Backgroound Image

Cisco ISR Project – vWAAS deployment (14 of ?)

(I just noticed that I forgot to publish this, so anyone reading my posts on IWAN deployment… Sorry this one’s a few years late…)

To get the WAAS deployment done there are a few prerequisites:

  • Virtual Central Manager (vCM) deployed (at HQ)
  • vWAAS appliance deployed (at HQ)
  • vWAAS appliance deployed (at branch)
  • WAN connectivity between branch and HQ

A couple things to be aware of right off the bad:

  • Default username is: admin
  • Default password is: default
  • Telnet is enabled by default, and SSH is disabled.
    • To enable SSH run these commands from a config prompt (make sure hostname and domain are set before running)
      • ssh-key-generate
      • sshd enable
    • Telnet can be disabled, however, it seems the management software 
  • When logging into the web interface if there is a prompt to select an SSL certificate, click Cancel.  That should bring up the login page.

After the OVA has been deployed you should be able to log into the appliance and it should automatically start the device configuration.  If not simply enter the ‘setup’ command.

The setup between the vCM and vWAAS is pretty similar, so I’m just going to go over the vWAAS as there are more of those.  However, the vCM does need to be configured before the vWAAS, as the vWAAS needs to connect to the vCM.

WAAS setup

The setup is text-based, and pretty straightforward.  One thing to be aware of is if the CMS service fails to start (I set up vWAAS up without setting the correct vNIC settings) you can run the command ‘cms enable’ from a config prompt.  That should force the vCM to start, or force a vWAAS appliance to register with the vCM.

After completing the setup a window will pop up with a list of commands to configure WCCP on the router.

WCCP template

To make things easier, here’s a text version of the commands:

ip wccp version 2

ip wccp 61 (optional:waas-wccp-redirect-list) 

ip wccp vrf IWAN-PRIMARY/SECONDARY 62 (optional:waas-wccp-redirect-list)  

interface (Router LAN interface(s)) 

     ip wccp 61 redirect in 

interface (Router WAN interface(s)) 

     ip wccp vrf IWAN-PRIMARY/SECONDARY 62 redirect in

interface (Router NM-WAE interface) 

     ip wccp redirect exclude in

(optional: 

  ip acces-list extended waas-wccp-redirect-list 

       acl1 

       acl2 

       …. 

       aclN 

)

One thing that isn’t covered in this default config is the ISR uses VRFs for the WAN interface(s).  For the WAN interface enter the correct VRF and then the commands should work.

Links:

WAAS: http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v611/configuration/guide/cnfg/traffic.html

Prime: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/WAAS.html

CISSP Certification

I recently received a provisional passing score on the (ISC)² CISSP exam, and I thought I’d share what I learned.

About the exam


First off, the CISSP is a certification centered around IT security, and in touches on both management and engineering aspects of IT security.  You can read more about what the CISSP entails here: https://www.isc2.org/Certifications/CISSP


One of the requirements of the CISSP certification is that you have at least five years experience in at least two of the eight domains.

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

You can also get a 1-year waiver if you have a 4-year degree, or an approved certification.

When I decided to go for the CISSP I already had 15 years experience, though most of it was on the network engineering side of things.  Due to the breadth of material covered in the exam I easily spent more time preparing for this test than any other certification test I’ve taken.

How I prepared

As I mentioned, I’ve had 15 years experience, so I’m familiar with most network security concepts from an engineering standpoint.  However, this exam goes into a lot more than just the technical side of cyber security.  A lot of the legal frameworks were new to me, as well as the software development side.

I started off by reading the CISSP Exam Cram (4th Edition).  That book is based on a previous CISSP exam, but the content is still relevant to the 2018 version of the test.  I read this cover-to-cover, making a number of highlights along the way.  I then went back through and went over those highlights again to really solidify what I read.

I also had the Sybex Official Study Guide and Practice Tests.  This book is much bigger, and I thought it went into more detail than the Exam Cram.  I mainly used to book as a reference for areas that I found I was weak in after taking the practice tests or concepts that I wasn’t confident in after finishing the Exam Cram.

To break up the monotony of reading I also watched the CISSP video series through Pluralsight.  I found the videos informative, but after having done so much reading it was a bit difficult to stay focused when reviewing content I was already familiar with.  I actually think the video series provides a great foundational level, and I would have been better off if I’d started with it before I did the reading. 

Lastly, I also read the Eleventh Hour CISSP Study Guide. I got the Kindle version, and I read through it a couple times in the days before the test.  This is a really condensed version of the material, but I thought it was a great refresher. 

Personally, I’m a big fan of practice tests.  I find that they often help highlight where my weaknesses are, so I can focus my studies more in those areas.  For the CISSP exam I must have done over 800 practice questions.  The exam covers a wide range of material, so I wanted to make sure I didn’t have any gaps.

The exam itself

Having taken exams for PearsonVue and Prometric in the past this exam really wasn’t much different.  The testing center did palm scans, and they were a lot more controlled than other exams, but nothing to significant.

Not that this is unusual for certification exams, but the CISSP exam seems to take pleasure in using some tricky questions.  Without getting into NDA space I’ll just use a very loose example-

Q: Which of these BEST describes what is needed for a sandwich

A: Peanut Butter

B: Mayo

C: Bread

D: Meat

Well, a sandwich could made with all of them (at the same time if your brave enough).  The correct answer is C because a sandwich is (at least by definition) made with bread.

In the US the exam is adaptive, meaning there’s no Back button, so when you submit an answer you’d better be happy with what you selected.  Read twice, click once.  It also doesn’t tell you how many questions there are.  It just stops abruptly somewhere between 100 and 150 questions.  The screen doesn’t display a result either.  You don’t find out if you passed or not until you get the score report.  The score report should indicated if you passed or failed, and if you failed it should list the domains you were weak in.  There’s also situations where a score isn’t immediately available.

After the exam

If you passed the exam you should get an email confirmation a couple days later with information on submitting an endorsement application.  The process is pretty straightforward, but it can take upwards of eight weeks for everything to be approved before the certification is official.

 Right now I’m still waiting for the official approval, so any addition details will come along when that’s complete.