SUMMARY

• A Senior Network Engineer with a solid understanding and experience in LAN, WAN, TCP/IP and knowledge and experience in Cisco software (IOS, NX OS).
• Has experience in layer 2 and layer 3 switches which include protocol such as Spanning Tree protocol, VPC, NAC on cisco ISE and Aruba ClearPass, Fabricpath, VDC, FCoE, MPLS, ISIS, DMVPN, VTP, IEEE 802.1D/1W/1.Q/1S, 802.1X.
• Can manage and configure VLANs, VPC, Access - List, Firewalls, Switch port security, Private VLAN, Gateway redundancy and VPNs in both IOS and NXOS.
• With expert knowledge of network access control using Cisco ISE with protocol such as RADUIS and TACASC+.
• Hands on experience with routing protocols such as EIGRP, OSPF, RIP and BGP.
• Monitored and managed devices using Solarwinds
• Configure ISIS at the core provider network
• Configure OSPF Stub Areas to reduice OSFP shortest path tree calculation as well as reduice the amount of route in the RIB
• Configure BFD with L3 routing protocol such as OSPF, EIGRP, BGP
• Configure native fiber channel ( FC ) and FCoE on cisco 5596UP
• Configure, manage and troubleshoot Nexus 2k, 3k, 5k, 7k
• Configure NAC on switches using dot1x and Aruba Clearpass policy manager ( CPPM) and Cisco ISE
• Configue and manage Aruba Wireless
• Configure and troubleshoot VPC on Nexus 7Ks, 5Ks and VDC on NX7Ks. Hardware knowledge of various line cards in Nexus 7Ks and 5Ks
• Manage DHCP and DNS servers
• Configure, manage and troubleshoot IP routing (EIGRP, OSPF, RIP and BGP) in Cisco routers and L3 switches;
• Configure and manage VLAN in a switch network;
• Configure MPLS at The CE and Integrate MPLS application components, including layer 2 and layer 3 VPN configuration;
• Configure and troubleshoot wireless network;
• Implement IP addressing schemes and IP services to meet network requirements;
• Configure, verify and troubleshoot network security such as NAT and ACLs in large enterprise networks;
• Configure switch security including port security, trunk, access and VLAN management;
• Configure, verify and troubleshoot VPN site to site and remote;
• Configure, and manage Cisco ASA firewall systems from the Command line (CLI) and via Cisco ASDM;
• Configure open-source access controllers for AAA services;
• Configure interface connectivity by using IP SLA;
• Knowledge ofnetworksecurity protocols such as IPSEC tunnels, GRE tunnels, NAT/ PAT, ACLs and VPN- MP-BGP.
• Configure and troubleshoot Palo Alto Firewalls
• Configure VRF on ESN Zone to create a single broadcast domain across datacenters.
• Configure, implement and manage VPN LAN to Lan tunnels utilizing IPSEC, ISAKMP, 3DES, AES, ESP for added security
• Configure, implement WAN protocol such as: Frame Relay, T1, PPP, MPLS;
• Configure and manage wireless network;
• Configure, manage and troubleshoot gateway redundancy protocol such as HSRP, VRRP and GLBP in the distribution layer.

PROFESSIONAL EXPERIENCE

Confidential

Network Specialist

Responsibilities:

• Designed and implemented multi-portal guest web authentication with sponsor guest and self-register guest on Cisco Wireless Controller and ISE by leveraging F5 as the hosting portal
• Installed and configured Cisco Smart Software Server Satellite (SSM on-Prem) to handle 9300 switches, nexus devices and Firewall license
• Configured ISE self-registration portal for guest user at SSA field office as authentication method of SSA Public Wi-Fi
• Built Python script for 802.1x wired project deployment
• Collaborated with F5 Team on deploying F5 VIP for 802.1x Project (F5 VIP for ISE nodes)
• Deployed PKI certificate on Polycom IP Phone for 802.1x project as agency requirement is to use EAP-TLS as authentication method
• Recovered from a corrupted ISE infrastructure by building 12 new nodes in a cluster and have configured from the scratch to avoid corrupted data to support 80K VPN users (due to Covid-19 telework)
• Implement 802.1X wired & Wireless at SSA (social security administration) base on PKI (Certificate)
• Implement Posture assessment on Endpoint through Cisco AnyConnect Compliance module
• Implemented an emergency posture policy based on Microsoft SUS update released on early January 2020 SSA wide
• Implemented Posture policy for compliant to remain (C2R) based on SSA requirement
• Conducted Wireless survey and design planning by using AirMagnet Pro sites survey
• Started wired NAC implementation as mandate by DHS through CDM program

Confidential

Senior Network Engineer/Cisco ISE Engineer

Responsibilities:

• Implemented infrastructure cloud as a service with AWS with IPsec tunnel on Cisco ASA
• Conducted Wireless survey and design planning by using EKAHAU sites survey
• Automated network devices script configuration template with ansible
• Designed and configured Distributed Cisco ISE Deployment ( 12 Nodes).
• Migrated from an expired PKI Chain of trust to a New PKI chain of trust on an ISE deployment affecting more than 100K EAP-TLS Connection
• Design and Implemented NAC RBAC to meet entrprise requirement access.
• Troubleshooted NAC outoage due traffic MTU mismatch on the path.
• Planned and implemented disaster recovery/fault tolerance across 2 ISE Cluster (12 nodes each).
• Configured VPN anyconnect authentication though Cisco ISE by using Cisco Firepower as firewall
• Implemented NAC monitoring mode and NAC enforcement mode
• Configured 802.1x EAP-TLS/PEAP Wireless and Wired policies based on FDA network security requirement
• Configured Posture assessment Based on FDA Policies
• Integrated PingFederate IDP with Cisco ISE for sponsor portal Authentication.
• Integrated Citrix MDM for Mobile Device Management with Cisco ISE and Authenticate Mobile device based on EAP-TLS
• Configured Guest captive portal to allow sponsored guest on the Network.
• Configured Cisco Wireless Lan Controller included 802.1x configuration requirement
• Configured Switches with 802.1x requirement in Monitoring Mode for Network port analysis Then on Closed Mode for enforment
• Configured CUCM to install Internal Certificate on Cisco IP Phone for EAP-TLS Authentication with Cisco ISE
• Configured TACAS Services On Cisco ISE and Aruba Clearpass for device administration
• Configured Aruba Clearpass SSO for admin Access
• Support Cisco ISE and Aruba Clearpass NAC Product.
• Managed Cisco Wireless Network.
• Maintained and supported ISE Server VMware virtualized environment (ESXI VM workstation)
• Performed network documentation and created disaster recovery plan
• Managed and executed current and upcoming projects, including the hardware acquisition, licensing, and project scheduling.
• Configure, manage and troubleshoot gateway redundancy protocol such as HSRP, VRRP and GLBP in the distribution layer.
• Managed migration from Cisco ACS deployment to Cisco ISE deployment
• Manage and maintain Infoblox IP Address Management Appliances

Confidential

Network Engineer

Responsibilities:

• Configured and managed zoning for server ( VM servers ) and storage connectivity
• Provided traffic engineering on EIGRP to avoid SIA (Stuck In Active) Route
• Integrated Bidirectional Forrwading Detection (BFD) with EIGRP to increase convergence time in case of route failure on the core 6500 series switches.
• Configure iBGP on 2 dataCenter Provider Edge router (ASR1000 series) to allow load balance on dual ISP
• Configured, Troubleshoot and Managed aruba Wireless network.
• Installed and configured a pair of nexus 5596UP for storage ( FCoE) where the SVC ( San Volume Controller) and storage controller were connected through native fiber channel.
• Configured, managed and push multiple SSID including guest wireless (on 208 schools,and HQ Network) on Aruba controller (3600, 7240) by using Aruba Clearpass as Radius Server for MAC authentification, dot1x, and captive portail.
• Upgraded inside and outside bandwith from 1Gb to 10 Gb in 2 DataCenter which involved devices and cables replacement ( switches, Fiber, GBIC and Xenpak ) and softwares update
• Configured and installed 2 pairs of Nexus 3172TQ as a DMZ switches in 2 DataCenters where both pair are connected via dark fiber
• Redesigned SPT at the campus (School) location by using MST protocol instead of Per Vlan RSTP to allow dual active link (UP/UP) for better loadbalance and bandwitdth.
• Used Heat (help desk system) to track and mange network ticket
• Recovered from the power outage in the DataCenter where one of our core and ISP switches (7200) was damaged
• Configured, Troubleshooted and Managed the Network in the district ( 208 schools, 2 datacenter and HQ Network)
• Monitored and Managed the district Network by using Solarwinds
• Migrated (switches refresh) from Extreme devices to Cisco which included all L2/L3 protocols
• Configured and managed NPS ( Radius) and Tacasc+ servers which involved switches configuration
• Worked with the sever team to upgrade the sever bandwith by teaming the interfaces in the NIC and Etherchannel on the switches
• Configured NAC using 802.1X and MAC Authentification based on the active directory credential by using Aruba ClearPass Policy Manager as Radius server.
• Troubleshooted DNS, DHCP, TACASC+, RADIUS issues
• Led the successful implementation of network performance management products for BCPS’s infrastructure, improving visibility into network optimization by using SolarWinds included with NPM.
• Performednetworkengineering, design, planning (WAN & LAN) & implementation. Studied single point of failures & designed WAN structure in such a way that there are no failures innetworkin case of any device or link failure.
• Accomplished datacenter migration from 6500 switches to Nexus 2Ks, 5Ks and 7Ks.
• Data Centernetworkinfrastructure utilizing Cisco Nexusnetworkinfrastructure. Configuration and administration of Nexus 5596 and 2248/2232 as top of the rack for server access switches, utilizing Nexus FEX and VPC connections.
• Worked on Migration projects involving the refresh of devices from Juniper to Cisco in thenetworkinfrastructure.
• Performed route filtering and route manipulation by applying distribute-lists, route-maps & offset lists respectively.
• Implemented certificate in firewalls and routers using SCEP
• Provided support in the areas of Windows, Linux, VMware, storage environments and network technologies.

