i dont see how you can prevent access to either router when everything is on the same physical network. only way i can possibly see that work is with VLANs, and i know your routers/switches dont have that.

so with that said, everything sounds normal except not being able to ping from client to client...unless you have firewall turned on on clients.