Configuring ASA Login and MOTD Banners
Login and MOTD banners are commonly used to display legal warnings and other information to users attempting to connect to the device. This lab will discuss and demonstrate the configuration and verification of Login and MOTD banners on the Cisco ASA.
- Core Knowledge
- Lab Topology
- Initial Configs
- Lab Objectives
- Lab Instruction
Core Knowledge and Real World Scenarios
Whenever you attempt to log into a Cisco Router or Switch you will most likely be prompted by a login banner that displays legal information. This information says something along the lines of; unauthorized access is strictly prohibited and prosecutable to the fullest extent of the law, all actions are logged, bla bla bla… You have no right to privacy and so on.
These banners serve as a legal notification to any user attempting to gain and successfully gain unauthorized access into a restricted device.
While most people think these banners are designed to scare people away, it is actually the purpose of notifying any unauthorized user that the device is restricted and if they gain unauthorized access even after being notified legally of the consequences they can be prosecuted in court and charged with a felony.
In the United States, computer hacking can result in a Class B misdemeanor all the way up to a Class B Felony which is punishable by 20 years in federal prison.
MOTD Banners on the other hand are commonly used as notification banners to notify engineers of upcoming maintenance, changes, etc.. These banners are not used quite as often as they used to be in the 1990’s for IRC chat or dial-up bulletin boards.
This lab will focus on how to configure these two types of banners and verify the configuration.
Unlike the Cisco IOS, you do not start the banners and end the banners using a dilimeter character but you type in each line separately. Each line is displayed in sequential order when the banner is displayed. An example being;
banner login ####################################
banner login # UNAUTHORIZED ACCESS PROHIBITED #
banner login ####################################
When configuring a MOTD banner, this type of banner is configured in the same manner and is processed top down in the configuration and displayed in the same manner. Instead of using banner login you would use banner motd for the MOTD banner.
Familiarize yourself with the following command(s);
| Command | Description |
|---|---|
| banner login text | This command is executed in global configuration whereas the text is the actual banner message displayed top down. |
| banner motd test | This command is executed in global configuration whereas the text is the actual banner message displayed top down. |
Lab Logical Topology
The following logical topology is used in all labs found through out Section 7 of the CCNA Security Workbook;
To view the physical cabling topology please visit the Topology page.
Lab Device Initial Configurations
If you have completed the previous lab you can continue where you left off otherwise you’ll need to load the initial configuration(s) provided below;
You can copy and paste these configurations directly into the terminal window of Stub Lab devices;
Before you Start
This lab requires that you have access to a Cisco ASA. You can complete this lab using a virtual Cisco ASA within GNS3 or you can reserve free lab time on the Stub Lab to have access to a pair of Cisco ASA 5510 Series Firewalls which can be used to complete this lab.
Lab Objectives
In this lab you will complete the following objectives.
- Configure a login banner to say “Unauthorized Access Prohibited” and verify the banner is displayed properly.
- Configure a MOTD banner to say “CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES” and verify the banner is displayed properly.
One More Thing…
It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.
If you are a student preparing for the Cisco CCNA Security Certification Exam than you are more likely to remember how to complete these objectives if you
attempt to complete them the first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction
section to verify your work.
Lab Instruction
Objective 1. – Configure a login banner to say “Unauthorized Access Prohibited” and verify the banner is displayed properly.
FW1# config t FW1(config)# banner login #################################### FW1(config)# banner login # UNAUTHORIZED ACCESS PROHIBITED # FW1(config)# banner login #################################### FW1(config)# end FW1# exit Logoff #################################### # UNAUTHORIZED ACCESS PROHIBITED # #################################### Username: jdoe Password: ****** Type help or '?' for a list of available commands. FW1>
Objective 2. – Configure a MOTD banner to say “THIS DEVICE IS CURRENT UNDER A CONFIG FREEZE FOR AUDITING PURPOSES” and verify the banner is displayed properly.
FW1# config t FW1(config)# banner motd ##################################################### FW1(config)# banner motd # CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES # FW1(config)# banner motd ##################################################### FW1(config)# end FW1# copy run start Building configuration... Cryptochecksum: 9dce24ea 25be4a30 954bffb9 7d791db0 3506 bytes copied in 1.30 secs (3506 bytes/sec) [OK] FW1# exit Logoff #################################### # UNAUTHORIZED ACCESS PROHIBITED # #################################### Username: jdoe Password: ****** ##################################################### # CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES # ##################################################### Type help or '?' for a list of available commands. FW1>
