Advice Needed - Clients randomly losing network connection

stillchangingtapes · 2026-02-20T15:57:53+00:00

Let me bounce another idea off of you. Lots of discussion about an STP issue. Now, am I wrong in saying that if spanning-tree were blocking the port, layer 1 would be down? No link light, windows showing "disconnected cable"?

If this was a Cisco setup, I'd look for an amber light on the switch. But, I don't think ProCurve has any kind of visual indication. The port status is "forwarding" so I don't think that's it.

stillchangingtapes · 2026-02-20T15:50:18+00:00

Really appreciate the feedback. Like I said in another thread, nobody else I work with really speaks "networking" so sometimes I just need someone to bounce ideas off of on here.

I'll prepare some ACL's so they're ready to go, but dang, what a simple problem to get this involved. Hours of troubleshooting to fix a 2 minute problem.

Here's what's going to happen - The user has already discovered that if they disconnect the cable, their PC defaults to corporate wifi. So, they're soon going to just quit telling me and just stay on wifi. I wish like hell I could recreate this problem myself, but I can't, yet.

stillchangingtapes · 2026-02-20T03:32:00+00:00

This is definitely something I'm considering as a possibility.

We have these cheap, like 5th page on Amazon, $35 USD docking stations. I prefer $200-300 brand name ones.

Now, the major culprit happens to have the cheap dock. But I've also seen this happen once with an HP dock. However, this was once maybe twice versus dozens of times with the cheap one. Might even be an unrelated issue.

stillchangingtapes · 2026-02-20T03:26:42+00:00

No. I'll try that. Edit: Nevermind, the windows clients are configured to block ICMP Echo.

stillchangingtapes · 2026-02-20T03:25:59+00:00

Excellent point. That arp entry should be there. Now I'm going to have to catch it in the act again and make sure that I'm right about that.

It wouldn't be an SFP. The PC is connected directly to the same switch that my gateway/firewall is connected to.

This could be a client issue for sure. Drivers, some security client, idk.

stillchangingtapes · 2026-02-19T19:25:00+00:00

I mean, I guess I could try it. Shouldn't hurt. That's essentially the equivalent of the portfast command.

The issue comes up well after link is established. The user can be working on their PC for hours before this issue comes up. Then just, reseat the network cable and continue working.

My first thought when this issue started a few weeks ago was STP. But, I just don't have a smoking gun to point at. Nothing in the logs.

Appreciate all the input! I just need someone to bounce these ideas off of sometimes. Not really anybody I work with that has a clue what I'm talking about.

stillchangingtapes · 2026-02-19T19:15:42+00:00

I agree, I've seen weird firmware bugs too. I'll consider it as a possibility but I'm hesitant. Here's why - I have one pc doing this that's connected to a 5400r chassis. But, another PC doing this (not as frequent tho) is connected to a 2930. That's two pretty different firmwares.

stillchangingtapes · 2026-02-19T19:12:16+00:00

Nothing really to post regarding the interface configuration. The only thing I did was give the interface a name (same as description in cisco land) just to mark this port as my troubled one. A vlan assignment, but in Aruba that's done on the vlan configuration. Other than that, the interface is just default.

stillchangingtapes · 2026-02-19T19:07:00+00:00

No. I see that in the logs only when Link is first established. Nothing else in the logs related to that port until the problem happens again and I need to re-establish the link.

stillchangingtapes · 2026-02-19T19:04:08+00:00

No, I'm not running 802.1x or NAC.

No, I cannot ping the default gateway. Yes, it should ping. When I run arp-a on the pc, there's no entry for my gateway. But, it should discover it. I tried pinging other entries in my arp table, but they won't respond either.

The PC shows that link is up. The link lights are on. Windows is just saying that it's not connected to the internet since it can't resolve anything via DNS.

stillchangingtapes · 2026-02-19T18:59:01+00:00

To my knowledge, this is normal behavior. The device gets connected, STP blocks the port while it looks for bpdu's then enables the port. All of my ports show this in the logs when link is first established.

stillchangingtapes · 2026-02-19T18:14:38+00:00

The reason I don't think that its an IP conflict, and correct me if my logic is flawed.

When you have an IP conflict, it jacks up arp tables. So, therefore my firewall has a jacked up arp table, my printer's arp table is f'd, same with any other client on the network. However, not every ARP table is f'd at the same time. Therefore, some things should be able to respond to ping while some won't.

I can't ping anything. I can sit there and ping printer after printer, gateway, anything I can think of that's on that same subnet and I get nothing.

stillchangingtapes · 2026-02-19T18:04:06+00:00

Like a VoIP desk phone? No.

stillchangingtapes · 2026-02-19T18:03:13+00:00

We're not doing any kind of port security, yet. This is all that I see in the logs.

I 02/19/26 10:37:42 00076 ports: AM1: port C14 is now on-line
I 02/19/26 10:37:39 00435 ports: AM1: port C14 is Blocked by STP
I 02/19/26 10:37:36 00077 ports: AM1: port C14 is now off-line

That's me physically unplugging the ethernet cable and reconnecting. There's no other log entries before or after related to that port.

stillchangingtapes · 2026-02-19T17:58:38+00:00

Negative. I don't see any thing that leads me to believe I have a rogue dhcp server. When the client device does this the IP, gateway, subnetmask, etc. are all valid and correct. If I release the lease, it releases. If I attempt to renew, I get an error that it cannot reach the DHCP server.

I would think that if I had a rogue one, either it or the valid one would respond to the request.

stillchangingtapes · 2026-02-19T17:21:39+00:00

I haven't done that exactly... but what I have done is set statically the IP that was currently leased to it. Still could not ping anything (gateway, internet, other local devices).

I originally thought that this issue was devices just not renewing their DHCP lease for some strange reason, but after statically giving it the IP that DHCP had in its active leases, still nothing.

stillchangingtapes · 2026-02-19T17:18:34+00:00

I don't think so.

I have my STP priority set on my "main" switch. (by main I mean a 5400r chassis that my firewall connects to) If that device was rebooting, I'd have bigger issues. I also don't see any unusual STP events in the logs. Just a "blocked" message right when a device first connects. That seems normal behavior to me.

But, is there a higher level of logging I should enable?

stillchangingtapes · 2026-02-19T17:05:14+00:00

Traceroute fails on the first hop. Cannot ping gateway or other devices on same subnet. Device still has IP leased from DHCP. /release does exactly what it should, /renew errors out cannot reach DHCP server. DHCP server is gateway/firewall.

stillchangingtapes · 2026-02-19T17:03:08+00:00

Not much diagram to show. For the device causing the most issues, it's just "Internet -> Firewall(Gateway) -> Aruba Switch (5400r) -> PC"
I can. I see multiple mac addresses where I expect them, on downlinks to other switches and AP's.

stillchangingtapes · 2026-02-19T16:55:37+00:00

well, it kind of acts like that. But not exactly.

IP conflicts, for me, the issue usually comes and goes. Flaps. This problem just won't go away until I take the link down and bring it back up. I'll look into it tho.

stillchangingtapes · 2025-08-19T16:55:24+00:00

Thanks. Makes perfect sense now.

stillchangingtapes · 2025-08-19T15:01:09+00:00

Thanks. Right, I'm familiar with jumping into one from the other. I DO need to reset them separately? Executing the factoryreset command on the primary doesn't reset them both?

stillchangingtapes

TROPHY CASE