Networking Interview Questions

Networking Interview Questions: 30 Important Questions + 20 Scenario-Based Questions

Part 1: 30 Important Networking Questions with Detailed Answers

1. Explain the OSI Model and its layers. Why is it important?

Answer:

The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes network communication into 7 layers.

The 7 Layers (Bottom to Top):

Layer	Name	Function	Example Protocols/Devices
7	Application	User interface, network services	HTTP, FTP, SMTP, DNS
6	Presentation	Data formatting, encryption, compression	SSL/TLS, JPEG, ASCII
5	Session	Session management, authentication	NetBIOS, RPC, SMB
4	Transport	End-to-end communication, reliability	TCP, UDP
3	Network	Routing, logical addressing	IP, ICMP, Routers
2	Data Link	Physical addressing, error detection	Ethernet, MAC, Switches
1	Physical	Raw bit transmission	Cables, Hubs, Repeaters

Encapsulation Process:

Data → Segments (L4) → Packets (L3) → Frames (L2) → Bits (L1)
Application → Transport → Network → Data Link → Physical

Why OSI Matters:

Troubleshooting: Isolate problems to specific layers
Interoperability: Different vendors can work together
Standardization: Clear boundaries for protocol development
Cloud Mapping: Helps understand networking in AWS/Azure/GCP

Cloud Mapping Example:

Physical/Data Link: AWS Direct Connect, Azure ExpressRoute
Network: VPC, Subnets, Route Tables
Transport: Load Balancers (ALB/NLB), Security Groups
Application: API Gateway, CloudFront

2. Explain TCP vs UDP in detail.

Answer:

Feature	TCP	UDP
Connection	Connection-oriented (3-way handshake)	Connectionless
Reliability	Guaranteed delivery with ACK	Best effort, no guarantee
Ordering	Preserves packet order	No ordering guarantee
Flow Control	Sliding window	None
Error Checking	Checksum + retransmission	Checksum only (optional)
Overhead	Higher (20-60 byte header)	Lower (8 byte header)
Speed	Slower	Faster
Use Cases	HTTP, HTTPS, SSH, FTP, Email	DNS, VoIP, Video streaming, Gaming

TCP 3-Way Handshake:

Client                    Server
  |                         |
  |----SYN (seq=x)--------->|
  |                         |
  |<---SYN-ACK (seq=y, ack=x+1)|
  |                         |
  |----ACK (ack=y+1)------->|
  |                         |
  |=====Data Transmission====|

TCP Sliding Window:

Controls amount of data sent before requiring ACK
Dynamic window size based on network conditions
Prevents overwhelming receiver or network

TCP ACK & Retransmission:

Receiver sends ACK for received packets
Sender retransmits if ACK not received within timeout
Fast retransmit: 3 duplicate ACKs trigger immediate retransmission

UDP Characteristics:

No handshake, no connection state
Applications handle reliability if needed
Lower latency, ideal for real-time applications

3. What is the difference between a switch and a router?

Answer:

Aspect	Switch	Router
Layer	Layer 2 (Data Link)	Layer 3 (Network)
Addressing	MAC addresses	IP addresses
Domain	Broadcast domain	Collision domain
Function	Connects devices within same network	Connects different networks
Intelligence	MAC learning, forwarding table	Routing tables, path selection
Broadcast	Forwards broadcasts	Blocks broadcasts
NAT	No	Yes (typically)

Switch Operation (MAC Learning):

1. Switch receives frame on port 1 from MAC A
2. Learns: MAC A is on port 1
3. If destination MAC known: forward to specific port
4. If unknown: flood to all ports (except source)

Router Operation:

1. Receives packet, checks destination IP
2. Consults routing table for best path
3. Decrements TTL, recalculates checksum
4. Forwards to next hop or drops if no route

Collision vs Broadcast Domains:

Collision Domain: Where collisions can occur
Hubs: single collision domain
Switches: each port is separate collision domain
Broadcast Domain: Where broadcasts are forwarded
Switches: entire VLAN is broadcast domain
Routers: break broadcast domains

4. Explain the difference between hubs, bridges, and switches.

Answer:

Hub (Layer 1 - Physical):

Repeats signals to all ports
Single collision domain
Half-duplex only
No intelligence, no MAC learning
Obsolete technology

Bridge (Layer 2 - Data Link):

Connects two network segments
Learns MAC addresses
Filters traffic based on MAC
Reduces collisions between segments
Has limited ports (typically 2)

Switch (Layer 2 - Data Link):

Multi-port bridge
Full-duplex capable
MAC address table per port
Each port is separate collision domain
Hardware-based forwarding (ASICs)

Comparison Table:

Feature	Hub	Bridge	Switch
Layer	Physical	Data Link	Data Link
Collision Domains	1	2	Per port
MAC Learning	No	Yes	Yes
Ports	4-24	2	4-48+
Full-Duplex	No	Yes	Yes
Current Use	Obsolete	Rare	Ubiquitous

5. What is a VLAN and why would you use it?

Answer:

VLAN (Virtual Local Area Network) creates logical network segments within a physical network infrastructure.

Benefits:

Security: Isolate sensitive traffic
Performance: Reduce broadcast domains
Flexibility: Devices grouped by function, not location
Cost: Fewer physical switches needed

VLAN Types:

# Default VLAN (VLAN 1) - All ports initially
# Data VLAN - User traffic
# Voice VLAN - VoIP traffic (QoS priority)
# Management VLAN - Network device management
# Native VLAN - Untagged traffic on trunk

Port Modes:

Access Port: Carries single VLAN, untagged
Trunk Port: Carries multiple VLANs, tagged (802.1Q)

VLAN Tagging (802.1Q):

Original Ethernet Frame:
| Dest MAC | Src MAC | Type | Data | FCS |

Tagged Frame:
| Dest MAC | Src MAC | 802.1Q Tag | Type | Data | FCS |
                     | TPID | PCP | CFI | VID |
                     0x8100 3-bit  1-bit  12-bit

Inter-VLAN Routing:

# Router-on-a-stick
# Router with single trunk port, subinterfaces per VLAN

# Layer 3 Switch
# Switch with routing capabilities, SVIs (Switch Virtual Interfaces)

6. Explain DHCP (Dynamic Host Configuration Protocol) process.

Answer:

DHCP automatically assigns IP addresses and network configuration to devices.

