Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


aaa-reports! v2.1 supports TACACS+ Device Admin Audit Reporting

extraxi is proud to announce a new release of aaa-reports! with support for TACACS+ Device Admin (TDA) reports for audit compliance.

Previous versions had the ability to import the Cisco Secure ACS database dump file and generate reports for group summaries, inactive users, expired and disabled user accounts.

But in v2.1 we've gone much deeper. In this release we provide new reports to more fully document your TACACS+ Device Administration (TDA) config:

* Group level Network Access Restrictions (NARs)

* Shared NARs

* Group level service & protocol authorization

* Group level enable authorization

* Group level shell command authorization

* Shared Device Command Sets (DCS) for shell & pixshell

* Network Device Group (NDG) content

With these additions you will at last be able to document your "policy intent" without having to either take screen dumps of the ACS Admin web pages, or write it down by hand!!

And the reports don't stop at config documentation... they can also show you

* Which groups/users have permit access to specific devices (or device group)

* What commands a group/user is authorised to execute against a specific device (or device group)

* What groups/users make reference to a given Shared Network Access Restriction (NAR) or Shared Device Command Set (DCS)

* Which Shared NARs and DCSs are not referenced at all

aaa-reports! v2.1 now supports several methods for importing the ACS Database:

* - via extraxi "getacsdb" utility for v3.x

* - via 4.x cssupport/support admin page

All in all, aaa-reports! v2.1 is what ACS users have been crying out for to make network security auditing less painful!

Visit to download a working 60 day trial