Add a login banner to your Cisco router

Posted September 18, 2003 by Quinn McHenry in Cisco router

A login banner is displayed whenever someone connects to the router by telnet or console connections.

The syntax for the banner command is:

banner motd {char} {banner text} {char}

where {char} is a special delimeter character that does not exist in the {banner text}. Everything contained between the first and second {char} characters, including carriage returns, is interpreted as the banner message. For example,

config t
banner motd #
* Unauthorized access prohibited

See the comments below for additional, amazing uses for this feature.


About Quinn McHenry

Quinn was one of the original co-founders of Tech-Recipes. He is currently crafting iOS applications as a senior developer at Small Planet Digital in Brooklyn, New York.
View more articles by Quinn McHenry

The Conversation

Follow the reactions below and share your own thoughts.

  • renso


  • Anonymous

    you can also use variables like:

    Hostname $(hostname)
    Domain $(domain)
    Line $(line)

    • VladisLuck

      Tack så mycket.

      • Anonymous

        Besten Dank für Ihre Nachricht. Ich befinde mich zur Zeit im Urlaub und habe nur bedingt Zugriff auf mein Email- Postfach. Ich bin wieder ab Montag, den 11. Okt 2010 im Büro.

        In dringenden Fällen können Sie sich in Netzwerkbelangen an Herrn Damian Keller (061 260 77 29) wenden und in Client/Serverbelangen an Herrn Christian Halm (061 260 66 33)

        Selbstverständlich steht Ihnen rund um die Uhr unser Pikettdienst zur Verfügung. Bitte kontaktieren Sie uns unter 061 260 66 66 oder unter der auf Ihrem Wartungsvertrag vermerkten Servicehotline!

        Ihre Nachricht wird nicht weitergeleitet!

        Samuel Heinrich
        Network Engineer CCNA
        IT & TelCom

    • jojo

      > you probably don’t want to use these variables in your banner. If i was a hacker and saw these variables in the banner, it would give me great information ot use. Don’t put anything about your topolgy in the banner, unless its your home lab and you don’t have to worrry about intruders

      Hostname $(hostname)
      Domain $(domain)
      Line $(line)

      • Drive By

        > true enough, but if you do it this way you’re only giving information (DNS and login info at that) to those that managed to login, no recon info gained otherwise:

        banner exec ^C
        Login Successful: $(hostname).$(domain) on line $(line)
        banner login ^C
        * Unauthorized access prohibited
        * All activity is logged and abuses
        * will be reported.

        with the added benefit that some scripts that login automatically can parse this and log it (in case of “stuck” lines for exactly).

  • Anonymous

    thanks a lot

    so easy!

  • Anonymous

    Thanks a lot, I forgot, I was trying and trying and this refreshed my memory. And this isn’t a big comand after all, shame on me…..

  • najam

    can you plz tel me how i can mention a perticular level for banner

  • jyrki

    This is not LOGIN banner. It’s MOTD banner. It’s frustrating to try to find information about why someone would use login banner instead of MOTD banner as every google result there comes directs to answers or directions where some body asks about login banner and another one answers with MOTD banner.

    FYI all. There is several levels of banners in IOS. And for most of you it is enough to know that you should use MOTD banner.
    But i’m looking thorough information about use of LOGIN banner.

    • CCENT

      Banner Typical Use

      Message of the Day (MOTD) —-> Shown before the login prompt. For temporary messages that may change from time to time, such as “Router1 down for
      maintenance at midnight.”

      Login —–> Shown before the login prompt but after the MOTD banner. For
      permanent messages such as “Unauthorized Access Prohibited.”

      Exec —–>Shown after the login prompt. Used to supply information that
      should be hidden from unauthorized users.

  • Mohd_arbi

    hey thnds dear for help

  • Akbar

    Thanks for valued information on banner creation on cisco router and switch

  • Cachinho

    if you like to add a logo for that banner use some image to asci generator …prety cool.

  • Paul

    The documentation for Cisco banner exec is a bit confusing, possibly even contradictory. Page 37 of the v15 “Cisco IOS Configuration Fundamentals Command Reference.pdf” states “This command specifies a message to be displayed when a EXEC process is created (a line is activated, or an incoming connection is made to a vty).”

    The very next paragraph states “When a user connects to a router, the message-of-the-day (MOTD) banner or incoming banner will be displayed, depending on the type of connection. For a reverse Telnet login, the incoming banner will be displayed. For all other connections, the router will display the EXEC banner.”

    A “reverse telent” connection is an in-band, or VTY connection, whereas serial connections are via the aux or console ports. Both statements can’t be true since they directly contradict each other: “…connection made to a vty” and “the Exec banner or incoming banner… depending… reverse Telnet login, the incoming banner… For all other connections,… the Exec banner.”

    I’m confused.