November 25, 2025
13 min read

Senior Network Engineer Interview Questions: Complete Guide

interview
career-advice
job-search
Senior Network Engineer Interview Questions: Complete Guide
MB

Milad Bonakdar

Author

Master advanced networking concepts with comprehensive interview questions covering OSPF, BGP, network design, security, QoS, and enterprise network architecture for senior network engineer roles.

Introduction

Senior Network Engineers design enterprise-scale networks, implement advanced routing protocols, ensure security, and optimize performance. This role requires deep expertise in networking technologies, troubleshooting complex issues, and strategic planning.

This guide covers essential interview questions for senior network engineers, focusing on advanced concepts and enterprise solutions.

Advanced Routing

1. Explain OSPF and how it works.

Answer: OSPF (Open Shortest Path First) is a link-state routing protocol.

Key Features:

  • Fast convergence
  • Hierarchical design (areas)
  • Classless (supports VLSM)
  • Metric: Cost (based on bandwidth)

OSPF Areas:

Loading diagram...

OSPF Configuration:

! Enable OSPF
Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# network 10.0.0.0 0.255.255.255 area 1

! Set router ID
Router(config-router)# router-id 1.1.1.1

! Configure passive interface
Router(config-router)# passive-interface gigabitethernet 0/0

! Verify
Router# show ip ospf neighbor
Router# show ip ospf database
Router# show ip route ospf

OSPF States:

  1. Down
  2. Init
  3. Two-Way
  4. ExStart
  5. Exchange
  6. Loading
  7. Full

Rarity: Very Common
Difficulty: Hard

2. How does BGP work and when would you use it?

Answer: BGP (Border Gateway Protocol) is the internet's routing protocol.

Use Cases:

  • Internet service providers
  • Multi-homed networks
  • Large enterprises with multiple ISPs

BGP Types:

  • eBGP: Between different AS (external)
  • iBGP: Within same AS (internal)

BGP Configuration:

! Configure BGP
Router(config)# router bgp 65001
Router(config-router)# neighbor 203.0.113.1 remote-as 65002
Router(config-router)# network 192.168.1.0 mask 255.255.255.0

! BGP attributes
Router(config-router)# neighbor 203.0.113.1 route-map PREFER-PATH in

! Route map
Router(config)# route-map PREFER-PATH permit 10
Router(config-route-map)# set local-preference 200

! Verify
Router# show ip bgp summary
Router# show ip bgp neighbors
Router# show ip bgp

BGP Path Selection:

  1. Highest Weight
  2. Highest Local Preference
  3. Locally originated
  4. Shortest AS Path
  5. Lowest Origin type
  6. Lowest MED
  7. eBGP over iBGP
  8. Lowest IGP metric

Rarity: Common
Difficulty: Hard

3. Explain MPLS vs SD-WAN and when to use each.

Answer: MPLS (Multiprotocol Label Switching) and SD-WAN (Software-Defined WAN) are enterprise WAN technologies.

MPLS:

  • Label-based packet forwarding
  • Predictable performance
  • Traffic engineering capabilities
  • Expensive

SD-WAN:

  • Software-defined overlay network
  • Uses internet connections
  • Application-aware routing
  • Cost-effective

Comparison:

FeatureMPLSSD-WAN
CostHighLow
DeploymentSlow (weeks/months)Fast (days)
BandwidthLimited, expensiveFlexible, scalable
ManagementComplexCentralized, simple
SecurityInherently secureRequires encryption
FlexibilityLowHigh
PerformanceGuaranteedVariable

MPLS Configuration:

! Enable MPLS on interface
Router(config)# interface gigabitethernet 0/0
Router(config-if)# mpls ip

! Configure LDP (Label Distribution Protocol)
Router(config)# mpls ldp router-id loopback0 force

! Configure MPLS VPN
Router(config)# ip vrf CUSTOMER_A
Router(config-vrf)# rd 65000:1
Router(config-vrf)# route-target export 65000:1
Router(config-vrf)# route-target import 65000:1

! Assign interface to VRF
Router(config)# interface gigabitethernet 0/1
Router(config-if)# ip vrf forwarding CUSTOMER_A
Router(config-if)# ip address 10.1.1.1 255.255.255.0

! Verify
Router# show mpls ldp neighbor
Router# show mpls forwarding-table
Router# show ip vrf

SD-WAN Architecture:

Loading diagram...

