1 00:00:01,120 --> 00:00:07,310 Banners allow you to display text when a user connects to a Cisco router or switch, 2 00:00:07,930 --> 00:00:14,710 This is often used to display a message, perhaps a message of the day indicating that maintenance will 3 00:00:14,710 --> 00:00:22,540 be done on the network or more often these days, it's used to display a legal message stating that 4 00:00:22,540 --> 00:00:25,210 unauthorized access is not permitted. 5 00:00:25,790 --> 00:00:31,150 If a hacker connected to your router or switch as an example and you don't display some kind of warning 6 00:00:31,150 --> 00:00:37,060 message or some message to indicate that unauthorized access is not permitted 7 00:00:37,630 --> 00:00:43,840 it may be more difficult to prosecute them as they would state that there was no indication that access 8 00:00:43,840 --> 00:00:44,690 is not allowed. 9 00:00:45,160 --> 00:00:52,270 It's a very bad idea to have a message saying, welcome to my router or welcome to my switch, because 10 00:00:52,270 --> 00:00:55,540 that would indicate that someone is allowed to access that device. 11 00:00:56,050 --> 00:01:03,400 It's a good idea to get some input from your legal department to find out what message should be used 12 00:01:03,640 --> 00:01:07,780 as a corporate policy or in specific countries of the world. 13 00:01:08,110 --> 00:01:12,160 You couldn't, as an example, say that if you access my router, I'm going to shoot you. 14 00:01:12,700 --> 00:01:13,840 That wouldn't be legal. 15 00:01:14,020 --> 00:01:17,920 As an example, Banners can display all kinds of text. 16 00:01:18,040 --> 00:01:22,060 Here's an example of a router that I've got configured. 17 00:01:22,960 --> 00:01:28,330 So in this example, I've entered my username and password and I'll be able to log in to the router 18 00:01:29,650 --> 00:01:36,010 but notice some kind of message is displayed stating that you shouldn't access the device unless authorized, 19 00:01:36,400 --> 00:01:41,980 and here's some additional information is provided to the user if they want to access these labs. 20 00:01:43,060 --> 00:01:48,130 No such message is displayed by default, so as an example, if I telnet from router to router 2. 21 00:01:49,310 --> 00:01:50,540 I'm able to log in 22 00:01:52,030 --> 00:01:59,920 and all I'm prompted for is the user access verification, which in this case is a password, no banners 23 00:01:59,920 --> 00:02:05,890 have been configured on this router, but in global configuration mode, you can use the common banner 24 00:02:05,890 --> 00:02:12,820 and question mark to view various types of banners that can be configured on a router or switch. For 25 00:02:12,820 --> 00:02:13,210 the CCNA 26 00:02:13,210 --> 00:02:19,380 course, we're going to concentrate on the exect banner, log in banner, and message of the day banner. 27 00:02:20,080 --> 00:02:23,290 Other messages such as incoming can also be configured 28 00:02:23,560 --> 00:02:25,450 but that's not important for CCNA. 29 00:02:25,840 --> 00:02:32,470 A message of the Day banner may be used to display a temporary message, such as a router may be taken 30 00:02:32,470 --> 00:02:35,410 offline for maintenance at a specific time. 31 00:02:36,530 --> 00:02:45,110 A login banner is shown before user logs in, so it may display a message such as unauthorized access is 32 00:02:45,110 --> 00:02:49,220 prohibited, an exec banner displays after login. 33 00:02:50,090 --> 00:02:57,260 You could use this to display information that only internal staff should know, such as the physical 34 00:02:57,260 --> 00:02:58,640 location of the device. 35 00:02:59,420 --> 00:03:02,510 So the information is not shown before login 36 00:03:03,080 --> 00:03:06,590 only after you're authenticated is the information displayed. 37 00:03:07,680 --> 00:03:11,210 Now, you don't have to use those messages in that way. 38 00:03:12,160 --> 00:03:19,840 This is actually being configured on this route as a message of the day, so on this router show run 39 00:03:19,990 --> 00:03:21,420 pipe, begin banner. 