S2 and non-S2 strategies?

Hi folks,

As we all know, it seems the 700-series controllers aren’t fully baked. Blame whomever you want, that’s not my goal here. I’m interested in fixing what’s broken here so I can move on with life.

I’ve got some door locks (August) that I’d really like to have joined via S2 for a variety of reasons. (Battery life, I’m a security nerd working in IT, etc). So, naturally, I figured this was great timing to upgrade. Not because I’m enthusiastic about the C7 or Hubitat, but because on paper it looked like the option that sucked the least (ZWave plus v2, certification, etc etc).

I’m using MakerAPI to get my Hubitat devices into Home Assistant, running on an RPi 4, which also has an Aeotec ZWave stick hanging off of it. I’ve joined said stick to the C7’s network, and indeed it functions like a half-assed secondary controller (as seems the ZWave specs allow).

I’ve also got the C5 hub I just migrated off of (more like nuke everything and start over) now just chilling and functioning as a 2-3 watt space heater.

I’ve also got a ton of Zooz devices that apparently can’t handle S2 on the Hubitat hub all that well. I just went through the process of ripping out a bunch of Lutron switches because of some interesting challenges with the house (light switch locations that make no dang sense, etc).

What I’m trying to accomplish:

1. Direct associations between the Zooz dimmers so the physical paddles in certain locations line up with which lights make sense for that switch (basically, imagine standing in the living room, but the switches operate stuff in the kitchen or dining room instead of the light you’re standing under). The Lutron can’t do this, the buttons on a switch always control that physical switch, and they have no concept of a micro dimmer type device).
2. Hopefully have some sort of automation that can function without the “IT closet” having power. I.e light switch direct association, etc. If my Unifi PoE switch goes down, that stuff ain’t coming back up for a few days at least. (I’d be out of switch ports). Also, that gear doesn’t like the nature of running the house on generator power.
3. A secure, solid zwave mesh to include all S2 devices with. So far, that’s my door locks, but I’m sure that will grow over time.
4. Decoupling functionality as much as I can. Hubitat does zwave, HASS does HomeKit presentation, but “pretty” or nice-to-have stuff (graphs, extensive logging, fancy dashboards) will run in a VM or FreeBSD jail on the Dell r730xd

Anyways, onto some of my potential solutions for this S2 stuff:

• Join damn near everything to the C-7 as non-S2. I’ve figured out how to “persuade” it to work:

1. Start inclusion process like normal.
2. Uncheck all security boxes, then hit cancel on next device verification dialog.
3. Quickly restart inclusion on the device.
   Obviously this is a sketchy hack, and I imagine it’s a bug that will be caught and fixed at some point, because I can’t imagine that this is how the zwave spec would allow something to work. (Hubitat folks: please don’t fix this bug!)

• give my C5 something to do in the house, giving it all non-S2 devices. For building the repeaters necessary for the S2 stuff, I was thinking of maybe getting the Aeotec 700-series repeater? Definitely needed here to get all the locks included. Downside to this: I was going to put the C-5 out in the garage to maybe start automating some stuff like my wood boiler pumps, garage door, etc. I could always pick up another hub though

• Use Home Assistant for the non-S2 stuff with zwave2mqtt or some such nonsense. I’ve already tried this once, and it’s got a few issues:

1. It requires an unencrypted, open to the network MQTT broker, either embedded in HASS as a docker-based add-on or elsewhere on another system. Using SSL is unsupported by the zwave gateway software. Not so attractive for me, since I have set up the IoT network as a place for a bunch of untrusted devices.
2. Device driver support is...not great. Honestly, that’s probably the biggest asset for Hubitat for me: less terrible support for other devices.

All these things ran pretty well on the C-5, so I very well might end up going the route of using two hubs to run a pair of zwave networks: secure and insecure.

What are y’all’s mitigation strategies for all of this?

This is wrong is every way. When you say "Lutron" that's a company with a wide range of products ranging from dumb as rock switches up to high end.

If you want micro devices you have to have Lutron Radio Ra2 or HomeWorks for those devices. Lutron Caseta won't cut it.

If you want a "switch" in a particular place you can use any of their product line and put a Pico anywhere you want to control whatever output you want. If you want a keypad you have to step up to the Radio Ra2 or Ra2 Select or HomeWorks product lines.

Now onto the S2 items. S2 is over-rated and is more hype than anything. Yes it does improve security by using a per device security key instead of a shared controller key. That's it for security. It does have performance advantages but in most situations you only include devices securely that need it. ie locks, barrier devices not a light switch. So the network overhead of security whether it's S0 or S2 really doesn't matter in most installs. YMMV based on hub choice.

Direct associations are NOT supported via Hubitat directly. There's a community app to setup associations. Associations are limited by distance as they use broadcast messaging and are NOT ROUTABLE.

The Lutron I have ripped out is Caseta, at $50 a device, it adds up quick. (Anybody want to buy some Lutron dimmers??? ) Since already replacing the devices, I’ve lost the taste for the price tag that would be required to stick within the Lutron product lines. I will say, though, that I’m still using their pico remotes and a caseta “pro” hub, since they really are quite fantastic, mainly due to their use of that licensed ~400Mhz band. The telnet integration with both Hubitat and Home Assistant is quite nice, although I’ll say that dealing with the automations kicked off via pico remotes has been much easier to configure via their yaml automations than when I did it via Hubitat’s Rule Machine. Such as triggering certain things when buttons are held down vs just pressed, and lights are in certain states...

Onto S2: I’m not here to debate my choices. I’ve read up on S0, S2, etc. I know how one would attack an S0 network. I’m not about to make my door locks the weak link in the IT infrastructure here. (Whenever possible, SSH is done via physical GPG keys, for example). For me, the locks are either going to be on S2, or they remain on their proprietary WiFi to Bluetooth bridges. The August functionality works OK enough, but it’d be better if there was local-only functionality that was better than Bluetooth.

So, that said: does anybody have experience with running an S2-ONLY network on the C-7? Any gotchas? Any known good repeaters that folks have used?

I know Hubitat doesn’t have that support directly, but the community Zooz drivers and the basic zwave tool allow for setting the various necessary properties on the device (supposedly at least). And failing that, the secondary controller I’ve got should allow for the necessary configuration. The switches in question are maybe 10-15 feet away from each other.

Replacing Lutron Caseta with Z-Wave... wow that's a first. Well I wish you the best of luck with your project.

Throw a price on the dimmers and do you have any switches? I'm working a project where I could use one of each.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.