Home Technologies Products & Prices Services User Guides Contact Us
device admin
audit (sox/cobit)
admission control (nac)
fault finding


About us...
extraxi offers world class products & consultancy in the field of enterprise AAA and data migration with a number of ex-cisco personnel who have helped secure some of the worlds largest fixed and wireless deployments

aaa-reports! support for TACACS+ Device Admin (TDA)


what is TDA?
Cisco IOS based TACACS+ device management
With the never ending increases in the complexity and scale of the network, the task of managing it has never been harder. Whilst technologies and tools have emerged to assist in this task the widespread use of command line (CLI) configuration using a Telnet session remains a crucial foundation in most installations. Combined with the dominance of Cisco IOS and its strong support for CLI, this is unlikely to change any time soon.

The scale of today’s networks means that they are beyond the capacity of a single administrator or indeed even a small number of administrators to manage. Spread across the organization both by business and geography, individual administrators need appropriate access to the part of the network that they control. Controlling this access, (i.e., managing the administrators) is a real challenge and one that historically has often been ignored due to the complexities involved. This is unlikely to be a viable approach in the future as legislation such as Sarbanes-Oxley (SOX) that exerts a legal requirement not only to control but also to properly audit what actions are being performed by network administrators.

Cisco have provided a strong foundation for the implementation of scalable management regime with device based privilege level controls and per command authorization using TACACS+ and the Cisco Secure ACS Device Command Sets (DCS) feature. The Cisco white paper ‘Building a scalable TACACS+ Device Management framework’ provides a good introduction to these capabilities. Either of these tools can be used to create security regimes as appropriate to the specific needs of the organization using them. Beyond these facilities, the AAA server administrator needs help in reducing the mountain of unordered log data that T+ Device Administration (TDA) generates into useful information that can used for both technical support and security audit purposes.

Read our TDA Audit Reports White Paper...

how aaa-reports! supports TDA

From the perspective of a security audit, TDA falls into two basic categories:

What did you intend should happen on the network during a given period?
What actually happened during the same period?

With aaa-reports! v2.1 enhanced TDA audit reporting for Cisco Secure ACS it is now possible to answer both of these questions and for the first time ever it is possible to document both policy intent and operation!

Using an imported ACS database*, aaa-reports! can report:

Summaries of groups/users with TDA related features in use
Detailed config for groups/users with TDA features
Summary & detailed content of Network Access Restrictions (NAR)
Summary & detailed content of Device Commend Sets (DCS)**
What devices (and device groups) a group/user has access (or not) to
What commands a group/user is authorised to execute on a device (or device group)
What groups/users make reference to a specific Shared Device Command Set (DCS)**
What groups/users make reference to a specific Shared Network Access Restriction (NAR)
Any Shared DCS/NAR that is un-referenced (ie possibly redundant)
What devices are associated with a Network Device Group (NDG)
User account/password aging statuses

* ACS v3.x Software, ACS 4.x Software & Appliance (Solution Engine)
** Both shell(exec) and pixshell command authorisation supported

Using imported TACACS+ command accounting, TACACS+ session accounting and ACS Failed Attempts logs aaa-reports! can report:

Summaries of devices managed, commands issued, group/users performing tasks, authentication & authorisation failures

All commands issued by a specific user
All commands executed on a specific device
All users who issued a specific command

aaa-reports! gives you the in-depth analysis of your TACACS+ managed network that you need

Whats New?

ACS 5 Support

aaa-reports! enterprise v1.2

csvsync v3.0

web reports v1.0

Free Trial

Download the fully functional 60 day trial

Download the aaa-reports! datasheet (PDF)

Download the Audit Reports white paper. Find out how aaa-reports! can help you with audit compliance (PDF)

Need a hand writing a purchase justification? Click here for our management overview of aaa-reports!

Tips 'n' Tricks

Check out our new tips blog.. 

Upgrades FAQ

Q&A for free upgrade eligibility


TACACS+ Device Admin (TDA)

Sarbanes Oxley (SOX) Compliance

Network Admission Control (NAC)



Home | Contact
Cisco, Cisco Systems, the Cisco Systems logo, and the Cisco Arrow logo are registered trademarks or trademarks of Cisco Systems Inc and/or is its affiliates in the US and certain other countries. Other trademarks are the property of their respective owners.

Copyright 2006-2012 Extraxi Ltd.  All rights reserved