Configuring A Login Banner - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 40
Managing System Access
Table 40-2
CLI Authentication and Command Authorization Lockout Scenarios (continued)
Feature
Lockout Condition Description
TACACS+
You are logged in
command
as a user without
authorization
enough privileges
or as a user that
does not exist
Local command
You are logged in
authorization
as a user without
enough privileges
Configuring a Login Banner
You can configure a message to display when a user connects to the security appliance, before a user
logs in, or before a user enters privileged EXEC mode.
To configure a login banner, enter the following command in the system execution space or within a
context:
hostname(config)# banner {exec | login | motd} text
Adds a banner to display at one of three times: when a user first connects (message-of-the-day (motd)),
when a user logs in (login), and when a user accesses privileged EXEC mode (exec). When a user
connects to the security appliance, the message-of-the-day banner appears first, followed by the login
banner and prompts. After the user successfully logs in to the security appliance, the exec banner
displays.
For the banner text, spaces are allowed but tabs cannot be entered using the CLI. You can dynamically
add the hostname or domain name of the security appliance by including the strings $(hostname) and
$(domain). If you configure a banner in the system configuration, you can use that banner text within a
context by using the $(system) string in the context configuration.
To add more than one line, precede each line by the banner command.
For example, to add a message-of-the-day banner, enter:
hostname(config)# banner motd Welcome to $(hostname).
hostname(config)# banner motd Contact me at admin@example.com for any
hostname(config)# banner motd issues.
OL-12172-03
Workaround: Single Mode
You enable command
Fix the TACACS+ server
authorization, but then
user account.
find that the user
If you do not have access to
cannot enter any more
the TACACS+ server and
commands.
you need to configure the
security appliance
immediately, then log into
the maintenance partition
and reset the passwords and
aaa commands.
You enable command
Log in and reset the
authorization, but then
passwords and aaa
find that the user
commands.
cannot enter any more
commands.
Cisco Security Appliance Command Line Configuration Guide
Configuring a Login Banner
Workaround: Multiple Mode
Session into the security
appliance from the switch.
From the system execution
space, you can change to the
context and complete the
configuration changes. You
can also disable command
authorization until you fix
the TACACS+
configuration.
Session into the security
appliance from the switch.
From the system execution
space, you can change to the
context and change the user
level.
40-19
Advertisement
Table of Contents
Troubleshooting
