Cisco CCNA (640-553) Security Training
Using the “aaa authentication banner” command
By Charles Ross CCNA - CCNP #CSCO10444244
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa authentication banner”.
Network administrators (like you) use the “aaa authentication banner” command to configure a personalized banner (message) that will be displayed at user login.
Below is the command’s syntax:
Syntax: aaa authentication banner zstringz
Notice, that the command has the letter “z” at the beginning and at the end of the character string. The letter z is called the “delimiting” character and it is used to inform the router that the characters that make up the string are to displayed as the banner.
Remember, the “delimiting” character doesn’t always have to be the letter “z” it can be any ASCII character; but, once you’ve chosen a delimiting character, that character can not be used in the character (banner) string portion and must be located at the beginning of the string portion and at the end of the string portion.
And just in case you were wondering, the string (banner) portion of the command can be a maximum of 2996 characters.
Below is an example of the command being used:
Example: Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa authentication banner cUnauthorized use is prohibited.c
Router(config)#aaa authentication login default group radius
Router(config)#exit
Router#copy run start
Notice, that the letter “c” is the delimiting character and the string (banner) that is going to be displayed to users is “Unauthorized use is prohibited”.
And, if you need to remove a string (banner) you’ve created, all you have to do is type the word “no” in front of the command like you see in the example below:
Router(config)#no aaa authentication banner cUnauthorized use is prohibited.c
Note: If you have TACACS+ as your first method in the method list, your AAA authentication banner message (string) will not be displayed.
Also, in order for you to use the “aaa authentication banner” command; your router(s) must be running Cisco IOS 11.3(4)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa authentication banner command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross
CCNA- CCNP #CSCO10444244