SUMMARY:

• IT professional with over 15 years of proven experience in design, engineering, configuration, implementation, troubleshooting, network monitoring and management, project/change management, analysis, 2nd/3rd tier escalation support for various network technologies from medium to global enterprise environments which includes proficiency in routing/switching protocols & technologies, security (firewalls, IPS/IDS, VPN), voice (VoIP), wireless, multicast, messaging systems and enterprise applications.
• Configured trunk and access ports, and implemented granular control of VLANs and VXLANs using NX - OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than with previous generation of switches.
• Integrated a virtual version of Nexus: Nexus1000v virtual supervisor module (VSM) into the VMware vSphere 5.5 platform to extend Nexus features directly adjacent to virtual machines (VMs) so that they benefit from Cisco switching capabilities and network topology consistency ensuring VMs maintain their subnet/VLAN relationships during failover.
• Configured port-profiles as part of the NX-OS command structure that were dynamically made available to the virtual ethernet modules (VEMs) controlled by the VSM and applied to multiple virtual and physical interfaces via a single command that reduces administrative error and allows for better configuration readability.
• Configured secure privileged administrative access to the Cisco IOS system. Enabled the encryption of system passwords to prevent unauthorized users access to passwords in the system configuration.
• Configured secure access to the console and vty ports, and set the interval that the EXEC command interpreter waits until user input is detected on the Console and vty ports. Also, configured the console and vty ports log messaging to not interfere with active device configuration.
• Configured and administered VLAN Trucking Protocol (VTP) to reduce administrative overhead. Enabled secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused ports on the switches following Layer 2 security best practices.
• Administered Local VLANs based on department function, and configured ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trucking using Pap for layer 2 forwarding. Utilized VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches. Configured edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays. Modified spanning-tree parameters for manual root bridge assignment. Implemented ether-channels between each switch using Pap for negotiation. Modified ether-channel load balancing method.
• Integrated WAN links between sites using frame-relay point-to-point and multipoint connections to establish connectivity between each of the four sites as required. Established two frame-relay point-to-point connections between a central site and two remote sites. Configured multipoint connections between three of the sites forming a full-mesh.
• Configured EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain. Integrated manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table.
• Configured and administered OSPF routing with multiple areas for networks between sites. Implemented OSPF MD5 Authentication between each OSPF enabled subnet to prevent unauthorized insertion of routes into the domain.
• Configured and administered MPLS VPN for a tier II service provider core/backbone to connect customer sites. Configured routers in the provider core to authenticate via LDP MD5 and provide protection against spoofed TCP segments that could be introduced into the connection streams for LDP sessions.
• Integrated static NAT/PAT to provide access to services located on a server in the private network to the public network. Implemented standard and extended access-lists to filter network traffic.
• Configured backup and recovery of Cisco IOS Images. Performed password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-config file for disaster recovery.
• Designed and implemented hierarchical NTP in a symmetric active mode with authoritative time sources and servers, time zones, and prevented accidental or malicious setting of incorrect time using both the encrypted authentication mechanism and a time-based access restriction scheme.
• Configured HSRP and GLBP and load-shared traffic on the 3640 routers in the core. Implemented the more secure MD5 authentication to prevent unexpected devices from spoofing or participating in the FHRP groups. Configured interface tracking along with preemption to monitor and respectively alter the priority of the routers.
• Configured a Cisco 2500 series router with async ports as an access server, set up a management network utilizing a computer, access server and switch, which in turn was used to configure IP addressing, VLANs, access ports, trunk ports, STP, dynamic and default routing in a multi-vendor environment consisting of Juniper, Cisco and HP devices.
• Configured and administered an IPsec Site-to-Site VPN between the Cisco ASA5505 SSL/IPsec VPN Edition at small office location and Cisco 1841 ISR (with a security IOS image) at the main office. Implementation of the VPN includes the following configurations: Internet Key Exchange Policy using DES and SHA for encryption and authentication; access-lists to define VPN traffic; transform set using esp-des esp-sha-hmacto define how the traffic is protected; crypto-map to associate the previously configured elements to a peer; application of the crypto map to appropriate interface or VPN endpoint.
• Configured and administered Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components: three zones (DMZ, PUBLIC, INTERNAL); class-maps specifying traffic that must have policy applied as it crosses a zone-pair; policy maps to apply action to the class-maps’ traffic; application of policy to zone pairs.
• Analysed and deployed DMVPN using Phase 1 Hub-Spoke NHRP over mGRE/GRE tunnels as well as Phase 3 NHRP, along with IPsec encrypted tunnels using IKEv1 and IKEv2. Evaluated and implemented FlexVPN using the required IPsec and IKEv2, including migration from previous Phase 3 DMVPN deployment on later generation x9 series routers and universal IOS with required feature licenses.
• Determined requirements, configured and deployed a pair of high availability F5 BIG-IP devices using LTM via a GUI and CLI to provide a virtual web server utilizing round-robin selection to balance and control traffic on several web servers, and secured F5 BIG-IP functionality through a HA pair of ASA 5510 firewalls utilizing proper filtering and failover.
• Implemented and tuned management capabilities and basic security features related to PA-2020 security appliance using PAN-OS 6 including SSH and WebGUI access, custom rules, virtual-wire and routed interfaces, trust/untrust and DMZ zones along with logging and auditing.
• Recommended and deployed, on many network devices, SNMPv3/Syslog/NetFlow to track status, usage, changes and traffic patterns for better analysis and decision making.
• Deployed AAA solutions using RADIUS for centralized authentication and authorization. TACACS+ was also deployed when preferred by the client. 802.1 x port-based authentications were typically utilized to restrict VLAN access when AAA was implemented.
• Deployed high availability ASA 5500 series firewalls using modular policy framework to manage multilayer service policies, including inspection and connection limits, HTTP download, and anti-virus filtering. IPS features including IPLog, targeted traffic filtering as well as advanced TCP intercept and scanning threat detection were commonly deployed as needed.
• Configures ISAKMP/IKE, IPsec, and a site-to-site VPN on JunOS and Cisco devices between the branch and regional office, configured dynamic source network access translation on the Juniper and Cisco routers, set up chassis clustering and IDS screens on the Juniper firewalls, allowed protocols and services through the zone-based firewall on JunOS devices along with configuring zone-based firewalls on the Cisco devices.
• Performed password recovery on Cisco ASA 5505, and then restored it to the factory default setting.
• Performed password recovery, cleared the configuration and set up base configurations on the Juniper SRX210 firewalls.
• Configured Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE) installed, Cisco Communications Manager Express, a standard Cisco 3550 Switch, and a Cisco 3550 switch with Power-over-Ethernet. Created and managed Data and Voice VLANs, and configured ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding. Configured edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.
• Configured Fast Ethernet main and sub-interface assignments as required for inter-vlan routing. Implemented static routes for local connectivity. Configured NTP server, DHCP server, and TFTP server for support of the VoIP network. Modification of system level parameters including max phones, max directory numbers, display format for date and time, and setting the Time-Zone.
• Integrated Unity Voicemail on the Cisco Unity Express Network Module. Configured a dial-peer on the Cisco 2811 ISR to define the attributes of the packet voice network connection to the Cisco Unity Express Network Module. Enabled call forwarding on busy or no answer. Implemented Message Waiting Indicators and Voicemail access via SMTP. Daisy-chain PCs to VoIP phones to reduce network cabling costs. Utilized PoE ports for VoIP phones to reduce power infrastructure costs.
• Upgraded the ASR 9912 and 9006 aggregation service routers from IOS-XR release 4.2.3 to 4.3.0, and used the cluster in network virtualization (nV) as the edge/aggregation node with the ASR 903 as the pre-agg router and the ASR 901 as the cell site router, supporting both Ethernet and E1/T1 ports. The labour saving features include: single virtual entity management; one-click software upgrades; integrated analytics offering traffic generation and reporting capabilities to reduce network care work without using an external platform.
• Segmented virtual machine (VM) networks spanning multiple virtual Ethernet modules (VEMs) and maintained connectivity between them using the following configurations: Enabled the VXLAN feature on the Cisco Nexus 1000v virtual supervisor machine (VSM), configured a port-profile for the VXLAN tunnel endpoints (VTEPs), created a VTEP VMkernel virtual interface on the VMware ESXi hosts to implement the encapsulation from the VTEP port-profile, configured the VXLANs, configured port-profiles for the VXLANs, changed the network connections for the VMs to use the correct VXLANs, and inspected the configurations on the Nexus 1000v VSM.
• Successfully recovered the Cisco Nexus 5020 switches from a forgotten password and cleared the startup configurations, implemented VSS on the Cisco 6509 switches to provide high availability and Multichassis EtherChannel (MEC) connectivity, setup a port-channel to the Nexus 2148 Fabric Extenders (FEX) to allow zero-touch provisioning and automatic configuration, and configured a virtual PortChannel (vPC) on the Cisco Nexus 5020 switches for Layer 2 and Layer 3 connectivity.
• Solution engineered two Cisco Nexus C9508 spines, two Cisco Nexus 9396PX leaves, two VMware ESXi 5.1.0 servers, a standalone bare metal server, and a Cisco ASA 5510 into the existing infrastructure using the following configurations: Setup the DMZ, vMotion, Internal and External VLANs, trunking and IP addressing on the leaf switches; Enabled PIM-SM in the transport network and EIGRP in the control plane for optimal routing of traffic and equal-cost multipathing (ECMP) in the fabric between the leaf and spine switches; Setup a vPC for server NIC teaming between the leaves; Enabled VXLAN overlays on the leaf switches to provide Layer 2 reachability over the underlying Layer 3 infrastructure; Setup secured subinterfaces on the Cisco ASA firewall appliance as default gateways for the DMZ, Internal and External VLAN web servers; Installed the Cisco Prime Data Center Network Manager (DCNM) tool to allow centralized management of all Cisco Nexus 9k switches and Cisco UCS C-Series servers.
• Integrated two data centers using the Cisco overlay transport virtualization (OTV) feature that included the following configurations: Two Cisco Nexus 7706 switches and two ASR 1013 routers as the aggregation devices in the respective data centers; Two Cisco Nexus 7009 switches and two ASR 1006 routers as the OTV devices in the respective data centers; Configured Internal Interfaces using F2e line cards to learn MAC address of the site and forward Layer 2 traffic across the sites for the VLANs that needed to be extended to remote data center locations; Configured Join Interfaces using M2 modules, as a PortChannel, to provide redundancy, source OTV encapsulated traffic and perform IP-based virtualization to send and receive overlay traffic between the sites and also advertise the reachability of MAC addresses present in the site; Configured OSPF as the control protocol to provide Layer 3 connectivity and fast convergence both within and between the two data centers; Enabled a vPC between the OTV VDCs and the aggregation VDCs in a dual-homed scenario to provide an extra layer of resiliency and bidirectional connectivity; Created site VLANs to allow OTV edge devices within each site talk to each other and determine the authoritative edge device (AED); Enabled site identifiers to harden multihoming of OTV edge devices within each site; Configured and associated the Overlay Interface on the OTV edge device with the Join Interface to provide connectivity to the physical transport network to send and receive Layer 2 frames encapsulated in IP packets; Extended the data VLANs and the OTV site VLANs; Filtered FHRP messages across the overlay to allow the extended VLANs to use their local HSRP gateway so as to optimize and localize the routing of outbound traffic flows.
• Configured routing policies and service profiles for separate levels in an organizational hierarchy using a Cisco Prime Network Services Controller version 3.2 (2a) virtual machine. These policies and profiles were applied to Cisco Cloud Service Router 1000v (CSR 1000v) version 15.4 (1)S virtual routers.
• Configured a CSR 1000v router using the Cisco IOS-XE version 03.11.00.S CLI.
• Administered a wireless network infrastructure providing access to wired LANs to increase mobility and productivity utilizing the following network elements: Cisco Wireless LAN Controller (WLC) 2106, a Cisco 3550 switch, a Cisco 1130AG series Access Point, and a Cisco 1120G series Access Point. Created wireless LANs and configured interface association, security parameters, and radios used. Utilized the Wireless LAN Controllers web GUI to configure and manage the wireless network. Configured internal DHCP scopes for WLANs.
• Prepared configuration for AP registration on the same subnet as management VLAN and for AP registration on different subnet. Implemented option 43 for DHCP where necessary. Configured AAA AP policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate. Implemented AP Grouping to ensure WLAN SSIDs are only broadcast by the APs desired.
• Used the Cisco Configuration Professional GUI to configure interfaces, passwords, hostnames, DHCP, EIGRP, and SNMP on a Cisco router. Used the CCP monitoring tool to monitor traffic from that router.
• Configured the Nagios XI monitoring tool to monitor routers and switches and customized its dashboard.
• Configured SolarWinds Orion NPM and used it to monitor traffic on a network.
• Configured the Cacti tool to graph traffic from a router and to generate alerts based on a threshold traffic level.
• Used the Wireshark tool to study HTTP, telnet, and SSL traffic.
• Used PRTG Network Monitor to support SNMP, sFlow/NetFlow and Syslog protocols in collecting various statistics from machines, software and devices, and plan for network expansion.
• Used NetBrain to automate the drawing of network diagrams.

