What is banner command in Cisco?

banner exec delimiter message delimiter no banner exec

Table of Contents Show

MOTD Banner
Login banner
Exec banner
Banner MOTD
Banner Login
Banner Exec

The banner that is displayed to the user upon successful login

This command specifies the message that is displayed after the user has logged in to the router. It is not displayed for reverse-telnet connections. This command defines only the banner message; use the exec-banner command to enable or disable the message. The delimiter marks the beginning and the end of the message; it may be any character that isn’t used in the message.

Here’s an example of a banner:

Router(config)# banner exec # Welcome to Pyramid #

You can also do multiple lines:

Router(config)# banner exec # Enter TEXT message. End with the character '#'. Welcome to Pyramid Enjoy your stay #

To delete the banner:

Router(config)#no banner exec

By default, this banner is automatically active; disabling the banner requires the use of no exec-banner:

Router(config)#no exec-banner

Note that disabling the exec-banner also disables the motd-banner.

banner motd delimiter message delimiter no banner motd

The banner that is displayed before the login prompt

This command specifies the message that is displayed as the Message Of The Day, the very first message displayed to an incoming connection. This command defines only the message; the motd-banner command enables or disables the display. The delimiter marks the beginning and the end of the message; it may be any character that isn’t used in the message.

The following commands create a message-of-the-day banner and enable its display:

Router(config)# banner motd # All routers will be rebooted at Sunday 10AM # Router(config)# motd-banner

The motd-banner command isn’t strictly necessary, since the display is enabled by default. To disable the display, use the no motd-banner command:

Router(config)#no banner motd

Cisco IOS devices support a number of banners that are presented to users when they use the console line or when they connect remotely using telnet or SSH. They are often used to inform users about their legal rights. It might be a good idea to present a banner to users who are trying to connect to your device, here are some items you might want to think about:

To show that only authorized users are allowed to connect.
That all traffic will be monitored.
That there is no expectation of privacy.
Don’t use anything that says “welcome”.
Don’t add any contact information or information about the router in the banner.

here’s a good example on the website of the California Technology Agency that gives you more information about what a good banner should contain and some sample texts. Before you implement any banners, make sure to check your legal council first. Having said that, let’s look at the different banners…

Cisco IOS routers support a number of banners, here they are:

MOTD banner: the “message of the day” banner is presented to everyone that connects to the router.
Login banner: this one is displayed just before the authentication prompt.
Exec banner: displayed before the user sees the exec prompt.
Incoming banner: used for users that connect through reverse telnet.

We’ll take a look at how to configure these different banners now.

We’ll start with the message of the day banner that will be presented to anyone accessing the router:

R1(config)#banner motd # Enter TEXT message. End with the character '#'. Authorized users only, violaters will be shot on sight! #

The # symbol is a start and stop character. You can use any other character if you want. This is what the MOTD banner looks like:

R1#exit R1 con0 is now available Press RETURN to get started. Authorized users only, violaters will be shot on sight!

A nice and welcome banner that everyone will see…let’s move on to the login banner now.

The login banner is presented to users that access the router remotely using telnet or SSH:

R1(config)#banner login $ Authenticate yourself! $

Let’s try it out:

R1#telnet 1.1.1.1 Trying 1.1.1.1 ... Open Authorized users only, violaters will be shot on sight! Authenticate yourself!

Above you see that the login banner is displayed after the MOTD banner. It would have been better if I added some empty lines so that the login banner would show up below the MOTD banner.

The exec banner is shown just before the exec prompt:

R1(config)#banner exec # Enter TEXT message. End with the character '#'. You are connected to line $(line) at router $(hostname) #

This time I added an extra line in the banner and I also used some operators like $(line) and $(hostname). Let’s see what that looks like:

Cisco banners are customized messages displayed on a terminal when a user is trying to connect to our Cisco IOS devices via Telnet, SSH, Console port, or Auxillary port. They are most commonly used to display security warnings and informational messages. There are different types of banner messages, such as Message of the day (MOTD), Login banners, and Exec banners. These can be displayed in the CLI before and/or after the user logs in to a Cisco IOS device. The three are the most common types of a banner that can be configured on a Cisco switch and routers.

The Message of the Day (MOTD) banner will be displayed before the user authenticates to our devices. It is typically used to display a temporary notice that may change regularly, such as system availability.

To create a MOTD banner on a Cisco router, the following banner MOTD command is used from the router’s global config mode:

Router(config)# banner motd $ Attention! We will be having scheduled system maintenance on this device. $ Router(config)#

NOTE
Be careful on choosing your delimiter character when configuring your banner, the banner must not have a delimiter character on its content, or else, the cisco ios will interpret it as an indicator to end the banner message.

In this example, the MOTD banner spans multiple lines of text, and the delimiting character, which is also called start/stop character, is the dollar sign ($). Now let’s try to access our devices to see what the MOTD Banner looks like:

Router con0 is now available Press RETURN to get started. Attention! We will be having scheduled system maintenance on this device. User Access Verification Username: % Username: timeout expired! Username:

The figure above shows the MOTD banner before the user logs in to the router.

The Login banner will also be displayed before the user authenticates to our devices. It will show up after the MOTD banner. Unlike the MOTD Banner, it is designed to commonly display legal notices, such as security warnings and more permanent messages to the users.

To create a Login banner on our device, the following command is used from the router’s global configuration mode:

Router(config)# banner login ? Warning! Authorized personnel only. ? Router(config)#

In this example, we use a question mark (?) as a delimiting character to indicate the start and stop of the banner configuration.

Now let’s try to access our Cisco device to see what the Login banner looks like:

Router con0 is now available Press RETURN to get started. *Mar 1 00:22:33.231: %SYS-5-CONFIG_I: Configured from console by cisco on console Attention! We will be having scheduled system maintenance on this device. Warning! Authorized personnel only. User Access Verification Username:

As you can see above, the login banner is shown after the MOTD banner before the user logs in to the router.

We use Exec banner to display messages after the users, or network administrators are authenticated to our Cisco IOS devices and before the user enters UserExec Mode. Unlike MOTD, the Exec banner is designed to be more of a permanent message and would not change frequently.

To create an Exec banner on a Cisco router, the following Exec banner command is used from the router’s global configuration mode:

Router(config)# banner motd 8 Please log out immediately if you are not an authorized administrator 8 Router(config)#

In this example, We use the number eight (8) as a delimiting character to indicate the start and stop of the banner configuration, just to show that any character can be used.

Now let’s try to access our Cisco devices to see what the Exec banner looks like:

Router con0 is now available Press RETURN to get started. Attention! We will be having scheduled system maintenance on this device. Warning! Authorized personnel only. User Access Verification Username: cisco Password: Please log out immediately if you are not an authorized administrator Router>

The image above confirms that the MOTD, Login, and Exec banners are all displayed respectively.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: