Network Engineer Interview

Recently I have been struggling with my career choices. I am a little confused about what I really want to do for the rest of my working life. Originally my first goal was just to wear a Cisco T-shirt to work! I now do that as often as I can to remind myself of my first goal.

My second goal was to be a ‘Core Network Engineer or Network Design Engineer’. I am currently working towards those now.

My brothers friend of mine recently contacted me to do an interview for her students at a TAFE in Victoria. I was more than happy to reply and help out upcoming students. This made me think back to when I was in TAFE. My teachers were great and really pushed us to get the best score possible. I was even asked by my teachers to apply for a Network Scholarship, although it wasn’t meant to be.

I did pass with pretty good marks at the Cisco Networking Academy and even though my worklife has been completely different than TAFE I have learnt some valuable lessons. Maybe one day, I could be a Cisco Networking Academy teacher?

Below is the interview I did for the friend. I hope it does help the students in some way.

  1. What kind of qualifications do you have?
  • Advanced Diploma of Computer Systems engineering
  • CCNA
  • CCDA
  • CCNP
  • CCDP
  1. How many years have you been in this industry?
  • I started in 2006 part time while still at TAFE, so about 9 years.
  1. What does a day in your job look like?
  • My current job is network support for mining companies. Typical day, if not on call is arriving at work and checking my sites I have been assigned. We use some monitoring systems which I can quickly check to see if any links or devices are down. Once that is complete I have a few projects I am working on, so I may have to check on them. Day to day I would be either making changes to switches or wireless infrastructure. Although to perform changes, we need to follow a change control procedure. We can only make on the fly changes if it is an emergency.

I usually have to speak with IS managers on the mine sites to get approvals to perform my changes. The work comes in via incidents (service desk) or by my manager. It could be a new VLAN to be pushed across the wireless network, a IPSec tunnel from our office to other remote offices or configuring an autonomous AP for wireless access in a piece of mining equipment. I might also receive small requests to update access control lists or adding new subnets to routers. Some bigger projects may be taking over management of existing switches and cleaning up configurations.

Usually when a major outage happens we need to do the troubleshooting, check power and comms to WAN router then go from there. Most incidents are related to power in the mining industry or unauthorized changes.

  1. What’s the worst network attack that you’ve ever seen?
  • I worked for a small ISP a year ago. We had a few different Internet pipes and we supplied either a secure internet (firewall in front of customer) or a non-secure (direct pipe to the internet). The customer would then need to provide own firewall. One night I was on call and started to receive some alerts from multiple customers. The firewall was being attacked, millions of half open TCP sessions where being created within the firewall and the firewall could no process the information. This caused the firewall to drop its routing neighborship with our PE router (Provider Edge) and took out every customers internet for about an hour. Manual intervention was required to black hole the traffic, direct it to Null0 (destination that doesn’t exist) which stopped the traffic flow.  The final fix, was to install a IDS (intrusion detection system) to automatically detect this type of attack and block the traffic before it made its way to firewall. One other attack I saw is Crypto-locker. Comes in an email and encrypts peoples hard drives so they cannot open it without paying a ransom to the hackers themselves to unlock.

If you want to see people trying to hack networks right now, the Norse corporation has deployed Honeypot servers (devices that look legitimate but are not) and they monitor attacks on this website –

  1. How much do you get paid per year?
  • 9 years ago when I started full time I got $25 dollars an hour while still at TAFE. I didn’t have my CCNA or any experience. As a contractor you could make $50 – $80 an hour as a CCNA with a couple of years’ experience back then as well. These days contracting pays the best, but there is no guarantee or work stability. Check out the current Hays Salary Centre for current rates depending on years’ experience. It also depends on the work you will be doing. Design & consulting pay the best.
  1. How do you set up a physical hardware firewall device on a network?
  • This really depends on the network design itself. Best practice is to have dual firewalls. You can deploy them in the active/passive configuration which means one is doing the work and the other is sitting there ready to take over. The active/active configuration is where traffic is shared or load balanced across the hardware. This is also dependent on the hardware itself as it needs to be able to support this configuration.
  1. What is the most difficult task that you have dealt with?
  • I had to install and troubleshoot a new wireless network. Unfortunately there was no wireless site survey done, they just installed Wireless AP’s where they thought it would be best. It took me a long time to try and get the network running and stable. They also had voice over the wireless which was not taken into consideration as well. Most enterprise wireless networks are controlled by a centralised device that can automatically change power and channels. Although if the RF environment has not been mapped out correctly, you are going to run into problems. Interference, rouge wireless AP’s and incorrect settings all played havoc with this network. I recommend always following the best practice guide lines when deploying a wireless network.
  1. If a client reports a wireless dead zone in their building what do you do to find the extent of it and then how would you fix it?
  • If the wireless is being monitored, a check of AP’s in the area and if they are all online is the first step. The next step would be to go to the area affected and use a wireless scanner (network Stumbler) to measure the signal strength of the AP in the dead spot. This will determine if the power level on the AP is high enough to service the area or with visual inspection you may find something that is causing interference. It could be the physical environment, a rouge AP or another wireless device. Depending on the wireless frequency you may have another AP in the area trying to use the same channel, a scan will pick this up.
  1. What is the most extreme problem you have come across?
  • Anything to do with entire WAN networks going down. Usually the WAN once deployed should be stable with redundancy in the design. The WAN is critical for major companies that access resources in the data centre. I was on call once and got a call at 4am in the morning. Half of our WAN started to fail, people could not access the data centre or internet, and out of 120 sites only half where working. It took 4 hours to fix this problem. It was caused by a change that previous night to all routers in the organization regarding SSH key generation and how the WAN communicated with encryption. We had to escalate to Cisco TAC (Cisco’s Technical Support Team) and an engineer from Texas found the issue and rectified. It was the worse outage I have ever had a phone call about.
  1. What is the most common problem you come across?
  • Problems like incorrect VLANs or duplex issues. People are in the wrong network, or the cabling is ruined causing major packet loss.
  1. How do you set up a wireless repeater/extender to get better signal in a room?
  • Ha! I have never actually used a wireless repeater! People use them in their homes, but enterprise access points are a lot more powerful regarding antennas and coverage. Usually in the industry it has been determined beforehand during the design process. If someone came up to me and asked me to deploy one, I would check the Cisco site and follow the instructions.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s