TECHNICAL SKILLS DETAIL:

Routing/Switching Products: Cisco Routers (7600/4000/3900/2900/2800/1900/800 ISR, ASR 1k & 9k Series, CRS - 1/CRS-3, GSR), Cisco Catalyst Switch (6500, 5500, 4900, 4500, 3750, 3560-X, 3100), Cisco Nexus 1kv, 2k, 5k, 7k & 9k Series, Juniper Routers & Switches, HP Routers & Switches, Alcatel/Lucent Routers & Switches (OA 5800/5700 ESR, 7750/7705/7450 SR, OS10k/9000 Series/6900/6860/e).

Routing/Switching Protocols & Standards: IPv4/v6, Spanning Tree, CDP, Access/Prefix/Distribution/Offset lists, NAT/PAT, Route-maps, RIPv1/v2/ng, OSPFv2/v3, MOSPF, EIGRP/v6, BGP/MBGP, IS-IS, MPLS, ARP, NHRP, Static/Stub Routing, VLAN/VTP, MVRP, PIM-SM/DM, MSDP, FHRPs (HSRP/VRRP/GLBP), CEF, VSS, WAN Technologies - Frame Relay, PPP, Satellite links, T1, T3, E1, E3, OC-3, OC-12, OC-48, OC-192, DS3.

Security/Firewalls Technologies: Cisco Security Manager Suite, Cisco ASA 5500 series firewalls, Cisco FWSM, Cisco IPS/IDS, Cisco ACS, Fortinet, Checkpoint, Advanced Firewall Manager (AFM), BlueCoat /policy, Sonic Wall Router/Firewall combos, Cisco ASA 1000v, Cisco PIX firewall, Palo Alto, cloud firewall, Juniper vSRX/SRX/NetScreen series, Protocols & Standards - IEEE 802.1x, AAA, TACACS+, RADIUS, SSH, SSL/IPsec L2/L3 VPNs, DMVPN, VPLS, FlexVPN, Data Loss Prevention, Data Management Zone, Pretty Good Protection (PGP), Public Key Infrastructure (PKI), Internet Key Exchange Policy, Port Security, MAC Address Filtering.

Data Center Technologies: VMware vSphere, vCenter Server Appliance, VMware ESXi Hypervisor, VMware NSX, F5 BIG-IP/Cisco ACE Load Balancers, Cisco AnyConnect VPN management, Riverbed WAN Optimization, Meraki cloud based, FCoE, SAN, LACP/PAgP, PortChannels/EtherChannels, ECMP, Cisco OTV/VXLAN, vPC, Routing and Service Profiles, VDC, Cisco Prime, Cisco UCS, NAS/iSCSI, RDX, DB, UDLD, DWDM, Sire Recovery Manager (SRM), Radware ADC-VX, NetApp FlexCache, OpenStack, CloudStack.

Voice/Wireless Technologies: Cisco WLC, Aironet, Bluetooth, Unity/Connection/Express, GroupWise 4.1/5.5, Microsoft Exchange, IP-to-IP Gateway, Avaya AURA Communication Manager, Cisco Voice Gateways/Gatekeepers, Avaya, Protocols - SIP, MGCP, RTP, SCCP, H.323, SRTP, QoS, SRST, PoE, IEEE 802.11, EAP, WLAN, WAP, AP, SSID, LWAPP, CSMA/CA, MMDS, DSSS.

Monitoring/APPS: Zenoss, Finisar, Wireshark, PRTG Network Monitor, Cacti, Nagios, SolarWinds, Remedy, OpNet, Cisco Works, LogicMonitor Sniffer, Ethereal, SNMPv1/v2c/v3, RMON, Syslog, tcpdump, DNS, DHCP, FTP, Telnet, HTTP(S), SMTP, SFTP, sFlow, Spirent, NetFlow, EOAM, NetBrain.

