Whispers & Screams
And Other Things

Cisco Banners

A banner is a useful tool for sending a security message to selected visitors to the equipment. Cisco equipment uses four different banner types to provide different messages at different times and these types are exec process creation banner, incoming terminal line banner, login banner and message of the day banner.

Of these four types, message of the day is the most extensively used banner. Is message is seen by anybody connecting to the router whether they connect via Telnet, Aux port or Console port.

Screenshot_1

 

The image above shows the available types on the command line.

The most frequently seen type of banner is the Message of the day (MOTD) as mentioned above. When configuring this type of banner the following prompt is seen:

=================================================================================================

 

Router(config)#banner motd ?

 

LINE  c banner-text c, where 'c' is a delimiting character

 

Router(config)#banner motd #

 

Enter TEXT message.  End with the character '#'.

 

If you are not authorised to be using this router you must disconnect immediately.

 

#

 

Router(config)#^z

 

Router#

 

20:25:12: %SYS-5-CONFIG_I: Configured from console by console

 

Router#exit

 

Router con0 is now available

 

Press enter to get started.

 

If you are not authorised to be using this router you must disconnect immediately.

 

Router>


====================================================================================================

The most important part to understand is the delimiting character—this is the element that’s used to tell the router when the message is complete. Any character can be used as a delimiting character, but you can’t use the delimiting character in the message itself. Also, once the message is complete, press Enter, then the delimiting character, and then Enter again.

Below are some details of the other banners discussed:
Exec banner You can configure a line-activation (exec) banner to be displayed when an EXEC process (such as a line activation or incoming connection to a VTY line) is created. By
simply starting a user exec session through a console port, you’ll activate the exec banner.
Incoming banner You can configure a banner to be displayed on terminals connected to reverse Telnet lines. This banner is useful for providing instructions to users who use reverse Telnet.
Login banner You can configure a login banner to be displayed on all connected terminals. This banner is displayed after the MOTD banner but before the login prompts. The login banner can’t be disabled on a per-line basis, so to globally disable it, you’ve got to delete it with the no banner login command.

Here is an example of a login banner:
!
banner login ^C
-----------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege
level of 15.
Please change these publicly known initial credentials using SDM or the IOS
CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use.
For more information about SDM please follow the instructions in the QUICK
START GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------
^C
!
The above login banner should look pretty familiar—it’s the banner that Cisco has in its default configuration for its ISR routers. Again, this banner is displayed before the login
prompts but after the MOTD banner.

Continue reading
622 Hits
0 Comments