Networking

MSP Toolkit
Practical troubleshooting paths for MSP technicians dealing with real-world support failures.

What This Category Covers

Networking tickets should separate physical/link state, IP assignment, DNS, routing, firewall policy, VLAN tagging, and application reachability. Test by IP and hostname before changing infrastructure.

First Layer to Isolate

IP layer first, then DNS, route, firewall/VLAN, and application port.

Useful Tools, Logs, and Portals

  • ipconfig /all
  • nslookup
  • ping/tracert
  • route print
  • Firewall logs
  • Switch/AP controller
  • DHCP scopes

Before You Escalate

  • Source/destination identified
  • IP and hostname tests compared
  • VLAN/firewall path checked
  • Recent network changes reviewed

Articles in This Path

Pick the closest symptom and work from there.

802.1X wired authentication fails after switch firmware updateAlways On VPN device tunnel connects but user tunnel failsAlways-on VPN profile deploys but tunnel does not start before logonApplication publish rule works by IP not FQDNClient receives APIPA address even though DHCP scope has free leasesConditional forwarder works from domain controllers but not DNS management test toolConditional forwarder works on one server onlyConference room SSID works until more than twenty devices connectDHCP failover pair healthy but one scope stops issuing leasesDHCP lease updates fail after credential account lockoutDHCP option for VoIP phones applies at headquarters but not branch scopeDHCP reservations present but wrong scope hands out addressesDHCP scope has leases available but clients self-assignDNS & DHCP alerts indicate success while end-user experience never changesDNS & DHCP configuration survives testing but resets after restart or syncDNS & DHCP credential or certificate rotation breaks an existing integrationDNS & DHCP feature works in web app but fails in desktop clientDNS & DHCP healthy dashboard status masks a failing production workflowDNS & DHCP logging shows delivery yet the target workflow never completesDNS & DHCP new deployment works for pilot group but not for production rolloutDNS & DHCP policy change applies in admin console but target users never receive itDNS & DHCP quarantine or protection action triggers but recovery workflow failsDNS & DHCP workflow succeeds for one account but fails for shared or delegated accessDNS scavenging removes active record for appliance with static IP reservationDNSSEC validation breaks only one third-party SaaS domain lookupEdge firewall firmware upgrade resets one custom application ruleFirewall geo-block policy stops vendor access from approved country rangeFirewall HA pair stays synchronized but secondary fails takeover testFirewall HA pair syncs config but not session stateFirewall rules present but traffic still blockedFirewalls & Routing alerts indicate success while end-user experience never changesFirewalls & Routing configuration survives testing but resets after restart or syncFirewalls & Routing connector health looks normal but data stops syncingFirewalls & Routing credential or certificate rotation breaks an existing integrationFirewalls & Routing feature works in web app but fails in desktop clientFirewalls & Routing healthy dashboard status masks a failing production workflowFirewalls & Routing logging shows delivery yet the target workflow never completesFirewalls & Routing new deployment works for pilot group but not for production rolloutFirewalls & Routing policy change applies in admin console but target users never receive itFirewalls & Routing quarantine or protection action triggers but recovery workflow failsFirewalls & Routing workflow succeeds for one account but fails for shared or delegated accessGeo block enabled but approved vendor traffic also blockedGuest VLAN clients receive lease but no DNS serversGuest Wi-Fi portal loads slowly only on Apple devicesHome user VPN drops every hour on the dotInter-VLAN routing works for ping but not for HTTPS sessionsInternal DNS record resolves correctly on servers but not on Wi-Fi clientsInternal DNS zone replicates but one domain controller serves stale recordsInternal website resolves to old server for one subnet onlyL2TP or SSTP VPN broken after ISP modem swapLoop detected warnings after moving conference room switchManaged switch port flaps when docking station connects multiple monitorsNew ISP circuit installed but outbound policy still uses old WANNew switch stack forms but VLAN tagging is inconsistentOffice guest Wi-Fi captive portal loops foreverOutbound SMTP relay blocked because egress policy matches wrong object groupPoE switch powers phones but access points reboot under peak loadPort forward works externally but internal hairpin access failsPrinters renew DHCP but keep old DNS hostnamePTR records missing and backup software fails verification

Application publish rule works by IP not FQDN

Submitted by Anonymous (not verified) on

Field Summary

Application publish rule works by IP not FQDN is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

New ISP circuit installed but outbound policy still uses old WAN

Submitted by Anonymous (not verified) on

Field Summary

New ISP circuit installed but outbound policy still uses old WAN is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Firewall HA pair syncs config but not session state

Submitted by Anonymous (not verified) on

Field Summary

Firewall HA pair syncs config but not session state is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Site to site tunnel up but only one subnet passes traffic

Submitted by Anonymous (not verified) on

Field Summary

Site to site tunnel up but only one subnet passes traffic is a Firewalls & Routing ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

SSID visible but authentication fails for only one security group

Submitted by Anonymous (not verified) on

Field Summary

SSID visible but authentication fails for only one security group is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. Start with the exact sign-in attempt and policy result; password resets without log evidence often create a second problem.

Loop detected warnings after moving conference room switch

Submitted by Anonymous (not verified) on

Field Summary

Loop detected warnings after moving conference room switch is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

VoIP phones lose power after switch firmware upgrade

Submitted by Anonymous (not verified) on

Field Summary

VoIP phones lose power after switch firmware upgrade is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Office guest Wi-Fi captive portal loops forever

Submitted by Anonymous (not verified) on

Field Summary

Office guest Wi-Fi captive portal loops forever is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

New switch stack forms but VLAN tagging is inconsistent

Submitted by Anonymous (not verified) on

Field Summary

New switch stack forms but VLAN tagging is inconsistent is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Wireless clients roam but lose Teams audio during handoff

Submitted by Anonymous (not verified) on

Field Summary

Wireless clients roam but lose Teams audio during handoff is a Wi-Fi & Switching ticket where the visible symptom can be misleading. Network tickets should be split into link, IP assignment, DNS, route, VLAN/firewall policy, and application reachability. Green status on one layer does not prove the path works. The fastest path is to identify which layer changed and prove it with logs or a repeatable test.

Subscribe to Networking