Network Apps/Languages: ArcServe, Veritas, NT Backup, Altris, Ghost, MS Visio Pro, Netformx, Visual C++, Visual Basic, Java, Clipper, dBASE, SAS, Epi Info, SPSS, Novell NetWare 4.11/5.0, Windows NT/ 2000/2003/ 2008 , OS2, SR-OS, Macintosh, CatOS/IOS/IOS-XE/IOS-XR/NX-OS, JunOS, ScreenOS, Cisco ASA.

PROFESSIONAL EXPERIENCE DETAIL:

Confidential

Network Engineer

Responsibilities:

• Member of an enterprise team responsible for end-to-end management of sprint’s backbone ISP/Telecom infrastructure with responsibilities that include but not limited to design review, high level network monitoring and analysis, technical documentation, implementation, testing/validation along with tier 3 escalation support on major issues.
• Key technologies regularly handled include static, OSPF, IS-IS, BGP and MPLS routing, PVST+/MST/VTP switching protocols, security and routing policies, NAT, IPv4/v6, VPNs, IDS, AAA, wireless, voice, SolarWinds, Spirent, NetBrain.
• Specific technologies include Cisco (12416 GSR, 7604/7613 and ASR 9010) routers, Juniper MX960/240/80 routers, Catalyst (4503, 4912, 6509, 6513) and Nexus 7010 switches, Juniper (SRX 5800/3600 and NetScreen 5400) firewalls, Nexus 2232/2248 FEXs, Access/Terminal servers, F5 BIG-IP 2000/3900 series, Palo Alto 5060/7080 to name a few.

Confidential

Network Consultant

Responsibilities:

• Technical responsibilities included, but are not limited to the configuration, installation, design and implementation, analysis, testing and troubleshooting for large scale LAN /WAN network infrastructures including network components with routers and switches, security (firewalls), wireless, voice and data center technologies.
• Key technologies regularly handled include RIPv2, EIGRP, OSPF, MPLS and BGP routing, VLAN/VTP/RSTP switching technologies, IPv4/v6, NAT, VMware vSphere/VXLAN/OTV, AAA, Cisco Prime, 802.1x, VPN, IPS, wireless, voice, SPAN along with Wireshark, Cacti, and sFlow/NetFlow along with PRTG Network Monitor.
• Specific technologies included Cisco (7602/7606/2811/2801 ), Juniper 2320 and Alcatel (7750/7705/6860/ e) routers, Catalyst (6509/4503/3750 ) and Nexus (1000v/ 5020/9508/9300 ) switches, Cisco ASA (5505/5510/5585 ) and Juniper SRX 210 firewalls, Nexus 2148 FEXs, 1131 APs/2106 WLCs, F5 BIG-IP Virtual Edition, Palo Alto 2020 to name a few.
• Additional activities included configuration review/validation/edits, site assessments/analysis, new technologies review, business and technical needs analysis and recommendations.

Confidential

Network Systems Manager

Responsibilities:

• Responsible for senior administration, software updates/development, hardware implementation/upgrades, documentation/change management and troubleshooting for various networking technologies.
• Technologies handled include routers, switches, WAN infrastructure, and various network based applications.
• Additional responsibilities included client /vendor relationships, verbal and written communications with management, technical and non-technical staff, and task and project management, to name a few.

Confidential

Network Support Analyst

Responsibilities:

• Member to a team responsible for 1st- and 2nd-tier network support and management, design, configuration and installation, troubleshooting, documentation, providing strategies, testing and implementation for various LAN/WAN network infrastructures which include, but not limited to Cisco routers, Cisco switches, and PIX firewalls.
• Additional technologies handled include, but not limited to servers, network enterprise applications and routing protocols - IS-IS, MPLS and BGP.

Confidential

IT Manager (Networks)

Responsibilities:

• Managed and supervised a team of professionals responsible for the day-to-day support, workarounds, maintaining IT security, and installed, upgraded, merged, and handled troubleshooting activities for various LAN/WAN infrastructures.
• Technologies handled by the team include but not limited to onsite IT infrastructure network operations and system integrity, disaster/data recovery, server racks, firewalls, VPN link, wireless carrier segment to the internet, point-to-point satellite links, voice and central power supply systems.