Interview - Blog | Minova - ATS Resume Builder

Introduction

Network Engineers design, implement, and maintain computer networks that enable communication and data transfer. As a junior network engineer, you'll need foundational knowledge of TCP/IP, routing, switching, and network troubleshooting.

This guide covers essential interview questions for junior network engineers, focusing on core networking concepts.

TCP/IP Fundamentals

1. Explain the OSI model and TCP/IP model.

Answer:

OSI Model (7 Layers):

Physical - Cables, signals
Data Link - MAC addresses, switches
Network - IP addresses, routing
Transport - TCP/UDP, ports
Session - Connections
Presentation - Encryption, formatting
Application - HTTP, FTP, DNS

TCP/IP Model (4 Layers):

Network Access - Physical + Data Link
Internet - IP
Transport - TCP/UDP
Application - Application + Presentation + Session

Loading diagram...

Rarity: Very Common
Difficulty: Easy

2. What's the difference between TCP and UDP?

Answer:

Feature	TCP	UDP
Connection	Connection-oriented	Connectionless
Reliability	Guaranteed delivery	Best effort
Ordering	Ordered	Unordered
Speed	Slower	Faster
Overhead	Higher	Lower
Use Cases	HTTP, FTP, Email	DNS, Streaming, Gaming

TCP Three-Way Handshake:

Client          Server
  |---SYN--->      |
  |<--SYN-ACK--|   |
  |---ACK--->      |

Rarity: Very Common
Difficulty: Easy

IP Addressing

3. Explain subnetting and calculate subnet masks.

Answer: Subnetting divides a network into smaller subnetworks.

Example: 192.168.1.0/24

Network: 192.168.1.0
Subnet Mask: 255.255.255.0
Usable IPs: 192.168.1.1 - 192.168.1.254
Broadcast: 192.168.1.255

Subnetting Example:

Network: 192.168.1.0/24
Need: 4 subnets

/24 → /26 (4 subnets, 62 hosts each)

Subnet 1: 192.168.1.0/26   (192.168.1.1 - 192.168.1.62)
Subnet 2: 192.168.1.64/26  (192.168.1.65 - 192.168.1.126)
Subnet 3: 192.168.1.128/26 (192.168.1.129 - 192.168.1.190)
Subnet 4: 192.168.1.192/26 (192.168.1.193 - 192.168.1.254)

CIDR Notation:

/24 = 255.255.255.0 (256 addresses)
/25 = 255.255.255.128 (128 addresses)
/26 = 255.255.255.192 (64 addresses)
/27 = 255.255.255.224 (32 addresses)

Rarity: Very Common
Difficulty: Medium

4. Explain NAT and its types.

Answer: NAT (Network Address Translation) translates private IP addresses to public IP addresses.

Why Use NAT:

Conserve public IP addresses
Security (hide internal network)
Flexibility in network design

NAT Types:

1. Static NAT:

One-to-one mapping
Private IP ↔ Public IP
Used for servers

2. Dynamic NAT:

Pool of public IPs
First-come, first-served
Temporary mapping

3. PAT (Port Address Translation):

Many-to-one mapping
Uses port numbers
Most common (home routers)

Loading diagram...

Static NAT Configuration (Cisco):

! Configure inside interface
Router(config)# interface fastethernet 0/0
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# ip nat inside
Router(config-if)# exit

! Configure outside interface
Router(config)# interface fastethernet 0/1
Router(config-if)# ip address 203.0.113.5 255.255.255.0
Router(config-if)# ip nat outside
Router(config-if)# exit

! Create static NAT mapping
Router(config)# ip nat inside source static 192.168.1.10 203.0.113.10

! Verify
Router# show ip nat translations

Dynamic NAT Configuration:

! Define pool of public IPs
Router(config)# ip nat pool PUBLIC_POOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0

! Define which private IPs can use NAT
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

! Link ACL to pool
Router(config)# ip nat inside source list 1 pool PUBLIC_POOL

! Verify
Router# show ip nat translations
Router# show ip nat statistics

PAT Configuration (Overload):

! Use single public IP with port translation
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
Router(config)# ip nat inside source list 1 interface fastethernet 0/1 overload

! Or with a pool
Router(config)# ip nat inside source list 1 pool PUBLIC_POOL overload

