands
Parameter range
0 - 0xFF
Default
0x1E
BH (Broadcast Hops)
The number of hops that broadcast transmissions from the local device traverse. Unlike NH, this
parameter is a fixed number of hops and not used in timeout calculations.
Parameter range
0 - 0x1E
Default
0
AR (Aggregate Routing Notification)
Set or read the periodic time for broadcasting aggregate route messages. Setting AR enables manyto-one routing from the broadcasting device using the concentrator mode determined by DO Bit 6.
Set AR to 0x00 to send only one broadcast.
Set AR to 0xFF to stop sending broadcasts (many-to-one routing will still be enabled until a network
reset occurs).
Parameter range
0 - 0xFF (x10 sec)
Default
0xFF (disabled)
DD (Device Type Identifier)
Stores the Digi device type identifier value. Use this value to differentiate between multiple types of
devices(for example, sensors or lights).
If you change DD, RE (Restore Defaults) will not restore defaults. The only way to get DD back to
default values is to explicitly set it to defaults.
This command can optionally be included in network discovery responses by setting bit 1 of NO.
Parameter range
0 - 0xFFFFFFFF
Default
0x120000
Note 0x120000 denotes Digi XBee3 hardware.
XBee3® Zigbee® RF Module User Guide
156
AT commands
Addressing commands
ND (Network Discovery)
Discovers and reports all of the devices it finds on a network. The command reports the following
information after a jittered time delay (based on the local device’s NT value).
PARENT_NETWORK ADDRESS<CR> (2 Bytes) (always 0xFFFE)
PARENT_NETWORK ADDRESS (2 Bytes) <CR>
DEVICE_TYPE<CR> (1 Byte: 0 = Coordinator, 1 = Router, 2 = End Device)
STATUS<CR> (1 Byte: Reserved)
PROFILE_ID<CR> (2 Bytes)
MANUFACTURER_ID<CR> (2 Bytes)
<CR>
After (NT * 100) milliseconds, the command ends by returning a <CR>.
If you send ND through a local API frame, each network node returns a separate Local or Remote AT
Command Response API packet, respectively. The data consists of the previously listed bytes without
the carriage return delimiters. The NI string ends in a “0x00” null character because it is a variable
length.
ND also accepts a NI (Node Identifier) as a parameter (optional). In this case, only a device that
matches the supplied identifier responds after a jittered time delay. If there are no matching devices,
the command returns an “ERROR”.
The radius of the ND command is set by the BH command.
A status code of 1=ERROR will be returned if the transmit queue is full. That means there are already
four messages queued for transmission. The application is trying to send messages faster than the
device can process the requests. The application may either try again later, be redesigned to send
messages at a slower rate, or wait for a Tx Status response for a prior message before attempting to
send another.
For more information about the options that affect the behavior of the ND command, see NO
(Network Discovery Options).
Parameter range
20-byte printable ASCII string
Default
N/A
DN (Discover Node)
Resolves an NI (Node identifier) string to a physical address (case sensitive).
The following events occur after DN discovers the destination node:
When DN is sent in Command mode:
1. The device sets DL and DH to the address of the device with the matching NI string.
2. The receiving device returns OK (or ERROR).
3. The device exits Command mode to allow for immediate communication. If an ERROR is
received, then Command mode does not exit.
When DN is sent as a local AT Command Frame - 0x08:
1. The receiving device returns the 16-bit network and 64-bit extended addresses in an API
Command Response frame..
XBee3® Zigbee® RF Module User Guide
157
AT commands
Addressing commands
2. If there is no response from a module within (NT * 100) milliseconds or you do not specify a
parameter (by leaving it blank), the receiving device returns an ERROR message.
Parameter range
Up to 20-byte printable ASCII string
Default
N/A
NT (Node Discover Timeout)
Sets or displays the amount of time a base node waits for responses from other nodes when using the
ND (Node Discover) command.
When you issue the ND command, the transmission includes the NT value to provide all remote
devices with a response timeout. Remote devices wait a random time, less than NT, before sending
their response to avoid collisions.
Sets or displays the network discovery back-off parameter for a device. This sets the maximum value
for the random delay that the device uses to send network discovery responses.
Parameter range
0x20 - 0xFF (x 100 ms)
Default
0x3C (6 seconds)
NO (Network Discovery Options)
A bitfield that contains advanced network discovery options that do not have dedicated AT commands.
These options only affect the behavior of the local device when you issue an ND command or when
sending a node identification.
Parameter range
0-3
Option Description
0
Append the DD (Digi Device Identifier) value to ND responses and node identification
frames.
1
Local device sends ND response when the ND is issued.
Default
0x0
NP (Maximum Packet Payload Bytes)
Reads the maximum number of RF payload bytes that you can send in a transmission based on
current parameter settings.
Using APS encryption (API transmit option bit enabled), reduces the maximum payload size by 9 bytes.
XBee3® Zigbee® RF Module User Guide
158
AT commands
Zigbee addressing commands
Using source routing (AR < 0xFF), further reduces the maximum payload size depending on how many
hops are traversed.
Note NP returns a hexadecimal value. For example, if NP returns 0x54, this is equivalent to 84 bytes.
Parameter range
0 - 0xFFFF (bytes) [read-only]
Default
N/A
Zigbee addressing commands
The following AT commands adjust the advanced communication settings that affect outgoing data
transmissions.
TO (Transmit Options)
The bitfield that configures the advanced options used for outgoing data transmissions for a device
operating in transparent mode (AP=0).
When operating in API mode, if the Transmit Options field in the API frame is 0, the TO parameter
value will be used instead.
Parameter range
0 - 0xFF
Bit field:
Unused bits must be set to 0. These bits may be logically ORed together:
Bit
Meaning
0
Disabled retries and route repair.
1
Enable APS end-to-end encryption (if EE=1).
2
Use extended timeout.
Default
0
SE (Source Endpoint)
Sets or displays the application layer source endpoint value used for data transmissions.
This command only affects outgoing transmissions in transparent mode (AP=0).
0xE8 is the Digi data endpoint used for outgoing data transmissions.
0xE6 is the Digi device object endpoint used for configuration and commands.
Parameter range
0 - 0xFF
XBee3® Zigbee® RF Module User Guide
159
AT commands
RF interfacing commands
Default
0xE8
DE (Destination Endpoint)
Sets or displays the application layer destination endpoint used for data transmissions.
This command only affects outgoing transmissions in transparent mode (AP=0).
0xE8 is the Digi data endpoint used for outgoing data transmissions.
0xE6 is the Digi device object endpoint used for configuration and commands.
Parameter range
0 - 0xFF
Default
0xE8
CI (Cluster ID)
Sets or displays the application layer Cluster ID value used for data transmissions.
This command only affects outgoing transmissions in transparent mode (AP = 0).
0x11 is a transparent data cluster ID.
0x12 is a loopback cluster ID.
Parameter range
0 - 0xFFFF
Default
0x11 (Transparent data cluster ID)
RF interfacing commands
The following AT commands affect the RF interface of the device.
PL (TX Power Level)
Sets or displays the power level at which the device transmits conducted power.
Note If operating on channel 26 (CH = 0x1A), output power will be capped and cannot exceed 8 dBm
regardless of the PL setting.
Parameter range
0-4
Setting
XBee3-PRO
XBee3 non-PRO
0
-5 dBm
-5 dBm
XBee3® Zigbee® RF Module User Guide
160
AT commands
RF interfacing commands
Setting
XBee3-PRO
XBee3 non-PRO
1
+3 dBm
-1 dBm
2
+8 dBm
+2 dBm
3
+15 dBm
+5 dBm
4
+19 dBm
+8 dBm
Default
4
PP (Power at PL4)
Read the maximum allowed dBm power level when device is configured with PL=4.
Use this command to determine if the module is a Pro or non-Pro variant. The value the command
returns will be in hex representation (0x14 = 20dBm).
Note Read the maximum allowed power level when device is configured with PL=4. Use this command
to determine if the module is a Pro or non-Pro variant. The value the command returns will be in hex
representation: Pro = 0x14 and Non-Pro = 0x8.
Parameter range
8 - 0x14 [read-only]
Default
N/A
SC (Scan Channels)
The channels used when an active scan is performed by the local device.
An active scan is performed any time a network is formed or prior to a join attempt. You can force an
active scan by issuing an AS command.
Parameter range
0 - 0xFFFF (bit field)
Bit field mask:
Bit
IEEE 802.15.4 channel
0
11
1
12
2
13
3
14
4
15
XBee3® Zigbee® RF Module User Guide
161
AT commands
RF interfacing commands
Bit
IEEE 802.15.4 channel
5
16
6
17
7
18
8
19
9
20
10
21
11
22
12
23
13
24
14
25
15
26
Note Avoid channel 26. The output power is capped at 8 dBm on this channel.
Default
0x7FFF (channels 11 through 25)
SD (Scan Duration)
Sets or displays the length of time the device will linger on a channel during an active scan.
Scan Time is measured as:
([# of channels to scan] * (2 ^SD) * 15.36 ms) + (38 ms * [# of channels to scan]) + 20 ms
Use the SC (Scan Channels) command to set the number of channels to scan.
Note SD influences the time the MAC listens for beacons or runs an energy scan on a given channel.
The SD time is not an accurate estimate of the router/end device joining time requirements. Zigbee
joining includes additional overhead comprising beacon processing on each channel, and sending a join
request that extends the actual joining time.
Parameter range
0 - 7 (exponent)
Default
3
AS (Active Scan)
Forces an active scan of the neighborhood for beacon responses. The AS command cannot be issued
remotely.
An Active scan returns a multi-line response with each field separated by a carriage return:
AS_type – unsigned byte = Always returns 2, indicating the protocol is Zigbee
XBee3® Zigbee® RF Module User Guide
162
AT commands
Serial interfacing commands
Channel – unsigned byte
PAN – unsigned word in big endian format
Extended PAN – eight unsigned bytes in bit endian format
Allow Join – unsigned byte – 1 indicates join is enabled, 0 that it is disabled
Stack Profile – unsigned byte
LQI – Link Quality Indicator - unsigned byte, higher values are better
RSSI – Relative Signal Strength Indicator - signed byte, lower values are better
Each field in the AS response is separated by a carriage return (0x0D character).
An additional carriage return separates multiple beacons.
Two additional carriage returns indicate the end of the Active Scan.
Parameter range
N/A
Default
N/A
ED (Energy Detect)
Measures the detected energy on each IEEE 802.15.4 channel.
In Transparent mode (AP=0), a comma follows each value with the list ending with a carriage return.
The values returned reflect the detected energy level in units of -dBm. Convert an ED response of 49,
3A, and so on, to decimal to become -73 dBm, -58 dBm, and so on.
Parameter range
1 - 0xFF (x1 ms)
Default
0x10 (16 ms)
DB command
This command reports the received signal strength of the last received RF data packet or APS
acknowledgment. The DB command only indicates the signal strength of the last hop. It does not
provide an accurate quality measurement for a multihop link.
The DB command value is measured in -dBm. For example, if DB returns 0x50, then the RSSI of the last
packet received was -80 dBm. Set DB to 0 to clear the current value.
Parameter range
0 - 0xFF
Default
N/A
Serial interfacing commands
The following AT commands configure the UART interface on the device.
XBee3® Zigbee® RF Module User Guide
163
AT commands
Serial interfacing commands
BD (UART Baud Rate)
This command configures the serial interface baud rate for communication between the UART port of
the device and the host.
The device interprets any value between 0x12C and 0x0EC400 as a custom baud rate. Custom baud
rates are not guaranteed and the device attempts to find the closest achievable baud rate. After
setting a non-standard baud rate, query BD to find the actual operating baud rate before applying
changes.
The following table provides some example BD parameters sent versus the parameters stored.
Parameter range
Standard baud rates: 0x0 - 0x0A
Non-standard baud rates: 0x12C - 0x0EC400
Parameter
Description
0x0
1200 baud
0x1
2400 baud
0x2
4800 baud
0x3
9600 baud
0x4
19200 baud
0x5
38400 baud
0x6
57600 baud
0x7
115200 baud
0x8
230,400 baud
0x9
460,800 baud
0xA
921,600 baud
Default
0x03 (9600 baud)
NB (Parity)
Set or read the serial parity settings for UART communications.
Parameter range
0-2
Parameter
Description
0
No parity
1
Even parity
2
Odd parity
XBee3® Zigbee® RF Module User Guide
164
AT commands
Serial interfacing commands
Default
0
SB (Stop Bits)
Sets or displays the number of stop bits for UART communications.
Parameter range
0-1
Parameter
Configuration
0
One stop bit
1
Two stop bits
Default
0
AP (API Enable)
Determines the API mode for the UART interface.
Parameter range
0-2
Parameter
Description
0
API disabled (operate in Transparent mode)
1
API enabled
2
API enabled (with escaped control characters)
Default
0
AO (API Options)
Configure the serial output options for received API frames. The current options select the type of
receive API frame to send out the UART for received RF data packets.
Leave unused bits clear so future API options are not inadvertently enabled during a firmware update.
Bit field
Parameter
Description
0
0 = Native API output (0x90 frame type).
1 = Explicit API output (0x91 frame type).
XBee3® Zigbee® RF Module User Guide
165
AT commands
Serial interfacing commands
Parameter
Description
1
Unsupported ZDO request pass-through.
2
Supported ZDO request pass-through.
3
Binding request pass-through.
Parameter range
0 - 0xB
Default
0
RO (Packetization Timeout)
Set or read the number of character times of inter-character silence required before transmission
begins when operating in Transparent mode. Only use RO when the device is operating in Transparent
mode (AP = 0).
Set RO to 0 to transmit characters as they arrive instead of buffering them into one RF packet.
The RO command is only supported when operating in Transparent mode.
Parameter range
0 - 0xFF (x character times)
Default
3
D6 (DIO6/RTS)
Sets or displays the DIO6/RTS configuration (Micro pin 27/SMT pin 29/TH pin 16).
Parameter range
0, 1, 3 - 5
Parameter
Description
0
Disabled
1
RTS flow control
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
XBee3® Zigbee® RF Module User Guide
166
AT commands
Serial interfacing commands
D7 (DIO7/CTS)
Sets or displays the DIO7/CTS configuration (Micro pin 24/SMT pin 25/TH pin 12).
Parameter range
0, 1, 3 - 7
Parameter
Description
0
Disabled
1
CTS flow control
3
Digital input
4
Digital output, low
5
Digital output, high
6
RS-485 enable, low Tx
7
RS-485 enable, high Tx
Default
0x1
P3 (DIO13/DOUT Configuration)
Sets or displays the DIO13/DOUT configuration (Micro pin 3/SMT pin 3/TH pin 2).
Parameter range
0, 1, 3 - 5
Parameter
Description
0
Disabled
1
UART DOUT
3
Digital input
4
Digital output, low
5
Digital output, high
Default
1
P4 (DIO14/DIN Configuration)
Sets or displays the DIO14/DIN configuration (Micro pin 4/SMT pin 4/TH pin 3).
Parameter range
0, 1, 3 - 5
XBee3® Zigbee® RF Module User Guide
167
AT commands
Command mode options
Parameter
Description
0
Disabled
1
UART DIN
3
Digital input
4
Digital output, low
5
Digital output, high
Default
1
Command mode options
The following commands are Command mode option commands.
CN (Exit Command mode)
Executable command. This command immediately exits Command mode and applies pending changes.
Parameter range
N/A
Default
N/A
CT (Command Mode Timeout)
Sets or displays the Command mode timeout parameter. If the local device enters Command mode
and does not receive any valid AT commands within this time period, Command mode silently exits.
Parameter range
2 - 0x1770 (x 100 ms)
Default
0x64 (10 seconds)
GT (Guard Times)
Set the required period of silence before and after the command sequence characters of the
Command mode sequence, GT + CC + GT (including spaces). The period of silence prevents
inadvertently entering Command mode if a data stream in Transparent mode includes the CC
character. For more information, see Enter Command mode.
Parameter range
0x2 - 0x6D3 (x 1 ms)
Default
0x3E8 (one second)
XBee3® Zigbee® RF Module User Guide
168
AT commands
MicroPython commands
CC (Command Character)
Sets or displays the character value used to break from data mode to Command mode. . The
command character must be sent three times in succession while observing the minimum guard time
(GT) of silence before and after this sequence.
The default value (0x2B) is the ASCII code for the plus (+) character. You must enter it three times
within the guard time to enter Command mode. To enter Command mode, there is also a required
period of silence before and after the command sequence characters of the Command mode
sequence (GT + CC + GT). The period of silence prevents inadvertently entering Command mode. For
more information, see Enter Command mode.
