Interface Technical Training

How to create a Cisco IOS Banner – Login and MOTD Message of the Day

In this video, Cisco CCNA instructor Mark Jacob shows how to create a Login and Message of the Day (MOTD) banners in Cisco IOS.

The Banner is an interesting feature of the Cisco IOS. You could probably get by without it, but in a commercial environment you want to have it.

Video Trascription

What good is a banner? If somebody’s intent on breaking into my network, the banner’s not going to scare them away. But it will certainly give you a legal means, or a legal leg, to stand on. If you have a warning telling them to stay out and they come in anyway, now you can prosecute.

In the absence of the banner, or if you have a banner that says, “Welcome to our network, come in and have fun hacking,” you realize that you’re leaving yourself wide open.

I have a scenario that I’ve built, with a simple router.

What I’m going to do is log in to this router. It’s built inside GNS3.

I’m going to modify the banner and show you a couple of ways to set the banner.

I’ll bring up my console to this device.

The command is #banner and the question (?) mark can help you out.

I can put my banner in lots of places. The one I’m going to focus on right now ‑‑ or actually two that I’m going to be talking about today ‑‑ banner login and banner MOTD. M‑O‑T‑D, message of the day.

Cisco IOS Login Banner

You could type, if I follow the question marks through, (#banner login ? and some line, some text that I want it to say.

Although you also notice that you a delimiting character. By default Cisco uses a “C”. This is some delimiting character which means to tell the device where the message starts.

This is the way I like to configure my banners, because now you can get online and find yourself some cool ASCII art. Paste that in, and that can be your banner.

I’m going to pick a delimiting character (%). The delimiting character can be any character that does not also appear in the body of your message. If it appears in the body of the message, as soon as it appears the second time, the device presumes that you’re done typing your message.

I use a percent sign “%” because that’s not in my banner. I’m going to hit Enter as opposed to continuing my message. I’m going to hit Enter.

It will prompt me, to enter my text message. At this point, if I had some ASCII art, such as Snoopy and the Red Baron or whatever, I could go to that text file, copy it, and paste it in.

I didn’t do that, so let’s do some interesting stuff. Let’s pick some characters. Just pound “#” signs and asterisks “*”, to have a box around it and hit enter.

You’ll notice, it still thinks I’m not done yet. Why? Because I haven’t put the delimiting character “%” in.

I’ll type “Here is a cool login banner!!” And then add some pace and place a (#) pound sign again.

I like to do it this way because now you can align your messages. If you try to do it in one long command, you’ll invariably end up with your columns not aligned.

Let’s go ahead and finish it and hit enter.

Now, I can keep hitting Enter and it’s still going to think I’m entering messages.

How do I indicate that I’m done? I have to enter the same delimiting character that I started with, which was a percent sign (%). Hit Enter.

It accepted my command.

One of the cool things you can do in GNS3 is to bring in a real host.

I have an actual Windows 7 box running inside Oracle VirtualBox. It’s a free download.

I want to access this PC, so I’ll come down here in my VirtualBox and click on it.

I can do far more than just generate pings from this machine. Notice it has PuTTY installed. I can double‑click and launch it.

You’ll notice that the address I’m trying to reach, 10.4.1.1. that’s the address on the interface of the router to which I’m about to try to access remotely, so that I can see if my banner has been successful.

Let’s go ahead and launch PuTTY.

I’m going to go ahead and leave it in the Telnet and click Open.

Look at that. That is the exact banner that I just created, and I get to see it.

Let’s go ahead and exit this, close this connection.

MOTD (Message of the Day) Banner

The other Cisco IOS banner you might find useful is your MOTD (Message of the Day). You may wonder why have two? The login banner, pretty much everybody sees it, logs in.

A banner MOTD message of the day might be for things like the system’s going to be going down this afternoon at 3:00 o’clock for maintenance etc… Again, the idea of the name of it, a helpful message of the day.

#banner motd, I’m going to use the same delimiting character (%). It can be anything that doesn’t appear in the message, so I’ll use a percent sign (%) which is my favorite. And hit Enter.

Let’s make some more pretty lines using the pound symbol (#). And I’ll type “This is a cooler motd!!”

I realize this is boring compared to some sweet art out there that you can paste in.

Let’s go ahead and close it out with (#) symbols all the way across and to let the device know that I’m done, the same delimiting character, the percent sign,(%) again.

Now I have a message of the day, and a banner login. Let’s go back to our test box and initiate PuTTY again. 10.4.1.1. I don’t have to change anything. Let’s go ahead and open it.

You’ll notice I have (motd) Message of the Day and a Login banner appearing in my text.

You may think that these are boring names, but it does make it obvious which one’s which.

The one on the top is MOTD (Message of the Day. The one on the bottom is the Login.

Occasionally, I’ve had a feedback that they want to know if you’re being tested if you’ve got them both going, which one are you likely to see first? I name it so it’s obvious which one’s which.

Banners are very useful tip to have. In fact, if you want to Google it, you can even include variables in there like, “You have attached to device named xyxyxyxy.” It’ll tell you that. Not necessary, but it makes your work environment more cool.

Banner login, banner MOTD ‑‑ very useful in a production environment in the sense of, you warn people to stay out, and then you prosecute them when they don’t.