To configure a personalized banner that will be displayed when a user fails login, use the aaa authentication fail-message global configuration command. Use the no form of this command to remove the failed login message.
aaa authentication fail-message dstringd
no aaa authentication fail-message
d The delimiting character at the beginning and end of the string that notifies the system that the string is to be displayed as the banner. The delimiting character can be any character in the extended ASCII character set, but once defined as the delimiter, that character cannot be used in the text string making up the banner.
string Any group of characters, excluding the one used as the delimiter. The maximum number of characters that you can display is 2996.
Not enabled
Global configuration
| Release | Modification | 11.3(4)T | This command was introduced. |
|---|
Use the aaa authentication fail-message command to create a personalized message that appears when a user fails login. This message will replace the default message for failed login.
To create a failed-login banner, you need to configure a delimiting character, which notifies the system that the following text string is to be displayed as the banner, and then the text string itself. The delimiting character is repeated at the end of the text string to signify the end of the banner. The delimiting character can be any character in the extended ASCII character set, but once defined as the delimiter, that character cannot be used in the text string making up the banner.
The following example shows the default login message and failed login message that is displayed if aaa authentication banner and aaa authentication fail-message are not configured. (RADIUS is specified as the default login authentication method.)
aaa new-model aaa authentication login default radius
This configuration produces the following standard output:
User Verification Access Username: Password: % Authentication failed.
The following example configures both a login banner ("Unauthorized use is prohibited.") and a login-fail message ("Failed login. Try again."). The login message will be displayed when a user logs in to the system. The failed-login message will displayed when a user tries to log in to the system and fails. (RADIUS is specified as the default login authentication method.) In this example, the asterisk (*) is used as the delimiting character.
aaa new-model aaa authentication banner *Unauthorized use is prohibited.* aaa authentication fail-message *Failed login. Try again.* aaa authentication login default radius
This configuration produces the following login and failed login banner:
Unauthorized use is prohibited. Username: Password: Failed login. Try again.
| Command | Description |
|---|---|
| aaa authentication banner | Configures a personalized banner that will be displayed at user login. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.