Description
Summary IT Professional with over 7 years of experience in design, administration/service requests, documentation, management/ change management, planning, creating, reviewing, assisting, maintenance, support/Escalation, analysis, investigating and troubleshooting various network technologies that includes proficiency in monitoring (PRTG/MRTG, SYSLOG Wireshark, SNMP, Solarwinds, cisco prime, Nagios), Routing ( IOS, Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600) Routing Protocols (LAN, IRDP, OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.), Switching (Transparent Bridging, CDP, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Cisco Catalyst 6500, 4500, 3850, 3560, 3750, 2960), Redundancy protocols (Etherchannels, HSRP, VRRP and GLBP), Wireless (Cisco WLC, cap/wap), Voice (Cisco call manager, SIP), Security (TACACS+, RADIUS, Cisco ACS, NAT, ACL, IPSEC), Firewalls (Multi-vendor environment: Cisco ASA, Juniper SRX, Fortinet, Palo Alto Checkpoint), Load Balancers (F5 BIG-IP), Wan Technologies (PPP, HDLC, Channelized links (T1/T3, Fiber Optic Circuits, Frame Relay, MPLS), Data Center Technologies (Nexus 2K/3K/5K/7K, VDC, VPC OTV, FabricPath, DHCP and DNS, NTP, TFTP, FTP). Technical Certifications & Skills * Cisco Certified Network Professional - Route & Switch CCNP - R & S * Cisco Certified Network Associate - Security CCNA - Security * Certified WAN Professional/Certified WAN Enterprise Administrator CWP/CWEA * Cisco Security Administrator / Data Center Administrator CSA / CDCA * Cisco Voice Administrator / Wireless Technician CVA / CWT * Cisco Certified Network Associate - Route & Switch CCNA - R & S Summary of Technical Accomplishments Routing & Nexus & Catalyst Switching * Implemented VLAN Trunking Protocol to reduce administrative overhead and to control VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that extend further across the network than previous generation of switches. * Implemented port-profiles in NX-OS for multiple ports and port-types to reduce errors and improve readability. * Enabled encryption of system passwords and privileged administration to prevent unauthorized IOS user access. * Implemented secure access and EXEC command interpreter interval to the console and vty ports. * Created and managed Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding. Utilized VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches and for root bridge assignment. * Implemented frame-relay point-to-point and multipoint WAN links between sites to establish connectivity between four sites. Established frame-relay point-to-point connections between three sites to create full mesh network. Implemented hub and spoke network between three sites with the main office as the hub for redundant connections. * Implemented EIGRP routing for point-to-point and Non Broadcast Multi-Access networks. Prevented neighbor adjacencies forming and sending/receiving routing updates on unnecessary interfaces. Implemented EIGRP MD5 between sites to prevent unauthorized insertion of routes into the domain. Implemented manual EIGRP route summarization to reduce demand on CPU resources, memory, and bandwidth used to maintain the routing tables. * Implemented multiple area OSPF routing and totally stubby areas to lower the system resource utilization of devices. Implemented NSSA area to allow injection of external routes into the area and propagation into the OSPF domain. * Implemented backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-comfit file for the DR. * Configured e/iBGP peering using directly connected networks and loopbacks with OSPF, ebgp-multihop, and Route Reflectors to provide routing information with debugging diagnostic commands to monitor BGP events. Security * Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office. Implemented VPNs for IKE Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac to traffic protection, crypto-map to configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint. * Implemented of Zone-Based Policy Firewall on the Cisco 1841 ISR for three zones, applying class-maps as traffic crosses a zone-pair, policy maps to apply action to the class-maps' traffic, zone-pairs, and application of policy to zone pairs. * Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser. Prepare the Cisco ASA with necessary configurations to self-signed certificate generation. Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association. * Utilized Cisco ASA 5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic. Configure HTTP inspection policy to block restricted sites and file downloads. * Implement zone-based firewall with Fortinet fortigate - 1500D, Protect enterprise intranet, mails, and applications * Implement zone-based firewall with Checkpoint 12200, Protect enterprise intranet, network, mails, and applications * Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection. * Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. * Configured and maintained IPSEC and SSL VPN's on Juniper Firewalls and also implemented Zone Based Firewall and Security Rules on the JuniperFirewall. Monitoring/Management * Used the Cisco Configuration Professional to configure interfaces, passwords, hostnames, DHCP, EIGRP, and SNMP. * Utilized Nagios XI (customized dashboard, SolarWinds Orion NPM, CACTI monitoring and graph traffic. * Used the Wireshark tool to study HTTP, telnet, and SSL traffic. Voice/Wireless * Implemented local voice network using Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE), Cisco Communications Manager Express, Cisco 3550 Switch with POE. Created and managed Data and Voice VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding. Configured edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays. * Implemented Unity Voicemail on the Cisco Unity Express Network Module. Configured dial-peer on a Cisco 2811 ISR to define attributes of packet voice network connections to