Cisco – Login Banner

The Cisco banners fullfill different needs. I use them to get a clear indication where I am going to connect to and perhaps add some legal sentenses that a full monitoring of all incoming traffic will take place and that legel actions might be taken.

Bu this is something everybody has to decide on its own what to place there.

A nice thing I figured out is ASCII Art and ther eis a pretty cool website that generates this Art out of a given Text String: ASCII TEXT

  ooooooo                          oooo     oooo                             o                                        
o888   888o oo oooooo   ooooooooo8  8888o   888   ooooooo   oo oooooo       888     oo oooooo  oo ooo oooo oooo   oooo
888     888  888   888 888oooooo8   88 888o8 88   ooooo888   888   888     8  88     888    888 888 888 888 888   888 
888o   o888  888   888 888          88  888  88 888    888   888   888    8oooo88    888        888 888 888  888 888  
  88ooo88   o888o o888o  88oooo888 o88o  8  o88o 88ooo88 8o o888o o888o o88o  o888o o888o      o888o888o888o   8888   
                                                                                                            o8o888    

Now this is a pretty cool logo. But not enough.

The problem that occurs is when shall the message be displayed ? packetlife.net has a pretty cool post on that

The most important information is that login banners will be shown on SSHv2 before login. But that is only partially true. The banner will be shown after inserting a username and pressing enter.

Now how do you identify your device ? Quite simple 🙂 Cisco added some makros into the banner command.

You get the line with:  $(line)

And the router name with: $(hostname) 

The full banner setup wouzld look like:

! getting into config mode
conf t
! create the banner
banner login ,
  ooooooo                          oooo     oooo                             o                                        
o888   888o oo oooooo   ooooooooo8  8888o   888   ooooooo   oo oooooo       888     oo oooooo  oo ooo oooo oooo   oooo
888     888  888   888 888oooooo8   88 888o8 88   ooooo888   888   888     8  88     888    888 888 888 888 888   888 
888o   o888  888   888 888          88  888  88 888    888   888   888    8oooo88    888        888 888 888  888 888  
  88ooo88   o888o o888o  88oooo888 o88o  8  o88o 88ooo88 8o o888o o888o o88o  o888o o888o      o888o888o888o   8888   
                                                                                                            o8o888    

Authorized Personal Only !
You are connected to line $(line) at router $(hostname)
,

The important part is to use delimiter that are not used in the signature itself. Thats the reason why I choose the “comma”.

So have fun trying it at your cisco gear.

Leave a Reply

Your email address will not be published. Required fields are marked *