In a previous article, we talked about login banners and the messages that we can display to users both before and after they log in. We can make these banner messages more useful to the users by including some device-specific information in them.
In Setting Login Banners on Cisco Devices, under the section on “Exec Banners”, we created a banner message with some information about the specific device that we were working on — but there’s another way to do it.
Types of Tokens
We can make our banner messages much more useful by providing to the user information about the device he or she is logged into. For the three types of banners we looked at, there are four tokens— or variables — that we can use in our banner messages:
- $(hostname)
- $(domain)
- $(line)
- $(line-desc)
When the banner message is displayed to the user, any tokens will be replaced by the appropriate information about the router. First, though, we’ll have to configure that information.
Setting the Appropriate Values
For this example, we’ll configure the hostname and domain name of our router and set the location on the VTY lines as the physical address. In “the real world”, this information should be set to whatever is meaningful in your environment.
Here’s what we need to configure to make this work:
Router> enable Router# configure terminal Router(config)# hostname core-router core-router(config)# ip domain name freeccnalabs.com core-router(config)# line vty 0 4 core-router(config-line)# location Equinix NY9 IBX, 111 8th Ave, New York City core-router(config-line)#
Configuring the Banner
With these values set, we can now use the tokens in our exec banner to provide meaningful information to a user when they log in:
core-router(config-line)# exit core-router(config)# banner exec ~ Enter TEXT message. End with the character '~'. You are connected to line #$(line) on $(hostname).$(domain). This device is physically located at: $(line-desc). ~ core-router(config)#
Results
With the values defined and the exec banner configured, you’ll see output similar to the following when you login on a VTY line using telnet or SSH:
User Access Verification Password: You are connected to line #2 on core-router.freeccnalabs.com. This device is physically located at: Equinix NY9 IBX, 111 8th Ave, New York City. core-router>
Lab Exercise
Summary
At one point or another, I think most of us have accidentally entered a command on the wrong device. Providing device specific information when a user logs in is one easy way of helping ensure that he or she is working on the correct device.
NOTE: You can use these tokens in the MOTD, login, and exec banners. Because the MOTD and login banners are displayed to anyone who can connect to the device, however, any private information should only be displayed in the exec banner (which is only shown to logged in users).
Image Source
Related posts: