Docs / Knowledgebase

Network Troubleshooting Guides

Hands-on guides for switching, routing, firewalls, VPNs, wireless, and monitoring — all written from real field debugging sessions.

Switching & VLANs

Layer 2 issues, VLAN mismatch, access/trunk errors, STP.

Access Port Not Passing Traffic

When a single host cannot reach the gateway but switch looks fine.


# Cisco
show interface status
show run interface Gi0/1
show vlan brief

# Checklist
- Correct VLAN?
- VLAN allowed on uplink trunk?
- Port err-disabled?

Inter-VLAN Routing Not Working

SVIs up, but VLANs cannot talk to each other.


show ip interface brief
show run | sec interface Vlan
show ip route

# Common issues
- SVI down?
- Missing default gateway?
- ACL blocking inter-VLAN?

Routing

Static routes, routing loops, one-way ping, path debugging.

Static Route Not Being Used

Route exists but traffic takes another path.


show ip route
show ip route 10.10.10.0

# Why ignored?
- Lower admin distance?
- More specific route exists?
- Wrong next-hop?

One-Way Reachability Issue

Host A → B works, B → A fails.


# Check ARP both sides
show arp

# Routing path
traceroute 10.10.10.1

# Source ping
ping 10.10.20.10 source 10.10.10.1

Firewalls & VPN

IPSec issues, NAT problems, policy debugging.

IPSec Tunnel Not Coming Up

Phase 1 & 2 validation for Cisco ↔ FortiGate.


# Cisco
show crypto ikev2 sa
show crypto ipsec sa

# FortiGate
diagnose vpn ike gateway list
diagnose debug application ike -1
diagnose debug enable

Tunnel Up But No Traffic

Tunnel is established, but subnets cannot communicate.


# Phase 2 validation
diagnose vpn tunnel list

# Debug flow
diagnose debug flow filter addr 10.10.10.5
diagnose debug flow trace start 20

Wireless

AP join issues, VLAN mapping, roaming failures.

AP Not Joining Controller

Common root causes for SmartZone / Ruckus AP join failures.


# Checklist
- AP to controller reachability?
- DNS / controller discovery correct?
- Firmware mismatch?

# Logs
show ap all
show log

SSID Working Only On One VLAN

Clients fail to obtain DHCP or wrong subnet.


# Verify
- AP trunk VLAN tagging?
- DHCP scope alive?
- Firewall blocking LAN <-> WLAN?

Monitoring & Tools

Using ping, traceroute, SNMP, graphs.

Slow Internet Complaints

A structured process instead of random speedtests.


# Basic
ping 8.8.8.8
tracert 8.8.8.8

# On FW
show interface | inc drops|errors
show bandwidth

High Latency To Specific Sites

Identify whether issue is local or upstream.


# Steps
- Compare ping gateway / 8.8.8.8 / target
- Check traceroute hop differences
- Review NMS graphs (LibreNMS, Cacti)

Lab & Simulation

GNS3, EVE-NG, Virtual networks.

GNS3 VM Not Reachable

Ping works VM → host but fails host → firewall?


# Checklist
- Right Cloud adapter? (Bridge / Host-only)
- Static route on host?
- Windows firewall blocking?

# Inside lab
ping host from router
check NAT on Cloud node