Zigbee question - Insecure Rejoin Option

Like quite a few people here, I have a HUSBZB-1. Also Like a lot of people, but ZigBee devices (3 iris open/close, 4 iris motion, one smartthings open/close and one smartthings motion) seem to be less than perfect. I mostly have issues with the iris devices falling off the network or getting stuck. For the most part this seems to happen after a restart of HA, but not always.

These devices were solid on Smartthings, and I came across this the other day, and would like to know if I could do something like this in HA, maybe a configuration setting somewhere.

If you don’t want to read the article here is one section that seems to give an good idea what it is

The current ZigBee Home Automation 1.2 standard uses encryption to allow only authorized devices to join a home network. In order to allow some devices (like motion sensors) to drop off of, and then easily re-join the network (to preserve battery power), there is a feature known as “insecure rejoin” built into the standard. It has been shown, however, that in very specific cases this feature could potentially be used to gain unauthorized access to a ZigBee network. The upcoming ZigBee 3.0 specification removes this potential vulnerability, but until that new standard is released, SmartThings is giving users the ability to disable the insecure rejoin feature.

I’m willing to take the risk of a hacker coming over to my house and jumping on my ZigBee network.

Anyone have any experience with this.

I know this is an old thread, but did you ever find a solution to this? I’m experiencing the same issue with a HUSBZB-1 and devices leaving the network and not rejoining.

For OP, you can do:

1 Like

Wow, nice. ZHA has been very stable for me in the past year, but this is nice to see. is there a wiki or place where i can see what other config options there are out there?

Nothing documented yet, but we’d like to start a wiki on the zigpy project until the HA docs are reworked.

Here are some of the settings:

And here is how to put them into configuration.yaml (though use zigpy_config for bellows based radios):

Thanks @walt. Can you explain what a TRUST_CENTER_POLICY of 3 means and what it does, as well as what the other options are?

Is it this?

Edit: wouldn’t we want a value of 0 to allow insecure rejoins?

TRUST_CENTER_POLICY is a bitmask (see bottom table):

3 gets you “allowed joins” and “allowed unsecured rejoins”

1 Like

Got it, thanks. But I still don’t see how the numbers in the EzspDecisionId class correspond to the numbers in the bitmask chart, or are they not supposed to?