Roborock S7 entity always unavailable

Hi All,

I try to configure my Roborock S7 within Home Assistant. Unforunately till now without any success.
What I have done is setup the Roborock wihtin the “Xiaomi Home-App” on iOS.
Within home assistant I then configured Xiaomi Miio integration via:

Configuration → Integrations → Add Integration → Xiaomi Miio
“Cloud username” = myuser
“Cloud password” = my PWD
“Cloud server country” = de
“Configure manually (not recommended)” = unchecked
→ Submit → “Created configuration for Roborock OG”

It then creates an entity “vacuum.roborock_og” with state “unavailable”.
Within the logs I can see:

021-08-16 09:44:04 DEBUG (MainThread) [homeassistant.components.xiaomi_miio.device] Initializing with host (token 4d6f6…)
2021-08-16 09:44:09 ERROR (MainThread) [homeassistant.components.xiaomi_miio.device] DeviceException during setup of xiaomi device with host Unable to discover the device
2021-08-16 09:44:09 DEBUG (MainThread) [homeassistant.components.xiaomi_miio.vacuum] Initializing with host (token 4d6f6…)

Running the “” I can see that the token seems to be correct as the one I see there starts with “4d6f6”, too.

I additionally tried to create a YALML configuration file looking like:


  - platform: xiaomi_miio
    name: Roborock_OG
    token: 4d6f6XYZ...

Which ends up in a corresponding entity entity “vacuum.roborock_og” with state “unavailable” being created on every configuration reload (so after 2 reloads I aditionally have “vacuum.roborock_og_1” & “vacuum.roborock_og_2” entities) - all with state unavailable.

I furthermore tried the setup via UI, but with “Configure manually (not recommended)” = checked.
This walks me trought entering the device IP and token and having to select “roborock.vaccum” as model. Never the less - still an entity with state “unavailable” is created :frowning:

Happy for any help & hint.

Check the logs

Can you ping the vacuum? Try ping Is it in the same subnet as your Home Assistant server (e.g. RPi)?

Hi, I have the same problem. By deleting the integration and adding it again, it runs for some time and then is unavailable again.

2021-08-16 13:34:36 ERROR (MainThread) [homeassistant.config_entries] Error unloading entry Roborock S7 for xiaomi_miio
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/", line 432, in async_unload
    result = await component.async_unload_entry(hass, self)  # type: ignore
  File "/usr/src/homeassistant/homeassistant/components/xiaomi_miio/", line 251, in async_unload_entry[DOMAIN].pop(config_entry.entry_id)
KeyError: '51a8ef0a63f8f5fa28df1288c46540df'

Any help would be great

1 Like

Thanks for that hint.
As visible above DEBUG based logging is activated and I have pasted related log entries…

Yep - I can ping the device and my unifi based device_tracker entity is shows the device as “HOME”.
At a first I did not have both in the same subnet but as I experienced the issues at a first I moved them into the same subnet (just to be sure I can exclude this as an error).

Never the less I am running Home Assistant in supervised mode on docker container…I am no expert on docker but I as I understood for some network related topics Docker needs to be configured accordingly.
Is this the case for xiaomi miio integration? if yes, which settings are necessary - I was not able to find something accordingly on Miio integraiton page

yes - during one of my multiple uninstallation of the component I have seen this error message, too I think. But it did not reappear so I did not focus too much on it.

Same experience, except I have two roborocks, the older S5 shows up no problems, but the brand new S7 always shows unavailable.

hm… even while devices are in the same subnet maybe the following takes a role in here:

miio.exceptions.DeviceException: Unable to discover the device x.x.x.x

This behaviour has been experienced on the following device types:

  • Xiaomi Zhimi Humidifier (aka zhimi.humidifier.v1)
  • Xiaomi Smartmi Evaporative Humidifier 2 (aka zhimi.humidifier.ca1)
  • Xiaomi IR Remote (aka chuangmi_ir)
  • RoboRock S7 (aka roborock.vacuum.a15)

It’s currently unclear if this is a bug or a security feature of the Xiaomi device.


The root cause is the source address in the UDP packet. The device won’t react/respond to the miIO request, in case the source address of the UDP packet doesn’t belong to the subnet of the device itself. This behaviour was experienced and described in github issue #422.

Maybe if I have some time within the next days I will setup a wireshark listening on the Roborock Mac and investigate the source IP of UPD packages send…
Unfortunately at the moment short in time.

Just because it might help for future setps - which firmware versions are of Roborock S7 are you running? Mine is 4.1.5_1196

okay - could really narrow it down to the UDP restriction of Roborock.
Had both devices in a different VLAN.
Solved it by creating some Source NAT rules on my Unifi Secure Gateway.

Roborock S7 is now working as expected and entity is visible :+1:

1 Like

Hey Martin,
I am running into the exact same problem (with the exact same setup). Could you PLEASE guide me through the NAT rule setup in Unify? (not too experienced with NAT rules).


Sure … but that will be some small text to read :wink:

I will expect you to know how to do this …you really should do it in case of a faulty action within the following. - I cannot take any responsibility for breaks in your system

First of all via GUI create firewall group ‘Roborock-NAT’, add your Roborock ip-address (or other affected MIIO device ip) and wait for provisioning to complete.
Then ssh to your USG (NOT your Unifi Controller!) and run:

mca-ctrl -t dump-cfg | grep -B10 “Roborock-NAT”

From this you should see something like:

                                "61214e23498a12adbfe37923 <THIS IS THE GROUP ID>": {
                                        "address": [
                                                " <THIS IS THE ROBOROCK IP>" 
                                        "description": "Roborock-NAT"

From this output note down the Unifi GROUP ID for your “Roborock-NAT” group.
In this example it is “61214e23498a12adbfe37923

Now we will configure the rule once through the command line, so you are able to test it and extract the “config.gateway.json” for your case.

As you are already within SSH session at your USG, execute:

ip addr

This prints your current ip configuration. Within there find the virtual interface name of the VLAN your Roborock is in (usually eht1.<vlan_id>) .

Still within ssh session at your USG execute the following commands:

#dump current configuration for later reference:
mca-ctrl -t dump-cfg > /tmp/config_ref.json

#create the source NAT rule:
set service nat rule 5000 description 'source NAT HA->Roborock group'
set service nat rule 5000 type source
set service nat rule 5000 source address <YOUR HA SERVER IP - e.g.>
set service nat rule 5000 outside-address address <free IP to be used by HA within VLAN of your roborock - e.g.>
set service nat rule 5000 protocol all
#alternatively to the following "destination group address group..." rule you can apply the source-nat for a single address only and NOT use the firewall group.. 
#to do this replace the following line with:
# set service nat rule 5000 destination address
#in the following rule replace 61214e23498a12adbfe37923 with your appropriated group ID we identified previously
set service nat rule 5000 destination group address-group <YOUR ROBOROCK-NAT GROUP ID - e.g. 61214e23498a12adbfe37923>
#in the following rule replace eth1.3 with your appropriated interface name we identified in previous step via "ip addr"
set service nat rule 5000 outbound-interface <YOUR INTERFACE NAME - e.g. eth1.3>

#dump the new configuration:
mca-ctrl -t dump-cfg > /tmp/config_new.json

at this point your roborock should be already working until the next provisioning or restart of the Unifi Secure Gateway. - As said the rules created via command line are temporary only.

3 CREATE config.gateway.json FOR PERMANENT USAGE
To make your configuration permanent we have to create a config.gateway.json. This is a configuration file stored on your unifi controller, being merged into your GUI configuration during every provisioning, so your USG will receive it and create the NAT rules equally to above.

Again within your ssh session on USG execute:

diff /tmp/config_ref.json /tmp/config_new.json

This will output a difference of your previous configuration without and the new one with the Roborock rule set. At some point of the diff you should find something like:

@@ -1396,6 +1415,23 @@
                 "nat": {
                         "rule": {
+                                "5000": {
+                                        "description": "source NAT HA->Roborock group",
+                                        "destination": {
+                                                "group": {
+                                                        "address-group": "61214e23498a12adbfe37923"
+                                                }
+                                        },
+                                        "outbound-interface": "eth1.3",
+                                        "outside-address": {
+                                                "address": ""
+                                        },
+                                        "protocol": "all",
+                                        "source": {
+                                                "address": ""
+                                        },
+                                        "type": "source"
+                                },
                                 "6001": {
                                         "description": "MASQ corporate_network to WAN",

This mainly is the content of your config.gateway.json. So copy & paste your output within a text editor, clean up the part with + and @ to have a clean JSON config. Then extend previously to the “nat”: { tag with “service”: { tag - the resulting file should look like the following - ensure you have closed all brakets :wink: :

        "service": {
                "nat": {
                        "rule": {
                                "5000": {
                                        "description": "source NAT HA->Roborock group",
					"destination": {
                                                "group": {
                                                        "address-group": "61214e23498a12adbfe37923"
                                        "outbound-interface": "eth1.3",
                                        "outside-address": {
                                                "address": ""
                                        "protocol": "all",
                                        "source": {
                                                "address": ""
                                        "type": "source"

Save this as “config.gateway.json” and use scp (for LINUX & MAC… not sure what to use best on windows… maybe winscp?) to copy the file to your UNIFI controller into: the path of /srv/unifi/data/sites/default/config.gateway.json

So a scp command would e.g. look something like:

scp config.gateway.json [email protected]:/srv/unifi/data/sites/default/

After this force a reprovisioning of your unifi secure gatway through your unifi GUI and you should be done :+1:

Wow! Thank you so much!

Unify Backup - check
Firewall Group - Check
Then I am stuck… No USG here (just UDM - so not exactly the same setup as you)… Any alternative? See:

hm… sorry for your but it seems unify does not support that kind of setup on UDM :confused:

:dizzy_face:But THANK YOU ANYWAYS!


I also faced the same issue on my UDM-P and solved it following

Basically, run the iptables command like shown. Replace source IP with your HASS IP (make it static) and destination IP with your Roborock’s IP (also make it static IP).

Once this works, follow this great guide to have your iptable command persist on reboot!


This issue about Roborock S7 is well explained here.

Sounds like it may be “a feature, not a bug” :stuck_out_tongue: