#Matter/Thread Integration (UniFi Network) - Need Help

I'm trying to connect Thread and Matter devices to my Home Assistant instance, but it doesn't seem to work. I already have an Eve Energy (Matter) and a Tado X (Matter) successfully connected to my Apple Home network. Now, I'm trying to connect them to Home Assistant using the companion app.

PS: Sry for my english...

Network/HA Setup:
I’m using an Apple TV 4K, Home Assistant running on a VM on my NAS, and my iPhone.
All devices are on the same VLAN (IoT VLAN, ID: 40). I have restarted all devices multiple times and even recreated the Apple Home configuration/network.

For my UniFi setup, please see the attached screenshots.
I’ve also included screenshots of my Home Assistant configuration.

Matter Add-on Log Output:

2025-02-01 18:32:28.959 (MainThread) INFO [matter_server.server.device_controller] Starting Matter commissioning with code using Node ID 17.
2025-02-01 18:32:38.988 (Dummy-2) CHIP_ERROR [chip.native.EM] <<5 [E:30714i with Node: <0000000000000000, 0> S:0 M:50415874] (U) Msg Retransmission to 0:0000000000000000 failure (max retries:4)
2025-02-01 18:32:46.459 (Dummy-2) CHIP_ERROR [chip.native.SC] PASESession timed out while waiting for a response from the peer. Expected message type was 33
2025-02-01 18:32:56.479 (Dummy-2) CHIP_ERROR [chip.native.EM] <<5 [E:30715i with Node: <0000000000000000, 0> S:0 M:50415875] (U) Msg Retransmission to 0:0000000000000000 failure (max retries:4)
2025-02-01 18:32:58.964 (Dummy-2) CHIP_ERROR [chip.native.CTL] Discovery timed out

Does anyone have any ideas on how to fix this?

If you need more information or additional screenshots, please let me know!

Matter/Thread Integration (UniFi Network) - Need Help

Is the apple tv also on that same Iot vlan 40 ?

Is IPv6 set to automatic in the HA network settings ?

Is the device you are trying to commission close to the apple tv ?

Yes they are all on the same VLAN as u can see in the last and following Screenshots.

the devices are both about 3-5 meters away from the Apple TV and they are already comissioned to Apple Home and working.
Iam now trying to get them into HA.

I retried to delete the Apple Home Network, reconfigured Thread and restartet the Matter add-on + HA Server. But this didnt changed anything.

But i found this at the Matter Server add-on (Screenshot).
Why is there only the option available to commission a existing device? But nevertheless iam trying to do that with the Code from Apple Home.

I dont get it. What am i doing wrong?

And i found out, that HA sees thread only devices. But even that kind of devices i cant connect.

Is there a Log for Thread only?

Are you 100% sure these are Matter devices ?

is the Matter logo printed on the box ?

I'm starting to think you have some apple homekit (only) devices

yes iam. i tried now a thread only device / homekit device to test it.

Thread is just a radio transport, it is primary known as transport for Matter devices but before that it was used by Homekit

the other devices Eve Energy and tado X are Matter devices

ah ok

Well, if the devices are already on the apple network, and working fine with Apple Home, it should be possible to share them with HA without issues, as long as the network alows that

so for me it seems like there is already a problem with thread. due to nor matter or homekit device is working

if there is anything in between that blocs teh multicast ipv6 traffuic, you;re doomed

is thread and matter both using ipv6?

You could try with just a dumb unmanaged switch in between, Unifi is known to cause issues with Matter and Thread big time

but i dont get why i can connect to apple home with my apple tv but i cant connect to HA via Apple TV ?

YES, and it relies on layer2 discovery like neighbour discovery

Because your apple tv is both matter controller and thread radio, it doesnt need to traverse your network

hm... is it only needed to cmmission? Do i need that after the devices are in HA?

always

the entire protocol is IP-based

advanced networking in between = kill matter(and Thread)

ok so it seems like its a network problem. maybe i will ask the unifi support.

but i have all devices already on a switch in the same vlan.

