SUMMARY

• Seven (7) years of experience in Network Engineering and Systems Administration.
• Four (4) years of Hands on Experience in Cisco’s Identity Service Engine - Network Access Control design, deployment & implementation.
• Four (4) years of Hands on Experience in Industry leading NAC Provider - ForeScout CounterAct Network Access Control design, testing, deployment and implementation.
• Sever (7) years Hand on Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, and RADIUS Protocols.
• Expertise in Cisco ACS, Cisco ISE RADIUS & TACACS 802.1x &AAA (Authentication, Authorization and Accounting Protocols) Radius Configurations, Juniper Steel Belted Radius, and Radiator Radius.
• Hands on Experience in Installation and configuration of VMware ESXi 4.2/5.1/5.5/6 Environments, VMware VSphere, VMware Workstation 8, VMware view, Virtual Desktop Interface.
• Over five (5) years of Hands on Experience in Installation and Configuration of Checkpoint Firewall UTM Series, NGX Series Nokia Appliances and Virtual Checkpoint Firewalls.
• Installations, Operations & Maintenance of Checkpoint firewall UTM and NG/X Series on distributed NT environment and management of network security policies which includes access controls, Firewall Rule policies, Application & URL Filtering.
• Management of Checkpoint Firewall Clusters from Central Management (CMA) and Service Provider interfaces.
• Hands on Experience in installation and configuration of NetOptics and Gigamon TAPs for traffic capture and feeding into Network monitoring tools.
• Hands on Experience with Cisco Prime Infrastructure v2.1/2.2/3.
• Implementing Downloadable Extended Access Control-Lists using Cisco ISE and on Multi-Layer Switches.
• Expertise in troubleshooting Network Connectivity issues in Local Area Networks (LAN) using Packet Capturing Methods (Wireshark).
• Hand on experience in configuring DNS and DHCP servers on Windows 2008/2012 Standard R2 Servers
• Expert Hand-on-Experience in configuring 802.1x supplicant (Native Supplicant, Cisco AnyConnect Supplicant & Secure W2 client supplicant) configuration on various End Client Devices-Windows, Apple Macintosh and Linux platforms.
• Experience in Installing and Configuring RSA 2 Factor Authentication using RSA Authentication Manager 8.0/8/1, token based Authentications, Risk Based Authentications (RBA) and On-Demand Authentications (ODA).

TECHNICAL SKILLS

Routers & Switches: Cisco Routers (3800, 2800, 2500, 2400 Series), Cisco Switches (6500, 4500, 2960, 2950, 2924, 3700, 3500)

Firewalls & VPN: Checkpoint Firewall UTM Series and Cisco ASA5500 series

Operating Systems: Windows XP/Vista, Windows 7, Windows 2000/2003/2008 Servers, Windows Storage Server 2003, Linux Operating Environments.

Cisco ISE Devices: Cisco Identity Service Engine 3300s Appliances with software release of 1.0.3/1.0.4 MR, Cisco Identity Service Engine on VMware ESX 5.0 with software release of 1.0.3/1.0.4 MR,1.2.x ForeScout

Counter act: CT/AS 1000/2000/4000 s and CounterACT on VMware

Cisco ACS: Cisco ACS 4.2, Cisco ACS 5.0/5.3/5.4

AAA Architecture: TACACS+, RADIUS

Protocols: TCP/IP, EIGRP, OSPF, Dot1Q, STP, VLANS, VTP, DNS, DHCP, ARP, SNMP, 802.1x, EAP, PEAP, MSCHAPv2, EAP-GTC, EAP-TLS

Wireless Equipment: Cisco Wireless LAN Controllers (WLC) 4400 Series (4402 & 4404) 5500 Series (5508), Cisco Aironet Wireless Access Points ( Series), Cisco Prime Infrastructure 2.x/3.x

VMware: ESXi 5.5, VMware VSphere, VMware Workstation 8, VMware view.

Applications: MS Office 2003/2007- Word, Excel, Power Point, MS Outlook, Outlook Express, Windows Live Mail, VNC PC Anywhere, Team Viewer, LAN Guard Network Scanner.

Antivirus: Kaspersky Server/Client stations, AVG, Norton 360, McAfee AV.

PROFESSIONAL EXPERIENCE

Confidential, Southborough, MA

Network Engineer

Responsibilities:

• Working as Network Engineer in planning and designing our Clients global network for Network Access Solution.
• Maintenance of Forescout CounterACT NAC Solution across Wireless, SSL-VPN and Wired Networks.
• Implementation of 802.1x Wired User Authentication using Juniper Steel Belted RADIUS Servers across two Domains.
• Designed & Deployed Cisco ISE 1.2/1.3/2.0 for Enterprise RADIUS Authentication with Active Directory, RSA SecurID, Proxy Radius Services to Cisco ACS, Juniper Steel Belted Radius and Radiator Radius.
• Configuration & Maintenance of Cisco ISE for Certificate based authentication for BYOD and Corporate Mobile Device Authentication using Airwatch MDM
• Provided comprehensive guest access management for Cisco ISE administrators, sanctioned sponsor administrators using BYOD & Guest Management Portal Configuration.
• Endpoint compliance by providing comprehensive client provisioning measures and assessing teh device posture for all endpoints that access teh network, including 802.1X environments.
• Worked extensively on Cisco Catalyst Switch 6500s, 4500s, 3750 and Cisco ISE 3300 Appliances and 1.0.4/1.1/1.2/1.3/1.4 and 2.0 Cisco ISE on VMware’s.
• Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.
• Hands on Experience in Installation and Configuration of Checkpoint Firewall UTM Series, NGX Series Nokia Appliances and Virtual Checkpoint Firewallsand management of network security policies which includesFirewall Rule policies, Application & URL Filtering.
• Management of Checkpoint Firewall Clusters from Central Management (CMA) and Service Provider interfaces.
• Configured Cisco ISE forDomain Integration and Active Directory Integration.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Planning, designing and Configuration of variousPolicy Configurations, Profile Authorizations, End device Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and Network Access.
• Configuration of Cisco IP phones (7900s, 6961s, 9900s) for device profiling and Cisco Call Manager phone registration via Cisco ISE, Printer Profiling, Mobile device profiling etc.,
• Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, Applying downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs.
• IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.
• Design for Guest Network and Mobile Access Network for NAC Solution, comprising of an Anchor Wireless LAN Controller solution in DMZs/Internet Gateways with ForeScout CounterAct NAC Appliances for NAC.
• Involved in finalizing teh design for Corporate Wireless Network Access for NAC Solution, comprising of ForeScout CounterAct NAC Appliances in all WAN Consolidation Points, and Data Centers.
• Worked extensively on Network Traffic SPANS and TAPS for monitoring Network traffic, and Virtual Firewall ACL rules and policies in CounterAct NAC Appliances for Network Access Controls.
• Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies and Rules for Checking teh devices coming ontoNetwork, Remediation Process, Access and Controls, and Segmenting teh Global Networks for NAC Solutions for both Cisco and Forescout NAC Appliances.
• Hands-on-Experience in configuring 802.1x supplicant (Native Supplicant, Cisco AnyConnect Supplicant & Secure W2 client supplicant) configuration on various End Client Devices-Windows, Apple Macintosh and Linux platforms.
• 802.1x Authentication for User Authentication and Machine Authentication with Microsoft Active Directory involving multiple Domains and Active Directory with machine and user objects, and with different Organizational Units,
• Active Directory group policy objects configuration and processing for 802 1x EAP(PEAP)-TLS Protocols for installing certificates and configuring supplicants
• Configured Wireless networks on WLC 5508 series Wireless LAN Controller and management using Cisco WCS, NCS and Cisco Prime Infrastructure.
• Configured and deployed Cisco Iron Ports - Web Security Appliance 7.7/7.7/8.0 and WCCP proxy web redirection on Cisco 6500 Switches.
• Configured RSA SecurID authentication manager 8.x for Two Factor 8021x Authentication, On-Demand & Risk Based Authentications.
• Hands on Experience in configuring McAfee ePOLICY ORCHESTRA (ePO) and McAfee Suite.

