The majority of Cisco devices, especially routers and switches have the ability to create login banners and options on how to connect to the device via the console or more typically Telnet or SSH (Secure Shell). Banners are used to initially tell the person logging into the device a message. This message can be anything but it's usually to warn the user about device you're logging into, unauthorized access warnings, and etc. The banner command is enabled under the Cisco device's global configuration mode. There are 3 different type of banner configurations that are typically used:
- Message of the Day (MOTD) – This banner is shown before the user is prompted to login. Usually configured to display the device's location, type, and so on.
- Login – Again this type of banner is shown before the login prompt but after the MOTD banner. The most common use for this banner is to configure permanent messages stating that only authorized access is allowed and that your session is logged!
- Exec – This banner is typically only used to provide information that shouldn't be read by any unauthorized users. Therefore this banner type shows up after the user is logged into the router.
To create a banner, from the global configuration mode you would start the message with what's called a delimiter character. This character basically tells the Cisco device where the message begins, once this delimiter character has been entered again in, it then tells the Cisco device where the message ends. Take a look at the following example:
Router (config) # banner motd #No Unauthorized Access #
The "#" character entered at the beginning of the message tells the router where the message begins. Once the message is complete, we type "#" again to tell the router where the message ends, this is the delimiter character!