I have built a Zigbee network in which I am using an install code to add devices to the network. I know that the install code mechanism should only allow devices with the correct install code to join the network, while other devices should not be able to join. I’m encountering an issue: for example, when I add an install code for a sensor device like ‘G$M:AE6AEF5B31$S:C0DCA8$D:E63733C38EA91BFC%Z$A:3425B4FFFEA0C146$I:9947F34E84F6C73447FEE5116BBFABA685B8’ to Zigbee2mqtt, but when I try to add a light bulb device, it still manages to join the network. What issue am I facing?
Are you using ZHA or Zigbee2MQTT?
AFAIK, the install codes for Z3 allow a device to join a network but I don’t think it should do anything to prevent other joins. If you hit join and another device is sitting there ready to join… it should come in?
Are we misunderstanding your issue?
I am using Zigbee.MQTT.
“the install codes for Z3 allow a device to join a network but I don’t think it should do anything to prevent other joins” : i knew Install Code mechanism allows just only one a node (have install code which added) join network, another node won’t be allowed to join in network.
But when I use the install code mechanism to add a device to the network, let’s assume I add the install code of the sensor to get the sensor device onto the network. However, during the process of connecting to the network using the install code, I also tried adding a light bulb device to the network, and at this point, the light bulb device still connects to the network normally.
This is normal operation
So what is the difference between Permit join (normal Joining ) and Install Code (Security)?
Can you help me?
I can but this is not my primary vocation and I’ve been away dealing with an issue. Patience will serve on these community boards. I’m also inviting many of the other zigbee regulars to comment if I’ve said anything incorrectly so far…
So here’s what I’m trying to resolve before I answer…
I do not read these codes as a way to white-list or blacklist device join. I read them as a mechanism similar to Zwave and Matter QR codes. - makes it easy to join and provision devices in a secure fashion that’s all. Don’t read anything else into it. Support is built into Zigbee 3.
Permit join puts the network in join mode and allows any device requesting a join to do so. If you enable it in your configuration - you’re always on - don’t do it and they warn about it in the docs. So I don’t have it in my configuration - and have to manually press a button to join a device.
The install code is basically skipping the button press event and giving the end user an easy mode that’s just as secure. That’s all.
So what’s the issue?
If you want to force your network to only allow white-listed devices there’s other ways to do so, I’d have to find it in the Z2M docs.