Systematic approach to diagnosing and resolving network connectivity issues in MSP environments.

The OSI Model Troubleshooting Approach

Always troubleshoot from Layer 1 (Physical) upward:

  1. Physical Layer: Cables, ports, lights
  2. Data Link Layer: MAC addresses, switches, VLANs
  3. Network Layer: IP addresses, routing, gateways
  4. Transport Layer: TCP/UDP ports, firewalls
  5. Application Layer: Services, protocols, authentication

Layer 1: Physical Connectivity

Check Physical Connection

Visual Inspection

  • Check cable connections (seated properly?)
  • Check link lights on NIC and switch
  • Look for damaged cables or bent pins

Test Commands

Lang: powershell 
1# Windows: Check adapter status
2Get-NetAdapter | Select-Object Name, Status, LinkSpeed
3
4# Check cable diagnostics (if supported)
5Get-NetAdapterAdvancedProperty -Name "Ethernet" | Where-Object {$_.DisplayName -like "*Cable*"}
Lang: bash 
1# Linux: Check link status
2ip link show
3ethtool eth0
4
5# Check interface statistics for errors
6ip -s link show eth0

Common Physical Issues

  • No Link Lights: Bad cable, bad port, disabled interface
  • Amber/Orange Lights: Speed/duplex mismatch, errors
  • Green Lights: Good connection
  • Flashing Lights: Active traffic (normal)

VLAN Configuration

Check VLAN Assignment

Lang: bash 
1# Cisco switch: Show VLAN info
2show vlan brief
3show interfaces trunk
4
5# Show MAC address table
6show mac address-table

Windows VLAN Tagging

Lang: powershell 
1# Check VLAN ID
2Get-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "VLAN ID"
3
4# Set VLAN ID
5Set-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "VLAN ID" -DisplayValue "10"

MAC Address Issues

Find MAC Address

Lang: powershell 
1# Windows
2Get-NetAdapter | Select-Object Name, MacAddress
3ipconfig /all
4
5# Linux
6ip link show
7ifconfig -a

Check ARP Cache

Lang: cmd 
1# Windows
2arp -a
3
4# Clear ARP cache
5arp -d *
Lang: bash 
1# Linux
2ip neigh show
3
4# Clear ARP cache
5ip neigh flush all

Switch Port Issues

Check Switch Port Status (Cisco)

Lang: bash 
1show interface status
2show interface Gi0/1
3show interface Gi0/1 switchport
4
5# Check for errors
6show interfaces counters errors

Common Switch Port Problems

  • err-disabled: Port shut down due to error (port security, spanning tree)
  • notconnect: Physical layer down
  • disabled: Administratively down

Re-enable err-disabled Port

Lang: bash 
1# Cisco
2conf t
3interface GigabitEthernet0/1
4shutdown
5no shutdown
6exit

Layer 3: IP Connectivity

Check IP Configuration

Windows

Lang: cmd 
1ipconfig /all

Linux

Lang: bash 
1ip addr show
2ip route show

Test Connectivity

Ping Tests

Lang: cmd 
 1# Test loopback (confirms TCP/IP stack working)
 2ping 127.0.0.1
 3
 4# Test local IP (confirms NIC working)
 5ping YOUR_IP_ADDRESS
 6
 7# Test default gateway (confirms local network)
 8ping GATEWAY_IP
 9
10# Test external DNS (confirms internet connectivity)
11ping 8.8.8.8
12
13# Test external hostname (confirms DNS working)
14ping google.com

Traceroute

Lang: cmd 
1# Windows
2tracert google.com
3
4# Linux/Mac
5traceroute google.com

Static Route Issues

View Routing Table

Lang: cmd 
1# Windows
2route print
3
4# Linux
5ip route show
6netstat -rn

Add Static Route

Lang: cmd 
1# Windows (persistent)
2route -p ADD 10.0.0.0 MASK 255.255.255.0 192.168.1.1
3
4# Linux (persistent, add to /etc/network/interfaces or NetworkManager)
5ip route add 10.0.0.0/24 via 192.168.1.1

MTU Issues

Test MTU Size

Lang: cmd 
1# Windows (1472 + 28 header = 1500 MTU)
2ping -f -l 1472 google.com
3
4# Linux
5ping -M do -s 1472 google.com

Set MTU

Lang: powershell 
1# Windows
2Set-NetIPInterface -InterfaceAlias "Ethernet" -NlMtuBytes 1500
3
4# Linux
5ip link set dev eth0 mtu 1500

Layer 4: Port and Firewall Issues

Check Listening Ports

Windows

Lang: cmd 
1# Show all listening ports
2netstat -ano
3
4# Show specific port
5netstat -ano | findstr :443
6
7# PowerShell alternative
8Get-NetTCPConnection -State Listen

Linux

Lang: bash 
1# Show all listening ports
2ss -tulpn
3netstat -tulpn
4
5# Check specific port
6ss -tulpn | grep :443

Test Port Connectivity

Telnet Test

Lang: cmd 
1# Test if port is open
2telnet webserver.com 443

PowerShell Test

Lang: powershell 
1# Test TCP connection
2Test-NetConnection -ComputerName webserver.com -Port 443
3
4# More detailed test
5Test-NetConnection -ComputerName webserver.com -Port 443 -InformationLevel Detailed

Nmap Port Scan (from external system)

Lang: bash 
1# Scan specific ports
2nmap -p 80,443 webserver.com
3
4# Scan common ports
5nmap -F webserver.com
6
7# Full port scan
8nmap -p- webserver.com

Windows Firewall

Check Firewall Status

Lang: powershell 
1Get-NetFirewallProfile | Select-Object Name, Enabled
2
3# Show firewall rules
4Get-NetFirewallRule | Where-Object {$_.Enabled -eq 'True'}
5
6# Check specific port rule
7Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*Port 443*"}