NAT Translation Example:

Inside Local    Inside Global    Outside Global    Outside Local
192.168.1.10    203.0.113.5      8.8.8.8          8.8.8.8
192.168.1.11    203.0.113.5      8.8.8.8          8.8.8.8

With PAT:
192.168.1.10:1234 → 203.0.113.5:50001 → 8.8.8.8:80
192.168.1.11:1234 → 203.0.113.5:50002 → 8.8.8.8:80

Troubleshooting NAT:

! Clear NAT translations
Router# clear ip nat translation *

! Debug NAT
Router# debug ip nat
Router# debug ip nat detailed

! Show NAT statistics
Router# show ip nat statistics

Limitations:

Breaks end-to-end connectivity
Complicates some protocols (FTP, SIP)
Not suitable for servers (use static NAT)
IPv6 eliminates need for NAT

Rarity: Very Common
Difficulty: Easy-Medium

Switching

4. What is a VLAN and why use it?

Answer: VLAN (Virtual LAN) logically segments a network.

Benefits:

Security (isolate traffic)
Performance (reduce broadcast domains)
Flexibility (group by function, not location)
Cost savings (fewer physical switches)

VLAN Configuration (Cisco):

! Create VLAN
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit

Switch(config)# vlan 20
Switch(config-vlan)# name IT
Switch(config-vlan)# exit

! Assign port to VLAN
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

! Configure trunk port
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20

! Verify
Switch# show vlan brief
Switch# show interfaces trunk

Rarity: Very Common
Difficulty: Medium

6. What is Spanning Tree Protocol and why is it needed?

Answer: STP (Spanning Tree Protocol) prevents Layer 2 loops in switched networks.

Problem Without STP:

Broadcast storms
MAC table instability
Multiple frame copies
Network meltdown

How STP Works:

Loading diagram...

STP Port States:

Blocking: Doesn't forward frames, prevents loops
Listening: Preparing to forward, listening for BPDUs
Learning: Learning MAC addresses
Forwarding: Normal operation
Disabled: Administratively down

Port Roles:

Root Port: Best path to root bridge
Designated Port: Forwarding port on segment
Blocked Port: Prevents loops

STP Selection Process:

1. Elect Root Bridge (lowest Bridge ID)
   Bridge ID = Priority (default 32768) + MAC Address

2. Select Root Ports (best path to root)
   Based on: Path Cost → Bridge ID → Port ID

3. Select Designated Ports (one per segment)

4. Block remaining ports

STP Configuration (Cisco):

! View STP status
Switch# show spanning-tree

! Set bridge priority (make this switch root)
Switch(config)# spanning-tree vlan 1 priority 4096
# Priority must be multiple of 4096 (0-61440)

! Or use shortcut
Switch(config)# spanning-tree vlan 1 root primary
Switch(config)# spanning-tree vlan 1 root secondary

! Configure port cost
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# spanning-tree cost 4

! Configure port priority
Switch(config-if)# spanning-tree port-priority 64

! Enable PortFast (for end devices only!)
Switch(config-if)# spanning-tree portfast

! Enable BPDU Guard (shuts port if BPDU received)
Switch(config-if)# spanning-tree bpduguard enable

STP Variants:

Protocol	Standard	Convergence	VLANs
STP	802.1D	50 seconds	All
RSTP	802.1w	~6 seconds	All
PVST+	Cisco	50 seconds	Per-VLAN
Rapid PVST+	Cisco	~6 seconds	Per-VLAN

RSTP (Rapid Spanning Tree):

! Enable RSTP
Switch(config)# spanning-tree mode rapid-pvst

! Verify
Switch# show spanning-tree summary

RSTP Port States (Simplified):

Discarding: Combines Blocking, Listening, Disabled
Learning: Learning MAC addresses
Forwarding: Normal operation

Troubleshooting STP:

! Check STP status
Switch# show spanning-tree

! Check specific VLAN
Switch# show spanning-tree vlan 10

! Check interface details
Switch# show spanning-tree interface gigabitethernet 0/1

! View root bridge
Switch# show spanning-tree root

! Debug STP
Switch# debug spanning-tree events

Common Issues:

Topology Changes:
- Frequent changes cause instability
- Use PortFast on access ports
Root Bridge Placement:
- Should be central, high-capacity switch
- Set priority manually
Loops:
- Enable BPDU Guard on access ports
- Monitor for unexpected topology changes

Rarity: Common
Difficulty: Medium

Routing

7. What's the difference between static and dynamic routing?

Answer:

Static Routing:

Manually configured
No overhead
Doesn't adapt to changes
Good for small, stable networks

Dynamic Routing:

Automatically learns routes
Adapts to topology changes
More overhead
Good for large, complex networks

Static Route Example:

! Add static route
Router(config)# ip route 192.168.2.0 255.255.255.0 10.0.0.1

! Default route
Router(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.1

! Verify
Router# show ip route

Dynamic Routing Protocols:

RIP: Simple, distance-vector
OSPF: Link-state, fast convergence
EIGRP: Cisco proprietary, hybrid
BGP: Internet routing

Rarity: Very Common
Difficulty: Easy-Medium

8. How do you configure Access Control Lists (ACLs)?

Answer: ACLs filter network traffic based on defined rules.

ACL Types:

1. Standard ACL (1-99, 1300-1999):

Filters based on source IP only
Applied close to destination

2. Extended ACL (100-199, 2000-2699):

Filters based on source/dest IP, protocol, port
Applied close to source

Standard ACL Example:

! Create standard ACL
Router(config)# access-list 10 permit 192.168.1.0 0.0.0.255
Router(config)# access-list 10 deny any

! Apply to interface
Router(config)# interface fastethernet 0/0
Router(config-if)# ip access-group 10 in

! Verify
Router# show access-lists
Router# show ip interface fastethernet 0/0

Extended ACL Example:

! Create extended ACL
Router(config)# access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
Router(config)# access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
Router(config)# access-list 100 deny ip any any

! Apply to interface
Router(config)# interface fastethernet 0/1
Router(config-if)# ip access-group 100 out

Named ACL (Recommended):

! Standard named ACL
Router(config)# ip access-list standard ALLOW_INTERNAL
Router(config-std-nacl)# permit 192.168.1.0 0.0.0.255
Router(config-std-nacl)# deny any
Router(config-std-nacl)# exit

! Extended named ACL
Router(config)# ip access-list extended WEB_TRAFFIC
Router(config-ext-nacl)# permit tcp any any eq 80
Router(config-ext-nacl)# permit tcp any any eq 443
Router(config-ext-nacl)# permit icmp any any echo-reply
Router(config-ext-nacl)# deny ip any any
Router(config-ext-nacl)# exit

! Apply to interface
Router(config)# interface gigabitethernet 0/0
Router(config-if)# ip access-group WEB_TRAFFIC in

Wildcard Masks:

0 = must match
1 = don't care

Examples:
0.0.0.0 = exact match
0.0.0.255 = match first 3 octets (/24)
0.0.255.255 = match first 2 octets (/16)
255.255.255.255 = match any (same as "any")

Host:
192.168.1.10 0.0.0.0 = single host
Or use: host 192.168.1.10

Common ACL Scenarios:

1. Block specific host:

Router(config)# ip access-list extended BLOCK_HOST
Router(config-ext-nacl)# deny ip host 192.168.1.50 any
Router(config-ext-nacl)# permit ip any any

2. Allow only SSH and HTTPS:

Router(config)# ip access-list extended SECURE_ACCESS
Router(config-ext-nacl)# permit tcp any any eq 22
Router(config-ext-nacl)# permit tcp any any eq 443
Router(config-ext-nacl)# deny ip any any

3. Prevent spoofing:

Router(config)# ip access-list extended ANTI_SPOOF
Router(config-ext-nacl)# deny ip 192.168.1.0 0.0.0.255 any
Router(config-ext-nacl)# deny ip 10.0.0.0 0.255.255.255 any
Router(config-ext-nacl)# permit ip any any

ACL Best Practices:

Order Matters:
- Processed top to bottom
- Most specific rules first
- Implicit deny at end
Placement:
- Standard ACL: Close to destination
- Extended ACL: Close to source
Documentation:
- Use named ACLs
- Add remarks

