During my integration of Thread into my home network I got confronted with two problems:
- The pairing process startet succesfully, the device was found but when reached the configuration mode it took endless time and ended with the result, that the paring process was not successfully.
- The pairing process and integration was susccessfully but the device lost the connection after a certain time and I was not able to reconnect it.
After some tries and researches I found the reason in my network configuration which was per default not optimized for a Thread network. There are two important things to know about Thread/Matter:
- During the pairing process the device connects, using bluetooth. If the bluetooth connection is established the keys of the Thread network are exchanged and then the device connects to the Thread network. If this is sucessfully the configuration and integration is done. But if this connection fails the mobile device stucks in the configuration mode until a timeout is reached.
- Thread lies heavily on IPv6 and the network behind the border router must fulfill some requirements. Esspecially in business networks these requirements are not fullfilled per default.
In the following, I will show what must be changed in the UniFi network to get a stable Thread network even with multiple border routers. Finally I will also describe some settings on my Watchgurad UTM for Thread, representing the situation if you have a “business grade network”.
UniFi Settings for Thread
On your UniFi system it is important that you check your VLAN settings where the Thread devices should live. In my situation all IoT devices including my Thread devices, have an own VLAN called VLAN6. To adjust the settings in your UniFi controller webinterface go to Settings -> Network -> Select your IoT VLAN or the default one, if you do not have separated into multiple VLANS. After selecting the network a dialog is opened. There, please check if “IGMP-Snooping” is enabled, if not, enable it:
IGMP stands for Internet Group Management Protocol, an IPv4 technology for multicast. IPv6 uses MLD (Multicast Listener Discovery) to achive the same result. However a lot of devices disable multicast even for IPv6 if IGMP is not enabled.
After enabling “IGMP-Snooping” on UniFi the pairing process should successfully finish and the Thread network will be stable.
If you have a business enviroment as described above, the following chapter might be helpful if you have any problems with your Thread/Matter network:
Configuring Watchguard for Thread/Matters
As written above, I need to made some changes on my Watchguard, that Thread/Matter works without problems. Some settings are not suggested but if you have problems try if it helps.
Enable IPv6 support for the VLAN of your IoT/Thread devices:
These settings should be enough, that your Watchguard works with IPv6 devices:
- Enable “Send Advertisment”.
- Be sure that you have “Disable DHCP” for IPv6, otherwise you can get problems with your border routers.
After storing this settings, test, if the paring process is now working and the Thread network is stable. If not try the follwing additional settings. Disable this setting is not suggested because it weaks your network security:
In your Watchguard web interface go to Firewall → “Default Packet Handling” and disable “Drop Spoofing Attacks”.
Again this is not suggested by watchguard, but probably it will solve your problem!
Now your Thread/Matter pairing should work without any problems and the thread network should be reliable.
Please feel free to leave any comment.
