This article talks about CCNA Interview questions which are mostly asked in job interviews.
Everyone prefers to have certified people as network engineer in there organization and CCNA is best certification to prove your competency as a network professional.

Once you complete the CCNA examination, people expects you to understand networking in real time fashion and they also expects you to resolve there daily operational issue (related to networking).

I have took many interviews in my life. So based out of my experience, I am going to describe CCNA interview questions which will definitely help you guys to clear any interview in any organization. Best of luck 🙂

Question 1.

What is difference or correlation between spanning tree protocol and trunk link?

Spanning tree protocol is a layer 2 protocol which is used to avoid switching loop and to create redundant path between switch to switch link. Trunk link is a link which carry traffic of multiple vlans.

STP and trunk are very much related to each other because if we connect two switches with two different links, STP will block one path and keep the traffic moving from first path only. That’s where trunk link will come in picture.
when you have multiple vlans configured on switch 1 and switch 2 but you have only 1 link active between the two switch (as STP will block the other link)

We have to use that link only for sending traffic of all the vlans. That is why trunk port comes in picture.

Question 2.

Why do you need Vlans and what is difference between vlans and subnet?


Both Vlans and subnet are used to reduce unnecessary broadcast in network. As we know switch default function is to send broadcast for all unknown destinations so if we device our switch ports in small segment, broad will reduce to that respective port only.
For example :- we have a 24 port switch, so whenever any machine wants to send data to machine which is not in these 24 ports, this will go as a broadcast packet to all ports and will effect on switch performance (create bottleneck).

Now, if we device these 24 ports into 3 vlans (vlan 1 for port 1 to 8, vlan 2 for port 9 to 16, vlan 3 for port 17 to 24), all broadcast from all vlans will be limited to those 8 ports only.


Another advantage of heaving vlans and subnet is to make sure, authorise people will have access to authorise resources. For example, if we keep port 1 to 6 in one vlan for team A and port 6 to 12 in another vlan team B, you will have security layer in your LAN network. All users from team a (port 1 to 6) will never be able to access any data or resources from another team members.


Eventually vlans and subnet does the same function. Only difference is vlan mostly work on layer 2 but subnet is a layer 3 functionality.

We use vlans to separate LAN traffic but subnet is used to diversify connection from source to destination based on its IP and class it belongs to.


Question 3.

What is your daily roles and responsibilities?


I am working as a network engineer in …. Organization. We monitor and manage customer network remotely via network monitoring tool solarwinds.

We get alerts for all small or major events in our monitoring tool. So based on severity / priority of event, we need to work upon fix the issue.

We follow ITIL V3 best practises for incident management and change management. So once the alert comes in, we will recheck and verify its priority based on number of users effected, business impact and reassign the correct priority to the ticket.

We work to fix the issue within given time frame in SLA (for example critical issue needs to be resolved in 2 hours, major in 4 hours minor in 10 hours etc)


Question 4.

Why would you recommend EIGRP and what are its features?


EIGRP has complete picture of entire network running with EIGRP autonomous number.
It maintains 3 tables in his database i.e. topology table which consists of ‘connectivity diagram of entire EIGRP AS’, Neighbour table, which talks about the directly connected routers to EIGRP protocol and Routing table which saves all best path for all the destinations.
EIGRP protocol take bandwidth and delay as matrix for calculating best path but it has BW, load, reliability, delay and cost as option for best route selection.

As we all know EIGRP runs only on cisco router that’s why it has fastest convergence time compare to all other protocols.

Question 5.

If a router learns route from EIGRP, OSPF and IGRP which router it will prefer and why?


It will prefer EIGRP because it’s AD value is lesser then OSPF and IGRP.

Question 6.

Explain the Root bridge selection in STP ?

STP decides the root bridge based in lowest priority value (which is by default 32768 + no. of vlans) or with COST which is mostly same if we using same interface all round between switches.

Maximum time the MAC address becomes the tie breaker in winning the STP election. Whomever has lower MAC address will become Root Bridge.

Question 7.

How do you explain different stages of a switch port (explain with regards to STP)?


Switch has four different stages, listening, learning, forwarding and blocking.
Listening stage – delete all the information which the port has with it.
Learning stage – learn all new updates from new topology where it is connected now.

Forwarding – start sending data from the port

Block – stop sending any data from port.

Question 8

What is duplex mismatch error and how will you resolve it as a network engineer?


We normally see duplex mismatch very often in our monitoring tool.

Duplex mismatch talks about the situation where the speed from switch port to the other end device (may be router or end point or server) is not matching.

We normally calls site contact to check the port status and make it same on both the direction to resolve the issue.

