CCNA FAQs Asked in Networking Interviews [2025]

Network Fundamentals

1. What is a network?

A network is a collection of interconnected devices (computers, routers, switches) that communicate to share resources and data using protocols like TCP/IP. Example: A LAN connecting office PCs.

2. What is the OSI model, and why is it important?

The OSI (Open Systems Interconnection) model is a 7-layer framework (Physical, Data Link, Network, Transport, Session, Presentation, Application) standardizing network communication. It aids troubleshooting and interoperability. Example: Layer 3 (Network) handles IP routing.

3. How does the TCP/IP model differ from the OSI model?

TCP/IP has 4 layers (Link, Internet, Transport, Application) versus OSI’s 7. It’s practical, mapping directly to protocols like IP (Internet) and TCP (Transport), while OSI is theoretical.

4. What is an IP address?

A unique numerical identifier for devices in a network (e.g., 192.168.1.10). IPv4 uses 32 bits; IPv6 uses 128 bits for more addresses.

5. What is the difference between IPv4 and IPv6?

• IPv4: 32-bit, ~4.3 billion addresses (e.g., 192.168.1.1).
• IPv6: 128-bit, vast address space (e.g., 2001:db8::1). IPv6 supports auto-configuration and eliminates NAT.

6. What is a MAC address?

A 48-bit hardware identifier for devices at the Data Link layer (e.g., 00:1A:2B:3C:4D:5E). Unique to each NIC, used for local network communication.

7. What is the purpose of a subnet mask?

Divides an IP address into network and host portions (e.g., 255.255.255.0 for /24). It enables efficient IP allocation and routing. Example: 192.168.1.0/24.

8. What are private IP addresses?

Non-routable IPs for internal networks:

• Class A: 10.0.0.0–10.255.255.255
• Class B: 172.16.0.0–172.31.255.255
• Class C: 192.168.0.0–192.168.255.255
  Used with NAT for internet access.

9. What is the role of a default gateway?

A router that forwards packets to external networks (e.g., 192.168.1.1). Devices send non-local traffic to it.

10. What is DNS, and how does it work?

DNS (Domain Name System) translates domain names (e.g., google.com) to IP addresses (e.g., 142.250.190.78). A client queries a DNS server, which resolves via recursive or iterative lookups.

Data Link Layer and Switching

11. What is a switch, and how does it function?

A switch operates at Layer 2, forwarding frames based on MAC addresses using a MAC address table. It segments collision domains, improving LAN performance.

12. What is the difference between a hub, switch, and router?

• Hub: Layer 1, broadcasts to all ports, no intelligence.
• Switch: Layer 2, forwards based on MAC, reduces collisions.
• Router: Layer 3, routes packets using IP addresses.

13. What is a VLAN, and what are its benefits?

A Virtual LAN segments a network logically without separate hardware, reducing broadcast domains, improving security, and simplifying management. Example: VLAN 10 for HR, VLAN 20 for IT.

14. How do you configure a VLAN on a Cisco switch?

Switch# configure terminal
Switch(config)# vlan 10
Switch(config-vlan)# name HR
Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Assigns port fa0/1 to VLAN 10. Verify: show vlan brief.

15. What is the Spanning Tree Protocol (STP)?

STP prevents switching loops by blocking redundant paths, ensuring a loop-free topology. It elects a root bridge and calculates shortest paths.

16. What is a trunk port?

Carries traffic for multiple VLANs between switches, tagged with VLAN IDs (e.g., 802.1Q). Example: switchport mode trunk on Cisco switches.

17. What is the difference between access and trunk ports?

• Access Port: Connects to end devices, carries one VLAN’s traffic (untagged).
• Trunk Port: Connects switches, carries multiple VLANs (tagged).

18. What is EtherChannel?

Combines multiple physical links for redundancy and higher bandwidth. Example:

interface port-channel 1
interface range fa0/1 - 2
channel-group 1 mode active

19. What is a broadcast storm?

Uncontrolled broadcast/multicast traffic overwhelming a network, often caused by loops. STP mitigates this.

20. What is the purpose of the MAC address table?

Stores MAC addresses and associated ports for frame forwarding. Populated via learning. View: show mac address-table.

Routing and Network Layer

21. What is a router, and what does it do?

A Layer 3 device that forwards packets between networks using IP addresses and routing tables. Example: Routes traffic from LAN to WAN.

22. What is routing, and what are its types?

Routing directs packets from source to destination. Types:

• Static: Manually configured (e.g., ip route 10.0.0.0 255.255.255.0 192.168.1.1).
• Dynamic: Uses protocols like OSPF or RIP.

23. What is ARP, and how does it work?

Address Resolution Protocol maps IP addresses to MAC addresses in a LAN. A device broadcasts an ARP request; the target replies with its MAC.

