Layer 1 - Ethernet cable, wall jacks, ports in a device. Electrical signaling characteristics.
Layer 2 - Ethernet framing, Media Access Control addresses.
Layer 3 - IP packets, IP addresses.
You can remove any layer and replace it with another (although Layer 1/2 are usually tied together too much for this to be practical, or possible). One example would be removing 10BaseT Ethernet as your Layer 1/2 technology and replacing it with FDDI, or ATM, or 100BaseTX Etherner.
Layer 3 is where routers operate. They know how to talk between IP subnets. They also have to know how to talk Layer 2 and Layer 1, so that they can get data out onto the physical wire, framed properly.
Routers maintain tables of IP address to MAC address assignements, so they know how to address the Layer 2 part of Ethernet frames when they're transmitted out onto the wire. When IPX was prevalent, they did the same thing for IPX. IPX is a dying Layer 3 protocol that even the creators, Novell, have decided to leave by the wayside. Most other Layer 3 protocols are also dying out, due to IP's dominance.
Switches, true switches, are Layer 1/2 devices. They have no idea what an IP address is, where it is inside the Ethernet frame (or Token Ring frame, or FDDI frame), or what to do if they see one. The only IP address some switches understand is their own management IP address. That's it.
Two machines talking across a switch are known to the switch by their Layer 2 MAC address. And they're seen as frames, not as packets. It's an important distinction. When a frame comes into a switch, it is possible for the switch to strip off the frame header and trailer, then repackage the date held within (the packet) into a new frame and send it out on a different Layer 1/2 technology. Good example would be an Ethernet to Token Ring switch, or an Ethernet to FDDI switch. Used to be that this process was handled by a multiprotocol bridge. Switches are decendants of bridges - more ports, faster speeds, etc.
Switches allow you to place each device on its own collision domain. A collision domain is the set of devices that vie for access to the local transmission medium. When you're directly connected to a switch port, the collision domain becomes you and the switch port.
Routers understand Layer 3. They talk IP, IPX, Appletalk, etc. They understand the logical subnetting that occurs at Layer 3. They use routing protocols (for those Layer 3 protocols that are routable) to manage figuring out how to get from one subnet to another, even if it isn't directly accessable via the router's interfaces. Routers can figure out how to get from, say, a 192.168.1.0 subnet to, say, the 10.0.0.0 network. If that's not possible, they can tell the host sending data that no, it isn't possible (ICMP Network Unreachable message, where ICMP stands for Internet Control Message Protocol).
Routers allow you to break up large networks into many smaller networks. One thing you need to keep in mind is that most Layer 3 protocols have a mechanism for communicating with other devices on the same subnet, without sending the data to each device individually. This is broadcast traffic. No matter how small your collision domains are, your PC could be inside a large broadcast domain. Every Address Resolution Protocol broadcast message (used to find the Layer 2 address of a device) goes to ALL devices in a broadcast domain. Say you have 10,000 machines you need to network, and you have what was considered to be a Class B address (roughly 65,000 individual IP addresses). Sure, you could put them all on the same IP subnet. Then, when any ONE machine ARPed for a Layer 2 address, ALL 10,000 would get that ARP request (as part of the spec, a device cannot ignore a broadcast frame). Routing updates, which are usually broadcast, would go to ALL 10,000 machines, even if they didn't listen to routing updates. You can see how this could easily overload a network.
What's done is that the Class B address is subnetted into many smaller IP subnets, allowing one to place machines that talk to each other frequently together on the same wire, and put machines that don't talk together often on separate wires. ARPs don't get sent to all 10,000 machines, as routers sit between the subnet, "lying" about the whereabouts of machines. Say you decide to subnet 172.16.0.0 into 254 networks of 254 hosts (24bit network mask, 8 bits for the host address). If your IP is 172.16.25.4 and you ARP for 172.16.3.72, the router on the 172.16.25.0 subnet will reply saying that it is 172.16.3.72. In reality, it'll take the data from 172.16.25.4 and send it along to 172.16.3.72, provided it knows where it lives.
Routers also allow you to connect dissimilar IP subnets together. This allows for such "tricks" as Network Address Translation. There are three subnet ranges that are NOT routeable across the Internet proper (
http://www.faqs.org/rfcs/rfc1918.html)- 192.168.x.x, 10.x.x.x, and 172.16.x.x to 172.31.x.x. You're free to use these subnets inside your organization any way you see fit, so long as they NEVER get broadcast to the Internet. What cable/DSL routers like the LinkSys and Netgear boxes do is take your public Internet-routeable IP address, and, using Network Address Translation (
http://www.faqs.org/rfcs/rfc2663.html), takes a private address space (usually the router's set up to use the 192.168.0.0 subnet), assigns your machines addresses in that range, then translates all your requests so that they look like they're coming from your one Internet-routable IP address.
In summary:
Switches break up collision domains. They do not understand IP addresses within Ethernet frames. They know devices by MAC address.
Routers break up broadcast domains. They understand IP, as well as underlying Layer 1/2 technologies. They are used to connect dissimilar IP subnets together.
Note that all of this is a GROSS SIMPLIFICATION of what routers and switches are CAPABLE of doing, and how they do it.
Hope this helps.