IT AI Skill
Network Management
Manage network infrastructure including LAN/WAN design, routing, switching, VLANs, SD-WAN, network monitoring, and troubleshooting. Use when designing networks, configuring switches/routers, implementing VLANs, setting up SD-WAN, or troubleshooting network...
Network Management
Manage network infrastructure including LAN/WAN design, routing, switching, VLANs, SD-WAN, monitoring, and troubleshooting.
Workflow
1. Network Architecture
NETWORK ARCHITECTURE
═══════════════════════════════════════
Enterprise Network Design:
═══════════════════════════════════════
Internet
↓
Edge Firewall
↓
Core Switch (Layer 3)
═══════════════════════════
↓ ↓ ↓
Distribution Distribution Distribution
Switch (Floor A) Switch (Floor B) Switch (Remote)
↓ ↓ ↓ ↓
Access Access Access Access
Switch Switch Switch Switch
↓ ↓ ↓ ↓
Workstations Servers WiFi APs Branch Office
NETWORK SEGMENTS (VLANs):
═══════════════════════════════════════
VLAN ID Name Subnet Purpose Security
───────────────────────────────────────────────────────────────────────────────
10 Management 10.10.10.0/24 Network devices Restricted
20 Servers 10.10.20.0/24 Production Firewall rules
30 Users 10.10.30.0/24 Employee LAN Standard
40 Guests 10.10.40.0/24 Guest WiFi Internet only
50 VoIP 10.10.50.0/24 Phone systems QoS priority
60 IoT 10.10.60.0/24 IoT devices Isolated
70 DMZ 10.10.70.0/24 Public servers Firewall DMZ
80 Dev/Test 10.10.80.0/24 Development Isolated from prod
REDUNDANCY:
═══════════════════════════════════════
→ Core switches: Stacked (VSS/MLX) or HSRP/VRRP
→ ISP: Dual ISP (primary + backup)
→ Uplinks: LACP (EtherChannel) bonded
→ WAN: SD-WAN (multiple links, active-active)
→ Power: Dual PSU, UPS2. Routing & Switching
ROUTING CONFIGURATION
═══════════════════════════════════════
Dynamic Routing:
═══════════════════════════════════════
Internal: OSPF (OSPFv2 for IPv4, OSPFv3 for IPv6)
→ Area 0: Backbone (core)
→ Area 1: Floor A
→ Area 2: Floor B
→ Area 3: Remote site
External: BGP (Multi-homed ISP)
→ AS: 65001 (private)
→ Peers: ISP1 (AS 64500), ISP2 (AS 64501)
→ Default route: Both ISPs (ECMP)
→ Health check: BFD (fast failover)
Switching:
═══════════════════════════════════════
Spanning Tree:
→ Mode: Rapid PVST+
→ Root bridge: Core switch 1 (primary)
→ Backup root: Core switch 2 (secondary)
→ BPDU guard: Enabled on access ports
→ Portfast: Enabled on access ports
Link Aggregation:
→ LACP mode: Active
→ Channels: 2x1G or 4x1G
→ Fallback: Single link (graceful degradation)
ACCESS CONTROL LISTS (ACLs):
═══════════════════════════════════════
→ VLAN-to-VLAN: Firewall (not ACL)
→ Server protection: Inbound ACL on server VLAN
→ Guest isolation: No access to internal networks
→ IoT isolation: Only internet + specific servers3. SD-WAN
SD-WAN IMPLEMENTATION
═══════════════════════════════════════
SD-WAN Architecture:
═══════════════════════════════════════
Branch Office:
→ SD-WAN edge appliance (hardware/virtual)
→ Links: MPLS + Internet + 4G/5G backup
→ Centralized management (cloud controller)
Data Center:
→ SD-WAN edge (connect to firewall)
→ Links: Dedicated + Internet
Cloud:
→ Direct cloud on-ramp (AWS Direct Connect, Azure ExpressRoute)
→ SaaS optimization (Office 365, Salesforce → internet)
LINK PRIORITIZATION:
═══════════════════════════════════════
Application Path Policy
────────────────────────────────────────────────────────────────────────
VoIP MPLS (lowest latency) QoS priority 1
ERP (SAP/Oracle) MPLS QoS priority 2
Email (O365) Internet (direct) QoS priority 3
Web browsing Internet Best available
Cloud backup Internet (off-hours) Best available
Video conferencing MPLS or Internet Adaptive path
SD-WAN FEATURES:
═══════════════════════════════════════
→ Application-aware routing (identify by SSL, deep packet)
→ Forward error correction (FEC) for WAN optimization
