@rafale77 I finally figured out what was going on - when I installed my latest batch of ~6 Aetoec Nano’s, I forgot to include them securely and everything else has been included securely.
As a result, the non-secure devices are effectively their own network and I had to dig up my Range Extender 6 to fill in the gap created by removing my Z-Wave AC controller (I went back to my Honeywell Wifi controller, it’s much better).
Thanks for reporting back.
I am seeing some issues with secure class device handling with the vera. I suspect it is the source of a number of the remaining problems I am observing.
Some devices do not like to be included without security. Just be aware of that. I would try to exclude and re-include them securely if I were you.
They work fine but I’m definitely going to exclude and re-include them securely when I get back from our interstate vacation.
Btw, do you know of any method to check devices via Vera to determine if they were included securely or not?
It’s fairly easy: Go look under the NodeInfo variable under the device variables. If you see a bunch of “S” show up behind the command class numbers, it means that these are secured and that the node was included securely.
Cheers, I’ll have a look.
Ok I have quite a mix which explains some of the issues I’ve noticed - I double checked the Vera inclusion process on 7.30 and it only instructs you to perform a normal inclusion, not a secure inclusion for Aetoc devices. I wonder why the heck they do this? 
I wouldn’t know… but Aeotec is one of these more “creative” device makers which are causing problems. But security sensors should be included with security (“duh!!”) If you have some working, try configuring the others the same way.
Could be the security layer that is used by the FW of the device.
S0, S1 or S2?
I believe that it is S2 that is the “problem”. The others don’t require secure inclusion.
Not sure if what will happen with the GEN7 devices, I’m frightened to think about it…
As long as I configure the Aeotec devices optimally they never cause me any issues. I did discover that my most recent “Security” device (Multi-Sensor 6) is not securely paired after viewing the Nodeinfo. 
Yeah I have a lot of Aeotec devices too ranging from the old gen2 HEM and 4in1 sensors to the more recent dimmer plugs. I like them but boy can they be painful to setup! Home automation is not complicated just because of vera you know… The sheer amount of options and configuration required to get these to work the way you want can be daunting.
Thankfully Aeotec doco is pretty decent. 
This is useful info! For me it´s been like a lottery if it´s included securely. Is there any method to be sure it´s included securely? Or could I end up including and excluding multiple times before it gets included securely?
Depends on the OEM, Aeotec is 1 click for Standard, 2 clicks for secure.
@rafale
Hi, Rafale, thanks for your cue, I looked at my Vera Edge in devices - advanced - variables, but in no one of the NodeInfo there is any “S”, only numbers, maybe hexadecimal ones, because some of the characters are letter between “a” and “e”.
On the other hand, in the “Capabilities” variable there are some numbers followed by an “S” and in one of them none of the numbers had “S” but there was an “RS” between them.
So, my question, might be that in Vera Edge the “S” are in the Capabilities and not in the NodeInfo?
Thanks again for all your work and information and regards.
Javier
On the zwave side, there is no difference between the vera plus and the vera edge. Having the capability but not having it in the node info indicates that the device was included without security.
So, no one of my devices: Neo Coolcam smart plug, Neo Coolcam Motion Sensor, Qubino flush relays, Qubino flush shutter and Fibaro door/window sensor was securely included. None of them has any “S” in the NodeInfo.
I am not sure to exclude/reinclude all of them, so question is: Am I in any risk if I leave them as they are now? Is there any advantage if I reinclude them in secure way? Is any way to do it in a way that they will be “securely included”?
Thanks again and kind regards.
Javier
I can’t provide a good answer for this. It depends a lot on the device itself, some devices lose functionalities without security, and what your expectations are. The S0 zwave security scheme is not All that secure to begin with and if someone really wanted to hack it, they will find a way. It is better than nothing. Same idea as the door locks with a key in the US which are so easily be picked and bumped. It is more a matter of choice.
Thanks again, Rafale.
Trying to remember last times I had to re-include some of my devices (specially due to some hard “device not contacted/offline”, that after executing your commands, seem to have been disappeared after a coupled of days), I feel to remember a blue line in the top of the display saying something as “Interchanging secure keys with the device” during the include process.
So, it seems that something related to secure keys was done, but it doesn’t appear in the NodeInfo in the advance-variables area of the devices… 8(… Mistery of the VERA/ZWave ?
regards.
Yes during inclusion, if you want to get to that level of details, the communication goes something like this:
Controller goes into inclusion mode.
Device does a manual wakeup
Vera sends homeid and node id
Device ack when both homeid and node id are set
vera receive ack and sends a nif (node information frame)
device responds back with capabilities list.
If there are secure command class the vera sends the security key and waits for acknowledgment back
device receives security and starts encrypting frames
vera receives frame and needs to decrypt it. If successful the vera sends an encrypted frame back to the device and waits for the device to ack
the device receives and decrypt then sends back an ack
The security key is now complete and the secured command classes are encrypted from now on and the vera continues its configuration…
I noticed that with the vera network overloaded this very often fails as you can see that there is very little time generally allowed in this exchange and the vera or the network being overly chatty can get distracted to go do something else and the exchange fails. In that case I have seen the vera either tell you that the security key exchange failed and ask you to exclude/reinclude or occasionally, I have seen the vera just give up and use the device without security. I suspect this is not intended but more of a result from the numerous luup reloads in the process occuring a bad times.
Thanks for reply - I have changed wakeup interval for all of my battery powered devices to 43200 except heater thermostats - If I am right I should not change it because when changing temperature in room I would need to wait 43200s before changes apply? It means thermostats apply temperature changes during wakeup, right?
Second question - I have changed wakeup interval of all devices at once (meaning during a few minutes as my fingers were able to click:) - cant it be problem that all that devices will perform wakeup in same time from change of wakeup interval? Meaninng 43200s from the change of interval.
Last question - I have disabled nightly heal, but if I would need to do manual heal, it would take that 12 hours (43200s) am I right?
Thanks Ralf!
Hi, Rafale, thanks again, as usual, very helpful and “clarifier”. It is interesting that from the very beginning, from the very first device, they don’t have the security enabled.
Anyway, for the time being I will stay as I am and, if in the coming weeks (once your commands are executed days ago) I have to include any new one I will look if it is securely included and will plan about the current ones.
Best regards
Javier
Best Home Automation shopping experience. Shop at Ezlo!
© 2024 Ezlo Innovation, All Rights Reserved. Terms of Use | Privacy Policy | Forum Rules