Skip to main content



Geoffrey Carr


今天的問答環節由SuperUser提供,這是Stack Exchange的一個細分,Stack Exchange是一個社區驅動的問答網站分組。




There is an argument within my office about how smart/efficient the network we have set up really is. We have a fiber line and a cable line running into a load balancing router, which has a hardware firewall and a 64 port switch connected to it. Each of our workstations are connected to the switch (about 30 machines) plus an NAS and a couple of internal test servers (all assigned 192.168.0.x addresses).

If workstation A wants to communicate with workstation B, is our network smart enough to go:

A → Switch → B and only travel via the first most common connection, or would the path be A → Switch → Firewall → Router → Firewall → Switch → B and have to use that full route every time?



超級用戶貢獻者Ben N和Nathan Adams為我們提供了答案。首先,Ben N:

Routers are not necessary unless your traffic needs to move to a different subnet. When a computer wants to send some IP traffic to a different machine on its subnet, it needs the recipient’s MAC address, since IP addresses are not a thing at the switch level/layer (Layer 2 of the OSI model).

If it does not know the MAC address, it broadcasts an ARP request saying, “Hey, whoever has this IP address, could you tell me your MAC address please?” When the machine gets a response, that address is then attached to the packet, and the switch uses it to send the packet out via the correct physical port.

When the destination is not on the same subnet, routers need to be involved. The sender gives the packet to the appropriate router (usually the default gateway unless you have special routing needs), which sends it through the network to the intended recipient.

Unlike switches, routers know about and have IP addresses, but they also have MAC addresses and that is the MAC address that initially gets put on packets that need routing (MAC addresses never leave the subnet).

You can see router IP addresses in the gateway column of the output of route print on Windows. Destinations that do not require routing have On-link there.

接下來是Nathan Adams的回答:

If two computers are connected to the same VLAN on a switch and share the same subnet mask, the switch should deliver the packet without hitting your firewall or router.

You can verify this by running tracert 192.168.0.X (assuming you are using Windows) and you should see a direct route to that system.

有什麼要補充說明嗎?在評論中發聲。想要從其他精通技術的Stack Exchange用戶那裡閱讀更多答案嗎?在這裡查看完整的討論主題。