cms.teleglobals.com

– Cisco SD-Access & Cisco ISE (CCNP Certified)

Job Location: UAE

Experience: 8+ Years

Job Type: Full Time

Role Summary

The L3 Engineer will be responsible for design, deployment, troubleshooting, and optimization of enterprise network environments focusing on Cisco SD-Access (SDA) and Cisco Identity Services Engine (ISE). The role requires deep technical ownership, architecture-level thinking, and handling complex escalations across campus networks, NAC, and segmentation.

Key Responsibilities

  1. Cisco SD-Access (SDA)
  • Design and implement fabric using Cisco DNA Center
  • Deploy and manage:
    • Control Plane Nodes, Border Nodes, Edge Nodes
    • Fabric domains and multi-site SDA
  • Strong expertise in:
    • Underlay (OSPF/IS-IS, ECMP design)
    • Overlay (VXLAN, LISP control-plane behavior)
  • Implement segmentation:
    • Virtual Networks (VN), Scalable Group Tags (SGT)
  • Perform:
    • Fabric provisioning, SWIM upgrades, automation workflows
  • Troubleshoot:
    • Fabric issues (LISP registration, VXLAN encapsulation, endpoint mobility)

2. Cisco ISE (Identity Services Engine)

  • Deploy and manage Cisco Identity Services Engine (ISE) in distributed architecture
  • Configure:
    • 802.1X, MAB, Guest, BYOD onboarding
    • o Policy Sets, Authorization Profiles, Profiling
  • Advanced experience in:
    • EAP-TLS, PEAP authentication flows
    • PKI & certificate lifecycle management
  • Implement:
    • TrustSec (SGT, SGACL), posture compliance
  • Integrate with:
    • Active Directory / LDAP / MDM solutions
  • Troubleshoot:
    • RADIUS/TACACS+, endpoint authentication & authorization failures

3. Cisco TrustSec & Segmentation

  • Design and implement:
    • Micro-segmentation using SGT & SGACL
  • Experience in:
    • SGT propagation across SDA & non-SDA networks
  • Integration with firewalls (e.g., Fortinet, Palo Alto)

4. Network Troubleshooting (L3 Escalation Handling)

  • Handle complex P1/P2 incidents across:
    • SDA fabric, NAC, LAN/WLAN
  • Perform:
    • Deep packet analysis (RADIUS, DHCP, DNS, EAP)
  • Tools:
    • Wireshark, CLI debugs
  • Conduct:
    • Root Cause Analysis (RCA) with preventive measures

5. Wireless & Mobility Integration

  • Integrate SDA with Cisco WLC (9800 series preferred)
  • Troubleshoot:
    • Roaming issues, policy enforcement failures
  • Implement:
    • Identity-based wireless access via ISE

6. Security & Zero Trust Architecture

  • Implement Zero Trust using SDA + ISE
  • Design:
    • Identity-based access control policies
  • Handle:
    • Threat containment and dynamic access enforcement

7. WAN & Data Center Integration

  • Integration of SDA with:
    • MPLS WAN, Internet edge
  • Exposure to:
    • SD-WAN (Cisco Viptela)
    • Fusion router & border node design
  • Basic understanding of:
    • VXLAN EVPN (Data Center fabrics)

9. Operational Excellence

  • Handle:
    • Major incidents and escalations
  • Work within:
    • ITIL processes (Incident, Change, Problem Management)
  • Mentor:
    • L1/L2 engineers and act as escalation point

Technical Skills Required

Core Networking

  • Routing: BGP, OSPF, EIGRP
  • Switching: VLANs, STP, HSRP/VRRP

Core Technologies

  • Cisco SD-Access (VXLAN, LISP)
  • Cisco ISE (AAA, NAC, TrustSec)
  • Wireless (Cisco WLC)

Soft Skills

  • Strong analytical and troubleshooting skills
  • Ability to handle high-pressure L3 escalations
  • Clear communication with stakeholders and clients

HR Email Id: priyanka.sinha@teleglobals.com