I have 2 wireless routers running on my windows 10 pro network. The primary is a TP-link ax50 and the secondary is an Asus RT-N66U. The TP-link, 192.168.1.xxx subnet, connects to my computers, printers and AV devices via wi-fi and ethernet connections. The Asus, 10.0.1.xxx subnet, connects via wi-fi to my IOT devices like wi-fi cameras, smart plugs and echo dots etc.
Currently, my cable modem is connected to my primary tp-link router. The secondary Asus wan port is connected to the primary via an ethernet switch. This yields an internet connection for wi-fi clients connected to the secondary router. However, it is also allowing access to primary network shares which I don’t want. I don’t want the IOT devices that are wi-fi connected to the secondary router to have primary network share access. This defeats the purpose of a 2nd router on a different subnet all together. If I connect to a lan port (instead of the WAN port) on the secondary router, I lose internet connection on it’s wi-fi clients which need internet to function.
How do I connect and configure these 2 routers so the clients on the secondary cannot access the shares on the primary network while maintaining internet access on both?.
When you daisy-chain routers, devices on the first router in the chain (the one connected to your ISP) won’t be able to see devices connected on the 2nd router, since it is behind your 2nd router’s firewall.
However, devices connected to your 2nd router will be able to reach devices on your first router’s LAN.
Everything on the 2nd router will be behind a 2nd layer of NAT, which breaks some services, and makes port-forwarding much more difficult.
There’s no simple fix for this – there should only be one routing device on your network - the one connected directly to your ISP.
If you want segregation, isolation, and the ability to permit (or deny) certain traffic between the network segments, you’ll probably want a VLAN-Aware router as your primary routing device, in tandem with VLAN-Aware access points, or perhaps separate, individual access points (or routers in access point mode) to service each separate network.