network hardware

Partially, ARP packets do not go over the local network with hypervisors - how to find who does not let through?

Configuration: two Cisco 2950 switches, two hypervisors running Windows Server 2012R2, two VMs on them, working as firewalls, one on each host, connected in a corosync/pacemaker cluster. Other VMs are also located on hypervisors. The internal network has several VLANs, they all go through trunk ports from switches to hypervisor ports and to both firewalls. I caught a strange problem the other day: one of the firewalls sees half of the network, the second seems to see the whole, but a few days later they switched places. Diagnostics looks like this: arping 172.xyz -I eth1.VLAN works on one VM, but not on the second, while arping 172.xyw (neighboring address) is already visible on both. After some time, the first VM starts receiving ARP packets. Question: how to catch where in the network stack packets are lost?
EDIT: the site is remote, to come and re-switch something is not an option.