DORA Process:

Client                    DHCP Server
  |                           |
  |---DHCPDISCOVER (broadcast)-->|
  |                           |
  |<---DHCPOFFER (unicast)------|
  |                           |
  |---DHCPREQUEST (broadcast)-->|
  |                           |
  |<---DHCPACK (unicast)--------|

Lease Lifecycle:

[Acquiring] → [Bound] → [Renewing] → [Rebinding] → [Released]
     ↓           ↓          ↓            ↓            ↓
  Get IP      Active    T1 (50%)    T2 (87.5%)   Expired

Address Pools and Scope:

Scope: Range of IPs available for assignment
Exclusions: IPs reserved for static assignment
Reservations: IP permanently assigned to specific MAC

DHCP Options:

Option 1: Subnet Mask
Option 3: Default Gateway
Option 6: DNS Servers
Option 15: Domain Name
Option 51: Lease Time
Option 66: TFTP Server (PXE boot)

DHCP Attacks:

DHCP Starvation: Exhaust address pool
Rogue DHCP Server: Malicious server providing false config
Mitigation: DHCP Snooping (trusted ports only)

7. Explain DNS resolution process.

Answer:

DNS (Domain Name System) translates human-readable domain names to IP addresses.

Recursive Resolution Flow:

Client → Local DNS → Root DNS → TLD DNS → Authoritative DNS

Example: www.example.com resolution:

1. Client queries local DNS resolver
2. Resolver queries Root DNS (.) for .com
3. Root responds with .com TLD servers
4. Resolver queries .com TLD for example.com
5. .com TLD responds with example.com authoritative servers
6. Resolver queries authoritative DNS for www.example.com
7. Authoritative responds with IP address
8. Resolver caches result, returns to client

DNS Record Types:

Record	Purpose	Example
A	IPv4 address	`example.com → 93.184.216.34`
AAAA	IPv6 address	`example.com → 2606:2800:220:1:248:1893:25c8:1946`
CNAME	Canonical name alias	`www.example.com → example.com`
MX	Mail exchange	`example.com → mail.example.com (priority 10)`
NS	Name server	`example.com → ns1.example.com`
PTR	Reverse lookup	`34.216.184.93.in-addr.arpa → example.com`
TXT	Text information	SPF, DKIM, DMARC records
SOA	Start of authority	Zone administration info

DNS Zones:

Forward Zone: Domain → IP resolution
Reverse Zone: IP → Domain resolution
Primary Zone: Master copy (read-write)
Secondary Zone: Read-only copy (slave)

Caching:

TTL (Time to Live) determines cache duration
Reduces DNS query load
Negative caching for non-existent records

8. Explain NAT (Network Address Translation) and its types.

Answer:

NAT translates private IP addresses to public IP addresses.

Private IP Ranges (RFC 1918):

Class A: 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
Class B: 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
Class C: 192.168.0.0 – 192.168.255.255 (192.168.0.0/16)

NAT Types:

1. Static NAT (1:1)

Permanent mapping: one private IP → one public IP
Used for servers that need inbound access

Inside: 192.168.1.10 → Outside: 203.0.113.10

2. Dynamic NAT (Many:Many)

Pool of public IPs assigned dynamically
IPs released back to pool when session ends

3. PAT (Port Address Translation) / NAT Overload (Many:1)

Multiple private IPs share one public IP
Differentiated by source port numbers
Most common in home/SMB networks

Private: 192.168.1.10:12345 → Public: 203.0.113.1:12345
Private: 192.168.1.11:12345 → Public: 203.0.113.1:12346

NAT Table Example: | Inside Local | Inside Global | Outside Local | Outside Global | |————–|—————|—————|—————-| | 192.168.1.10:12345 | 203.0.113.1:12345 | 8.8.8.8:53 | 8.8.8.8:53 | | 192.168.1.11:12345 | 203.0.113.1:12346 | 8.8.8.8:53 | 8.8.8.8:53 |

Cloud Gateways:

AWS: Internet Gateway, NAT Gateway, NAT Instance
Azure: Virtual Network Gateway, NAT Gateway
GCP: Cloud NAT

9. Explain the TCP sliding window mechanism.

Answer:

Sliding window controls the amount of data sent before requiring acknowledgment.

Window Components:

[Sent & ACKed] [Sent & UnACKed] [Can Send] [Cannot Send Yet]
     ^               ^              ^            ^
     |               |              |            |
   Window Start   Send Window    Window End   Available

Window Sizing:

Window Size = Number of bytes sender can send before waiting for ACK
Initial Window: Typically 2-4 segments
Window Scale Option: Allows windows > 64KB

Congestion Control Algorithms:

1. Slow Start:

Start with 1 MSS (Maximum Segment Size)
Double window every RTT (Round Trip Time) until threshold

2. Congestion Avoidance:

After threshold, increase window linearly
Window += MSS * (MSS / Window) per ACK

3. Fast Retransmit:

Three duplicate ACKs → immediate retransmission
Instead of waiting for timeout

4. Fast Recovery:

After fast retransmit, cut window in half
Continue with congestion avoidance

Window Scaling:

Window Scale Factor negotiated during handshake
Maximum window = 65,535 × 2^14 = 1 GB

10. What are network topologies? Explain common types.

Answer:

Network topology defines the physical and logical arrangement of network devices.

Physical vs Logical Topology:

Physical: Actual cabling and device placement
Logical: How data flows (can differ from physical)

Common Topologies:

1. Bus Topology

[Terminator]---[Device]---[Device]---[Device]---[Terminator]

Single cable backbone
All devices share medium
Pros: Cheap, simple
Cons: Single point of failure, collisions, limited distance

2. Star Topology

                 [Switch]
                    |
    [Device]---[Device]---[Device]

All devices connect to central switch
Pros: Easy troubleshooting, scalable, fault tolerant
Cons: Central point of failure (switch)
Most common today

3. Ring Topology

    [Device]---[Device]
       |          |
    [Device]---[Device]

Data travels in one direction
Pros: No collisions, predictable
Cons: One break affects all (unless dual ring)

4. Mesh Topology

    [Device]---[Device]
      |  \     /  |
      |   \   /   |
      |    \ /    |
    [Device]---[Device]

Every device connects to multiple others
Pros: Highly redundant, fault tolerant
Cons: Expensive, complex
Use: Backbone networks, data centers

5. Hybrid Topology

Combination of topologies
Most enterprise networks: Star-of-stars

Fault Tolerance Concepts:

Redundancy: Multiple paths, backup devices
Load Balancing: Distribute traffic across links
Failover: Automatic switch to backup
STP (Spanning Tree Protocol): Prevents loops in redundant paths

11. Explain SSH and how it secures connections.

Answer:

SSH (Secure Shell) provides encrypted remote access and command execution.

SSH Architecture:

1. Encryption Negotiation:

Client → Server: Protocol version, supported algorithms
Server → Client: Selected algorithms, public host key

2. Key Exchange (Diffie-Hellman):

Client and Server generate shared secret without transmitting it

1. Both generate private key (a, b)
2. Compute public keys: A = g^a mod p, B = g^b mod p
3. Exchange public keys
4. Shared secret: s = g^(ab) mod p (computed both ways)

3. Session Encryption:

Symmetric cipher (AES, ChaCha20) with derived key
Integrity with MAC (HMAC)

Authentication Methods:

# Password (least secure)
ssh user@host

# Public Key (recommended)
ssh -i ~/.ssh/id_rsa user@host

# Host-based
# Certificate-based

SSH Port Forwarding:

# Local Forwarding: Access remote service locally
ssh -L 8080:internal-server:80 user@jumphost
# localhost:8080 → internal-server:80 via jumphost

# Remote Forwarding: Expose local service remotely
ssh -R 8080:localhost:80 user@jumphost
# jumphost:8080 → localhost:80

# Dynamic Forwarding (SOCKS proxy)
ssh -D 1080 user@host

SSH Security Best Practices:

# Disable root login
PermitRootLogin no

# Disable password authentication
PasswordAuthentication no

# Use key-only authentication
PubkeyAuthentication yes

# Limit users
AllowUsers user1 user2

# Change default port
Port 2222

# Use SSH certificates for large environments

12. Explain the difference between Telnet and SSH.

Answer:

Aspect	Telnet	SSH
Encryption	None (plain text)	Full encryption
Port	23	22
Authentication	Clear text password	Encrypted keys/passwords
Security	Vulnerable to sniffing	Secure
Protocol	Only remote terminal	Tunneling, file transfer, remote execution
Current Use	Legacy systems, internal debugging	All production remote access

Security Risks of Telnet:

Credentials transmitted in clear text
Session content visible to network sniffers
No integrity checking (man-in-the-middle possible)
No secure file transfer capability

Why SSH Replaced Telnet:

Encryption: Prevents eavesdropping
Integrity: HMAC ensures data not modified
Authentication: Multiple methods including keys
Tunneling: Can secure other protocols (X11, FTP, etc.)
SFTP/SCP: Built-in secure file transfer

13. Explain FTP architecture and its modes.

Answer:

FTP (File Transfer Protocol) transfers files between client and server.

FTP Architecture:

Control Channel: Port 21, commands, responses
Data Channel: Dynamic port, actual file transfer

FTP Modes:

Active Mode:

Client: opens port 21 → Server:21 (control)
Client: listens on random port (N)
Server: connects to client N (data)

Server initiates data connection
Problems: Firewalls block incoming connections

Passive Mode (More Common):

Client: opens port 21 → Server:21 (control)
Client: requests passive mode
Server: opens random port (N)
Client: connects to server N (data)

Client initiates all connections
Works through firewalls

FTP Security:

FTPS: FTP over SSL/TLS (ports 990, 989)
SFTP: SSH File Transfer Protocol (port 22)
Recommended: SFTP (simpler firewall rules, built into SSH)

FTP Commands:

USER, PASS     - Authentication
LIST           - List directory
RETR filename  - Download
STOR filename  - Upload
DELE filename  - Delete
PASV           - Enter passive mode
QUIT           - End session

14. Explain NFS vs SMB/CIFS.

Answer:

Both are file-sharing protocols with different origins and use cases.

Aspect	NFS	SMB/CIFS
Origin	Unix/Linux	Windows/Microsoft
Port	2049, plus RPC ports	445 (SMB), 139 (NetBIOS)
Authentication	Kerberos, NIS, local	Active Directory, NTLM
Protocol	Stateless	Stateful
Locking	Advisory (NLM)	Mandatory
Performance	Better for Unix workloads	Better for Windows
Cross-Platform	Works on Windows (Client)	Works on Unix (Samba)

NFS Versions:

NFSv3: Stateless, uses RPC, separate mount protocol
NFSv4: Stateful, integrated authentication (Kerberos), better security

SMB Versions:

SMB 1.0 (CIFS): Legacy, insecure
SMB 2.0: Windows Vista+, improved performance
SMB 3.0: Windows 8+, encryption, multichannel

Use Cases:

NFS: VMware datastores, Linux home directories, Kubernetes PVs
SMB: Windows file shares, network drives, user profiles

15. Explain ICMP and its uses.

Answer:

ICMP (Internet Control Message Protocol) reports errors and performs diagnostics.