Parameter range
0 - 0xFF
Default
0x2B (the ASCII plus character: +)
MicroPython commands
The following commands relate to using MicroPython on the XBee3 Zigbee RF Module.
PS (Python Startup)
Sets whether or not the XBee3 Zigbee RF Module runs the stored Python code at startup.
Range
0-1
Parameter
Description
0
Do not run stored Python code at startup.
1
Run stored Python code at startup.
Default
0
PY (MicroPython Command)
Interact with the XBee3 Zigbee RF Module using MicroPython. PY is a command with sub-commands.
These sub-commands are arguments to PY.
PYC(Code Report)
You can store compiled code in flash using the Ctrl-F command from the MicroPython REPL; refer to
the Digi MicroPython Programming Guide. The PYC sub-command reports details of the stored code. In
Command mode, it returns three lines of text, for example:
source: 1662 bytes (hash=0xC3B3A813)
bytecode: 619 bytes (hash=0x0900DBCE)
compiled: 2017-05-09T15:49:44
The messages are:
XBee3® Zigbee® RF Module User Guide
169
AT commands
Sleep commands
n
source: the size of the source code used to generate the bytecode and its 32-bit hash.
n
bytecode: the size of bytecode stored in flash and its 32-bit hash. A size of 0 indicates that
there is no stored code.
n
compiled: a compilation timestamp. A timestamp of 2000-01-01T00:00:00 indicates that the
clock was not set during compilation.
In API mode, PYC returns five 32-bit big-endian values:
n source size
n
source hash
n
bytecode size
n
bytecode hash
n
timestamp as seconds since 2000-01-01T00:00:00
PYD (Delete Code)
PYD interrupts any running code, erases any stored code and then does a soft-reboot on the
MicroPython subsystem.
PYV (Version Report)
Report the MicroPython version.
PY^ (Interrupt Program)
Sends KeyboardInterrupt to MicroPython. This is useful if there is a runaway MicroPython program
and you have filled the stdin buffer. You can enter Command mode (+++) and send ATPY^ to interrupt
the program.
Default
N/A
Sleep commands
The following AT commands are sleep commands.
SM (Sleep Mode)
Sets or displays the sleep mode of the device.
When SM > 0, the device operates as an end device. However, CE must be 0 before SM can be set to a
value greater than 0 to change the device to an end device. Changing a device from a router to an end
device (or vice versa) forces the device to leave the network and attempt to join as the new device
type when changes are applied.
Parameter range
0, 1, 4, 5
Parameter
Description
0
Sleep disabled (router)
XBee3® Zigbee® RF Module User Guide
170
AT commands
Sleep commands
Parameter
Description
1
Pin hibernate
2
N/A
3
N/A
4
Cyclic sleep enabled
5
Cyclic sleep, pin wake
Default
0
SP (Cyclic Sleep Period)
Sets the duration of sleep time for the end device, up to 28 seconds. Use the SN command to extend
the sleep time past 28 seconds.
On the parent, this value determines how long the parent buffers a message for the sleeping end
device. Set the value to at least equal to the longest SP time of any child end device.
Parameter range
0x20 - 0xAF0 x 10ms (Quarter second resolution)
Default
0x20
ST (Cyclic Sleep Wake Time)
Sets or displays the wake time of a cyclically sleeping end device after receiving serial or RF data.
The wake timer resets each time the device receives serial or RF data. Once the timer expires, an end
device may enter low power operation.
Parameter range
1 - 0xFFFF (x 1 ms)
Default
0x1388 (5 seconds)
SN (Number of Cycles Between ON_SLEEP)
Set or read the number of sleep periods value. This command controls the number of sleep periods
that must elapse between assertions of the ON_SLEEP line during the wake time if no RF data is
waiting for the end device. This command allows a host application to sleep for an extended time if no
RF data is present.
Parameter range
1 - 0xFFFF
Default
1
XBee3® Zigbee® RF Module User Guide
171
AT commands
Sleep commands
SO (Sleep Options)
A bitfield that contains advanced sleep options that do not have dedicated AT commands.
Leave unused bits clear so future sleep options are not inadvertently enabled during a firmware
update.
Parameter range
0 - 0xFF
Bit
Option
0
Reserved.
1
Wake for the entire ST time per wake period.
2
Enable extended cyclic sleep (sleep for the entire SN * SP time, possible data loss).
Default
0
WH (Wake Host Delay)
Sets or displays the wake host timer value. You can use WH to give a sleeping host processor
sufficient time to power up after the device asserts the ON_SLEEP line.
If you set WH to a non-zero value, this timer specifies a time in milliseconds that the device delays
after waking from sleep before sending data out the UART or transmitting an I/O sample. If the device
receives serial characters, the WH timer stops immediately.
Parameter range
0 - 0xFFFF (x 1 ms)
Default
0
PO command
Set or read the end device poll rate.
Setting this to 0 (default) enables polling at 100 ms (default rate), advancing in 10 ms increments.
Adaptive polling may allow the end device to poll more rapidly for a short time when receiving RF data.
XBee3® Zigbee® RF Module User Guide
172
AT commands
I/O settings commands
Parameter range
0 - 0x3E8 (x 10 ms)
Default
0
SI command
Executable command. Causes a cyclic sleep device to sleep immediately rather than wait for the ST
timer to expire.
Note If you issue this command in Command mode, the module remains in Command mode until the
CT timer expires or you issue a CN command.
Parameter
N/A
Default
N/A
I/O settings commands
The following AT commands are I/O settings commands.
D0 (DIO0/AD0/Commissioning Button Configuration)
Sets or displays the DIO0/AD0/CB configuration (Micro pin 31/SMT pin 33/TH pin 20).
Parameter range
0-5
Parameter
Description
0
Disabled
1
Commissioning Pushbutton
2
ADC
3
Digital input
4
Digital output, low
5
Digital output, high
Default
1
D1 (AD1/DIO1 Configuration)
Sets or displays the DIO1/AD1 configuration (Micro pin 30/SMT pin 32/TH pin 19).
XBee3® Zigbee® RF Module User Guide
173
AT commands
I/O settings commands
Parameter range
0-5
Parameter
Description
0
Disabled
1
Commissioning Button
2
ADC
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
D2 (DIO2/AD2 Configuration)
Sets or displays the DIO2/AD2 configuration (Micro pin 29/SMT pin 31/TH pin 18).
Parameter range
0, 2 - 5
Parameter
Description
0
Disabled
2
ADC
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
D3 (DIO3/AD3 Configuration)
Sets or displays the DIO3/AD3 configuration (Micro pin 28/SMT pin 30/TH pin 17).
Parameter range
0, 2 - 5
Parameter
Description
0
Disabled
XBee3® Zigbee® RF Module User Guide
174
AT commands
I/O settings commands
Parameter
Description
2
ADC
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
D4 (DIO4 Configuration)
Sets or displays the DIO4 configuration (Micro pin 23/SMT pin 24/TH pin 11).
Parameter range
0, 3 - 5
Parameter
Description
0
Disabled
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
D5 (DIO5/Associate Configuration)
Sets or displays the DIO5 configuration (Micro pin 26/SMT pin 28/TH pin 15).
Parameter range
0, 1, 3 - 5
Parameter
Description
0
Disabled
1
Associate LED indicator
3
Digital input
4
Digital output, default low
5
Digital output, default high
Default
1
XBee3® Zigbee® RF Module User Guide
175
AT commands
I/O settings commands
D8 (DIO8/DTR/SLP_RQ)
Sets or displays the DIO8/DTR/SLP_RQ configuration (Micro pin 9/SMT pin 10/TH pin 9).
Parameter range
0, 1, 3 - 5
Parameter Description
0
Disabled
1
DTR/Sleep Request (used with pin hibernate
and cyclic sleep with pin wake)
3
Digital input
4
Digital output, low
5
Digital output, high
Default
1
D9 (DIO9/ON_SLEEP)
Sets or displays the DIO9/ON_SLEEP configuration (Micro pin 25/SMT pin 26/TH pin 13).
Parameter range
0, 1, 3 - 5
Parameter
Description
0
Disabled
1
Awake/SLEEP indicator
3
Digital input
4
Digital output, low
5
Digital output, high
Default
1
P0 (DIO10/RSSI Configuration)
Sets or displays the DIO10/RSSI configuration (Micro pin 7/SMT pin 7/TH pin 6).
Parameter range
0, 1, 3 - 5
XBee3® Zigbee® RF Module User Guide
176
AT commands
I/O settings commands
Parameter
Description
0
Disabled
1
RSSI PWM output
3
Digital input
4
Digital output, low
5
Digital output, high
Default
1
P1 (DIO11 Configuration)
Sets or displays the DIO11 configuration (Micro pin 8/SMT pin 8/TH pin 7).
Parameter range
0, 3 - 5
Parameter
Description
0
Disabled
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
P2 (DIO12 Configuration)
Sets or displays the DIO12 configuration (Micro pin 5/SMT pin 5/TH pin 4).
Parameter range
0, 3 - 5
Parameter
Description
0
Disabled
3
Digital input
4
Digital output, low
5
Digital output, high
Default
0
XBee3® Zigbee® RF Module User Guide
177
AT commands
I/O settings commands
P5 (DIO15 Configuration)
Sets or displays the DIO15 configuration (Micro pin 16/SMT pin 17/TH Pin N/A).
Note The DIO15 configuration is not available with the XBee3 through-hole module.
Parameter range
0, 4, 5
Parameter
Description
0
Disabled
4
Digital output, low
5
Digital output, high
Default
0
P6 (DIO16 Configuration)
Sets or displays the DIO16 configuration (Micro pin 15/SMT pin 16/TH Pin N/A).
Note The DIO16 configuration is not available with the XBee3 through-hole module.
Parameter range
0, 4, 5
Parameter
Description
0
Disabled
4
Digital output, low
5
Digital output, high
Default
0
P7 (DIO17 Configuration )
Sets or displays the DIO17 configuration (Micro pin 14/SMT pin 15/TH Pin N/A).
Note The DIO17 configuration is not available with the XBee3 through-hole module.
Parameter range
0, 4, 5
XBee3® Zigbee® RF Module User Guide
178
AT commands
I/O settings commands
Parameter
Description
0
Disabled
4
Digital output, low
5
Digital output, high
Default
0
P8 (DIO18 Configuration)
Sets or displays the DIO18 configuration (Micro pin 13/SMT pin 14/TH Pin N/A).
Note The DIO18 configuration is not available with the XBee3 through-hole module.
Parameter range
0, 4, 5
Parameter
Description
0
Disabled
4
Digital output, low
5
Digital output, high
Default
0
P9 (DIO19 Configuration)
Sets or displays the DIO19 configuration (Micro pin 11/SMT pin 12/TH Pin N/A).
Note The DIO19 configuration is not available with the XBee3 through-hole module.
Parameter range
0, 4, 5
Parameter
Description
0
Disabled
4
Digital output, low
5
Digital output, high
Default
0
XBee3® Zigbee® RF Module User Guide
179
AT commands
I/O settings commands
PR (Pull-up/Down Resistor Enable)
The bit field that configures the internal pull-up resistor status for the I/O lines.
n If you set a PR bit to 1, it enables the pull-up/down resistor
n
If you set a PR bit to 0, it specifies no internal pull-up/down resistor.
PR and PD only affect lines that are configured as digital inputs or disabled.
The following table defines the bit-field map for PR and PD commands.
Bit
I/O line
Device pin
0
DIO4
Micro pin 23/SMT pin 24/TH pin 11
1
DIO3
Micro pin 28/SMT pin 30/TH pin 17
2
DIO2
Micro pin 29/SMT pin 31/TH pin 18
3
DIO1
Micro pin 30/SMT pin 32/TH pin 19
4
DIO0
Micro pin 31/SMT pin 33/TH pin 20
5
DIO6/RTS
Micro pin 27/SMT pin 29/TH pin 16
6
DIO8/DTR
Micro pin 9/SMT pin 10/TH pin 9
7
DI014
Micro pin 4/SMT pin 4/TH pin 3
8
DIO5
Micro pin 26/SMT pin 28/TH pin 15
9
DIO9
Micro pin 25/SMT pin 26/TH pin 13
10
DIO12
Micro pin 5/SMT pin 5/TH pin 4
11
DIO10
Micro pin 7/SMT pin 7/TH pin 6
12
DIO11
Micro pin 8/SMT pin 8/TH pin 7
13
DIO7
Micro pin 24/SMT pin 25/TH pin 12
14
DIO13
Micro pin 3/SMT pin 3/TH pin 2
15
DIO15
Micro pin 16/SMT pin 17/TH Pin N/A
16
DIO16
Micro pin 15/SMT pin 16/TH Pin N/A
17
DIO17
Micro pin 14/SMT pin 15/TH Pin N/A
18
DIO18
Micro pin 13/SMT pin 14/TH Pin N/A
19
DIO19
Micro pin 11/SMT pin 12/TH Pin N/A
Parameter range (SMT/Micro)
0 - 0xFFFFF (bit field)
Default (SMT/Micro)
0xFFFFF
Parameter range (TH)
0 - 0x7FFF (bit field)
XBee3® Zigbee® RF Module User Guide
180
AT commands
I/O settings commands
Default (TH)
0x7FFF
PD (Pull Up/Down Direction)
The resistor pull direction bit field (1 = pull-up, 0 = pull-down) for corresponding I/O lines that are set
by the PR command.
If the bit is set, the device uses an internal pull-up resistor. If it is clear, the device uses an internal
pull-down resistor. See the PR command for the bit order.
See PR (Pull-up/Down Resistor Enable) for the bit mappings.
Parameter range (SMT/Micro)
0 - 0xFFFFF (bit field)
Default (SMT/Micro)
0xFFFFF
Parameter range (TH)
0 - 0x7FFF (bit field)
Default (TH)
0x7FFF
LT (Associate LED Blink Time)
Set or read the Associate LED blink time. If you use D5 (DIO5/Associate Configuration) to enable the
Associate LED functionality (DIO5/Associate pin), this value determines the on and off blink times for
the LED when the device has joined the network.
If LT = 0, the device uses the default blink rate: 500 ms for a sleep coordinator, 250 ms for all other
nodes.
If LT = 0, the device uses the default blink rate of 250 ms.
For all other LT values, the firmware measures LT in 10 ms increments.
Parameter range
0, 0xA - 0xFF (x 10 ms)
Default
0
RP (RSSI PWM Timer)
The PWM timer expiration in 0.1 seconds. RP sets the duration of pulse width modulation (PWM) signal
output on the RSSI pin. The signal duty cycle updates with each received packet and shuts off when
the timer expires.
When RP = 0xFF, the output is always on.
Parameter range
0 - 0xFF (x 100 ms)
XBee3® Zigbee® RF Module User Guide
181
AT commands
I/O sampling commands
Default
0x28 (four seconds)
I/O sampling commands
The following AT commands enable or adjust I/O sampling from the local device.
IR (I/O Sample Rate)
Determines the I/O sample rate used to generate outgoing I/O sample data. When the IR value is
greater than 0, the device samples and transmits all enabled digital I/O and ADCs every IR
milliseconds. I/O Samples transmit to the address specified by DH +DL.
At least one I/O line must be configured as an input or explicit output for samples to be generated.
Parameter range
0, 0x32 - 0xFFFF (ms)
Default
0
IC (Digital Change Detection)
The bit field that configures which digital I/O pins should be monitored for digital change detection. If
the device detects a change on an enabled digital I/O pin, it immediately transmits a digital I/O
sample to the address specified by DH +DL.
Change Detect is edge-triggered and must occur while the device is awake. If the level transition
occurs during a sleep period, the device will not see a change.
Bit field
Bit
I/O line
Device pin
0
DIO0
Micro pin 31/SMT pin 33/TH pin 20
1
DIO1
Micro pin 30/SMT pin 32/TH pin 19
2
DIO2
Micro pin 29/SMT pin 31/TH pin 18
3
DIO3
Micro pin 28/SMT pin 30/TH pin 17
4
DIO4
Micro pin 23/SMT pin 24/TH pin 11
5
DIO5
Micro pin 26/SMT pin 28/TH pin 15
6
DIO6
Micro pin 27/SMT pin 29/TH pin 16
7
DIO7
Micro pin 24/SMT pin 25/TH pin 12
8
DIO8
Micro pin 9/SMT pin 10/TH pin 9
9
DIO9
Micro pin 25/SMT pin 26/TH pin 13
10
DIO10
Micro pin 7/SMT pin 7/TH pin 6
11
DIO11
Micro pin 8/SMT pin 8/TH pin 7
XBee3® Zigbee® RF Module User Guide
182
AT commands
Diagnostic commands
Parameter range
0 - 0xFFFF
Default
0
IS (Force Sample)
Immediately forces an I/O sample to be generated. If you issue the command to the local device, the
sample data is sent out the local serial interface. If sent remotely, the sample data is returned as a AT
Command Response - 0x88.
