Network Engineer Job Scenarios

1. A user complains they cannot access a specific server, but they

can access the internet. What troubleshooting steps will you
take?

Answer: Start by checking basic connectivity (ping the server), verify IP

address and DNS resolution, check the route using tracert, and review switch
and router configurations for any access lists or routing issues. Also, confirm
that the VLAN and trunk configurations are correct.

2. A network is experiencing high latency. What are your steps to

diagnose the issue?

Answer: Use ping and traceroute to identify where delays are occurring.
Check for high CPU utilization on network devices, congestion on interfaces,
and review logs for errors. Inspect routing loops or misconfigurations in QoS
settings.

3. You have a link between two switches that should be forwarding

traffic, but it's down. How do you troubleshoot?

Answer: Check physical connections (cables and ports), verify the

configuration of the interface (whether it’s up), ensure matching duplex and
speed settings, and confirm that no STP blocks are in place.

4. A router is not advertising a route to OSPF neighbors. What could

be the issue?

Answer: Check OSPF configurations such as network statements, ensure

interfaces are part of the correct OSPF area, and verify OSPF authentication
settings if used. Also, ensure the route is valid in the routing table.

5. You need to configure an EtherChannel between two switches.

What steps will you take?

Answer: Ensure that the interfaces on both switches have the same speed
and duplex settings, then configure the interfaces to use EtherChannel either
using LACP (Link Aggregation Control Protocol) or PAgP (Port Aggregation
Protocol) depending on the preference. Also make sure that native Vlan is the
same.
6. A device is unreachable via its hostname but reachable via IP.
What could be the cause?

Answer: This indicates a DNS issue. Verify that the correct DNS server is
configured, and check the DNS server for proper resolution of the hostname.

7. How do you handle a broadcast storm in the network?

Answer: Identify the source of the broadcast storm using network

monitoring tools. Ensure STP is enabled to prevent loops and consider
implementing broadcast storm control on switches.

8. How would you troubleshoot intermittent connectivity on a

network segment?

Answer: Check physical connections for loose cables, verify error statistics
on interfaces, look for duplex mismatches, and check for flapping routes or
high CPU utilization on network devices.

9. How do you troubleshoot a switch port that is not coming up?

Check Physical Connections: Ensure the cable is connected properly and

the device at the other end is powered on.

Check Port Status: Use the command: #show interface [interface ID] to
check if the port is administratively down or physically down.

Verify VLAN Membership: Make sure the port is assigned to the correct
VLAN using #show vlan brief.

Check for Errors: Look for any errors like err-disabled using #show
interface [interface ID].

Check Auto-negotiation: Verify if the port settings (speed, duplex) are

correct and match the device on the other end. Use #show interface status
to identify mismatch.

10. How would you troubleshoot a trunk link that is not passing
VLANs correctly?

Verify Trunk Configuration: Use show interface trunk to check the

trunking status and verify the allowed VLANs.
Check VLAN Configuration: Make sure the correct VLANs are defined using
#show vlan brief.

Check Native VLAN Mismatch: Ensure that the native VLAN on both ends
of the trunk match. If they do not, the traffic might not pass correctly.

Verify Encapsulation: Use #show interfaces [interface] to ensure that both

ends of the trunk are using the same encapsulation type (e.g., 802.1Q).

Verify DTP (Dynamic Trunking Protocol): Check if the switch ports are
properly negotiating trunking. If not, you can force trunking with the
command switchport mode trunk.

11. What is the cause and solution for a port being in an 'err-
disabled' state?

A port can enter the 'err-disabled' state due to several reasons, including:

 Security violations (port security)

 Link flapping (the port keeps going up and down)
 STP topology changes
 Duplex mismatches
 BPDU guard violations

To resolve: Check the reason for the error using #show interface [interface
ID] and #show log.

Resolve the issue (e.g., fix security violation, check physical cables, or
correct duplex mismatch). Re-enable the port with shutdown followed by no
shutdown.

12. How would you troubleshoot a situation where a user is unable

to access resources in a different VLAN?

VLAN Configuration: #show vlan brief – Verify port is in the correct VLAN.

VLAN Routing: Ensure inter-VLAN routing is enabled (Layer 3 switch/router).

IP Addressing: Verify correct IP, subnet mask, and gateway.

ACLs: Ensure no ACLs block VLAN traffic.

Trunking: #show interface trunk – Ensure trunk allows the VLAN.

13. How would you verify the health of the switch and its
interfaces?

Interface Status:

#show interface status – Check status and VLAN.

#show interfaces – Check errors and traffic.

System Resources:

#show processes – Monitor CPU usage.

#show memory – Check memory usage.

Errors:

#show logging – View system logs.

#show interface [interface ID] – Check interface status and errors.

Spanning Tree:

#show spanning-tree – Verify root bridge and loops.

14. A new router is installed in a network, but users are unable to

access the internet. What do you check?

Answer: Verify the router’s configuration, ensure NAT is properly configured

for internet access, check the routing table for proper routes to external
networks, and confirm that the ISP’s connection is working correctly.

15. A networked application is throwing timeout errors

intermittently. What do you check?

Answer: Check for network congestion or packet loss, verify the

application's server is reachable and not under high load, inspect DNS or
name resolution issues, and check for any issues with the application’s
timeout settings or connections to back-end resources.
16. A user is experiencing very high packet loss during a VoIP call.
What would you check?

Answer: Verify network quality (e.g., check jitter, latency, and packet loss),
check if there are any QoS settings in place to prioritize VoIP traffic, inspect
the user’s device for hardware issues, and ensure there are no bandwidth
limitations affecting the call.

17. You suspect that a specific network segment is being attacked.

What steps do you take?

Answer: Review firewall and intrusion detection/prevention system logs for

unusual activity, check for high traffic spikes, investigate for possible DoS or
DDoS attacks, and inspect network device configurations for any
vulnerabilities.

18. Scenario 1: Network Latency Issues

A branch office complains about high latency when accessing the

company’s central database. What steps would you take to diagnose
and resolve the issue?

Answer:
- Check latency using tools like ping or traceroute.
- Analyze traffic with monitoring tools (e.g., Wireshark).
- Inspect the WAN link for saturation, packet loss, or jitter.
- Verify routing paths and adjust configurations if needed.
- Implement QoS to prioritize critical traffic.
- Collaborate with the ISP to address link-level problems.

19. Scenario 2: IP Conflict

Question: Two devices on the same subnet are reporting an IP

address conflict. How do you resolve this?

Answer:
- Use arp -a to identify conflicting MAC addresses.
- Locate both devices using their MAC addresses.
- Check if one device uses static IP and the other gets it via DHCP.
- Assign a unique IP or reserve the IP in the DHCP server.
- Monitor the network to prevent recurrence.

Here it is important first to see if IP address was assigned dynamically

(DHCP) or configured statically.

If it was configured statically, try to check and configure the IP address again
in the device

If it was assigned using DHCP, in Command Prompt, use the commands:

ipconfig /release and the ipconfig /renew

20. Scenario 3: VPN Connectivity Problem

Question: A remote worker is unable to connect to the VPN. How

would you troubleshoot this?

Answer:
- Verify user credentials and account status.
- Confirm correct client configuration (server address, protocol).
- Ensure internet access and open required ports (e.g., 443 for SSL VPN).
- Review server and client logs for errors.
- Check firewalls or IPSec parameter mismatches.
- Test connectivity using a known working VPN account.

21. Scenario 4: Packet Loss Detected

Question: Your monitoring tool indicates 10% packet loss between

two critical servers. How do you investigate and fix it?

Answer:
- Use ping and traceroute to locate packet loss.
- Examine network interfaces for errors or mismatched duplex settings.
- Inspect cables and test alternate switch/router ports.
- Verify intermediate device loads and redistribute traffic if needed.
- Check firewall rules to ensure packets aren’t being dropped.
- Resolve congestion using QoS or increase bandwidth.

22. Scenario 5: VLAN Configuration

Question: Users in a specific VLAN cannot communicate with other

VLANs despite routing being configured. What would you check?

Answer:
- Ensure correct VLAN IDs are assigned to switch ports.
- Verify inter-VLAN routing with necessary SVIs on the Layer 3 device.
- Check that trunk links carry relevant VLANs with proper encapsulation
(802.1Q).
- Review ACLs to ensure inter-VLAN traffic isn’t blocked.
- Confirm switch ports are in appropriate modes (access/trunk).
- Ensure the routing table has routes for all VLANs.

23. Scenario 1: OSPF Neighbor Relationships

One of the first hurdles in OSPF troubleshooting is ensuring that routers

establish neighbor relationships. What happens when two routers that should
form a neighbor relation don't? Consider this: Router A and Router B are
configured in the same broadcast domain and subnet but aren't forming a
neighbor relationship. The culprits could include mismatched OSPF interface
settings such as area mismatch, differing MTU sizes, or incorrect network
types on interfaces.