SD-WAN Policy Example:

# SD-WAN application routing policy
policy = {
    'voice': {
        'priority': 'high',
        'preferred_path': 'mpls',
        'backup_path': 'internet',
        'sla': {
            'latency': '< 100ms',
            'jitter': '< 30ms',
            'packet_loss': '< 1%'
        }
    },
    'video': {
        'priority': 'medium',
        'preferred_path': 'internet',
        'bandwidth': '5 Mbps',
        'sla': {
            'latency': '< 150ms',
            'packet_loss': '< 2%'
        }
    },
    'web': {
        'priority': 'low',
        'load_balance': ['internet', 'lte'],
        'sla': {
            'latency': '< 300ms'
        }
    }
}

Migration Strategy:

1. Hybrid Approach:

  • Keep MPLS for critical applications
  • Add SD-WAN for internet breakout
  • Gradual migration

2. Full SD-WAN:

  • Replace MPLS entirely
  • Use multiple internet circuits
  • Implement security stack (firewall, encryption)

Use Cases:

Choose MPLS when:

  • Guaranteed SLA required
  • Highly sensitive data
  • Predictable performance critical
  • Budget allows

Choose SD-WAN when:

  • Cost optimization needed
  • Cloud-first strategy
  • Rapid deployment required
  • Multiple branch locations
  • Need application visibility

Rarity: Common
Difficulty: Hard

Network Design

4. Design a highly available enterprise network.

Answer: Enterprise network with redundancy:

Loading diagram...

Key Components:

1. Redundancy:

  • Dual ISP connections
  • Redundant routers (HSRP/VRRP)
  • Redundant core switches
  • Redundant links (EtherChannel)

2. HSRP Configuration:

! Router 1 (Active)
Router1(config)# interface gigabitethernet 0/0
Router1(config-if)# ip address 192.168.1.2 255.255.255.0
Router1(config-if)# standby 1 ip 192.168.1.1
Router1(config-if)# standby 1 priority 110
Router1(config-if)# standby 1 preempt

! Router 2 (Standby)
Router2(config)# interface gigabitethernet 0/0
Router2(config-if)# ip address 192.168.1.3 255.255.255.0
Router2(config-if)# standby 1 ip 192.168.1.1
Router2(config-if)# standby 1 priority 100

3. Spanning Tree:

! Configure RSTP
Switch(config)# spanning-tree mode rapid-pvst

! Set root bridge
Switch(config)# spanning-tree vlan 1-100 root primary

! PortFast for access ports
Switch(config)# interface range fastethernet 0/1-24
Switch(config-if-range)# spanning-tree portfast

Rarity: Very Common
Difficulty: Hard

5. How do you design an enterprise wireless network?

Answer: Enterprise wireless requires careful planning for coverage, capacity, and security.

Architecture Options:

1. Controller-Based (Centralized):

Loading diagram...

Benefits:

  • Centralized management
  • Seamless roaming
  • Consistent policies
  • Easier troubleshooting

2. Controller-Less (Distributed):

  • Each AP is autonomous
  • Lower cost
  • No single point of failure
  • More complex management

Design Considerations:

1. Site Survey:

# RF planning factors
- Coverage area
- User density
- Application requirements
- Building materials
- Interference sources

# Tools
- Ekahau Site Survey
- AirMagnet Survey
- NetSpot

2. Channel Planning:

2.4 GHz:

  • Channels: 1, 6, 11 (non-overlapping)
  • 20 MHz channel width
  • Better range, more interference

5 GHz:

  • More channels available (25+ non-overlapping)
  • 20/40/80/160 MHz channel widths
  • Less interference, shorter range
! Configure AP channels
ap dot11 24ghz shutdown
ap dot11 24ghz channel 1
ap dot11 24ghz power-level 3
ap dot11 24ghz no shutdown

ap dot11 5ghz shutdown
ap dot11 5ghz channel 36
ap dot11 5ghz power-level 2
ap dot11 5ghz no shutdown

3. Roaming:

802.11r (Fast Roaming):

  • Pre-authentication
  • Faster handoff (< 50ms)
  • Better for VoIP

Configuration:

! Enable 802.11r
wlan CORPORATE 1 CORPORATE
 security wpa akm ft psk
 security wpa akm ft dot1x
 mobility anchor 10.1.1.1

4. Security:

WPA3-Enterprise (802.1X):

! RADIUS configuration
wlan CORPORATE 1 CORPORATE
 security wpa akm dot1x
 security wpa wpa3
 security wpa cipher aes
 radius server auth RADIUS-SERVER

! RADIUS server
radius server RADIUS-SERVER
 address ipv4 10.1.1.100 auth-port 1812 acct-port 1813
 key MySecretKey

Guest Network Isolation:

! Guest WLAN
wlan GUEST 2 GUEST
 security open
 security web-auth
 security web-passthrough
 no security wpa
 no security wpa wpa2
 no security wpa wpa3

! Client isolation
wlan GUEST 2 GUEST
 peer-blocking drop

5. QoS for Wireless:

! Prioritize voice traffic
wlan CORPORATE 1 CORPORATE
 qos wmm required

! Platinum QoS profile
qos profile VOICE
 priority platinum
 average-data-rate 6000
 burst-data-rate 6000

Capacity Planning:

# Calculate AP requirements
def calculate_aps(area_sqft, users, throughput_per_user_mbps):
    # Coverage-based
    coverage_per_ap = 5000  # sq ft (varies by environment)
    aps_for_coverage = area_sqft / coverage_per_ap
    
    # Capacity-based
    ap_throughput = 300  # Mbps (realistic for 802.11ac)
    users_per_ap = 25  # Recommended maximum
    
    total_throughput = users * throughput_per_user_mbps
    aps_for_capacity = total_throughput / ap_throughput
    
    # Use higher value
    return max(aps_for_coverage, aps_for_capacity)

# Example
required_aps = calculate_aps(
    area_sqft=50000,
    users=500,
    throughput_per_user_mbps=2
)
print(f"Required APs: {required_aps}")

Best Practices:

  • 20-30% AP overlap for seamless roaming
  • Separate SSIDs for different user types
  • Regular spectrum analysis
  • Monitor client health and performance
  • Plan for growth (50% capacity buffer)

Rarity: Common
Difficulty: Medium-Hard

Network Security

6. How do you secure a network infrastructure?

Answer: Multi-layered security approach:

1. Access Control Lists (ACLs):

! Standard ACL
Router(config)# access-list 10 permit 192.168.1.0 0.0.0.255
Router(config)# access-list 10 deny any

! Extended ACL
Router(config)# ip access-list extended BLOCK-TELNET
Router(config-ext-nacl)# deny tcp any any eq 23
Router(config-ext-nacl)# permit ip any any

! Apply to interface
Router(config)# interface gigabitethernet 0/0
Router(config-if)# ip access-group BLOCK-TELNET in

2. Port Security:

! Enable port security
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky

3. VPN Configuration:

! IPsec VPN
crypto isakmp policy 10
 encryption aes 256
 hash sha256
 authentication pre-share
 group 14

crypto isakmp key MySecretKey address 203.0.113.1

crypto ipsec transform-set MYSET esp-aes 256 esp-sha256-hmac

crypto map MYMAP 10 ipsec-isakmp
 set peer 203.0.113.1
 set transform-set MYSET
 match address VPN-TRAFFIC

4. Network Segmentation:

  • DMZ for public services
  • Separate VLANs for departments
  • Firewall between segments

Rarity: Very Common
Difficulty: Hard

Quality of Service (QoS)

7. Explain QoS and how to implement it.

Answer: QoS prioritizes network traffic for better performance.

QoS Mechanisms:

  1. Classification: Identify traffic
  2. Marking: Tag packets (DSCP, CoS)
  3. Queuing: Prioritize traffic
  4. Policing/Shaping: Control bandwidth

QoS Configuration:

! Class map (identify traffic)
Router(config)# class-map match-any VOICE
Router(config-cmap)# match protocol rtp
Router(config-cmap)# match ip dscp ef

Router(config)# class-map match-any VIDEO
Router(config-cmap)# match protocol http

! Policy map (define actions)
Router(config)# policy-map QOS-POLICY
Router(config-pmap)# class VOICE
Router(config-pmap-c)# priority percent 30
Router(config-pmap-c)# class VIDEO
Router(config-pmap-c)# bandwidth percent 40
Router(config-pmap-c)# class class-default
Router(config-pmap-c)# fair-queue

! Apply to interface
Router(config)# interface gigabitethernet 0/0
Router(config-if)# service-policy output QOS-POLICY

! Verify
Router# show policy-map interface gigabitethernet 0/0

DSCP Values:

  • EF (46): Voice
  • AF41 (34): Video
  • AF31 (26): Critical data
  • BE (0): Best effort

Rarity: Common
Difficulty: Medium-Hard

8. How do you automate network configuration and management?

Answer: Network automation improves consistency, reduces errors, and scales operations.

