Matter over WiFi success story - enabled IP6 on Unifi network

Configuration Matter/Thread
1

I bought two Matter over WiFi devices from different vendors. When I tried to ad them, both started off okay using the Home Assistant app on my phone, but then timed out at “Checking network connectivity”. I had IP6 disabled everywhere on my network because I didn’t understand it, and IP4 was getting the job done. After I enabled IP6, I was able to successfully add the two devices to HA.

Matter doesn’t depend on the cloud; it can work using IP6 on your local network, even if your ISP doesn’t support IP6 for internet traffic yet.

In my network I have a separate vlan for IOT devices. Now I have IP6 enabled on the IOT vlan as follows:

IOT Network 2024-05-23 160954
IOT Network 2024-05-23 160954958×717 60.1 KB

I was unable to get Verizon to assign an IP6 address to my router, so I used a static Unique Local Address prefix. This is the equivalent of IP4’s 192.168.0.0, but the IP6 address space is so big that everyone can have their own globally unique private network.

I got a /48 unique local address from https://unique-local-ipv6.com/. “fd97:776b:4246::/48”. The FD at the beginning marks it as a local address, and the rest are randomly generated.

We have a /48, and a full network prefix is /64, so I added “0001” to make a subnet.

I did the same on the default network, but with “0002”. (It might have been easier to remember if I had used the vlan numbers).

I left IP6 disabled on the Internet WAN interface, since Fios doesn’t support it in my area yet.

If your ISP supports IP6, they will delegate a prefix to you, and your router can hand that prefix off to devices.

IP6 is very different than IP4 -

  • Your ISP assigns you a whole address space, not just a single address you need to NAT.
  • Your devices will assign their own addresses. (Network prefix + MAC address?)
  • Every device will have one address for local link traffic, one for inside your entire network, and one for the Internet. And possibly more.

Matter bulb ping 2024-05-23 170902
Matter bulb ping 2024-05-23 1709021038×941 93.5 KB

I liked this introduction to IP6, it really helped my wrap my head around it.

I hope folks will find my success story when they have a similar problem. I’m sure I got a bunch of stuff wrong, and any corrections you want to offer are welcome.

4 Likes
2

@Victor.S

I tried you solution but this doesn’t seem to work for me. I have succesfully added a matter device in my Nest Thread Network but when I’m trying to add it to Home Assistant I cannot add it via Google Home. Is there anything else you did in your network?

3

I sorry don’t have anything to add that might help.

I don’t have any devices that use Thread; all the Matter devices I own use WiFi, and all the low power devices I own are Zigbee. I also don’t own any Nest or Google hardware, and I’m not using Google Home.

Are you running the Matter Server HA add-on?

4

I’m running Matter Server in a container. I have tried a lot of the suggestions that I found in the forums and reddit, still nothing worked. See for example my post

1 Like
5

First of all…bless you for writing this in such a succinct way. This is the first time I feel like I’ve started to understand IPv6. I’m a software architect and networking is a dark art that I know just enough about to be dangerous.

Second…I’m trying to figure out what I need to do to get my first Matter device paired with Home Assistant (it’s an Innovelli White Series dimmer). It won’t pair and I suspect it has something to do with the network. It gets to what seems like the final step and then it says it can’t be added to Home Assistant.

Currently, I have 5 VLANs and 4 SSIDs running on my Unifi gear and I’m not sure what I may need to do to make this Matter switch work. I put a lot of work into setting this up for “proper” security and traffic separation back in the day, and it’s been running great this way for 4+ years. VLANs (and SSIDs):

  1. Default (SSID): the “normal” network that people’s devices (phones, computers, etc) are connected to.
  2. IoT (SSID): an internet-only network for smart devices that require an internet connection.
  3. NoT (SSID): a local-only network for smart devices that can function locally. Not allowed out to the internet. Example IP cams (no, you may not phone home to China).
  4. Guest (SSID): for guests.
  5. Management: the network where Home Assistant and other servers/network equipment lives.

As a baseline, these networks are firewalled from each other, then there are exceptions. For instance, only select devices in a “Privileged LAN” group (e.g. my phone, my laptop) are allowed ingress into the management network. The Home Assistant server specifically is allowed access into both the IoT and NoT networks.

So my questions/concerns are:

  1. How should I approach making Matter work with this network setup? If I have to enable IPv6, which network do I do that on? Home Assistant is running on the Management network, my phone is on the Default network, but ideally I’d like the Matter switches on the NoT or maybe the IoT network (so they can download firmware updates if needed). Is that even possible?
  2. If I enable IPv6 on one (or more) of these networks in Unifi, is that going to blow up all my current firewall/routing rules?

EDIT: I’ve been doing some experimenting but no success yet. What I did:

I figured out that IPv6 coexists with IPv4. That’s what I had thought, but the layout of UniFi’s controls made me think it was disabling IPv4 when I toggled to the IPv6 screen for the network. That’s not the case.

So I got a unique IPv6 prefix (my ISP doesn’t support IPv6) and enabled IPv6 for my IoT and Management VLANs. I connected my phone to the IoT Wifi network (because I read in the Home Assistant docs that the phone has to be on the same network as the device you’re pairing), and attempted to pair the switch. No success.

The firewall rules for the two IPv6 networks I established are the defaults:

image
image2432×524 65 KB

6

Here are a couple of things to consider:

  1. If you are pairing a Thread based Matter device (I think the Innovelli White Series dimmers use Thread instead of WiFI), then you’ll need a Thread Border Router (TBR). A TBR has a wireless mesh side, and a LAN side (and routes between the two sides), and on the LAN side it will send out IPv6 Prefix information and everyone on that LAN that is enabled for IPv6 will pick up this prefix and automatically assign themselves a full IPv6 address. These are ULAs which mean these are private addresses. So if you have a flat (single) LAN based network, then about all that is really needed is to enable HA for IPv6 and that’s about it (one need not enable IPv6 in their router).
  2. Multicast Discovery. Matter heavily relies on link-local multicasting for discovery of devices when trying to pair/commission a device. Link-local means the multicasting is confined to the LAN it is sent out on. In other words it is not to be routed across from one LAN to the next.
    There are techniques/features in certain routers that can be enabled whereby they attempt to relay multicast packets from one VLAN to another VLAN, but these quite often don’t work.
7

I do have several Thread Border Routers (some Apple TVs), which appear in Home Assistant:

image
image1608×2492 235 KB

Also Home Assistant itself is apparently a TBR? I don’t really understand Thread yet. The Apple TVs are in my “primary” network (VLAN 1, the one for people’s phones, laptops, etc). Not the management network that HASS is on.

The Inovelli switch has both a Matter and Thread logo on it, which per the Home Assistant docs means I am to use the Matter integration to add it if that’s the case:

image
image1808×358 29.7 KB

The docs go on to say this:

If you are using Thread: Make sure there is a Thread border router device (HomePod Mini or V2, Apple TV 4K or Home Assistant with the OpenThread Border Router add-on) present in your home network.

So…obviously I have TBRs, IPv6 is enabled in Home Assistant network settings, and mDNS is enabled on all my networks:

image

But based on your comment about how mDNS doesn’t really always work across VLANs…I’m thinking I need to either put my Matter devices on VLAN 1 (the everyday network) or VLAN 5 (the management network that Home Assistant is on)?

8

Since HA is attached only to VLAN 5 (Management) and your Apple TBRs are on VLAN 1 (Primary), yet HA’s sees the mDNS advertisements from VLAN 1, it may be that your setup could actually work.

What I may have missed in your writeup, is that you first need to commission/pair the Innovelli to your Apple TBR/Home. Then you need to have HA Add Matter Device using “Yes its already in use” and go from there. If this fails, then I would say it is probably something related to how you router does/does-not relay multicast (or possibly unicast) IPv6 traffic between VLAN 1 and 5.

9

OK…I didn’t think that was going to be relevant in my case because I don’t really use Apple Home for anything. I mean I tried it out at one point, which is probably why it’s initialized, but I don’t use it for anything now. I have zero other Thread devices; this is my first.

I would rather not introduce a dependency on Apple Homekit here; I don’t mind using the Apple TVs as TBRs but I don’t want to use HomeKit/the Apple Home app as my controller. I found after much deeper reading of the Home Assistant docs that I can make the Apple Home Thread network my “preferred network” in Home Assistant by going into the Home Assistant iOS app, to Thread configuration, and tapping Send Credentials To Home Assistant. Then I was able to make the Apple network my preferred Thread network:

image
image1490×1968 195 KB

Then I factory reset the switch and tried to pair again (via Home Assistant → Devices → Add device → Matter device). Unfortunately, same problem — it finds it, and starts configuring it (and pairs it to my iPhone, it’s shown under Settings → General → Matter devices), the LED on the switch blinks green… but then fails to add to Home Assistant. It does not appear in Apple Home app either.

So just for fun I decided to try and actually pair it to the Apple Home app. It worked fine. I didn’t even factory reset it. So then I went back to Home Assistant and attempted to add it by indicating it was already paired with another controller. That process also failed.

No matter which way I go, I can’t add it to HA.

10

Yeah you have to first pair it to Apple Home in order to get it on a Thread network with a TBR.
What you did next was correct as well, I assume you got a pairing code from Apple Home and gave it to HA as part of this. If this failed for you, then it is very likely a networking problem, and quite possibly mDNS relay issues. Check your matter logs and if it says it is starting commissioning but fails a PASE session, then yeah most likely HA’s Matter server did not see the mDNS from the device being added.