ICMP Message Types:

Type	Code	Description	Use
0	0	Echo Reply	ping response
3	0-15	Destination Unreachable	Network/host unreachable
4	0	Source Quench	Congestion control (deprecated)
5	0-3	Redirect	Better route available
8	0	Echo Request	ping request
11	0-1	Time Exceeded	TTL expired (traceroute)

ICMP in Practice:

Ping (Echo Request/Reply):

ping google.com
# Sends ICMP Echo Request, waits for Echo Reply
# Measures RTT, packet loss

Traceroute:

traceroute google.com
# Sends packets with increasing TTL
# Each router returns ICMP Time Exceeded
# Shows path and latency per hop

PMTUD (Path MTU Discovery):

Uses ICMP “Fragmentation Needed” messages
Discovers maximum packet size along path
Prevents fragmentation

Security Considerations:

ICMP can be used for attacks (ping flood, Smurf)
Many networks filter ICMP (reduces diagnostic capability)
Best practice: Allow necessary types (Echo Request/Reply, Time Exceeded)

16. Explain IPv4 vs IPv6.

Answer:

Aspect	IPv4	IPv6
Address Size	32-bit	128-bit
Address Space	~4.3 billion	340 undecillion
Format	Dotted decimal (192.168.1.1)	Hexadecimal (2001:0db8::1)
Header	Variable length (20-60 bytes)	Fixed length (40 bytes)
Security	Optional (IPsec)	Built-in (IPsec required)
Configuration	Manual/DHCP	SLAAC, DHCPv6
Broadcast	Yes	No (uses multicast)
NAT	Common	Not needed
Checksum	Yes	No (handled by upper layers)

IPv6 Address Types:

Unicast: Single interface
Multicast: Group of interfaces (replaces broadcast)
Anycast: Nearest interface in group

IPv6 Special Addresses:

::1                    - Loopback
::                      - Unspecified
2001:db8::/32          - Documentation
fe80::/10              - Link-local (autoconfigured)
fd00::/8               - Unique Local (private)
ff00::/8               - Multicast

IPv6 Autoconfiguration (SLAAC):

Device generates link-local address (fe80::/64)
Sends Router Solicitation
Router responds with prefix (e.g., 2001:db8:1::/64)
Device creates global address: prefix + interface ID
DAD (Duplicate Address Detection) ensures uniqueness

Transition Mechanisms:

Dual Stack: IPv4 and IPv6 coexist
Tunneling: IPv6 over IPv4 (6in4, Teredo)
Translation: NAT64, DNS64

17. Explain subnetting and CIDR.

Answer:

Subnetting divides a network into smaller, manageable segments.

IP Address Structure:

IPv4: 192.168.1.10/24
Network: 192.168.1.0
Hosts: 0-255 (256 addresses)
Network bits: 24, Host bits: 8

CIDR Notation:

/8  (255.0.0.0)        → 16,777,216 addresses
/16 (255.255.0.0)      → 65,536 addresses
/24 (255.255.255.0)    → 256 addresses
/28 (255.255.255.240)  → 16 addresses
/30 (255.255.255.252)  → 4 addresses (point-to-point links)
/32 (255.255.255.255)  → 1 address (host route)

Subnetting Formulas:

Number of subnets = 2^n (where n = borrowed bits)
Hosts per subnet = 2^h - 2 (where h = remaining host bits)
-2: network address + broadcast address

Example: Subnet 192.168.1.0/24 into 4 subnets:

Borrow 2 bits (2^2 = 4 subnets)
New mask: /26 (255.255.255.192)
Hosts per subnet: 2^6 - 2 = 62

Subnet 1: 192.168.1.0/26   (1-62)
Subnet 2: 192.168.1.64/26  (65-126)
Subnet 3: 192.168.1.128/26 (129-190)
Subnet 4: 192.168.1.192/26 (193-254)

VLSM (Variable Length Subnet Mask):

Allows different subnet sizes
Efficient IP address utilization
Common in enterprise networks

18. Explain the difference between a gateway and a router.

Answer:

Aspect	Router	Gateway
Function	Routes between networks	Translates between different protocols
Layer	Network Layer (L3)	Multiple layers (L3-L7)
Protocols	IP to IP	Different protocols (IPX to IP, IPv4 to IPv6)
Default Gateway	The router that connects network to others	The device that enables exit from network

Router:

Primary function: IP packet forwarding
Maintains routing tables
Uses routing protocols (OSPF, BGP)
Interconnects similar networks

Gateway:

Translation between dissimilar networks
Examples:
Default Gateway: Router for local network
NAT Gateway: Translates private to public IPs
Application Gateway: HTTP to HTTPS, API gateway
Cloud Gateway: AWS Internet Gateway, Azure Virtual Network Gateway

In Practice:

Home Network:
- Router: 192.168.1.1
- Default Gateway: 192.168.1.1
- This device is both router and gateway

Enterprise:
- Router: Connects to ISP
- Default Gateway: 10.0.0.1 (router)
- Cloud Gateway: AWS IGW (translates VPC to internet)

19. Explain MAC address learning on switches.

Answer:

Switches build MAC address tables to forward frames intelligently.

Learning Process:

Learning Phase:

Frame arrives on Port 1 from MAC A
Switch: MAC A is on Port 1 (adds to table)

Forwarding Phase:

If destination MAC known: forward only to that port
If destination MAC unknown: flood to all ports
If destination MAC is source: drop (no forwarding)

Aging:

Entries expire after 300 seconds (default)
Prevents stale entries

MAC Address Table:

MAC Address      VLAN    Port    Type
00:11:22:33:44:55  1      1      Dynamic
AA:BB:CC:DD:EE:FF  1      2      Dynamic
11:22:33:44:55:66  1      3      Dynamic

Switching Methods:

Store-and-Forward: Full frame received before forwarding (error checking)
Cut-Through: Forward after destination MAC read (faster, no error check)
Fragment-Free: Forward after first 64 bytes (compromise)

CAM Table (Content Addressable Memory):

Hardware table for MAC addresses
Much faster than software lookup
Limited size (security risk: CAM table overflow attacks)

20. Explain broadcast domain vs collision domain.

Answer:

Collision Domain:

Where frames can collide
Determined by half-duplex media
Switches create per-port collision domains
Hubs create single collision domain

Broadcast Domain:

Where broadcasts are forwarded
Routers break broadcast domains
Switches forward broadcasts within VLAN
VLANs create separate broadcast domains

Visual Example:

Hub Network:
[All devices in ONE collision domain, ONE broadcast domain]
Device1 --- Hub --- Device2
           |
        Device3

Switch Network:
[Each port separate collision domain, ONE broadcast domain]
Device1 --- Switch Port1
Device2 --- Switch Port2  (all devices get broadcasts)
Device3 --- Switch Port3

Router + Switch:
[Separate broadcast domains per interface]
Switch A (VLAN10) --- Router --- Switch B (VLAN20)
Devices in VLAN10 only get VLAN10 broadcasts

Impact:

Large broadcast domains = more broadcast traffic
Too many broadcasts can degrade performance
VLANs segment broadcast domains

21. Explain trunk ports and 802.1Q tagging.

Answer:

Trunk ports carry traffic for multiple VLANs between switches.

802.1Q Tagging:

Original Ethernet Frame (untagged):
| Preamble | Dest MAC | Src MAC | Type | Data | FCS |

802.1Q Tagged Frame:
| Preamble | Dest MAC | Src MAC | 802.1Q | Type | Data | FCS |
                                 | Tag    |
                                 0x8100 (TPID)
                                 PCP (Priority)
                                 CFI (Canonical)
                                 VID (VLAN ID, 12-bit)

Trunk Configuration:

# Cisco
interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 10,20,30
 switchport trunk native vlan 1

# Native VLAN: Untagged traffic on trunk

VLAN Ranges:

VLAN 1: Default VLAN (should not be used for user traffic)
VLAN 2-1001: Normal range
VLAN 1006-4094: Extended range (VTP version 3 required)

Trunk Protocols:

DTP (Dynamic Trunk Protocol): Cisco proprietary, auto-negotiates trunk
ISL (Inter-Switch Link): Cisco proprietary, encapsulates frame (obsolete)
802.1Q: Industry standard

22. Explain Spanning Tree Protocol (STP).

Answer:

STP prevents loops in redundant network topologies.

Loop Problems:

Broadcast storms
MAC table instability
Multiple copies of frames

STP Operation:

1. Elect Root Bridge (lowest Bridge ID)
2. Determine Root Port (best path to root)
3. Determine Designated Ports (forwarding)
4. Block remaining ports (alternate)

Port States:

Blocking → Listening → Learning → Forwarding
   (20s)      (15s)      (15s)      (forwarding)
   ↓
   Disabled

STP Versions:

802.1D (STP): Original, slow convergence (30-50s)
802.1w (RSTP): Rapid STP, convergence in seconds
802.1s (MSTP): Multiple STP, group VLANs into instances

STP Port Roles:

Root Port: Best path to root bridge
Designated Port: Forwarding on segment
Alternate Port: Backup to root port (blocked)
Backup Port: Backup to designated (blocked)

STP Security:

BPDU Guard: Disable port if BPDU received (access ports)
Root Guard: Prevent port from becoming root port
Loop Guard: Detect one-way links

23. Explain route summarization and why it’s used.

Answer:

Route summarization combines multiple routes into a single advertisement.

Example:

Routes:
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24

Summarized to: 10.1.0.0/22

Benefits:

Smaller routing tables
Faster convergence
Less CPU/memory usage
Improved stability (hides flapping)

Summarization in Different Protocols:

OSPF:

# Area summarization at ABR
area 0 range 10.1.0.0 255.255.252.0

EIGRP:

# Manual summarization
ip summary-address eigrp 100 10.1.0.0 255.255.252.0

BGP:

# Aggregate address
aggregate-address 10.1.0.0 255.255.252.0 summary-only

Limitations:

Requires contiguous IP addressing
Can cause suboptimal routing if not carefully planned
Black holes if summarized routes not fully covered

24. Explain the difference between static and dynamic routing.

Answer:

Aspect	Static Routing	Dynamic Routing
Configuration	Manual	Automatic
Adaptability	No	Yes (detects failures)
Overhead	None	CPU, bandwidth, memory
Scalability	Poor	Excellent
Security	Higher (no protocol)	Protocol vulnerabilities
Use Case	Small networks, stub networks	Large networks, complex topologies

Static Routing:

# Linux
ip route add 192.168.2.0/24 via 192.168.1.1

# Cisco
ip route 192.168.2.0 255.255.255.0 192.168.1.1

Dynamic Routing Protocols:

Protocol	Type	Metric	Convergence	Use
RIP	Distance Vector	Hop count	Slow	Small networks
OSPF	Link State	Cost	Fast	Enterprise
EIGRP	Advanced Distance	Composite	Fast	Cisco networks
BGP	Path Vector	Path attributes	Slow	Internet, ISP

Administrative Distance (Cisco):

Connected: 0
Static: 1
EIGRP summary: 5
EBGP: 20
OSPF: 110
RIP: 120
EIGRP internal: 90

25. Explain packet capture and analysis with Wireshark.

Answer:

Wireshark captures and analyzes network traffic for troubleshooting.

Capture Filters (BPF syntax):

# Capture only HTTP traffic
tcp port 80

# Capture specific host
host 192.168.1.10

# Capture subnet
net 192.168.1.0/24

# Capture not SSH
not port 22

# Capture protocol
arp or icmp

Display Filters:

# HTTP requests
http.request.method == "GET"

# Specific IP
ip.addr == 192.168.1.10

# TCP flags
tcp.flags.syn == 1 and tcp.flags.ack == 0

# Packet length
frame.len > 1500

# DNS queries
dns.qry.name contains "example"

# TCP stream
tcp.stream eq 0

Troubleshooting Workflow:

Identify Problem: Slow connection, dropped sessions
Capture at Strategic Points: Client, server, middle
Filter Relevant Traffic: IP, port, protocol
Analyze Key Indicators:
- TCP Retransmissions: Network loss
- TCP Zero Window: Receiver overwhelmed
- RST packets: Connection reset
- High latency: Round trip time
- Packet loss: Missing ACKs
Follow TCP Streams: Reconstruct application conversation

Common Analysis:

# Statistics menu
- Protocol Hierarchy: Bandwidth by protocol
- IO Graph: Traffic patterns
- Endpoints: Top talkers
- Conversations: Traffic between hosts

# Expert Info
- Warnings: Retransmissions, dup ACKs
- Notes: Common issues identified

26. Explain VPN (Virtual Private Network) types.

Answer:

VPNs create secure, encrypted tunnels across untrusted networks.

VPN Types:

1. Site-to-Site VPN

[Office A] ===[Internet]===[Office B]
          (IPsec tunnel)

Connects entire networks
Routers/firewalls are endpoints
Always-on connection

2. Remote Access VPN

[Employee]---[Internet]---[Corporate Network]
            (SSL/IPsec)

Individual user connections
Client software required
On-demand connection

3. SSL/TLS VPN

Uses web browser (OpenVPN, AnyConnect)
Port 443 (through firewalls)
Granular access control

4. IPsec VPN

Network layer encryption
Two modes: Tunnel (site-to-site), Transport (host-to-host)

IPsec Components:

IKE (Internet Key Exchange):
- Phase 1: Authentication, key exchange
- Phase 2: SA (Security Association) negotiation

ESP (Encapsulating Security Payload):
- Encrypts payload

AH (Authentication Header):
- Authenticates packet (no encryption)

Cloud VPN:

AWS: VPN CloudHub, Transit Gateway VPN
Azure: Virtual Network Gateway (VPN Gateway)
GCP: Cloud VPN

27. Explain proxy servers and their types.

Answer:

Proxies act as intermediaries between clients and servers.

Proxy Types:

1. Forward Proxy

[Client] → [Forward Proxy] → [Internet]
          (Client-side)

Client knows about proxy
Hides client identity
Content filtering, caching
Access control

2. Reverse Proxy

[Internet] → [Reverse Proxy] → [Servers]
              (Server-side)

Clients unaware of proxy
Load balancing
SSL termination
Caching, security

3. Transparent Proxy

Client unaware (intercepts traffic)
No configuration needed
Used in enterprise, ISP

Proxy Capabilities:

Caching: Store frequently accessed content
Filtering: Block sites, content types
Anonymity: Hide source IP
Load Balancing: Distribute requests
SSL Inspection: Decrypt, inspect, re-encrypt

Common Proxy Software:

Squid: Forward proxy, caching
Nginx: Reverse proxy, load balancer
HAProxy: High-performance load balancer
Traefik: Cloud-native reverse proxy

Cloud Proxies:

AWS: CloudFront (CDN), API Gateway
Azure: Application Gateway, Front Door
GCP: Cloud CDN, Load Balancing

28. Explain the difference between a modem and a router.

Answer:

Aspect	Modem	Router
Function	Modulates/demodulates signals	Routes between networks
Connection	ISP to home	Modem to devices
Addresses	Single public IP	Creates private network
NAT	No	Yes
WiFi	No (modem only)	Yes (wireless router)
Security	Minimal	Firewall, NAT

Modem Types:

DSL: Telephone line
Cable: Coaxial cable
Fiber: Optical fiber
Dial-up: Phone line (obsolete)

Combination Devices:

Many ISPs provide modem/router combo
Separate devices offer better flexibility
Combo devices can be set to bridge mode

Typical Home Setup:

ISP → Modem → Router → Devices (wired/wireless)
       (demodulates)  (routes, NAT, WiFi)

29. Explain the concept of network segmentation.

Answer:

Network segmentation divides networks into smaller, isolated segments.

Methods:

1. Physical Segmentation

Separate physical switches
Air-gapped networks
Most secure, most expensive

2. VLAN Segmentation (Logical)

Switch with VLAN 10, 20, 30
Devices in same VLAN communicate directly
Inter-VLAN traffic through router/L3 switch

3. Subnet Segmentation

IP-based isolation
Requires routing between subnets
Can combine with VLANs

4. Firewall Zones

[Untrusted] → [DMZ] → [Trusted]
  (Internet)  (Web servers)  (Internal)

Benefits:

Security: Limit breach impact
Performance: Reduce broadcast traffic
Compliance: PCI DSS, HIPAA requirements
Management: Simplified troubleshooting

Zero Trust Segmentation:

Micro-segmentation
Application-level isolation
Software-defined boundaries

Cloud Segmentation:

AWS: VPC, Subnets, Security Groups, NACLs
Azure: Virtual Networks, Subnets, NSGs
GCP: VPC, Subnets, Firewall Rules

30. Explain the difference between half-duplex and full-duplex.

Answer:

Aspect	Half-Duplex	Full-Duplex
Communication	One direction at a time	Both directions simultaneously
Collisions	Possible	Impossible
Speed	Lower effective throughput	Maximum throughput
Use	Hubs, wireless	Switches, modern networks

Half-Duplex:

Device A → (sending) ← Device B (waiting)
         Can't send while receiving

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
Collision detection required
Hub networks

Full-Duplex:

Device A → (sending) → Device B
         ↑            ↓
Device A ← (receiving) ← Device B

No collisions
No CSMA/CD needed
Doubles effective bandwidth
Switched networks

Auto-Negotiation:

Devices advertise capabilities
Choose best common mode
Mismatch causes performance issues

Duplex Mismatch Symptoms:

Collisions
CRC errors
Slow performance
Late collisions

Part 2: 20 Scenario-Based Networking Questions with Answers

1. Scenario: Users can’t access the internet but can ping internal resources

Situation: Users can access internal servers but cannot reach external websites.

Troubleshooting Steps:

# 1. Check default gateway
ip route | grep default
ping default-gateway

# 2. Check DNS resolution
nslookup google.com
# If fails, test with IP
ping 8.8.8.8

# 3. Check NAT configuration
show ip nat translations

# 4. Check firewall rules
# - Outbound HTTP/HTTPS allowed?
# - NAT ACL permitting traffic?

# 5. Check routing
traceroute 8.8.8.8

# Common causes:
# - Missing default route
# - NAT not configured
# - Firewall blocking
# - DNS issues (if IP works)

2. Scenario: Intermittent network connectivity

Situation: Users experience random disconnects and slow performance.

Investigation:

# 1. Check for duplex mismatch
show interface status
# Look for collisions, CRC errors

# 2. Check for cable issues
show interface counters errors
# Excessive CRC, runts, giants

# 3. Monitor for broadcast storms
show interface statistics
# Broadcast packets > 20% of total

# 4. Check for STP issues
show spanning-tree interface
# Interface flapping?

# 5. Capture traffic during issue
tcpdump -i eth0 -w capture.pcap
# Look for TCP retransmissions, packet loss

3. Scenario: VLAN configured but devices can’t communicate

Situation: Two devices on same VLAN cannot ping each other.

Resolution:

# 1. Verify VLAN assignment
show vlan brief
# Are ports in correct VLAN?

# 2. Check trunk ports
show interfaces trunk
# Is VLAN allowed on trunk?

# 3. Check IP addressing
ipconfig /all  # Windows
ip addr show   # Linux
# Same subnet? Correct mask?

# 4. Check MAC learning
show mac address-table
# MAC learned on correct port?

# 5. Check port security
show port-security interface
# Is port shut due to violation?

4. Scenario: DHCP not assigning addresses

Situation: Clients not getting IP addresses via DHCP.

Debugging:

# 1. Check DHCP server status
systemctl status dhcpd
# Is service running?

# 2. Monitor DHCP traffic
tcpdump -i eth0 port 67 or port 68 -n
# See DORA process? Which step fails?

# 3. Check address pool
# Are addresses available?
# Is pool exhausted?

# 4. Check DHCP relay (if across VLANs)
show ip helper-address
# Configured on gateway?

# 5. Check firewall
# UDP ports 67/68 allowed?

5. Scenario: Slow file transfers between servers

Situation: Inter-server file transfers are significantly slower than expected.

Analysis:

# 1. Check link utilization
iftop -i eth0
# Bandwidth saturated?

# 2. Check TCP window size
tcpdump -i eth0 -n host server1 and server2
# Look for: Window scaling, Zero window

# 3. Check for packet loss
ping -c 100 -s 1400 server2
# Any packet loss?

# 4. Check MTU
ping -M do -s 1472 server2
# MTU issues causing fragmentation?

# 5. Check for buffer drops
netstat -s | grep -i drop
# TCP retransmissions high?

6. Scenario: New switch causing network outages

Situation: After adding a new switch, network becomes unstable.

Resolution:

# 1. Check for loops
show spanning-tree
# Is STP blocking correct ports?
# New switch becoming root?

# 2. Check VLAN configuration
# Native VLAN mismatch?
# Trunk allowed VLANs?

# 3. Check for duplicate IPs
show ip arp
# Duplicate MAC/IP entries?

# 4. Check for broadcast storm
show interfaces | include broadcast
# Broadcast packets spike?

# 5. Enable portfast on access ports
spanning-tree portfast

7. Scenario: Unable to reach server after IP change

Situation: Server IP changed, but users still connecting to old IP.

Investigation:

# 1. Check DNS propagation
dig +short server.example.com
# Still old IP? Check TTL

# 2. Check ARP cache
arp -a | grep server-ip
# Clear if stale: arp -d server-ip

# 3. Check local DNS cache
ipconfig /flushdns  # Windows
systemd-resolve --flush-caches  # Linux

# 4. Check load balancer config
# Is LB pointing to new IP?

# 5. Check for hardcoded IPs in apps
grep -r "192.168.1.100" /app/config/

8. Scenario: Voice quality issues with VoIP

Situation: VoIP calls have echo, delay, or choppy audio.

Troubleshooting:

# 1. Check QoS configuration
show policy-map interface
# Voice traffic prioritized?

# 2. Check jitter and latency
ping -c 100 voice-server
# Jitter > 30ms causes issues

# 3. Check bandwidth
# Voice VLAN saturated?

# 4. Check duplex mismatch
show interface
# Half-duplex causes issues

# 5. Check for packet loss
# Voice requires < 1% loss

# Best practices:
# - Separate voice VLAN
# - QoS marking (DSCP EF for voice)
# - PoE for phones

9. Scenario: SSL certificate errors

Situation: Users getting certificate warnings accessing HTTPS site.

Resolution:

# 1. Check certificate validity
openssl s_client -connect example.com:443 -showcerts
# Expired? Wrong CN/SAN?

# 2. Check certificate chain
# Is intermediate certificate missing?

# 3. Check system time
date
# Wrong time = certificate invalid

# 4. Check for proxy inspection
# Is corporate proxy doing SSL inspection?

# 5. Verify with different clients
curl -v https://example.com
# Compare error messages

10. Scenario: BGP routing issues in multi-homed network

Situation: ISP failover not working, some destinations unreachable.

Analysis:

# 1. Check BGP session
show ip bgp summary
# Is peer established?

# 2. Check prefix advertisement
show ip bgp neighbors x.x.x.x advertised-routes
# Are prefixes being advertised?

# 3. Check route selection
show ip bgp x.x.x.x
# Which path selected? Why?

# 4. Check AS path prepending
# Is inbound traffic balanced?

# 5. Check for route flapping
show ip bgp dampening
# Routes suppressed?

11. Scenario: Wireless network congestion

Situation: WiFi slow, intermittent disconnections in office.

Resolution:

# 1. Survey RF environment
# Check channel interference
# 2.4GHz vs 5GHz utilization

# 2. Check AP placement
# Coverage holes? Overlap causing co-channel interference?

# 3. Check channel usage
# Configure non-overlapping channels (1,6,11 for 2.4GHz)

# 4. Check client density
# Too many clients per AP?

# 5. Check band steering
# Encourage 5GHz usage

# 6. Check interference sources
# Microwave, Bluetooth, neighboring networks

12. Scenario: Load balancer not distributing traffic

Situation: One server behind load balancer gets all traffic.

Debugging:

# 1. Check load balancer configuration
# Algorithm set correctly? (round-robin, least connections)

# 2. Check health checks
# Are all servers marked healthy?
curl http://server1/health
curl http://server2/health

# 3. Check persistence/session stickiness
# Is cookie-based persistence keeping users on one server?

# 4. Check logs
tail -f /var/log/loadbalancer.log

# 5. Test distribution
for i in {1..100}; do curl -s http://lb/; done | sort | uniq -c

13. Scenario: Firewall blocking legitimate traffic

Situation: Applications work intermittently or not at all through firewall.