Cisco Unity Express Network Module. Enabled call forwarding on busy/no answer. Implemented Message Waiting Indicators and Voicemail access via SMTP. * Implemented a wireless network infrastructure providing access to wired LANs to increase mobility and productivity on Cisco WLC 2106, Cisco 3550 switch, Cisco 1130AG and 1121G series APs. Created wireless LANs and configure interface association, security parameters, and radios used. Managed the wireless network through the WLC web GUI. * Prepared infrastructure for AP registration on same subnet as management VLAN for AP registration on different subnet. Configure AAA policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate. Accomplishments Routing & Nexus & Catalyst Switching * Implemented VLAN Trunking Protocol to reduce administrative overhead and to control VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that extend further across the network than previous generation of switches. * Implemented port-profiles in NX-OS for multiple ports and port-types to reduce errors and improve readability. * Enabled encryption of system passwords and privileged administration to prevent unauthorized IOS user access. * Implemented secure access and EXEC command interpreter interval to the console and vty ports. * Created and managed Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding. Utilized VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches and for root bridge assignment. * Implemented frame-relay point-to-point and multipoint WAN links between sites to establish connectivity between four sites. Established frame-relay point-to-point connections between three sites to create full mesh network. Implemented hub and spoke network between three sites with the main office as the hub for redundant connections. * Implemented EIGRP routing for point-to-point and Non Broadcast Multi-Access networks. Prevented neighbor adjacencies forming and sending/receiving routing updates on unnecessary interfaces. Implemented EIGRP MD5 between sites to prevent unauthorized insertion of routes into the domain. Implemented manual EIGRP route summarization to reduce demand on CPU resources, memory, and bandwidth used to maintain the routing tables. * Implemented multiple area OSPF routing and totally stubby areas to lower the system resource utilization of devices. Implemented NSSA area to allow injection of external routes into the area and propagation into the OSPF domain. * Implemented backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-comfit file for the DR. * Configured e/iBGP peering using directly connected networks and loopbacks with OSPF, ebgp-multihop, and Route Reflectors to provide routing information with debugging diagnostic commands to monitor BGP events. Security * Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office. Implemented VPNs for IKE Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac to traffic protection, crypto-map to configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint. * Implemented of Zone-Based Policy Firewall on the Cisco 1841 ISR for three zones, applying class-maps as traffic crosses a zone-pair, policy maps to apply action to the class-maps' traffic, zone-pairs, and application of policy to zone pairs. * Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser. Prepare the Cisco ASA with necessary configurations to self-signed certificate generation. Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association. * Utilized Cisco ASA 5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic. Configure HTTP inspection policy to block restricted sites and file downloads. * Implement zone-based firewall with Fortinet fortigate - 1500D, Protect enterprise intranet, mails, and applications * Implement zone-based firewall with Checkpoint 12200, Protect enterprise intranet, network, mails, and applications * Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection. * Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. * Configured and maintained IPSEC and SSL VPN's on Juniper Firewalls and also implemented Zone Based Firewall and Security Rules on the JuniperFirewall. Monitoring/Management * Used the Cisco Configuration Professional to configure interfaces, passwords, hostnames, DHCP, EIGRP, and SNMP. * Utilized Nagios XI (customized dashboard, SolarWinds Orion NPM, CACTI monitoring and graph traffic. * Used the Wireshark tool to study HTTP, telnet, and SSL traffic. Voice/Wireless * Implemented local voice network using Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE), Cisco Communications Manager Express, Cisco 3550 Switch with POE. Created and managed Data and Voice VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding. Configured edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays. * Implemented Unity Voicemail on the Cisco Unity Express Network Module. Configured dial-peer on a Cisco 2811 ISR to define attributes of packet voice network connections to Cisco Unity Express Network Module. Enabled call forwarding on busy/no answer. Implemented Message Waiting Indicators and Voicemail access via SMTP. * Implemented a wireless network infrastructure providing access to wired LANs to increase mobility and productivity on Cisco WLC 2106, Cisco 3550 switch, Cisco 1130AG and 1121G series APs. Created wireless LANs and configure interface association, security parameters, and radios used. Managed the wireless network through the WLC web GUI. * Prepared infrastructure for AP registration on same subnet as management VLAN for AP registration on different subnet. Configure AAA policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate.
![Right_template4_bottom](/images/templates/colorful/right_template4_bottom.png?1597775387)
Accomplishments
Highlights:
![Left_template4_bottom](/images/templates/colorful/left_template4_bottom.png?1597775387)
Keywords
![Left_template4_bottom](/images/templates/colorful/left_template4_bottom.png?1597775387)