Use this page to configure an XBee for Wi-SUN node to join an existing Field Area Network (FAN) and to ensure the network is prepared to admit the device. Valid authentication and authorization are required.

Prerequisites

Before you begin, make sure:

Add a device to the network

You can perform the steps in any order, but the device will not join until all steps are complete.

  1. Ensure the devices are allowed to join the network: (for detailed authorization steps and examples, see Wi-SUN authorization settings)

    1. The Border Router authorization method is compatible with the device.

    2. Required credentials (certificates, keys, or identities) are available.

    3. Any allowlists or authentication services permit the device.

  2. Configure the node to match the network parameters:

    1. Set Network Name (WN) to match the Border Router.

    2. Set Channel Plan ID (WC) to match the Border Router.

    3. Set PHY Operating Mode ID (WM) to match the Border Router.

  3. Apply credentials to the node:

    1. Use the same CA and identity requirements configured on the Border Router (see Understand authentication and device identity for more on this topic).

  4. Verify the device joins the network:

    1. Use the Association Indication (AI) or your preferred management tooling to confirm a successful join.

Overview of a join sequence

A typical join progresses through discovery, synchronization, authentication and keying, and then IPv6 and RPL convergence. Discovery and synchronization usually complete in tens of seconds in small networks with moderate broadcast settings, but can take several minutes in large or sparse deployments. Authentication and key distribution add several round trips and can add additional delay if an external AAA server is involved. RPL convergence and IPv6 prefix acquisition can add further seconds until a stable parent is selected and routes are established.

Discovery scanning

The node scans the entire channel plan and listens during broadcast windows for PAN advertisements and PAN configuration frames. If needed, the node transmits PAN advertisement solicit and PAN configuration solicit frames to accelerate discovery. This is typically done if the node has not seen any PAN advertisements or PAN advertisement frames for an extended amount of time.

Parameter alignment

The node selects a candidate network whose Channel Plan ID, PHY Operating Mode ID, and Network name match its configuration. The node synchronizes to the network’s frequency-hopping schedule and timings provided in the PAN configuration.

Parent selection

The node evaluates link quality to the Border Router or nearby routers and selects a parent for initial attachment. The node will build a candidate list while scanning for PAN advertisements/configuration frames. Sparse deployments can force the node to wait for more beacons to confidently rank candidates.

Authentication and key establishment

The node performs IEEE 802.1X authentication using the Extensible Authentication Protocol (EAP) with the Border Router acting as the authenticator. The initial authentication results in a Pairwise Master Key (PMK). The PMK is a unique key that will be shared between the Border Router and the authenticated node. The PMK is then used in a 4-way handshake procedure with the Border Router to establish up to four Group Transient Keys (GTKs). These GTKs are shared between all nodes on the network. These keys are managed by the Border Router.

IPv6 configuration and routing

The node forms link-local addressing, receives network prefixes, and joins the RPL topology to obtain reachability through the Border Router.

Operational state

The node transitions to normal data operation using the established hopping schedule and security keys.

Why joining can take time

Joining typically takes tens of seconds in small networks with moderate broadcast settings and can take several minutes in large or sparse deployments. If a device has been attempting to join for longer than a few minutes, begin troubleshooting the conditions below; otherwise, allow the join to complete.

  • The node must scan all channels in the selected Channel Plan and wait for the next broadcast window on each channel.

  • Broadcast windows may be infrequent depending on the Broadcast Interval configuration.

  • Discovery and configuration messages may span multiple fragments and broadcast windows in noisy conditions.

  • Solicit messages use contention and backoff to avoid collisions which can add delay.

  • Authentication exchanges require multiple round trips and can be gated by external server latency.

  • Key distribution and activation occur after authentication and must complete before data traffic is allowed.

  • Initial RPL convergence and IPv6 prefix propagation add additional seconds before the node is fully reachable.

  • Low Power Field Nodes may extend join time further because they only wake on their LFN Broadcast Interval and Sync Period.

  • Interference, weak signal, or mismatched parameters will increase retries and can prevent joining entirely.

For troubleshooting steps when a node does not join, see Communication or range issues.

If the Channel Plan ID, PHY Operating Mode ID, or Network name do not match, the node will not attempt to join the network it discovers. Authentication and authorization must succeed for the node to receive keys and transition to the operational state.