The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Message Banners for AAA authentication feature is used to configure personalized login and failed-login banners for user authentication. The message banners are displayed when a user logs in to the system to be authenticated using authentication, authorization, and accounting (AAA) and when an authentication fails.
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Login and failed-login banners use a delimiting character that notifies the system of the exact text string that must be displayed as the banner for authorization, authentication, and accounting (AAA) authentication. The delimiting character is repeated at the end of the text string to signify the end of the login or failed-login banner. The delimiting character can be any single character in the extended ASCII character set, but once defined as the delimiter, that character cannot be used in the text string for the banner.
You can display a maximum of 2996 characters in a login or failed-login banner.
Perform this task to configure a banner that is displayed when a user logs in (replacing the default message for login). Use the no aaa authentication banner command to disable a login banner.
1.
enable
2.
configure terminal
3.
aaa new-model
4.
aaa authentication banner
delimiter-string delimiter
5.
end
Perform this task to configure a failed-login banner that is displayed when a user login fails (replacing the default message for failed login). Use the no aaa authentication fail-message command to disable a failed-login banner.
1.
enable
2.
configure terminal
3.
aaa new-model
4.
aaa authentication banner
delimiter-string delimiter
5.
aaa authentication fail-message
delimiter-string delimiter
6.
end
The following example shows how to configure a login banner that is displayed when a user logs in to the system, (in this case, the phrase “Unauthorized Access Prohibited”). The asterisk (*) is used as the delimiting character. RADIUS is specified as the default login authentication method.
Device> enable Device# configure terminal Device(config)# aaa new-model Device(config)# aaa authentication banner *Unauthorized Access Prohibited* Device(config)# aaa authentication login default group radius
This configuration displays the following login banner:
Unauthorized Access Prohibited Username:
The following example shows how to configure a failed-login banner that is displayed when a user tries to log in to the system and fails, (in this case, the phrase “Failed login. Try again”). The asterisk (*) is used as the delimiting character. RADIUS is specified as the default login authentication method.
Device> enable Device# configure terminal Device(config)# aaa new-model Device(config)# aaa authentication banner *Unauthorized Access Prohibited* Device(config)# aaa authentication fail-message *Failed login. Try again.* Device(config)# aaa authentication login default group radius
This configuration displays the following login and failed-login banner:
Unauthorized Access Prohibited Username: Password: Failed login. Try again.
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Security commands |
|
Configuring AAA |
Authentication, Authorization, and Accounting Configuration Guide |
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to . An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Message Banners for AAA Authentication |
Cisco IOS XE Release 3.2SE |
The Message Banners for AAA Authentication feature enables you to configure personalized login and failed-login banners for user authentication. The message banners are displayed when a user logs in to the system to be authenticated using authentication, authorization, and accounting (AAA) and when an authentication fails. The following commands were introduced or modified: aaa authentication banner, aaa authentication fail-message, aaa new-model. |