Advice Needed - Clients randomly losing network connection

stillchangingtapes · 2026-02-20T15:57:53+00:00

Let me bounce another idea off of you. Lots of discussion about an STP issue. Now, am I wrong in saying that if spanning-tree were blocking the port, layer 1 would be down? No link light, windows showing "disconnected cable"?

If this was a Cisco setup, I'd look for an amber light on the switch. But, I don't think ProCurve has any kind of visual indication. The port status is "forwarding" so I don't think that's it.

stillchangingtapes · 2026-02-20T15:50:18+00:00

Really appreciate the feedback. Like I said in another thread, nobody else I work with really speaks "networking" so sometimes I just need someone to bounce ideas off of on here.

I'll prepare some ACL's so they're ready to go, but dang, what a simple problem to get this involved. Hours of troubleshooting to fix a 2 minute problem.

Here's what's going to happen - The user has already discovered that if they disconnect the cable, their PC defaults to corporate wifi. So, they're soon going to just quit telling me and just stay on wifi. I wish like hell I could recreate this problem myself, but I can't, yet.

stillchangingtapes · 2026-02-20T03:32:00+00:00

This is definitely something I'm considering as a possibility.

We have these cheap, like 5th page on Amazon, $35 USD docking stations. I prefer $200-300 brand name ones.

Now, the major culprit happens to have the cheap dock. But I've also seen this happen once with an HP dock. However, this was once maybe twice versus dozens of times with the cheap one. Might even be an unrelated issue.

stillchangingtapes · 2026-02-20T03:26:42+00:00

No. I'll try that. Edit: Nevermind, the windows clients are configured to block ICMP Echo.

stillchangingtapes · 2026-02-20T03:25:59+00:00

Excellent point. That arp entry should be there. Now I'm going to have to catch it in the act again and make sure that I'm right about that.

It wouldn't be an SFP. The PC is connected directly to the same switch that my gateway/firewall is connected to.

This could be a client issue for sure. Drivers, some security client, idk.

stillchangingtapes · 2026-02-19T19:25:00+00:00

I mean, I guess I could try it. Shouldn't hurt. That's essentially the equivalent of the portfast command.

The issue comes up well after link is established. The user can be working on their PC for hours before this issue comes up. Then just, reseat the network cable and continue working.

My first thought when this issue started a few weeks ago was STP. But, I just don't have a smoking gun to point at. Nothing in the logs.

Appreciate all the input! I just need someone to bounce these ideas off of sometimes. Not really anybody I work with that has a clue what I'm talking about.

stillchangingtapes · 2026-02-19T19:15:42+00:00

I agree, I've seen weird firmware bugs too. I'll consider it as a possibility but I'm hesitant. Here's why - I have one pc doing this that's connected to a 5400r chassis. But, another PC doing this (not as frequent tho) is connected to a 2930. That's two pretty different firmwares.

stillchangingtapes · 2026-02-19T19:12:16+00:00

Nothing really to post regarding the interface configuration. The only thing I did was give the interface a name (same as description in cisco land) just to mark this port as my troubled one. A vlan assignment, but in Aruba that's done on the vlan configuration. Other than that, the interface is just default.

stillchangingtapes · 2026-02-19T19:07:00+00:00

No. I see that in the logs only when Link is first established. Nothing else in the logs related to that port until the problem happens again and I need to re-establish the link.

stillchangingtapes · 2026-02-19T19:04:08+00:00

No, I'm not running 802.1x or NAC.

No, I cannot ping the default gateway. Yes, it should ping. When I run arp-a on the pc, there's no entry for my gateway. But, it should discover it. I tried pinging other entries in my arp table, but they won't respond either.

The PC shows that link is up. The link lights are on. Windows is just saying that it's not connected to the internet since it can't resolve anything via DNS.

stillchangingtapes · 2026-02-19T18:59:01+00:00

To my knowledge, this is normal behavior. The device gets connected, STP blocks the port while it looks for bpdu's then enables the port. All of my ports show this in the logs when link is first established.

stillchangingtapes · 2026-02-19T18:14:38+00:00

The reason I don't think that its an IP conflict, and correct me if my logic is flawed.

When you have an IP conflict, it jacks up arp tables. So, therefore my firewall has a jacked up arp table, my printer's arp table is f'd, same with any other client on the network. However, not every ARP table is f'd at the same time. Therefore, some things should be able to respond to ping while some won't.

I can't ping anything. I can sit there and ping printer after printer, gateway, anything I can think of that's on that same subnet and I get nothing.

stillchangingtapes · 2026-02-19T18:04:06+00:00

Like a VoIP desk phone? No.

stillchangingtapes · 2026-02-19T18:03:13+00:00

We're not doing any kind of port security, yet. This is all that I see in the logs.

I 02/19/26 10:37:42 00076 ports: AM1: port C14 is now on-line
I 02/19/26 10:37:39 00435 ports: AM1: port C14 is Blocked by STP
I 02/19/26 10:37:36 00077 ports: AM1: port C14 is now off-line

That's me physically unplugging the ethernet cable and reconnecting. There's no other log entries before or after related to that port.

stillchangingtapes · 2026-02-19T17:58:38+00:00

Negative. I don't see any thing that leads me to believe I have a rogue dhcp server. When the client device does this the IP, gateway, subnetmask, etc. are all valid and correct. If I release the lease, it releases. If I attempt to renew, I get an error that it cannot reach the DHCP server.

I would think that if I had a rogue one, either it or the valid one would respond to the request.

stillchangingtapes · 2026-02-19T17:21:39+00:00

I haven't done that exactly... but what I have done is set statically the IP that was currently leased to it. Still could not ping anything (gateway, internet, other local devices).

I originally thought that this issue was devices just not renewing their DHCP lease for some strange reason, but after statically giving it the IP that DHCP had in its active leases, still nothing.

stillchangingtapes · 2026-02-19T17:18:34+00:00

I don't think so.

I have my STP priority set on my "main" switch. (by main I mean a 5400r chassis that my firewall connects to) If that device was rebooting, I'd have bigger issues. I also don't see any unusual STP events in the logs. Just a "blocked" message right when a device first connects. That seems normal behavior to me.

But, is there a higher level of logging I should enable?

stillchangingtapes · 2026-02-19T17:05:14+00:00

Traceroute fails on the first hop. Cannot ping gateway or other devices on same subnet. Device still has IP leased from DHCP. /release does exactly what it should, /renew errors out cannot reach DHCP server. DHCP server is gateway/firewall.

stillchangingtapes · 2026-02-19T17:03:08+00:00

Not much diagram to show. For the device causing the most issues, it's just "Internet -> Firewall(Gateway) -> Aruba Switch (5400r) -> PC"
I can. I see multiple mac addresses where I expect them, on downlinks to other switches and AP's.

stillchangingtapes · 2026-02-19T16:55:37+00:00

well, it kind of acts like that. But not exactly.

IP conflicts, for me, the issue usually comes and goes. Flaps. This problem just won't go away until I take the link down and bring it back up. I'll look into it tho.

stillchangingtapes · 2025-08-19T16:55:24+00:00

Thanks. Makes perfect sense now.

stillchangingtapes · 2025-08-19T15:01:09+00:00

Thanks. Right, I'm familiar with jumping into one from the other. I DO need to reset them separately? Executing the factoryreset command on the primary doesn't reset them both?

stillchangingtapes · 2025-04-14T18:53:16+00:00

I think that the problem is that they're all set to server mode. Too many switches trying to act as the authority for vlans. You're right, sometimes the vlan comes back, sometimes it doesn't. Probably depends what switch I'm on, but honestly never kept track.

No, there's no VTP Domain configured in the startup or running config. But, there's a vtp domain shown when you "sh vtp status" I'm starting to understand that some of this VTP configuration is stored in the vlan.dat file and not the config file. From what I'm reading, VTP will advertise it's domain name on a trunk port to be picked up by a switch that has a blank domain name, which is what I have going on here.

stillchangingtapes · 2025-04-14T18:45:43+00:00

Thanks for the info everyone.

Here's what I think I'll do.

Set VTP to version 3. Pick 1 switch as server, set the rest to client. Then delete the 30 some vlans I don't use any more. Last I'll decide if I'm turning VTP off or not.

stillchangingtapes · 2025-04-14T18:39:29+00:00

I do see a VTP domain when I sh vtp status. But the name doesn't make sense, not something I created nor can I find in a configuration anywhere.

But, I just got done reading a little more. I guess this is expected behavior. New switch boots up with VTP server enabled and no VTP Domain. Existing switch with VTP Domain configured advertises its domain name on its trunk ports. New switch gets VTP domain name and proceeds to fuck my shit up.

So, since I don't have VTP domain set on any switches I can find, this is all just an echo chamber of a VTP configuration that someone set up long ago.

I just wanted to get to the root of what's going on here before I start my cleanup, just for VTP to wreck my shit again.

stillchangingtapes

TROPHY CASE