Configuring Cisco Banners
While working with Cisco gear in the field you will notice that banners have their place. Such as to inform the user of legal rights or scheduled maintenance. This lab will discuss and demonstrate the different types of Cisco IOS banners.
Real World Application
In a production network it is common to place banners on Cisco devices which include legal information and other warning information for unauthorized individuals attempting to establish a exec session with your device(s). Login banners are displayed upon an attempting exec session establishment, MOTD banners are shown prior to a login banner and before user authentication. EXEC banners are shown once an individual has started an EXEC session with the device.
Lab Prerequisites
- If you are using GNS3 than load the Stub Area Networking GNS3 topology file than start R1.
- Establish a Console session with Router 1.
>Lab Objectives
- Configure a login banner so that any attempted connections to the device are prompted with Legal information.
- Configure an EXEC banner so that when a user establishes an exec session with the device the device displays the hostname and current line the session was established on.
- Configure a Message of The Day (MOTD) Banner to display current scheduled downtime for device maintenance.
Lab Instruction
Step 1. For objective one you’re required to configure a Login banner to inform incoming sessions legal information and privacy information. When configuring a banner you’ll need to use a delimiting character; which is a character that only appears at the beginning and end of the banner. The ^ is commonly used. To set a banner you’ll use the banner command followed by the type of banner rather it be login, exec, motd and the delimiting character. As shown below you can see a basic Login banner is configured and configuration is verified by ending and reestablishing an exec session with the device.
Router(config)#banner login ^ Enter TEXT message. End with the character '^' ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## ^ Router(config)#end Router#exit
As shown below is the login banner configuration verfication;
Router con0 is now available Press RETURN to get started. ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Router>
Objective 2 requests that you to configure an exec banner so that any authenticated exec sessions will be shown what the device hostname is and the line the session is established on. In order to configure this type of banner you’ll need to know what Banner Tokens are. Banner tokens are basically a variable you can set in a banner that calls particular information from the device and dispatches it into the banner. The banner tokens that will be used in this objective are $(hostname) and $(line) which display the hostname and line number.
To configure the exec banner as required by objective 3, use the following text Session established to $(hostname) on line $(line)
Like the previous Login banner you’ve configured you execute the same command in global configuration mode but rather executing banner login ^ you’ll execute banner exec ^ as shown below;
Router>enable Password: Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#banner exec ^ Enter TEXT message. End with the character '^' Session established to $(hostname) on line $(line) ^ Router(config)#
After the exec banner is configured, verify your configuration by terminating your exec session and reestablishing an exec session to the device as shown below;
Router(config)#end Router#exit Router con0 is now available Press RETURN to get started. ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Session established to Router on line 0 Router>
To read more about Banner Tokens click Here!
Objective 3 is the last objective of the lab which is to configure a Message of the Day banner, which is commonly used to display maintenance information on the Cisco device such as “This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM”
The MOTD banner is displayed prior to the login banner on a Cisco Router or Switch and is configured the same was as any other banner which is to execute the banner command followed by the type of banner and the delimiting character in global configuration mode. As shown below is an example MOTD banner configuration and verification;
Router>enable Password: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#banner motd ^ Enter TEXT message. End with the character '^' This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM ^ Router(config)#
To verify the MOTD banner configuration, exit and reestablish an exec session to the device as shown below;
Router(config)#end Router#exit Router con0 is now available Press RETURN to get started. This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Session established to Router on line 0 Router>
