SUMMARY

• 7 years of professional experience in Network Designing, Deployment, Administration, Configuring, Troubleshooting and Testing of networking system
• 5 years of Hands on experience in installation and configuration of Cisco ACS and Cisco ISE 1.x
• Knowledge on working with Wireless LAN Controller’s, Cisco NCS, Cisco AP’s, LWAPS, Standalone AP’s and Mesh AP’s.
• Expert Hands On Experience in Aruba Clearpass Policy Manager for 802.1x, AAA Configurations.
• Worked Extensively with Wireless planning and Management Tools like Aruba Airwave and Cisco Prime Infrastructure.
• Expertise in Cisco ACS and Cisco ISE Authentication, Authorization and Accounting Protocols. Expert Hands On Experience in Cisco ACS & Cisco ISE for 802.1x, AAA Configurations.
• Experience with designing, deploying and troubleshooting LAN, WAN, Ether Channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP
• Experience in layer-3 Routing and layer-2 Switching. Cisco router models like 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Good hands on experience on ASA (5540/5550) & Checkpoint Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, NIPS/IDS, AAA(TACACS+ & RADIUS)
• Designed & Deployed Cisco ISE 2.4/2.6 for Enterprise RADIUS Authentication with Active Directory, RSA SecurID, Proxy Radius Services to Cisco ACS.
• Hands on experience on Checkpoint UTM and NGX series Firewall and Application URL filtering and strong understanding knowledge on PaloAlto Product firewall
• Good level understanding of BIG IP F5 Load Balancers.
• Created network architecture on AWS VPC, subnets, Internet Gateway(IG), Route Table and NAT Setup.
• Configured RSA SecurID authentication manager 8.x for Two Factor Authentication, On-Demand & Risk Based Authentications.
• Design EC2 instance architecture to meet high availability application architecture and security parameters.
• Efficient Confidential use of Microsoft VISIO/Office as technical documentation and presentation tools
• Working knowledge with monitoring tools like Solar Winds &network packet capture tools like Wire-shark
• Provided 24x7x365 availability and on-call support as required by the projects
• Excellent working knowledge of TCP/IP protocol suite and OSI layers
• Excellent Knowledge on TCP/IP, SNMP, FIBRE, Ethernet, Gigabit/10-Gigabit, RADIUS/AAA.
• Good Knowledge on VoIP, VLAN, STP, 802.1Q, QoS, VoIP, VLAN, STP, 802.1Q/P, IPSEC, L2TP, L2CP, LACP.
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under various LAN and WAN environments
• RSA SecurID Two-Factor authentication using RSA SecurID Authentication Manager 8.x.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Well experienced in troubleshooting and optimizing performance in CISCO based routers and switches. Have worked in NOC environment for more than 5 years.
• Excellent problem solving and debugging skills with good verbal/written communication and presentation skills.

TECHNICAL SKILLS

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 9K, ASR 12K, CRS

Routing Protocols: OSPF, EIGRP, BGP, RIP v1/v2, MPLS PBR, Route Filtering, Redistribution, Summarization, and Static Routing

Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging

Multicast Protocols: IGMP, IGMP version 2 and 3, CGMP, PIM-Sparse and Dense Mode. DHCP, FTP, TFTP

LAN technologies: Ethernet, Fast & Gigabit Ethernet, VLANS, VTP, STP, RSTP, 802.1W, Cisco Prime

WAN technologies: Leased lines 128k - 155Mb (PPP / HDLC), Channelized links (T1/DS3/OC3/OC12), Fiber Optic Circuits, Frame Relay, ISDN and ATM

Wireless Technologies: Prime Infrastructure, Airwatch&WLC’s(8510, 5508, 5706), Cisco AironetAP’s ( 2600, 3600, 3700), ISE, MSE, Aruba 225, Aruba 3000 controller & Airwave.

Load Balancer: F5 Networks (Big-IP) LTM 8900 and 6400

Network security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, IPSec VPN, GRE VPN, Blue Coat, Aruba Clearpass Policy Manager

Network Management: SolarWinds, Proteus, Xilinx 9.21, HP Open-view, Wireshark, Spirent, SNMP

Operating systems: Windows XP/ 7/ 8, Windows Server 2003/ 2008, Mac OS X and Linux

Language skills: C, C++, Python, Bash, XML, SQL

Various Features & Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP, FTP

Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), VMware, Adobe Photoshop and Illustrator

PROFESSIONAL EXPERIENCE

Confidential - Charlotte, NC

Network engineer

Responsibilities:

• Subject Mater expert for identity access management.
• Providing Engineering solutions for 802.1X Security access and control of large financial institution.
• Manage and Support multiple clusters including Wired 802.1x for US and international, Wireless/Teleworker 802.1x, Radius authentication, Identity Services Engine and TACACS
• Design and configure Security Access polices, Identity Stores and Authorization Profiles for ACS and ISE.
• Lab Testing and Certification of all changes prior to implementation in Production environment
• Subject Matter Expert in Aruba Clearpass, Cisco ISE.
• Design and review existing HLD and LLD for current Bank devices.
• Onboarding devices to Aruba Clearpass Policy Manager- TACACS
• Migrated from Cisco ISE to Aruba CPPM
• Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• Expert level knowledge on configuring Aruba Mobility controller, Airwave, Aruba Clearpass, Cisco Prime Infrastructure, WCS/NCS, ISE & MSE. Worked extensively configuring Security over Wireless by Implementing Cisco ISE and Aruba Clear Pass Confidential many client locations.
• Based on network requirements defined a detail capability requirements for access equipment, Wireless LAN Controllers, Access Points and services management platforms Like Aruba Airwave and Prime.
• Supports and troubleshoots Aruba Clearpass Policy manger which is used as TACACS for monitoring logins of the users. Authorization, Authentication, Accounting is the prime goal. Troubleshoot Device access using Aruba Clearpass policy manager, Cisco ISE, Cisco ACS.
• Serves as the escalation point for all staffs to help with troubleshooting and resolving all network security infrastructure operational issues.
• Designed and Implemented MFA(Mult Factor Authentication) which is token based authentication with AD credentials for 65,000 devices and provides support to different vendor devices like Juniper, Cisco routers and switches, fireeye, Wireless controllers(Aruba and Cisco), Bluecoat proxy devices.
• Analyze network traffic using NAC tools for improving network security. Perform NAC system administration tasks. Provide installation support and validation of NAC System deployment.
• Testing and certifying the Guestnet, Retailnet, Associatenet for all the Wi-Fi users in the company. Designed service for Associatenet that is used by 20,000 employess globally.
• Migrating the Cisco ACS that supports switches to Cisco ISE because of the end of life of ACS.
• Testing and certifying the Aruba Clearpass upgrades, Cisco ACS upgrade, Cisco ISE upgrade. Involved in upgrading Cisco ACS from 5.2 to 5.8, Aruba clearpass from 6.6.2 to 6.6.7, 6.6.7 to 6.7.7, ISE from 2.2.9 to 2.2.12 and from 2.4 to 2.4 patch 6
• Created API extension that supports Multi Factor Authentication and supports the MFA.
• Conduct and direct end-user testing responsibilities with different device vendors like Juniper, Fortinet, Fireye. Administer communication activities with end-user training for system implementation and certification process.
• Creation and enforcement of Secure Network Access policies for different SSIDs (RADIUS) in both, CiscoACS and Cisco ISE. Creation and automation of templates in Cisco Prime Infrastructure that regulate enabling/disabling of WIFI in different locations.
• Tests and certifies new devices for AAA. Onboard new devices to Centralized AAA server that handles all the security information.
• Designed & Deployed Cisco ISE 1.2/1.3 for Enterprise RADIUS Authentication with Active Directory, RSA SecurID, Proxy Radius Services to Cisco ACS,
• Worked extensively on ClearPass, Aruba wireless AOS, Airwave, networking, 802.1x, Clearpass Deployment & Integration Experience, ClearPass TACACS
• Configuration &Maintenance of Cisco ISE for Certificate based authentication for BYOD and Corporate Mobile Device Authentication using Xenmobile MDM
• Worked on NX-OS series 2000, 3000, 4000, 5000, 6000, 7000 switches by configuring and upgrading in data centers
• Configured 6500, 3750 and 4500 for Network Access Solution integration with Cisco Identity Service Engine on ESX 5.0 VMware and physically with Cisco ISE appliances.
• Planning, designing and Configuration of various Policy Configurations, Profile Authorizations
• End device Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and Network Access.
• Planning, designing and configuration of various Cisco ISE strategies (Standalone, Distributed Setup).
• Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, Applying downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs locally and on the upstream switch’s for Cisco ACS
• Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies and Rules for Checking the devices coming onto Network, Remediation Process, Access and Controls.
• Worked extensively on designing PKI Infrastructure for EAP-TLS Protocol using certificate based authentication.
• Experience in creating, identifying and adjusting whitelist for authentication bypass.
• Experience troubleshooting wireless, wired line authentication environments and systems.
• Experience in problem analysis and management

Confidential - Thousand oaks, CA

Wireless Network Engineer

Responsibilities:

• Wireless infrastructure (WiSM 2.0, CPI 2.2) Cisco + Aruba
• Optimized performance (802.11ac)
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Troubleshooting, Analyzing network connectivity and Application and URL filtering using Smart track viewer and Smart track monitor
• Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• QoS options for VoIP and Video
• Efficient Confidential use of Microsoft VISIO/Office as technical documentation and presentation tools
• Working knowledge with monitoring tools like Solar Winds &network packet capture tools like Wire-shark
• Installation, Configuration and troubleshooting Cisco switches and Firewall on multi-mode context based environments.
• Validating wireless designs and set expectations accordingly
• Verifying performance on campus as expected (throughput, latency, etc.)
• Assisting in troubleshooting wireless issues, includes work with clients AP’s & devices i.e. laptops, tablets, smart phones, iPads, etc.
• Creating reports on wireless coverage and address concerns.
• Planning, designing and configuration of various Cisco ISE deployment strategies (Standalone, Distributed Setups) and rollout to production environment
• Provided guidance and solutions for implementation of Cisco WIPS and Mobility services.
• Migrated overlapping network IP space to non-overlapping space, DNS & DHCP migration from acquired networks, from MS Server to InfoBlox appliance
• Daily interaction with InfoBlox (a DNS, DHCP, IPAM appliance) updating DNS & DHCP configurations within multiple network views through InfoBlox and MS DNS/DHCP consoles
• Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, Applying downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs locally and on the upstream switch’s for Cisco NAC Solution.
• IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.
• Configuration of High Availability (HA) for inline Cisco ISE appliances and High Availability on ESX 4.0 VMware ISE for distributed setups with various node setups - Primary & Secondary Administration Node setups, Primary & Secondary M&T Node Setups and Primary & Secondary Policy Services Node Setups
• Experience working with ASR 9000 series switches with IOS-XR
• Experience converting Cat OS to Cisco IOS on the Cisco 6500 switches
• Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Maintaining and operating Cisco Prime Infrastructure in a worldwide deployment.
• Ongoing daily support of the tool.
• Well experienced in troubleshooting and optimizing performance in CISCO based routers and switches. Have worked in NOC environment for more than 3 years.
• Excellent problem solving and debugging skills with good verbal/written communication and presentation skills.

Confidential - South Borough, MA

Network Engineer

Responsibilities:

• Planning, designing and configuration of various Cisco ISE deployment strategies (Standalone, Distributed Setups) and rollout to production environment.
• Expert level knowledge on configuring Aruba Mobility controller, Airwave, Aruba Clear pass, Cisco Prime Infrastructure, WCS/NCS, ISE & MSE. Worked extensively configuring Security over Wireless by Implementing Cisco ISE and Aruba Clear Pass Confidential many client locations.
• Based on network requirements defined a detail capability requirements for access equipment, Wireless LAN Controllers, Access Points and services management platforms Like Aruba Airwave and Prime.
• Experience with complex DNS data migrations including consolidating overlapping reverse lookup zone files
• Experience with complex DHCP migrations from one platform to a different platform.
• Experience with InfoBlox (DHCP, DNS, IPAM), F5, and Windows DHCP and DNS.
• Provided guidance and solutions for implementation of Cisco WIPS and Mobility services.
• Worked extensively with Meraki products.
• Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, Applying downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs locally and on the upstream switch’s for Cisco NAC Solution.
• IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.
• Configuration of High Availability (HA) for inline Cisco ISE appliances and High Availability on ESX 4.0 VMware ISE for distributed setups with various node setups - Primary & Secondary Administration Node setups, Primary & Secondary M&T Node Setups and Primary & Secondary Policy Services Node Setups.
• Worked as ISE Network Engineer in planning and designing Cisco ISE 1.3 Deployment for Cisco Internal Wireless Connectivity (Blizzard & Hurricane).
• Worked extensively on policy design and implementation for ISE solution various Network infrastructures for successful wireless, extranet and VPN Connectivity.
• RSA SecurID Two-Factor authentication using RSA SecurID Authentication Manager 8.x
• Configured Cisco ASA 5510 for VPN Network Access Control integration with Cisco ISE
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Experience working with ASR 9000 series switches with IOS-XR
• Experience converting Cat OS to Cisco IOS on the Cisco 6500 switches
• Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
• Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding.
• Configured OSPF over frame relay networks for NBMA and point to multipoint strategies.
• Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
• Experience working with High performance data center switch like nexus 7000 series
• Installed and configured the Cisco routers 2800 in two different customer locations. It includes coordinating with Verizon and Confidential &T in order to bring the serial interface up for T3 link. Also, configuration includes frame relay, BGP and VPN tunnel on GRE
• VLAN Configurations, troubleshooting and Firewall ACLs and Object-Groups configuration and support
• Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800

Environment: Router series (2800, 3800, 7200) and switch series (3750, 3550, 4509E, 6509E), Cisco PIX(525, 535), ASA(5505, 5510) firewall, Routing Protocols (EIGRP, OSPF, BGP), Switching protocols (VTP, STP), Site to Site VPN, Remote Access VPN, Cisco VPN 3000 Concentrator, Cisco ACS 4.x