Confidential

Network Engineer

Responsibilities:

• Assisted in configuration and implementation of data traffic in ADP”s VOIP deployment at Owings Mill, MD (one week project with Network Dynamic Inc)
• Monitored trouble tickets using Remedy software application.
• The System/Network administrator for my division.
• Installed, configured and managed WLC 5500 series including cisco WAP
• Troubleshot connectivity problems on the LAN/WAN.
• Managed the users and servers using Active Directory.
• Provided OSPF traffic engineering by using OSPF Stub areas on Cisco 7200 series
• Configured managed/unmanaged Cisco 2900 switches 3700 routers
• Configured dynamic routing for OSPF/EIGRP/BGP protocols
• Created new DNS records and subnets/cleared cache memory on DNS servers.
• Performed server tests using NetDiag/DCDiag on windows 2000/2003 servers
• Supervised 3 lower level staff members
• Configured interfaces on Cisco routers
• Troubleshooted network connectivity in Linux environment by cli
• Managed Red hat /Debain/Ubuntu/Gentoo Linux servers
• Worked in a Data center environment
• Assisted remote access users in the Cisco 3030 VPN concentrator.
• Patched & performed maintenance on 200 File/ Print windows 2003 servers
• Created/managed scopes and leases on DHCP servers
• Configured EIGRP/OSPF on core and remote 4000/3700 series Cisco routers.
• Spanned ports to monitor network traffic
• Maintained the production servers
• Created/monitored and closed tickets using the Remedy tracking system.
• Configuring workstations at field sites and configured VPN access
• Provided 1St & 2nd Tier support to local Users

Confidential

Network Support Analyst

Responsibilities:

• Coordinated all end-user projects as assigned
• Develop standard operating procedure (SOP) documentation
• Isolated complex network problems and initiated solutions for corrective action for multi-vendor LAN/WAN communication platforms
• Lead the installation and configuration of corporate wide rollout of the Cisco Catalyst 3550, 3750, 4500 switches including VLAN configuration, 802.1q and ISL trunking, Ether Channel, Spanning-Tree protocol, HRSP, VRRP and GLBP
• Maintained, upgraded, configured, and installed Cisco ASA 5505,5510,5520 Firewalls from the CLI.
• Managed network IP access via Dynamic Host Configuration Protocol (DHCP)
• Managed network security processes using ASA firewalls
• Monitored LAN/WAN and device activities utilizing Cisco Works, SNMP, SolarWinds.
• Monitored the Frame Relay network and coordinated new circuit installations
• Provides technical expertise in configuration and troubleshooting of various IP routing protocols including OSPF, EIGRP, and BGP
• Trained/cross trained fellow employees on network operations and usage
• 24/7 on call support provided on a bi-weekly rotational basis
• Maintain documents of work perform during the day
• Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches
• Network migration from OSPF to EIGRP
• Perform Troubleshooting end-to-end between two sites
• Redistribution of routing protocols and Frame-Relay configuration
• Researched and implemented upgrade process to support Cisco VPN solution
• Responsible for designing and implementation for customer network infrastructure
• Upgrade Cisco Routers and Switches IOS using TFTP
• Configured authentication of routing protocols like OSPF, EIGRP, using MD5 hash encryption.
• Configured extra security on port by enabling port security such as shutdown violation, maximum MAC address allowed per port, BPDU Guard with Portfast.
• Enabled extra features such as IP Source Guard, ARP Inspection and DHCP Snooping to prevent man in the middle attack
• Enhanced the Management interfaces on the routers and switch by using SSH instead of telnet, enabling service password encryption, putting password on the console and vty lines
• Prevented TCP flood attacks with access-lists designed with ICMP rate limiting and TCP intercept on Cisco perimeter firewalls.
• Sealed security vulnerabilities on the routers and switch such as disabling CDP on interfaces that do not need it, disabling Gratuitous ARP, some TCP and UDP services which includes echo (port number 7), discard (port number 9), daytime (port number 13)

Confidential

IT Helpdesk Analyst

Responsibilities:

• Remote IT Support, installed, managed, troubleshoot network, and software functionality;
• Mentored team members, answering technical and procedural questions, teaching improved processes; according to company and branch location requirements;
• Handled technical troubleshooting, including system crashes, slow-downs and data recoveries;
• Responsible to train/mentor end users in use of equipment and software;
• Performs analytical, technical, and administrative work in the planning, design and installation of new and existing personal computing systems and peripherals