How smart is my network?
Routers aren't necessary unless your traffic needs to move to a different subnet. When a computer wants to send some IP traffic to a different machine on its subnet, it needs the recipient's MAC address, since IP addresses aren't a thing at a switch's layer (Layer 2 of the OSI model). If it doesn't know the MAC address, it broadcasts an ARP request, saying "hey, whoever has this IP address, could you tell me your MAC address please?" When the machine gets a response, that address is then attached to the packet, and the switch uses it to send the packet out the right physical port.
When the destination isn't on the same subnet, routers need to get involved. The sender gives the packet to the appropriate router (usually the default gateway, unless you have special routing needs), which sends it through the network to the intended recipient. Unlike switches, routers know about and have IP addresses, but they also have MAC addresses, and that's the MAC address that initially gets put on packets that need routing. (MAC addresses never leave the subnet.)
You can see router IP addresses in the Gateway column of the output of route print
on Windows. Destinations that don't require routing have On-link
there.
If 2 computers are connected to the same vlan on a switch and share the same subnet mask - the switch should deliver the packet without hitting your firewall or router.
You can verify this by running tracert 192.168.0.X
(assuming Windows) and you should see a direct route to that system.
Almost certainly, the communication path would be A ↔︎ switch ↔︎ B, not going through the firewall and router. Assuming that workstations A and B have IP addresses with the same network and netmask, they should be able to interact with no router involved, because the switch knows how to forward packets. You should be able to verify that there are no intermediate hops between A and B by running traceroute ip_address_of_B
from a command prompt on A. (On Windows, the command would be tracert
instead of traceroute
.)
That said, alternative scenarios are possible, but less likely.
In the old days, before Ethernet switches were prevalent, there were Ethernet hubs. Hubs work the same way, except that they would unintelligently duplicate and forward incoming Ethernet packets out through every single port of the hub, instead of out of the appropriate port as a switch would. If you had a hub instead of a switch, then the router would see (and ignore) all traffic between A and B. Of course, such indiscriminate packet forwarding creates a lot of unnecessary traffic, and Ethernet hubs are uncommon these days.
Another possible (but unlikely) scenario is that the switch could be configured to do port isolation. That would force each workstation's traffic to go through the router. You might want to do that if you considered the workstations to be hostile to each other — for example, ports at a public library or in separate hotel rooms — and you don't want them to be able to directly communicate at all. In an office environment, though, it's very unlikely that your network administrator has set it up that way.
To answer your question in layman's terms: the network should naturally do the "right thing" in your case. However, it could be deliberately reconfigured to do a different "right thing". As a corollary to that, it could also be accidentally misconfigured to do a dumb thing.