S2 or not to S2

So I only have a couple of devices joined to my C-7 (see below). The rest are still on my C-4. The delay of moving everything over has more to do with having a busy work and outside of work life than anything else.

2ea Ring Extenders: S2
1ea Inovelli LZW-31Sn: S2
1ea Inovelli 4 in 1: S2
1ea Aeotec RDS 7: S2
1ea Kwikset DB: S0

I have seen quite a few times where my Aeotec and Kwikset lock have missed events (missing in the logs and dashboard tiles in the incorrect state (even after updating)).

In fact, there will be times when I can open and close the door (RDS 7) or Lock and Unlock the Kwikset several times in a row and the hub misses almost all of the events. Then finally starts to catch them. I don't see this very often but has happened. I can't confirm that the dimmer or the 4-1 has missed anything. But, I suspect that they have missed events albeit far fewer than the RDS7 and the deadbolt.

Is this an S2 issue? I don't recall seeing any of this happening with these exact devices connected to my C-4 (unsecured).

I can't confirm or deny that is the root issue. However I can share I started my home Z-Wave network by including all devices with S2 security. Then after about 30 or so devices I noticed my mesh was having an average response time of 850-1000ms. I went back and excluded/included all of the devices without S2 (None).

Afterward the mesh response dropped about 300-350ms on average, and more importantly I noticed a speed difference in devices responding and automations. Not a rock solid science experiment, but I was happy and ultimately leaving all the devices as "none" security. The only exception is my smart locks which remain as S2 Access Control security.

2 Likes

I have a lot of Inovelli switches and sensors. Most at S2 and I have the occasional slow down. I also cannot update their firmware using the built-in firmware updater. I suspect S2 might be the cause, but never confirmed it.

If I had to start over, I would do them all with no security.

2 Likes

I've paired a lot of devices mainly Zooz V3 switches etc with no security and have not had any issues. Lately I've started just accepting the defaults and have not really had an issue either so ymmv. Hopefully the next SI firmware update will help things.

edit: to be clear, the majority of my devices are still paired with no security.

1 Like

BTW, even a single S0 device could wreak havoc on your mesh. I just recently removed the single S0 device from my network which was a Schlage door lock. After doing do so I noticed no more strange high latency spikes (overloaded mesh?) throughout the day. I highly recommend you look at getting everything either S2 or None, and nothing S0.

2 Likes

Can door locks, like the Z-Wave Kwikset 916, be included without S0? I have the Kwikset 916 on C7 as S0 and only two Zooz switches as S2, and although my HE mesh appears stable, I could rejoin the lock using a UZB if someone has done this and helps the C7....

1 Like

I've never seen a Zwave lock that would join without some type of security.

4 Likes

I'm thinking that is one of the places you really want encrypted communication..

5 Likes

My understanding is no, and honestly door locks are the single devices I feel you really need some type of security.

3 Likes

BTW, here is a post I made about the S2 security changes I made on my home network.

1 Like

@lawsonad, Thanks for sharing this. I'll take this, as well as any other input, into consideration for my next steps.

I wish I could find an S2 level security lock that matched all of my other HW. As "I" believe this is one area where I do want the extra security. I'd also like to keep my AEOTEC RDS 7 (and future access entry devices) at S2 as well. Everything else non-perimeter-based, I could live without security.

However, back to the deadbolt, I know this was securely joined on my C4 and it almost never missed an event or slowed down my network... At least I don't have a reason, anecdotally, to suspect that it did. So if I am going to start swapping out all of my door HW, I'd like to wait for 700 series devices. If anyone knows of any?