1.3.1 Pre-authentication Banner

Information

A pre-authentication banner is displayed when a terminal connects, before a login occurs. This banner is useful for sending messages that affect all users (such as impending system shutdowns). This banner can also be used to notify unauthorized users of any penalties to accessing the device, or any logging that may be configured.

Rationale:

Network banners are electronic messages that provide notice of legal rights to users of computer networks. From a legal standpoint, banners have following primary functions.

Banners may be used to generate consent to real-time monitoring under ECPA Title III.

Banners may be used to generate consent to the retrieval of stored files and records pursuant to ECPA.

in the case of government networks, banners may eliminate any Fourth Amendment 'reasonable expectation of privacy' that government employees or other users might otherwise retain in their use of the government's network under O'Connor v. Ortega, 480 U.S. 709 (1987).

In the case of a non-government network, banners may establish a system administrator's 'common authority' to consent to a law enforcement search pursuant to United States v. Matlock, 415 U.S. 164 (1974).' (US Department of Justice APPENDIX A: Sample Network Banner Language)

In your country different laws might apply. Please consult with your corporate legal team to assess the exact legal context and rules for banners.

Impact:

Organizations provide appropriate legal notice(s) and warning(s) to persons accessing their networks by using a 'banner-text'.

Solution

Configure an MOTD banner as shown below. The delimiter character shown is a '^', but any character can serve as a delimiter.

switch(config)# banner motd ^
> Enter MOTD Banner here.
> End this message with the same delimiter as above
> ^
switch(config)#

Default Value:

By default no MOTD banner is configured.

Additional Information:

In contrast to IOS(-XE) or IOS XR, NX-OS just supports two banner types:

motd banner (shown before authentication)

exec banner (shown after successful authentication)

See Also

https://workbench.cisecurity.org/benchmarks/6524