Router(config)# ip access-list extended FIREWALL
Router(config-ext-nacl)# remark Allow web traffic
Router(config-ext-nacl)# permit tcp any any eq 80
Router(config-ext-nacl)# remark Block internal network
Router(config-ext-nacl)# deny ip 192.168.0.0 0.0.255.255 any

Editing ACLs:

! View ACL with line numbers
Router# show ip access-lists WEB_TRAFFIC

! Remove specific line
Router(config)# ip access-list extended WEB_TRAFFIC
Router(config-ext-nacl)# no 10

! Insert at specific line
Router(config-ext-nacl)# 15 permit tcp any any eq 8080

Troubleshooting:

! Show ACL hits
Router# show access-lists

! Show ACL on interface
Router# show ip interface gigabitethernet 0/0

! Clear ACL counters
Router# clear access-list counters

Rarity: Common
Difficulty: Medium

Network Services

9. How does DHCP work?

Answer: DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses.

DORA Process:

Discover: Client broadcasts request
Offer: Server offers IP address
Request: Client requests offered IP
Acknowledge: Server confirms assignment

Loading diagram...

DHCP Configuration (Cisco):

! Configure DHCP pool
Router(config)# ip dhcp pool LAN
Router(dhcp-config)# network 192.168.1.0 255.255.255.0
Router(dhcp-config)# default-router 192.168.1.1
Router(dhcp-config)# dns-server 8.8.8.8 8.8.4.4
Router(dhcp-config)# lease 7

! Exclude addresses
Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10

! Verify
Router# show ip dhcp binding
Router# show ip dhcp pool

Rarity: Very Common
Difficulty: Easy-Medium

Troubleshooting

10. How do you troubleshoot network connectivity issues?

Answer: Systematic troubleshooting approach:

1. Verify Physical Layer:

# Check cable connection
# Check link lights
# Check port status

2. Test Connectivity:

# Ping localhost
ping 127.0.0.1

# Ping default gateway
ping 192.168.1.1

# Ping external IP
ping 8.8.8.8

# Ping domain name
ping google.com

3. Check IP Configuration:

# Windows
ipconfig /all

# Linux
ip addr show
ip route show

# Verify:
# - IP address
# - Subnet mask
# - Default gateway
# - DNS servers

4. Test DNS:

# Windows
nslookup google.com

# Linux
dig google.com
host google.com

5. Check Routing:

# Trace route
traceroute google.com  # Linux
tracert google.com     # Windows

6. Check Firewall:

# Test specific port
telnet server.com 80
nc -zv server.com 80

Rarity: Very Common
Difficulty: Medium

Conclusion

Preparing for a junior network engineer interview requires understanding networking fundamentals and hands-on practice. Focus on:

TCP/IP: OSI model, protocols, addressing
IP Addressing: Subnetting, CIDR, IPv4/IPv6
NAT: Types, configuration, use cases
Switching: VLANs, trunking, MAC addresses
STP: Loop prevention, port states, RSTP
Routing: Static vs dynamic, routing tables
ACLs: Standard vs extended, wildcard masks
Network Services: DHCP, DNS, NAT
Troubleshooting: Systematic approach, tools

Practice with network simulators (Packet Tracer, GNS3) and real equipment. Good luck!

Table of Contents

Junior Network Engineer Interview Questions: Complete Guide

Introduction

TCP/IP Fundamentals

1. Explain the OSI model and TCP/IP model.

2. What's the difference between TCP and UDP?

IP Addressing

3. Explain subnetting and calculate subnet masks.

4. Explain NAT and its types.

Switching

4. What is a VLAN and why use it?

6. What is Spanning Tree Protocol and why is it needed?

Routing

7. What's the difference between static and dynamic routing?

8. How do you configure Access Control Lists (ACLs)?

Network Services

9. How does DHCP work?

Troubleshooting

10. How do you troubleshoot network connectivity issues?

Conclusion

Stop Applying. Start Getting Hired.

Share this post

Weekly career tips that actually work

Weekly career tips that actually work

Related Posts

Senior Network Engineer Interview Questions: Complete Guide

Junior System Administrator Interview Questions: Complete Guide

Junior DevOps Engineer Interview Questions: Complete Guide

Stop Applying. Start Getting Hired.

Share this post

Make Your 6 Seconds Count