#Unable to add Matter over Thread (Eve Motion) to HA

Hello!
When trying to add my Eve Motion to HA, I keep getting

CHIP_ERROR [chip.native.SC] PASESession timed out while waiting for a response from the peer. Expected message type was 33```

I have my HA server on a different vlan than my HomePod, but inter-vlan routing is enabled, so they are able to communicate.

has anyone else been able to successfully use a similar setup?

Get them on the same vlan

is that the only way? I'd rather not do that

Matter is only designed for single vlan. So yes, put all IoT devices + HA + thread border routers on the same VLAN.

Yikes

That’s a pretty bad design

I figured the HomePod or and matter / thread hub would broker the connection

Matter is designed for the consumer space...which is vastly a single VLAN. Why add complexity for the .01% of home that try to emulate enterprises? Juice isn't worth the squeeze to me. Heck, Thread 1.3 and Matter 1.4 still have a lot to be desired in basic functionality that the respective orgs haven't addressed yet.

the specific things that you will run into problems with are mdns and ipv6 routing. both your phone (during commissioning) and HA have to be able to resolve mDNS queries answered by the thread border router and receive IPv6 RA packets from the TBR so they know how to route packets. both of those protocols operate on link-local multicast or broadcast.

in theory you can make it work across vlans, but you need to have a decent mdns repeater (unifi's is problematic) and also have your inter-vlan router set up to add IPv6 routes received from RAs broadcast by other routers to its routing table (routers are normally configured to ignore incoming RAs)

I have mdns enabled across the related vlans, but I think I need to figure out the commands for the ipv6 part
thanks!

which I'm guessing would require me to deploy ipv6 throughout my nework, which sounds...exciting... 😂

yeah, thread is ipv6-only. if you're in the same broadcast domain as the thread border router, things will "just work" since it'll send out RAs with a ULA prefix, causing all the machines in that network segment to get IPv6 addresses that they can use to talk to the thread devices.

my pushback to not supporting inter-vlan communication being bad design is- why do you want multiple vlans anyways? if you're trying to stop devices from phoning back home, isn't it enough to just use a firewall to block outgoing requests? my hot take is within the household, vlans are a solution looking for a problem

First of all why on earth would you want that, it completely defeats the whole purpose. Second of all I hardly doubt it will work reliably. All attempts I have seen so far broke the entire protocol and/or stability big time.

A much better advice would be to simply have your HA instance on your IoT (v)LAN. Opening a few simple (HTTP) ports is much easier than trying to route traffic that is never meant to be routed anyways.

If you want Matter, use flat network. Nobody on the HA team or any of the involved devs will support Matter on a non-recommended network setup, even if you get it somewhat working.

If you don't like the idea of having HA and the devices on the same (v)LAN, then Matter is just not your thing.

It’s probably moly misunderstanding of matter, I figured it was closer to zwave/ zigbee

It borrows some of the ideas but the big difference is that Matter is an IP based protocol, hence the big fat dependency on the network infrastructure.

thread uses the same underlying radio tech as zigbee, but it's designed to be layered, where the network management is separated into a lower layer, and it provides plain ipv6 on top of that. The thread border routers act like normal ipv6 routers at that level. Then matter runs on top of the ipv6 network.