Would it be a solution to get the ZBT-1 and plug it into my NAS/VM ?

It will lead to the same issues but then the other way around

Is your HA host a physical machine or VM ?

Show us some screenshots of your network and WiFi settings, please. I am also a Unifi user and it works mostly fine here.

What does the symbol with the key mean?

I do not see this in my setup:

please review this portion of the documentation https://www.home-assistant.io/integrations/thread/#understanding-the-thread-configuration-page

It is a Virtual Machine on my NAS

I thought it hast to be so? Due to i shared the credentials of the thread network with the companion app on my ios.

After work i can send some screenshots of the unifi configuration.

A few screenshots are alteady in my first/initial post

OK, that might have an impact. What NAS OS is it ?
Network interface a bridge interface ?

In your first post the Unifi screenshot with the network config shows both 'IGMP Snooping' and 'Multicast DNS' being turned off. For me it only works if both these are turned on. Maybe first turn the Multicast DNS one on and try again, if it still doesn't work turn the IGMP one on too.

Multicast DNS may not be enabled on unifi networks

IGMP Snooping is hit and miss, sometimes works, sometime sit doesnt. I have also hears stories that it differs between switches, access points and their firmware versions. So best to just try out some variables. But multicast dns option is really never good. So is the "optimize multicast traffic" option on the wifi, dont enabled it

I tried all kinds of combinations to turn on mDNS and IGMP. But i will give it another try…

My NAS is with one Port on the IoT VLAN and the VM has its one IP in the IoT VLAN.

NAS OS is Ugreen. But i dont think that matters due to the Network IPs are correct.

So shouldnt there be this icon with the key? Might that be a Problem?

I will make later some screenshots of my config in UniFi and post it here.

Ok first of all, a HUGEE Thanks for helping me here guys!

Here are some more Details and a summary:

My HA Screenshot 1:

IP: 192.168.40.11
IPv6: fe80::c2dd:da21:40cb:f303

The Network configuration inside of HA is the same (Screenshot 2)

My Thread Configuration (Screenshot 3). I recreated the thread network. Now there isnt the key symbol, but i shared the network credentials via the ios companion app.

Overview of my integrations (Screenshot 4)

Matter Log while comissioning (Screenshot 5 )

Unifi Setup

I have all devices (Apple TV 4K, HA and iPhone) on the same IoT VLAN/Network.

The ID is 40 (192.168.40.X). My Configuration is shown in Screenshot 6, 7) I now tried to disable IPv6 so it needs to make linklocal adresses.

The Wifi Configuration is shown in Screenshot 8.

My Access Point (with the IoT Wifi), the Apple TV and HA (VM on NAS) are all on the same Layer 2 Switch (USW Flex XG) - Screenshot 9

Now i mentioned something wierd... i tried to commision the tado X (matter) again after i reseted the device. the "connecting" only takes about 2 seconds and than it says "configurating". A few moments later the tadox devices says "connected" but nothing happens. After another while HA Says "Pairing failed". The only thing i found then is the Matter log errors 😦

I Hope it helps? Maybe @torn elbow / @subtle raven can show me there unifi config? What am i doing wrong guys? O.o

And i tried it again with the eve energy.. dosent work also ...

If u need more details or other informations please let me know. i really want to make this work due to the awesomeness of Home Assistant 😄

Hi, your WiFi settings look good.

But why do you bring all these devices incl. your iPhone to a 2.4GHz WiFI? Why don’t you bring all your Matter devices to your Main VLAN? All my Apple devices and HA are in the Main VLAN. Devices in the Main VLAN are allowed to communicate with devices in the IoT VLAN, but IoT devices are blocked to communicate with the Main VLAN. However your setup should work now from a network perspective. Disable IGMP Snooping.

I have IPv6 enabled globally, but it should work the way you configured it.

my Phone normally is in the Client VLAN / WiFi with 5 GHz. Its only in the IoT WiFi for Commissioning the Matter Devices to HA. Due to some How To's said that the phone needs also to be in the same VLAN/Network.

The Apple TV is connected via LAN 🙂

I will try again with disabled IGMP Snooping.

I dont want any device in the default Gateway, Switch Network etc. for my Clients like Laptops, PC, etc. i have a Client Network.

That will not work, Matter needs all devices to be in the same VLAN. mDNS can’t solve this issue reliably. Most/all available mDNS responders are made for IPv4, while Matter relies on IPv6.

What will not Work?

they are all in the same VLAN? Apple TV and Home Assistant. The Phone while comissioning.

When you have your iPhone in your Client network/VLAN and your Matter devices in the IoT VLAN. Matter is not designed for semiprofessional network infrastructure. But at least the commissioning should work, when all devices are in the same VLAN.

Make your network flat, remove all double interfaces and advanced config and it will just work.
The more enterprise grade your network setup, the lower your chances of success with a consumer grade protocol like matter will be

As i said, my phone is in the same VLAN while comessionin 🙂

Uff... i will give it a try to go with all to the default VLAN.... But to have an IoT VLAN is not something "special". It should be normal 😄

For 99% of the population it is special

its a house, not a office

yes that might be true. But do i want all the dirty IoT devices in my default network o.O

it simply isnt designed with pro/enterprise networking in mind

I don’t understand, why you want your AppleTV to be in the IoT VLAN, while your iPhone is in the Client network. Both devices are from the same vendor, Apple. This makes things more complicated, when you want to AirPlay or something like that…

Just make sure you dont have any "dirty" IoT devices or isolate them with outbound firewall rules

seems so. i will give it a try. Maybe i found a solution with some FW rules.

But as already said, commissioning should work, when all devices are in the same VLAN.

So, there must be another issue.

I had the apple TV in the client VLAN. But for Home Assistant and further tests i moved it to the IoT Network to have all devices in the same Network.

thats the only reason. But it seems to be more complicated. I dont have any hopes that it will work in the default VLAN... i mean its a VLAN too. What should make the difference. I will see if it works.

i found this post https://community.home-assistant.io/t/configuration-unifi-for-matter/671315

@subtle raven do you configured it too?

No, you are right. It will probably not work, because is there is some other issue. Whenyou bring all devices to your Main/Client VLAN, you also have to bring your HAOS server to your main VLAN.

Maybe the problem is your HAOS VM on your NAS…

i can move all devices thats not the Problem. But the Default Network is also a VLAN in Unifi (at least it seems to be so).

Maybe it also your IPv6 configuration.

Do you use a Raspi or the HA Green?

Maybe... i thought so too due to the Log:

2025-02-03 19:17:29.693 (Dummy-2) CHIP_ERROR [chip.native.EM] <<5 [E:38042i with Node: <0000000000000000, 0> S:0 M:118864047] (U) Msg Retransmission to 0:0000000000000000 failure (max retries:4)
2025-02-03 19:17:39.245 (Dummy-2) CHIP_ERROR [chip.native.SC] PASESession timed out while waiting for a response from the peer. Expected message type was 33
2025-02-03 19:17:39.246 (Dummy-2) CHIP_ERROR [chip.native.ZCL] Secure Pairing Failed
2025-02-03 19:17:39.246 (Dummy-2) WARNING [chip.ChipDeviceCtrl] Failed to establish secure session to device: src/controller/python/ChipDeviceController-ScriptDevicePairingDelegate.cpp:96: CHIP Error 0x00000003: Incorrect state
2025-02-03 19:17:39.247 (MainThread) ERROR [matter_server.server.client_handler] [140475960302416] Error while handling: commission_with_code: Commission with code failed for node 21.
2025-02-03 19:17:39.246 (Dummy-2) WARNING [chip.ChipDeviceCtrl] Failed to establish secure session to device: src/controller/python/ChipDeviceController-ScriptDevicePairingDelegate.cpp:96: CHIP Error 0x00000003: Incorrect state
2025-02-03 19:17:39.247 (MainThread) ERROR [matter_server.server.client_handler] [140475960302416] Error while handling: commission_with_code: Commission with code failed for node 21.

