IT Admin responsibilities.

December 04, 2025

Design, configure, and maintain secure and efficient network infrastructures.
Monitor network performance and troubleshoot issues.
Implement network upgrades.
Ensure data security and minimize user downtime

1. Network Design (Foundations of a Secure & Efficient Infrastructure)

1.1 Requirements Analysis

Identify number of users/devices.
Determine application requirements (latency-sensitive apps, VoIP, CCTV, backups).
Assess security/compliance needs (ISO 27001, NIST, GDPR, HIPAA depending on org).
Define budget and scalability expectations (1–3 year growth plan).

1.2 Logical Network Design

Create network topology: Core → Distribution → Access (3-tier) or Collapsed Core.
Define VLAN structure:
- Users
- Servers
- IoT / CCTV
- Guest Wi-Fi
- Voice
- Management
Create an IP addressing plan (summarized, scalable, documented).
Design routing architecture:
- Static, OSPF, EIGRP, or BGP (for multi-site).
Plan redundancy:
- Dual routers/firewalls
- Dual core switches
- Link aggregation (LACP)
- Multiple internet connections

1.3 Physical Design

Select hardware (routers, firewalls, L2/L3 switches, WLC, APs).
Choose cabling type (Cat6, fiber, backbone).
Ensure UPS, cooling, and proper rack management.

2. Configuration (Building a Secure & Stable Network)

2.1 Secure Baseline Configuration

Set strong admin credentials + create role-based accounts.
Disable unused ports and services.
Apply port security on access switches.
Implement VLAN segmentation.
Enable DHCP snooping, Dynamic ARP inspection, and IP source guard.
Configure SNMPv3 or secure telemetry (no SNMPv1/v2c).
Use SSH, HTTPS—not Telnet/HTTP.

2.2 Routing & Switching Configuration

VLANs and inter-VLAN routing.
OSPF/EIGRP/BGP depending on complexity.
Spanning Tree Protocol (RSTP/MSTP) for loop prevention.
Use EtherChannel / LACP for link redundancy.
QoS policies for voice/video where needed.

2.3 Firewall & Security Policies

Create zone-based or rule-based firewall policies.
Enable IPS/IDS, URL filtering, malware inspection.
Configure VPNs (Site-to-Site and Remote Access).
NAT, port forwarding rules (least privilege principle).
Apply geolocation blocks where valid.

2.4 Wireless Network Configuration

WPA3 enterprise (or WPA2-E if older hardware).
SSID segmentation (corporate / guest / IoT).
Central management using a Wireless LAN Controller.
Channel planning + power optimization.

3. Monitoring Network Performance

3.1 Use Monitoring Tools

Zabbix / PRTG / SolarWinds / Nagios
Cloud options: Datadog, LogicMonitor
NetFlow/sFlow for traffic analytics.

3.2 Key Metrics to Monitor

Latency, jitter, packet loss
Bandwidth utilization
Interface errors (CRC, drops)
CPU and memory usage on network devices
Wireless interference and signal strength
SSL VPN usage and tunnel stability
Firewall hit counts (for misconfigured rules)

3.3 Logging & Alerting

Centralized syslog server (SIEM: Splunk, ELK, Wazuh).
Alerts for:
- Link down
- Failover events
- Unauthorized access
- High CPU/memory
- Security threats from IDS/IPS

4. Troubleshooting Network Issues

4.1 OSI-Layer Troubleshooting Approach

Layer 1 – Physical:
Check cables, lights, power, SFPs, patch panels.
Layer 2 – Data Link:
VLAN mismatch, STP blocking, port-security violations.
Layer 3 – Network:
Default gateway issues, incorrect routing, IP conflicts.
Layer 4 – Transport:
ACL/firewall blocks, TCP resets.
Layer 7 – Application:
DNS, authentication, server issues.

4.2 Common Troubleshooting Commands

ping, traceroute
show ip route, show arp
show vlan, show spanning-tree
show interface status
debug (careful in production!)
Wireless heatmap analysis

4.3 Standard Troubleshooting Flow

Identify scope → one user / subnet / site?
Check physical layer.
Check VLAN/IP assignment.
Test gateway & routing.
Check firewall ACLs.
Inspect logs + monitoring tools.
Escalate with detailed documentation.

5. Implementing Network Upgrades

5.1 Planning

Perform network audit (hardware age, firmware, performance).
Define upgrade window (low usage hours).
Backup existing configurations.
Create a rollback plan if upgrade fails.

5.2 Types of Upgrades

Firmware upgrades (security patches).
Hardware refresh (switches, routers, firewalls).
Adding new VLANs or new APs.
Improving firewall rules and segmentation.
Migrating to 10G/40G/100G uplinks.
Moving to cloud-managed networks.

5.3 Execution

Apply change in maintenance window.
Test all critical services after upgrade:
- Internet
- VoIP
- Wi-Fi
- Server access
- VPN
Document all changes.

6. Ensuring Data Security & Minimizing Downtime

6.1 Proactive Security Measures

Regular firmware updates.
2FA on management portals.
Zero Trust segmentation.
Regular penetration testing & vulnerability scans.
Strong password & certificate policies.

6.2 Backup & Redundancy

Redundant ISPs or load-balanced WAN.
Redundant power (UPS + generator).
VRRP/HSRP for router failover.
Firewall clusters (HA active/passive or active/active).
RAID storage for servers/NVR.
Backups for:
- Configurations
- Logs
- Critical servers
- Cloud snapshots

6.3 Downtime Minimization Strategies

Implement SLA monitoring.
Schedule maintenance windows.
Use hot-standby failover devices.
Automate alerts and use predictive monitoring.
Maintain spare equipment (SFPs, switches, routers).

6.4 Documentation

Network diagrams (Visio/LucidChart).
IP/VLAN tables.
Inventory list with firmware versions.
SOP playbooks for incidents.

7. Summary (What You’ll Be Able to Do)

By following these steps, you can:

✅ Design secure and scalable networks

✅ Configure enterprise routers, switches, firewalls, and wireless

✅ Monitor and analyze network performance

✅ Troubleshoot issues quickly using OSI and tool-based methods

✅ Implement upgrades with zero/minimal downtime

✅ Enforce strong data security and network hardening

✅ Maintain long-term reliability through documentation & monitoring

Comments