NETWORK Architect | Metsi UK Ltd. | LONDON, Oct 2021 – Belfast Trust SD-Access Deployment project: Prepared HLD and LLD documents. Cisco DNA integrated with Cisco ISE cluster. VRF-lite, mBGP, IS-IS, LISP and VXLAN configuration and troubleshooting. Macro segmentation with multiple VNs. Micro segmentation policies prepared and provisioned on edge devices. Edge devices deployed with Network automation feature. 8540 WLC controller integrated with DNA and corporate wireless access policies created.
NETWORK ARCHITECT| SKY UK | LONDON, May 2019 – Dec 2020 Cisco ACS based TACACS to Cisco ISE migration project: Prepared HDL and LLD documents for migration, Multisite high availability deployment, 35.000 network devices, 300 TACACS policies, 50+ TACACS command set, 60+ shell profiles and tens of RADIUS Authorization profiles migrated into ISE. Secure LDAP authentication integrated. Cisco ISE REST API with deviceDB provisioned. Prepared python script to manipulate and migrate Cisco ACS deviceDB into Cisco ISE and testing AAA on multiple device types. Prepared python script to test authentication requests on multiple device types. Cisco ISE F5 Load balance tests completed. Cisco ISE Ixia Breaking Point load tests completed. Prepared HDL and LLD documents for migration of ASA firewall to Palo Alto in a highly complex network infrastructure. Migration plans prepared for Nokia 7750 service routers, Cisco ASR, Cisco Nexus, Cisco 7600, Cisco ASA 5540 and Palo Alto 3220s. Cisco to Nokia complex routing policy conversion. ASA to Palo Alto multi virtual system migration tested and all change scripts prepared for change engineers.
NETWORK ARCHITECT| Citizens Advice Bureau | LONDON, Oct 2018 – May 2019 NAC project; PKI services provisioned. Distributed Cisco ISE deployment integrated with Active Directory and Aruba wireless system. ISE PAN failover deployed. Wired MAB for non-cisco IP Phones, Wired/Wireless EAP-TLS based 802.1x for Windows and macOS devices. External Microsoft SCEP service integrated into ISE. Certificate auto-enrolment and Wired and Wi-Fi profile group policies prepared. Microsoft Azure AD / Intune: Windows/macOS device enrolment, posture assessment and compliance checks integrated with Cisco ISE. Intune CA connector and Application proxies provisioned between internal NDES service and Azure Intune. Cisco ISE and Splunk integration; Splunk search processing language (SPL) used extensively to create custom search scripts. High Level Design and Low-Level Design documents prepared.
NETWORK ARCHITECT| CAPITA | LONDON, Feb 2018 - Oct 2018 National Air Traffic Control (NATS) Second Systems LAN migration project; HP IMC Integration, LAN solution with Aruba and HP Comware series switches, configuration templates for network devices prepared. Integrated Fortinet 1000D and Aruba Clear Pass Policy Manager to IMC system. MSDP and PIM-sparse mode multicast implementation, Multiprotocol BGP and OSPF routing policy integration. Policy based routing and GRE tunnel setup. QoS configuration across LAN. Prepared HLD and LLD documents and Run Book articles.
NETWORK ARCHITECT| London Ambulance Services | LONDON, Jun 2017 – Feb 2018 Internet migration project at London Ambulance Service NHS Trust; designing DMZ and Internet infrastructure; prepared High-Level Design document for Cisco ASA firewalls to Cisco Firepower, two tier firewall design with Fortinet and Cisco Firepower. Cisco ACS (TACACS, RADIUS) management. Cisco wireless migration; WISM1 to WISM2, Cisco IOS Firewall feature set implementation, QoS enhancements on Cisco switches and ASR1000 routers including CoS and DSCP manipulation, traffic classification, policing and shaping. Network automation with multithreaded and multi-process python scripting. Documented the network infrastructure.
NETWORK ARCHITECT| ATLASTEL | ISTANBUL, TURKEY 2014 – 2017 Cisco IOS, IOS-XE, IOS-XR, NX-OS operations. Performed supplier and contract reviews. Multiple Wired/Wireless 802.1x implementation with Cisco ISE, Cisco ACS, Aruba Clear Pass Policy Manager and Free radius. Cisco Firepower IPS integration. F5 Big IP NLB integration. Arista MLAG and VMTracer integration with VMware ESXi. Arista PIM multicast routing deployed in a complex network environment. Cisco ASA to Checkpoint, Fortinet and Palo Alto firewall migrations. Brocade ethernet fabric installations with VDX switches. PIM Sparse mode multicast network implementations. QoS for Voice VLAN, H.323 and SIP configuration. Fortinet 600D in HA mode and FSSO Active Directory integration. Two factor authentication 2FA, Multi Factor Authentication MFA integration. Delivered Brocade IP and SAN courses to Brocade partners. Delivered Fortinet NSE4, NSE5 and NSE6 courses to corporate customers.