Karthik KA
acp6v0@r.postjobfree.com
acp6v0@r.postjobfree.com
SUMMARY:
Cisco Certified Network Engineer with Seven Plus years of experience in the industry, which includes expertise in the areas of Routing, Switching, Data Center, Load Balancers and Cisco Firewalls.
Having 7+ years of Extensive work experiences on Cisco Routers, Cisco Switches,
Proficient hands on experience in configuring Cisco Catalyst 2800, 2901, 2960, 3560, 4500, 6500, 4900, 3750 series and Nexus 5010,5596 and Nexus 7010,7018 switches.
Strong working experience with 2600, 2900, 3600, 3900, 7200, 7600 series Cisco Routers
Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
Familiar with Checkpoint and ASA firewalls.
Familiar with cisco UCS and VMware technologies.
Switching tasks include VTP, ISL/ 802.1Q, VLAN, Inter-VLAN routing, Ether Channel, STP and RSTP, PVST+.
Expert Level Knowledge about TCP/IP and OSI models.
Knowledge in OTV, Virtual Device context, Virtual Port channel and VSS cluster
Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps and route manipulation using Offset-list.
Hands on experience in deployment of GRE tunneling, SSL and Site-Site IPSEC VPN.
Hands on experience on vendor platforms such as Cisco, Juniper routers and switches, F5 load balancers, Check point Firewall, Cisco ASA and Cisco PIX firewalls.
Experience in Cisco ASA Firewall OS, NOS on 7k and 5k upgrades.
Hands on experience on Catalyst 3850 IOS upgrades
Expert in configuration of routing protocols and deployment of RIP v1/2,OSPF, EIGRP & BGP over Cisco Routers in Production environment
Network connectivity troubleshooting, ping, trace route, telnet.
Expert in Configuration of Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer
Responsible for CheckPoint and Cisco ASA firewall administration across global networks
Worked on Load Balancers CSM and F5 LTM like 3900, 6900 for corporate applications.
Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter VLAN routing and VLAN trunking using 802.1q.
Network security including Telnet, SDM, NAT/PAT, ACLs, AAA, ASA.
Worked on T1/E1/T3 technologies and different LAN & WAN technologies
FTP, TFTP and DHCP configuration and setup
Worked on SDM12 tool for tickets.
Performed professional level documentation using Visio diagrams
Configuring RIP, OSPF and Static routing on Juniper Routers.
CERTIFICATIONS
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)
TECHNICAL SKILLS:
Protocols : RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP,
PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, 802.11/802.11e, WEP, POP3 LADP.
LAN Technologies : Workgroup, Domain, HSRP, DHCP, Static, VLAN, STP (Spanning Tree
Protocol), VTP, Ether Channel, Trunks.
WAN Technologies : Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, SONET, Metro
Ethernet.
Network Products : CISCO Routers 1700, 1800, 2500, 2600, 2800, 2811. CISCO High End
Router 3600, 3800, 7200, 12010. CISCO Switches 1900, 2950, 2960. CISCO Campus switches 3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507, f5 load balancer, Air Magnet.
Security & VPN : PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM,
Fort iGATE, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, SonicWALL, RSA Secure ID, pfSense (Linux based firewall), Bluecoat proxy, socks proxy, HTTP proxy, IPsec, SSL VPN,
Load Balancer : F5 Networks (Big-IP) LTM 8900 and 6400.
Authentication : RADIUS, TACACS+, Digital certificates
Monitoring Tools : Wireshark, Nmap, Nessus, OpManager, PRTG Packet Sniffer, and
Infoblox.
Servers : Domain servers, DNS servers, WINS servers, Mail servers, Proxy
Servers, Print Servers, Application servers, FTP servers, NTP.
Operating Systems : Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 server,
Windows XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX.
Languages : C, C++, .Net, Java, J2EE, XML, SQL
Scripting Language : HTML, Java Script, CSS
Professional Experience:
Client: C. H. I (Lincoln, NE) May 2014 - Present
Sr. Network Engineer
Responsibilities:
Worked with Cisco Layer 3 switches 3750,4500,6500; Cisco Nexus 5596 and 7010 in multi VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, ether channel
Configuring objects such as Load Balancer pools for local traffic management on F5 Load Balancers.
Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login.
Configuring and Maintaining TACACS+ for AAA.
Managed IP addressing and implemented IP Access Lists.
Worked extensively on Cisco Firewalls, Cisco PIX & ASA 5500(5525/5585) Series.
Experience with Firewall Administration, Rule Analysis, Rule Modification.
Experience with design and implementation of Data center migration
Experience working with Nexus 7010, 5020, 2148, 2248 switches.
Experience configuring Virtual Device Context in Nexus 7k series switch.
Monitoring network access rules usage on Tufin Secure Track.
Configuring Tufin and network devices for monitoring network rules.
Experience with administering, troubleshooting and configuring / implementation (Cisco and Checkpoint) firewalls.
Administrated Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trucking using Pap for layer 2 forwarding. Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches.
Upgraded the data center network environment with Cisco ASA 5520. Configured ACL’s on Cisco Switches as well as configured routers as terminal servers.
