Information
A post-authentication banner is displayed to the user after a successful login. It can also serve as a legal notice to authorized users of the equipment to notify them of any logging that may be configured.
This banner is not appropriate to notify unauthorized users of any penalties to accessing the device, because after successful login corresponding laws might have already been violated.
A post-authentication banner can often also hold asset-specific information, such as:
The primary technical contacts for the equipment
Location or environment information - for instance the street address or rack number or production / test / lab environment
The purchase date
The asset tag information for the device
Any upstream circuit numbers
Carrier or ISP support phone numbers
Any other asset-specific information that may be important to the organization
Rationale:
Post-authentication banners can be used to reduce the risk of human error. For example by highlighting the current environment (Production or Lab).
Impact:
Organizations provide appropriate notice(s) and warning(s) to persons accessing their networks by using a 'banner-text'.
Solution
Configure an exec banner as shown below. The delimiter character shown is a '^', but any character can serve as a delimiter.
switch(config)# banner exec ^
> Enter your standard EXEC Banner text here. End with the same delimiter as used above
> ^
switch(config)#
Default Value:
By default no exec banner is configured.
Additional Information:
In contrast to IOS(-XE) or IOS XR, NX-OS just supports two banner types:
motd banner (shown before authentication)
exec banner (shown after successful authentication)
Item Details
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, CSCv7|5.1, CSCv7|11.1
Control ID: f33081db76f0770caf620e05bf9dca513e27b0b8ee2a13528a0064355d1d1c69