A network engineer interview is less about reciting definitions and more about proving you can trace a packet from one host to another and explain what breaks along the way. Interviewers for network engineer and network administrator roles want to hear you reason about layers, addressing, and failure modes the way you would while staring at a console at 2 a.m. with half the office offline. This guide collects real networking interview questions grouped by the topics most loops cover: the OSI and TCP/IP models, subnetting, routing versus switching, DNS and DHCP, VLANs, firewalls, and scenario-based troubleshooting. Each question comes with a short answer or a note on what the interviewer is actually testing.
Read these as conversation starters, not flashcards. The strongest candidates can talk through *why* one design beats another and what they would check first when something fails. Where you have hands-on lab or production experience, anchor your answer in a concrete setup. Where you do not, reason from first principles and say so — interviewers respect that far more than a memorized list delivered with no understanding behind it.
How networking interview questions are weighted by level
The same topics surface at every seniority band, but the depth expected shifts. Knowing where the bar sits helps you calibrate how far to push each answer.
| Topic area | Junior focus | Mid-level focus | Senior focus |
|---|---|---|---|
| OSI / TCP/IP | Name the layers and protocols | Map a real flow across layers | Use layers to structure troubleshooting |
| Addressing / subnetting | Read an IP and mask | Subnet a block by hand | Design an addressing plan for a site |
| Routing & switching | Layer 2 vs Layer 3 difference | Static vs dynamic routing, VLANs | Protocol selection, convergence, scale |
| Services (DNS, DHCP) | What they do | Record types, lease process | Redundancy and failure handling |
| Security | Firewall basics | Stateful vs stateless, ACLs | Segmentation and defense in depth |
Use this as a dial. For a senior role, do not stop at "a router works at Layer 3" — push toward convergence time, blast radius, and what you would redesign.
OSI and TCP/IP model questions
Almost every networking loop opens here, because the layered model is the shared language for everything that follows. A strong answer treats the layers as a troubleshooting framework, not a memorized list.
What are the seven layers of the OSI model?
From bottom to top: Physical, Data Link, Network, Transport, Session, Presentation, and Application. The OSI model splits communication into these seven abstraction layers so that each one handles a specific job — bits on a wire at Layer 1, framing and MAC addressing at Layer 2, IP routing at Layer 3, and end-to-end delivery at Layer 4. The mnemonic "Please Do Not Throw Sausage Pizza Away" helps, but interviewers care more that you can attach a real protocol or device to each layer.
How does the TCP/IP model differ from the OSI model?
TCP/IP collapses the seven OSI layers into four: Network Access, Internet, Transport, and Application. The OSI Application, Presentation, and Session layers all fold into the single TCP/IP Application layer, and the Physical and Data Link layers fold into Network Access. OSI is the teaching model; TCP/IP is what the internet actually runs on. A good candidate notes that the two map cleanly at the Transport and Internet/Network layers, which is where most interview questions live.
Walk me through what happens when you type a URL into a browser.
This is the classic end-to-end question, and it touches almost every topic in this guide. The short version: the browser resolves the domain to an IP through DNS, opens a TCP connection to that IP on port 443, completes a TLS handshake, sends an HTTP request, and renders the response. Strong answers weave in ARP for the local MAC lookup, the default gateway for off-subnet traffic, and routing across the internet. Interviewers use this to see how many layers you can connect in one coherent story.
What is the difference between TCP and UDP?
TCP is connection-oriented and reliable: it establishes a session, guarantees ordered delivery, retransmits lost segments, and manages flow and congestion. UDP is connectionless and best-effort — no handshake, no retransmission, lower overhead. Use TCP for web, email, and file transfer where correctness matters; use UDP for DNS queries, VoIP, video streaming, and gaming where speed beats perfect delivery. Be ready to name the trade-off out loud: reliability costs latency.
Explain the TCP three-way handshake.
A client sends a SYN with its initial sequence number, the server replies with SYN-ACK acknowledging that number and offering its own, and the client sends a final ACK. After those three messages both sides agree on starting sequence numbers and the connection is open. The current TCP standard, RFC 9293, explains the handshake exists because sequence numbers are not tied to a global clock — the exchange is what lets two endpoints synchronize and reject stale duplicate segments. Mention that connection teardown uses a separate four-way FIN/ACK exchange.
IP addressing and subnetting questions
Subnetting is the topic candidates most often fumble, which is exactly why interviewers lean on it. Practice doing it on paper until it is fast, because some interviewers will hand you a marker and a whiteboard.
What is subnetting and why do we do it?
A subnet is a logical subdivision of an IP network — hosts in the same subnet share the same high-order address bits. We subnet to reduce broadcast domains, improve performance, conserve address space, and create security boundaries. Without subnetting, a single large network floods every host with broadcast traffic and gives you no clean place to apply policy. The answer interviewers want connects the *why* (smaller broadcast domains, better control) to the *how* (borrowing host bits for the network portion).
