CG3000-2STAUS WiFi Router. Trying to configure as a WiFi AP but unable to route to internet gateway

> [...] I want to use the old router as a WiFi AP to connect IoT devices
> to and keep these segregated from other devices on the home network.
> [...]

   A wireless access point would not really segregate anything from
anything, but that might be the best approach.  Configuring the CG3000v2
as a (second) router would provide some separation, but perhaps less
than you might think.  And that would be more complicated.

> [...] I cannot get the Netgear to route traffic to the "main" router
> and internet. [...]

   "cannot" is not a useful problem description.  It does not say what
you did.  It does not say what happened when you did it.  As usual,
showing actual actions (commands) with their actual results (error
messages, LED indicators, ...) can be more helpful than vague
descriptions or interpretations.

> [...] There is a UI showing the internet gateway details [...]

   It's not showing them to me.  With my weak psychic powers, I can't
see what you connected to what, or how you configured anything.

> [...] it will not allow me [...]

   How, exactly, does it try to stop you, threats and menaces, or some
(invisible) error message, or what?

   If you do decide to use the CG3000v2 as a (second) router (presumably
connecting its WAN port to a LAN Ethernet port on your (unspecified) new
router), then you'd probably need to configure the CG3000v2 with a
different LAN subnet (address range) from that used by your
(unspecified) new router, and then configure a suitable static route on
your (unspecified) new router, so that devices on its LAN subnet will
have a chance of getting a message passed to the CG3000v2, instead of
everything with a foreign-looking destination getting sent to your ISP.

Hi, Apologies for lack of clarity and information (and assumptions re your psychic powers), I wasn't even sure I would get a response, let alone such a fast one, thank you.

I attach a diagram of what I am trying to achieve with two subnets, one on each router. The NetGear is WiFi Router2 in below diagram and Sagemcom  (new) is Router1

The tick marks are ping results. From Subnet1 to SSID3, I am able to ping 192.168.0.130 but not 133.  I suspect 130 is a second IP address for Router1.

The Advanced Home screen of the NetGear router is as shown below. I don't know where to set the Default Gateway address (which should be 192.168.0.1?). I guess it cannot get an IP address without that since it will use it for DHCP? Maybe I need to set this as static, as you seem to be suggesting in your final comment?  Anyway, thanks again for your help and I will continue my quest.

I think I need to somehow assign WiFi R2 a static "internet" address from the WiFi R1's subnet. And then set the Gateway and DNS address to that of WiFi R1.

However, these options are not availabe in the WAN Setup or Internet Setup tabs on WiFi R2 (NetGear). Is it possible that the ISP has disabled these options? Or that it is not configurable on this router model and I need to purchase one that does have them?

> I attach a diagram [...]

   It might be safer/clearer to use a /24 subnet on each router.  I
would not bet that anything else gets tested, and that'd make it easier
to see which addresses are in which subnet.

> [...] I suspect 130 is a second IP address for Router1. [...]

   A router does not have _an_ IP address.  Each network interface in a
router has an IP address.  So, each router here has a WAN/Internet IP
address and a LAN IP address.

   The WAN/Internet IP address on the CG3000v2 must be on the LAN
subnet of the main router.  Documentation on the CG3000v2 seems sparse,
at best, so I'm not sure exactly where/how you'd configure this stuff.
(If it's possible.  Normal Netgear cable modem+router models lack a
WAN/Internet Ethernet port.  That makes then simple to deal with in such
a system: You can't do it.  Exactly how much you _can_ do with a
CG3000v2 is not immediately obvious (to me).)

   I'd configure the main-router LAN as "192.168.0.1/24" (perhaps with
its DHCP pool as ".8"-".254"); the CG3000v2 WAN/Internet interface as
"192.168.0.2/24"; and the CG3000v2 LAN as, say, "192.168.2.1/24".

   The main router would then need a static route (not related to having
any static address) like:

      Destination: 192.168.2.0
      Subnet Mask: 255.255.255.0
      Gateway: 192.168.0.2

   I don't know how you'd configure that on your (unspecified) main
router.

   Whether it would make sense to enable NAT on the CG3000v2 is not
clear to me.  Some experimentation might be needed.

> I think I need to somehow assign WiFi R2 a static "internet" address
> from the WiFi R1's subnet. And then set the Gateway and DNS address to
> that of WiFi R1.

   No.  "WiFi" is not a separate network, or subnet, or anything.  It's
just part of the LAN (subnet) of the relevant router.

Many thanks for your suggestions and advice, it has been a really helpful discussion for me.

> It might be safer/clearer to use a /24 subnet on each router.  I
would not bet that anything else gets tested, and that'd make it easier
to see which addresses are in which subnet.

I tried that (I used 192.168.1.0/24) and I agree it is easier but still no joy. In my main router (which is a Sagemcom F@ST3864V3HP by the way) on the LAN setup, there is an option to "Configure the second IP Address and Subnet Mask for LAN interface" which I selected and entered 192.168.1.0 and 255.255.255.0. This automatically created a route to that address from main router.

> I'd configure the main-router LAN as "192.168.0.1/24" (perhaps with
its DHCP pool as ".8"-".254"); the CG3000v2 WAN/Internet interface as
"192.168.0.2/24"; and the CG3000v2 LAN as, say, "192.168.2.1/24".

The problem seems to be in setting the WAN/Internet i/f address - there just doesn't seem to be a way of doing this. As I showed in the screenshot, there is no IP Address/Mask shown for the Internet port and no Default Gw or DNS and I cannot see how it can be set.

>Normal Netgear cable modem+router models lack a
WAN/Internet Ethernet port.  That makes then simple to deal with in such
a system: You can't do it.  Exactly how much you _can_ do with a
CG3000v2 is not immediately obvious (to me).)

I think that is the answer unfortunately - No can do.

A final question - my main router by default, allows all outgoing IP traffic from LAN, and 

blocks all incoming traffic. This presumably enables all my IoT devices to communicate with their servers (and other devices to access www etc.) by allowing them to set up TCP connections but blocks any attempts by external devices to initiate TCP connection to them, right? So I guess this provides some security but is it sufficient? What about UDP, I guess that is covered by the same rules as it doesn't specify the protocol.

Thank you again for your valuable support. 

> [...] there is an option to "Configure the second IP Address [...]

   Interesting.  I've not seen that sort of feature elsewhere.

> The problem seems to be in setting the WAN/Internet i/f address [...]

   If you can't find a way to do that, then the project may be doomed.

> A final question - [...]

   Yup.  Anything (TCP, UDP, ...) incoming at the WAN/Internet interface
goes nowhere without a good reason: DMZ, UPnP, or port
forwarding/triggering.

   It's not so much that the router "blocks" incoming connection
requests; it's more that, without some kind of help, it has no idea
where (on the LAN) to direct them.  The external system has only your
(single) public IP address with which to work, so it has no way to
address any particular device on your LAN.

   Typical Internet-of-Junk gizmos establish an _outgoing_ connection to
a (cloud) server someplace, and that's not restricted by default.  NAT
handles that stuff.

> Thank you again for your valuable support.

   I live to serve.  If you ever do discover how to exploit that WAN
Ethernet port, please post.