- Read Me First
- Configuring Authentication
- RADIUS Change of Authorization
- Message Banners for AAA Authentication
- AAA-Domain Stripping at Server Group Level
- AAA Double Authentication Secured by Absolute Timeout
- Throttling of AAA RADIUS Records
- RADIUS Packet of Disconnect
- AAA Authorization and Authentication Cache
- Configuring Authorization
- Configuring Accounting
- AAA-SERVER-MIB Set Operation
- Per VRF AAA
- AAA Support for IPv6
- TACACS+ over IPv6
- AAA Dead-Server Detection
- Login Password Retry Lockout
- MSCHAP Version 2
- AAA Broadcast Accounting-Mandatory Response Support
- Finding Feature Information
- Information About Message Banners for AAA Authentication
- How to Configure Message Banners for AAA Authentication
- Configuration Examples for Message Banners for AAA Authentication
- Additional References for Message Banners for AAA Authentication
- Feature Information for Message Banners for AAA Authentication
Message Banners for AAA Authentication
The Message Banners for AAA authentication feature is used to configure personalized login and failed-login banners for user authentication. The message banners are displayed when a user logs in to the system to be authenticated using authentication, authorization, and accounting (AAA) and when an authentication fails.
- Finding Feature Information
- Information About Message Banners for AAA Authentication
- How to Configure Message Banners for AAA Authentication
- Configuration Examples for Message Banners for AAA Authentication
- Additional References for Message Banners for AAA Authentication
- Feature Information for Message Banners for AAA Authentication
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About Message Banners for AAA Authentication
Login and Failed-Login Banners for AAA Authentication
Login and failed-login banners use a delimiting character that notifies the system of the exact text string that must be displayed as the banner for authorization, authentication, and accounting (AAA) authentication. The delimiting character is repeated at the end of the text string to signify the end of the login or failed-login banner. The delimiting character can be any single character in the extended ASCII character set, but once defined as the delimiter, that character cannot be used in the text string for the banner.
You can display a maximum of 2996 characters in a login or failed-login banner.
How to Configure Message Banners for AAA Authentication
Configuring a Login Banner for AAA Authentication
Perform this task to configure a banner that is displayed when a user logs in (replacing the default message for login). Use the no aaa authentication banner command to disable a login banner.
1.
enable
2.
configure terminal
3.
aaa new-model
4.
aaa authentication banner
delimiter-string delimiter
5.
end
DETAILED STEPS
Configuring a Failed-Login Banner for AAA Authentication
Perform this task to configure a failed-login banner that is displayed when a user login fails (replacing the default message for failed login). Use the no aaa authentication fail-message command to disable a failed-login banner.
1.
enable
2.
configure terminal
3.
aaa new-model
4.
aaa authentication banner
delimiter-string delimiter
5.
aaa authentication fail-message
delimiter-string delimiter
6.
end
DETAILED STEPS
Configuration Examples for Message Banners for AAA Authentication
Example: Configuring Login and Failed-Login Banners for AAA Authentication
The following example shows how to configure a login banner that is displayed when a user logs in to the system, (in this case, the phrase “Unauthorized Access Prohibited”). The asterisk (*) is used as the delimiting character. RADIUS is specified as the default login authentication method.
Device> enable Device# configure terminal Device(config)# aaa new-model Device(config)# aaa authentication banner *Unauthorized Access Prohibited* Device(config)# aaa authentication login default group radius
This configuration displays the following login banner:
Unauthorized Access Prohibited Username:
The following example shows how to configure a failed-login banner that is displayed when a user tries to log in to the system and fails, (in this case, the phrase “Failed login. Try again”). The asterisk (*) is used as the delimiting character. RADIUS is specified as the default login authentication method.
Device> enable Device# configure terminal Device(config)# aaa new-model Device(config)# aaa authentication banner *Unauthorized Access Prohibited* Device(config)# aaa authentication fail-message *Failed login. Try again.* Device(config)# aaa authentication login default group radius
This configuration displays the following login and failed-login banner:
Unauthorized Access Prohibited Username: Password: Failed login. Try again.
Additional References for Message Banners for AAA Authentication
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Security commands |
|
Configuring AAA |
Authentication, Authorization, and Accounting Configuration Guide |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Message Banners for AAA Authentication
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Message Banners for AAA Authentication |
Cisco IOS XE 2.1 |
The Message Banners for AAA Authentication feature enables you to configure personalized login and failed-login banners for user authentication. The message banners are displayed when a user logs in to the system to be authenticated using authentication, authorization, and accounting (AAA) and when an authentication fails. The following commands were introduced or modified: aaa authentication banner, aaa authentication fail-message, and aaa new-model. |