When configuring a Cisco device I always configure some kind of banner, which is displayed when logging in. This banner contains some information, like security warnings and general information. There are different kind of banners.
I was used to configuring a banner login with different variables, like shown below:
banner login ^
You have entered device $(hostname).$(domain) at line $(line) $(line-desc)
^C
This works fine when connecting with Telnet to the device, but this doesn’t work when using SSH. For security reason, I always use SSH to connect to devices, but I didn’t notice the “corrupt” banner since recently.
Banner login doesn’t support SSH:
“When accessing the security appliance through Telnet or SSH, the session closes if there is not enough system memory available to process the banner messages or if a TCP write error occurs. Only the exec and motd banners support access to the security appliance through SSH. The login banner does not support SSH.”
The example below shows the output from a banner motd and a banner login when connecting via SSH.
ssh -l admin 10.10.66.12
You have entered device $(hostname).$(domain) at line $(line) $(line-desc)
Password:
You have entered device C877.booches.nl at line 1
C877#
The first banner is de banner login and the second is the banner motd. So when using SSH to connect to a device, it is better to use a banner motd or a banner exec.
Aaarrrgggghhh, I hate it when I would like to telnet into a device and enter the wrong IP address. This means, by default, waiting for 30 seconds before being able to correct the IP address and start a new telnet session, because there is no escape sequence.
SW01#telnet 10.100.12.250
Trying 10.100.12.250 …
% Connection timed out; remote host not responding
Luckily there is a command to lessen the time for timing out the connection:
SW01(config)# ip tcp synwait-time <seconds> (Set time to wait on new TCP connections)
Hoera, tcp synwaiting saves the day….