If the device receives ERROR as a response to an IS query, there are no valid I/O lines to sample.
Parameter range
N/A
Default
N/A
V+ (Supply Voltage Threshold)
Define the supply voltage threshold that appends the supply voltage to outgoing I/O sample frames.
If the measured supply voltage falls below or equal to this threshold, the supply voltage will be
appended to outgoing I/O sample frames and set bit 7 of the Analog Channel Mask.
Set V+ to 0 to not include the supply voltage.
Set V+ to 1 to always include the supply voltage.
Example
To include a measurement of the supply voltage when it falls below 2.7 V, set V+ to 2700 = 0xA8A.
Parameter range
0 - 0xFFFF (in mV)
Default
0
Diagnostic commands
The following read-only commands are diagnostics that provide more information about the device.
VR (Firmware Version)
Reads the firmware version on a device as a 4-digit hex number.
Parameter range
0 - 0xFFFF [read-only]
Default
Set in the firmware
XBee3® Zigbee® RF Module User Guide
183
AT commands
Diagnostic commands
VL (Version Long)
Shows detailed version information including the application build date and time.
Parameter range
Multi-line string [read-only]
Default
N/A
VH (Bootloader Version)
Reads the bootloader version of the device.
Range
N/A
Default
N/A
HV (Hardware Version)
Display the hardware version number of the device.
Parameter range
0 - 0xFFFF [read-only]
Default
Set in firmware
%V (Voltage Supply Monitoring)
Reads the voltage on the Vcc pin in mV.
Parameter range
0 - 0xFFFF (in mV) [read only]
Default
N/A
TP (Temperature)
The current module temperature in degrees Celsius. The temperature is represented in two’s
complement, as shown in the following example: 1 °C = 0x0001 and -1°C = 0xFFFF
Parameter range
0 - 0xFFFF (Celsius)
Default
N/A
XBee3® Zigbee® RF Module User Guide
184
AT commands
Memory access commands
CK (Configuration Checksum)
Reads the cyclic redundancy check (CRC) of the current AT command configuration settings to
determine if the configuration has changed.
After a firmware update this command may return a different value.
Parameter range
0 - 0xFFFF
Default
N/A
FR (Software Reset)
Resets the device. The device responds immediately with an OK and performs a reset 100 ms later.
If you issue FR while the device is in Command mode, the reset effectively exits Command mode.
Parameter range
N/A
Default
N/A
Memory access commands
This section details the executable commands that provide memory access to the device.
AC (Apply Changes)
This command applies changes to all command parameters configured in Command mode and also
applies queued command parameter values set with 0x09 API queued command frames.
Any of the following also applies changes the same as issuing an AC command:
n Exiting Command mode with a CN command.
n
Exiting Command mode via timeout.
n
Receiving a 0x08 API command frame.
n
Issuing a 0x08 Local AT Command API frame.
n
Issuing a remote 0x17 AT Command API frame with option bit 1 set.
Example: Altering the UART baud rate with the BD command does not change the operating baud
rate until after an AC command is received; at this point, the interface immediately changes baud
rates.
Parameter range
N/A
Default
N/A
XBee3® Zigbee® RF Module User Guide
185
AT commands
Memory access commands
WR (Write)
Immediately writes parameter values to non-volatile flash memory so they persist through a power
cycle. Operating network parameters are persistent and do not require a WR command for the device
to reattach to the network.
Note Once you issue a WR command, do not send any additional characters to the device until after
you receive the OK response. Use the WR command sparingly; the device’s flash supports a limited
number of write cycles.
Parameter range
N/A
Default
N/A
RE (Restore Defaults)
Restore all device parameters to factory defaults but do not apply the parameters.
Parameter range
N/A
Default
N/A
XBee3® Zigbee® RF Module User Guide
186
API Operation
An alternative to Transparent Operation are Application Programming Interface (API) Operations. API
operation requires that the device communicate through a structured interface (that is, data is
communicated in frames in a defined order). The API specifies how the device sends and receives
commands, command responses, and module status messages using a serial port Data Frame.
API frame format
API serial exchanges
Frame descriptions
Send ZDO commands with the API
Send Zigbee cluster library (ZCL) commands with the API
Send Public Profile Commands with the API
XBee3® Zigbee® RF Module User Guide
188
191
194
241
244
249
187
API Operation
API frame format
API frame format
An API frame consists of the following:
n Start delimiter
n
Length
n
Frame data
n
Checksum
API operation (AP parameter = 1)
This is the recommended API mode for most applications. The following table shows the data frame
structure when you enable this mode:
Frame fields
Byte
Description
Start delimiter
1
0x7E
Length
2-3
Most Significant Byte, Least Significant Byte
Frame data
4 - number (n)
API-specific structure
Checksum
n+1
1 byte
Any data received prior to the start delimiter is silently discarded. If the frame is not received correctly
or if the checksum fails, the XBee replies with a radio status frame indicating the nature of the failure.
API operation with escaped characters (AP parameter = 2)
Setting API to 2 allows escaped control characters in the API frame. Due to its increased complexity,
we only recommend this API mode in specific circumstances. API 2 may help improve reliability if the
serial interface to the device is unstable or malformed frames are frequently being generated.
When operating in API 2, if an unescaped 0x7E byte is observed, it is treated as the start of a new API
frame and all data received prior to this delimiter is silently discarded. For more information on using
this API mode, see the Escaped Characters and API Mode 2 in the Digi Knowledge base.
API escaped operating mode works similarly to API mode. The only difference is that when working in
API escaped mode, the software must escape any payload bytes that match API frame specific data,
such as the start-of-frame byte (0x7E). The following table shows the structure of an API frame with
escaped characters:
Frame fields
Byte Description
Start delimiter 1
0x7E
Length
2-3
Most Significant Byte, Least Significant Byte
Frame data
4-n
API-specific structure
Checksum
n + 1 1 byte
XBee3® Zigbee® RF Module User Guide
Characters escaped if needed
188
API Operation
API frame format
Start delimiter field
This field indicates the beginning of a frame. It is always 0x7E. This allows the device to easily detect a
new incoming frame.
Escaped characters in API frames
If operating in API mode with escaped characters (AP parameter = 2), when sending or receiving a
serial data frame, specific data values must be escaped (flagged) so they do not interfere with the
data frame sequencing. To escape an interfering data byte, insert 0x7D and follow it with the byte to
be escaped (XORed with 0x20).
The following data bytes need to be escaped:
n 0x7E: start delimiter
n
0x7D: escape character
n
0x11: XON
n
0x13: XOFF
To escape a character:
1. Insert 0x7D (escape character).
2. Append it with the byte you want to escape, XORed with 0x20.
In API mode with escaped characters, the length field does not include any escape characters in the
frame and the firmware calculates the checksum with non-escaped data.
Example: escape an API frame
To express the following API non-escaped frame in API operating mode with escaped characters:
Frame Data
Start delimiter Length Frame type
Checksum
Data
7E
00 0F 17
01 00 13 A2 00 40 AD 14 2E FF FE 02 4E 49 6D
You must escape the 0x13 byte:
1. Insert a 0x7D.
2. XOR byte 0x13 with 0x20: 13 ⊕ 20 = 33
The following figure shows the resulting frame. Note that the length and checksum are the same as
the non-escaped frame.
Frame Data
Start delimiter Length Frame type
Checksum
Data
7E
00 0F 17
01 00 7D 33 A2 00 40 AD 14 2E FF FE 02 4E 49 6D
The length field has a two-byte value that specifies the number of bytes in the frame data field. It does
not include the checksum field.
Length field
The length field is a two-byte value that specifies the number of bytes contained in the frame data
field. It does not include the checksum field.
Frame data
This field contains the information that a device receives or will transmit. The structure of frame data
depends on the purpose of the API frame:
XBee3® Zigbee® RF Module User Guide
189
API Operation
API frame format
Frame data
Start delimiter
n
Length
Frame type
1
2
3
4
0x7E
MSB
LSB
API frame type
Checksum
Data
5
6
7
8
9
...
n
Data
n+1
Single byte
Frame type is the API frame type identifier. It determines the type of API frame and indicates
how the Data field organizes the information.
n
Data contains the data itself. This information and its order depend on the what type of frame
that the Frame type field defines.
Multi-byte values are sent big-endian.
Calculate and verify checksums
To test data integrity, the device calculates and verifies a checksum on non-escaped data.
To calculate the checksum of an API frame:
1. Add all bytes of the packet, except the start delimiter 0x7E and the length (the second and
third bytes).
2. Keep only the lowest 8 bits from the result.
3. Subtract this quantity from 0xFF.
To verify the checksum of an API frame:
1. Add all bytes including the checksum; do not include the delimiter and length.
2. If the checksum is correct, the last two digits on the far right of the sum equal 0xFF.
Example
Consider the following sample data packet: 7E 00 08 08 01 4E 49 58 42 45 45 3B
Byte(s)
Description
7E
Start delimiter
00 08
Length bytes
08
API identifier
01
API frame ID
4E 49
AT Command
58 42 45 45
Parameter value
3B
Checksum
To calculate the check sum you add all bytes of the packet, excluding the frame delimiter 7E and the
length (the second and third bytes):
7E 00 08 08 01 4E 49 58 42 45 45 3B
Add these hex bytes:
0x08 + 0x01 + 0x4E + 0x49 + 0x58 + 0x42 + 0x45 + 0x45 = 0x01C4
XBee3® Zigbee® RF Module User Guide
190
API Operation
API serial exchanges
Now take the result of 0x01C4 and keep only the lowest 8 bits which in this example is 0xC4 (the two
far right digits). Subtract 0xC4 from 0xFF and you get 0x3B (0xFF - 0xC4 = 0x3B). 0x3B is the checksum
for this data packet.
If an API data packet is composed with an incorrect checksum, the XBee3 Zigbee RF Module will
consider the packet invalid and will ignore the data.
To verify the check sum of an API packet add all bytes including the checksum (do not include the
delimiter and length) and if correct, the last two far right digits of the sum will equal FF.
0x08 + 0x01 + 0x4E + 0x49 + 0x58 + 0x42 + 0x45 + 0x45 + 0x3B = 0x01FF
API serial exchanges
You can use the Frame ID field to correlate between the outgoing frames and associated responses.
AT commands
The following image shows the API frame exchange that takes place at the serial interface when
sending an AT command request to read or set a device parameter. You can disable the response by
setting the frame ID to 0 in the request.
XBee3® Zigbee® RF Module User Guide
191
API Operation
API serial exchanges
Transmit and Receive RF data
The following image shows the API frames exchange that take place at the UART interface when
sending RF data to another device. The transmit status frame is always sent at the end of a data
transmission unless the frame ID is set to 0 in the TX request. If the packet cannot be delivered to the
destination, the transmit status frame indicates the cause of failure.
The received data frame type (0x90 or 0x91) is determined by the AO command.
Remote AT commands
The following image shows the API frame exchanges that take place at the serial interface when
sending a remote AT command. The device does not send out a remote command response frame
through the serial interface if the remote device does not receive the remote command.
Source routing
The following image shows the API frame exchanges that take place at the serial port when sending a
source routed transmission.
XBee3® Zigbee® RF Module User Guide
192
API Operation
API serial exchanges
Device Registration
The following image shows the API frame exchanges that take place at the serial interface when
registering a joining device to a trust center.
XBee3® Zigbee® RF Module User Guide
193
API Operation
Frame descriptions
Frame descriptions
The following sections describe the API frames.
AT Command Frame - 0x08
Description
Use this frame to query or set command parameters on the local device. This API command applies
changes after running the command. You can query parameter values by sending the 0x08 AT
Command frame with no parameter value field (the two-byte AT command is immediately followed by
the frame checksum). Any parameter that is set with this frame type will apply the change
immediately. If you wish to queue multiple parameter changes and apply them later, use the AT
Command - Queue Parameter Value frame - 0x09 instead.
When a command is queried, a 0x88 response frame is populated with the parameter value that is
currently set on the device.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
The following table provides the contents of the frame. For details on frame structure, see API frame
specifications.
Frame
data
fields
Offset Description
Frame
type
3
0x08
Frame ID
4
Identifies the data frame for the host to correlate with a subsequent response
. If set to 0, the device does not send a response.
AT
command
5-6
Command name: two ASCII characters that identify the AT command.
Parameter 7-n
value
If present, indicates the requested parameter value to set the given register.
If no characters are present, it queries the register.
Examples
The following example illustrates an AT Command frame where the device's NJ parameter value is
queried.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x0
XBee3® Zigbee® RF Module User Guide
194
API Operation
Frame descriptions
Frame data fields
Offset
Example
Frame type
3
0x08
Frame ID
4
0x52
AT command
5
0x42 (B)
6
0x44 (D)
7
0x0D
Parameter value (optional)
Checksum
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x06
Frame type
3
0x08
Frame ID
4
0x01
AT command
5
0x42 (B)
6
0x44 (D)
7
0x04
8
0xB0
9
0xBC
Parameter value (0x04B0 = 1200)
Checksum
XBee3® Zigbee® RF Module User Guide
195
API Operation
Frame descriptions
AT Command - Queue Parameter Value frame - 0x09
Description
This frame allows you to query or set device parameters. In contrast to the AT Command (0x08)
frame, this frame queues new parameter values and does not apply them until you issue either:
n The AT Command (0x08) frame
n
The AC command (as either a 0x08 or 0x09 frame in API mode)
When querying parameter values, the 0x09 frame behaves identically to the 0x08 frame; the response
for this command is also an AT Command Response frame (0x88).
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data fields
Offset
Description
Frame type
3
0x09
Frame ID
4
Identifies the data frame for the host to correlate with a
subsequent response. If set to 0, the device does not send
a response.
AT command
5-6
Command name: two ASCII characters that identify the AT
command.
Parameter value
(BD7 = 115200 baud)
(optional)
7-n
If present, indicates the requested parameter value to set
the given register. If no characters are present, queries
the register.
Example
The following example sends a command to change the baud rate (BD) to 115200 baud, but does not
apply the changes immediately. The device continues to operate at the previous baud rate until you
apply the changes.
Note In this example, you could send the parameter as a zero-padded 2-byte or 4-byte value.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x05
Frame type
3
0x09
Frame ID
4
0x01
XBee3® Zigbee® RF Module User Guide
196
API Operation
Frame descriptions
Frame data fields
Offset
Example
AT command
5
0x42 (B)
6
0x44 (D)
Parameter value (BD7 = 115200 baud)
7
0x07
Checksum
8
0x68
XBee3® Zigbee® RF Module User Guide
197
API Operation
Frame descriptions
Transmit Request frame - 0x10
Description
This frame causes the device to send payload data as an RF packet to a specific destination.
n For broadcast transmissions, set the 64-bit destination address to 0x000000000000FFFF .
Address the coordinator by either setting the 64-bit address to all 0x00s and the 16-bit address
to 0xFFFE, or setting the 64-bit address to the coordinator's 64-bit address and the 16-bit
address to 0x0000.
n
For all other transmissions, setting the 16-bit address to the correct 16-bit address helps
improve performance when transmitting to multiple destinations. If you do not know a 16-bit
address, set this field to 0xFFFE (unknown). If successful, the Transmit Status frame (0x8B)
indicates the discovered 16-bit address.
When transmitting to a broadcast address, the broadcast radius field can be used to determine how
many hops should be traversed.
You can read the maximum number of payload bytes with the NP command.
Format
The following table provides the contents of the frame. For details on the frame structure, see API
frame format.
Frame data
fields
Offset Description
Frame type
3
Frame ID
0x10
Identifies the data frame for the host to correlate with a subsequent
response. If set to 0, the device does not send a response.
64-bit
destination
address
5-12
The 64-bit address of the destination device.
Reserved 64-bit address for the coordinator = 0x0000000000000000
Broadcast = 0x000000000000FFFF
16-bit
destination
network
address
MSB
13
Set to the 16-bit address of the destination device, if known. If the
address is unknown or if sending a broadcast, set to 0xFFFE.
Broadcast
radius
15
LSB
14
Sets the maximum number of hops a broadcast transmission can occur. If
set to 0, the broadcast radius is set to the maximum hops value.