To troubleshoot, start by verifying the OSPF configurations on both routers.

Ensuring that both have the same OSPF area, subnet, and authentication
settings is critical. You could use commands like #show ip ospf neighbor to
check the status of OSPF neighbors and #show ip interface to confirm
interface settings.

24. Scenario 2: OSPF Route Advertisement Issues

Another common OSPF issue occurs with route advertisement. Imagine

Router C, which is supposed to propagate a route to a newly added subnet
but isn't doing so. This could stem from several issues, such as the area
design misconfigurations or route summarization oversights.

The initial step in this scenario is to check if the subnet is included within a
network statement under OSPF configuration and whether the interface
associated with the subnet is up and included in the correct OSPF area.
Additionally, inspecting route summarization setups or filtering that might be
preventing route advertisement is key. The command #show ip ospf
database can reveal necessary details about the OSPF link-state database,
which helps in diagnosing issues related to route distribution.

25. Scenario 1: DHCP Not Assigning IP Addresses

Question: Users on a network report they are not receiving IP

addresses. How would you troubleshoot and resolve this?

Answer:

- Check DHCP Server: Ensure the DHCP service is running and properly
configured.
- Scope Configuration: Verify the DHCP scope has available IPs and the
correct subnet mask.
- Network Connectivity: Confirm devices can reach the DHCP server (e.g.,
ping).
- Switch Port Settings: Ensure ports are in the correct VLAN for DHCP relay.

DHCP issues and troubleshooting:

Here are some common issues and solutions:
26. Scenario 2: Intermittent Wi-Fi Connectivity

Question: Users report intermittent connectivity to the corporate

Wi-Fi. How do you troubleshoot this?

Answer:

- Signal Strength: Use Wi-Fi analyzer tools to check for weak signals or
interference.
- Access Point Load: Ensure no access point is overloaded with too many
clients.
- Channel Overlap: Check for overlapping Wi-Fi channels and adjust to less
congested ones.
- Access Point Configuration: Verify SSID, encryption settings, and firmware
updates.
- Device Testing: Test connectivity using a known working device to isolate
client issues.

27. Scenario 3: High CPU Utilization on a Router

Question: A router shows unusually high CPU usage. What steps
would you take to resolve this?

Answer:

- Inspect Traffic: Use tools like `show processes` or `debug ip traffic` to

identify high traffic or unusual patterns.
- Routing Table Size: Check for excessive routing table updates or instability
(e.g., routing loops).
- Firewall Rules: Verify no misconfigured rules are causing unnecessary
processing.
- Software Bugs: Ensure the router is running with the latest stable firmware.

28. Scenario 4: VLAN Cannot Access Another VLAN

Question: Devices in VLAN 30 cannot communicate with devices in VLAN 40.

How would you troubleshoot this?

Answer:

- SVI Configuration: Ensure VLAN 30 and VLAN 40 have SVIs configured on

the Layer 3 device.

- Inter-VLAN Routing: Verify inter-VLAN routing is enabled and properly

configured.

- ACLs: Check if ACLs are blocking traffic between the VLANs.

- Trunk Links: Confirm trunk ports are carrying both VLANs.

29. Scenario 5: Internet Access Slow for a Subnet

Question: One subnet experience slow internet speed while others work fine.
How would you troubleshoot this?

Answer:

- Bandwidth Utilization: Monitor bandwidth usage on the subnet using traffic

analysis tools.

- Switch Ports: Check switch ports for errors or high utilization.

- Routing Issues: Ensure there are no routing loops or misconfigurations for

that subnet.
- QoS Policies: Verify if QoS is deprioritizing traffic for the subnet.

30. Scenario 6: Network Latency Issues

Question: A branch office complains about high latency when accessing the
company’s central database. What steps would you take to diagnose and
resolve the issue?

Answer:

- Check latency using tools like ping or traceroute.

- Analyze traffic with monitoring tools (e.g., Wireshark).

- Inspect the WAN link for saturation, packet loss, or jitter.

- Verify routing paths and adjust configurations if needed.

- Implement QoS to prioritize critical traffic.

- Collaborate with the ISP to address link-level problems

31. Scenario 7: IP Conflict

Question: Two devices on the same subnet are reporting an IP address

conflict. How do you resolve this?

Answer:

- Use arp -a to identify conflicting MAC addresses.

- Locate both devices using their MAC addresses.

- Check if one device uses static IP and the other gets it via DHCP.

- Assign a unique IP or reserve the IP in the DHCP server.

- Monitor the network to prevent recurrence.

32. Scenario 8: VPN Connectivity Problem

Question: A remote worker is unable to connect to the VPN. How would you
troubleshoot this?

Answer:
 - Verify user credentials and account status.

- Confirm correct client configuration (server address, protocol).

- Ensure internet access and open required ports (e.g., 443 for SSL VPN).

- Review server and client logs for errors.

- Check firewalls or IPSec parameter mismatches.

- Test connectivity using a known working VPN account.

33. Scenario 9: Packet Loss Detected

Question: Your monitoring tool indicates 10% packet loss between two critical
servers. How do you investigate and fix it?

Answer:

- Use `ping` and `traceroute` to locate packet loss.

- Examine network interfaces for errors or mismatched duplex settings.

- Inspect cables and test alternate switch/router ports.

- Verify intermediate device loads and redistribute traffic if needed.

- Check firewall rules to ensure packets aren’t being dropped.

- Resolve congestion using QoS or increase bandwidth.

34. Scenario 10: VLAN Configuration

Question: Users in a specific VLAN cannot communicate with other VLANs

despite routing being configured. What would you check?

Answer:

- Ensure correct VLAN IDs are assigned to switch ports.

- Verify inter-VLAN routing with necessary SVIs on the Layer 3 device.

- Check that trunk links carry relevant VLANs with proper encapsulation
(802.1Q).

- Review ACLs to ensure inter-VLAN traffic isn’t blocked.

 - Confirm switch ports are in appropriate modes (access/trunk).

- Ensure the routing table has routes for all VLANs.

35. Scenario 11: A user is unable to connect to the internet, but

the network interface is up. What troubleshooting steps would
you take?

Answer:

- Check the user's IP configuration (ipconfig or ifconfig).

- Ensure that the IP is within the correct subnet.
- Check the default gateway configuration and ping the gateway.
- Check DNS settings and perform DNS resolution tests.
- Verify if there is an issue with the DHCP server or manually assign an
IP.
- Test the network cable, switch port, and ensure the NIC is working
properly.

36. Scenario 12: You are assigned a task to implement a new VLAN
in a network. How would you configure it?

Answer:

- Create the VLAN on the switch using the command vlan X where X is
the VLAN ID.
- Assign the VLAN to the required ports using switchport access vlan X.
- Configure the router for inter-VLAN routing if necessary.
- Test connectivity between devices in the same VLAN and across VLANs.

37. Scenario 13: The network is slow, and users complain about
intermittent disconnections. How would you troubleshoot this
issue?

Answer:

- Check the network for any high traffic or broadcast storms.

- Use ping and traceroute to identify packet loss or latency.
- Check for hardware issues (bad cables, faulty switches, or routers).
- Review the network topology for potential bottlenecks.
 - Monitor the network performance using SNMP or a network monitoring
tool.

38. Scenario 14: A user is connected to the network but cannot

access a specific application server. How would you troubleshoot?

Answer:

- Check the user’s IP address and subnet to ensure it is correct.

- Verify if there are any firewall rules blocking access.
- Test connectivity with ping and telnet to the application server’s port.
- Check if the application server is up and running.
- Review network ACLs or VLANs to ensure proper routing and access.

39. Scenario 15: You are asked to configure redundancy for critical
servers. How would you implement it?

Answer:

- Configure HSRP, VRRP, or GLBP for router redundancy.

- Implement RAID (redundant array of independent disk) configurations
for server storage redundancy.
- Use load balancing or clustering for application-level redundancy.
- Ensure that power redundancy (UPS systems) is in place for servers.

40. Scenario 16: A site-to-site VPN is not connecting. How would

you troubleshoot?

Answer:

- Check if the IPsec parameters (encryption, hashing, etc.) match on

both ends.
- Ensure that the pre-shared key or certificates are correct.
- Verify that both firewalls allow VPN traffic (UDP 500, 4500, etc.).
- Review the routing and make sure the traffic is being directed to the
correct tunnel interface.

41. Scenario 17: The router does not route traffic between two
subnets. What could be the problem?
Answer:

- Verify that routing is enabled (ip routing) – I believe this is when

using L3 Switch
- Check if there are any static routes or dynamic routing protocols
misconfigured.
- Ensure the router has the correct interfaces up and assigned to the
subnets.
- Verify the routing table for the expected routes.

42. Scenario 18: A switch port is showing as “err-disabled.” How

would you resolve it?

