1. Hi Guest: Welcome to TRIBE, Toronto's largest and longest running online community. If you'd like to post here, or reply to existing posts on TRIBE, you first have to register on the forum. You can register with your facebook ID or with an email address. Join us!

Who here is a Network Admin/Engineer?

Discussion in 'Technology' started by RumRogerz, Mar 21, 2017.

  1. RumRogerz

    RumRogerz TRIBE Member

    I ask because I ultimately want a job that deals with Network administration.
    I'm super fascinated buy it. Just passed my CCNP Route and am on to Switch presently. Once I eventually grab my CCNP I would like to seek volunteering positions somewhere where I can start gaining experience instead of labbing all day. Networking jobs seem pretty sparse and anyone who is looking for someone is asking for quite a bit of experience. I'm not saying I hate my job in IT now, I like it a lot. It's just that our network is barely touched because nothing really needs to be touched. I think the most I got to do was fix a problem with our ASA that had to deal with a contract guy who made the worst ACL ever; and to my astonishment, was able to fix it.
    I feel at least volunteering will let me solidify my knowledge and hopefully make connections with other people in the industry - which can really help out in the long run.

    So if anyone knows of any place... anywhere you can point me to, it would be totally tits.
     
    Last edited: Mar 21, 2017
  2. ScottBentley

    ScottBentley TRIBE Member

    Not me, not even close!
     
  3. Lojack

    Lojack TRIBE Member

    I'm in the network architecture field. Best advice I can give you is to study, study, study. Understand the underlying protocols, learn to visiualize the network and the path traffic flows. Pick up CCIE level books and read them, even if you don't understand everything the first time. Buy Cisco's VIRL and use the lab examples to build networks and break them. Read forums *and* mailing lists (again, if you don't understand, don't worry, absorb and move on). Cisco NSP is a good list for all kinds of stuff. Ask questions, and if you know answers, reply and explain. There are a lot of very smart people on those lists.

    As for places to volunteer, I'm sure there are place's for people looking to get their feet wet, with guidance from experienced folks. Not sure where but scour the net and I'm sure you'll find something. If I hear of anything, I'll post it.
     
  4. basketballjones

    basketballjones TRIBE Member

    i thought you were a bartender rumrogerz
     
  5. Bernnie Federko

    Bernnie Federko TRIBE Member

    I think you missed the stories of his transition.
     
  6. Lojack

    Lojack TRIBE Member

    One thing you could do is design and pitch a network upgrade. A make work project. Maybe it is adding some sort of redundancy in the event the primary Internet/network connection goes down, or securing the network further, adding authenticated wifi for BYOD or company tablets against AD. Hammer out a design, learn what devices meet the needs of that design, get ballpark pricing and propose. Plus if you're not already at gigabit speeds, a chance to move up to that :)
     
  7. RumRogerz

    RumRogerz TRIBE Member

    What i've done so far in my studies are relating to CCNP right now. I spent the last 4 months studying for the Route exam, which I felt was really, really hard. I had to read that huge, massive CCNP Route book 4 times and I can't begin to tell you how many hours I spent doing lab after lab after lab. I knew there was going to be simulations on the exam and didn't know what to expect - so I repeatedly did so many labs to hammer down using the CLI and of course, how to troubleshoot my own mistakes. I won't hit CCIE for a bit, as I'm too knee deep in learning about Layer 2 stuff right now.
    I DID find a rather crafty way to use the VIRL Layer 2 images in GNS3. So I can now use Layer 3 and 2 devices in tandem. Helps a lot.
    My boss was very kind enough to let me use some decommissioned 3750's and 3560's - which I have chilling on my desk right now - to practice with on my downtime or when I'm done for the work day. Helps alot.
    So don't get me wrong. I study almost everyday. That's all I do, because there is so much material.

    In terms of our own infrastructure. We have almost all of what you mentioned already. The only thing I would like to do is tighten down network security eventually. Everything is super redundant - two ISP's for load balancing, gigabit speeds, vlans for voice, guest wireless, Radius authentication for internal wifi users... the guy who set us up a while back is a CCIE guru - he took care of it all. Apparently, in one afternoon.
     
  8. Lojack

    Lojack TRIBE Member

    It may have taken an afternoon but I'm sure there was a lot of time spent in the planning phase. Plus all the studying required to get to that point.

    In my line of work, CCIE's are considered overrated. Most are narrowly focused, particularly in the enterprise or data centre space. There are good ones but you have to sort through a lot of no-so-good one's to find them. Still, the educational benefit is well worth it.
     
  9. lobo

    lobo TRIBE Member

    I guess I fall under the network engineer / architecture category. Been doing that line of work for over 15 years now and still enjoy it although the landscape is definitely changing. I'll backup what Lojack said about CCIEs as a lot of them are either overrated or are a paper CCIE in that they studied, somehow got the certification but have no practical experience and can't think beyond the text book.