XBee3® Zigbee® RF Module User Guide
198
API Operation
Frame descriptions
Frame data
fields
Offset Description
Options
16
Bitfield of supported transmission options. Supported values include the
following:
0x01 - Disable retries
0x20 - Enable APS encryption (if EE=1)
0x40 - Use the extended transmission timeout for this destination
Enabling APS encryption decreases the maximum number of RF payload
bytes by 4 (below the value reported by NP).
Setting the extended timeout bit causes the stack to set the extended
transmission timeout for the destination address. See Transmission,
addressing, and routing.
All unused and unsupported bits must be set to 0.
RF data
17-n
Data sent to the destination device.
Bit field:
Example
The example shows how to send a transmission to a device if you disable escaping (AP = 1), with
destination address 0x0013A200 40014011, and payload “TxData1B”.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x16
Frame type
3
0x10
Frame ID
4
0x01
64-bit destination
address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x40
10
0x0A
11
0x01
LSB 12
0x27
16-bit destination
network address
MSB 13
0xFF
LSB 14
0xFE
Broadcast radius
15
0x00
XBee3® Zigbee® RF Module User Guide
199
API Operation
Frame descriptions
Frame data fields
Offset
Example
Options
16
0x00
RF data
17
0x54
18
0x78
19
0x44
20
0x61
21
0x74
22
0x61
23
0x30
24
0x41
25
0x13
Checksum
Send a transmission to the coordinator without specifying the coordinator's 64-bit address. The API
transmit request frame should look like:
0x7E 0x00 0x16 0x10 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xFF
0xFE 0x00 0x00 0x54 0x78 032 0x43 0x6F 0x6F 0x72 0x64 0xFC
Where 0x16 = length (22 bytes excluding checksum).
XBee3® Zigbee® RF Module User Guide
200
API Operation
Frame descriptions
Explicit Addressing Command frame - 0x11
Description
This frame is similar to Transmit Request (0x10), but it also requires you to specify the applicationlayer addressing fields: endpoints, cluster ID, and profile ID.
This frame causes the device to send payload data as an RF packet to a specific destination, using
specific source and destination endpoints, cluster ID, and profile ID.
n For broadcast transmissions, set the 64-bit destination address to 0x000000000000FFFF for
all devices. Address the coordinator by either setting the 64-bit address to all 0x00s and the 16bit address to 0xFFFE, or setting the 64-bit address to the coordinator's 64-bit address and the
16-bit address to 0x0000.
n
For all other transmissions, setting the 16-bit address to the correct 16-bit address helps
improve performance when transmitting to multiple destinations. If you do not know a 16-bit
address, set this field to 0xFFFE (unknown). If successful, the Transmit Status frame (0x8B)
indicates the discovered 16-bit address.
When transmitting to a broadcast address, the broadcast radius field can be used to determine how
many hops should be traversed.
You can read the maximum number of payload bytes with the NP command.
Note Using source routing reduces the RF payload by two bytes per intermediate hop in the source
route.
Format
The following table provides the contents of the frame. For details on the frame structure, see API
frame format.
Frame data
fields
Offset Description
Frame type
3
0x11
Frame ID
4
Identifies the data frame for the host to correlate with a subsequent
response. If set to 0, the device does not send a response.
64-bit
destination
Address
5-12
The 64-bit address of the destination device.
Reserved 64-bit address for the coordinator = 0x0000000000000000
Broadcast = 0x000000000000FFFF
16-bit
destination
Network
Address
MSB
13
Set to the 16-bit address of the destination device, if known. Set to
0xFFFE if the address is unknown, or if sending a broadcast.
LSB
14
XBee3® Zigbee® RF Module User Guide
201
API Operation
Frame descriptions
Frame data
fields
Offset Description
Source Endpoint 15
Source Endpoint for the transmission. 0xE8 is a data endpoint.
Destination
Endpoint
16
Destination Endpoint for the transmission. 0xE8 is a data endpoint.
Cluster ID
17
Cluster ID used in the transmission. Use 0x11 for data transmissions.
18
Profile ID
19-20
Profile ID used in the transmission. 0xC105 is the Digi profile ID that
should be used to communicate with XBee modules.
Broadcast
Radius
21
Sets the maximum number of hops a broadcast transmission can
traverse. If set to 0, the device sets the transmission radius to the
network maximum hops value.
Transmission
Options
22
Bitfield of supported transmission options. Supported values include the
following:
0x01 - Disable retries {newline} 0x04- Indirect Addressing
0x08- Multicast Addressing
0x20 - Enable APS encryption (if EE = 1)
0x40 - Use the extended transmission timeout for this destination
Enabling APS encryption decreases the maximum number of RF payload
bytes by 4 (below the value reported by NP).
Setting the extended timeout bit causes the stack to set the extended
transmission timeout for the destination address. See Transmission,
addressing, and routing.
All unused and unsupported bits must be set to 0.
Data Payload
23-n
Up to NP bytes per packet. Sent to the destination device.
Example
n
64-bit address: 0x0000 00 00 00 00 00 00 (coordinator)
n
Source endpoint: 0xA0
n
Destination endpoint: 0xA1
n
Cluster ID: 0x1554
n
Profile ID: 0xC105
n
Payload: TxData
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x1A
3
0x11
Frame type
XBee3® Zigbee® RF Module User Guide
202
API Operation
Frame descriptions
Frame data fields
Offset
Example
Frame ID
4
0x01
64-bit destination address
MSB 5
0x00
6
0x00
7
0x00
8
0x00
9
0x00
10
0x00
11
0x00
LSB12
0x00
16-bit destination
Network Address
MSB 13
0xFF
LSB 14
0xFE
Source endpoint
15
0xA0
Destination endpoint
16
0xA1
Cluster ID
17
0x15
18
0x54
19
0xC1
20
0x05
Broadcast radius
21
0x00
Transmit options
22
0x00
Data payload
23
0x54
24
0x78
25
0x44
26
0x61
27
0x74
28
0x61
29
0x3A
Profile ID
Checksum
XBee3® Zigbee® RF Module User Guide
203
API Operation
Frame descriptions
Remote AT Command Request frame - 0x17
Description
Used to query or set device parameters on a remote device. For parameter changes on the remote
device to take effect, you must apply changes, either by setting the Apply Changes options bit, or by
sending an AC command to the remote.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame
data
fields
Offset Description
Frame
type
3
0x17
Frame ID
4
Identifies the data frame for the host to correlate with a subsequent
response.
If set to 0, the device does not send a response.
64-bit
5-12
destination
address
MSB first, LSB last. Set to the 64-bit address of the destination device.
Reserved 64-bit address for the coordinator = 0x0000000000000000
Broadcast = 0x000000000000FFFF.
Reserved broadcast address: 0x000000000000FFFF
Note Digi highly discourages sending remote AT commands to a broadcast.
You will only receive a single acknowledgment despite there being multiple
recipients, and there is no assurance that the broadcast will be successfully
received by the rest of the network.
16-bit
13-14
destination
address
MSB first, LSB last. Set to match the 16-bit network address of the destination
device, if known.
Set to 0xFFFE if the address is unknown, or if sending a broadcast.
Remote
command
options
15
Bitfield to enable various remote command options. Supported values include:
0x01 - Disable ACK
0x40 - Use the extended transmission timeout for this destination. Setting the
extended timeout bit causes the stack to set the extended transmission
timeout for the destination address.
For more information, see Transmission, addressing, and routing.
AT
command
16-17
Command name: two ASCII characters that identify the command.
Command
parameter
18-n
If present, indicates the parameter value you request for a given register. If
no characters are present, it queries the register.
Example
The following example sends a remote command:
XBee3® Zigbee® RF Module User Guide
204
API Operation
Frame descriptions
In this example, the 64-bit address of the remote device is 0x0013A200 40401122. The destination 16bit address is unknown. The BH command is being set to 1 on the remote device with the change
being applied immediately (equivalent to sending a separate AC command).
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x10
Frame type
3
0x17
Frame ID
4
0x01
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x40
10
0x40
11
0x11
LSB 12
0x22
13
0xFF
14
0xFE
Remote command options
15
0x02 (apply changes)
AT command
16
0x42 (B)
17
0x48 (H)
Command parameter
18
0x01
Checksum
19
0xF5
Reserved
XBee3® Zigbee® RF Module User Guide
205
API Operation
Frame descriptions
Create Source Route - 0x21
Description
This frame creates a source route in the device. A source route specifies the complete route a packet
traverses to get from source to destination. For best results, use source routing with many-to-one
routing.
There is no response frame for this frame type. Take care when generating source routes. An
incorrectly formatted frame will be silently rejected by the radio or cause unexpected results.
Note Both the 64-bit and 16-bit destination addresses are required when creating a source route.
These are obtained when the device receives a Route Record Indicator (0xA1) frame.
Format
The following table provides the contents of the frame.
Frame
data
fields
Offset
Frame
type
3
Frame ID
4
Description
This frame type has no response, so the Frame ID is ignored.
64-bit
5-12
destination
address
MSB first, LSB last. Set to the 64-bit address of the
destination device.
Reserved 64-bit address for the coordinator =
0x0000000000000000
Broadcast = 0x000000000000FFFF.
16-bit
13-14
destination
network
address
The 16-bit address of the destination node (required).
Route
command
options
15
Set to 0.
Number of
addresses
16
The number of addresses in the source route (excluding
source and destination). A route can only traverse across 30
hops. If this number is 0 or exceeds the maximum hop count,
the frame is silently discarded and a route will not be created.
Address 1
17
Neighbor of destination
18
XBee3® Zigbee® RF Module User Guide
206
API Operation
Frame
data
fields
Frame descriptions
Offset
Description
Address 2
(closer
hop)
19
Address of intermediate hop
Address 3
21
20
Neighbor of source
22
Example
You must order intermediate hop addresses starting with the neighbor of the destination and working
closer to the source.
Suppose a route is found between A and E as shown in the following example.
A'B'C'D'E
If device E has the 64-bit and 16-bit addresses of 0x0013A200 40401122 and 0x3344, and if devices B,
C, and D have the following 16-bit addresses:
B = 0xAABB C = 0xCCDD D = 0xEEFF
This example shows how to send the Create Source Route frame to establish a source route between
A and E.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x14
Frame type
3
0x21
Frame ID
4
0x00
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x40
10
0x40
11
0x11
LSB 12
0x22
16-bit destination
network address
MSB 13
0x33
LSB 14
0x44
Remote command options
15
0x00
XBee3® Zigbee® RF Module User Guide
207
API Operation
Frame descriptions
Frame data fields
Offset
Example
Number of addresses
16
0x03
Address 1
17
0xEE
18
0xFF
19
0xCC
20
0xDD
21
0xAA
22
0xBB
23
0x01
Address 2 (closer hop)
Address 3
Checksum
Register Joining Device - 0x24
Description
Use this frame to securely register a joining device to a trust center. Registration is the process by
which a node is authorized to join the network using a preconfigured link key or installation code that
is conveyed to the trust center out-of-band (using a physical interface and not over-the-air).
If registering a device with a centralized trust center (EO = 2), then the key entry will only persist for
KT seconds before expiring.
Registering devices in a distributed trust center (EO = 0) is persistent and the key entry will never
expire unless explicitly removed.
To remove a key entry on a distributed trust center, a 0x24 frame should be issued with a null key (key
field is absent from the frame). In a centralized trust center you cannot use this method to explicitly
remove the key entries.
Format
The following table provides the contents of the frame.
Frame data
fields
Offset Description
Frame type
3
0x24 Register Joining Device
Frame ID
4
Identifies the data frame for the host to correlate with a subsequent
response. If set to 0, the device does not send a response.
64-bit
registrant
address
5-12
The 64-bit address of the destination device.
Reserved
13-14
Not used, set to 0xFFFE.
Options
15
0x00 = Key is a Link Key (KY on joining node) 0x01 = Key is an Install Code
(I? on joining node, DC must be set to 1 on joiner).
Key
16-n
Up to 16 bytes if entering a link key, up to 18 bytes (16-byte code + 2 byte
CRC) if entering an install code.
XBee3® Zigbee® RF Module User Guide
208
API Operation
Frame descriptions
Example 1
A device needs to join a trust center using a preconfigured link key. This preconfigured link key is
unknown to the trust center and must be conveyed out-of-band to the trust center.
The joining node has an SH+SL of 0x0013A200 12345678.
The joining node has a KY value of 0x012345 which does not match the KY value of the trust center.
The following frame should be sent to the trust center:
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x10
Frame type
3
0x24
Frame ID
4
0x18
64-bit registrant address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x12
10
0x34
11
0x56
LSB 12
0x78
MSB 13
0xFF
LSB 14
0xFE
Options
15
0x00 (Key came from KY)
Key
16
0x01
17
0x23
18
0x45
19
0x94
Reserved
Checksum
Example 2
A device needs to join a trust center using an install code. The link key used to join the network is
derived from the install code, which must be conveyed out of band to the trust center.
The joining node has an SH+SL of 0x0013A200 87654321.
The joining node has an I? value of 0x916720AC233734A86B809CC330B242EC23E and has DC set to 1;
this will cause KY to be ignored and use the install code to join.
The following frame should be sent to the trust center:
XBee3® Zigbee® RF Module User Guide
209
API Operation
Frame descriptions
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x1F
Frame type
3
0x24
Frame ID
4
0x43
64-bit registrant address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x87
10
0x65
11
0x43
LSB 12
0x21
MSB 13
0xFF
LSB 14
0xFE
15
0x00 (Key came from I?)
Reserved
Options
XBee3® Zigbee® RF Module User Guide
210
API Operation
Frame descriptions
Frame data fields
Offset
Example
Key
16
0x09
17
0x16
18
0x72
19
0x0A
20
0xC2
21
0x33
22
0x73
23
0x4A
24
0x86
25
0xB8
26
0x09
27
0xCC
28
0x33
29
0x0B
30
0x24
31
0x2E
32
0xC2
33
0x3E
34
0xA5
Checksum
Example 3
A previously registered device needs to have its registration information removed so that it can no
longer securely join the network. This example only applies to a distributed trust center network (EO =
0).
The joining node has an SH+SL of 0x0013A200 54AB28D3.
Note Removing the key entry will not prevent the module from rejoining the network if it had
previously been associated.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x0D
XBee3® Zigbee® RF Module User Guide
211
API Operation
Frame descriptions
Frame data fields
Offset
Example
Frame type
3
0x24
Frame ID
4
0xA2
64-bit registrant address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x54
10
0xAB
11
0x28
LSB 12
0xD3
MSB 13
0xFF
LSB 14
0xFE
Options
15
0x00
Key
16
(No key)
Checksum
34
0x8d
Reserved
XBee3® Zigbee® RF Module User Guide
212
API Operation
Frame descriptions
AT Command Response frame - 0x88
Description
A device sends this frame in response to an AT Command (0x08 or 0x09) frame. Some commands send
back multiple frames; for example, the ND command.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data
fields
Offset Description
Frame type
3
0x88
Frame ID
4
The FrameID used in the original AT Command request frame will be
populated in the corresponding response. If the FrameID in the AT Command
request was 0, then no response will be generated.
AT
command
5-6
Command name: two ASCII characters that identify the command.
Command
status
7
0 = OK
1 = ERROR
2 = Invalid command
3 = Invalid parameter
4 = Tx failure
Command
data
The register data in binary format. If the host sets the register, the device
does not return this field.
Example
If you change the BD parameter on a local device with a frame ID of 0x01, and the parameter is valid,
the user receives the following response.
Frame data
fields
Offset Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x05
Frame type
3
0x88
Frame ID
4
0x01
XBee3® Zigbee® RF Module User Guide
213
API Operation
Frame descriptions
Frame data
fields
Offset Example
AT command
5
0x42 (B)
6
0x44 (D)
7
0x00 (success)
Command status
Command data
Checksum
(No command data implies the parameter was set rather than
queried)
8
XBee3® Zigbee® RF Module User Guide
0xF0
214
API Operation
Frame descriptions
Modem Status frame - 0x8A
Description
Devices send the status messages in this frame in response to specific conditions.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
The following table provides the contents of the frame. For details on frame structure, see API frame
specifications.
Frame data fields
Offset
Description
Frame type
3
0x8A
Status
4
0x00 = Hardware reset
0x01 = Watchdog timer reset
0x02 =Joined network (routers and end devices)
0x03 = Disassociated
0x06 = Coordinator started
0x07 = Network security key was updated
0x0D = Voltage supply limit exceeded
0x11 = Modem configuration changed while join in progress
0x80+ = Stack error
Example
When a device powers up, it returns the following API frame.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
LSB 2
0x02
Frame type
3
0x8A
Status
4
0x00 (Hardware reset)
Checksum
5
0x75
XBee3® Zigbee® RF Module User Guide
215
API Operation
Frame descriptions
Transmit Status frame - 0x8B
Description
When a Transmit Request (0x10, 0x11) completes, the device sends a Transmit Status message out of
the serial interface. This message indicates if the Transmit Request was successful or if it failed.
