Configuring MOTD Banner Messages

If you have used Windows or other operating systems in a corporate environment, you are likely familiar with the concept of a login message or banner. This is a message presented to users, usually before they attempt to log in. The main reason for these banners is to provide users with information, perhaps a warning message that makes them aware of security restrictions on this particular equipment. While this message won’t do anything to actually stop them from attempting to log in, it does help to cover things from a legal perspective.

Many operating systems and applications provide users with a “welcome” prompt. Believe it or not, there are precedents where hackers have claimed that they were “in the right” for hacking into private systems – the message did welcome them, after all.

Regardless of how ridiculous you may think this is, it’s still a good idea to set up banner messages on your systems. At the very least, you are making people who attempt to connect aware that unauthorized users should not be accessing the system.

A variety of different banners can be created on a Cisco router, but the most popular is the “message of the day” or MOTD banner. Users will be presented with this banner every time they attempt a connection via the console port, auxiliary port, or a telnet session. MOTD banners are configured from global configuration mode. In the example below, we’re going to configure our router to display a simple message that states that only authorized users are allowed access.

toronto-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#banner motd ?
LINE c banner-text c, where 'c' is a delimiting character
toronto-1(config)#banner motd #Authorized Access Only!#

The command used to configure a MOTD banner is banner motd. Notice that we followed the command with a question mark, in order to determine how to complete it. In this case, the output tells us that we need to start and end the banner message with a “delimiting character”. A delimiting character is one that cannot be used within the actual message. For example, you might choose to use the $ or # signs, with the same character appearing at the beginning and end of the message. Logging out and attempting to access the router again presents us with the MOTD banner.

Authorized Access Only!
User Access Verification
Password:

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.