Current caveats and limitations:
  • Active Advisor can scan many Cisco device types, but not all. The list is ever-evolving and is available here.
  • Level 15 access credentials are required to properly scan most IOS-based devices.
  • Devices configured for access only via SSH or the insecure Telnet protocol (no ip http server / no ip http secure-server) and having RADIUS or TACACS+ authentication configured, or that are configured with alternative username/password prompts, may not currently be supported by the scanner. To work around these issues, you have the option of (temporarily) enabling the HTTPS server on the device (which doesn't use these prompts), or to configure your remote AAA server, or aaa authentication commands, to serve the prompts exactly as "Username:" and "Password:".  When not using a remote authentication service, please see IOS Authentication Commands for details on setting "aaa authentication username-prompt" and "aaa authentication password-prompt" IOS commands to supply these prompts. Please also refer to the IOS command privilege level for additional hints on configuring level 15 privileges for users under various authentication schemes (local, radius, etc). For some models of ASA security devices which are supported by Active Advisor, these devices provide different login prompts, generally "login as:" and "username@ip's password:", and do not need to be altered to work with Active Advisor.
  • Devices with an IP address ending in .0 or .255 will not be scanned when entered as part of an address range. Devices utilizing these IP addresses can be scanned individually by leaving the ending range input blank, as shown below:

Known issues currently being addressed:
  • Devices configured with multiple IP addresses that are scanned during a single scanner run may cause a 'duplicate mac' error to be logged in the scanner log file, and neither device will be uploaded to the Active Advisor portal. Currently this can be worked around by conducting a subsequent scan and scanning only the single IP addresses of the device