How to Setup Basic Cisco Router Configuration Step-By-Step?
Many of us will be having a Cisco-based routers at home or at an organization. And many of us sometimes struggle with basic router configuration steps and a wrong configuration can be deadly. Therefore, this post will help you with all the basic Cisco router network configurations in a step-by-step way, so that your Cisco routers are safe and efficient.
In this post, we will be specifically focusing on configuring your Cisco routers using “Command Line Interface” (CLI).
There are certain complex configuration tasks that can easily be done via CLI and hence mastering CLI for your Cisco routers is essential and important. Some of the important CLI configuration/command modes are listed below:
Mode | Command |
User EXEC Mode | CiscoRouter> |
Privileged EXEC Mode | CiscoRouter# |
Global Configuration Mode | CiscoRouter(config)# |
Interface Configuration Mode | CiscoRouter(config-if)# |
Line Configuration Mode | CiscoRouter(config-line)# |
There are also other configuration/command modes based on VLAN such as:
Mode | Command |
Config-VLAN Mode | CiscoRouter(config-vlan)# |
VLAN Configuration Mode | CiscoRouter(vlan)# |
A short overview of all the modes with their entry and exit methods for Cisco router configuration management:
- User EXEC Mode: This is the first level of access. After you access the device, you are automatically in User EXEC Mode (e.g CiscoRouter>). It is used to change terminal settings, perform basic tasks, and list system information.
- Privileged EXEC Mode: To enter into Privileged EXEC Mode from User EXEC Mode, enter the “enable” command.
CiscoRouter> enable
CiscoRouter#
From Privileged EXEC Mode, commands used here and in other modes are critical and need to be safeguarded from any unauthorized users. Hence, privileged access should be password-protected. Steps to set password for Privileged EXEC Mode entry are given in detail in the below steps
CiscoRouter> enable
Password:
CiscoRouter#
To exit from Privileged EXEC Mode to User EXEC Mode, enter the “disable” command.
CiscoRouter# disable
CiscoRouter>
- Global Configuration Mode: To enter into Global Configuration Mode from Privileged EXEC Mode, enter the “configure” command. Global configuration commands apply to features that affect the device as a whole.
CiscoRouter#configure
CiscoRouter(config)#
To exit from Global Configuration Mode to Privileged EXEC Mode, enter the “exit” or “end” command or press “ctrl+Z“.
CiscoRouter(config)#exit or end
CiscoRouter#
- Interface Configuration Mode: To enter into Interface Configuration Mode from Global Configuration Mode, specify an interface by entering the “interface” command followed by an interface identification.
CiscoRouter#configure
CiscoRouter(config)#interface GigabitEthernet0/1
CiscoRouter(config-if)#
Interface configuration commands modify the operation of the interface. Interface configuration commands always follow a global configuration command, which defines the interface type.
To exit from Interface Configuration Mode to Privileged EXEC Mode, enter the “end” command or press “ctrl+Z“.
CiscoRouter(config-if)#end
CiscoRouter#
To exit from Interface Configuration Mode to Global Configuration Mode, enter the “exit” command.
CiscoRouter(config-if)#exit
CiscoRouter(config)#
- Line Configuration Mode: To enter into Line Configuration Mode, you have to enter from Global Configuration Mode and specify a line by entering the “line” command.
CiscoRouter(config)# line vty 0 5
CiscoRouter(config-line)#
Line configuration commands modify the operation of a terminal line. Use these commands to change terminal parameter settings line-by-line or for a range of lines.
To exit from Line Configuration Mode to Global Configuration Mode, enter the “exit” command.
CiscoRouter(config-line)#exit
CiscoRouter(config)#
To exit from Line Configuration Mode to Privileged EXEC Mode, enter the “end” command or press “ctrl+Z“.
CiscoRouter(config-line)#end
CiscoRouter#
- Config-VLAN Mode: To enter Config-VLAN Mode, you need to enter from Global Configuration Mode and specify the “vlan-id” command.
CiscoRouter(config)# vlan 3500
CiscoRouter(config-vlan)#
Use this mode to configure normal-range VLANs (VLAN IDs 1 to 1005) or, when VTP mode is transparent, to configure extended-range VLANs (VLAN IDs 1006 to 4094).
To exit from Config-VLAN Mode to Global Configuration Mode, enter the “exit” command.
CiscoRouter(config-vlan)#exit
CiscoRouter(config)#
To exit from Config-VLAN Mode to Privileged EXEC Mode, enter the “end” command or press “ctrl+Z“.
CiscoRouter(config-vlan)#end
CiscoRouter#
- VLAN Configuration Mode: To enter VLAN Configuration Mode, you need to enter from Privileged EXEC Mode and enter the “vlan database” command.
CiscoRouter# vlan database
CiscoRouter(vlan)#
You can use the VLAN configuration commands to create or modify VLAN parameters for VLAN IDs 1 to 1005.
To exit from VLAN Configuration Mode to privileged EXEC mode, enter the “exit” command.
CiscoRouter(vlan)#exit
CiscoRouter#
How to connect to a Router in order to Configure it?
There are two ways through which you can connect to your router
- Directly
- Remotely
For the first time, that is the device is not yet configured, You can connect directly with console cable via CON port. This type of connection is known as “out-of-band connection”. Once the router is configured accordingly, you can connect remotely by using Telnet or SSH. This type of connection is known as “in-band connection”. SSH is preferred over Telnet because of its encrypted traffic.