24. What is the difference between static and dynamic routing?

• Static: Fixed routes, simple but not scalable.
• Dynamic: Adapts to changes via protocols (e.g., OSPF, BGP), scalable but complex.

25. What is OSPF, and how does it operate?

Open Shortest Path First is a link-state routing protocol using Dijkstra’s algorithm to calculate shortest paths. Routers exchange LSAs to build topology maps.

26. How do you configure OSPF on a Cisco router?

Router# configure terminal
Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0

Enables OSPF for 192.168.1.0/24 in area 0. Verify: show ip ospf neighbor.

27. What is RIP, and why is it less preferred?

Routing Information Protocol uses hop count for routing. Limited to 15 hops, slower convergence makes it less suitable for large networks compared to OSPF or EIGRP.

28. What is EIGRP?

Enhanced Interior Gateway Routing Protocol is a Cisco proprietary protocol using bandwidth and delay metrics. Faster convergence than RIP. Example: router eigrp 100.

29. What is a routing table?

Stores destination networks, next-hop IPs, and metrics. View: show ip route. Example: C 192.168.1.0/24 is directly connected.

30. What is the purpose of NAT?

Network Address Translation maps private IPs to public IPs for internet access, conserving address space. Types: Static, Dynamic, PAT.

Transport Layer

31. What is the difference between TCP and UDP?

• TCP: Connection-oriented, reliable, ordered (e.g., HTTP).
• UDP: Connectionless, faster, unreliable (e.g., DNS, streaming).

32. What are the primary functions of the Transport layer?

Provides end-to-end communication, reliability (TCP), flow control, and multiplexing via ports. Example: TCP ensures HTTP data delivery.

33. What is a port, and how is it used?

A 16-bit number identifying applications/services (e.g., 80 for HTTP). Used for multiplexing. View: netstat -tuln.

34. What is the three-way handshake in TCP?

Establishes a connection:

1. SYN: Client sends sequence number.
2. SYN-ACK: Server acknowledges and sends its sequence number.
3. ACK: Client acknowledges. Ensures reliable communication.

35. What is network latency?

Delay in data transmission, caused by distance, congestion, or processing. Measured via ping. Example: High latency slows VoIP calls.

36. What are the differences between simplex, half-duplex, and full-duplex?

• Simplex: One-way (e.g., radio).
• Half-Duplex: Two-way, not simultaneous (e.g., walkie-talkie).
• Full-Duplex: Simultaneous two-way (e.g., Ethernet).

37. What is the purpose of a window in TCP?

Controls data flow by defining the amount of unacknowledged data. Example: Large window improves throughput.

38. What is the difference between unicast, multicast, and broadcast?

• Unicast: One-to-one (e.g., HTTP request).
• Multicast: One-to-many (e.g., video streaming).
• Broadcast: One-to-all (e.g., ARP).

39. What is MTU, and why is it important?

Maximum Transmission Unit defines the largest packet size. Default: 1500 bytes. Mismatched MTUs cause fragmentation, slowing networks.

40. What is data encapsulation?

Adding headers/trailers to data at each OSI layer (e.g., Ethernet frame at Layer 2, IP header at Layer 3). Reverse is de-encapsulation.

Network Security

41. What is a firewall, and how does it work?

Filters traffic based on rules (e.g., allow port 80, block others). Example: Cisco ASA uses access control lists (ACLs).

42. How do you configure an ACL on a Cisco router?

Router(config)# access-list 100 permit tcp any host 192.168.1.10 eq 80
Router(config)# interface fa0/0
Router(config-if)# ip access-group 100 in

Allows HTTP to 192.168.1.10. Verify: show access-lists.

43. What is AAA in networking?

Authentication, Authorization, Accounting. Manages user access, permissions, and logs. Example: Configured via RADIUS or TACACS+.

44. What is VPN, and how does it work?

Virtual Private Network creates encrypted tunnels over public networks. Example: IPsec VPN encrypts data between sites.

45. What is the difference between public and private IP addresses?

• Public: Routable on the internet (e.g., 8.8.8.8).
• Private: Non-routable, used internally (e.g., 192.168.1.1). NAT bridges them.

46. What is Cisco Discovery Protocol (CDP)?

Discovers Cisco devices, sharing info like hostname, IP, and platform. Enable: cdp enable. View: show cdp neighbors.

47. What is network congestion, and how is it mitigated?

Overloaded network causing delays. Mitigated via QoS, bandwidth upgrades, or traffic shaping. Example: Prioritize VoIP traffic.

48. What is HSRP?

Hot Standby Router Protocol provides gateway redundancy. Example:

interface vlan 10
standby 1 ip 192.168.1.254

Creates a virtual IP for failover.

49. What is the purpose of a DMZ?

Demilitarized Zone hosts public-facing services (e.g., web servers) with restricted access to internal networks, enhancing security.