Note Broadcast transmissions are not acknowledged and always return a status of 0x00, even if the
delivery failed.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data
fields
Offset Description
Frame type
3
0x8B
Frame ID
4
The Frame ID of the response will be the same value that was used in the
originating Tx request.
16-bit
destination
address
5
The 16-bit Network Address where the packet was delivered (if
successful). If not successful, this address is 0xFFFD (destination address
unknown).
6
Transmit retry 7
count
The number of application transmission retries that occur.
Delivery
status
8
0x00 = Success
0x01 = MAC ACK Failure
0x02 = CCA Failure
0x15 = Invalid destination endpoint
0x21 = Network ACK Failure
0x22 = Not Joined to Network
0x23 = Self-addressed
0x24 = Address Not Found
0x25 = Route Not Found
0x26 = Broadcast source failed to hear a neighbor relay the message
0x2B = Invalid binding table index
0x2C = Resource error lack of free buffers, timers, etc.
0x2D = Attempted broadcast with APS transmission
0x2E = Attempted unicast with APS transmission, but EE=0
0x32 = Resource error lack of free buffers, timers, etc.
0x74 = Data payload too large
0x75 = Indirect message unrequested
Discovery
status
9
0x00 = No Discovery Overhead
0x01 = Address Discovery
0x02 = Route Discovery
0x03 = Address and Route
0x40 = Extended Timeout Discovery
XBee3® Zigbee® RF Module User Guide
216
API Operation
Frame descriptions
Example
In the following example, the destination device reports that a unicast data transmission was
successful with a 16-bit address of 0x7D84. The transmission could have been sent with the 16-bit
address set to 0x7D84 or 0xFFFE.
Frame Fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x07
Frame type
3
0x8B
Frame ID
4
0x01
16-bit destination address
5
0x7D
6
0x84
Transmit retry count
7
0x00
Delivery status
8
0x00 (success)
Discovery status
9
0x01 (address discovery)
Checksum
10
0x71
XBee3® Zigbee® RF Module User Guide
217
API Operation
Frame descriptions
Receive Packet frame - 0x90
Description
When a device configured with a standard API Rx Indicator (AO = 0) receives an RF data packet, it
sends it out the serial interface using this message type.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame
data fields Offset Description
Frame type 3
0x90
64-bit
source
address
4-11
The sender's 64-bit address.
16-bit
source
network
address
MSB
12
The sender's 16-bit address.
Receive
options
14
LSB
13
0x01 - Packet Acknowledged
0x02 - Packet was a broadcast packet
0x20 - Packet encrypted with APS encryption
0x40 - Packet was sent from an end device (if known)
Note Option values can be combined. For example, a 0x20 and a 0x01 show as
a 0x21. Other possible values: 0x00, 0x21, 0x22, 0x60, 0x61, 0x62.
Received
data
15-n
The RF data that the device receives.
Example
In the following example, a device with a 64-bit address of 0x0013A200 40522BAA sends a unicast
data transmission to a remote device with payload RxData. If AO = 0 on the receiving device, it sends
the following frame out its serial interface.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x12
XBee3® Zigbee® RF Module User Guide
218
API Operation
Frame descriptions
Frame data fields
Offset
Example
Frame type
3
0x90
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0x00
8
0x40
9
0x52
10
0x2B
LSB 11
0xAA
MSB 12
0x7D
LSB 13
0x84
Receive options
14
(Acknowledged)
Received data
15
0x52
16
0x78
17
0x44
18
0x61
19
0x74
20
0x61
21
0x0D
16-bit source network address
Checksum
XBee3® Zigbee® RF Module User Guide
219
API Operation
Frame descriptions
Explicit Rx Indicator frame - 0x91
Description
When a device configured with explicit API Rx Indicator (AO = 1) receives an RF packet, it sends it out
the serial interface using this message type.
Note If a Transmit Request frame - 0x10 is sent to a device with AO = 1, the receiving device receives
a 0x91 frame with the Source endpoint (SE), Destination endpoint (DE), and Cluster ID (CI) values, and
not the values set on the transmitting device in Transparent mode .
The Cluster ID and endpoints must be used to identify the type of transaction that occurred.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data
fields
Offset Description
Frame type
3
0x91
64-bit source
address
4-11
The sender's 64-bit address. The address reads 0xFFFFFFFFFFFFFFFF
(unknown 64-bit address) if the sender's 64-bit address is unknown.
16-bit source
network
address
12-13
The sender's 16-bit address.
Source endpoint 14
Endpoint of the source that initiates transmission.
Destination
endpoint
15
Endpoint of the destination that the message is addressed to.
Cluster ID
16-17
The Cluster ID that the frame is addressed to.
Profile ID
18-19
The Profile ID that the fame is addressed to.
Receive options
20
0x01 – Packet Acknowledged
0x02 – Packet was a broadcast packet
0x20 – Packet encrypted with APS encryption
Received data
21-n
Received RF data.
Example
In the following example, a device with a 64-bit address of 0x0013A200 40522BAA sends a broadcast
data transmission to a remote device with payload RxData.
If a device sends the transmission:
n With source and destination endpoints of 0xE0
n
Cluster ID = 0x2211
n
Profile ID = 0xC105
XBee3® Zigbee® RF Module User Guide
220
API Operation
Frame descriptions
If AO = 1 on the receiving device, it sends the following frame out its serial interface.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x18
Frame type
3
0x91
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0x00
8
0x40
9
0x52
10
0x2B
LSB 11
0xAA
MSB 12
0x7D
LSB 13
0x84
Source endpoint
14
0xE0
Destination endpoint
15
0xE0
Cluster ID
16
0x22
17
0x11
18
0xC1
19
0x05
Receive options
20
0x02 (Broadcast)
Received data
21
0x52
22
0x78
23
0x44
24
0x61
25
0x74
26
0x61
27
0x52
16-bit Source Network Address
Profile ID
Checksum
XBee3® Zigbee® RF Module User Guide
221
API Operation
Frame descriptions
I/O Data Sample Rx Indicator frame - 0x92
Description
When the device receives an I/O sample frame from a remote device, it sends the sample out the
serial port using this frame type (when AO = 0). Only devices running in API mode will send I/O
samples out the serial port.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data fields Offset Description
Frame type
3
0x92
64-bit source
address
4-11
The sender's 64-bit address.
16-bit Source
network address
12-13
The sender's 16-bit address.
Receive options
14
Bit field:
0x01 = Packet acknowledged
0x02 = Packet is a broadcast packet
Ignore all other bits
Number of
samples
15
The number of sample sets included in the payload. This field always
reports 1 sample.
Digital channel
mask 1
16-17
Bitmask field that indicates which digital I/O lines on the remote have
sampling enabled, if any.
bit 0 = DIO0
bit 1 = DIO1
bit 2 = DIO2
bit 3 = DIO3
bit 4 = DIO4
bit 5 = DIO5
bit 6 = DIO6
bit 7 = DIO7
bit 8 = DIO8
bit 9 = DIO9
bit 10 = DIO10
bit 11 = DIO11
bit 12 = DIO12
bit 13 = DIO13
bit 14 = DIO14
bit 15 = N/A
For example, a digital channel mask of 0x002F means DIOs 0, 1, 2, 3,
and 5 are enabled as digital I/O.
XBee3® Zigbee® RF Module User Guide
222
API Operation
Frame descriptions
Frame data fields Offset Description
Analog channel
mask
18
Bitmask field that indicates which analog I/O lines on the remote have
sampling enabled, if any.
bit 0 = AD0/DIO0
bit 1 = AD1/DIO1
bit 2 = AD2/DIO2
bit 3 = AD3/DIO3
bit 7 = Supply Voltage (enabled with V+ command)
Digital samples (if
included)
19-20
If the sample set includes any digital I/O lines (Digital channel mask >
0), these two bytes contain samples for all enabled digital I/O lines.
DIO lines that do not have sampling enabled return 0. Bits in these two
bytes map the same as they do in the Digital channel mask field.
Analog samples (if
included)
21-n
If the sample set includes any analog I/O lines (Analog channel mask >
0), each enabled analog input returns a 2-byte value indicating the A/D
measurement of that input. Analog samples are ordered sequentially
from ADO/DIO0 to AD3/DIO3 and will optionally include supply voltage
if enabled with the V+ command.
Example
In this example, the device receives an I/O sample with analog and digital input from a remove device
with a 64-bit serial number of 0x0013A20040522BAA and a 16-bit address of 0x7D84.
Given this frame, the following information is known about the I/O lines of the module that sent the
sample frame:
Digital Channel Mask:
0x1C = 11100b (DIO2, DIO3, DIO4 are configured as digital input or output)
Digital Sample:
0x14 = 10100b (DIO2 and DIO4 are high, DIO3 is low)
Analog Channel Mask:
0x02 = 0010b (AD1 is configured as an analog input)
Analog Sample:
0x0225 = 549 = (549 * 1.25) / 1023 = 670 mV
Frame fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x14
3
0x92
Frame type
XBee3® Zigbee® RF Module User Guide
223
API Operation
Frame descriptions
Frame fields
Offset
Example
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0x00
8
0x40
9
0x52
10
0x2B
LSB 11
0xAA
MSB 12
0x7D
LSB 13
0x84
Receive options
14
0x01
Number of samples
15
0x01
Digital channel mask
16
0x00
17
0x1C
Analog channel mask
18
0x02
Digital samples (if included)
19
0x00
20
0x14
21
0x02
22
0x25
23
0xF5
16-bit source network address
Analog sample
Checksum
XBee3® Zigbee® RF Module User Guide
224
API Operation
Frame descriptions
Node Identification Indicator frame - 0x95
Description
A device receives this frame when:
n it transmits a node identification message to identify itself
n
AO = 0
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data
fields
Offset Description
Frame type
3
0x95
64-bit source
address
4-11
MSB first, LSB last. The sender's 64-bit address.
16-bit source
network
address
12-13
MSB first, LSB last. The sender's 16-bit address.
Receive
options
14
0x01 = Packet acknowledged
0x02 = Packet was a broadcast packet
Source 16-bit
address
15-16
Set to the 16-bit network address of the remote device. Set to 0xFFFE if
unknown.
64-bit network 17-24
address
Indicates the 64-bit address of the remote device that transmitted the
Node Identification Indicator frame.
NI string
25-26
Node identifier string on the remote device. The NI string is terminated
with a NULL byte (0x00).
Device type
29
0 = Coordinator
1 = Router
2 = End Device
Source event
30
1 = Frame sent by node identification pushbutton event (see D0
(DIO0/AD0/Commissioning Button Configuration))
2 = Frame sent after joining event occurred (see JN (Join Notification)).
3 = Frame sent after power cycle event occurred (see JN (Join
Notification)).
Digi Profile ID
31-32
Set to Digi’s application profile ID.
Digi
Manufacturer
ID
33-34
Set to Digi’s Manufacturer ID.
XBee3® Zigbee® RF Module User Guide
225
API Operation
Frame descriptions
Example
If you press the commissioning pushbutton on a remote device with 64-bit address
0x0013A200407402AC and a default NI string sends a Node Identification, all devices on the network
receive the following node identification indicator:
A remote device with 64-bit address 0x0013A200407402AC and a default NI string sends a Node
Identification, all devices on the network receive the following node identification indicator:
If you press the commissioning button on a remote router device with 64-bit address 0x0013A200
40522BAA, 16-bit address 0x7D84, and default NI string, devices on the network receive the node
identification indicator.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x20
Frame type
3
0x95
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0x00
8
0x40
9
0x52
10
0x2B
LSB 11
0xAA
MSB 12
0x7D
LSB 13
0x84
Receive options
14
0x02
Source 16-bit address
15
0x7D
16
0x84
16-bit source
network address
XBee3® Zigbee® RF Module User Guide
226
API Operation
Frame descriptions
Frame data fields
Offset
Example
64-bit network address
17
0x00
18
0x13
19
0xA2
20
0x00
21
0x40
22
0x52
23
0x2B
24
0xAA
25
0x20
26
0x00
27
0xFF
28
0xFE
Device type
29
0x01
Source event
30
0x01
Digi Profile ID
31
0xC1
32
0x05
33
0x10
34
0x1E
35
0x1B
NI string
Parent 16-bit address
Digi Manufacturer ID
Checksum
XBee3® Zigbee® RF Module User Guide
227
API Operation
Frame descriptions
Remote Command Response frame - 0x97
Description
If a device receives this frame in response to a Remote Command Request (0x17) frame, the device
sends an AT Command Response (0x97) frame out the serial interface.
Some commands, such as the ND command, may send back multiple frames.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data fields
Offset Description
Frame type
3
0x97
Frame ID
4
This is the same value that is passed into the request.
The request is a 0x17 frame.
64-bit source
(remote) address
5-12
The long address of the remote device returning this response.
16-bit source (remote) address
13-14
Set to the 16-bit network address of the remote device returning
this response. Set to 0xFFFE if unknown.
AT commands
15-16
The name of the command.
Command status
17
0 = OK
1 = ERROR
2 = Invalid Command
3 = Invalid Parameter
4 = Remote Command Transmission Failed
Command data
18-n
The register data in binary format. If you set the register, the device
does not return this field.
Example
If a device sends a remote command to a remote device with 64-bit address 0x0013A200 40522BAA to
query the SL command, and if the frame ID = 0x55, the response would look like the following
example.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x13
3
0x97
Frame type
XBee3® Zigbee® RF Module User Guide
228
API Operation
Frame descriptions
Frame data fields
Offset
Example
Frame ID
4
0x55
64-bit source (remote) address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x40
10
0x52
11
0x2B
LSB 12
0xAA
MSB 13
0x7D
LSB 14
0x84
15
0x53
16
0x4C
Command status
17
0x00
Command data
18
0x40
19
0x52
20
0x2B
21
0xAA
22
0xF4
16-bit source (remote) address
AT commands
Checksum
XBee3® Zigbee® RF Module User Guide
229
API Operation
Frame descriptions
Extended Modem Status frame - 0x98
Description
If you enable the Verbose Join option (DC4), the device serially transmits trace messages to describe
what is happening inside the device during association.
Note This option is provided for diagnostic purposes. Verbose Join messages are disabled while the
device is operating in Command mode.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data fields Offset Description
Frame type
3
0x98
Status code
4
See the following table for status code descriptions.
Status data
5
The length of this field varies with the Status Code.
Example
A device is attempting to join a network that has joining disallowed. The following frame is emitted
that shows the moment that the AI value becomes 0x23.
Frame data fields Offset Example
Start delimiter
0
0x7E
Length
MSB1
0x00
LSB1
0x03
Frame type
3
0x98
Status code
4
0x0B
Status data
5
0x23
Checksum
6
0x39
XBee3® Zigbee® RF Module User Guide
230
The following table describes the various Verbose Join trace messages in Status Code order. The Transparent mode string column shows the string which
appears if you run Verbose Join in Command mode. The Description column gives a more detailed explanation of each particular message. When a
message accompanies Status Data, the Status Data column shows how to parse the hexadecimal string into fields. The number of bytes per field appears
in parentheses “()”.
Status Transparent
code
mode string
Description
Status data
Description
0x00
Rejoin
A join attempt is being started.
rejoinState(1)
The rejoinState is a count of join attempts.
0x01
Stack Status
Shows status and state.
EmberStatus(1)
0x00 - no network
0x01 - joining
0x02 - joined
0x03 - joined (no parent)
0x04 - leaving
API Operation
XBee3® Zigbee® RF Module User Guide
Status code descriptions
emberNetworkStat 0x90 - Network is up and ready to receive/transmit.
0x91 - Network is down and cannot receive/transmit.
e(1)
0x94 - Join attempt failed.
0x96 - A node's attempt to re-establish contact with the
network after moving failed.
0x98 - A join attempt as a router failed due to a Zigbee
2006 versus Zigbee PRO 2007 incompatibility. Try to join
as an end device.
0x99 - The network ID has changed.
0x9A - The PAN ID has changed.
0x9B - The channel has changed.
0xAB - No beacons were received in response to a beacon
request.
