I think I have two routers:
Router A is connected to WAN and the Router A DHCP gives out IPs in range 192.168.0.10 to 192.168.0.128.
Router B is connected by ethernet cable to router A and gives out IPs in range 192.168.0.129 to 192.168.0.253.
The aim is that devices connected to Router B WiFi cannot connect to the internet -
so, Router A has a rule applied that disables the internet for IPs 192.168.0.129 to 192.168.0.253. This seems to successfully disable the internet when I connect a device to Router B WiFi.
The problem I have is that when I connect my laptop to Router A WiFi, I have IP 192.168.0.11, and then I connect to Router B WiFi, the IP remains as 192.168.0.11 and I can still access the internet (cannot access settings page of Router B) so it seems that Router B is kind of bypassed. It says the device is connected to Ethernet on Router A settings.
I was expecting that when connecting to Router B it wouldn't accept 192.168.0.11 as a valid IP and the Router B DHCP would give it a new IP. In fact only when I issue Ubuntu 20.04 command "sudo dhclient" to force renewal of IP, is an IP 192.168.0.178 given out, and then the device cannot use the internet (and seems to properly be on Router B as it can now access Router B settings page).
How is a device with 192.168.0.11 able to access the internet through Router B?
Let's say I get a new device that has never been connected to either router. I connect to Router B, it gets an IP in range 192.168.0.129 to 192.168.0.253, and the device cannot access the internet. Can I be sure that someone using this device cannot just change their local IP to 192.168.0.11 manually, and therefore be able to access the internet?
