BGP attributes

VPN Fundamentals Interview Questions

1. Two sites are connected using a VPN Tunnel. Which of the following is true.

a. ALL data flowing between the sites are encrypted.
b. Only TCP packets are allowed on VPN Tunnels.
c. Only IP packets are allowed on VPN tunnels.
d. None of the above.

2. Two sites are connected using a VPN Tunnel through which systems on the different network communicate. Where is the VPN client required to be installed?

a. VPN Clients are required to be installed on the systems.
b. VPN Clients are not required to be installed on the systems.
c. The VPN routers would automatically install the agents silently on the systems.
d. None of the above.

3. Where are the session keys which would be used for data encryption over the VPN tunnel pre-configured on a remote access VPN architecture?

a. The session keys are pre-configured on the VPN client.
b. The session keys are pre-configured on the VPN router to which the client establishes connectivity.
c. The session keys are pre-configured on both the client and the VPN router
d. The session keys are derived dynamically for each session.

4. A remote access client establishes VPN connection with the remote VPN router. It is observed that the client is unable to access internet. What is the generic issue

a. All traffic would be routed through the VPN tunnel.
b. This is not an issue but is how remote access vpns work.
c. Split tunneling is not configured.
d. None of the above.

5. During which phase of IPSEC Tunnel negotiation is the keys derived for data encryption.

a. Phase 1
b. Phase 2.
c. Phase 3.
d. None of the above.

6. Two sites are connected using a site to site VPN tunnel. Is routing required to be configured on the routers for communication?

a. Yes
b. No
c. Not required if internet communication is available.
b. None of the above.

7. In a SSL VPN architecture, where are the session keys stored?

a. On the browser.
b. On the VPN server
c. On the SSL VPN client software.
d. The keys are derived dynamically.

Interview questions on VLAN

Question -1

How many untagged VLAN’s can a switch port be a member of
a)1
b)Unlimited
c)4096
d)Dependent on the capacity of the switch

Question -2

On a switch, port 1 and port 2 are configured as members of vlan 2 and vlan 3 respectively. Which of the following is true

a)Broadcast traffic initiated on port 1 will not be available on port 2
b)Unicast traffic initiated on port 1 will be available on port 2
c)Broadcast traffic initiated on port 1 will be available on port 2 if a router is configured.
d)All of the above

Question -3

What additional device is required for communication between two PC’s on same VLAN

a)Router
b)Layer 3 switch
c)Default gateway
d)No additional device is required

Question -4

An IP address is required for TCP communication between two computers residing on the same VLAN.

a)True
b)False

Question -5

How many VLAN’s can be configured on a switch

a)4096
b)2048
c)Number of ports on the switch
d)Based on the switch design

Question -6

Which feature can be used to carry all VLAN traffic on one link from a switch to a router

a)Trunking
b)Pruning
c)LACP
d)None of the above

Question -7

Which of the following would be unavailable in a 802.1q tagged frame

a)Source mac-address
b)Destination mac-address
c)802.1q tag
d)None of the above

Question -8

PC1 and PC2 are connected to port 1 and port 2 of a switch. Port 1 and Port 2 are members of VLAN 1 and VLAN 2 respectively. A router is also configured, with VLAN 1 IP address as 192.168.1.1/24 and VLAN 2 IP address as 192.168.2.1/24 and connected to the switch with trunking enabled. What should be the default gateway on PC1 for it to access PC2.

a)192.168.2.1
b)192.168.1.1
c)A default gateway need not be explicitly configured since a router is available
d)Management IP address of vlan 1

ARP Interview Questions

1.What is the destination mac-address of an ARP request frame

Broadcast

2.Is ARP used on a PPP link

No

3.Does ARP contain an IP header

ARP is a layer 2 protocol. It does not use IP header.

4.What does a switch do when it receives an ARP request frame on one of its ports

It adds the source port to its mac-address-table and broadcasts the frame out to all ports.

5.Would an ARP request frame generated on a port which is member of VLAN 2, be received on a port which is a member of VLAN 3

ARP is a layer 2 broadcast. VLAN’s are used for segregating broadcast domains. So it would not be received.

6.Can an ARP packet cross IP networks

ARP is a layer 2 broadcast. It cannot traverse across IP networks.

7.If an ARP entry is available on the local cache of a computer, would an ARP request be triggered

No. The computer would first check its ARP entry before sending out an ARP request frame.

8.Explain how an ARP packet is triggered on a computer

Assume that a user on a computer pings another computer on the same network. For the ping packet to be sent to the other computer, it has to be encapsulated on an Ethernet frame. For constructing the frame, the mac-address of the destination is needed. The computer checks its ARP cache if the corresponding ARP entry for the destination computer is available. If not an ARP request is sent out.

9.Does a hub support ARP

If the hub works on mediums like Token Ring, Ethernet etc, then ARP would be supported.

10.3 switches SW1, SW2 and SW3 are interconnected and STP deployed on the switches. PC1 is on SW1 PC2 is on SW2 and PC3 is connected to SW3. All the PC’s are on the same network address of 192.168.1.0/24. PC1 triggers ARP to find the mac-address of PC3. Will the ARP packet reach the PC3

All the PC’s are on the same network address. The PC’s are on 3 switches which makes it one large Layer 2 broadcast domain. So an ARP request which is a layer 2 broadcast will be received on all the ports on all the switches and correspondingly the PC’s

How many addresses are defined in ARP?

In summary, ARP defines both hardware (MAC) and protocol (IP) addresses in its operations, and ARP packets use these addresses to map IP addresses to corresponding MAC addresses within a local network. 

Is an ARP message routable?

No, the messages do not contain an IP header

Describe the Ethernet addressing used in the standard ARP request. Are the source and destination addresses unicast, broadcast, or multicast?

The ARP request uses a unicast address for the source and a broadcast address for the destination 

Describe the Ethernet addressing used in the standard ARP reply. Are the source and destination addresses unicast, broadcast, or multicast?

The ARP reply uses a unicast address for the source and a unicast address for the destination 

What is a gratuitous ARP?

This term refers to a node sending out an ARP request for its own IP address in order to determine if another node is using the same address. 

What information is stored in an ARP table?

The ARP table contains a mapping between host MAC and IP addresses. It also shows whether each entry is static or dynamic 

Can we send standard ARP messages directly to computers that are not on our own network?

No, ARP is not routable 

Is ARP included in IPv6?

No. 

Is ARP a secure protocol?

No. False ARP messages can be created to fool ARP tables. Hosts then make incorrect forwarding decisions. ARP transmissions are also sent in the clear. 

What is the Ethertype hexadecimal value for an ARP message? 

0806 

1. What is ARP?

• Address Resolution Protocol maps an IP address (logical) to a MAC address (physical) in a local network.

• Example: 192.168.1.10 → 00:1A:2B:3C:4D:5E.

---

2. On which layer does ARP work?

• ARP operates between Layer 2 (Data Link) and Layer 3 (Network) of the OSI model.

---

3. How does ARP work?

1. A host needs the MAC for an IP (e.g., sending data in LAN).

2. It broadcasts an ARP Request: “Who has IP 192.168.1.10?”

3. The owner replies with an ARP Reply: “I am 192.168.1.10, my MAC is xx:xx:xx:xx:xx.”

4. The sender caches the result in its ARP table.

---

4. What are ARP request and ARP reply?

• ARP Request → Broadcast asking for the MAC of an IP.

• ARP Reply → Unicast response with the MAC address.

---

5. What is an ARP table?

• A cache maintained by devices that stores IP ↔ MAC mappings.

• Example:

  IP Address      MAC Address
  192.168.1.1     00:11:22:33:44:55
  

---

6. What are the types of ARP?

• Normal ARP – Standard request/reply.

• Gratuitous ARP – A host announces its own IP ↔ MAC (used for updating tables, duplicate IP detection, failover).

• Proxy ARP – A router replies on behalf of another host (used in some special network setups).

• Reverse ARP (RARP) – Used by a device to discover its IP when it only knows its MAC (mostly obsolete).

---

7. What is Gratuitous ARP? Why is it used?

• An ARP reply sent without a request.

• Used for:

  • Checking duplicate IPs.

  • Updating ARP tables after IP/MAC change.

  • Failover in high availability setups.

---

8. What is ARP spoofing/poisoning?

• A security attack where a malicious device sends fake ARP replies to associate its MAC with another host’s IP (e.g., the gateway).

• Allows MITM (Man-in-the-Middle) attacks, traffic interception.

---

9. How do you prevent ARP spoofing?

• Use Dynamic ARP Inspection (DAI) on switches.

• Use static ARP entries for critical systems.

• Implement port security / DHCP snooping.

• Use encrypted protocols (SSH, HTTPS) to protect data.

---

10. Does ARP exist in IPv6?

• No 

• IPv6 uses Neighbor Discovery Protocol (NDP) instead of ARP.

---

Quick Recap for Interviews:

• ARP = maps IP → MAC.

• Works on LAN (broadcasts).

• Types: Normal, Gratuitous, Proxy, RARP.

• Weak point: ARP spoofing.

• IPv6 replaces it with NDP.

1. What is ARP and what is its primary purpose?

ARP stands for Address Resolution Protocol. Its primary purpose is to resolve an IP address (Layer 3) to a physical MAC address (Layer 2) on a local network. This is essential for a device to be able to send data to another device on the same local network, as data-link layer communication requires a physical MAC address.

2. Why is ARP necessary?

ARP is necessary because different layers of the networking model use different addressing schemes. The IP address is used for routing and identifying devices on a network (Layer 3), but the data-link layer (Layer 2) uses MAC addresses to physically transport frames between devices on the same segment. A host needs to know the destination's MAC address to properly encapsulate an IP packet into an Ethernet frame.

3. Describe the ARP process. How does a device find a MAC address for a given IP address?

The ARP process involves two main steps: the ARP request and the ARP reply.

1. ARP Request: When a device (Device A) needs to send a packet to another device (Device B) on the same network but doesn't know Device B's MAC address, it sends an ARP request. This request is a broadcast message sent to all devices on the local network. The request contains the source IP and MAC address, and the target IP address.

2. ARP Reply: All devices on the network receive the broadcast. Device B recognizes that the target IP address in the request is its own. It then sends an ARP reply (or ARP response), which is a unicast message directly back to Device A. The reply contains Device B's MAC address.

Once Device A receives the ARP reply, it stores the IP-to-MAC mapping in its ARP cache for future use.

4. What is an ARP cache or ARP table?

The ARP cache (or ARP table) is a table that a host or a router maintains to store recent IP-to-MAC address mappings. When a device needs to send data, it first checks its ARP cache. If an entry for the destination IP exists, it uses the stored MAC address. This prevents the need for an ARP broadcast for every new packet, making communication more efficient.

The entries in the ARP cache are temporary and expire after a certain amount of time.

5. What is the difference between static and dynamic ARP entries?

• Dynamic ARP Entries: These are created automatically when a device learns a new IP-to-MAC mapping from an ARP reply. They have a timeout period and will be removed if not used within that time. This is the most common type of ARP entry.

• Static ARP Entries: These are manually configured by a network administrator. They are permanent and do not expire. Static entries are often used for security purposes or for critical servers to prevent spoofing attacks.

6. What is a "gratuitous ARP"?

A gratuitous ARP is an ARP reply that is not prompted by an ARP request. A device sends a gratuitous ARP to the broadcast address of the network to announce its own IP and MAC address. This is typically done for two main reasons:

1. To update the ARP caches of other devices on the network after a device's MAC address has changed (e.g., after a failover in a high-availability setup).

2. To detect duplicate IP addresses on the network. If another device responds to the gratuitous ARP, it means that IP address is already in use.

7. What is an ARP spoofing attack?

An ARP spoofing (or ARP poisoning) attack is a malicious technique where an attacker sends falsified ARP messages over a local network. This allows the attacker to associate their own MAC address with the IP address of another device, such as a router or another host. By doing so, all traffic intended for the legitimate device is redirected to the attacker's machine, allowing the attacker to intercept, view, or modify the data.

TCP IP Interview questions

1.Two users are accessing a Network application simultaneously. Which fields in the TCP/IP header would the server use to distinguish between the connections?

a. Source IP address in the IP header.
b. Destination IP address in the IP header.
c. Source port in the TCP header.
d. Destination port in the TCP header.

2. A web client opens two instances of a website using a browser. Which of the fields would be different for both the connections?

a. Source port number.
b. Destination port number.
c. Source IP address
d. Destination IP address.

3. Which of the following fields are used to identify if the packet has to be sent on the same or different network?

a. Destination port number.
b. Subnet Mask.
c. Destination network address.
d. Domain name of the destination.

4. A PC does not have DNS server IP address configured on its adapter. What would happen if the user pings a website on the PC?

a.Response would be received as ping uses ICMP.
b.Response would be received as ping does not use DNS.
c.Response would fail as DNS resolution would fail.
d.None of the above.

5. Which field is used in a TCP/IP header is used to identify the server application?

a.Source port number
b.Destination port number.
c.Socket number.
d.Socket port number.

6. When does data transfer commence in a TCP based communication?

a.After the TCP 3 way handshake
b.Before the TCP 3 way handshake
c.After the TCP 4 way handshake
d.None of the above.

7. When does the TCP 4 way handshake commence?

a.There is nothing like TCP 4 way handshake.
b.After the 3 way handshake
c.Before the 4 way handshake
d.After data transfer is completed.

8. Where is the source port number used in a TCP/IP header?

a.Inside transport layer headers like TCP or UDP
b.Inside IP layer header.
c.Inside application layer headers like FTP, HTTP etc.
d.None of the above.

Interview questions on switching

PC1 and PC2 are connected to port 1 and port 2 of an ethernet switch using cat 5e cables. How many mac-addresses would the switch have learnt before PC1 sends data to PC2

The switch would not have learnt any mac-address in its mac-address table. Switches learn mac-addresses only after receipt of frame on the respective ports. In the above scenario, PC 1 has not yet send data, which is ultimately transported using ethernet frames.

How long would a switch retain a mac-address in its mac-address table

Assume that a PC is connected to a switch port. When the PC sends a frame to the switch port, the source mac-address in the frame is learnt and added to the table. Switches have mac-age-time which are configurable as well as set with a default value. When there is inactivity from the PC (Data/frames are not send) for the mac-age-time value, the mac-address is removed.

Default mac age time in cisco switch is 300 sec ie 5 mins

What do switches do with the source and destination mac-address in a frame

Switches would check the source mac-address in the frame and verify if it is available in the mac-address table. If not, the source mac-address would be added to the table. Switches would check if the destination mac-address is available in the mac-address table. If not, the frame would be flooded to all ports on the switch.Once a response is received from the intended recipient, the corresponding port would be updated with the mac-address entry (destination mac-address). In this way switch populates the mac-address table.

What do switches do if the source and destination mac-address on a frame is the same

When the source and destination mac-address in the frame is the same, the switch would not add the entry to it’s mac-address table or send it to the required destination.The frame will be filtered by the switch and discarded.

How do hubs handle unicast and broadcast frames

Hubs work at Layer 1 of the OSI model. They do not understand frames. Irrespective of the type of the frame, unicast or broadcast, the signal carrying the frame would be send to all ports on the hub.

What is the difference between manageable and unmanageable switches

Manageable switches have the capacity to be managed through Web interface, console, telnet, etc. This is possible because they contain an operating system which an unmanageable switch does not have.

How are broadcast and unicast frames differentiated by switches

Broadcast frames are identified by the value in the destination mac-address of the frame as FF-FF-FF-FF-FF-FF .Unicast frames contains the specific value of the mac-address of the intended recipient.

What are the changes that would be applied on the mac-address table of a switch if a PC which is connected to port 1 is disconnected and connected back to port 2.

When the PC is disconnected, from switch port1, the mac-address entry for the PC would be removed from the table since the link is broken. When it is connected back to switch port 2, the mac-address table would still not have the entry since there has been not data which is initiated yet from the PC.

Does switches use CSMA/CD

CSMA/CD is the protocol which is used by hubs. It is not used by switches

Can a hub be connected to a switch

A hub can be connected to a switch

Can a switch have an operating system

Yes, switches which have operating system are termed as manageable switch. Switches which does not have an operating system, are unmanageable switch

A PC has two network cards. How many mac-addresses would it have

Every network card has a unique mac-address. So a PC with two network cards would have two mac-addresses

Can two devices on same network can have the same mac-address.

It is not possible. Every device has a different network card. Each network card has a unique mac-address.

Can a mac-address value be edited

Certain network cards provide the provision to edit the mac-address.

What is size of a mac-address

The size of mac-address is 48 bits.

On a computer, which hardware component has the mac-address.

The network card has the mac-address

PC1 wishes to communicate with PC2. PC1 is aware of the IP address of PC2. Would the mac-address of PC2 be required, for data communication between PC1 and PC2 or would the knowledge of IP address suffice
The IP address information of the peer would be sufficient from a users perspective. But for data to be sent on the physical network, computers need to be aware of the mac-address of the device with which it needs to communicate.

Can an unmanageable switch be configured with an IP address

An unmanageable switch does not have an operating system, which is required for configuring an IP address.

What is a trunk port used for

A trunk port is used for carrying traffic from different VLANS. Take an example of two switches connected using a cable on two ports. VLAN 2 and VLAN 3 are configured on both the switches. For VLAN communication to be succesful between the switches, the ports should be configured as trunk ports.

What is the impact of an Ethernet frame in a cut-through and store and forward switching

Preamble and SFD are checked when a frame arrives on a switch port. This is for clock synchronization and the SFD informs the switch port the beginning of a new frame. The next field is the destination mac-address. In cut-through switching as soon as the Destination mac-address is read, the frame is forwarded to the intended destination port. In store and forward switching, the entire frame is copied to the buffer, the CRC value of the frame calculated and then the frame is forwarded to the intended destination port. The destination would also calculate the CRC value of the frame.

Interview questions on STP

What is the Spanning Tree Protocol used for

Spanning tree protocol is used to prevent looping of frames. Unlike IP, which has a TTL value field in the packet which is decremented every time the packet passes through a router and is dropped once the value reaches 0, the frame does not have any similar field. So if a scenario arises where a frame is looping in a switched environment, the frame would not automatically time out. The spanning tree protocol is used for preventing the looping.

Can STP be configured on a router

STP can be configured only on switches and not on routers. STP is used to prevent frame looping

Is STP required to be configured when there is only one switch involved.

It is not required. STP is used to shutdown redundant links between switches to prevent loops.

Is a generic ethernet frame modified when STP is configured on the network

STP is a protocol. It has it’s own frame when configured. So it would not affect a generic ethernet frame on the network.

How many designated ports can be available on a root bridge

All ports on a root bridge is designated ports.

How many root bridges can be available on a STP configured network

1

If the priority value of the two switches are same, which switch would be elected as the root bridge

The switch with the lowest mac-address value would be elected as the root bridge

Interview questions on routing

Can routers check ethernet frames

Routers look for information inside the IP packet header for routing the packets. But the packets itself would be encapsulated inside frames like ethernet, PPP etc. For example, if the IP packet is encapsulated inside an ethernet frame, the router would first need to check the destination mac-address inside the frame and verify if it is intended for itself and only then be able to process the IP packet header, which would be the data inside the packet.

How do routers populate routing entry for a directly connected network
A directly connected network refers to the network address corresponding to the IP address and subnet mask configured on the specific network interface card on the router. The IP address and subnet mask would be “And” ed to derive the network address.

How do routers forward IP packets

When a router receives an IP packet, it would check the destination IP address in the packet. The router would then performing an “And “ operation with the subnet mask of the different route table entries with the destination IP address and verify if the corresponding network address in the routing table matches. On a match, the packet would be forwarded to the interface to which it the route entry is associated with.