Involved in Switching technology Administration including creating and managing VLANS, Port security, Trunking, RPVST+, Inter-VLAN routing, LAN security etc.
Worked on Disaster Recovery (DR) test plan and build an IPSEC tunnel site to site.
Working closely with Data center management to analyze the data center sites for cabling requirements of various network equipment.
Having Data Center Design Experience, installing and Configuring Network Devices in a Data Center including patching the cables in the Patch Panel. Design and implemented network
Configured PVSTP+ for loop prevention and VTP for Inter-VLAN Routing.
Set up VSS cluster, ether channel, VLAN trunking, VTP and inter-VLAN routing on 6506.
Setup and maintained CheckPoint security policies including NAT, VPN and Secure Remote access.
Responsible for configuration and administration of over 25 firewalls which includes Checkpoint, Juniper and Cisco ASA firewalls.
Provided installation and initial user configuration of NEXUS 7K switches at the Data Center and providing IP addressing and different user session priorities on the switch.
Configure VDC and vPC on Nexus 7010 and Nexus 5596.
Configures and managed Nexus 2248 and 2400 series of wireless controller.
Implemented port aggregation & link negotiation using LACP and PAGP.
Configured site to site VPN technologies using IPSEC.
Involved in design, implementation and configuration of HSRP for load balancing on L3 switches on different location of office on the switched Network.
Worked with Routing Protocols of OSPF, and BGP.
Worked on F5 BIG-IP LTM 6900, configured profiles, and provided and ensured high availability
Worked on F5 and CSM load balancers deploying many load balancing techniques with multiple components for efficient performance
Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5585 Firewalls.
Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance, troubleshooting etc.)
Configured backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-comfit file for disaster recovery.
Worked for change management procedure and implementation of configuration changes during non-production window
Performed Network Security Assessment and implemented security improvements such as network filtering, SSH, AAA, SNMP access lists, VTY access lists, EIGRP MD5 authentication, and HSRP authentication.
Used internal network monitoring tools to ensure network connectivity and Protocol analysis tools to assess the network issues causing service disruption
Client: INGERSOLL Rand (Davidson, NC) June 2013-March 2014
Sr. Network Engineer
Configure trunk ports and implement granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than previous generation of switches.
Configure port-profiles as part of the NX-OS command structure that allows for configuration of multiple ports and port-types via inherited configurations applied via a single command that reduces administrative error and allows for better configuration readability.
Integrate a virtual version of Nexus: Nexus1000v into VMWare to extend Nexus capabilities directly adjacent to virtual machines so that they benefit from Cisco switching capabilities and network topology consistency ensuring VMs maintain their subnet/VLAN relationships during failover.
Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment
Configure secure privileged administrative access to the Cisco IOS system. Enable the encryption of system passwords to prevent unauthorized users access to passwords in the system configuration.
Configuring and implementing F5 BIG-IP,LTM,GTM load balancers to maintain global and local traffic
Configure secure access to the console and VTY ports, and set the interval that the EXEC command interpreter waits until user input is detected on the Console and VTY ports. Also, configure the console and VTY ports log messaging to not interfere with active device configuration.
Configuring Virtual Device Context in Nexus 7010.
Experience installing, upgrading and supporting Check Point.
Working with Cisco Nexus 2148 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
Configured and administrated VLAN Trucking Protocol to reduce administrative overhead. Enable secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused switches ports following Layer 2 security best practices.
Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
Administrated Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trucking using Pap for layer 2 forwarding. Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays. Modify spanning-tree parameters for manual root bridge assignment. Implement ether-channels between each switch using Pap for negotiation. Modify ether-channel load balancing method.
Firewalls, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
Integrated WAN links between sites using frame-relay point-to-point and multipoint connections to establish connectivity between each of the four sites as required. Establish two frame-relay point-to-point connections between a central site and two remote sites. Configured multipoint connections between three of the sites forming a full-mesh.
Configured EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain. Integrate manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table.
Configure and administrated OSPF routing with multiple areas for networks between sites. Implement OSPF MD5 Authentication between each OSPF enabled subnet to prevent unauthorized insertion of routes into the domain.
Integrated static NAT/PAT to provide access to services located on a server in the private network to the public network. Implement standard and extended access-lists to filter network traffic.
Worked on multiple projects related to Branch networks, Campus networks, extranet clients and Data Center Environments involving in data center migrations from one data center to another.
Provided estimated bandwidth requirements for data replication, to best determine adequate timing for migration service levels
Created data migration strategies to help with completion of migration of data center from one point to another.
Configured backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-comfit file for disaster recovery.
Configured and administrated an IPsec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office. Implementation of the VPN includes the following configurations: Internet Key Exchange Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp.-des esp-sha-hmac to define how the traffic is protected, crypto-map to associate the previously configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint.
Configured and administrated Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components: three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.
Client: TriZetto healthcare, CO Mar 2012– May 2013
Network Engineer
Responsibilities:
Worked as part of a team to manage Enterprise Network Infrastructure as a Tier 3 Support Engineer.
Involved in configuring and implementing of Composite Network models consists of Cisco 7600, 7200, 3800 series routers and Cisco 2950, 3500, 5000, 6500 Series switches.
Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new wan links.
Replace branch hardware with new 3900 routers and 2960 switches.
Installing and configuring new cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per the requirement of the company.
Configuring firewall switch module on Cisco 6506 distribution layer switches, configuring VTPs, trunking, inter-vlan routing, port fast, uplink fast, backbone fast on access layer switches.
Enable STP attack mitigation (BPDU Guard, Root Guard), Using MD% authentication for VTP
Planned and installed Frame Relay WAN links to the branch offices.
Maintained and setup wireless access points at various locations in the company.
Great understanding of WLAN including 802.11 standards, Lightweight and Autonomous systems, WPA, PEAP.
Assisted in MPLS migrations, implemented a backup for the existing WAN connection using site-to-site IP sec VPN tunnels.
Knowledgeable in configuration of Voice VLAN’s (VOIP), prioritizing the voice traffic over the data traffic.
Configuring and troubleshooting OSPF routing protocol on the corporate network.
Tested and implemented various BGP attributes such as Local Preference, MED, AS-PATH, Community, Extended community using route-maps.
Worked on migration of Frame Relay based branches to MPLS based VPN for customer’s WAN infrastructure.
Experience with design and implementation of Data center migration.
Data center migration was involved in Access, Distribution and Core layers
Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0, also configured on BIG IP (F5) Load balancers and also monitored the Packet Flow in the load balancers.
Have good experience working with the Trouble Tickets on F5 Load Balancers.
Switch experience includes Cisco Catalyst switches: Cisco 3750, 4500, 6500 series switches.
Managing enterprise BGP setup by configuring and troubleshooting BGP related issues.
Scaling of BGP and IGP in the core, dealt with implementation of deployment related to Cisco devices and applying security policies on it.
Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
Configuration of NAT.
Maintain effective communications with vendors, peers and clients in resolution of trouble-tickets, equipment RMAs, and support requests.
Planning for upgrade of IOS on devices and performing the upgrade.
Assisted in the architecture, evaluation and recommendations related to purchasing and installing hardware, software related to IP Networking.
Client: Medco Health Solutions, Franklin Lake, NJ Nov 2011–April 2012
Role: Network Engineer
Responsibilities:
Experience in configuring Site-to-site and remote access VPN solutions.
Installed and configured Cisco 7200 series router and Cisco 2950, 4500, 6500 Series switches.
Configured network using routing protocols such as RIP, OSPF, and BGP and troubleshooting L2/L3 issues.
Worked on multiple projects related to Branch networks, Campus networks, extranet clients and Data Center Environments involving in data center migrations from one data center to another.
Provided estimated bandwidth requirements for data replication, to best determine adequate timing for migration service levels
Created data migration strategies to help with completion of migration of data center from one point to another.
Configuration of Cisco 6500 (sup 720), 4500 (SUP 6) & 3750 Catalyst Switches for network access.
Worked extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers
Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches
Time to time upgrade network connectivity between branch office and regional office with multiple link paths and routers running HRSRP, EIGRP in unequal cost load balancing to build resilient network.
Design and implement Catalyst/ASA Firewall Service Module for various LAN’s.
Key contribution includes troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, OSPF, & BGP.
Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
Configuring ACL to allow only authorized users to access the servers.
Participated in on call support in troubleshooting the configuration and installation issues.
Installation, maintenance, troubleshooting local and Wide Areas Network (ISDN, Frame relay, DDR, NAT, DHCP, TCP/IP).
Provided technical support in terms of upgrading, improving and expanding the network.
Providing technical security proposals, detailed RFP responses, and security presentation, installing and configuring ASA firewalls, VPN networks and redesigning customer security architectures.
Iris Info Solutions, Hyderabad, India Sep 2007-Oct 2011
Network Engineer
Responsibilities:
Configuring and troubleshooting multi-customer ISP network environment.
Involved in network monitoring, alarm notification and acknowledgement.
Implementing new/changing existing data networks for various projects as per the requirement.
Troubleshooting complex networks layer 1, 2(frame relay, ATM, Point to Point, ISDN) to layer 3 (routing with MPLS, BGP, EIGRP, OSPF and RIP protocols) technical issues.
Used Wireshark for network packet capture.
Providing support to networks containing more than 2000 Cisco devices.
Performing troubleshooting for IOS related bugs by analyzing past history and related notes.
Carrying out documentation for tracking network issue symptoms and large scale technical escalations.
Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
Commissioning and Decommissioning of the MPLS circuits for various field offices.
Preparing feasibility report for various upgrades and installations.
Installation and maintenance of new network connections for the customers.
Configuring all the required devices and equipment for remote vendors at various sites and plants.
Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
Installing and maintaining local as well as network printers.
Validating existing infrastructure and suggesting new network designs.
Working on creating new load balancing policies by employing BGP attributes including Local Preference, AS-Path and Community, MED.
Installing and maintaining Windows NT Workstations and Windows NT Server.
Providing technical support to LAN & WAN systems.
Monitoring Memory/CPU on various low end routers in a network.