PROFESSIONAL SUMMARY:

• Experienced Network engineer with around 4 years of experience in switching, routing, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Developed Local Area Network (LAN), IP/DMVPN Wide Area Network (WAN), Data Center Network (DCN) communication solutions that are aligned with IT department and business strategies.
• Create Method Of Procedures (MOP) for the ASR, ISR and Catalyst upgrades.
• Extensive hands - on experience with complex routed LAN and WAN networks.
• Expertise knowledge and hands on experience on routing protocols like Confidential, OSPF and BGP.
• Configured first hop redundancy protocols (FHRP) like HSRP in both version 1 & 2.
• Installed and Configured Cisco devices like cisco catalyst 2960, 3560, 3850, 4500, 4900, 6500, 6800.
• Hands-on expertise with ISR routers like 2900, 3800, 4331, 4451 and ASR routers like 901, 903, 920, 1001-X.
• Experience with design and deployment of DMVPN, MPLS Layer 3 VPN, MPLS Traffic Engineering, MPLS QOS, s ecuring and managing remote access using VPN technologies like IPSec , GRE.
• Worked on stateful firewalls (ASA, Zone based Firewall) , ACL (Standard and Extended), NAT, PAT and exposure to Checkpoint firewall Gaia R77.10, R77.30 & R80 and Palo Alto firewalls.
• Good understanding and hands on experience configuring AAA-authentication, authorization& accounting and ISE configuring IP Access Control Lists, Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Detailed understanding of layer 2 protocols like VTP, STP, PVST, RSTP and Port Security, Ether channel. Very good understanding of internet protocols like IPv4 and IPv6.
• Exposure to Load balancer using BIG-IP (F5) , LTM and GTM and APM and ASM.
• Decent knowledge in configuring and troubleshooting Wireless Networks: Cisco Prime infrastructure, WLC, WCS, Standalone, LWAPP, Wireless Security, IEEE 802.11 a/b/g/n/ac, RF spectrum characteristics.
• Performed Network analysis with packet capturing tools Sniffers , Wire shark etc.
• Knowledge on VOIP devices like IP Phones and working knowledge of SIP protocol.
• Implement and maintain network monitoring systems and experienced in developing network design documentation and presentations using MS VISIO.
• Good knowledge and experience in Installation, Configuration and Administration of HTTP, SNMP, FTP, DNS, DHCP, TFTP,TDM, DWDM, SONET, Ethernet, ATM under various LAN and WAN environments.
• Proficient with TCP/IP and relative OSI model, Troubleshoot issues using tools like TELNET, SSH, PING, CDP and ARP . Excellent team player with good communication and leadership skills, Capable of Problem solving, Time management and Decision making skills with the ability to set priorities and come up with results.

TECHNICAL SKILLS:

Routing: RIP, Confidential, OSPF, BGP, Route Filtering, Route Redistribution, Summarization, and Static Routing, FHRP, HSRP

Switching: VLANs, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging, Port Security, VSS, VPC and VDC, VPC+, APIC, VXLAN

2900, 3800, 4321,4451, ASR: 901, ASR-903, ASR1000, ASR9000

Switches: Cisco Catalyst 6500, 4500, 3850, 3750, 3560, 2960, Nexus 9000,7000, 5000,2000

WAN Technologies: HDLC, PPP, MPLS, DMVPN

Network Management: Wire shark, SNMP, Ethereal, Solar winds, Cisco NAC, ISE, Cisco Meraki, Cisco works

Virtualization: vMotion, ESXi hosts, VSphere, Vcenter

Load Balancer: F5

Operating Systems: MS Windows XP/Vista/Windows 7/8/10, Server Linux

Applications: Cisco Prime and MS Visio.

