Adding banner files for Cisco router logins

Using banners on a Cisco router can make your administration job a lot easier. With the help of this quick Daily Feature, you'll have both login and message-of-the-day banners up in no time.

Okay. So they’re neither cutting edge technology nor thought and form born of hours and hours of struggling and studies by mad scientists. Banner ads are, however, tools that are often overlooked and underrated when it comes to configuring a Cisco router.

You can stop laughing now. I know; I know...Cisco routers aren’t toys, and they aren’t meant to be used to display banner files and login greetings. I would only disagree with you in practice. You see, I am a big fan of using banners. What is a banner you ask? A banner is simply a file used to display text when a user logs in (or attempts to log in). Take for instance a typical Linux FTP banner:
**************welcome to Willow's ftp server*************
**************  all use is logged  *************
************** if you experience problems *************
************** report them to web@willow *************

Although I've written tomes of verbiage about the correct and incorrect usage of the banner file, it should be obvious how this little trick can be useful to both the integrity of the server and to the system administrator. How can these tools be useful if they are mere warnings? Let's face it—we all have far too many machines to deal with during the typical (or atypical) day. More than once have I logged in to the wrong machine (under the fog of not having imbibed enough caffeine) and run a command completely not intended for the machine with which I was playing. Disastrous? Not necessarily, but it could have easily been so. As well, it could have easily been avoided with a simple banner file proclaiming to me (as the administrator) the name of the machine with which I was working.

At this point you're saying, "Hello, read the prompt!" Sure. That’s easy for you to say, but when it's 2:30 A.M. and you're trying to figure out why your primary router is diverting traffic away from your site, the last thing you want to have to do is try to remember if core-rtr1# or core-rtr2# is the right machine. Wouldn't it be easier if, when logging in, you were greeted with a logical, simple flag that said "I am your primary router; don't bring me down." Of course you certainly wouldn't want to announce this to the world (thereby enticing the hackers of the world to unite on your Cisco 3600 router). No, instead you might want to be greeted with something as simple as:
You are entering Router 1.

Now you know, right off the bat, what you are dealing with before you run the command Copy Startup-config Tftp. Of course, even the above banner could land you into trouble should a hacker break into your network.

Adding your banners
Of course, to add these banners (as with anything Cisco), you are going to have to use my favorite tool—the command line. Now that you've picked yourself up off the floor, log in to your Cisco router, and let’s start adding banners.

Although there are actually four types of banners for Cisco routers, you are only going to deal with motd (message-of-the-day) and login banners. Generally, motd banners are a very helpful tool for making your IT staff aware of changes or warnings. As for login banners, I've already explained their importance.

Adding login passwords
The first banner we are going to deal with is the login banner. This section will assume that you have set up your router properly so that the user can log in (from either telnet or console) to the router you are configuring. If you have not set your router up with a password, it is simple to do. From the console, log in to the router and go into privileged mode with the command:

or even

Once you are in privileged mode, you are ready to run the command to set up your login password. To set up this feature, you need to switch to the configuration mode with:
config t

Now, you are ready to enable your password. The command you will use is the Enable command. To do this, type:
enable secret password

where password is the password you wish to use. Now that you've run this command, completely log out by typing:
Ctrl + Z

followed by

What you have just set up is the console password. You might want to enable a telnet password as well. To do this, run the following commands:
config t
line vty 0 4
password password

where password is the password to be configured.

When you attempt to log in again, you will have to enter the password you just configured. You are now ready to configure your first banner.

Login banner
The login banner is really quite simple to enable. From the privileged mode, enter the following:
config t
banner login #This is the login banner#

With the above set of commands, you will notice that in the second command, you will place the text for your banner between the # symbols. Let's say you want to advertise this router as Secondary Router A. To do this, you would enter the following:
config t
banner login #You are entering Secondary Router A#

and whenever anyone logs in to this router, they will know where they are.

Motd banner
The next banner is the message-of-the-day banner. To configure the motd banner, run the following commands:
config t
banner motd #This is the message of the day#

Let's say you are planning on taking this particular router down at 5:00 P.M. You could add the following banner:
config t
banner motd #This router is going down today at 5 p.m.#

and anyone that logged in to that router would see your message.

Although banners are a very remedial step in network administration, they are very useful tools that can make your life easier. So long as you use caution (by not tempting fate and enticing hackers with threatening messages), these little tricks can come in handy on a number of occasions.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website

Editor's Picks