There are five different types of banners that can be implemented on most Cisco IOS devices.

- Message of the day (MOTD)
- Login
- exec
- incoming
- slip-ppp

Let’s take a look at each of these in a little more detail to determine their purposes.

MOTD

This MOD banner is displayed on terminal lines at the time of login. This message will appear before the user/password prompt. To configure a message of the day:

Router(config)#banner motd ^
Enter TEXT message.  End with the character '^'.
This is a wise message of the day

^
Router(config)#

When you telnet to the device, this is what appears:

This is a wise message of the day

User Access Verification

Username:

Login

The login banner is displayed on terminal lines at login. This message will appear after the MOTD (if configured) and before the login prompts. To configure a login banner:

Router(config)#banner login ^
Enter TEXT message.  End with the character '^'.

Only authorized people may login to this router

^
Router(config)#

Below is what a telnet session looks like when both a MOTD and a login banner is configured:

This is a wise message of the day

Only authorized people may login to this router

User Access Verification

Username:

You might wonder when would you configure both a motd and a login banner. A login banner can be used to display a more ‘permanent’ message, that doesn’t get changed often - such as a disclaimer, security message, etc. The motd may be configured with only a temporary message, such as a message stating when the next maintenance will occur, etc…

EXEC

The exec banner when configured, will display when an EXEC process is initiated. For example, the exec process is started after a successful login via telnet. The message will display after successfully going through the username/password prompts and before the router/switch prompt is displayed. To configure an EXEC banner:

Router(config)#banner exec ^
Enter TEXT message.  End with the character '^'.

Make sure you know what you are doing before changing anything!

^
Router(config)#end
Router#

A telnet session with all three previous examples configured looks like:

This is a wise message of the day

Only authorized people may login to this router

User Access Verification

Username: admin
Password:

Make sure you know what you are doing before changing anything!

Router>

Incoming

You can configure a banner to be displayed on terminals connected to reverse Telnet lines. This banner is useful for providing instructions to users of these types of connections. An incoming banner is configured like:

Router(config)#banner incoming ^
Enter TEXT message.  End with the character '^'.
This is reverse telnet session A
^
Router(config)#

SLIP-PPP

This banner is used to display a message to standard PPP and SLIP dial up software. To configure a slip-ppp message:

Router(config)#banner slip-ppp ^
Enter TEXT message.  End with the character '^'.
Unauthorized access to this system is prohibited
^
Router(config)#