Answer:

- Use the command #show interfaces status to identify the exact error.
- Check for issues like a loop, BPDU guard, or security violations.
- Use shutdown followed by no shutdown to bring the port back online.
- Review port security settings and clear any security violation counters.
43. Scenario 19: Users in one VLAN cannot communicate with
users in another VLAN. What could be wrong?

Answer:

- Ensure the router or Layer 3 switch has inter-VLAN routing enabled.

- Check if the trunk link between switches is up and correctly configured.
- Verify that VLAN IDs are consistent across switches.
- Ensure that routing between VLANs is properly configured.

44. Scenario 20: You have a network with many devices and are
facing ARP table issues. What solution can you propose?

Answer:

- Implement static ARP entries for critical devices.

- Reduce ARP timeouts and use ARP rate limiting to avoid excessive ARP
requests.
- Use VLANs to segment traffic and minimize broadcast traffic.
- Enable Gratuitous ARP (GARP) to quickly update ARP tables when a
device changes IP.
45. Scenario 21: The network is facing packet loss when using
VoIP, causing poor voice quality. How would you troubleshoot?

Answer:

- Check for network congestion and high latency using ping/traceroute.

- Ensure QoS (Quality of Service) policies are configured to prioritize VoIP
traffic.
- Check the switch ports for issues like duplex mismatches or errors.
- Monitor network performance with Wireshark or other packet analysis
tools.

46. Scenario 22: You are tasked with configuring a load balancer
for a web application. How would you do it?

Answer:

- Configure the load balancer with multiple back-end server IP

addresses.
- Define the load balancing method (round robin, least connections,
etc.).
- Ensure the load balancer monitors the health of the servers.
- Configure session persistence if needed for users to stay on the same
server.
- Ensure proper SSL termination if required.

47. Scenario 23: A user reports being unable to ping the gateway
but can access resources within the local network. What might be
the issue?

Answer:

- The gateway might be down or unreachable due to a routing issue.

- There might be a firewall blocking ICMP traffic (ping).
- Ensure the correct subnet mask is configured, as a misconfiguration
could prevent access to the gateway.

48. Scenario 24: A router does not accept any new routing entries.
What could be causing this?
Answer:

- The router’s routing table may be full, and you might need to add more
memory.
- Check for a misconfigured maximum number of routes in the routing
protocol.
- Verify that the router has enough processing power to handle the
number of routes.

49. Scenario 25: There is high CPU usage on a switch. What steps
would you take to investigate?

Answer:

- Use #show processes to identify the process causing high CPU usage.
- Check for network loops or broadcast storms that might be overloading
the switch.
- Verify if there are any software bugs or issues with the switch firmware.
- Monitor the network for unusual traffic patterns.

50. Scenario 26: A server connected to the network shows high

latency. How would you troubleshoot this?

Answer:

- Check the server’s CPU and memory usage for resource exhaustion.
- Use ping and traceroute to identify any network delays.
- Test connectivity to the server using different protocols (e.g., FTP,
HTTP).
- Investigate the switch or router the server is connected to for
congestion or errors.

51. Scenario 27: A network is experiencing frequent broadcast

storms. How would you address this issue?

Answer:

- Check for faulty devices (like hubs or misconfigured network cards)

generating excessive broadcasts.
- Implement VLANs to segment broadcast traffic.
 - Enable storm control on switches to limit broadcast traffic.
- Review spanning tree settings to ensure there is no network loop.

52. Scenario 28: You need to secure your network from

unauthorized access. What measures would you implement?

Answer:

- Use strong passwords and enable authentication protocols (RADIUS,

TACACS).
- Implement network segmentation using VLANs and ACLs.
- Enable port security on switches to restrict unauthorized devices.
- Use firewalls and VPNs to protect the perimeter.
- Regularly update device firmware and software for security patches.

53. Scenario 29: A branch office needs to connect to the

headquarters over the internet securely. What solution would you
recommend?

Answer:

- Configure a site-to-site VPN using IPsec for secure communication over

the internet.
- Implement an MPLS solution if high availability and dedicated
bandwidth are required.
- Ensure the VPN uses strong encryption and authentication methods
(e.g., AES, pre-shared keys).

54. Scenario 30: A network is facing high traffic congestion. How

would you mitigate this?

Answer:

- Implement QoS policies to prioritize important traffic.

- Use traffic shaping to control the rate of data flow.
- Add additional links or upgrade existing bandwidth to handle more
traffic.
- Segment the network using VLANs to reduce broadcast traffic.