2025-02-27 0

How to Disable Login Banners on Huawei New-Generation Switches

When logging into Huawei’s latest switches (such as the S6730 or CloudEngine series), administrators are often greeted with a login banner—a text prompt displaying legal notices, warnings, or system information. While these messages serve compliance and security purposes, they can become a nuisance in automated workflows or bulk operations. A common question arises: Can you remove or customize these login prompts without compromising device security? The short answer is yes—but it requires careful configuration. This article provides a technical walkthrough for disabling or modifying login banners on Huawei’s newer NCE-based switches, complete with CLI examples, compliance considerations, and optimization tips for seamless automation.

Why Huawei Switches Display Login Banners

Login banners, often called “message-of-the-day” (MOTD) prompts, are enabled by default on Huawei devices to comply with security policies (e.g., GDPR, ISO 27001) or corporate IT guidelines. They typically include:

  • Legal warnings (e.g., “Unauthorized access prohibited”).
  • System information (e.g., software version, last login time).
  • Custom advisories (e.g., maintenance schedules).

While useful for human users, these banners disrupt scripts or tools like Ansible that rely on clean CLI outputs for automation.

Step 1: Identify the Banner Type

Huawei switches support multiple banner types, each triggered at different login stages:

  1. Login Banner (Pre-Authentication): Shown before credentials are entered.
  2. Shell Banner (Post-Authentication): Displayed after successful login.
  3. Incoming/Outgoing Banner: For reverse Telnet/SSH sessions (rarely used).

Use display current-configuration | include header to view active banners:

header login %  
*** WARNING: Unauthorized access is strictly prohibited. ***  
%  
header shell %  
System last updated: 2024-03-10  
%

Step 2: Disable or Customize Banners via CLI

Option A: Remove All Banners

To disable banners entirely, delete their configurations in system view:

system-view  
undo header login  
undo header shell  
commit

Caution: Removing pre-login warnings may violate organizational security policies. Always consult compliance teams first.

Option B: Customize Banner Content

Replace default text with simpler messages to retain compliance while reducing clutter:

header login %  
Welcome to Switch S6730-01  
%  
header shell %  
Maintenance Window: Sundays 2-4 AM  
%

maxresdefault
Figure 1: Customizing login banners using Huawei’s CLI. Always enclose text between delimiters like %.

Step 3: Verify and Test Automation Compatibility

After changes, validate the output:

  1. Log out and reconnect to check pre-authentication banners.
  2. Run automated scripts to ensure prompts no longer interfere with command parsing.

For Python automation using Paramiko/Netmiko, adjust scripts to handle residual prompts:

python
复制代码
from netmiko import HuaweiSSH  
device = {  
    'device_type': 'huawei',  
    'host': '192.168.1.1',  
    'username': 'admin',  
    'password': 'secret',  
}  
conn = HuaweiSSH(**device, banner_timeout=60)  # Extend timeout for banner handling  
conn.send_command('display version')

Compliance and Security Considerations

  • Audit Requirements: Many industries mandate login warnings for audit trails. If banners are removed, document the rationale and obtain approvals.
  • Alternative Logging: Use syslog or Huawei’s eSight to track access attempts if banners are disabled.
  • Granular Control: Apply banners selectively via ACLs. For example, show warnings to external SSH users but omit them for internal API access.

While Huawei’s login banners are designed with security in mind, they aren’t set in stone. Administrators can tailor or disable them to balance compliance, usability, and automation efficiency. However, this process demands a nuanced approach—blindly removing banners risks non-compliance, while overly verbose messages hinder operational agility.

Pro Tip: For large deployments, automate banner management using Huawei’s NCE (Network Cloud Engine) or Python scripts. Schedule periodic reviews to align configurations with evolving security policies. Remember: A clean CLI isn’t just about aesthetics; it’s a critical enabler of modern, scalable network operations.