background image
442
Chapter 11
Access Policies
Router con0 is now available
Press RETURN to get started.
If you are not authorized to be in Acme.com network, then
you must disconnect immediately.
Router>
The above MOTD banner tells anyone connecting to the router that they
either must be authorized or must disconnect. It's important that you under-
stand the delimiting character. You can use any character you want, and it
is used to tell the router where the end of the message is. So you can't use the
delimiting character in the message itself. Also note that at the end of the
message, you should press Return, then the delimiting character, then Return
again. If you don't do that, the message will still work, but if you have mul-
tiple banners, for example, they will be combined as one message and put on
one line.
These are the other banners:
Exec banner You can configure a line-activation (exec) banner to be dis-
played when an EXEC process (such as a line-activation or incoming con-
nection to a VTY line) is created.
Incoming banner You can configure a banner to be displayed on termi-
nals connected to reverse Telnet lines. This banner is useful for providing
instructions to users who use reverse Telnet.
Login banner You can configure a login banner to be displayed on all
connected terminals. This banner is displayed after the MOTD banner
but before the login prompts. The login banner cannot be disabled on a
per-line basis. To globally disable the login banner, you must delete the
login banner with the no banner login command.
Limiting VTY Access
You will have a difficult time trying to stop users from telnetting into a
router because any active port on a router is fair game for VTY access. How-
ever, you can use a standard IP access list to control access by placing the
access list on the VTY lines themselves.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com