I have a simple home LAN that consists of one router without WLAN.

 

I want to share internet connection with a second router so that devices that connect to the second router can't communicate with devices that are plugged in the first router.

 

I have connected a second router (TP-Link WR840N) by connecting UTP cable from my main router's LAN port to my second router WAN port. It is set to Router mode.

 

Main router's IP address is 192.168.8.1

Second router's IP addresss is 192.168.9.1 and I have configured gateway and DNS as 192.168.8.1 and DHCP as 192.168.9.100-192.168.9.199

 

I want to block communication between the two subnets, so that devices that connect to second router via WiFi can have internet connection but can't communicate with devices on the main LAN (192.168.8.X).

 

I tried by configuring Guest option, but I can still reach my main LAN through it.

 

 

 

 

*** EDIT - SOLUTION *** - IS THERE A BETTER ONE?

 

I managed to do it via Access Control

 

here are the steps:

 

1.

In Access control - Rule:

- enable internet access control

- allow the packets ...

SAVE

 

2.

In Access control -> Target:

- add new:

mode: IP Address

description: "mainLAN"

IP Address: 192.168.8.2-192.168.8.255    (note: 192.168.8.1 shouldn't be blocked because it's the internet gateway address)

SAVE

 

3.

In Access control - Rule:

- Add New

description: blockingmylan

Lan Host: Any Host

Target: mainLAN (Add target: mainLAN, previously configured)

Schedule: any time

Rule: deny

Status: Enabled

Direction: OUT

Protocol: ALL