Confidential

Network Engineer Consultant

Responsibilities:

• Performed as a Network Engineer in planning and designing Confidential ’s major network refresh and redesign of their global Wireless Networks.
• Designing and configuration of Local Area Networks consisting of Cisco Catalyst Switches 4500s, 3750X, 3560X Wired Switches, Wide Area Networks consisting of Cisco Routers, 3900s, 2951s, and Wireless LAN Networks using controllers of Cisco 5508s with Cisco APs 3500s.
• High-level Designing and Low Level Designing of Cisco (WLAN) Wireless Networks, NAC Network Design for Global Network based in EMEA, NAR and APAC and coordination with global teams in delivering teh proposed solution successfully.
• Installed and configured hardware for Wireless Deployment using Cisco Wireless LAN Controllers (WLCs) 5500 Series with software version 7.x/8.0 and Cisco Prime Infrastructure 2.x/3.x
• ConfiguredWireless LAN Controller Interfaces, WLANs, RADIUS attributes, AAA Server configuration for wireless network connections.
• Configured Mobility groups for Anchor and Foreign Wireless LAN Controller Functionality for Layer 2 functionalist using Ethernet over IP (EoIP) tunnel establishment over Layer 3 routing.
• Configured and integrated ACS Server with Wireless LAN Controllers, Switches and Routers for TACACS+ Role Bases Access (RBAC).
• Provided support on Firewall configuration for policy rules on Checkpoint Firewalls.
• Configured Cisco ACS 5.x for user authentication with External Database as Active Directory.
• Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.
• Documentation teh entire deployment notes and policy sets.Conducted workshop training for end user employeesand provided helpdesk training and facilitated teh handoverof NAC Project to teh Verizon managed services provider.
• Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.
• Expert Hand-on-Experience in configuring 802.1x supplicant (Native Supplicant, Cisco AnyConnect Supplicant & Secure W2 client supplicant) configuration on various End Client Devices-Windows, Apple Macintosh and Linux platforms.
• Cisco ISE forDomain Integration and Active Directory Integrationfor 8021x authentication for Cisco’s Internal IT Wireless Networks.
• 802.1x Authentication for User Authentication and Machine Authentication with Microsoft Active Directory involving multiple Domains and Active Directory with machine and user objects, and with different Organizational Units,
• Conducted and performed Radio Frequency (RF) Site survey for teh deployment of wireless Network and discovering teh RF Coverage Areas, Checked for RF Interference and determined appropriate placement of wireless device - LWAPs.
• Troubleshoot issues related to Wireless Setup that includes RF issues like multipath distortion and hidden node problems.
• Performed various VLAN Assignments, Inter-VLAN Communication, dot1q trunking, ACLs, and SNMP settings.
• Configured and executed Protocols like OSPF, BGP and EIGRP on Cisco Devices
• Extensively utilized Microsoft’s Project 2007 (project plan) for Enterprise Project Management and InfoBloxfor Network Management and IP address Management.
• Extensively utilized Microsoft’s Visio 2007 for design analysis and project planning.
• Active Directory group policy objects configuration and processing for 802 1x EAP(PEAP)-TLS Protocols for installing certificates and configuring supplicants
• Test functions of Customer’s NAC, to include Active Directory Single Sign-on authentication, posture checking and remediation services per requirements gatheird during teh Design and Planning tasks.
• Review Customer logs for policy violations and tune rules as appropriate.
• Extensively utilized Microsoft’s Visio 2007 for designing and analysis and Project 2010 for task planning and assignment. Microsoft’s Project 2007.