What are the parameters that are provided in a static route

A static entry would typically contain the network address, network mask and the default gateway. Let’s table an example where a router has two directly connected networks. The hosts within the router, needs to access a network which is not a directly connected network. The network is one hop away from the router and is reachable via the default gateway of the router. So the network address value would be the one which the hosts would want to reach via the router. This network address along with the network mask and the gateway address through which the network can be reached is configured as a static route.

How does a PC know as to whether the destination IP address is on the same or different network

Assume that a PC is configured with an IP address 192.168.2.1 and subnet mask 255.255.255.0. If the user on the PC issues a ping to the IP address 192.168.1.1, the PC would check in its routing table for matching network address and decide if it is on the same or different network.

An ADSL router is configured for internet connection. A switch is connected to the router to which the hosts are connected. What type of route entry should be configured on the router for the hosts to access the internet

A default route entry should be configured on the router. IP addresses which are internet based, cannot be configured explicitly on the routers since they would not be known beforehand. Examples are IP addresses of websites which the user tries to access. The default route once configured would take care of destination networks which the router is unaware

In which type of addressing (class full or classless) is the subnet mask information carried in the IP header.

Whatever the type of addressing, the subnet mask is never carried in an IP header

What is the difference between class full and classless addressing

In classful addressing, based on the first octet value of the IP address, the class of the network (A,B,C) is decided. In classless addressing, the octet value is not considered. Rather, the subnet mask is used to derive the network address.

What type of IP address (Private or Public ) is used when a computer is connected to the internet directly

Public IP address

On which hardware component on a computer is the IP address configured

The IP address is configured on the network card.

Does a computer have routing tables

A computer has routing table. The routing table is populated by the operating system, once the IP address, subnet mask and default gateway is configured. On a windows PC, the routing table can be viewed by typing the command ‘route print’ on the command prompt.

A default route (0.0.0.0) would be populated when the default gateway is configured.

The default route is required to route packets to unknown networks , like packets bounded for internet.

How many default route entries would be available in the routing table of a PC with two gateways

Every default gateway would correspond with a default route. So two default entries would be available on the routing table of a PC with two gateways

Interview questions on RIP

What is the destination IP address of a Rip v1 packet

Rip v1 is a broadcast packet. The destination IP address of a Rip v1 packet is 255.255.255.255

What is the main difference in RIP v1 and v2 packet

RIP v1 does not include the subnet mask information inside the packet. It does not support classless addressing. RIP v2 includes the subnet mask information inside the packet. For example, assume that the subnetted network 192.168.1.64/26 is configured on a RIP enabled router. If RIP v1 is configured, the route would be advertised as 192.168.1.0 ( It would take the default subnet mask of /24 and not /26). If RIP v2 is configured, the subnet mask information (/26) would also be advertised in the route.

If a Rip v2 router advertise it’s route, would it be received by all the devices on the network

Rip v2 is multicast. So the route advertisement would be received only by devices which has Rip v2 enabled. If the advertisement was Rip v1, then it would be received by all devices on the network as Rip v1 is broadcast.

How can a Rip route advertisement be blocked on a specific interface

By using the passive-interface command.

Which transport layer protocol does RIP use and the associated port number

UDP – Port 520

If a static route and a Rip learnt route is available on a router which entry would be chosen by the router to forward the packet

Static route would be chosen since it has lower administrative distance than Rip

What is the major benefit of dynamic routing protocol like RIP over Static route

In a static route, the route entries has to be manually configured on the router. Whereas in a dynamic routing protocol like Rip, routes are learnt automatically.

Can a subnet mask information be stored in a Rip v1 packet

Rip v1 is a classful routing protocol. It does not understand classless concepts like Subnets. So it is not possible

Is a subnet mask field available in a Rip v2 packet

Rip v2 is classless routing protocol. A rip v2 packet has a field to include the subnet mask information.

What is the administrative distance of Ripip

120

What is the multicast address that Rip v2 uses

224.0.0.9