PROFESSIONAL EXPERIENCE:

Confidential, Stamford, CT

Network Engineer

Responsibilities:

• Configured Confidential on different router series and troubleshooting the issues with protocol in case of any misconfiguration like variance to increase the convergence speed.
• Experience in configuring IBGP and EBGP and had knowledge in understanding neighborship requirements and neighbor states, Had in-depth knowledge on the BGP path attributes like Weight, Local preference, Origin code, AS path and MED.
• Spearheaded meetings & discussions with team members regarding network optimization and regarding BGP issues. If needed, we advertise those networks in BGP with our ISP. We make sure that routes are protected via VRFs. We make use of route maps for manipulating the paths to our ISP and that also helps to load balance traffic to both ISPs
• Involved in troubleshooting of link flaps, failure to form neighborship with adjacent.
• We peer into our ISP core router with an AT&T service provider router (ASR 1001-X) advertising all our necessary routes to it and getting a default route from our ISP to our core router for entire global Internet.
• Responsible for designing and maintaining Confidential, BGP and Wan Protocols for Network Infrastructure. Also made sure that WAN utilization is optimized by using features like steelhead and riverbed technology.
• Designed dual DMVPN cloud deployment utilizing new OC-3 circuits, Administered and implemented Cisco routers in Cisco IWAN environment creating DMVPN tunnels connecting over 150 sites.
• Worked on configuring Ether channels and troubleshooting using misconfiguration guard if the remote end of ether channel is misconfigured.
• Successfully upgraded Cat 6509-E from Sup2t to Sup 6T-XL with Quad-VSS on it.
• Configured and upgraded networking devices, including switches and routers, with the help of python scripting.
• Configured STP for switching loop prevention and VLANs for data and voice along with configuring port security for users connecting to the switches (RSTP, PVST+).
• Performed IOS upgrade according to the recommendation by the Cisco TAC, Hosted multi-tenant any connect/SSL VPN implementation.
• Configuring user's roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE.
• Implemented VPN security posture assessment for high profile users integrating Cisco Any Connect VPN and Cisco ISE.
• Develop and implement Cisco ISE solution to replace aging TACACS+ authentication servers.
• Created a new solution including new construction and installation of a full mesh, wireless and wired network with a full ISE installation, Identifying endpoints missing from ISE and determine reason for omission and we upgraded from version 1.3 to 2.1.
• Configured Cisco wireless controllers and access points for enterprise network, including setting up SSIDs and WLANs on WLC’s like 5508 and 5760, Wireless maintenance and troubleshooting to include LWAPP and IOS-based access points Cisco Prime to manage wireless controllers.
• Assist and troubleshoot Cisco Meraki solutions remotely including 802.11a/b/g/n/ac Wireless networks, Stateful firewall, VLAN to VLAN routing, Link bonding / failover, 3G / 4G failover, Traffic shaping / prioritization, WAN
• Cable pulling of cat 5e and terminations, punch down ladder rack installs, Rack installation, router, cisco, verigent dvr, ip camera provisioning.
• Worked on installing the IDF and MDF in our work environment.
• Monitored and troubleshot all routing, VPN and security issues with Solar winds. Installed and configured Solar winds Orion for company WAN/LAN.
• Constantly monitored Solar winds NPM activity to ensure optimum uptime and performance in a proactive manner
• Installation, Configuration and Administration of Solar Winds Orion Product suite.
• Resolve communication issues between network nodes and Solar winds Orion poolers via net flow and SNMP configurations. Set up Solar winds dependencies for alert suppression of downstream nodes in case of site outage.
• Performed security operations by adding rules in firewalls and pushing firewall policy as per the incidents and rule requests from users.
• Have experience in configuring the Identity Awareness (IA) cluster, which is a new feature from checkpoint for granting access to end users not only based on IP addresses but also using the AD groups that they are in which will be in sync with DC’s .
• Tuned policies on IPS to make changes accordingly on the vulnerabilities and change to detect, prevent modes as required, Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices.
• Configuring VPN, clustering and ISP redundancy in Checkpoint firewall.
• Conducted security policy/rule review to identify and remove rules that are not needed to reduce checkpoint firewall policy lookup.
• Utilize the F5 ASM-Application Security Manager tool to improve protection/security against hacking attacks and/or misuse of data.
• Provide advanced configuration/policy creation assistance with F5 ASM tool.
• Troubleshoot the F5 ASM with the application team and security policy team in order to determine which traffic to allow and which to configure to block.

