Banners can be configured to display when a user first connects (MOTD), when a user logs in (login), or when a user accesses privileged mode (exec). Banners are used for legal warnings such as when a user is cautioned not to access a restricted system or that their access of a system is subject to monitoring and logging. Banners are also used on locked systems placed at customer locations by service providers to provide contact information for device access or technical support.

The Cisco security appliance supports the use of login banners in console sessions and Telnet sessions, but not in SSH sessions. Exec and MOTD banners are supported in console, Telnet, and SSH sessions. Banners can be up to 510 characters in length. You can create multiple line banners either by creating multiple banner statements or by using the keystroke sequence of "\n" which inserts a carriage return.

Here's how banners are displayed: MOTD Banners--When usernames are not configured, MOTD displays at login in a serial console session and before login in Telnet sessions. When usernames are configured, MOTD displays before login in a Telnet session and after login in a serial console session. Login Banners--The login banner displays before login in Telnet and serial console sessions. Exec Banners--The exec banner displays upon login in all sessions.

How to Configure a Banner Note: The following procedures were tested on an ASA 5505 Security Appliance running software version 7.22. Other hardware or software platforms may require modification of these procedures in order to function properly. To configure a banner, use the following configuration mode commands: asa(config)#banner motd This is a restricted system. asa(config)#banner motd Do not attempt unauthorized access.

Notice the use of two banner motd statements to create a multi-line banner. As mentioned previously, you can also use the "\n" key sequence to insert a carriage return. You can view the banners you created with the following privileged mode command: asa#show running-config banner Hands-On Exercise: Creating Banners on the Security Appliance The following procedures are for training purposes only and should only be performed on devices in a laboratory environment. Under no circumstances should these procedures be performed on equipment in a live, production environment without first verifying their suitability in a laboratory environment. In the following hands-on exercise, you will create MOTD, login, and EXEC banners.

Step 1: In configuration mode, enter the following commands: asa(config)#banner motd This is the MOTD banner asa(config)#banner login This is the login banner asa(config)#banner exec This is the EXEC banner.
Step 2: Display the banners you just created with the following command: asa(config)#show running-config banner.
Step 3: Type exit repeatedly until you are logged out of your laboratory security appliance. Notice which banners are displayed.
Step 4: Enter privileged mode with the command "enable" and notice which banners are displayed.
Step 5: From your laboratory computer, start a Telnet session and again observe which banners are displayed. When you are finished, exit the Telnet session.
Step 6: Also from your laboratory computer, start an SSH session and again observe which banners are displayed. When you are finished, exit the SSH session.