What does CIDR notation like /24 mean?
Classless Inter-Domain Routing notation writes the prefix length after a slash: 192.168.1.0/24 means the first 24 bits identify the network and the remaining 8 bits address hosts, giving 256 addresses and 254 usable hosts. CIDR replaced the old rigid Class A/B/C system and lets you size a network to its actual need. Be ready to convert quickly: /24 is 255.255.255.0, /25 is 255.255.255.128 (128 addresses), /30 is 255.255.255.252 (the classic point-to-point link with 2 usable hosts).
How many usable hosts are in a /27?
A /27 leaves 5 host bits, so 2^5 = 32 total addresses, minus the network and broadcast addresses, equals 30 usable hosts. The formula to lock in is 2^(host bits) − 2. Practice the common ones — /30 gives 2, /29 gives 6, /28 gives 14, /27 gives 30 — so you answer instantly instead of doing arithmetic under pressure.
What is the difference between a public and a private IP address?
Private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are reserved for internal networks and are not routable on the public internet. Public addresses are globally unique and routable. The bridge between them is NAT, which translates private addresses to a public one at the network edge. A complete answer mentions that private addressing plus NAT is a big part of why IPv4 has survived address exhaustion as long as it has.
Routing and switching questions
This pair separates people who memorized definitions from people who understand how traffic actually moves. Expect questions that force you to place a device or protocol at the right layer.
What is the difference between a router and a switch?
A switch operates at Layer 2 and forwards frames within a single network based on MAC addresses, building a MAC table as it learns. A router operates at Layer 3 and forwards packets between different networks based on IP addresses, using a routing table. Put plainly: switches move traffic *inside* a network, routers move traffic *between* networks. Many enterprise devices are Layer 3 switches that do both, which is a good nuance to raise.
What is the difference between static and dynamic routing?
Static routes are configured by hand and never change unless you edit them — simple, predictable, and fine for small or stub networks, but they do not adapt when a link fails. Dynamic routing protocols like OSPF and BGP exchange reachability information and recompute paths automatically when topology changes. The trade-off is control versus scalability: static is cheap and deterministic, dynamic is resilient and self-healing but heavier to run and reason about.
What is a VLAN and what problem does it solve?
A VLAN is a logical segmentation of a physical switch into separate broadcast domains. It lets you group devices by function — say, finance and engineering — regardless of physical location, which shrinks broadcast traffic and creates a security boundary without running separate cabling. Be ready to explain that inter-VLAN traffic must pass through a Layer 3 device (a router or Layer 3 switch), and that trunk ports carry multiple VLANs between switches using 802.1Q tagging.
What is the purpose of Spanning Tree Protocol?
STP prevents Layer 2 loops in a switched network with redundant links. Without it, broadcast frames would circulate forever and melt the network down in a broadcast storm. STP elects a root bridge and blocks redundant paths, keeping a single active loop-free topology while holding backups ready. Mentioning Rapid STP (faster convergence) and the broadcast-storm failure mode signals real-world experience.
DNS, DHCP, and network services questions
These services run quietly until they break, and when they break everything looks down. Interviewers probe them because outages here are common and visible.
How does DNS resolution work?
DNS translates a domain name into an IP address through a hierarchy of resolvers. Your machine asks a recursive resolver, which queries the root servers, then the TLD servers (like .com), then the authoritative server for the domain, caching results along the way. The protocol is defined in RFC 1035, the foundational DNS specification. A strong answer names common record types — A and AAAA for addresses, CNAME for aliases, MX for mail, NS for delegation — and notes that TTL controls how long each answer is cached.
What is the difference between recursive and iterative DNS queries?
In a recursive query, the resolver takes full responsibility and returns the final answer to the client, doing all the legwork itself. In an iterative query, a server returns the best referral it has — "ask this other server" — and the client follows the chain. Typically clients make recursive queries to their local resolver, and that resolver makes iterative queries up the hierarchy. The distinction shows you understand who is doing the work at each step.
How does DHCP assign an IP address?
DHCP automates host configuration through a four-step exchange known as DORA: Discover, Offer, Request, Acknowledge. The client broadcasts a Discover, available servers respond with an Offer, the client formally Requests one offer, and the server sends an Acknowledge with the lease — IP address, subnet mask, default gateway, and DNS servers. The process is specified in RFC 2131. Mention lease times and renewal, and the DHCP relay that forwards broadcasts across subnets, to show depth.
What is NAT and why is it used?
Network Address Translation rewrites the source or destination IP in a packet's header, most commonly to map many private internal addresses to one public address at the network edge. Its primary driver was IPv4 address conservation, and it also adds a layer of obscurity by hiding internal addressing. Distinguish static NAT (one-to-one) from PAT, or NAT overload, which multiplexes many internal hosts onto a single public IP using port numbers — that is what most home and office routers do.
Network security and scenario questions
Security and troubleshooting questions test judgment, not recall. There is rarely one right answer; interviewers watch how you structure the problem.
What is the difference between a stateful and a stateless firewall?
A stateless firewall filters each packet in isolation against static rules — fast, simple, and blind to context. A stateful firewall tracks the state of active connections, so it can allow return traffic for a session it already approved and block packets that do not belong to any known flow. Stateful inspection is the modern default because it understands conversations rather than individual packets. Tie it back to the connection model: a stateful firewall is essentially tracking TCP session state.
How would you troubleshoot a host that cannot reach the internet?
Work the layers from the bottom up or use a structured path: confirm the physical link and interface status, check the host has a valid IP, subnet mask, and gateway, then ping the gateway to test local connectivity, ping a public IP like 8.8.8.8 to test routing, and finally resolve a domain to isolate DNS. If the IP pings but the name does not resolve, it is DNS. If the gateway fails, it is local. Interviewers want a methodical process that isolates the failure, not a guess.
A user reports the network is "slow." Where do you start?
Resist jumping to a fix. Define the problem first: slow for one user or many, one application or all, started when, and slow how — latency, packet loss, or low throughput. Then gather data with ping and traceroute for latency and path, interface counters for errors and drops, and bandwidth utilization on the relevant links. The signal here is that you scope before you act. "Slow" is a symptom, and senior engineers narrow it to a measurable cause before touching anything.
What is the difference between TCP and UDP from a security standpoint?
Because TCP requires a handshake, it is easier to track and filter at a stateful firewall, but it is also the target of SYN flood attacks that exhaust connection tables. UDP's lack of handshake makes it harder to filter statefully and a common vehicle for amplification attacks, since a small spoofed request can trigger a large response. A thoughtful answer connects the protocol's design to its attack surface rather than treating security as a separate topic.
How to prepare for a networking interview
Knowing the answers is half the work; the other half is preparing so the answers come out clean under pressure.
- Build a home lab. Spin up GNS3 or Cisco Packet Tracer and actually configure VLANs, routing, and DHCP. Nothing beats having broken and fixed a topology yourself when an interviewer asks how you would debug one.
- Subnet until it is automatic. Drill subnetting and host-count math daily for a week before the interview. Speed here frees up mental room for the harder reasoning questions.
- Learn the company's stack. A shop running Cisco, Juniper, or a cloud-native network will weight questions differently. Find out what they run and prepare accordingly.
- Practice talking out loud. Walk through the "type a URL" flow and a troubleshooting scenario verbally, on a whiteboard, the way you will have to in the room.
- Prepare your own questions. Ask about their topology, monitoring, and on-call setup — it signals genuine interest and gives you real information about the job.
For the broader interview mechanics — body language, structuring answers, and follow-ups — our guide on how to ace an interview covers the parts that apply to any role. If your loop includes a design round, the system design interview questions guide overlaps heavily with the routing and scale topics above. And if you want timed, realistic reps, the best AI mock interview tools roundup is a good place to start.
Frequently asked questions
What topics are most important for a networking interview?
The OSI and TCP/IP models, IP addressing and subnetting, routing versus switching, DNS, DHCP, VLANs, and firewall basics show up in nearly every network engineer and network administrator loop. Subnetting and the "type a URL" end-to-end flow are the two highest-leverage things to over-prepare, because they reveal whether you actually understand how traffic moves.
Do I need a CCNA to pass a networking interview?
No, but the CCNA curriculum maps almost perfectly to the topics interviewers test, so studying for it is excellent preparation even if you never sit the exam. Hands-on lab time and the ability to reason through scenarios matter more than the certificate itself. Many strong candidates have no cert and plenty of certified ones still fumble subnetting on a whiteboard.
How much subnetting math should I expect?
Plan for at least one or two live subnetting problems, often on a whiteboard with no calculator. Be able to convert CIDR to a subnet mask, count usable hosts for any prefix, and divide a block into equal subnets quickly. Memorizing the common prefixes (/24 through /30) makes this far less stressful.
What is the best way to practice troubleshooting questions?
Build a lab in GNS3 or Packet Tracer, intentionally break things — pull a route, misconfigure a VLAN, point at a dead DNS server — and practice diagnosing them out loud using a layered, bottom-up method. Interviewers grade your process more than your speed, so rehearse narrating each step you take and why.
The conversation that gets you hired
Subnetting drills and a clean answer to the three-way handshake get you through the technical screen. What often decides the offer is a real conversation with the engineer who owns the network you would join. Articuler helps jobseekers find the actual hiring manager behind a posting, build a Playbook on what that person cares about, and send a personalized note that gets a reply — so you walk into the interview already knowing the team and the stack instead of guessing.
- https://www.articuler.ai/resources/guides/how-to-ace-an-interview/
- https://www.articuler.ai/resources/guides/system-design-interview-questions/
- https://www.articuler.ai/resources/compare/best-ai-mock-interview-tools/