Confidential

Network Engineer

Responsibilities:

• High-level Designing and Low Level Designing of Cisco Wireless Network (WLAN) and NAC Network Design.
• Provided advice and guidance to Network Management Team for implementing Cisco Wireless Project under Data Security Laws and Regulations such as SOX (Sarbanes-Oxley Act) and teh Peripheral Component Interconnect/Payment Card Industry Data Security Standard (PCI DSS) Networks.
• Configuration of Authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies.
• Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.
• Planned, Prepared, Designed and Implementation of Cisco NAC Appliances in teh Network comprising of Access, Distribution and Core Layers (All Cisco Catalyst Switches 4500s and 6500 Series)
• 802.1x Authentication for User Authentication and Machine Authentication with Microsoft Active Directory involving multiple Domains and Active Directory with machine and user objects, and with different Organizational Units,
• Active Directory group policy objects configuration and processing for 802 1x EAP(PEAP)-TLS Protocols for installing certificates and configuring supplicants
• Configured Wireless LAN Controller Interfaces, WLANs, RADIUS attributes, AAA Server configuration for wireless network connections, SNMP Settings and SNMP Community setting for Trap controls.
• Conducted and performed Radio Frequency (RF) Site survey for teh deployment of wireless Network and discovering teh RF Coverage Areas, Checked for RF Interference and determined appropriate placement of wireless devices including LWAPs and Cisco 7925G Wireless Phones.
• Troubleshoot issues related to Wireless Setup that includes RF issues like multipath distortion and hidden node problems.
• Performed various VLAN Assignments, Inter-VLAN Communication, dot1q trunking, spanningtree portfast, ACLs, and SNMP settings. Defined strings for SNMPv2C existence
• Configured and executed Protocols like OSPF, BGP and EIGRP on Cisco Routers 7600s, 7200s, 2800s
• Extensively utilized Microsoft’s Project 2007 (project plan).
• Extensively utilized Microsoft’s Visio 2007 for design analysis and project planning.

Confidential

Computer Systems & Network Administrator

Responsibilities:

• Involved in designing, configuring, implementing, maintenance and troubleshooting issues relating to routers and switches in LAN, WLAN and WAN.
• Designed and deployed networks as per teh company’s requirement. Handled different tasks such as network address assignment, assignment of routing protocols, etc.
• Handling teh network infrastructure LAN/WAN, migration & configuration of network client workstations. Addressing performance bottlenecks & ensuring maximum network efficiency and uptime.
• Planning designing, Installation, configuration and maintenance of 802.11a/b/gWireless Networks and Wireless Access points.
• Configured Wireless Control System 5.0 for Wireless Networks.
• Installed and Configured Wireless LAN Controller 4402 and 1200s (LWAP) Cisco Access Point.
• Configured Secured Authentication using LEAP/WEP and PEAP/WPA & WPA2.
• Implemented, Monitored and troubleshoot teh protocols EIGRP, OSPF and Static Routes.
• Worked extensively on lab build for POC and pilot on migrating/upgrading Cisco ACS 5.x to for TACACS+ and 802.1x Authentication on Network Devices.
• Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.
• Configuration and maintenance of Voice Processing Systems (VOIP) including PBXfor PanasonicKX-TVA-50 VPS and KX-TDA 200 - Console/GUI/connections for daily office usage.
• Installation, Management and Maintenance of VPN Servers for Remote access, Site to Site VPN access and Dial up VPN access.
• Implemented traffic filters using Standard and Extended Access Control lists. Handled Route-map, Re-distribution list & access-list configurations.
• Access distribution and core layer switching architecture, created VLANS, Firewall Services Module (FWSM) and STP configuration.
• Addressing issues like routing problems, route announcements/advertisements, and security access issues.
• Used tools Wireshark, Packet Sniffer and Microsoft Network Analyzer for monitoring Local Area Network connections (LAN’s) and Wide Area Network Connections (WAN) for Network connection and failure issues.
• Administrative responsibilities including teh installations, additions, updates and changes to Microsoft Windows 2003 and Windows 2008 servers.
• Planned Data Recovery, Drive/Disk Imaging and Backup process and procedures.
• Maintained accurate network documentation for moves, adds, changes, and deletes. Properly documentation of problem situations and resolutions.
• Documented policies and procedures for resolving customer issues.