packets routed by the switch or router?

networking router

I have a simple question which involves understanding of the purpose of a router.

I've got a small business which consists of several PCs and a router which are all connected to the same 24-port swtich. Occasionally, all PCs on my LAN get disconnected; they can't reach each other or any servers. Power cycling the switch usually fixes.

What I was wondering is whether this problem could be caused by the router which is also our DHCP server. If PC-A pings or connects to Server-A, does router have anything to do with this connection? I assumed since PC-A and Server-A are on the same physical network and same switch, the packets get routed by the switch, but not the router. Is this correct? Can I assume in this case that the fault lies either within cabling, switch or the computers?


You are correct that the switch is not "routing the packets". "Packet" is a term generally used to refer to layer 3 of the OSI 7 layer network model. The switch will presumably "switch" traffic at layer 2, using MAC addresses. The router should only come into the equation for traffic leaving your local network, i.e., out towards the Internet. Routing at layer 3 is between logical networks (typically IP networks) but at layer 2, the local network, we are simply switching.

If a reboot of the switch fixes your problem then you are likely having a layer 1 (physical layer) or layer 2 (data link layer) problem.

I would change some cables, change the switch, move devices around in wall ports and switch ports, and run some packets captures to try and narrow down the source of the issue.


I'm assuming your setup is like this:

                                |------Server  
__________   ________     ______|
|Internet|---|Router|----|Switch|  
__________   ________     ______|
                                |-----------Clients

A router routes packets to different IP subnets. It's a layer 3 device.

If you have everything on the same layer 2 Ethernet switch, then there's no routing necessary, which means that the traffic will never reach the router. The only time traffic will hit the router is if it needs to be routed, i.e. leave your L2 switch.


There's one (admittedly rare) way in which the router could be the fault...when a network node needs to reach another local node, there's a process called ARP (Address Resolution Protocol) where the Ethernet (or MAC) address is determined from the IP address. This is done via a broadcast - the requesting node sends a broadcast asking "who owns this IP?" The server with that IP then responds - with its source MAC address in the response - and the client then sends the packet to that MAC address.

It's possible that the router, or another node on your network, is responding to ARP requests for IPs that it doesn't own. You can detect this by running "arp" at the command line, which will show you these cached entries. If you can't reach a server and you see an ARP entry for its IP on the client, check that machine's settings and make sure the MAC address you see is correct for that host.

Related

Can the dns' domain be in its own spf record?
Why does strace open, read 512 bytes, and THEN fstat libncurses?
Why would adding a datafile cause a deadlock in Oracle?
Risks of Network Partitioning When a Split Brain Creates a Security Flaw
Do I need an MX record for email forwarding?
How to add a tag to an autoscale spun EC2 instance using boto?
Redis Master and Slave usage
Can our firewall detect traffic sniffing inside the network?
Samba share accessible via IP address, but not via hostname
How to test validity of an environment variable with bash checking if it exists and is is true?
How can I start a program from a login batch script if the Command Prompt is disabled?
Taking two actions in monit