Top 10 CCNA Interview Questions (and How to Answer Them)

What CCNA interview questions are really testing

CCNA interviews aren't just checking if you passed the exam. Hiring managers want to know three things: Can you explain networking concepts clearly? Have you touched real equipment (or lab environments)? And can you troubleshoot under pressure? The questions below test all three.

These are ranked from most common to most likely to separate average candidates from strong ones.

1. What's the difference between a switch and a router?

Weak answer: "A switch works at Layer 2 and a router works at Layer 3."

Strong answer: "A switch forwards frames within the same network using MAC addresses — it builds a MAC address table by learning which device is on which port, and makes forwarding decisions locally. A router connects different networks and makes forwarding decisions based on IP addresses and routing tables. In practice, if two devices are on the same VLAN and subnet, traffic goes through the switch; if they're on different subnets, the traffic has to go through a router or a Layer 3 switch."

The difference: the strong answer shows you understand the why, not just the definition.

2. Explain the OSI model. Which layers do you work with most?

Don't just recite all 7 layers — connect them to real work. "In my lab environment, I work mostly with Layers 1 through 4. Layer 1 is physical — cable types, transceivers, SFPs. Layer 2 is where switching, VLANs, and STP live. Layer 3 is routing — OSPF, EIGRP, static routes. Layer 4 is where I think about TCP vs UDP when troubleshooting whether a service is reachable but slow versus completely unreachable."

3. What is a VLAN and why would you use one?

VLANs segment a physical network into logical networks. The key business reasons: security (the finance VLAN can't talk to the guest WiFi VLAN by default), performance (broadcast domains stay small), and manageability (you can apply QoS policies per VLAN). Mention 802.1Q trunking — that's how VLANs travel between switches — and you immediately show you understand the implementation, not just the concept.

4. What is STP and what problem does it solve?

Spanning Tree Protocol prevents Layer 2 loops. Without it, a broadcast frame entering a loop of switches would circulate forever, consuming all bandwidth (a broadcast storm). STP elects a root bridge based on the lowest bridge priority (then lowest MAC as tiebreaker), calculates the best path to the root for each switch, and blocks redundant ports. RSTP (802.1w) does the same but converges in 1–2 seconds instead of 50 seconds for STP. Interviewers love follow-ups about PortFast (enables immediately on edge ports) and BPDU Guard (shuts the port if it receives a BPDU — prevents rogue switches).

5. Walk me through how you would troubleshoot a PC that can't reach a website

This is the most common troubleshooting question in network interviews. Use the bottom-up approach and say so explicitly — it shows methodology. Layer 1: is the cable connected, are link lights on? Layer 2: can the PC ARP for its default gateway? Layer 3: can it ping its gateway, can it ping 8.8.8.8? If pinging 8.8.8.8 works but not the website, the issue is DNS, not routing. Then check DNS resolution. Saying "I start at Layer 1 and work up" immediately signals you know how to isolate a problem systematically rather than guessing.

6. What's the difference between OSPF and EIGRP?

OSPF is an open standard link-state protocol that builds a complete topology map of the network using LSAs (Link State Advertisements) and runs Dijkstra's algorithm to find the best path. It's used across almost every enterprise because it's vendor-agnostic. EIGRP is Cisco-proprietary (though now partially open) and is a hybrid protocol — it uses DUAL algorithm and sends partial updates rather than full topology refreshes, making it more efficient in stable large networks. In practice, OSPF is what you'll see most. EIGRP is common in Cisco-only environments and is often what comes up in CCNA exams because it's well-suited to multi-topology scenarios.

7. What is NAT and when would you use it?

Network Address Translation maps private IP addresses to public ones. The most common form is PAT (Port Address Translation, also called overloading) — many private IPs share one public IP using different port numbers. You use it when you have more internal devices than public IPs (almost always), and to hide internal IP structure from the internet. Know the difference between static NAT (one-to-one, for servers that need to be publicly reachable), dynamic NAT (pool of public IPs), and PAT. Mention that NAT complicates some protocols (like FTP active mode and IPSec) — it shows depth.

8. What is EtherChannel and why would you use it?

EtherChannel (or Link Aggregation, IEEE 802.3ad LACP) bundles multiple physical links between two switches into a single logical link. Benefits: increased bandwidth (2×, 4×, 8× depending on the number of links), redundancy (if one physical link fails, traffic redistributes across the others without STP reconvergence), and STP sees the bundle as a single link so all ports stay active. LACP active/passive modes — two passives won't form a channel. Use show etherchannel summary to verify: you want to see "SU" (S=bundled in port-channel, U=in use).

9. What's the difference between TCP and UDP? Give examples of when each is used.

TCP is connection-oriented (3-way handshake), provides reliable delivery with acknowledgements, retransmission, and ordering. UDP is connectionless, fire-and-forget — no guarantee of delivery or order. TCP is used where accuracy matters: HTTP/HTTPS, SSH, FTP, SMTP. UDP is used where speed matters more than perfect reliability: DNS queries, DHCP, VoIP, video streaming, online gaming. A strong answer adds: "DNS uses UDP for queries because it's fast and the response fits in one packet, but it falls back to TCP for zone transfers or responses over 512 bytes."

10. A user says their VoIP calls are cutting out but their internet browsing is fine. What's your approach?

This is a QoS troubleshooting question. Start by confirming the symptom is packet loss or jitter, not just codec issues (a quick Wireshark or ping plotter will show this). If confirmed, check QoS policies on the switches and routers in the path — VoIP traffic should be marked DSCP EF (Expedited Forwarding) and placed in a priority queue. Check if the VLAN for voice traffic is separate from data (it should be, with a dedicated voice VLAN). Check for bandwidth saturation on the uplink — if a large file transfer saturates the WAN, VoIP suffers first because it's latency-sensitive. Saying "I'd use Wireshark to capture and check for jitter and loss, then trace the QoS markings" shows hands-on ability.

How to prepare beyond these ten

The gap between passing CCNA and interviewing confidently is hands-on practice. Set up a Cisco Packet Tracer or GNS3 lab and build the topologies from your study materials. When an interviewer asks "have you configured OSPF before?", the difference between "I know the theory" and "yes, I built a multi-area OSPF topology in Packet Tracer last month" is significant.

InterviUni's Network Engineer mock interview draws from real interview submissions — it's a good way to stress-test your explanations before the real thing.