50. What is a packet sniffer?

Captures network traffic for analysis (e.g., Wireshark). Used for troubleshooting or monitoring. Example: Capture HTTP packets on port 80.

Routing Protocols

51. What is BGP, and why is it important?

Border Gateway Protocol routes between autonomous systems (e.g., ISPs). Uses attributes like AS path for decisions. Critical for internet routing.

52. What is the difference between RIPv1 and RIPv2?

• RIPv1: Classful, no subnet masks, broadcasts updates.
• RIPv2: Classless, supports VLSM, multicasts updates. RIPv2 is more efficient.

53. What is route redistribution?

Shares routes between different routing protocols (e.g., OSPF to EIGRP). Configured carefully to avoid loops.

54. What is split horizon?

Prevents routing loops by not advertising routes back to the source interface. Used in RIP, EIGRP. Example: Avoids redundant updates.

55. What is administrative distance?

Determines route preference (e.g., OSPF: 110, RIP: 120). Lower values are preferred. View: show ip route.

56. What is a stub area in OSPF?

Limits external routes to reduce routing table size. Configured with:

area 1 stub

57. What is route poisoning?

Sets unreachable routes to infinite metric (e.g., 16 in RIP) to prevent use. Mitigates loops.

58. What is the difference between IGP and EGP?

• IGP: Internal Gateway Protocol (e.g., OSPF, RIP) for intra-AS routing.
• EGP: External Gateway Protocol (e.g., BGP) for inter-AS routing.

59. How do you verify routing protocol operation?

• OSPF: show ip ospf neighbor.
• EIGRP: show ip eigrp neighbors.
• RIP: show ip rip database. Ensures adjacency and route exchange.

60. What is VRF?

Virtual Routing and Forwarding creates isolated routing tables for network segmentation. Example: Separate customer traffic.

Switching Technologies

61. What is PoE, and how is it used?

Power over Ethernet delivers power to devices (e.g., IP phones) via Ethernet cables. Configured on Cisco switches: power inline auto.

62. What is BPDU Guard?

Protects STP by shutting down ports receiving unexpected BPDUs, preventing topology changes. Enable: spanning-tree portfast bpduguard.

63. What are the modes of PAGP and LACP?

• PAGP: Cisco’s Port Aggregation Protocol (auto, desirable).
• LACP: Standard (active, passive). Used for EtherChannel. Example: channel-group 1 mode active.

64. What is a collision domain?

Area where frames can collide. Switches reduce collision domains by creating one per port, unlike hubs.

65. What is a broadcast domain?

Area where broadcasts are forwarded. VLANs segment broadcast domains to reduce traffic.

66. What is the Cisco switch boot sequence?

1. POST: Checks hardware.
2. Boot loader: Loads IOS.
3. IOS initialization: Loads config.
   View: show version for boot details.

67. What is VLAN Trunking Protocol (VTP)?

Automates VLAN configuration across switches. Modes: Server, Client, Transparent. Example: vtp mode server.

68. How do you configure inter-VLAN routing?

Using a router (Router-on-a-Stick):

interface fa0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0

Routes between VLANs 10 and 20.

69. What is a switchport’s default mode?

Dynamic Auto, negotiates access or trunk. Set explicitly: switchport mode access.

70. What is DTP?

Dynamic Trunking Protocol negotiates trunking state (auto, desirable). Disable for security: switchport nonegotiate.

Wireless and Mobility

71. What is a wireless access point (AP)?

Connects wireless devices to a wired network, operating at Layer 2. Configured with SSID and security (e.g., WPA3).

72. What is the difference between 2.4 GHz and 5 GHz Wi-Fi?

• 2.4 GHz: Longer range, more interference, slower (up to 600 Mbps).
• 5 GHz: Shorter range, less interference, faster (up to 1.3 Gbps). Used in dense environments.

73. What is WPA3?

Wi-Fi Protected Access 3 provides stronger encryption (SAE) and protects against brute-force attacks, improving on WPA2.

74. What is a wireless controller?

Manages multiple APs, handling configuration, roaming, and security. Example: Cisco WLC centralizes AP management.

75. What is SSID?

Service Set Identifier is the name of a Wi-Fi network. Multiple SSIDs can be configured per AP for segmentation.

Network Management and Automation

76. What is SNMP, and what are its functions?

Simple Network Management Protocol monitors devices. Functions:

• Get/Set: Retrieve or modify data.
• Traps: Notify issues. Example: snmp-server enable traps.

77. What is Syslog?

Logs network device events for monitoring. Example: Configure on Cisco: logging host 192.168.1.100.

78. What is network automation, and why is it important in 2025?

Uses tools like Ansible or Python to automate configuration and monitoring. Saves time, reduces errors in large-scale networks.

