Create a virtual device. Use a virtual driver that allows it to be shown in the rules. (Real switch, placeholder with a virtual switch driver.) Add it to the Rules, replacing the device you are about to exclude. Rinse, repeat, for all instances. Then do your exclude and include. Put the new device into your rules, replacing the placeholder. Finally, delete the virtual placeholder device.
@mike.maxwell explained that it makes 3 round trips with secure pair, so definitely something you don’t want for anything but a lock or garage door opener.
Beginning with version 1.1.7, it is now possible to include these "always secure" devices, such as Zooz, Monoprice and some Inovelli switches and sensors, as non-secure. Unfortunately, once a device is encrypted, must be excluded and re-included to take advantage of this new non-secure controller option.
To identify which devices are encrypted, go to your hub's web interface and click "Devices," then click on the link for each sensor or switch and scroll down to the "Data" field in the bottom table.
An encrypted device would display: zwaveSecurePairingComplete: true. A non encrypted device would not display the "zwaveSecurePairingComplete" field.
Here is a list of devices known to pair as secure. Please check the "zwaveSecurePairingComplete" flag on these devices first. If you find other devices that have been included as secure (no locks or garage doors), please share them on the thread below:
Maybe the z-wave information page should have a new column to show if a device is encrypted or not. Much easier to identify then having to go into each device to find out.
Thanks for your feedback. There is a another way, now, to quickly identify these devices. If you go into Settings then Z-Wave Information page, the encrypted devices have 0x98 command class listed in the "Clusters" field.
So I'm confused. The device below used to have the secure pairing = true. I did and exclude and then and include. Secure paring = true is longer listed but it does have a 0x98. Does that just mean it is a Zwave plus device or is it still doing encryption?
Inclusters means the capabilities of the device, 0x98 means the device can be secure paired, not that it was paired in secure mode. If you don't see zwaveSecurePairingComplete: true then is not secured. For example, a z-wave plus device has 0x5E but non plus doesn't have the 0x5E, capabilities.
Thank you Bobby. I was asked this question just the other day on FB and didn’t get an answer. Perfect. I have now confirmed that I have successfully paired my Zen06 in secure mode as intended. Input this in place to help my Schlage lock and it seemed to fix things but I was never sure.
You probably have other reasons to pair it securely.
However, I just wanted to mention that a device does not have to paired securely to act as beaming repeater for a securely paired device like a lock or a garage door opener.
A device having 0x98 in its cluster list just means that the device is capable of joining using s0 security, it doesn't mean that it is currently joined that way.
Secure inclusion is defined by zwaveSecurePairingComplete: true
OK, not sure what your concern is here, we only present the command classes that the device is advertising.
Devices are supposed to advertise all the command classes they implement, but this isn't always the case, nothing we can do about that.
Thank you for clarifying. I don’t really have a concern. As I stated I attempted to add the one switches in secure mode because it’s the general consensus on this forum that repeaters are required for proper operation of the Schlage z-wave BE469. Once I got over my initial problems pulling it over from my wink hub it has been behaving well, but with the lock I was trying to be on the safe side.
I still haven’t don’t more research, but I still think devices need to be added in secure mode to relay messages to locks. Evidently my zen06 is not in secure mode, so I guess it’s not helping in this case.