Try it out. Now I have to put my little one to bed. 😉

No Problem. Thank you!

I Will at first try to move everything to the default VLAN 🙂

In your HA IP configuration screenshot I see an IPv6 address that starts with fd17. When you disabled IPv6 in your VLAN it shouldn’t have an IPv6 address there, right? Did you reboot your HAOS VM, after you disabled IPv6?

yes i did. but isnt that the link local?

and it also has a fe80

However… It is not the right way to disable IPv6. Matter is IPv6 only. So it should work with IPv6. I have IPv6 enabled end to end. My ISP gives me a dual stack IPv4/IPv6 connection.

how did u enable ipv6 in unifi then?

Yeah, fe80 is the link local address.

Do you get IPv6 from your ISP?

I have a PPPoE Dual Stack connection:

I am on my phone. Here is my network configuration:

Sorry for the crappy screenshots. I am on my iPhone at the moment.

Your are from Germany. What’s your ISP? Do you have a Dual Stack connection? PPPoE?

my ISP is vodafone and i have dual stack jeah i have an IPv6 and IPv4

but i didnt get any Bridge Mode or something 😦

my UniFi gateway only gets an ipv4

What APs are you running? I’m running Matter on a Unifi network. Here are some things I’ve learned. Don’t worry about IPv6 on the network. The matter controller (Apple TV) and all of the devices will figure themselves out. Make sure all Matter devices and controllers (including HA and AppleTV) are on the same VLAN. Without a very advanced understanding of IPv6, you aren’t going to get it working across VLANs. AppleTV and HA supervisor communications happen over IPv4 and well documented. Use the enhanced IoT settings for the IoT VLAN to start with. From there, you can turn things back on once the devices are commissioned.

If you’re running U7 Pro APs, that could be a big part of your problem. They are known to have issues with IoT. I spent a week fighting this. I finally scrapped the U7 last night and swapped in an AC Lite. Everything lit up wonderfully once I did that.

reading all this is making me seriously reconsider making a u6 my next AP

AppleTV and HA supervisor communications happen over IPv4

No, it's IPv6 - that is if you are talking about Thread here and the Apple TV is used as TBR.

Don’t worry about IPv6 on the network.
No, you SHOULD worry about it. It should travel freely in the network so that link local auto discovery works. Where you shouldn't have to worry about is any IPv6 config on your router: A native Ipv6 ISP or DHCPv6 server is not required.

specifically: the thread border router sends out ipv6 router announcements with an ipv6 "unique local" prefix, and home assistant will, if your network is configured right, automatically get an address in this prefix, and use it to talk to thread devices.

(your phone has to receive that as well, for commissioning)

@livid dock did you manage to get this working in the end? I'm in the same boat in terms of the error from the matter server, though in my case I already have a flat network so it's not an issue with multiple vlans

Not yet.

There are a lot of possible things to check.

In the default vlan it also didnt work.
And as you say, i also dont think that matters as long as all needed devices are in the same vlan.

There are a lot of users which already using HA in an IoT Vlan.

I will need to try something else. If i found any solution i let u know

Are you running HA OS? I'm not, and my issue turned out to be that I needed to set net.ipv6.conf.eth0.accept_ra_rt_info_max_plen to 64 (it was 0 in my case, which prevented the matter server from working properly). i believe that in HA OS that's already set appropriately

iam running it un a VM with HA OS yes.

So what exactly is your setup with unifi and VLANs?

i just have the one Default vlan that everything is on. I don’t know if it helped but i turned off both IGMP Snooping and mDNS

Its working now.

I created a IPv6 for the Default an IoT LAN. Then i used a different Network Bridging mode for the VM (LinuxBridge).

Thanks for all the Help guys! I should have been earlier testing the IPv6 connection in depth....

So yes HA and Matter on a separate (non flat) network ist working perfectly, also with unifii and also with ugreen NAS.