For example :-
Switch port fast Ethernet 0/1 is connected to server eth 0 port.  We will check if the switch port is configured as half duplex or full duplex on switch port. If it is half duplex then the server port should also be half and vise versa.

Once we see this alert, we raise a change request to change the duplex setting on switch side, in case server admin has to change the port speed to full duplex from server, we will ask them to do it.

Most likely interview will ask this question next

Question 9

What other issues you see on LAN side apart from duplex mismatch and how do you resolve that? (CCNP – Switching level question)

Answer :-

We often see port in error disable mode which normally comes in if we have configured port security on switches.
We call the site contact to verify if the port is connected to the right device or not. Once he verifies that there is some device change happened and now we need to connect this switch port to another device, we raise a change request to configure port security for another device.

Question 10.

Can you create an ACL on a router? If yes then why do you need a firewall?

Question 11.

What is actual need of Firewall?

Answer :-

Router works as L3 device which is responsible for making successful connection between two different networks. Whereas firewall works mostly on layer 4 which is responsible for disconnecting the unauthorized access from any source to any destination.

Router’s primary function is to process routing data which is continuously passing from internal/external world. That’s why router doesn’t hold or maintain any session table or connection table.
We can create ACLs on router as well but each time when data would be passing through router, it will check the corresponding ALCs each and every time.

Firewall maintains connection table which contains details of all incoming/outgoing traffic from all source to destination. Once data passes through firewall it saves that ‘as active connection’ in database so that when the destination packet comes back to firewall it doesn’t need to check ALCs again, it simply allows it seeing connection table.

Apart from these Firewall can inspect traffic till application layer which router can’t do, that’s another reason of keeping FW within a network.

Question 12.

What is a MPLS network and why do we need it? (Explain in brief)
(ccnp routing level question)


MPLS is mostly used in ISP where the source machine (MPLS switch) will generate a binary number for each packet called as label to send packet across the MPLS environment.

The reason of MPLS getting so much popularity is because ISP has to deal with multiple customer all the time and all customer has their own type of traffic. For example, customer 1 is sending IPX packet and customer 2 sending appletalk packet, customer 3 is sending multicast traffic etc.

And ISP has to customize its routing for all of them which was always an overhead and also creates latency over internet. That’s the main reason of heaving MPLS on internet links.

MPLS traffic talks about encapsulating all types of packet coming from different origins such as IP packet or IPX or appletalk packet or a multicast packet and converting it into a new packet which will flow within MPLS network with very fast speed.

MPLS ignores IP address in the packet and forward the packet based on the LABLE which is given by MPLS.

When you use frame based MPLS is called as frame mode which works on
Ethernet and whenever you use cell based MPLS (like ATM) is called as cell
mode MPLS.

Question 13.

What is Network Address translation and types of NAT?


Since we have private IP series which can be used by anyone in his LAN, sending those IPs over internet will create confusion.

For example :- is a private IP address any one can use it.

If organization A, organization B and Organization C is using it in LAN, it has to be limited to the internal network only. can be used in many organization and if we allow it to talk to internet on , many request from same IP will go to  google which will lead to traffic manipulation. That’s why we use NAT to translate private IP to public IP.

Mostly people are using port address translation (PAT) using the source port as mechanism to identify origin and destination of request.

Question 14

If an organization is looking for 12 host for his network and you have subnet. How many bits you will borrow from network?

Answer :-

We need to borrow 4 bits from network portion as they looking for only 12 host in their network.
2 power N – 2 , that is 2 power 4 – 2 that is 16 – 2 equals to 14.

His network will look like below :-

Network IP                     First host IP              Last host IP               Broadcast IP                

Question 15.

How can you trouble shoot and isolate LAN issue and WAN issue?

 Answer :-

Steps to follow for trouble shooting
1) Source IP and mask
2) destination IP and mask

3) if source and destination are in same network then it can’t be a network

4) ping from source to destination (if it works then network is UP)

5) traceroute the destination and see where packet is dropping.

6) Check the corresponding port where switch is connected and check & verify
L2 configuration on it (like port security/vlan status etc)

7) Check if the duplex setting is proper on port or not.
1) If the packet dropping after our network over the internet than it’s an ISP
link issue.

2) Check the serial link status (or whatever port we terminated internet link).

3) If you have eigrp routing protocol running, check the neighbour status by
putting sh eigrp nei command

4) If the queue count is high that means we have issues in the link between the
two EIGRP routers.


Thanks & Best of Luck,
Ravi Sultanekar,
Security Architect,
Founder of IT Security Mentor (ITSM),
CCNA, CCNA Security, CCIE Security,
CCSA, CCSE (Checkpoint), ITIL V3,
ISO 27001 Lead Auditor, CEH, Prince 2
Email :-

%d bloggers like this: