Skip to content

End device Polling

Jump to bottom Edit New page
Manuel Pietschmann edited this page Nov 18, 2018 · 25 revisions

This page contains observations of sniffed ZigBee traffic in regard of end-device polling behavior and how various routers deal with it.

Routers

Innr light RB 162

SW Build Id: 1060210012
Date code: 20150831-198

Drops frame to end device silently, no NWK transaction expired message.

  • Did raise the nwkUpdateId to 22 albeit no such command was ever send (nwkUpdateId of the network is 20).
  • Pressing L in deCONZ sends a Mgmt_Leave_req with rejoin enabled to the light, however the innr light doesn't rejoin after leave, network needed to be opened again and the light to be power-cycled.

A rxOnWhenIdle child (Climax power plug) did a rejoin to the innr light, while it works the rejoin response also assigned a new nwk address which is different from other router devices and might cause new establishment of routes and updating various tables.

Further observation the Climax power plug stays connected to the innr light (8 days now) and does send reports towards the gateway which are correctly relayed from the innr light to the gateway. But the plug is not reachable since Route Requests from the gateway won't be answered by the innr light with correct Route Reply but only Route Request broadcasts as if the light doesn't know the plug anymore.

Philips hue LCT007, firmware 5.50.1.19085, 20160810

Drops frame to end device silently after ~3-7 seconds, no NWK transaction expired message.

OSRAM Smart+ plug

NWK transaction expired after 20 seconds.

Ikea E27 W opal 1000lm, FW: 1.2.214, Datecode: 20170302

NWK transaction expired after 8 seconds. (might be standard which says 7680 milliseconds)

Issue nwkUpdateId:

  • The local nwkUpdateId is not updated after a power-cycle, if it is 1 and there is a newer network with nwkUpdateId 2 it will stay 1.
  • End-devices which try to rejoin the network and already know nwkUpdateId 2 will ignore the Ikea light as parent candidate.

Ikea GU10 WS 400lm, FW: 1.2.221, Datecode: 20180410

Xiaom motion sensor (RTCGQ11LM) as child test:

  • Gateway firmware 0x262d0500
  • Hourly report 0xff01 is relayed to gateway (no motion activation in between).
    Therefore child wasn't removed after one hour sleeping.
  • NWK Route Record is send to gateway prior to relay
  • Test NVRAM child table is kept after light power cycle OK

Side effects when Add to Group command (group id 0x0055) is send:

  • The light was turned off before
  • The group is added correctly and status is success (0x00) in the Add to Group Response
  • After Add to Group the light sends a On/Off cluster Report where on = true (in one test the lights was also optically turnen on, in another only the attribute was true but light stayed of visually).
  • The light also groupcasts a Read Attribute command for On/Off attribute to the related group (0x0055)
  • Sending a On Command does nothing, the light stayed off likely since internally it already has the state On
  • Sending a Off followed by an On corrects the internal state and light works again
  • Remove the Group command (regardless if the group exists) turns the light on

End-devices

Xiaomi motion sensor (RTCGQ11LM)

Version: 3000-0001
Model id: lumi.sensor_motion.aq2

  • Polls once per hour ~500 ms after manufacturer specific special basic cluster attribute (0xff01) report
  • Doesn't poll after Occupancy sensing and Illuminance measurement cluster reports
  • None of the attribute reports have APS ACK enabled
  • None of the attribute reports have ZCL default response enabled
  • When button is pressed once, it polls once and does attribute reports every 5 seconds without polling (setup / test mode)
Parent loss I
  • When parent (coordinator) is not reachable on activation Occupancy sensing and Illuminance measurement reports are repeated 23x and then 4x
  • No further action to rejoin to another parent is taken for the next 4 activations (with one minute offset)
  • The fifth activation causes recovery to search for a new parent
Parent loss II
  • Sensor was forced to pick Philips hue E27 bulb as parent
  • Attribute reports are forwarded fine
  • After power off the parent, the sensor tries to relay through parent and didn't start to look for another parent
  • Instead of reporting the sensor moved over to poll the parent via mac data requests
  • 26 hours passed, no change in behavior, no attempt to recover

Xiaomi square multi sensor (WSDCGQ11LM)

Version: 3000-0001
Model id: lumi.weather

Parent loss
  • When parent (router / FLS-PP lp) is not reachable on sensor measurement reports these are repeated 4x
  • No further action to rejoin to another parent is taken for the next 4 sensor measurement reports (with 3 minutes offset)
  • The fifth activation causes recovery to search for a new parent

Ikea Tradfri remote control

Invalid power descriptor: 0xc110

Polls every 5 minutes.

Ikea Tradfri motion sensor

Invalid power descriptor: 0xc110

Poll every 5 minutes.

OSRAM Motion-Sensor-A

Polls every 5 seconds.

OSRAM 4 button remote control

Polls 3x with 1 second delay after power configuration cluster report, every 1 hour.

Polls 4x with 1 second delay after button press.

invalid power descriptor: 0xc110

Trust remote control ZYCT-202

https://www.trust.com/en/product/71171-zigbee-remote-control-zyct-202

Polls only once after button press, stays silent otherwise.

NWK 0x0093

group 1 0x0091 group 2 0x0092 group 3 0x0093 group 4 0x0094 group 5 0x0095 group 6 (all) 0x0096

Trust motion sensor ZPIR-8000

  • polls once after motion detection
  • polls once after battery report every 20 minutes

Philips hue Dimmer switch

Polls 4x with 5 seconds delay after power configuration cluster report, very 5 minutes.

Home Remember : Not all devices listed here are supported by deconz.

deCONZ for Dummies

Backup & Restore

Request Device Support

Supported Devices

Community Device Reports

Hue API Compatibility

Enable core dumps on Raspbian

Clone this wiki locally