Add Firewall Rule

Lang: powershell 
1# Allow inbound port
2New-NetFirewallRule -DisplayName "Allow Port 443" -Direction Inbound -LocalPort 443 -Protocol TCP -Action Allow
3
4# Block outbound connection
5New-NetFirewallRule -DisplayName "Block Telnet" -Direction Outbound -LocalPort 23 -Protocol TCP -Action Block

Disable Firewall (Temporarily for testing)

Lang: powershell 
1Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

DNS Troubleshooting

Check DNS Configuration

Windows

Lang: powershell 
 1Get-DnsClientServerAddress
 2
 3# Test DNS resolution
 4Resolve-DnsName google.com
 5nslookup google.com
 6
 7# Flush DNS cache
 8Clear-DnsClientCache
 9ipconfig /flushdns
10
11# View DNS cache
12Get-DnsClientCache

Linux

Lang: bash 
1# View DNS servers
2cat /etc/resolv.conf
3
4# Test DNS
5nslookup google.com
6dig google.com
7host google.com

Advanced DNS Testing

Query Specific DNS Server

Lang: cmd 
1nslookup google.com 8.8.8.8

Query Specific Record Types

Lang: cmd 
 1# A record (IPv4)
 2nslookup -type=A google.com
 3
 4# AAAA record (IPv6)
 5nslookup -type=AAAA google.com
 6
 7# MX record (mail)
 8nslookup -type=MX google.com
 9
10# NS record (nameservers)
11nslookup -type=NS google.com

Using dig (more detailed)

Lang: bash 
 1# Simple query
 2dig google.com
 3
 4# Query specific server
 5dig @8.8.8.8 google.com
 6
 7# Trace DNS resolution path
 8dig +trace google.com
 9
10# Reverse DNS lookup
11dig -x 8.8.8.8

DHCP Issues

Windows DHCP Client

Release and Renew

Lang: cmd 
1ipconfig /release
2ipconfig /renew
3
4# Show DHCP lease info
5ipconfig /all

Check DHCP Server

Lang: powershell 
1Get-NetIPConfiguration | Select-Object InterfaceAlias, DHCPServer

Linux DHCP Client

Release and Renew

Lang: bash 
1# dhclient
2dhclient -r eth0
3dhclient eth0
4
5# NetworkManager
6nmcli connection down "Wired connection 1"
7nmcli connection up "Wired connection 1"

Wi-Fi Specific Issues

Check Wireless Signal

Windows

Lang: cmd 
1netsh wlan show interfaces

Linux

Lang: bash 
1iwconfig
2iw dev wlan0 link

Wireless Troubleshooting

Reset Wireless Adapter

Lang: powershell 
1# Windows
2Restart-NetAdapter -Name "Wi-Fi"
3
4# Reset wireless stack
5netsh winsock reset
6netsh int ip reset

Forget Network

Lang: cmd 
1# Windows
2netsh wlan delete profile name="NetworkName"

VPN Troubleshooting

Check VPN Connection

Windows

Lang: powershell 
1Get-VpnConnection
2
3# Test VPN connectivity
4Test-NetConnection -ComputerName vpn.company.com -Port 443

Common VPN Issues

Split Tunnel Problems

Lang: powershell 
1# Check routing table for VPN routes
2route print
3
4# Add route for split tunnel
5route ADD 10.0.0.0 MASK 255.255.0.0 VPN_GATEWAY_IP

IPsec/IKEv2 Issues

Lang: powershell 
1# Check IPsec policies
2Get-NetIPsecMainModeSA
3Get-NetIPsecQuickModeSA

Network Performance Issues

Bandwidth Testing

iPerf Test (requires iPerf server)

Lang: bash 
1# Client test
2iperf3 -c server.company.com
3
4# With specific duration and parallel streams
5iperf3 -c server.company.com -t 30 -P 4

Packet Loss Testing

Continuous Ping

Lang: cmd 
1# Windows
2ping -t google.com
3
4# Linux
5ping google.com

PathPing (Windows - combines ping + traceroute)

Lang: cmd 
1pathping google.com

Check for Packet Drops

Windows

Lang: powershell 
1Get-NetAdapterStatistics | Select-Object Name, ReceivedBytes, SentBytes, ReceivedUnicastPackets, ReceivedDiscardedPackets

Linux

Lang: bash 
1ip -s link show eth0
2ethtool -S eth0

Common Network Problems & Solutions

IssueCauseSolution
No internet, local network worksDefault gateway/routingCheck gateway, routes
Intermittent connectivityDHCP lease expiringSet static IP or check DHCP
Slow performanceBandwidth saturation, QoSCheck bandwidth usage, QoS policies
Can ping IP but not hostnameDNS failureCheck DNS servers, hosts file
Connection times outFirewall blockingCheck firewall rules
Port unreachableService not listeningCheck service status, binding

Network Documentation Template

When troubleshooting, document:

Lang: 
Date/Time: 
Issue: 
User/Computer: 
IP Address: 
MAC Address: 
VLAN: 
Switch/Port: 
Tests Performed:
- [ ] Physical connectivity
- [ ] IP configuration
- [ ] Gateway ping
- [ ] DNS resolution
- [ ] Specific port test
Results:
Resolution:

Essential Tools

  • ping: Basic connectivity testing
  • traceroute/tracert: Path discovery
  • nslookup/dig: DNS queries
  • netstat/ss: Port and connection status
  • tcpdump/Wireshark: Packet capture and analysis
  • nmap: Port scanning and discovery
  • iperf: Bandwidth testing
  • curl: HTTP testing

Additional Resources