Confidential, Bloomington, IL

Network Engineer

Responsibilities:

• Worked on the stub areas in OSPF and also implemented virtual links if needed, testing authentication in OSPF, OSPF is used as the IGP and LDP is used for label propagation
• Implement OSPF routing with multiple areas for networks between sites. Implement totally stubby areas to lower the system resource utilization of routing devices to the network. Implement NSSA area to allow injection of external routes into the area and propagation into the OSPF domain.
• BGP is used for distributing routes over the backbone, Configuring BGP features like VRF, as-override etc., Expertise in creating Access control lists for layer-3 security and providing first hop redundancy using protocols like HSRP
• Mutual redistribution of OSPF and BGP routes using route maps. Explored using LISP for optimized ingress routing by creating map servers for host to site resolution and mapping
• Worked on multi-stage project plan to remove BGP from LAN, and replace with OSPF, in phase one, and in phase two with design and implementation of MPLS with OSPF OTP across the OIG WAN, thus removing BGP from all OIG edge routers, and securing all communications between offices with encryption
• Advanced and complex IPv4 and IPv6 unicast routing designs (OSPF) in multi-VRF environments in production MPLS network
• Convert Branch WAN links from point to point circuits to MPLS and encryption from IPSec/GRE to Get VPN, Configured IPSec VPN access for client to site remote access
• Conversions to BGP WAN routing, which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links
• Implementation and troubleshooting of complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST, protected switch ports using security features like BPDU guards/Filters, loop guard, port security
• Performed VSS on cisco catalyst 6500 series switches.
• Upgrade IOS on new switch install, install provided configuration on new network equipment install and asset tracking.
• Test and turn-up new Sonet ring.
• Highly proficient in testing, troubleshooting circuits at the DS1, DS3, OC3, OC12, OC48, OC192, DWDM, and Ethernet circuits.
• Configured UDLD, LLDP, TACACS, VLANS on HP 2920, Experience in configuring static and dynamic LACP trunks, hands on experience in troubleshooting link flaps, VLANS, SNMP etc. Providing input on day-to-day security architecture policies and procedures.
• Extensively worked on BMC Remedy for creating the Change Requests (CRQ's), Work Orders, Incident Management
• Monitoring servers (Solar winds Orion Network Performance Monitor) Network Performance Management System Solar winds Orion (NPM) Network Configuration Manager System Solar winds Orion (NCM).
• Experience in consolidating sites and planning network backup security and redundancy network. And worked on IPS/IDS support and endpoint security support. URL Filtering and IP address filtering with help of Cisco ASA firewall
• Configure and install MacAfee IPS sensors, and Cisco ASA 5500-X with Firepower Appliances.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 with ACL, NAT, Object Groups, Failover, Multi-Contexts.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Manage multi-context Cisco ASA configurations.

Confidential

Network Engineer

Responsibilities:

• Responsible for Installation, configuration and maintenance of Cisco 7200, 3900, 2800, 2600, 2500 and 1800 series Router/Cisco Catalyst Cisco 6500, 4500, 3750, 2950 series Switches.
• Designed and deployed extensible IP address plans to support a multi-vendor DWDM network deployed in a service delivery model.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure.
• Worked on Cisco routers 2950, 2600 and Cisco switches 4500, 2900.
• Experienced in Clarity Configuration Manager for modeling the end-to-end enterprise network of a service provider and help facilitate the maintenance of complex telecom network configurations, network inventory, capacity and fault management.
• Configure Cisco Routers/L3 Switches for Confidential using route redistribution, filtering and securing the network routes using encryption and authentication.
• Configured VLANs, Private VLANs, VTP, dot1Q Trunking, and VTP-pruning, STP like RSTP and PVST on switches. Implementing Security features like BPDU guards/Filters, loop guard, port security.
• Maintenance and Troubleshooting of connectivity problems using Ping, Trace route.
• Implement, build, Support and Maintain Cisco partners training labs based on various Routing/Switching/Data Center architectures using Cisco and VMware Virtualized Infrastructure.
• Created pools for the nodes and assigned Virtual IP’s to those pools on F5 load balancer.
• Implemented least connections algorithm for the LTM , GTM and also defined the persistence.
• Experience in implementing Client SSL and Server SSL for the authentication.