Configuring a banner message on a Cisco device is an important security practice. It provides a simple and effective security measure that can help to protect against unauthorized access and ensure compliance with legal and regulatory requirements.
A banner message is a warning or notice displayed when someone logs in to a device. The message can provide legal warnings and policy statements or notify users that they are accessing a secure system and should not proceed without authorization.
There are three different banner messages that you can configure on Cisco IOS devices that can be used as administrative access solutions:
- Motd Banner: The message of the day banner is the first banner that displays when multiple banners of different types are configured on the device. You can configure one by using the “banner motd” command.
- Login Banner: This banner message is displayed before credentials are requested from the remote user. You can configure one by using the “banner login” command.
- Exec Banner: This banner message is displayed after successful authentication and authorization but before the first command prompt. You can configure one by using the “banner exec” command.
The banner messages are configured in global configuration mode, and any character of choice (except “?”) may be used to start and end the configuration of the banner message as long as it does not appear within the message itself.
The following configuration provides an example of configuring the three different types of banners on a switch using the dollar sign ($) to mark the start and end of the message:
Based on the banner configuration above, when a user makes a telnet session from a switch to the router using the 172.16.1.1 IP address, the following output will be provided:
