I have 2 wireless routers running on my windows 10 pro network. The primary is a TP-link ax50 and the secondary is an Asus RT-N66U. The TP-link, 192.168.1.xxx subnet, connects to my computers, printers and AV devices via wi-fi and ethernet connections. The Asus, 10.0.1.xxx subnet, connects via wi-fi to my IOT devices like wi-fi cameras, smart plugs and echo dots etc.

Currently, my cable modem is connected to my primary tp-link router. The secondary Asus wan port is connected to the primary via an ethernet switch. This yields an internet connection for wi-fi clients connected to the secondary router. However, it is also allowing access to primary network shares which I don’t want. I don’t want the IOT devices that are wi-fi connected to the secondary router to have primary network share access. This defeats the purpose of a 2nd router on a different subnet all together. If I connect to a lan port (instead of the WAN port) on the secondary router, I lose internet connection on it’s wi-fi clients which need internet to function.

How do I connect and configure these 2 routers so the clients on the secondary cannot access the shares on the primary network while maintaining internet access on both?.