Image of Jeremy L. Gaddis, CCNA, CCNP (and Cortney, in case you were wondering)

Using Tokens in Cisco Banner Messages

by Jeremy L. Gaddis on September 8, 2011 · 0 comments

Post image for Using Tokens in Cisco Banner Messages

In a previous article, we talked about login banners and the messages that we can display to users both before and after they log in. We can make these banner messages more useful to the users by including some device-specific information in them.

In Setting Login Banners on Cisco Devices, under the section on “Exec Banners”, we created a banner message with some information about the specific device that we were working on — but there’s another way to do it.

Types of Tokens

We can make our banner messages much more useful by providing to the user information about the device he or she is logged into. For the three types of banners we looked at, there are four tokens— or variables — that we can use in our banner messages:

  • $(hostname)
  • $(domain)
  • $(line)
  • $(line-desc)

When the banner message is displayed to the user, any tokens will be replaced by the appropriate information about the router. First, though, we’ll have to configure that information.

Setting the Appropriate Values

For this example, we’ll configure the hostname and domain name of our router and set the location on the VTY lines as the physical address. In “the real world”, this information should be set to whatever is meaningful in your environment.

Here’s what we need to configure to make this work:

Router> enable
Router# configure terminal
Router(config)# hostname core-router
core-router(config)# ip domain name freeccnalabs.com
core-router(config)# line vty 0 4
core-router(config-line)# location Equinix NY9 IBX, 111 8th Ave, New York City
core-router(config-line)#

Configuring the Banner

With these values set, we can now use the tokens in our exec banner to provide meaningful information to a user when they log in:

core-router(config-line)# exit
core-router(config)# banner exec ~
Enter TEXT message.  End with the character '~'.

You are connected to line #$(line) on
$(hostname).$(domain).

This device is physically located at:
$(line-desc).

~
core-router(config)#

Results

With the values defined and the exec banner configured, you’ll see output similar to the following when you login on a VTY line using telnet or SSH:

User Access Verification

Password:

You are connected to line #2 on
core-router.freeccnalabs.com.

This device is physically located at:
Equinix NY9 IBX, 111 8th Ave, New York City.

core-router>

Lab Exercise

Summary

At one point or another, I think most of us have accidentally entered a command on the wrong device. Providing device specific information when a user logs in is one easy way of helping ensure that he or she is working on the correct device.

NOTE: You can use these tokens in the MOTD, login, and exec banners. Because the MOTD and login banners are displayed to anyone who can connect to the device, however, any private information should only be displayed in the exec banner (which is only shown to logged in users).

Image Source

Previous post:

Next post: