Aeotec Range Extender 7 - No Security

I have an Aeotec Range Extender 7 that had been added to my Hubitat, but it was showing up with no security. I have another one that shows S2 Authenticated.

I removed it, factory reset it, but cannot seem to get it to get added with security. It also was assigned a new device ID. I've followed all the recommended steps to add this. What am I doing wrong?

I'm not sure adding a repeater with security really makes any difference - if anything it seems like this is a device that really doesn't need security. As I understand it, the repeater will repeat both secure and unsecure packets... so not sure what you gain. As long as the repeater is paired successfully, that is. If the lack of security is a result of a failed pairing that's another issue.


It’s normal (and expected) for a Z-Wave device to be assigned a new device ID after being excluded and then included.

As for the other issue (inclusion without S2), that determination is made at inclusion time. At least two possibilities: (1) it was a faulty inclusion - go through the exclusion/reset/inclusion again, or (2) are the two RE7 devices on the same firmware update level?

I’ve got two of them and have never seen this. Both of mine are paired S2.


Ironically, I'm checking this right now...

UPDATE: Yes, they were both on same firmware. I'm updating both to current now to see if this does anything overall.

But it could affect some other (non-repeater) functions, like setting power level and performing certain tests.

See Denny Page’s (@dennypage’s) driver.


Do you have a ghost left over from the initial pairing/removal? That would cause problems trying to bring it back in.

After making sure no ghosts are present (that is key!), do a pre-emptive exclusion on the RE7 before trying to re-include it.

When you re-include, the first prompt you get should be a "Do you want to include with or without security" prompt. IMHO, there's really no good reason to pair these as S2, but if you want to, that's when you'd next enter the 5-digit DSK. If you elect to include with no security, then it will end up showing as "None" (not "S0") for security in the ZW details page.

FWIW, I have all 4 of mine paired as "None" security.

1 Like

I wondered that, but I don't recall how to check that on Hubitat. Newly moved to this platform from ST.

Yes, I selected this but it never prompted me for the PIN.

Post a copy of your z-wave settings page for us. Anything with nothing in the route column is likely a ghost and needs to be removed

Had to add the one device back after firmware update. Gave it a new ID. But the old one still shows and when I try to force remove it I get:

Yup, as noted above, this is now a ghost after the firmware update of this device and needing to add it back.

no longer accurate.. i have mine without security and it works fine for those funcionts


If you unplug the device from the wall and click on "repair" a couple of times on device 11 (hex) does the remove button appear? Or is that when you get the error?

1 Like

testing now. But the error above came about after I tried to "remove" from the device page and then force remove it.

Clicking Repair from the Z-Wave Details page in settings, then the Remove button worked.

Seems to me like that 405 error is a bug in the system.

This still doesn't resolve why it's not asking for the PIN when I try to add with security.

1 Like

I'm not sure what you are referring to as "no longer accurate."

Security does not cover or affect repeating functionality of any device. Security does cover commands sent to the RE7 itself, such as power level and range tests. These are intrinsic behaviors of Z-Wave and have not changed.

I don't believe that @672southmain was implying that the RE7 power level and range test features did not function unless security was enabled. There are some devices that do implement restrictions if not paired securely (garage door openers come to mind), but the RE7 is not one of them.

If the RE7 is paired without S2, it is of course open to a minor denial of service attack. But I view this as a very minimal concern, and have my RE7s paired without security.


What i.meant was the post above about it not doing teats and powerlevels without s2 is.not accurate.



Well, I do have my teats paired securely. :grinning:

But, if an RE7 is paired insecurely, I believe it might be possible to inject power level commands into the mesh to the RE7 and cause it to do repeating diagnostic tests. But, it would also seem possible to jam a Z-Wave mesh with ignored traffic even if everything on the mesh was paired S2, thereby causing DoS.

Thanks...and both of these repeaters that I have are intended to help with lock/door type devices that I believe will benefit from the S2. Hence, my original reason for posting here that for some reason I can't seem to get the repeater to pair with security option.

Tempted to reset the radio entirely at this point and start over.

I don't see a post suggesting that was the case...

Good for you i thought you might be like scaramanga :slight_smile: