Separate LAN's using 2 Routers - Can ping devices on other LAN

Question

so the setup I've got:

• Main Router which receives the internet connection and is my primary WIFI network: 192.168.1.0/24
• Secondary Router which I've connected via the following method to create a separate LAN: 10.3.3.0/24. Main Router's LAN port --> Secondary Router's WAN port.

I've got this setup fine and can get internet from the Secondary Router's LAN, no problem.

My question is: Is it normal behavior to be able to ping a device connected to the main router from the secondary router?

I would like to isolate devices on each LAN so that devices connected to the separate LAN's can't communicate and wondering if I'm able to achieve this using 2 consumer grade routers?

Cheers!

Answer 1

This is normal behavior because the secondary router knows that IPs in the 192.168.1.0/24 subnet should be forwarded to its WAN port, so it can access hosts connected to that network. Sadly, you usually can't create 2 segregated subnets with 2 consumer-grade routers, as these only have 2 network interfaces (one for WAN and one for the built-in switch).

I also do not recommend doing this, as double NAT can have unexpected side effects. If you really want to separate devices on your local network, looking into VLANs is a better way. You can use your existing router but will need a compatible switch.