79. How do you use Python for network automation?

Example: Use Netmiko to configure a Cisco switch:

from netmiko import ConnectHandler
device = {
    'device_type': 'cisco_ios',
    'ip': '192.168.1.1',
    'username': 'admin',
    'password': 'cisco'
}
connection = ConnectHandler(**device)
connection.send_config_set(['interface fa0/1', 'description LINK_TO_CORE'])

80. What is Cisco DNA Center?

A platform for network management, automation, and analytics. It simplifies configuration and monitoring via GUI.

Troubleshooting and Diagnostics

81. How do you troubleshoot connectivity issues?

Steps:

1. Check physical connections.
2. Verify IP: ping 192.168.1.1.
3. Check routing: show ip route.
4. Inspect ACLs: show access-lists.

82. What is the purpose of ping?

Tests reachability and latency. Example: ping 8.8.8.8 checks internet connectivity.

83. What is traceroute vs. tracert?

Both trace packet paths. traceroute (Linux) uses UDP/ICMP; tracert (Windows) uses ICMP. Example: traceroute google.com.

84. How do you check interface status on a Cisco device?

show interfaces

Shows status (up/down), errors, and traffic stats.

85. What is the role of debug commands?

Enable real-time diagnostics. Example: debug ip packet logs packet activity. Disable: undebug all.

86. How do you troubleshoot a VLAN issue?

1. Verify VLAN: show vlan brief.
2. Check port assignment: show running-config.
3. Ensure trunking: show interfaces trunk.

87. What is packet loss, and how do you diagnose it?

Dropped packets due to congestion or errors. Diagnose: ping -c 10 192.168.1.1 or mtr 8.8.8.8 to identify loss points.

88. How do you verify NAT operation?

show ip nat translations

Lists active translations (e.g., private to public IPs).

89. What is the difference between show running-config and show startup-config?

• Running-config: Current, in-memory configuration.
• Startup-config: Saved, loads on boot. Save: write memory.

90. How do you troubleshoot OSPF neighbor issues?

Check:

1. Adjacency: show ip ospf neighbor.
2. Network types: show ip ospf interface.
3. Area mismatch: show running-config.

Advanced and Emerging Technologies

91. What is Software-Defined Networking (SDN)?

Separates control and data planes, centralizing management (e.g., via Cisco ACI). Improves scalability and automation.

92. What is VXLAN?

Virtual Extensible LAN encapsulates Layer 2 frames in Layer 3 packets, enabling large-scale VLANs in data centers.

93. What is Network Function Virtualization (NFV)?

Virtualizes network services (e.g., firewalls, routers) on commodity hardware, reducing costs and improving flexibility.

94. What is Intent-Based Networking (IBN)?

Automates network configuration based on business intent. Cisco DNA Center uses IBN for policy-driven management.

95. What is the role of APIs in networking?

Enable automation and integration. Example: REST APIs in Cisco devices for programmatic configuration.

Practical Scenarios

96. How do you configure a static route?

ip route 10.0.0.0 255.255.255.0 192.168.1.1

Routes 10.0.0.0/24 via 192.168.1.1. Verify: show ip route.

97. How do you secure a Cisco device?

• Disable unused ports: shutdown.
• Enable SSH: ip ssh version 2.
• Use ACLs: access-list 10 deny any.
• Set passwords: enable secret cisco.

98. What is Frame Relay?

Legacy WAN technology using virtual circuits (DLCI). Replaced by MPLS or SD-WAN in modern networks.

99. What is LMI in Frame Relay?

Local Management Interface signals link status between router and Frame Relay switch. Types: Cisco, ANSI, Q933A.

100. How do you configure a DHCP server on a Cisco router?

ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8

Assigns IPs in 192.168.1.0/24. Verify: show ip dhcp binding.

101. What is the difference between a hub and a switch in terms of collision domains?

• Hub: Single collision domain, all ports share bandwidth.
• Switch: One collision domain per port, full-duplex eliminates collisions.

102. How do you prepare for a CCNA performance-based interview?

• Hands-On Practice: Use Packet Tracer or GNS3 to simulate VLANs, OSPF, ACLs.
• Understand Commands: Master show, configure, and debug.
• Scenarios: Practice troubleshooting (e.g., misconfigured VLANs).
• Cert Objectives: Study CCNA 200-301 topics (routing, switching, security).
• Explain Clearly: Describe configurations step-by-step to show expertise.

Tips to Ace Your CCNA Interview

• Lab Practice: Build topologies in Packet Tracer or GNS3 to master configurations.
• Command Fluency: Memorize key Cisco IOS commands (show ip route, show vlan).
• Understand Protocols: Explain OSPF, VLANs, or NAT clearly.
• Stay Updated: Learn 2025 trends like SDN, automation, and IPv6.
• Certifications: Highlight CCNA 200-301 or related Cisco credentials.
• Scenario-Based Prep: Practice real-world tasks like troubleshooting connectivity or securing devices.