40-16
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 40 Managing System Access
Configuring a Login Banner
Configuring a Login Banner
You can configure a message to display when a user connects to the security appliance, before a user
logs in, or before a user enters privileged EXEC mode.
To configure a login banner, enter the following command in the system execution space or within a
context:
hostname(config)# banner {exec | login | motd} text
Adds a banner to display at one of three times: when a user first connects (message-of-the-day (motd)),
when a user logs in (login), and when a user accesses privileged EXEC mode (exec). When a user
connects to the security appliance, the message-of-the-day banner appears first, followed by the login
banner and prompts. After the user successfully logs in to the security appliance, the exec banner
displays.
For the banner text, spaces are allowed but tabs cannot be entered using the CLI. You can dynamically
add the hostname or domain name of the security appliance by including the strings $(hostname) and
$(domain). If you configure a banner in the system configuration, you can use that banner text within a
context by using the $(system) string in the context configuration.
To add more than one line, precede each line by the banner command.
For example, to add a message-of-the-day banner, enter:
hostname(config)# banner motd Welcome to $(hostname).
hostname(config)# banner motd Contact me at admin@example.com for any
hostname(config)# banner motd issues.
TACACS+
command
authorization
You are logged in
as a user without
enough privileges
or as a user that
does not exist
You enable command
authorization, but then
find that the user
cannot enter any more
commands.
Fix the TACACS+ server
user account.
If you do not have access to
the TACACS+ server and
you need to configure the
security appliance
immediately, then log into
the maintenance partition
and reset the passwords and
aaa commands.
Session into the security
appliance from the switch.
From the system execution
space, you can change to the
context and complete the
configuration changes. You
can also disable command
authorization until you fix
the TACACS+
configuration.
Local command
authorization
You are logged in
as a user without
enough privileges
You enable command
authorization, but then
find that the user
cannot enter any more
commands.
Log in and reset the
passwords and aaa
commands.
Session into the security
appliance from the switch.
From the system execution
space, you can change to the
context and change the user
level.
Table 40-2 CLI Authentication and Command Authorization Lockout Scenarios (continued)
Feature Lockout Condition Description Workaround: Single Mode Workaround: Multiple Mode
To Next Page
Loading...
