My old setup was red & green. AP+controller was on green.
Now I have a new setup and I choose to have Red+Green+Blue.
AP is a TP-link and I have a controller software on my NAS on green.
Is it possible to use the controller in green but AP is on blue?
Hello Daniel,
this heavily depends on how the TP-Link devices and the controller software comunicate.
In case you manually can configure IP and gateway settings on the AP device and you can configure the server IP where it can obtain it’s wireless settings this should work.
Best regards,
-Stefan
I have thought for a while and realize that I can use my AP standalone.
But what do the rest of you do with all the IoT devices that use wifi?
The IoT devices must be able to access the green network.
Why must they.
The few IoT devices I have are on the Orange zone (DMZ). They can connect to the internet but they definitely are prevented from accessing anything on Green or Blue.
you may need firewall ports open from blue to Green Controller.
if your AP supports multiple wifi zones
like Home native and Guest on vlan
the you can separate them that way.
Är det fel att ha AP i det gröna nätverket and then use accesslist with mac-adess for access to the wireless?
Det är ju ingen ide att ha ett blått nätverk om så många saker ändå ska ha access till det gröna.
Om jag har ett blått nätverk med ex. 192.168.10.x
och ett grönt med 192.168.1.x
How should the firewall rule look like if it need access to the green?
This is the AP I have
Please read the IPFire forum FAQ and especially this section
Sorry my bad. Copy the wrong text from translate.
Use it to get it all right.
Here is the text:
Is it wrong to have the AP in the green network and then use accesslist with mac-adess for access to the wireless?
It is no idea to have a blue network if so many things are still going to have access to the green.
If I have a blue network with e.g. 192.168.10.x
and a green one with 192.168.1.x
To use the TPlink software from your NAS computer all you have to do is allow that ip for the NAS to blue and vise-versa. Since by default, green can reach blue, The Access point ip to Nas IP allow rule should be added in the firewall rules.
Also, for the best result, both access point and NAS should be on a static ip.
I tried that once, but somehow it doesn’t seem to work.
The AP, which is connected to the green network via LAN, needs an address within the green network, doesn’t it?
Otherwise it would be blocked all the time. With an address from the green network that has to be entered as a gateway, no addresses from the blue network can be entered in the AP anymore. At least not with my setup, where DHCP can be configured to that extent. (It is not saved.)
Here is a list of ports.
If this is the software?
You would best be server by making a service group
then a blue to green firewall rule for this service group.
if you have allot of APs than a host group could be used to put them in to one rule. hope that helps.
Auto discovery may not work?
My AP is not a hardware controller for 500 APs.
It is an AP with an App control Software.
Where should this service group be created? Does service group mean an address range in the blue network?
Should the AP act more as its own DHCP server with address range in blue network in ipfire?
they are found in the firewall groups tab.
the AP can be its own group…(group of 1)
then you make a service group off the ports needed.
then make firewall rule. so AP in blue can talk to Server in grean.
the firewall rule would be AP group to destination Server Protocol AP service . Service groups are a great feature.
Ok, yes this groups i use a lot 
,very helpful, i will try it again, with this hit.
At first I didn’t know whether I should mention it or whether it might be a funny anecdote that some people would make fun of, but in the end it was a very good experience for me, even though it was a real disaster.
What hvacguy wrote here in six short sentences became an odyssey of absolute madness for me, and chance was the crowning glory.
Basically, I have been dealing with VLANs and ipfire from the very beginning. The different networks had a special appeal and I always wanted to implement it correctly. But I never had the right hardware for that. My first attempts with Ipfire were on the monster HP ProLiant DL360 Gen3, but I couldn’t realize different networks, I wasn’t able to create reasonable firewall rules that it ran smoothly, so I always hooked up APs in green.
Over time, my knowledge improved somewhat and I created VLANs in the switches to forward them across several switches without come in trouble using trunks and without causing a collision with the ipfire. The hardware becomes more modern but not as professional, the small single board computers were not yet in my focus.
Nevertheless, my APs are still connected to Green via LAN and I had activated the built-in WLAN card in the BIOS a little while ago and also a blue network that I use for a few radio-controlled sockets. Unfortunately, the number of clients on blue is very limited and I wanted to implement the solution which sounds so simple here.
But what turned out to be a fatal mistake.
Before I tested various options and also planned to replace an older POE switch with a newer one.
First of all, I had an additional orange network by simply selecting the triple configuration and simply creating a VLAN on green for orange, which didn’t cause me any problems so far.
Even when I created the bridge to create another VALN on green, everything was still ok. Getting the VLANs to work correctly was a bit trickier because it always overlapped somehow. But so far so good, expanding the network only worked up to the green interface, I couldn’t set any shares.
And so I had to leave in the evening and came back a few hours later. What I found was the worst an completest failure ever, since I work on this my glory, redundant and stablest, my oeuvre, my network. oh lord! Definitely nothing worked, no machine had internet, even the modem was in error mode. All four switches responded to zero, could not be addressed with discovery tools or otherwise. I was completely over all was locked shut off or in Error mode and my NAS is still booting. I had to get in to the deep of the error on the ipfire machine itself.
After looking at the network, i was more confused as before, so first time in my life I used ChatGPt to help me, described the problem and asked if my analysis and the suspected problem could be the cause. This was confirmed from this little annoying thing and I was able to start solving the problem.
What happened? If you remember, it was a while ago that I had a question about the WiFi card and why the driver was loaded and no other, etc. The problem was solved at the time. Only the little thing that a bridge was created here and I had then now again pulled a bridge over the blue interface and my two network cards suddenly had the same MAC address after a reboot, which paralyzed the entire network and blocked all ports.
Why also coincidence? The whole thing was caused by a power interruption, because only after booting (yes my router is configured that way) did the collision and complete failure occur.
An experience I would not want to have again anytime soon, but I took the opportunity to dismantle the server, clean everything and the new switch has also been ordered.
I learned a lot, ChatGPT i will use now more often and am already in the process of expanding the blue network again and hope i will get this rules like I wanted to use the device as it should be.
Ich wünsche allen schöne Feiertage und hoffe ich konnte ein lächeln zaubern!