Many of us will be having a Cisco-based routers at home or at an organization. And many of us sometimes struggle with basic router configuration steps and a wrong configuration can be deadly. Therefore, this post will help you to configure Cisco router with all the basic Cisco router configurations in a step-by-step way, so that your Cisco router setup is safe and efficient.
In this post, we will be specifically focusing on configuring your Cisco routers using "Command Line Interface" (CLI).
There are certain complex configuration tasks that can easily be done via CLI and hence mastering CLI for your Cisco routers is essential and important. Some of the important CLI configuration/command modes are listed below:
|User EXEC Mode||CiscoRouter>|
|Privileged EXEC Mode||CiscoRouter#|
|Global Configuration Mode||CiscoRouter(config)#|
|Interface Configuration Mode||CiscoRouter(config-if)#|
|Line Configuration Mode||CiscoRouter(config-line)#|
There are also other configuration/command modes based on VLAN such as:
|VLAN Configuration Mode||CiscoRouter(vlan)#|
From Privileged EXEC Mode, commands used here and in other modes are critical and need to be safeguarded from any unauthorized users. Hence, privileged access should be password-protected. Steps to set password for Privileged EXEC Mode entry are given in detail in the below stepsCiscoRouter> enable
To exit from Privileged EXEC Mode to User EXEC Mode, enter the "disable" command.CiscoRouter# disable
To exit from Global Configuration Mode to Privileged EXEC Mode, enter the "exit" or "end" command or press "ctrl+Z".CiscoRouter(config)#exit or end
Interface configuration commands modify the operation of the interface. Interface configuration commands always follow a global configuration command, which defines the interface type.
To exit from Interface Configuration Mode to Privileged EXEC Mode, enter the "end" command or press "ctrl+Z".CiscoRouter(config-if)#end
To exit from Interface Configuration Mode to Global Configuration Mode, enter the "exit" command.CiscoRouter(config-if)#exit
Line configuration commands modify the operation of a terminal line. Use these commands to change terminal parameter settings line-by-line or for a range of lines.
To exit from Line Configuration Mode to Global Configuration Mode, enter the "exit" command.CiscoRouter(config-line)#exit
To exit from Line Configuration Mode to Privileged EXEC Mode, enter the "end" command or press "ctrl+Z".CiscoRouter(config-line)#end
Use this mode to configure normal-range VLANs (VLAN IDs 1 to 1005) or, when VTP mode is transparent, to configure extended-range VLANs (VLAN IDs 1006 to 4094).
To exit from Config-VLAN Mode to Global Configuration Mode, enter the "exit" command.CiscoRouter(config-vlan)#exit
To exit from Config-VLAN Mode to Privileged EXEC Mode, enter the "end" command or press "ctrl+Z".CiscoRouter(config-vlan)#end
You can use the VLAN configuration commands to create or modify VLAN parameters for VLAN IDs 1 to 1005.
To exit from VLAN Configuration Mode to privileged EXEC mode, enter the "exit" command.CiscoRouter(vlan)#exit
There are two ways through which you can connect and setup Cisco router
For the first time, that is the device is not yet configured, you can connect directly with console cable via CON port. This type of connection is known as "out-of-band connection". Once the router is configured accordingly, you can connect remotely by using Telnet or SSH. This type of connection is known as "in-band connection". SSH is preferred over Telnet because of its encrypted traffic.
Some of the steps to config Cisco router include
Step 1: Create local accounts and set password for accessing modes
The first and the most important step in configuring your Cisco router is security. The best way to provide top security is by adding passwords.You can secure your access to the Cisco router with this way. You can also add passwords for Telnet or Console if needed.
A. Steps to configure local account with username and password:
To add a level of security to the Cisco router, you can create local user accounts with usernames and passwords. This feature works by asking for a username and password set by the user immediately after providing IP in putty before entering Command Line Interface (CLI). Use the following commands to create local accounts:
1. Enter Privileged EXEC Mode and type the following commands:
2. After creating the above local accounts, you then apply the “local” authentication type to the lines:
3. To save and write these accounts use the following command:
Only when we configure line commands with local login, password will be prompted while logging in to the Cisco router.
B. Steps to set password for Privileged EXEC Mode entry:
To set an additional level of security, that is, after entering CLI and for accessing different modes, you can add password to enter Privileged EXEC Mode from User EXEC Mode.
1. Change your configuration mode to Global Configuration Mode as given below:
Here, in Global Configuration Mode, configured parameters affect the whole device.
2. To enable or add a password, use the "enable secret" command:
3. To be on a more safer side, it is advised to have passwords for Telnet also, which will provide you with safer access to Telnet lines over the network:
Step 2: Add a Router Hostname
Hostname is what differentiates your router from other routers or devices in a network. To change or configure a new hostname follow the below commands:
Step 3: Configure IP addresses for Router Interfaces
IP addresses or internet protocol addresses are the most important and most basic interface for any network devices. This particular step is the most important as it helps your device forward packets. To perform this step, you need to change mode from Global Configuration Mode to Interface Configuration Mode. Use the following commands to configure IP address to your Cisco router:
Step 4: Configure Routing
One of the primary functions of a router is to forward packets to the best possible route in the destination network. There are two ways that a router follows to send packets in the network:
Static routing: Static routing performs routing decisions with preconfigured routes in the routing table, which can be changed manually only by administrators. Static routes are normally implemented in those situations where the choices in route selection are limited, or there is only a single default route available. Also, static routing can be used if you have only a few devices for route configuration and there is no need for route change in the future.
Dynamic routing: Dynamic routing continuously updates its routing table with paths and their cost/metric, while making optimal routing decisions based on changing network operating environments.
Static routing is considered the simplest form of routing and it is predominately preferred or used for simple network topologies. You can configure static routing from Global Configuration Mode as follows:
The command above contains three parts as destination network, subnet mask, and gateway. It conveys that the network 126.96.36.199 is reachable via the gateway 100.100.100.2. The subnet mask for this is given as 255.255.255.0.
There is also a default static route as follows:
There is no specific gateway address here and the router sends all packets to the ISP gateway by default.
Step 5: Save your configuration
Configuration are vital to a network and it must be saved or secured in the best way. Once a configuration is saved, you can also view it anytime or else use that configuration anytime you want. It helps especially during downtime. You can save the configurations to NVRAM. Once you save the current configuration, it will overwrite the startup configurations. Save your configurations in the following way:
To display your saved current configuration, follow this command:
Step 6 (optional): Configure NAT
This step is considered as optional as it is required only if your router acts as an internet gateway.
Click here to know more information about "Configuring dynamic NAT in Cisco devices".
Step 7 (optional): Configure DHCP
This is also an optional step, which is used to assign IP address dynamically to internal hosts. Here, Cisco router is configured as a DHCP server.
Click here to know more information about "Configure DHCP server on Cisco devices".