--- name: network-management description: Manage network infrastructure including LAN/WAN design, routing, switching, VLANs, SD-WAN, network monitoring, and troubleshooting. Use when designing networks, configuring switches/routers, implementing VLANs, setting up SD-WAN, or troubleshooting network issues. Triggers on phrases like "network management", "LAN", "WAN", "SD-WAN", "VLAN", "routing", "switching", "network design", "network monitoring", "network troubleshooting", "BGP", "OSPF", "STP", "QoS", "firewall rules", "network security", "network segmentation", "access control list", "ACL", "port security". --- # Network Management Manage network infrastructure including LAN/WAN design, routing, switching, VLANs, SD-WAN, monitoring, and troubleshooting. ## Workflow ### 1. Network Architecture ``` NETWORK ARCHITECTURE ═══════════════════════════════════════ Enterprise Network Design: ═══════════════════════════════════════ Internet ↓ Edge Firewall ↓ Core Switch (Layer 3) ═══════════════════════════ ↓ ↓ ↓ Distribution Distribution Distribution Switch (Floor A) Switch (Floor B) Switch (Remote) ↓ ↓ ↓ ↓ Access Access Access Access Switch Switch Switch Switch ↓ ↓ ↓ ↓ Workstations Servers WiFi APs Branch Office NETWORK SEGMENTS (VLANs): ═══════════════════════════════════════ VLAN ID Name Subnet Purpose Security ─────────────────────────────────────────────────────────────────────────────── 10 Management 10.10.10.0/24 Network devices Restricted 20 Servers 10.10.20.0/24 Production Firewall rules 30 Users 10.10.30.0/24 Employee LAN Standard 40 Guests 10.10.40.0/24 Guest WiFi Internet only 50 VoIP 10.10.50.0/24 Phone systems QoS priority 60 IoT 10.10.60.0/24 IoT devices Isolated 70 DMZ 10.10.70.0/24 Public servers Firewall DMZ 80 Dev/Test 10.10.80.0/24 Development Isolated from prod REDUNDANCY: ═══════════════════════════════════════ → Core switches: Stacked (VSS/MLX) or HSRP/VRRP → ISP: Dual ISP (primary + backup) → Uplinks: LACP (EtherChannel) bonded → WAN: SD-WAN (multiple links, active-active) → Power: Dual PSU, UPS ``` ### 2. Routing & Switching ``` ROUTING CONFIGURATION ═══════════════════════════════════════ Dynamic Routing: ═══════════════════════════════════════ Internal: OSPF (OSPFv2 for IPv4, OSPFv3 for IPv6) → Area 0: Backbone (core) → Area 1: Floor A → Area 2: Floor B → Area 3: Remote site External: BGP (Multi-homed ISP) → AS: 65001 (private) → Peers: ISP1 (AS 64500), ISP2 (AS 64501) → Default route: Both ISPs (ECMP) → Health check: BFD (fast failover) Switching: ═══════════════════════════════════════ Spanning Tree: → Mode: Rapid PVST+ → Root bridge: Core switch 1 (primary) → Backup root: Core switch 2 (secondary) → BPDU guard: Enabled on access ports → Portfast: Enabled on access ports Link Aggregation: → LACP mode: Active → Channels: 2x1G or 4x1G → Fallback: Single link (graceful degradation) ACCESS CONTROL LISTS (ACLs): ═══════════════════════════════════════ → VLAN-to-VLAN: Firewall (not ACL) → Server protection: Inbound ACL on server VLAN → Guest isolation: No access to internal networks → IoT isolation: Only internet + specific servers ``` ### 3. SD-WAN ``` SD-WAN IMPLEMENTATION ═══════════════════════════════════════ SD-WAN Architecture: ═══════════════════════════════════════ Branch Office: → SD-WAN edge appliance (hardware/virtual) → Links: MPLS + Internet + 4G/5G backup → Centralized management (cloud controller) Data Center: → SD-WAN edge (connect to firewall) → Links: Dedicated + Internet Cloud: → Direct cloud on-ramp (AWS Direct Connect, Azure ExpressRoute) → SaaS optimization (Office 365, Salesforce → internet) LINK PRIORITIZATION: ═══════════════════════════════════════ Application Path Policy ──────────────────────────────────────────────────────────────────────── VoIP MPLS (lowest latency) QoS priority 1 ERP (SAP/Oracle) MPLS QoS priority 2 Email (O365) Internet (direct) QoS priority 3 Web browsing Internet Best available Cloud backup Internet (off-hours) Best available Video conferencing MPLS or Internet Adaptive path SD-WAN FEATURES: ═══════════════════════════════════════ → Application-aware routing (identify by SSL, deep packet) → Forward error correction (FEC) for WAN optimization → Compression and deduplication → Centralized policy management → Zero-touch provisioning (branch deployment) → Integrated security (IPS, firewall, CASB) ``` ### 4. Network Monitoring ``` NETWORK MONITORING ═══════════════════════════════════════ Monitoring Stack: ═══════════════════════════════════════ Tool Purpose Data Source Alert ──────────────────────────────────────────────────────────────────────────────── PRTG / SolarWinds Device monitoring SNMP Threshold Wireshark Packet analysis Port mirror Manual NetFlow/sFlow Traffic analysis Router/switch Anomaly Nmap Port scanning Active scan Scheduled SmokePing Latency/jitter monitoring ICMP/HTTP Threshold UptimeRobot External availability HTTP/HTTPS Downtime Monitoring Coverage: ═══════════════════════════════════════ → All routers, switches, firewalls (SNMP) → ISP links (NetFlow, ping) → WiFi controllers and APs (SNMP, API) → Network utilization (per interface) → Error rates (CRC, collisions, drops) → CPU/memory utilization (devices) → Port status (up/down, speed, duplex) NETWORK HEALTH DASHBOARD: ═══════════════════════════════════════ Metric Target Current Status ──────────────────────────────────────────────────────────────── Uptime ≥ 99.99% 99.995% ✓ Good Latency (internal) ≤ 5ms 2ms ✓ Good Latency (WAN) ≤ 50ms 35ms ✓ Good Packet loss ≤ 0.1% 0.02% ✓ Good Utilization (peak) ≤ 70% 55% ✓ Good WiFi coverage ≥ 95% 97% ✓ Good DNS resolution ≤ 10ms 5ms ✓ Good ``` ### 5. Network Troubleshooting ``` NETWORK TROUBLESHOOTING FRAMEWORK ═══════════════════════════════════════ Layer-by-Layer Approach (OSI Model): ═══════════════════════════════════════ Layer 1 (Physical): → Cable test (Fluke, link lights) → Port status (show interface) → Speed/duplex mismatch → SFP module (transceiver test) Layer 2 (Data Link): → MAC address table (show mac address-table) → STP status (show spanning-tree) → VLAN configuration (show vlan) → ARP table (show arp) → Duplicate MAC detection Layer 3 (Network): → IP configuration (show ip interface brief) → Routing table (show ip route) → OSPF neighbors (show ip ospf neighbor) → BGP sessions (show ip bgp summary) →traceroute / pathping Layer 4+ (Transport/Application): → Port connectivity (telnet, Test-NetConnection) → Firewall rules (show access-lists) → DNS resolution (nslookup, dig) → Application-specific (HTTP, SMTP, etc.) COMMON ISSUES & RESOLUTIONS: ═══════════════════════════════════════ Issue Diagnosis Resolution ─────────────────────────────────────────────────────────────────────── Intermittent connectivity Cable/port issue Replace cable, check port Slow WiFi Channel interference Change channel, reduce power DNS failures DNS server down/unreachable Switch to alternate DNS High latency Congestion/route issue Check utilization, verify route VLAN not working VLAN mismatch/tagging Verify VLAN config end-to-end DHCP not assigning DHCP server/pool issue Check DHCP scope, relay agent ``` ## Edge Cases - **Multi-site**: WAN optimization, latency management - **Remote workers**: VPN, Zero Trust, SASE - **WiFi**: Interference, roaming, capacity - **IoT**: Network segmentation, security - **Compliance**: Network access control (NAC) ## Integration Points - **Monitoring**: PRTG, SolarWinds, Nagios, Zabbix - **Configuration**: Ansible, Terraform, Python - **SD-WAN**: VMware Velocloud, Cisco Viptela, Fortinet - **Security**: Palo Alto, Fortinet, Check Point, Cisco - **WiFi**: Cisco Meraki, Aruba, Ubiquiti - **NAC**: Cisco ISE, Aruba ClearPass ## Output ### Network Management Status ``` NETWORK STATUS — Q4 2024 ═══════════════════════════════════════ Devices managed: 245 (switches, routers, APs, firewalls) Uptime: 99.995% (target: ≥99.99%) ✓ VLANs: 8 (all operational) SD-WAN: 12 sites (active-active, 0 outages) WiFi coverage: 97% (target: ≥95%) ✓ Open tickets: 2 (minor, resolved <4h) Last audit: Q4 2024 (compliant) Next action: Upgrade 3 edge switches (EOL Q2 2025) ```