1
00:00:01,080 --> 00:00:02,160
So let's configure

2
00:00:04,330 --> 00:00:13,870
a login banner. So banner login specify the delimiting character, which in this case is going to be

3
00:00:13,870 --> 00:00:17,950
a hash or pound and I'll say login banner.

4
00:00:21,640 --> 00:00:29,900
Specify the delimiting character to end the message, so hash or pound, so previously when we telnet

5
00:00:29,920 --> 00:00:35,950
it to router 2 we saw the message of the day banner and then we were prompted for our password.

6
00:00:37,110 --> 00:00:46,470
Now, when we turn it back, we see firstly message of the day and then a log in banner and then our

7
00:00:46,560 --> 00:00:47,850
authentication information.

8
00:00:48,780 --> 00:00:50,130
Now on the console, 

9
00:00:52,300 --> 00:00:59,740
notice the banner message of the day is displayed, but no, login banner is displayed, so it's

10
00:00:59,740 --> 00:01:08,680
different to what we saw on the VTY line, and that's because we didn't configure any kind of authentication

11
00:01:08,980 --> 00:01:09,880
on the console.

12
00:01:11,350 --> 00:01:19,870
So if I now specify a password on the console and then login, we see both the message of the day banner

13
00:01:19,990 --> 00:01:24,010
as well as the login banner and then we're prompted for our password.

14
00:01:24,460 --> 00:01:30,990
So this is shown when I log in is configured, in other words, when you're prompted to enter your password.

15
00:01:31,510 --> 00:01:34,000
So we see a message of the day first, then login

16
00:01:34,000 --> 00:01:38,520
banner, banner exec.

17
00:01:41,140 --> 00:01:43,750
So let's say exec banner, 

18
00:01:48,300 --> 00:01:52,020
delimiting character be back to global config mode, 

19
00:01:55,050 --> 00:02:01,710
telnet back to the router, we see message of the day, login password prompt, and 

20
00:02:02,130 --> 00:02:05,820
when we now login, we see the exec banner.

21
00:02:06,150 --> 00:02:14,190
So the banner is only displayed after log in on the console of RAW to receive the message of the day

22
00:02:14,680 --> 00:02:15,680
log in banner.

23
00:02:15,990 --> 00:02:17,250
We put a password in.

24
00:02:17,700 --> 00:02:21,240
After entering our password, we see the banner.

25
00:02:21,540 --> 00:02:26,400
So exact banner is only displayed after successful authentication.

26
00:02:29,400 --> 00:02:35,250
Now, generally, you're not going to create lots of banners, you may, as an example, just use one

27
00:02:35,250 --> 00:02:41,490
of them, such as the Log-in banner or the banner or message of the day banner.

28
00:02:42,690 --> 00:02:49,630
It is important, however, that you specify some kind of banner on your routers, so as an example,

29
00:02:49,630 --> 00:02:56,220
if we telnet from about a two to one in this example, we need to set up a password.

30
00:02:56,460 --> 00:03:04,620
So a line VTI zero to four login password, Sasko and Telnet back again.

31
00:03:05,520 --> 00:03:10,890
We are not shown any warning messages about not accessing this router.

32
00:03:11,880 --> 00:03:19,140
So we should have some kind of banner, which may be something such as a login banner stating that if

33
00:03:19,140 --> 00:03:24,780
you access this router, I will find you.

34
00:03:29,160 --> 00:03:37,170
And we can imagine what we would say then I wouldn't put that on this video, but I will find you and

35
00:03:37,170 --> 00:03:38,710
do something nasty to you.

36
00:03:39,670 --> 00:03:47,790
So now when we tell it to the radar notice, it says if you access this router, I will find you and

37
00:03:47,790 --> 00:03:49,500
destroy you or something.

38
00:03:50,510 --> 00:03:57,620
I should obviously talk to your lawyer, solicitor, attorney, whichever, Temmuz, you should talk

39
00:03:57,620 --> 00:04:03,610
to someone in the legal department to get the proper phrase to add to this message.

40
00:04:04,100 --> 00:04:07,820
So that's banners, to sum up

41
00:04:10,370 --> 00:04:18,440
we have an exec banner, message of the day banner, and login banner, message of the day is typically used

42
00:04:18,470 --> 00:04:24,770
typically used to display some kind of message of that day, such as the router is going to be taken offline.

43
00:04:25,250 --> 00:04:33,650
Login is used before a login prompt and exec is shown after logging when the exec process starts.

44
00:04:34,310 --> 00:04:38,270
Don't forget, your delimiting character shouldn't be a character used in your message.

45
00:04:38,720 --> 00:04:44,270
So as an example, if I specify O, and then say my Cisco router.

46
00:04:45,460 --> 00:04:47,920
It immediately ends the message at this point.

47
00:04:48,970 --> 00:04:55,330
So if I telnet to the router notice, my message of the day banner has been changed to this.

48
00:04:55,930 --> 00:04:57,640
Now I didn't specify message of the day

49
00:04:59,650 --> 00:05:01,810
but do show run pipe begin banner, 

50
00:05:04,160 --> 00:05:11,690
Shows us that that's what's been configured in the output on the show run notice the hash or pound was

51
00:05:11,690 --> 00:05:17,420
changed to ^C to indicate the start and end of the message.

52
00:05:17,960 --> 00:05:20,790
That's useful when you want to do a copy and paste.

53
00:05:21,080 --> 00:05:23,180
So as an example, we could copy this

54
00:05:27,140 --> 00:05:30,140
and on router 1, we could paste that message.

55
00:05:31,440 --> 00:05:42,510
So now let me telnet to router, notice the login banner displays and the exec banner displays.