INTERVIEW PREP16 April 2026 · 8 min read

Cisco CCNA Interview Questions — Beyond the 200-301 Exam

CCNA proves you passed a test. These interview questions prove you can configure, troubleshoot, and explain networking decisions in a real job.

What changes between the exam and the interview

The CCNA 200-301 exam uses multiple choice and drag-and-drop. The interview asks you to troubleshoot a down link, explain a routing decision, or configure a VLAN from scratch — out loud, under pressure. Here are the questions network engineer interviewers actually ask.

The questions

"A user in VLAN 20 can't reach the internet. Walk me through how you troubleshoot."
Layer 1 first: physical connection, port status. Layer 2: is the port in VLAN 20? Is the trunk carrying VLAN 20? Is the SVI for VLAN 20 up/up? Layer 3: is the default gateway configured and reachable? Is the inter-VLAN routing working (router-on-a-stick or Layer 3 switch)? Is the default route pointing to the internet router? NAT: is PAT configured on the outbound interface? ACLs: is there a deny blocking VLAN 20 traffic? Test with ping from the SVI IP and from the user's PC.

"Explain the difference between OSPF and EIGRP."
OSPF: open standard, link-state, uses SPF algorithm, uses areas (Area 0 backbone required), metric = cost (based on bandwidth), elects DR/BDR on broadcast segments, sends LSAs. EIGRP: Cisco proprietary (though now available to other vendors), hybrid (advanced distance vector using DUAL algorithm), uses composite metric (bandwidth + delay by default), successor and feasible successor for fast failover, no DR/BDR election needed.

"What happens when two switches are connected with no trunk configured?"
By default, ports are in access mode. Only the native VLAN traffic passes. If you connect two switches on access ports in VLAN 1, only VLAN 1 communicates. Other VLANs are isolated. To carry multiple VLANs: configure a trunk (802.1Q) on both sides. The trunk adds a 4-byte VLAN tag to frames to identify which VLAN they belong to. Native VLAN frames are untagged.

"What's the purpose of Spanning Tree Protocol and what problem does it solve?"
STP prevents Layer 2 loops in switched networks. Without it, a broadcast frame entering a loop would circulate forever, consuming all bandwidth (broadcast storm). STP elects a root bridge and blocks redundant paths, leaving only a loop-free active topology. Modern variant: RSTP (802.1w) converges in ~1-2 seconds vs STP's 30-50 seconds. PortFast on access ports bypasses STP states for end devices — they go directly to forwarding.

"How do you configure a standard ACL to allow only 192.168.1.0/24 through?"
access-list 1 permit 192.168.1.0 0.0.0.255 (wildcard mask, not subnet mask). Apply with ip access-group 1 in on the interface closest to the source. Standard ACLs filter on source IP only — apply them as close to the destination as possible to prevent blocking legitimate traffic from reaching other destinations. Extended ACLs filter on source, destination, protocol, and port — apply as close to the source as possible.

"Explain how DHCP relay works."
When a client broadcasts a DHCP Discover, the router doesn't forward broadcasts by default. The ip helper-address [DHCP-server-IP] command on the interface tells the router to forward the broadcast as a unicast packet to the DHCP server. The server responds with an offer, and the relay forwards it back. This allows a single DHCP server to serve multiple subnets without a server on every segment.

"What is NAT and when would you use PAT?"
NAT translates private IP addresses to public IPs (or vice versa). Static NAT: one-to-one, always maps a specific private IP to a specific public IP — used for servers that need to be reachable from the internet. Dynamic NAT: pool of public IPs, first-come first-served. PAT (Port Address Translation, also called NAT Overload): many private IPs share one public IP, differentiated by port number. PAT is what home routers use — thousands of devices share one public IP.

"What's the difference between a router and a Layer 3 switch?"
Both perform inter-VLAN routing and can route between networks. Router: software-based forwarding, designed for WAN connectivity, supports serial interfaces, PPP, Frame Relay, complex routing protocols. Layer 3 switch: hardware-based forwarding (ASICs), much faster for LAN traffic, no WAN interfaces. Use routers for WAN connections and complex routing. Use Layer 3 switches for fast inter-VLAN routing within a campus LAN.

The CLI will come up

Many network engineer interviews include a CLI exercise — even if just on paper. The CCNA course on InterviUni includes CLI scenarios so you practise configuring VLANs, OSPF, ACLs, and NAT by typing the actual commands. The Network Engineer mock interview tests your ability to explain these verbally under interview conditions.

Put it into practice

Practice AI mock interviews, check your ATS score, or start a cert course — free.

Start a Mock Interview Browse Cert Courses

10 AZ-104 Interview Questions That Have Nothing to Do with PowerShell

9 min read · Interview Prep

How to Pass AZ-900 in 2 Weeks: A No-Nonsense Study Plan

7 min read · Certification