    I can't tell you how many CCIEs I've interviewed who were just outright dumb and CCIEs that I've worked with who couldn't figure out simple BGP related network issues. BTW, the furthest designation I got was my CCNA cause my old boss told me to back in the mid 2000s and I wrote the CCIE written cause I had a chance to do it for free. Anyways, this particular person's solution to a problem was to put in a customised config just to appease one particular customer that was complaining about the number of hops to get to a certain destination. The CCIE didn't even consider that making this change would have impacted the rest of the customer base and didn't seem to get why I shot down their idea. CCIEs are almost the MCSAs of the late 90s. A dime a dozen. I stopped caring about certifications (for myself) because I feel that I'm too old now to worry about certifications as I have way more practical experience under my belt. I've been told that I have CCIE level experience and knowledge by my peers and that's good enough for me. Plus, I don't have the time or patience to study for 6 months straight just to have some letters at the end of my name.

    Lobo
     
  10. Blysspluss

    Blysspluss TRIBE Member

    Ahhh the life of a sysadmin is so similar. Too many certed up types who only know how to pass an exam. The paper MSCEs still exist even with the exams having changed format.

    Not sure I put much stock in certs, frankly. I get that they look nice on a CV and supposed to imply a certain level of proficiency, but knowing the stuff and being able to put it to practical use are very different things.

    There is no incentive whatsoever to get certs at my current job...so most of us don't (who has the time?). I'm in agreement with lobo on this one...I have so much experience, that really I don't need certs to get my foot in doors. (Or so I figure...maybe it'll bite me, but I seriously doubt it).
     
  11. praktik

    praktik TRIBE Member

    Same shit different pile over here - except I'm dealing with PMP and BA certifications.

    Letters dont mean shit.

    Same goes for these three: "MBA"
     
  12. RumRogerz

    RumRogerz TRIBE Member

    Oh i get that all the time. I totally understand.
    My only reasoning for the cert is to prove to whomever it may be how dedicated I am to something, and how I go the extra mile to learn about the material.
    Remember, I'm super green - so I need to study my brains out so I can be handed more complex issues.
    Which is proving itself already. I'm in AD everyday writing powershell scripts, I just convinced my boss to use DFS so we can start replicating folders to a branch office, finally convinced him that using WDS was a better idea than using a usb stick and cleaned out the clusterfuck that is Group Policy. Wouldn't even know how to do any of that if I didn't study for my MSCA
     
  13. praktik

    praktik TRIBE Member

    Thanks for the tour of your network infrastructure last week Lojack - cool stuff!!
     
  14. Aaron Bradley

    Aaron Bradley TRIBE Promoter

    Rum going to give some advice that you haven't heard here yet. You need to start working with the stuff, even as a hobby. I can tell from your posts and previous threads (and so will those who interview you) that you have only got studying/certs as your experience and don't really have any "hands-on" experience.

    I know you are coming from the industry, but at the end of the day you somehow have to get experience before you try and land that job you speak of. Work on open-source projects, build home networks, get involved in the community, volunteer @ Not-for-Profits, network, etc. Talking about my first job (internship) in Africa and how I built my own firewalls and edge proxies were great interview topics. Nothing to do with industry certifications and education at all.

    I hope this helps and doesn't offend you at all. I actually care about everyone that I hear/know who is looking for a position and will try to help them in anyway. In these situations the glass is always half-full...

    Imagine when you get "in" and you're working where you want. What does that say about you when you think about who you went up against and what background/experience they may have. Says a lot actually.
     
  15. RumRogerz

    RumRogerz TRIBE Member

    I'm not discouraged at all. I'm pushing myself, really. The only hands on I get is doing a boat load of labs. In the process of building a home network with some nicer gear - so I can start tailoring my network in really cool ways. But as my original post says - volunteering is something I'm looking for eventually. Not yet, because I still have more to learn, but getting my foot in for a volunteering position (I think) will help me so much getting more real world exposure.
    As much as I love the open-source world, I have 0 programming experience - that would be a monster to take on.
     
  16. Blysspluss

    Blysspluss TRIBE Member

    I would also highly recommend informing yourself on devops principles(take a read of "The Phoenix Project", it's a good primer), and possibly looking at version control + automation of server configs. It seems to be the direction things are going.

    That said, I'm one of few pure Windows Sysadmins that I know of who use Puppet to manage server configs. (And no, no matter what anyone tells you, it is not a "Poor man's group policy")

    Of course Puppet is just one such solution, maybe Chef is more popular on Windows...and there's plenty of others.

    Best part of my day is writing manifests and modules for Puppet.

    If straight networking's your jam, I'm not much help.
     
    Last edited: Mar 29, 2017
  17. RumRogerz

    RumRogerz TRIBE Member

    Speaking of group policy - maybe you have some insight - about 60% of the computers in the office are not getting GP applied during bootup. Not even if I push it down from AD. It's frustrating. I cleaned it up, made sure there is no conflicting policies, disabled fast logon and enforced policy settings.

    Firewall can't be an issue, as we have domain firewalls off (My IT Director wants the ASA to handle all the firewall stuff)

    The only solution I have come up with is invoking commands via powershell; I write a quick script that pulls the computer names that weren't applied and run a foreach loop to gpupdate /force the computers that don't want to play nice. It's not an elegant solution, but it works for now. I'm generally using GP to run scripts to do silent installs on plug-ins or software that a bunch of users need. I want to use SCCM but my manager is unwilling to pay for it. So this is all I have at the moment
     
  18. Aaron Bradley

    Aaron Bradley TRIBE Promoter

    +1 for Phoenix Project read
     
  19. Aaron Bradley

    Aaron Bradley TRIBE Promoter

    @Rum - hard things are hard. Taking on a "monster" has it's rewards plus some!
     
  20. Blysspluss

    Blysspluss TRIBE Member

    two commands are your friend:
    On the clients affected by the problem, run "gpresult /r" to find out why your policies may not apply(helpful if someone's making security filtered spaghetti). The other is rsop to find out what the effective policy is.


    Is your script actually making the policy refresh on that 60%? That could be a whole host of things if group policy is not updating. Only updates every 90mins, plus or minus 30. I'd suggest going to event logs. Group policy usually pops some neat ones in.

    Also: not having SCCM is no big loss. Client side it's a little nice because it's a point/click adventure(and allows for nicer-for-users install options)...I get that. But I would highly recommend looking at chocolatey( Chocolatey - The package manager for Windows). Easy to install, so is a chocolatey server to store packages on prem. We just bought licenses for the "for business" part because it makes packaging super easy most of the time, but you don't have to go that route.


    Sorry this wasn't more timely.
     
  21. tnhether

    tnhether New Member

    I would also like to recommend to surround yourself with other platforms that's outside of Cisco. You can learn a lot from the other land by just playing around with open source tools. You can even make yourself look more versatile.

    some free things:

    Quagga Software Routing Suite
    BSD Router Project: Open Source Router Distribution [BSD Router Project]
    The BIRD Internet Routing Daemon Project
    Welcome to XORP

    Another semi unrelated thing to look into is building up a skill set with ELK and having something to show for on the monitoring side.
     
    Last edited by a moderator: Apr 22, 2017
  22. RumRogerz

    RumRogerz TRIBE Member

    funny you mentioned the BSD router project - been looking into that for the last week. Commands are very similar. I may actually use this for my home network if I can't grab a used ASA or Router for a decent price.

    I could be mistaken - and I usually am - I think that the BSD router project uses Quagga as well. Two birds!
     
  23. RumRogerz

    RumRogerz TRIBE Member

    Maybe you guys can help a brother out - I can't seem to find any information on NAT/PAT with the BSDRouter Project. Am I blind or am I missing something?
     
  24. RumRogerz

    RumRogerz TRIBE Member

    oh wait nm. I just discovered pf. Sorry!
     
  25. RumRogerz

    RumRogerz TRIBE Member

    Some time has passed, so I thought some of you may want to know whats been up. Or not.

    Sadly, I was not able to find any bites for a job more fitting towards the networking segment of IT. That has not really deterred me; I just keep on focusing on what I want to accomplish. I'm still studying - currently for my CCNA security and CEH. They go together quite nicely. I have been noticing a change in my habits when it comes to working/studying.
    My powershell knowledge has strengthened considerably. Most of the tasks that I need to do on a day to day are being automated via various scripts; which are becoming more efficient the more I learn. This bled into my slow journey into python; although OOB still confuses the hell out of me.

    CEH is proving the most fun to learn. This got me right into bash scripting, and boy, it's really gratifying to see with a lot of hard work, you can really get shit working with just one simple run of a script.

    Work upgraded me to Systems Engineer (yay, but it's all a facade), just after a year of busting my ass. Responsibilities.... increased significantly. I have full reign over our Azure, O365 and local servers, and I am doing my level best to keep it humming. Finally have SSO working for all of our services, convinced my boss that DKIM and DMARC are better than not having DKIM and DMARC. Made some headway on securing our network, but am met with a bunch of 'okay lets do it' when it comes to what I think, good ideas, and never any follow throughs, which is very frustrating. This is the one thing I'm the most jazzed about doing but I think my boss considers the network to be his baby. He will not let me touch the firewalls, switches or routers. Even on things that I know are relatively straightforward procedures. I physically pointed out several quick fixes we could implement with our tunnel between HQ and our 905 branch but he just doesn't want to touch it. Except this one time I fixed a NAT issue by literally forcing myself on the keyboard; I knew exactly what needed to be tweaked and just said 'please, for the love of science let me try one thing'. I thought I was going to blow up.

    Don't even start with me on the many... many emails I sent him over the recent Cisco VPN vulnerability that are just going nowhere. I'm literally giving up on trying. I'm starting to realize working for a small firm with 2 IT staff (myself included) will not get me where I want to be. You know... like, part of a larger team.

    Recruiters are filling up my inbox but with stuff I'm not really interested in; been trying to find a junior/intermediate/associate role at an ISP, or a data centre or a huge corporation with no luck. :( .They ask for so much experience and list requirements on knowledge related to specific systems I have never even heard of, it's slightly intimidating. The struggle goes on, but I have still not lost sight.

    That being said, I know I made the right career choice. Even though the hours may be long and sometimes crunch time is more real that I would like it to be; if I could show 1 year ago RumRogerz what he will do, he may not believe it.
     
    Last edited: Feb 13, 2018

Share This Page