40 00:03:24,310 --> 00:03:31,370 Here's the show command and notice the command used here is banner message of the day, which display 41 00:03:31,370 --> 00:03:36,050 some ASCI text and then a warning message and then ends. 42 00:03:37,160 --> 00:03:42,550 Notice the delimiting character used is C indicated by character C, 43 00:03:43,070 --> 00:03:45,860 so that's the beginning of the message and end of the message. 44 00:03:47,600 --> 00:03:52,400 So when you use the command banner question mark, you've got this option line. 45 00:03:53,480 --> 00:03:58,470 Which says banner-text-c, where c is a delimiting character. 46 00:03:59,270 --> 00:04:03,530 Now, you don't typically want to use the letter C, as an example, 47 00:04:03,980 --> 00:04:13,700 if I say banner C and then type something like my Cisco router, notice I'm taken back to global configuration 48 00:04:13,700 --> 00:04:14,030 mode 49 00:04:18,060 --> 00:04:21,060 but if we telnet back to router 2, 50 00:04:22,070 --> 00:04:25,040 notice the message of the day message displayed is my. 51 00:04:26,040 --> 00:04:32,580 C in this example is the delimiting character, so the message was cut off or ended at the letter 52 00:04:32,580 --> 00:04:36,990 C, hence only my space was displayed. 53 00:04:38,460 --> 00:04:45,840 What you probably want to use is something like a hash or dollar sign or some other character that you're 54 00:04:45,840 --> 00:04:52,050 not going to put in your message or create a basic message, 55 00:04:53,820 --> 00:04:54,660 such as this. 56 00:04:55,780 --> 00:04:58,720 So that when we log in, we can see which banners are displayed. 57 00:05:00,150 --> 00:05:06,450 I could enter another line such as the following, and then continue to enter multiple lines. 58 00:05:08,500 --> 00:05:15,460 Hash or pound indicates in this example that I've finished my message and notice I'm taken back to global 59 00:05:15,460 --> 00:05:16,600 configuration mode. 60 00:05:17,820 --> 00:05:24,470 So now when I telnet to router 2 the message is displayed and I can log in. 61 00:05:25,230 --> 00:05:32,160 So the message was displayed before the password prompt on the telnet line. 62 00:05:33,280 --> 00:05:39,880 Whereas previously, before the message was created, nothing was displayed at this point. 63 00:05:41,640 --> 00:05:47,820 Now, a banner message of the day is also displayed on the console, so it doesn't just apply to telnet 64 00:05:47,820 --> 00:05:54,390 lines, it applies to all lines on the router, including what are called TTY lines. 65 00:05:55,260 --> 00:06:02,640 So as an example on this 3640 physical router show line, shows me that it has a console line. 66 00:06:03,120 --> 00:06:09,810 It has TTY lines which are, in this example, used for reverse telnet lines, and it has VTY lines which 67 00:06:09,810 --> 00:06:12,120 are used for telnet. 68 00:06:13,870 --> 00:06:15,580 So here's a line 97, 69 00:06:17,060 --> 00:06:25,940 when you telnet to a reverse telnet line or TTY line, you telnet to port number 2000 and that line number. 70 00:06:25,940 --> 00:06:26,350 number. 71 00:06:27,560 --> 00:06:30,890 So notice here it's displayed the banner message of the day 72 00:06:31,610 --> 00:06:36,110 and I'm actually connected to the console of a 3750 switch. 73 00:06:37,410 --> 00:06:42,930 Show line on the 3640 shows us that line 97 is in use 74 00:06:43,900 --> 00:06:51,650 and that's the reverse telnet connection used on the router to access the core 3750 switch. 75 00:06:52,690 --> 00:07:00,910 So in other words, a banner message of the day is displayed on all lines, including the console, 76 00:07:02,200 --> 00:07:02,950 auxillary, 77 00:07:04,330 --> 00:07:13,010 VTY lines and TTY lines, once again on router 1, I'll telnet to router 2, 78 00:07:14,430 --> 00:07:17,100 notice the banner message of the day is displayed.