Frame descriptions
231
Description
Status data
Description
0x02
An association request is being made.
radioChannel(1)
channel number ranging from 11 to 26 (0x0B to 0x1A)
radioTxPower(1)
low level signed byte value for transmit power, values
range from 0xC9 to 0x05 inclusive
panid(2)
16 bit 4med' a network, or a Router/End Device has
'joined' a network.
extendedPanId(8)
64 bit PAN Identifier for network
ZS[stackProfile](1)
See ZS (Zigbee Stack Profile).
extendedPanId(8)
64 bit PAN Identifier for network
allowingJoin(1)
0x00 - not permitting joins to its network
0x01 - permitting joins to its network
radioChannel(1)
channel number ranging from 11 to 26 (0x0B to 0x1A)
panid(2)
16 bit PAN Identifier for network
rssi(1)
maximum relative signal strength indicator value
measured in units of dBm
lqi
link quality indicator
Joining
0x03
Joined
Joined - Coordinator “Formed:”, Router/End
Device “Joined”
0x04
Beacon
Response
Data received from a neighboring node in
response to a beacon request
Reject ZS
Not an association candidate because ZS
does not match that given in the beacon
response.
0x06
Reject ID
Not an association candidate because
configured pan ID does not match that given
in the beacon response.
0x07
Reject NJ
Not an association candidate because it is
not allowing joins.
232
Frame descriptions
0x05
API Operation
XBee3® Zigbee® RF Module User Guide
Status Transparent
code
mode string
Description
Status data
Description
panId(2)
16 bit PAN Identifier for network
radioChannel(1)
channel number ranging from 11 to 26 (0x0B to 0x1A)
radioTxPower(1)
low level signed byte value for transmit power, values
range from 0xC9 to 0x05 inclusive
panid(2)
16 bit PAN Identifier for network
extendedPanId(8)
64 bit PAN Identifier for network
0x08
panID Match
JV/NW with search option (DO80) has found
a matching network.
0x09
Reject
LQIRSSI
JV/NW with search option (DO80) candidate
rejected because this beacon response is
weaker than an earlier beacon response.
0x0A
Beacon Saved This beacon response is a suitable candidate
for an association request.
AI
AI value has changed.
AIStatusCode(1)
See a description of AI (Association Indication)
0x0C
Permit Join
NJ setting (Permit Join Duration) has
changed
value(1)
See a description of the NJ (Node Join Time) command.
0x0D
Scanning
Active scanning has begun.
ChannelMask(4)
A 32 bit value driven by the SC setting where bit positions
11 through 26 show which channels are enabled for the
upcoming Active Scan. See a description of SC (Scan
Channels).
0x0E
Scan Error
An error occurred during active scan.
StatusCode(1)
0x0F
Join Request
High level request for a form/join.
0x10
Reject LQI
Reject because LQI is worse than an already
saved beacon
lqi(1)
link quality indicator
0x11
Reject RSSI
Rejected because RSSI is worse than an
already saved beacon
rssi(1)
relative signal strength indicator
233
Frame descriptions
0x0B
API Operation
XBee3® Zigbee® RF Module User Guide
Status Transparent
code
mode string
Description
Status data
Description
Rejected
(cmdL ast)
Rejected because it matches the last
associated network.
0x13
Rejected
(cmdS ave)
Rejected because it matches an already
saved beacon response.
0x14
Reject
strength
During first/best phase, response is weaker
than an already saved beacon response.
0x16
Reset for
DC80
With DC80 enabled, reset if no joinable
beacon responses are received within 60s of
joining.
0x18
ScanCh
Scanning on Channel
radioChannel(1)
channel number ranging from 11 to 26 (0x0B to 0x1A)
0x19
Scan Mode
Shows phase of Ordered Association.
mode(1)
0: first/bestcandidate
1: ordered association by extpanid, then by channel
0x1A
Scan Init
Starting a scan
channel(1)
TxPower(1)
channel being scanned
low level radio transmit power setting
0x1D
Energy Scan channel mask
Starting energy scan
SC mask(4)
Scan channel mask
0x1E
Energy Scan energies
Channel Energies observed
Energies(16)
Energy Levels per channel in SC
0x1F
PanIdScan radio channel
Pan Id Scan starting on channel
channel(1)
Radio Channel
0x20
FormNetwork Forming a network
- parameters
radioChannel(1)
channel number ranging form 11 to 26
radioTxPower(1)
low level radio transmit power setting
panid(2)
16 bit PAN identifier for network
extendedpanid(8)
64 bit PAN identifier for network
234
Frame descriptions
0x12
API Operation
XBee3® Zigbee® RF Module User Guide
Status Transparent
code
mode string
Description
0x21
Discovering
KE Endpoint
Looking for Key Establishment Endpoint
0x22
KE Endpoint
Found Key Establishment Endpoint
Status data
Description
Endpoint(1)
Endpoint number
API Operation
XBee3® Zigbee® RF Module User Guide
Status Transparent
code
mode string
The following example shows a successful association with Verbose Join enabled in AT Command mode.
Note Comments are included with the trace messages to explain the content and are preceded by an ellipsis “...”.
+++OK
atid3151 OK
...configured pan identifier has been changed atdc10
OK
...and verbose join enabled atac
OK
...applying changes to the configuration V AI - Searching for Parent:FF
...search has started
V AI - Searching for Parent:FF
...and started again
V Scanning:03FFF800
...Channels 11 through 25 are enabled by the SC setting for the Active Search.
...ZS(0), extendedPanId(00000000000042A6), allowingJoin(1), radiochannel(0x0B), panid(949A), rssi(C8), lqi(FF)
V Reject ID
235
...beacon response's extendedPanId does not match this radio's ID setting of 3151
Frame descriptions
V Beacon Rsp:0000000000000042A6010B949AC8FF
...ZS(2), extendedPanId(00000000000002AB), allowingJoin(1), radiochannel(0x0C), panid(55D2), rssi(B2), lqi(DB)
V Reject ZS
...beacon response's ZS does not match this radio's ZS setting of 0x00
API Operation
XBee3® Zigbee® RF Module User Guide
V Beacon Rsp:0200000000000002AB010C55D2B2DB
V Beacon Rsp:000000000000003151010EE29FDFFF
V Beacon Saved:0E05E29F0000000000003151
...this beacon response is acceptable as a candidate for association
V Joining:0E05E29F0000000000003151
...sending association request
V Stack Status: joined, network up 0290
...we are joined, the network is up, we can send and transmit
V Joined:
V AI - Association Succeeded:00
Frame descriptions
236
API Operation
Frame descriptions
Route Record Indicator - 0xA1
Description
This frame contains the routing information for a remote device on the network. This route
information should be stored in external memory and used in a 0x21 Create Source Route frame to
provide a return route for data transmissions; this eliminates the need to perform a route discovery.
The frame will be emitted out of the node that is acting as a low RAM concentrator when a unicast
data transmission is received from a remote node for the first time. If a previously established route
fails, a new 0xA1 Route Record Indicator will be generated with information about the new route.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data fields
Offset Description
Frame type
3
0xA1
64-bit source
(remote) address
4-11
The 64-bit address of the device that initiated the route record.
Source (updater)
16-bit address
12-13
The 16-bit address of the device that initiated the route record.
Receive options
14
0x01 - Packet Acknowledged.
0x02 - Packet was a broadcast.
Number of addresses
15
The number of addresses in the source route (excluding source
and destination).
Address 1
16-17
(neighbor of destination)
Address 2 (closer hop)
18-19
Address of intermediate hop
Address n (neighbor of
source)
20
Two bytes per 16-bit address.
21
Example
Suppose device A is a low RAM concentrator, and device E is sending a unicast message to it.
Device E knows that device A is a low RAM concentrator and will send a route record that traverses
multiple hops en route to the concentrator as shown in the following example:
A<B<C<D<E
In this frame, the following route information is provided:
Device E 64-bit address: 0x0013A200 40401122
Device E 16-bit address: 0x3344
Device D 16-bit address: 0xEEFF
Device C 16-bit address: 0xCCDD
Device B 16-bit address: 0xAABB
The concentrator emits the following frame out of the serial port:
XBee3® Zigbee® RF Module User Guide
237
API Operation
Frame descriptions
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x13
Frame type
3
0xA1
64-bit source (remote) address
MSB 4
0x00
5
0x13
6
0xA2
7
0x00
8
0x40
9
0x40
10
0x11
11
0x22
12
0x33
13
0x44
Receive options
14
0x01
Number of Addresses
15
0x03
Address 1
16
0xEE
17
0xFF
18
0xCC
19
0xDD
20
0xAA
21
0xBB
22
0x80
Source (updater) 16-bit address
Address 2 (closer hop)
Address n (neighbor of source)
Checksum
Register Device Status - 0xA4
Description
This frame is sent out of the UART of the trust center as a response to a 0x24 Register Device frame,
indicating whether the registration was successful or not.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
XBee3® Zigbee® RF Module User Guide
238
API Operation
Frame
data
fields
Frame descriptions
Offset Description
Frame
type
3
0xA4 Register Device Status
Frame ID
4
Identifies the data frame for the host to correlate with a subsequent response.
It matches the Frame ID of the registration request (0x24).
Status
5
0x00 = Success
0x01 = Key too long
0xB1 = Address not found in the key table
0xB2 = Key is invalid (00 and FF are reserved)
0xB3 = Invalid address
0xB4 = Key table is full
0xFF = Key not found
Example
A device is registered to the trust center using a 0x24 frame with a Frame ID of 0x53. The following
status is returned, indicating that the registration was a success.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x03
Frame type
3
0xA4
Frame ID
4
0x53
Status
5
0x00 (Success)
Checksum
6
0x08
XBee3® Zigbee® RF Module User Guide
239
API Operation
Frame descriptions
Many-to-One Route Request Indicator - 0xA3
Description
A many-to-one route request is sent as a broadcast message from a concentrator (AR < 0xFF).
When a node receives a many-to-one broadcast, it will create a route table entry for the concentrator,
preventing the need to do a route discovery when sending data to that destination.
Format
The following table provides the contents of the frame. For details on frame structure, see API frame
format.
Frame data
fields
Offset Description
Frame type
3
0xA3
64-bit source
(remote)
address
4-11
MSB first, LSB last. The 64-bit address of the device that sent the many-toone route request.
Source
12-13
16-bit address
MSB first, LSB last. The 16-bit address of the device that initiated the
many-to-one route request.
Reserved
Set to 0.
14
Example
Suppose a device with a 64-bit address of 0x0013A200 40401122 and 16-bit address of 0x0000 sends a
many-to-one route request. All remote routers operating in API mode that receive the many-to-one
broadcast send the following example API frame out their serial port.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x0C
3
0xA3
Frame type
XBee3® Zigbee® RF Module User Guide
240
API Operation
Send ZDO commands with the API
Frame data fields
Offset
Example
64-bit source (remote) address
MSB 4
0x00
5
0x13
6
0xA2
7
0x00
8
0x40
9
0x40
10
0x11
11
0x22
MSB 12
0x00
LSB 13
0x00
Reserved
14
0x00
Checksum
22
0xF4
Source 16-bit address
Send ZDO commands with the API
Zigbee specifications define Zigbee device objects (ZDOs) as part of the Zigbee device profile. These
objects provide functionality to manage and map out the Zigbee network and to discover services on
Zigbee devices. ZDOs are typically required when developing a Zigbee product that interoperates in a
public profile such as home automation or smart energy, or when communicating with Zigbee devices
from other vendors. You can also use the ZDO to perform several management functions such as
frequency agility (energy detect and channel changes - Mgmt Network Update Request), discovering
routes (Mgmt Routing Request) and neighbors (Mgmt LQI Request), and managing device connectivity
(Mgmt Leave and Permit Join Request).
The following table shows some of the more prominent ZDOs with their respective cluster identifier.
Each ZDO command has a defined payload. See the Zigbee device profile section of the Zigbee
specification for details.
ZDO command
Cluster ID
Network Address Request
0x0000
IEEE Address Request
0x0001
Node Descriptor Request
0x0002
Simple Descriptor Request
0x0004
Active Endpoints Request
0x0005
Match Descriptor Request
0x0006
Mgmt LQI Request
0x0031
Mgmt Routing Request
0x0032
XBee3® Zigbee® RF Module User Guide
241
API Operation
Send ZDO commands with the API
ZDO command
Cluster ID
Mgmt Leave Request
0x0034
Mgmt Permit Joining Request
0x0036
Mgmt Network Update Request
0x0038
Use the Explicit Addressing Command frame - 0x11 to send Zigbee device objects commands to
devices in the network. Sending ZDO commands with the Explicit Transmit API frame requires some
formatting of the data payload field.
When sending a ZDO command with the API, all multiple byte values in the ZDO command (API
payload), for example, u16, u32, and 64-bit addresses, must be sent in little endian byte order for the
command to be executed correctly on a remote device.
For an API XBee to receive ZDO responses, set AO (API Options) to 1 to enable the explicit receive API
frame.
The following table shows how you can use the Explicit API frame to send an “Active Endpoints”
request to discover the active endpoints on a device with a 16-bit address of 0x1234.
Frame data fields
Offset
Description
Frame type
3
0x11
Frame ID
4
Identifies the data frame for the host to correlate with a
subsequent transmit status. If set to 0, the device does not send a
response out the serial port.
64-bit destination
address
5-12
MSB first, LSB last. The 64-bit address of the destination device (big
endian byte order). For unicast transmissions, set to the 64-bit
address of the destination device, or to 0x0000000000000000 to
send a unicast to the coordinator. Set to 0x000000000000FFFF for
broadcast.
16-bit destination
network address
13
MSB first, LSB last. The 16-bit address of the destination device (big
endian byte order). Set to 0xFFFE for broadcast, or if the 16-bit
address is unknown.
Source endpoint
15
Set to 0x00 for ZDO transmissions (endpoint 0 is the ZDO
endpoint).
Destination endpoint
16
Set to 0x00 for ZDO transmissions (endpoint 0 is the ZDO
endpoint).
Cluster ID
17
Set to the cluster ID that corresponds to the ZDO command being
sent.
0x0005 = Active Endpoints Request
14
18
Profile ID
19-20
Set to 0x0000 for ZDO transmissions (Profile ID 0x0000 is the
Zigbee device profile that supports ZDOs).
Broadcast radius
21
Sets the maximum number of hops a broadcast transmission can
traverse. If set to 0, the device sets the transmission radius to the
network maximum hops value.
XBee3® Zigbee® RF Module User Guide
242
API Operation
Send ZDO commands with the API
Frame data fields
Offset
Description
Transmission options
22
All bits must be set to 0.
Data payload
23
The required payload for a ZDO command. All multi-byte ZDO
parameter values (u16, u32, 64- bit address) must be sent in little
endian byte order.
The Active Endpoints Request includes the following payload:
[16-bit NwkAddrOfInterest]
24
25
Note The 16-bit address in the API example (0x1234) is sent in little
endian byte order (0x3412).
Example
The following example shows how you can use the Explicit API frame to send an “Active Endpoints”
request to discover the active endpoints on a device with a 16-bit address of 0x1234.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x17
Frame type
3
0x11
Frame ID
4
0x01
64-bit destination address
MSB 5
0x00
6
0x00
7
0x00
8
0x00
9
0x00
10
0x00
11
0xFF
LSB12
0xFF
16-bit Destination
Network Address
MSB 13
0xFF
LSB 14
0xFE
Source endpoint
15
0x00
Destination endpoint
16
0x00
Cluster ID
17
0x00
18
0x05
XBee3® Zigbee® RF Module User Guide
243
API Operation
Send Zigbee cluster library (ZCL) commands with the API
Frame data fields
Offset
Example
Profile ID
19
0x00
20
0x00
Broadcast radius
21
0x00
Transmit options
22
0x00
Data payload - transaction sequence number
23
0x01
Data payload - ZDO payload
24
0x34
25
0x12
29
0xA6
Checksum
Send Zigbee cluster library (ZCL) commands with the API
The Zigbee cluster library defines a set of attributes and commands (clusters) that can be supported
in multiple Zigbee profiles. The ZCL commands are typically required when developing a Zigbee
product that will interoperate in a public profile such as home automation or smart energy, or when
communicating with Zigbee devices from other vendors. Applications that are not designed for a
public profile or for interoperability applications can skip this section.
The following table shows some prominent clusters with their respective attributes and commands.
Cluster (Cluster ID)
Attributes (Attribute ID)
Cluster ID
Basic (0x0000)
Application Version (0x0001)
Hardware Version (0x0003)
Model Identifier (0x0005)
Reset to defaults (0x00)
Identify (0x0003)
Identify Time (0x0000)
Identify (0x00)
Identify Query (0x01)
Time (0x000A)
Time (0x0000)
Time Status (0x0001)
Time Zone (0x0002)
Thermostat (0x0201)
Local Temperature (0x0000)
Occupancy (0x0002)
Setpoint raise / lower (0x00)
The ZCL defines a number of profile-wide commands that can be supported on any profile, also known
as general commands. These commands include the following.
Command (Command ID) Description
Read Attributes (0x00)
Used to read one or more attributes on a remote device.
Read Attributes Response
(0x01)
Generated in response to a read attributes command.
Write Attributes (0x02)
Used to change one or more attributes on a remote device.
XBee3® Zigbee® RF Module User Guide
244
API Operation
Send Zigbee cluster library (ZCL) commands with the API
Command (Command ID) Description
Write Attributes Response
(0x04)
Sent in response to a write attributes command.
Configure Reporting
(0x06)
Used to configure a device to automatically report on the values of one
or more of its attributes.
Report Attributes (0x0A)
Used to report attributes when report conditions have been satisfied.
Discover Attributes (0x0C)
Used to discover the attribute identifiers on a remote device.
Discover Attributes
Response (0x0D)
Sent in response to a discover attributes command.
Use the Explicit Addressing Command frame - 0x11 to send ZCL commands to devices in the network.
Sending ZCL commands with the Explicit Transmit API frame requires some formatting of the data
payload field.
When sending a ZCL command with the API, all multiple byte values in the ZCL command (API Payload)
(for example, u16, u32, 64-bit addresses) must be sent in little endian byte order for the command to
be executed correctly on a remote device.
Note When sending ZCL commands, set the AO command to 1 to enable the explicit receive API frame.
This provides indication of the source 64- and 16-bit addresses, cluster ID, profile ID, and endpoint
information for each received packet. This information is required to properly decode received data.
The following table shows how the Explicit API frame can be used to read the hardware version
attribute from a device with a 64-bit address of 0x0013A200 40401234 (unknown 16-bit address). This
example uses arbitrary source and destination endpoints. The hardware version attribute (attribute
ID 0x0003) is part of the basic cluster (cluster ID 0x0000). The Read Attribute general command ID is
0x00.
Frame fields
Offset Description
Frame type
3
Frame ID
4
XBee3® Zigbee® RF Module User Guide
Identifies the serial port data frame for the host to
correlate with a subsequent transmit status. If set to
0, no transmit status frame will be sent out the serial
port.
245
API Operation
Send Zigbee cluster library (ZCL) commands with the API
Frame fields
Offset Description
64-bit
destination
address
MSB 5
6
7
8
The 64-bit address of the destination device (big
endian byte order). For unicast transmissions, set to
the 64-bit address of the destination device, or to
0x0000000000000000 to send a unicast to the
coordinator. Set to 0x000000000000FFFF for
broadcast.
9
10
11
LSB
12
16-bit
destination
network
address
MSB
13
Source
endpoint
15
Set to the source endpoint on the sending device
(0x41 arbitrarily selected).
Destination
endpoint
16
Set to the destination endpoint on the remote device
(0x42 arbitrarily selected).
Cluster ID
MSB
17
Set to the cluster ID that corresponds to the ZCL
command being sent. 0x0000 = Basic Cluster.
LSB
14
The 16-bit address of the destination device (big
endian byte order). Set to 0xFFFE for broadcast, or if
the 16-bit address is unknown.
LSB
18
Profile ID
MSB
19
Set to the profile ID supported on the device (0xD123
arbitrarily selected).
LSB
20
Broadcast
radius
21
Sets the maximum number of hops a broadcast
transmission can traverse. If set to 0, the
transmission radius will be set to the network
maximum hops value.
Transmit
options
22
All bits must be set to 0.
23
Bitfield that defines the command type and other
relevant information in the ZCL command. For more
information, see the ZCL specification.
Data
payload
ZCL
frame
header
Frame
control
XBee3® Zigbee® RF Module User Guide
246
API Operation
Send Zigbee cluster library (ZCL) commands with the API
Offset Description
Frame fields
Transaction 24
sequence
number
A sequence number used to correlate a ZCL command
with a ZCL response. (The hardware version response
will include this byte as a sequence number in the
response.) The value 0x01 was arbitrarily selected.
Command
ID
25
Since the frame control “frame type” bits are 00, this
byte specifies a general command. Command ID 0x00
is a Read Attributes command.
ZCL
Attribute ID 26
payload
The payload for a “Read Attributes” command is a list
of Attribute Identifiers that are being read.
Note The 16-bit Attribute ID (0x0003) is sent in little
endian byte order (0x0300). All multi- byte ZCL header
and payload values must be sent in little endian byte
order.
27
0xFF minus the 8 bit sum of bytes from offset 3 to this
byte.
Example
In this example, the Frame Control field (offset 23) is constructed as follows:
Name
Bits Example Value Description
Frame Type
0-1
00 - Command acts across the entire profile.
Manufacturer Specific
2
0 - The manufacturer code field is omitted from the ZCL Frame
Header.
Direction
3
0 - The command is being sent from the client side to the server
side.
Disable Default
Response
4
0 - Default response not disabled.
Reserved
5-7
Set to 0.
For more information, see the Zigbee Cluster Library specification.
Frame data fields
Offset
Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x19
Frame type
3
0x11
Frame ID
4
0x01
XBee3® Zigbee® RF Module User Guide
247
API Operation
Send Zigbee cluster library (ZCL) commands with the API
Frame data fields
Offset
Example
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x40
10
0x40
11
0x12
LSB12
0x34
16-bit destination
network address
MSB 13 0xFF
LSB 14
0xFE
Source endpoint
15
0x41
Destination endpoint
16
0x42
Cluster ID
MSB 17 0x00
LSB 18
Profile ID
0x00
MSB 19 0xD1
LSB 20
0x23
Broadcast radius
21
0x00
Transmit options
22
0x00
23
0x00
Transaction sequence number
24
0x01
Command ID
25
0x00
Attribute ID
26
0x03
27
0x00
28
0xFA
Data payload
ZCL frame header Frame control
ZCL payload
Checksum
XBee3® Zigbee® RF Module User Guide
248
API Operation
Send Public Profile Commands with the API
Send Public Profile Commands with the API
You can use the XBee API using the Explicit Transmit API frame (0x11) to send commands in public
profiles such as Smart Energy and Home Automation. Sending public profile commands with the
Explicit Transmit API frame requires some formatting of the data payload field. Most of the public
profile commands fit into the Zigbee cluster library (ZCL) architecture as described in Send Zigbee
cluster library (ZCL) commands with the API.
The following table shows how you can use the Explicit API frame to send a demand response and load
control message (cluster ID 0x701) in the smart energy profile (profile ID 0x0109) in the revision 14
Smart Energy specification. The device sends a “Load Control Event”message (command ID 0x00) and
to a device with 64- bit address of 0x0013A200 40401234 with a 16-bit address of 0x5678. The event
starts a load control event for water heaters and smart appliances for a duration of 1 minute, starting
immediately.
Note When sending public profile commands, set the AO command to 1 to enable the explicit receive
API frame. This provides indication of the source 64- and 16-bit addresses, cluster ID, profile ID, and
endpoint information for each received packet. This information is required to properly decode
received data.
Frame specific data
Frame Fields
Offset Description
Frame type
3
Frame ID
4
Identifies the serial port data frame for the host to
correlate with a subsequent transmit status. If set
to 0, no transmit status frame will be sent out the
serial port.
64-bit
destination
address
MSB 5
The 64-bit address of the destination device (big
endian byte order). For unicast transmissions, set to
the 64-bit address of the destination device, or to
0x0000000000000000 to send a unicast to the
coordinator. Set to 0x000000000000FFFF for
broadcast.
6
7
8
9
10
11
LSB
12
16-bit
destination
network
address
MSB
13
Source
endpoint
15
XBee3® Zigbee® RF Module User Guide
LSB
14
The 16-bit address of the destination device (big
endian byte order). Set to 0xFFFE for broadcast, or if
the 16-bit address is unknown.
Set to the source endpoint on the sending device.
(0x41 arbitrarily selected).
249
API Operation
Send Public Profile Commands with the API
Frame Fields
Offset Description
Destination
endpoint
16
Set to the destination endpoint on the remote
device. (0x42 arbitrarily selected).
Cluster ID
MSB
17
Set to the cluster ID that corresponds to the ZCL
command being sent. 0x0701 = Demand response
and load control cluster ID
LSB
18
Profile ID
MSB
19
Set to the profile ID supported on the device. 0x0109
= Smart Energy profile ID.
LSB
20
Broadcast
radius
21
Sets the maximum number of hops a broadcast
transmission can traverse. If set to 0, the
transmission radius will be set to the network
maximum hops value.
Transmit
options
22
All bits must be set to 0.
Frame
control
23
Bitfield that defines the command type and other
relevant information in the ZCL command. For more
information, see the ZCL specification.
Transaction
sequence
number
24
A sequence number used to correlate a ZCL
command with a ZCL response. (The hardware
version response will include this byte as a sequence
number in the response.) The value 0x01 was
arbitrarily selected.
25
Since the frame control “frame type” bits are 01, this
byte specifies a cluster-specific command. Command
ID 0x00 in the Demand Response and Load Control
cluster is a Load Control Event command. For more
information, see the Smart Energy specification.
26
The 4-byte unique identifier.
Data
payload
ZCL
frame
header
ZCL
Issuer event
payload ID
- load
control
event
data
Note The 4-byte ID is sent in little endian byte order
(0x78563412).
The event ID in this example (0x12345678) is
arbitrarily selected.
27
28
29
XBee3® Zigbee® RF Module User Guide
250
API Operation
Send Public Profile Commands with the API
Offset Description
Frame Fields
Device class
30
This bit encoded field represents the Device Class
associated with the Load Control Event. A bit value of
0x0014 enables smart appliances and water heaters.
Note The 2-byte bit field value is sent in little endian
byte order.
31
Utility
enrollment
group
32
Start time
33
Used to identify sub-groups of devices in the deviceclass. 0x00 addresses all groups.
34
35
36
Duration in
minutes
37
This 2-byte value must be sent in little endian byte
order.
38
Criticality
level
39
Indicates the criticality level of the event. In this
example, the level is “voluntary”.
Cooling
40
temperature
Requested offset to apply to the normal cooling set
point.
A value of 0xFF indicates the temperature offset
value is not used.
Heating
41
temperature
offset
Requested offset to apply to the normal heating set
point.
A value of 0xFF indicates the temperature offset
value is not used.
Cooling
42
temperature
set point
Requested cooling set point in 0.01 degrees Celsius.
A value of 0x8000 means the set point field is not
used in this event.
Note The 0x80000 is sent in little endian byte order.
43
XBee3® Zigbee® RF Module User Guide
251
API Operation
Send Public Profile Commands with the API
Offset Description
Frame Fields
Heating
44
temperature
set point
Requested heating set point in 0.01 degrees Celsius.
A value of 0x8000 means the set point field is not
used in this event.
45
Note The 0x80000 is sent in little endian byte order.
Average load 46
adjustment
percentage
Maximum energy usage limit. A value of 0x80
indicates the field is not used.
Duty cycle
47
Defines the maximum “On” duty cycle. A value of
0xFF indicates the duty cycle is not used in this
event.
Duty cycle
event
control
48
A bitmap describing event options.
Example
In this example, the Frame Control field (offset 23) is constructed as follows:
Name
Bits Example Value Description
Frame Type
0-1
01 - Command is specific to a cluster
Manufacturer Specific
2
0 - The manufacturer code field is omitted from the ZCL Frame
Header.
Direction
3
1 - The command is being sent from the server side to the client
side.
Disable Default
Response
4
0 - Default response not disabled
Reserved
5-7
Set to 0.
For more information, see the Zigbee cluster library specification.
Frame fields
Offset Example
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2
0x19
Frame type
3
0x11
Frame ID
4
0x01
XBee3® Zigbee® RF Module User Guide
252
API Operation
Send Public Profile Commands with the API
Frame fields
Offset Example
64-bit destination
address
MSB 5
0x00
6
0x13
7
0xA2
8
0x00
9
0x40
10
0x40
11
0x12
LSB
12
0x34
MSB
13
0x56
LSB
14
0x78
Source endpoint
15
0x41
Destination endpoint
16
0x42
Cluster ID
MSB
17
0x07
LSB
18
0x01
MSB
19
0x01
LSB
20
0x09
Broadcast radius
21
0x00
Transmit options
22
0x00
16-bit destination
network address
Profile ID
XBee3® Zigbee® RF Module User Guide
253
API Operation
Send Public Profile Commands with the API
Offset Example
Frame fields
Data payload
ZCL frame header
ZCL payload - load control
event data
Frame control
23
0x09
Transaction sequence
number
24
0x01
25
0x00
26
0x78
27
0x56
28
0x34
29
0x12
30
0x14
31
0x00
Utility enrollment group
32
0x00
Start time
33
0x00
34
0x00
35
0x00
36
0x00
37
0x01
38
0x00
Criticality level
39
0x04
Cooling temperature
40
0xFF
Heating temperature
offset
41
0xFF
Cooling temperature set
point
42
0x00
43
0x80
44
0x00
45
0x80
Average load adjustment
percentage
46
0x80
Duty cycle
47
0xFF
Duty cycle event control
48
0x00
49
0x5B
Issuer event ID
Device class
Duration in Minutes
Heating temperature set
point
Checksum
XBee3® Zigbee® RF Module User Guide
254
In-depth OTA firmware upgrade process for Zigbee
3.0
The OTA upgrade process is based on the Zigbee Cluster Library specifications; ZCL messages are
exchanged between the server and the client using 0x11 explicit addressing API frames with a cluster
ID of 0x0019. All multiple byte values in the ZCL command in the payload must be sent in little endian
byte order for the command to be executed correctly on the remote device.
For the server to receive the required ZDO responses from the client, set AO (API Options) to 1 to
enable the Explicit Rx Indicator frame - 0x91. The client automatically generates the necessary
responses regardless of its serial configuration.
OTA file
Storage
ZCL OTA messaging
Image Notify
Create the Image Notify request
Query Next Image request
Query Next Image response
Image Block request
Image Block response
Upgrade End request
Upgrade End response
ZCL OTA cluster status codes
XBee3® Zigbee® RF Module User Guide
256
256
256
257
257
259
261
263
265
271
273
276
255
In-depth OTA firmware upgrade process for Zigbee 3.0
OTA file
OTA file
The OTA firmware process uses a specific firmware file with a .gbl extension. This file needs to be
parsed and divided into 64-byte blocks.
Storage
The OTA firmware image blocks are received and stored in a separate internal flash slot that is
allotted exclusively for this purpose. Once all the image bytes are written to the slot, the new image
must be validated by the current application before it can be used.
If the new image is deemed invalid, the running Zigbee firmware rejects the image and continues
operating with the current, valid application.
ZCL OTA messaging
The following figure provides the messaging sequence between the Server (updater node) and the
Client (target node).
XBee3® Zigbee® RF Module User Guide
256
In-depth OTA firmware upgrade process for Zigbee 3.0
Image Notify
Image Notify
The server sends the Image Notify message to the client informing the device of the presence of an
update image. The Image Notify message is sent when the upgrade process is initiated from the
server.
Create the Image Notify request
The Image Notify Request is an explicit transmit frame (0x11 type) passed into the server with the
following information:
XBee3® Zigbee® RF Module User Guide
257
In-depth OTA firmware upgrade process for Zigbee 3.0
Create the Image Notify request
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x21
Frame Type
3
0x11
Frame ID
4
0x01
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0xFE
9
0x00
10
0x00
11
0x00
LSB
12
0x03
MSB
13
0x28
LSB
14
0x2F
Source Endpoint
15
0xE8
Destination Endpoint
16
0xE8
Cluster ID
MSB
17
0x00
LSB
18
0x19
MSB
19
0xC1
LSB
20
0x05
Broadcast radius
21
0x00
Transmit options
22
0x00
16-bit destination address
Profile ID
XBee3® Zigbee® RF Module User Guide
258
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Data
ZCL
payload frame
header
ZCL
payload
Query Next Image request
Offset Example Comments
Frame control
23
0x09
Transaction
sequence
number
24
0x01
Command ID
25
0x00
Image Notify Command ID
Payload type
26
0x03
Contains Jitter, Image Type, Firmware
Version
Query jitter
27
0x00
Manufacturer
ID
LSB
28
0x1E
MSB
29
0x10
LSB
30
0x00
MSB
31
0x00
LSB
32
0x01
33
0x10
34
0x00
MSB
35
0x00
36
0xE5
Image type
Firmware
version
Checksum
Digi's Manufacturer ID in Little Endian Image type should be 0x0000 unless the
server doesn't want to update the client
Firmware version of the new update file in
Little Endian. In this example, the version is
0x1001
Query Next Image request
The client device sends the Query Next Image request message to the server to indicate it is ready to
receive a firmware image and is sent as a response to an Image Notify message. The client sends
information about the existing firmware version as a part of this message. The server emits the
following frame after receiving the request from the client:
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x1E
Frame Type
XBee3® Zigbee® RF Module User Guide
3
0x91
259
In-depth OTA firmware upgrade process for Zigbee 3.0
Query Next Image request
Frame data fields
Offset Example Comments
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0xFE
8
0x00
9
0x00
10
0x00
LSB 11
0x03
MSB
12
0x28
LSB 13
0x2F
Source Endpoint
14
0xE8
Destination Endpoint
15
0xE8
Cluster ID
MSB
16
0x00
LSB
17
0x19
MSB
18
0xC1
LSB
19
0x05
20
0x01
Frame control
21
0x01
Transaction sequence
number
22
0x00
16-bit source address
Profile ID
Receive options
Data
payload
ZCL frame
header
XBee3® Zigbee® RF Module User Guide
260
In-depth OTA firmware upgrade process for Zigbee 3.0
Query Next Image response
Frame data fields
ZCL payload
Offset Example Comments
Command ID
23
0x01
Field control
24
0x00
Manufacturer ID
LSB
25
0x1E
MSB
26
0x10
LSB
27
0x00
MSB
28
0x00
LSB
29
0x00
30
0x10
31
0x00
MSB
32
0x00
33
0x71
Image type
Firmware version
Checksum
Query Next Image
request
Query Next Image response
The server obtains the information sent by the Client in the Query Next Image request and
determines if it has a suitable image for the client. It then sends a Query Next Image response with
one of the following status messages as appropriate:
n 0x00 - SUCCESS: The server is authorized to upgrade the client with the image.
n
0x98 - NO_IMAGE_AVAILABLE: The server is authorized to update the client but does not have a
new OTA update image available.
n
0x7E - NOT_AUTHORIZED: The server is not authorized to update the client.
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x24
Frame Type
3
0x11
Frame ID
4
0x01
XBee3® Zigbee® RF Module User Guide
261
In-depth OTA firmware upgrade process for Zigbee 3.0
Query Next Image response
Frame data fields
Offset Example Comments
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0xFE
9
0x00
10
0x00
11
0x00
LSB 12
0x03
MSB
13
0x28
LSB 14
0x2F
Source Endpoint
15
0xE8
Destination Endpoint
16
0xE8
Cluster ID
MSB
17
0x00
LSB
18
0x19
MSB
19
0xC1
LSB
20
0x05
Broadcast radius
21
0x00
Transmit options
22
0x00
16-bit destination address
Profile ID
XBee3® Zigbee® RF Module User Guide
262
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Data
ZCL
payload frame
header
ZCL
payload
Image Block request
Offset Example Comments
Frame control
23
0x09
Transaction
sequence
number
24
0x01
Command ID
25
0x02
Query Next Image Response
Status
26
0x00
Success = 0x00
No Image Available = 0x98
Not Authorized = 0x7E
Manufacturer
ID
LSB
27
0x1E
MSB
28
0x10
LSB
29
0x00
MSB
30
0x00
LSB
31
0x01
32
0x10
33
0x00
MSB
34
0x00
LSB
35
0x2E
36
0xF3
37
0x02
MSB
38
0x00
39
0xE5
Image type
Firmware
version
Image Size
Checksum
Firmware version of the new update file in
Little Endian. In this example, the version is
0x1001
Image Block request
The Client generates Image Block requests to request the server for bytes of the OTA firmware
image. Each image block is 64 byte long. The client also sends the file offset as a way to keep the
synchronization of every block intact.
The Image Block requests are repeated by the client until all the blocks of the image are successfully
obtained. The size of the OTA upgrade image is usually obtained by the client in the Query Next Image
response message and hence it knows the exact number of Image Block requests it needs to send.
XBee3® Zigbee® RF Module User Guide
263
In-depth OTA firmware upgrade process for Zigbee 3.0
Image Block request
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x1E
Frame Type
3
0x91
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0xFE
8
0x00
9
0x00
10
0x00
LSB 11
0x03
MSB
12
0x28
LSB 13
0x2F
Source Endpoint
14
0xE8
Destination Endpoint
15
0xE8
Cluster ID
MSB
16
0x00
LSB
17
0x19
MSB
18
0xC1
LSB
19
0x05
20
0x01
16-bit source address
Profile ID
Receive options
XBee3® Zigbee® RF Module User Guide
264
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Data
ZCL
payload frame
header
Image Block response
Offset Example Comments
Frame
control
21
0x01
Transaction
sequence
number
22
0x01
23
0x03
24
0x00
ZCL
Command ID
payload
Field control
Manufacturer LSB
ID
25
0x1E
MSB
26
0x10
LSB
27
0x00
MSB
28
0x00
LSB
29
0x01
30
0x10
31
0x00
MSB
32
0x00
LSB
33
0x00
34
0x00
35
0x00
LSB
36
0x00
37
0x40
38
0x2D
Image type
Firmware
version
File Offset
Image Block
Size
Checksum
Image Block Request
0x0 for the first request.
Offset by multiples of Image Block size. For
Example, 0x00000000 for the first request,
0x00000040, 0x00000080 and so on
Image Block response
The server generates an Image Block response upon receiving an Image Block request command. It
responds with a SUCCESS status on being able to retrieve the data for the client. The server uses the
file offset sent by the client to determine the location of the requested data within the OTA upgrade
image.
If you wish to cancel the update process, send an ABORT (0x95) status.
XBee3® Zigbee® RF Module User Guide
265
In-depth OTA firmware upgrade process for Zigbee 3.0
Image Block response
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x65
Frame Type
3
0x11
Frame ID
4
0x01
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0xFE
9
0x00
10
0x00
11
0x00
LSB 12
0x03
MSB
13
0x28
LSB 14
0x2F
Source Endpoint
15
0xE8
Destination Endpoint
16
0xE8
Cluster ID
MSB
17
0x00
LSB
18
0x19
MSB
19
0xC1
LSB
20
0x05
Broadcast radius
21
0x00
Transmit options
22
0x00
16-bit destination address
Profile ID
XBee3® Zigbee® RF Module User Guide
266
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Data
payload
ZCL frame
header
Data
payload
Image Block response
Offset Example Comments
Frame control
23
0x09
Transaction sequence
number
24
0x02
Data
payload
ZCL payload
Command ID
25
0x05
Image Block
Response
Data
payload
ZCL payload
Status
26
0x00
Success = 0x00
Abort = 0x95
Data
payload
ZCL payload
Manufacturer ID
LSB
27
0x1E
Data
payload
ZCL payload
MSB
28
0x10
Data
payload
ZCL payload
LSB
29
0x00
Data
payload
ZCL payload
MSB
30
0x00
Data
payload
ZCL payload
LSB
31
0x01
Data
payload
ZCL payload
32
0x10
Data
payload
ZCL payload
33
0x00
Data
payload
ZCL payload
MSB
34
0x00
Data
payload
ZCL payload
LSB
35
0x00
Data
payload
ZCL payload
36
0x00
Data
payload
ZCL payload
37
0x00
Data
payload
ZCL payload
MSB
38
0x00
Data
payload
ZCL payload
Image Block Size
39
0x40
Data
payload
ZCL payload
Image Block Data
40
0xEB
XBee3® Zigbee® RF Module User Guide
Image type
Firmware version
File Offset
64 byte blocks
267
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Image Block response
Offset Example Comments
Data
payload
ZCL payload
Image Block Data
41
0x17
Data
payload
ZCL payload
Image Block Data
42
0xA6
Data
payload
ZCL payload
Image Block Data
43
0x03
Data
payload
ZCL payload
Image Block Data
44
0x08
Data
payload
ZCL payload
Image Block Data
45
0x00
Data
payload
ZCL payload
Image Block Data
46
0x00
Data
payload
ZCL payload
Image Block Data
47
0x00
Data
payload
ZCL payload
Image Block Data
48
0x00
Data
payload
ZCL payload
Image Block Data
49
0x00
Data
payload
ZCL payload
Image Block Data
50
0x00
Data
payload
ZCL payload
Image Block Data
51
0x03
Data
payload
ZCL payload
Image Block Data
52
0x00
Data
payload
ZCL payload
Image Block Data
53
0x01
Data
payload
ZCL payload
Image Block Data
54
0x00
Data
payload
ZCL payload
Image Block Data
55
0x00
Data
payload
ZCL payload
Image Block Data
56
0xF4
Data
payload
ZCL payload
Image Block Data
57
0x0A
Data
payload
ZCL payload
Image Block Data
58
0x0A
XBee3® Zigbee® RF Module User Guide
268
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Image Block response
Offset Example Comments
Data
payload
ZCL payload
Image Block Data
59
0xF4
Data
payload
ZCL payload
Image Block Data
60
0x1C
Data
payload
ZCL payload
Image Block Data
61
0x00
Data
payload
ZCL payload
Image Block Data
62
0x00
Data
payload
ZCL payload
Image Block Data
63
0x00
Data
payload
ZCL payload
Image Block Data
64
0x01
Data
payload
ZCL payload
Image Block Data
65
0x00
Data
payload
ZCL payload
Image Block Data
66
0x00
Data
payload
ZCL payload
Image Block Data
67
0x00
Data
payload
ZCL payload
Image Block Data
68
0xE9
Data
payload
ZCL payload
Image Block Data
69
0x03
Data
payload
ZCL payload
Image Block Data
70
0x00
Data
payload
ZCL payload
Image Block Data
71
0x00
Data
payload
ZCL payload
Image Block Data
72
0x00
Data
payload
ZCL payload
Image Block Data
73
0x00
Data
payload
ZCL payload
Image Block Data
74
0x00
Data
payload
ZCL payload
Image Block Data
75
0x00
Data
payload
ZCL payload
Image Block Data
76
0x00
XBee3® Zigbee® RF Module User Guide
269
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Image Block response
Offset Example Comments
Data
payload
ZCL payload
Image Block Data
77
0x00
Data
payload
ZCL payload
Image Block Data
78
0x00
Data
payload
ZCL payload
Image Block Data
79
0x00
Data
payload
ZCL payload
Image Block Data
80
0x00
Data
payload
ZCL payload
Image Block Data
81
0x00
Data
payload
ZCL payload
Image Block Data
82
0x00
Data
payload
ZCL payload
Image Block Data
83
0x00
Data
payload
ZCL payload
Image Block Data
84
0x00
Data
payload
ZCL payload
Image Block Data
85
0x00
Data
payload
ZCL payload
Image Block Data
86
0x00
Data
payload
ZCL payload
Image Block Data
87
0x00
Data
payload
ZCL payload
Image Block Data
88
0x00
Data
payload
ZCL payload
Image Block Data
89
0x00
Data
payload
ZCL payload
Image Block Data
90
0x00
Data
payload
ZCL payload
Image Block Data
91
0x00
Data
payload
ZCL payload
Image Block Data
92
0xFD
Data
payload
ZCL payload
Image Block Data
93
0x03
Data
payload
ZCL payload
Image Block Data
94
0x03
XBee3® Zigbee® RF Module User Guide
270
In-depth OTA firmware upgrade process for Zigbee 3.0
Upgrade End request
Frame data fields
Offset Example Comments
Data
payload
ZCL payload
Image Block Data
95
0xFD
Data
payload
ZCL payload
Image Block Data
96
0xA4
Data
payload
ZCL payload
Image Block Data
97
0xF2
Data
payload
ZCL payload
Image Block Data
98
0x02
Data
payload
ZCL payload
Image Block Data
99
0x00
Data
payload
ZCL payload
Image Block Data
100
0x00
Data
payload
ZCL payload
Image Block Data
101
0x00
Data
payload
ZCL payload
Image Block Data
102
0x00
Data
payload
ZCL payload
Image Block Data
103
0x00
Data
payload
ZCL payload
Image Block Data
104
0x00
106
0x4E
Checksum
Upgrade End request
The Upgrade End request is generated by the client after it verifies the received firmware image to
ensure its integrity and validity. If the image fails any integrity checks, the client sends an Upgrade
End request command to the upgrade server with INVALID_IMAGE as the status. If the image passes
all integrity checks, the client sends an Upgrade End request command to the upgrade server with
SUCCESS as the status.
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x1E
Frame Type
XBee3® Zigbee® RF Module User Guide
3
0x91
271
In-depth OTA firmware upgrade process for Zigbee 3.0
Upgrade End request
Frame data fields
Offset Example Comments
64-bit source address
MSB 4
0x00
5
0x13
6
0xA2
7
0xFE
8
0x00
9
0x00
10
0x00
LSB 11
0x03
MSB
12
0x28
LSB 13
0x2F
Source Endpoint
14
0xE8
Destination Endpoint
15
0xE8
Cluster ID
MSB
16
0x00
LSB
17
0x19
MSB
18
0xC1
LSB
19
0x05
20
0x01
16-bit source address
Profile ID
Receive options
XBee3® Zigbee® RF Module User Guide
272
In-depth OTA firmware upgrade process for Zigbee 3.0
Upgrade End response
Frame data fields
Data
payload
Offset Example Comments
ZCL frame
header
Frame control
21
0x01
Transaction sequence
number
22
0x30
ZCL payload
Command ID
23
0x06
Upgrade End Request
Status
24
0x00
Success = 0x00
Invalid Image = 0x96
Abort = 0x95
Require More Image =
0x99
Manufacturer ID
LSB
25
0x1E
MSB
26
0x10
LSB
27
0x00
MSB
28
0x00
LSB
29
0x01
30
0x10
31
0x00
MSB
32
0x00
38
0x3B
Image type
Firmware version
Checksum
Upgrade End response
If the server receives an Upgrade End request with a SUCCESS status, it generates an Upgrade End
response along with the time at which the device should upgrade to the new image.
Frame data fields
Offset Example Comments
Start delimiter
0
0x7E
Length
MSB 1
0x00
LSB 2 0x24
Frame Type
3
0x11
Frame ID
4
0x01
XBee3® Zigbee® RF Module User Guide
273
In-depth OTA firmware upgrade process for Zigbee 3.0
Upgrade End response
Frame data fields
Offset Example Comments
64-bit destination address
MSB 5
0x00
6
0x13
7
0xA2
8
0xFE
9
0x00
10
0x00
11
0x00
LSB 12
0x03
MSB
13
0x28
LSB 14
0x2F
Source Endpoint
15
0xE8
Destination Endpoint
16
0xE8
Cluster ID
MSB
17
0x00
LSB
18
0x19
MSB
19
0xC1
LSB
20
0x05
Broadcast radius
21
0x00
Transmit options
22
0x00
16-bit destination address
Profile ID
XBee3® Zigbee® RF Module User Guide
274
In-depth OTA firmware upgrade process for Zigbee 3.0
Frame data fields
Data
payload
Upgrade End response
Offset Example Comments
ZCL frame
header
Frame control
23
0x09
Transaction
sequence number
24
0x01
ZCL payload
Command ID
25
0x07
Manufacturer ID
LSB
26
0x1E
MSB
27
0x10
LSB
28
0x00
MSB
29
0x00
LSB
30
0x01
31
0x10
32
0x00
MSB
33
0x00
LSB
34
0xF0
35
0x1A
36
0x53
MSB
37
0x21
LSB38
0x00
39
0x1B
40
0x53
MSB
41
0x21
38
0xE5
Image type
Firmware version
Current Time
Upgrade Time
Checksum
Upgrade End response
32 bit unsigned integer
Seconds since Epoch
Note We use only Image Block requests / responses and not an Image Page Request, which is
specified as an optional message type in the ZCL OTA specification.
XBee3® Zigbee® RF Module User Guide
275
In-depth OTA firmware upgrade process for Zigbee 3.0
ZCL OTA cluster status codes
ZCL OTA cluster status codes
ZCL OTA Status Code
Value Description
SUCCESS
0x00
Successful operation.
ABORT
0x95
Failed when client or server decides to abort the upgrade process.
NOT_AUTHORIZED
0x7E
Server is not authorized to upgrade the client.
INVALID_IMAGE
0x96
Invalid OTA upgrade image. For example, the image failed
signature validation or CRC.
WAIT_FOR_DATA
0x97
Server does not have data block available yet.
NO_IMAGE_AVAILABLE
0x98
No OTA upgrade image available for a particular client.
MALFORMED_
COMMAND
0x80
The command received is badly formatted or has incorrect
parameters.
UNSUP_CLUSTER_
COMMAND
0x81
Such command is not supported on the device.
REQUIRE_MORE_
IMAGE
0x99
The client still requires more OTA upgrade image files in order to
successfully upgrade.
XBee3® Zigbee® RF Module User Guide
276