ERIC SCHMITT

Technical documentation of a virtualized NAC lab focused on wired authentication, segmented guest enforcement, incident validation, and controlled remediation within a multi-VM enterprise-style access-control environment.

Models enterprise access-control behavior: deterministic 802.1X authentication flow, pfSense-enforced segmentation and guest isolation, evidence-driven incident handling, and automation-assisted validation under realistic SME constraints.

IEEE 802.1X via hostapd (wired mode) and wpa_supplicant, pfSense, FreeRADIUS, GLPI on Apache and MariaDB, Splunk Universal Forwarder, Python, Ansible, tcpdump, and Wireshark.

A multi-VM lab reproduces failed and successful wired 802.1X states, validates authenticated access versus guest restrictions through pfSense-enforced policy boundaries, and correlates outcomes across logs, packet captures, GLPI records, and Python/Ansible-generated evidence.

Technical documentation of an AWS-hosted hub-and-spoke WAN lab focused on encrypted overlay transport, dynamic routing control, and automated active/standby hub failover under realistic SME design constraints.

Models enterprise WAN behavior: deterministic BGP path selection, encrypted overlays, automated failure handling, and operational observability under realistic SME constraints.

WireGuard, BGP (FRR), AWS EC2, EventBridge, Lambda, and CloudWatch.

Two AWS EC2 hub nodes and multiple local VM spokes provide WireGuard-secured connectivity, dynamic route propagation, and automated hub failover without proprietary SD-WAN control planes.