C7 hub. Can we have a definition of what Zwave setting to use

I have a C7 on order and reading posts that people have already posted it appears there is an option given when pairing zwave devices.
Is there a best practice of what settings to use?
Should locks always be S2?
Motion sensors always S0?
What is the DSK key?
I can see more and more questions going to be asked around this so if there could be a best practice or some definition of what S0 to S2 gives it would be much appreciated.
Many thanks.

This may not give you all of the answers you are seeking, but is a good start, if you didn't browse it already:


Thanks for the response @bobbyD but I've had a quick scan of the document and it tells you how to join devices but not what the best practice is.
In another thread its been documented that a person has had issues joining a zwave device and the advice has been to use S0. In the joining page it defaulted to S1 authorised and S1 unauthorized. It then says DO NOT change these settings unless you know what you are doing.
This is what prompted my question.
Although it defaults to something the user has been advised by an HE staff member to change it to S0.
Should zwave be S0 and zwave plus be anything for example.
I hope you see my point of the confusion that can be caused.
Thanks again.

There is no right or wrong. The protocol and spec would allow you to add 100% of things S0 or S2 if you want to (and the devices support it of course).

If you are asking for practical OPINIONS, I would say:

  1. Perimeter security devices (locks, sirens, alarms, garage door openers, security keypads, sensors used in alarm/security applications like window contacts) should always be S0 or S2 (preferably S2)
  2. Everything else doesn't "need" to be S0 or S2 (by my personal definition of "need" - your may differ)

But obviously the system needs to work VERY WELL with S0/S2 now that the security options are checked by default when pairing a device that supports S0/S2, as most users will just use the defaults when pairing a device...

I've been trying to understand this all too.

I thought s0 affected the zwave network speed so it was bad and S2 was way way better.

However I just disable them all because S2 requires keys that I only have on the devices and I'm not going to pull them out of the wall and I don't want to even bother with s0 if its going to affect performance.

1 Like

S0 is "chattier" by factor of 2-3 (depending on what you are doing) vs non-secure messaging. But that doesn't mean it shouldn't be used if needed (like on the security devices mentioned above). Because of the performance hit you probably wouldn't want to use it on non-perimeter security devices though (but you could).

1 Like

So the answer is.........

It's a personal preference based on device capability. If the device supports S2 encryption, then that is preferable over S0 encryption, which has known vulnerability during inclusion process.


Also keep in mind that many user drivers do not support s2 messaging, and will need to be updated to support that. Heck a lot don't support s0 either (I know I've been guilty of that multiple times).

So for user drivers, it would be prudent to ask or test the driver rather than assuming it will work with s2.

I don't think there are any published examples of drivers that support S2 yet, so it may be a while before some user drivers are updated to support it (as there isn't a go-by yet).

OK. Poke and hope it is.
I have TKB, Fibaro, Qubino and a few other manufactures devices working OK on my C3.
Looks like it's a case of trying to pair them and if they work, great. If not, change from default and hope for the best.
Not really a big deal but I was hoping for a better steer than that.
When I get the hub I may find I've been worrying about nothing but just thought I would ask before I start.

I'm not sure what else you are looking for? There is no right or wrong...

No one can tell you "always do this or that", as there are multiple valid options. Some people want "max security" and will pair everything S0/S2 they can. Others don't see the benefit in the security and won't. :man_shrugging:

My parents never lock their windows as they open/close them constantly. I never open mine so leave them locked. They think I'm paranoid, I think they are too trusting. Who is right/wrong? Neither.

Same thing here.


I just edited my post above with this.
It's probably nothing to be concerned about.

Didn't really have to worry about definitions when I migrated my devices over. Exclude, pair, repeat.

Although, in some cases, it was, exclude, exclude, exclude, pair.

1 Like

The main consideration, in my opinion, is whether the driver supports S0/S2 or not. In-box ones should be fine (or can be made to be fine with a bug report), user drivers... well...