Resolution:

# 1. Check firewall logs
show log
# What's being denied?

# 2. Test with rules disabled temporarily
# Verify it's firewall issue

# 3. Check stateful inspection
# Are return packets allowed?

# 4. Check for asymmetric routing
# Firewall seeing only one direction?

# 5. Check for fragmented packets
# Some firewalls drop fragments

# 6. Verify application uses expected ports
netstat -tulpn | grep app

14. Scenario: IPv6 connectivity issues

Situation: Devices have IPv6 addresses but can’t reach IPv6 internet.

Troubleshooting:

# 1. Check IPv6 routing
ip -6 route show
# Default route present?

# 2. Check IPv6 DNS
nslookup -type=AAAA google.com
# Works? Use IPv6 DNS?

# 3. Check ICMPv6
ping6 google.com
# Blocked? Some networks filter ICMPv6

# 4. Check neighbor discovery
ip -6 neighbor show
# Router discovered via RA?

# 5. Check firewall
ip6tables -L
# IPv6 rules allowing traffic?

15. Scenario: DNS poisoning or hijacking

Situation: Users being redirected to wrong websites.

Investigation:

# 1. Verify DNS resolution
dig example.com
# Check response from different DNS servers

# 2. Compare with known good
dig @8.8.8.8 example.com
# Different IP? DNS hijacked?

# 3. Check DNS server logs
# Look for unauthorized zone transfers

# 4. Check for rogue DHCP server
# Offering malicious DNS server

# 5. Verify DNSSEC
dig +dnssec example.com
# DNSSEC validates responses

16. Scenario: Network slow at specific times

Situation: Network slow every day at 2 PM.

Analysis:

# 1. Monitor traffic patterns
nload -t 1000 eth0
# What's peak at 2 PM?

# 2. Check scheduled tasks
# Backups? Updates? Scans?

# 3. Identify top talkers
iftop -t -s 60
# Which IPs/hosts?

# 4. Check application logs
# Scheduled reports running?

# 5. Implement QoS
# Prioritize critical traffic

17. Scenario: MAC flooding attack

Situation: Switch performance degraded, CAM table full.

Response:

# 1. Check CAM table
show mac address-table count
# Is table at capacity?

# 2. Identify source
show mac address-table | count
# Many entries from one port?

# 3. Enable port security
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict

# 4. Enable storm control
storm-control broadcast level 10.00

# 5. Use DHCP snooping
ip dhcp snooping

18. Scenario: Need to troubleshoot application performance

Situation: Web application slow, need to identify network vs application issue.

Approach:

# 1. Baseline normal response time
# Average response times?

# 2. Test with curl
curl -w "@curl-format.txt" -o /dev/null -s http://app/
# Breakdown: DNS, connect, TTFB, transfer

# 3. Capture during slow period
tcpdump -i any -w slow.pcap host app-server
# Analyze with Wireshark

# 4. Check TCP metrics
# Retransmissions? Zero windows? High RTT?

# 5. Check server metrics
# CPU, memory, disk I/O during slow times

19. Scenario: Network segmentation for PCI compliance

Situation: Need to isolate cardholder data environment.

Solution:

Design:
[Internet] → [Firewall] → [DMZ: Web Servers]
                              ↓
                         [Firewall] → [CDE: App/DB Servers]

Requirements:
- CDE cannot initiate connections to other zones
- All traffic through firewalls
- No direct access from management network
- Separate VLANs for each zone
- Logging enabled on all boundaries
- Vulnerability scans quarterly

20. Scenario: Cloud networking connectivity issues

Situation: On-premises to cloud VPN dropping intermittently.

Troubleshooting:

# 1. Check VPN tunnel status
aws ec2 describe-vpn-connections
# Status? Reconnection attempts?

# 2. Check pre-shared keys
# Match on both sides?

# 3. Check phase 1/2 lifetimes
# Mismatch causing rekey issues?

# 4. Check routing
# Routes propagated correctly?

# 5. Check MTU
# Cloud gateways have different MTU (1500 vs 9001)

# 6. Check NAT traversal
# UDP encapsulation enabled?

# 7. Monitor from cloud side
# CloudWatch VPN metrics

Bonus: Network Command Quick Reference

Linux Network Commands

# Interface configuration
ip addr show
ip link set eth0 up
ethtool eth0

# Routing
ip route show
ip route add 10.0.0.0/24 via 192.168.1.1

# Connections
ss -tulpn
netstat -tulpn

# Packet capture
tcpdump -i eth0 -w capture.pcap
tcpdump -i eth0 port 80 -n

# DNS
dig google.com
nslookup google.com
host google.com

# Connectivity
ping -c 4 google.com
traceroute google.com
mtr google.com

# Bandwidth
iftop -i eth0
nload eth0
bmon

Cisco IOS Commands

# Show commands
show running-config
show interfaces
show ip route
show vlan brief
show mac address-table
show ip arp
show spanning-tree
show ip bgp summary

# Debug
debug ip packet
debug ip icmp
show logging
terminal monitor

# Configuration
configure terminal
interface gigabitethernet 0/1
switchport mode access
switchport access vlan 10
ip route 0.0.0.0 0.0.0.0 192.168.1.1

Wireshark Display Filters

# HTTP
http.request.method == "GET"
http.response.code == 404

# TCP
tcp.port == 443
tcp.flags.syn == 1 && tcp.flags.ack == 0
tcp.analysis.retransmission

# IP
ip.src == 192.168.1.0/24
ip.dst == 10.0.0.1
ip.addr == 8.8.8.8

# DNS
dns.qry.name contains "example"
dns.flags.response == 1

# ARP
arp.opcode == 1  # Request
arp.opcode == 2  # Reply

Cloud Networking CLI

# AWS
aws ec2 describe-vpcs
aws ec2 describe-subnets
aws ec2 describe-route-tables
aws ec2 describe-security-groups
aws ec2 describe-vpn-connections

# Azure
az network vnet list
az network vnet subnet list
az network nsg list
az network route-table list

# GCP
gcloud compute networks list
gcloud compute routes list
gcloud compute firewall-rules list
gcloud compute vpn-tunnels list

This comprehensive guide covers the most important networking concepts, protocols, and troubleshooting scenarios in order of significance, helping you succeed in networking interviews and real-world network administration.