Cisco Router Configuration Step by Step Commands
Step 1: Create local accounts and set password for accessing modes
The first and the most important step in configuring your Cisco router is security. The best way to provide top security is by adding passwords.You can secure your access to the Cisco router with this way. You can also add passwords for Telnet or Console if needed.
A. Steps to configure local account with username and password:
To add a level of security to the Cisco router, you can create local user accounts with usernames and passwords. This feature works by asking for a username and password set by the user immediately after providing IP in putty before entering Command Line Interface (CLI). Use the following commands to create local accounts:
1. Enter Privileged EXEC Mode and type the following commands:
CiscoRouter# config t
CiscoRouter(config)# username networksupervisor46 privilege 15 secret $NonHackable270746$
CiscoRouter(config)# username superiorsupervisor93 privilege 1 secret @safepass!9346$$
2. After creating the above local accounts, you then apply the “local” authentication type to the lines:
CiscoRouter(config)# line vty 0 4
CiscoRouter(config-line)# login local
CiscoRouter(config-line)# exit
CiscoRouter(config)# line console 0
CiscoRouter(config-line)# login local
CiscoRouter(config-line)# exit
CiscoRouter(config)# line aux 0
CiscoRouter(config-line)# login local
CiscoRouter(config-line)# exit
3. To save and write these accounts use the following command:
CiscoRouter(config)# wr
Only when we configure line commands with local login, password will be prompted while logging in to the CiscoRouter.
B. Steps to set password for Privileged EXEC Mode entry:
To set an additional level of security, that is, after entering CLI and for accessing different modes, you can add password to enter Privileged EXEC Mode from User EXEC Mode.
1. Change your configuration mode to Global Configuration Mode as given below:
CiscoRouter# configure
CiscoRouter(config)#
Here, in Global Configuration Mode, configured parameters affect the whole device.
2. To enable or add a password, use the “enable secret” command:
CiscoRouter(config)# enable secret “networkdoctor46”
3. To be on a more safer side, it is advised to have passwords for Telnet also, which will provide you with safer access to Telnet lines over the network:
CiscoRouter(config)# line vty 0 4
CiscoRouter(config-line)# password “Telnetnetworkpass”
CiscoRouter(config-line)# login
Step 2: Add a Router Hostname
Hostname is what differentiates your router from other routers or devices in a network. To change or configure a new hostname follow the below commands:
CiscoRouter(config)# hostname Router7997
Router7997(config)#
Step 3: Configure IP addresses for Router Interfaces
IP addresses or internet protocol addresses are the most important and most basic interface for any network devices. This particular step is the most important as it helps your device forward packets. To perform this step, you need to change mode from Global Configuration Mode to Interface Configuration Mode. Use the following commands to configure IP address to your Cisco router:
Router7997(config)# interface GigabitEthernet 0/0
Router7997(config-if)# ip address 192.168.0.0 255.255.255.252
Router7997(config-if)# no shutdown
Router7997(config-if)# exit
Router7997(config)# interface GigabitEthernet 0/1
Router7997(config-if)# ip address 192.168.0.1 255.255.255.0
Router7997(config-if)# no shutdown
Router7997(config-if)# exit
Step 4: Configure Routing
One of the primary functions of a router is to forward packets to the best possible route in the destination network. There are two ways that a router follows to send packets in the network:
- Static routing
- Dynamic routing
Static routing: Static routing performs routing decisions with preconfigured routes in the routing table, which can be changed manually only by administrators. Static routes are normally implemented in those situations where the choices in route selection are limited, or there is only a single default route available. Also, static routing can be used if you have only a few devices for route configuration and there is no need for route change in the future.
Dynamic routing: Dynamic routing continuously updates its routing table with paths and their cost/metric, while making optimal routing decisions based on changing network operating environments.
Static routing is considered the simplest form of routing and it is predominately preferred or used for simple network topologies. You can configure static routing from Global Configuration Mode as follows:
Router7997(config)# ip route [destination network] [subnet mask] [gateway]
Router7997(config)# ip route 200.200.200.0 255.255.255.0 100.100.100.2
The command above contains three parts as destination network, subnet mask, and gateway. It conveys that the network 200.200.200.0 is reachable via the gateway 100.100.100.2. The subnet mask for this is given as 255.255.255.0.
There is also a default static route as follows:
Router7997(config)# ip route 0.0.0.0 0.0.0.0 100.100.100.2
There is no specific gateway address here and the router sends all packets to the ISP gateway by default.
Step 5: Save your configuration
Configuration are vital to a network and it must be saved or secured in the best way. Once a configuration is saved, you can also view it anytime or else use that configuration anytime you want. It helps especially during downtime. You can save the configurations to NVRAM. Once you save the current configuration, it will overwrite the startup configurations. Save your configurations in the following way:
Router7997(config)# exit
Router7997# copy running-config startup-config
To display your saved current configuration, follow this command:
Router7997# show running-config
Step 6 (optional): Configure NAT
This step is considered as optional as it is required only if your router acts as an internet gateway.
Click here to know more information about “Configuring dynamic NAT in Cisco devices”.
Step 7 (optional): Configure DHCP
This is also an optional step, which is used to assign IP address dynamically to internal hosts. Here, Cisco router is configured as a DHCP server.
Click here to know more information about “Configure DHCP server on Cisco devices”.