→ Compression and deduplication
→ Centralized policy management
→ Zero-touch provisioning (branch deployment)
→ Integrated security (IPS, firewall, CASB)4. Network Monitoring
NETWORK MONITORING
═══════════════════════════════════════
Monitoring Stack:
═══════════════════════════════════════
Tool Purpose Data Source Alert
────────────────────────────────────────────────────────────────────────────────
PRTG / SolarWinds Device monitoring SNMP Threshold
Wireshark Packet analysis Port mirror Manual
NetFlow/sFlow Traffic analysis Router/switch Anomaly
Nmap Port scanning Active scan Scheduled
SmokePing Latency/jitter monitoring ICMP/HTTP Threshold
UptimeRobot External availability HTTP/HTTPS Downtime
Monitoring Coverage:
═══════════════════════════════════════
→ All routers, switches, firewalls (SNMP)
→ ISP links (NetFlow, ping)
→ WiFi controllers and APs (SNMP, API)
→ Network utilization (per interface)
→ Error rates (CRC, collisions, drops)
→ CPU/memory utilization (devices)
→ Port status (up/down, speed, duplex)
NETWORK HEALTH DASHBOARD:
═══════════════════════════════════════
Metric Target Current Status
────────────────────────────────────────────────────────────────
Uptime ≥ 99.99% 99.995% ✓ Good
Latency (internal) ≤ 5ms 2ms ✓ Good
Latency (WAN) ≤ 50ms 35ms ✓ Good
Packet loss ≤ 0.1% 0.02% ✓ Good
Utilization (peak) ≤ 70% 55% ✓ Good
WiFi coverage ≥ 95% 97% ✓ Good
DNS resolution ≤ 10ms 5ms ✓ Good5. Network Troubleshooting
NETWORK TROUBLESHOOTING FRAMEWORK
═══════════════════════════════════════
Layer-by-Layer Approach (OSI Model):
═══════════════════════════════════════
Layer 1 (Physical):
→ Cable test (Fluke, link lights)
→ Port status (show interface)
→ Speed/duplex mismatch
→ SFP module (transceiver test)
Layer 2 (Data Link):
→ MAC address table (show mac address-table)
→ STP status (show spanning-tree)
→ VLAN configuration (show vlan)
→ ARP table (show arp)
→ Duplicate MAC detection
Layer 3 (Network):
→ IP configuration (show ip interface brief)
→ Routing table (show ip route)
→ OSPF neighbors (show ip ospf neighbor)
→ BGP sessions (show ip bgp summary)
→traceroute / pathping
Layer 4+ (Transport/Application):
→ Port connectivity (telnet, Test-NetConnection)
→ Firewall rules (show access-lists)
→ DNS resolution (nslookup, dig)
→ Application-specific (HTTP, SMTP, etc.)
COMMON ISSUES & RESOLUTIONS:
═══════════════════════════════════════
Issue Diagnosis Resolution
───────────────────────────────────────────────────────────────────────
Intermittent connectivity Cable/port issue Replace cable, check port
Slow WiFi Channel interference Change channel, reduce power
DNS failures DNS server down/unreachable Switch to alternate DNS
High latency Congestion/route issue Check utilization, verify route
VLAN not working VLAN mismatch/tagging Verify VLAN config end-to-end
DHCP not assigning DHCP server/pool issue Check DHCP scope, relay agentEdge Cases
- Multi-site: WAN optimization, latency management
- Remote workers: VPN, Zero Trust, SASE
- WiFi: Interference, roaming, capacity
- IoT: Network segmentation, security
- Compliance: Network access control (NAC)
Integration Points
- Monitoring: PRTG, SolarWinds, Nagios, Zabbix
- Configuration: Ansible, Terraform, Python
- SD-WAN: VMware Velocloud, Cisco Viptela, Fortinet
- Security: Palo Alto, Fortinet, Check Point, Cisco
- WiFi: Cisco Meraki, Aruba, Ubiquiti
- NAC: Cisco ISE, Aruba ClearPass
Output
Network Management Status
NETWORK STATUS — Q4 2024
═══════════════════════════════════════
Devices managed: 245 (switches, routers, APs, firewalls)
Uptime: 99.995% (target: ≥99.99%) ✓
VLANs: 8 (all operational)
SD-WAN: 12 sites (active-active, 0 outages)
WiFi coverage: 97% (target: ≥95%) ✓
Open tickets: 2 (minor, resolved <4h)
Last audit: Q4 2024 (compliant)
Next action: Upgrade 3 edge switches (EOL Q2 2025)