#Unifi Settings for Matter

My setup is rock stable since month. I have 22 EVE Matter over Thread and 13 EVE HomeKit over Thread devices.

I have exactly one Thread Mesh network.

I also have VLANs, but all Matter related stuff is on my Main VLAN:

• HAOS VM
• 2 AppleTV 4K 3. Gen (Matter Hubs and Thread Border Routers)
• all iPhones/iPads, Sonos, etc.

Unifi environment:

• udm-se: 3.1.16
  • network application: 8.0.7
  • protect application: 2.9.42
• switches:
  • 1x usw-aggregation: 6.5.59
  • 1x usw-enterprise-24-poe: 6.5.59
  • 1x usw-enterprise-8-poe: 6.5.59
  • 1x usw-lite-8-poe: 6.5.59
• access points:
  • 3x u6-pro: 6.6.55
  • 3x u6-enterprise: 6.6.55

My APs are nearly always on the latest EA firmware, while switches and UDM-SE ist mostly on GA firmware (seldom RC).

Unifi settings:

Global Network settings:

• Multicast DNS > None
• IGMP Snooping > None

WiFi settings for all SSIDs:

• BSS Transition > enabled
• UAPSD > enabled
• Fast Roaming > enabled

All other settings are disabled.

My HAOS VM is running on an Openmediavault 6 (Debian 11) with a KVM Hypervisor. There is no special configuration in my opinion. I configured an interface per VLAN and after that I created a Bridge interface per VLAN interface. HAOS uses the Bridge interface for my Main VLAN to get an IP address of my Main VLAN.

I have a Dual Stack (IPv4 and IPv6) Internet connection. IPv4 and IPv6 are configured to work in all VLANs and it works end-to-end. HAOS has an IPv4 and an IPv6 address.

A bit offtopic:

I also have a lot of Nanoleaf Matter over Thread bulbs lying around here. Some weeks ago, I tested them again with firmware 3.5.41. I paired them to the Nanoleaf app, updated to the latest firmware, deleted the bulb from the Nanoleaf app again, resetted the bulb physically by switching it on/off 5 times (until it flashes red).

Then I paired the bulb to Apple Home and shared it to Home Assistant. The last step was to pair the bulb again to the Nanoleaf app. This way, the pairing procedure worked without issues.

It also worked to pair bulbs to the Nanoleaf app and after that directly to Home Assistant.

It didn’t work, when I paired the bulb to the Nanoleaf app, to Apple Home and after that to Home Assistant. It was not possible to share it to HA as the third step.

But after maybe one day, I got Thread network issues. In my opinion everything started to re-mesh. Also the EVE devices were involved in that re-meshing process, over and over. Since I removed the 10 bulbs again, everything is rock stable again. We really need a new Nanoleaf firmware.

Probably smart. They cause my mesh to randomly explode on the latest firmware even if I can reliably pair them (similar situation, I have to pair to Google home then share to HA)

I don't think the Wi-Fi settings matter, just the network -- some of mine are different (also unifi) but I have the same global settings w.r.t IGMP and mDNS

In case of HAOS I also think that the WiFi settings do not matter. At least when your HAOS and your Thread Border Routers are connected via Ethernet. 😃 But if you have problems to reach Matter devices with your WiFi connected phone, you may want to disable or check the following WiFi settings:

• Multicast Enhancement
• Client Device Isolation
• Proxy ARP

I have these settings disabled. But I am unsure, if this can really help. I do not have any problems since months, besides the Nanoleaf issues… 😃

@cosmic flame what ipv6 settings did you have? I just enabled it on my unifi stack and now I can't add devices anymore

I just get stuck at "checking network connectivity"

Here's what I have under the specific vlan settings:

DHCPv6
DNS: auto (routes to my phiole)
RA: enabled
priority: high
allow slaac: enabled

I don't have any firewall rules because I couldn't ever get them to work for ipv6 🙂

I have no problems pinging link-local addresses (laptop -> ha for example)

Internet > Primary (WAN 1):

IPv4 Configuration:

• IPv4 Connection > PPPoE
• DNS Server > Auto

IPv6 Configuration:

• IPv6 Connection > DHCPv6
• Prefix Delegation Size > 56
• DNS Server > Auto

Networks > VLAN Configuration:

IPv6:

• Interface Type > Prefix Delegation
• Prefix Delegation Interface > Primary (WAN 1)
• Prefix Delegation ID > auto

Advanced:

• Client Address Assignment > SLAAC
• DNS Server > Auto
• Router Advertisement (RA) > Enabled
• RA Priority > High

I also do not have IPv6 Firewall rules at the moment. Didn’t have the time to configure them.

You do this via ’ping6‘ or ’ping -v6‘?

there's some problem with my HA instance wherein I can't ping out when ipv6 is enabled

ping6 google.com returns 100% packet loss from my HA

i haven't gone through troubleshooting thread/matter futher since if HA can't call out anyways its unusable

Can you ping6 google.com from your phone or another client? Is IPv6 generally working and only HA has a problem?

it's only a ha problem

i can ping6 from other clients, and I can ping the HA box but HA can't ping out

seems to be a HA specific problem

How are your HA network settings configured?

auto configured (HAOS on a RPI)

Configure Network Settings:

• IPv4 > Automatic
• IPv6 > Automatic

yeah

i can ping the ipv6 gateway at least

What do you see under ‘Network Adapter‘?

I see this (anonymized):

Auto Configure
Detected: enp1s0 (10.xx.xx.xx/24, 2a03:7846:b335:101:xxxx:xxxx:xxxx:32fe/64, fe80::a08d:523f:6d1f:xxxx/64)

ive got a local ipv4, (192.xx), multiple ipv6 2600:xx addresses, and one link local fe80

Ok, that sounds good.

Sorry, I am out of ideas.

When IPv6 works fine and only your HAOS has an issue, that’s where you have to look. But I can’t say where exactly. For me it worked out-of-the-box, if I remember right.

okay i fixed both issues and i'm posting what happened for reference

the ipv6 was a misconfigured gateway, so i had to fix that

the thread issue was fixed (dont ask why) by changing the thread channel to something else then back to the original channel

Ok, great! 😃👍