Aeon Z-Stick Gen5 - How to know if paired Secure or Non-Secure

Is there anyway to confirm whether a pairing is secure or non-secure?

It will only be secure if the device supports the secure classes. In OH2, it is also possible to set the secure inclusion to only be done on locks, or to do it on all devices.

Is the Secure class handled by the automation software and not the z-wave controller then? I read online for the following z-wave device that depending on how many times the inclusion button is pressed on a specific device determined if it was added as a secure or non-secure device.

(scroll down toward the bottom of the page and read the text in red):

Security is not managed by the controller - it’s managed by the software (ie OH).

The reference you gave is related to a device, so if you do what it says, it will report the secure classes (or not). This is then detected by the OH2 binding to decide whether or not to perform a secure inclusion.

I would also like to know if I can somehow see for a secure device if the inclusion was “secure” or not later on.
I read a bit about that topic and I think when it was included with security all communication is AES encrypted for that device. so the controller should actually know that a specific device actively uses “security”.

any way I can see this in habmin? … I would like to check this for some devices where I am not sure how they actually were “included” some months ago.

Yes - the controller knows and I agree that this would be useful information. Can you raise an issue on the ZWave issues list and I’ll take a look at adding this so it appears in HABmin.


perfect :slight_smile:

do you know if it is possible to “downgrade” from secure to non secure without Ex- and Reinclude the device again?


I’m not 100% sure, however I believe that if the secure inclusion fails, then the device should work fine in non-secure mode without having to exclude it and re-include it.


I read some issues for philio that a device is not transmitting all expected values when included “secure”.

I think thats the same issue with my PAN11 as I tried anything else.

Thats also the reason I asked. I would have liked to proof this by knowing if it actually included “secure” before I exclude in reinclude to know 100% if that was the issue.

so problem could be

–> secure inclusion completed however device has problem sending data secure way
–> secure inclusion failed and fallback “normal” inclusion has problem sending data

Or it might be a problem in the binding since security classes are not working well at the moment (which I really need to fix!).

1 Like

ok so would you think its better I wait so I can make some tests for you after security gets some enhancements in the binding?
or should I reinclude w/o security…

depends a little how long you think the tweaks in security class in the binding will take :-/ I am sitting on 4 plugs that can be turned on/off but anything else can not be used in rules to make real use of them :slight_smile: