Versions Compared

Version Old Version 1 New Version 2
Changes made by

Doug Alguire (Deactivated)

Doug Alguire (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configuring Security Policy

Host is recommended to write the security policy during startup configuration. The security policy is not saved by Module in non-volatile memory. It needs to be re-written on every power-up. 

Device Joining Using Centralized Key (Require Join By Install Code = True)

TC should reject a device from joining using the Centralized Key (also know as HA well-known key) when security policy for Require Join By Install Code is True.

Though the sequence look slightly different depending on whether an install code for the device was added to the TC. 

No Install Code Added

The diagram below shows the sequence where the device fails to join under the following conditions:

  • Device joining using Centralized Key (or Distributed Key)
  • Security Policy: Require Join By Install Code = True
  • No install code for the device was added to the TC

Install Code Added

The diagram below shows the sequence where the device fails to join under the following conditions:

  • Device joining using Centralized Key (or Distributed Key)
  • Security Policy: Require Join By Install Code = True
  • An install code for the device was added to the TC


HA Device Joining (Require Key Exchange = False)

Setting "Require Key Exchange" to False allows HA devices to join because HA devices do not initiate key exchange. The diagram below shows the sequence.

Even though Host receives the status TC Key Exchange Timeout, the HA device still remains on the network successfully.

HA Device Joining (Require Key Exchange = True)

Setting "Require Key Exchange" to True prevents HA devices to join. Module would remove the HA device after the key exchange timeout. See sequence diagram below.

ZB3 Device Completes Key Exchange

The diagram below shows the sequence of a zigbee 3.0 device joining the Module and completes key exchange successfully. 

Note: A ZB3 device completes key exchange regardless of whether the security policy "Require Key Exchange" is set to True.

ZB3 Device Fails Key Exchange

A zigbee 3.0 device that fails key exchange will be removed by the TC even if the security policy for "Require Key Exchange" is False. See sequence below.

...