Automation Tools:

1. Python with Netmiko:

from netmiko import ConnectHandler
import getpass

# Device connection
device = {
    'device_type': 'cisco_ios',
    'host': '192.168.1.1',
    'username': 'admin',
    'password': getpass.getpass(),
    'secret': getpass.getpass('Enable password: ')
}

# Connect and execute commands
with ConnectHandler(**device) as conn:
    conn.enable()
    
    # Show commands
    output = conn.send_command('show ip interface brief')
    print(output)
    
    # Configuration commands
    config_commands = [
        'interface GigabitEthernet0/1',
        'description Uplink to Core',
        'ip address 10.1.1.1 255.255.255.0',
        'no shutdown'
    ]
    output = conn.send_config_set(config_commands)
    print(output)
    
    # Save configuration
    conn.save_config()

2. Ansible for Network Automation:

# inventory/hosts
[routers]
router1 ansible_host=192.168.1.1
router2 ansible_host=192.168.1.2

[routers: vars]
ansible_network_os=ios
ansible_connection=network_cli
ansible_user=admin
ansible_password=vault_encrypted_password
# playbooks/configure_interfaces.yml
---
- name: Configure router interfaces
  hosts: routers
  gather_facts: no
  tasks:
    - name: Configure interface description
      ios_config:
        lines:
          - description Configured by Ansible
        parents: interface GigabitEthernet0/1
    
    - name: Configure IP address
      ios_l3_interface:
        name: GigabitEthernet0/1
        ipv4: 10.1.1.1/24
        state: present
    
    - name: Enable interface
      ios_interface:
        name: GigabitEthernet0/1
        enabled: true
    
    - name: Save configuration
      ios_command:
        commands:
          - write memory

3. NETCONF/RESTCONF APIs:

import requests
from requests.auth import HTTPBasicAuth
import json

# RESTCONF example
url = 'https://192.168.1.1/restconf/data/ietf-interfaces:interfaces'
headers = {
    'Content-Type': 'application/yang-data+json',
    'Accept': 'application/yang-data+json'
}
auth = HTTPBasicAuth('admin', 'password')

# Get interfaces
response = requests.get(url, headers=headers, auth=auth, verify=False)
interfaces = response.json()
print(json.dumps(interfaces, indent=2))

# Configure interface
interface_config = {
    "ietf-interfaces:interface": {
        "name": "GigabitEthernet0/1",
        "description": "Configured via RESTCONF",
        "type": "iana-if-type:ethernetCsmacd",
        "enabled": True,
        "ietf-ip:ipv4": {
            "address": [{
                "ip": "10.1.1.1",
                "netmask": "255.255.255.0"
            }]
        }
    }
}

response = requests.put(
    f"{url}/interface=GigabitEthernet0/1",
    headers=headers,
    auth=auth,
    data=json.dumps(interface_config),
    verify=False
)
print(f"Status: {response.status_code}")

4. Configuration Backup Automation:

import os
from datetime import datetime
from netmiko import ConnectHandler

def backup_device_config(device_info, backup_dir='/backups'):
    """Backup device configuration"""
    try:
        # Connect to device
        with ConnectHandler(**device_info) as conn:
            conn.enable()
            
            # Get running config
            config = conn.send_command('show running-config')
            
            # Create backup filename
            hostname = conn.send_command('show run | include hostname').split()[1]
            timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
            filename = f"{backup_dir}/{hostname}_{timestamp}.cfg"
            
            # Save to file
            os.makedirs(backup_dir, exist_ok=True)
            with open(filename, 'w') as f:
                f.write(config)
            
            print(f"[+] Backup saved: {filename}")
            return True
    except Exception as e:
        print(f"[-] Backup failed: {e}")
        return False

# Backup multiple devices
devices = [
    {'device_type': 'cisco_ios', 'host': '192.168.1.1', 'username': 'admin', 'password': 'pass'},
    {'device_type': 'cisco_ios', 'host': '192.168.1.2', 'username': 'admin', 'password': 'pass'},
]

for device in devices:
    backup_device_config(device)

5. Network Validation:

# Validate network state
def validate_network(device):
    """Validate network configuration and state"""
    with ConnectHandler(**device) as conn:
        conn.enable()
        
        checks = {
            'interfaces_up': [],
            'bgp_neighbors': [],
            'ospf_neighbors': [],
            'issues': []
        }
        
        # Check interface status
        output = conn.send_command('show ip interface brief')
        for line in output.split('\n')[1:]:
            if 'up' in line.lower():
                checks['interfaces_up'].append(line.split()[0])
            elif 'down' in line.lower() and 'administratively' not in line.lower():
                checks['issues'].append(f"Interface down: {line.split()[0]}")
        
        # Check BGP neighbors
        output = conn.send_command('show ip bgp summary')
        # Parse BGP neighbors
        
        # Check OSPF neighbors
        output = conn.send_command('show ip ospf neighbor')
        # Parse OSPF neighbors
        
        return checks

Benefits:

  • Reduced configuration time
  • Consistent configurations
  • Reduced human error
  • Easy rollback
  • Audit trail
  • Scalability

Rarity: Common
Difficulty: Medium-Hard

Advanced Troubleshooting

9. How do you troubleshoot complex network issues?

Answer: Systematic approach to complex problems:

1. Gather Information:

! Check interfaces
show ip interface brief
show interfaces status

! Check routing
show ip route
show ip protocols

! Check neighbors
show cdp neighbors
show lldp neighbors

! Check logs
show logging

2. Packet Capture:

# tcpdump
tcpdump -i eth0 -w capture.pcap

# Wireshark filters
tcp.port == 80
ip.addr == 192.168.1.1
http.request.method == "GET"

3. Network Monitoring:

# SNMP monitoring
snmpwalk -v2c -c public 192.168.1.1

# NetFlow analysis
# Analyze traffic patterns
# Identify bandwidth hogs
# Detect anomalies

4. Layer-by-Layer Troubleshooting:

  • Layer 1: Physical (cables, ports)
  • Layer 2: Data Link (VLANs, STP)
  • Layer 3: Network (routing, IP)
  • Layer 4: Transport (TCP/UDP)
  • Layer 7: Application (DNS, HTTP)

5. Common Issues:

! Duplex mismatch
show interfaces gigabitethernet 0/0
interface gigabitethernet 0/0
 duplex auto
 speed auto

! Routing loop
show ip route
traceroute 192.168.1.1

! VLAN mismatch
show vlan brief
show interfaces trunk

Rarity: Very Common
Difficulty: Hard

Conclusion

Senior network engineer interviews require deep technical expertise and practical experience. Focus on:

  1. Advanced Routing: OSPF, BGP, route manipulation
  2. WAN Technologies: MPLS vs SD-WAN, migration strategies
  3. Network Design: High availability, redundancy, scalability
  4. Wireless: Enterprise WiFi design, roaming, security
  5. Security: ACLs, VPNs, segmentation, best practices
  6. QoS: Traffic prioritization, bandwidth management
  7. Automation: Python, Ansible, NETCONF/RESTCONF
  8. Troubleshooting: Systematic approach, tools, packet analysis

Demonstrate real-world experience with complex networks and strategic decision-making. Good luck!

Newsletter subscription

Weekly career tips that actually work

Get the latest insights delivered straight to your inbox

Related Posts

Junior Network Engineer Interview Questions: Complete Guide
Nov 25, 2025
12 min read

Junior Network Engineer Interview Questions: Complete Guide

Master essential networking fundamentals with comprehensive interview questions covering TCP/IP, routing, switching, VLANs, and core network concepts for junior network engineer roles.

MBMilad Bonakdar
Senior System Administrator Interview Questions: Complete Guide
Nov 25, 2025
14 min read

Senior System Administrator Interview Questions: Complete Guide

Master advanced system administration concepts with comprehensive interview questions covering virtualization, automation, disaster recovery, security, and enterprise IT infrastructure for senior sysadmin roles.

MBMilad Bonakdar
Senior DevOps Engineer Interview Questions: Complete Guide
Nov 25, 2025
25 min read

Senior DevOps Engineer Interview Questions: Complete Guide

Master advanced DevOps concepts with comprehensive interview questions covering Kubernetes, Terraform, cloud architecture, GitOps, security, SRE practices, and high availability for senior DevOps engineers.

MBMilad Bonakdar
Decorative doodle

Your Next Interview is Just One Resume Away

Create a professional, optimized resume in minutes. No design skills needed—just proven results.

Create my resume

Share this post

Cut Your Resume Writing Time by 90%

The average job seeker spends 3+ hours formatting a resume. Our AI does it in under 15 minutes, getting you to the application phase 12x faster.

Build in 15 Minutes