Networks Training

You are here: Home / Cisco Routers / Basic Cisco Router Configuration Step-By-Step Commands

Basic Cisco Router Configuration Step-By-Step Commands

Written By

This post is by no means an exhaustive tutorial about Cisco Routers and how to configure their numerous features. It is a step-by-step guide for the most basic configuration commands needed to make the router operational.

step by step configuration tutorial for Cisco routers

When you first power up a new Cisco Router, you have the option of using the “setup” utility which allows you to create a basic initial configuration.

However, in this post I will show you how to do this basic setup with the Command Line Interface (CLI).

Mastering the Cisco Router CLI is essential for more complex configuration tasks and it is the most important knowledge you should acquire if you want to become a Cisco network administrator.

CLI Configuration Modes

The basic CLI modes that we will be referring below are as following:

Router>  <– User EXEC Mode
Router#  <– Privileged EXEC mode
Router(config)#  <– Global Configuration Mode
Router(config-if)# <– Interface Configuration Mode
Router(config-line)# <– Line Configuration Mode

I assume that you already have some basic knowledge of CLI and how to navigate between different configuration modes (user mode, privileged exec mode etc), so let’s get started:

Step-by-Step Configuration of Cisco Routers

Step1: Configure Access Passwords

The first step is to secure your access to the router by configuring a global secret password and also passwords for Telnet or Console as needed.

Enter into Global Configuration mode from the Privileged EXEC mode:

Router# configure terminal  <– Privileged EXEC mode
Router(config)#  <– Global Configuration Mode

In Global Configuration Mode you configure parameters that affect the whole router device. Here we will configure the Enable Secret password that you will be using from now own to enter into Privileged EXEC Mode from User EXEC Mode.

Router(config)#  enable secret “somestrongpassword”

From now on, when you log in from user EXEC mode you will be asked for a password.

It is suggested also to configure a password for the Telnet Lines (VTY lines) which will secure your access when connecting via Telnet over the network.

Router(config)#  line vty 0 4
Router(config-line)# password “strongTelnetPass” 
Router(config-line)# login

Some people prefer to create also local user accounts (usernames and passwords) on the router itself in order to authenticate to the device. Here I’m explaining how to configure this specific setup.  

Step2: Configure a Router Hostname

To differentiate your Router from other devices in the network, you should configure a Hostname for your device.

Router(config)#  hostname My-Router
My-Router(config)#

Notice that your Router prompt changes to the new hostname that you have just set.

Step3: Configure IP addresses for Router Interfaces

This is an essential step in order for your router to be able to forward packets in the network. The most basic parameter for a Router Interface is the IP address. From Global Configuration Mode you need to enter into Interface Configuration Mode:

MORE READING:  Configuring NAT on Cisco Routers Step-by-Step (PAT, Static NAT, Port Redirection)

My-Router(config)# interface GigabitEthernet 0/0
My-Router(config-if)# ip address 100.100.100.1 255.255.255.252
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

My-Router(config)# interface GigabitEthernet 0/1
My-Router(config-if)# ip address 192.168.10.1 255.255.255.0
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

Step4: Configure Routing (Static or Dynamic)

The Router’s main purpose is to find the best route path towards a destination network and forward packets according to the best path.

There are two main ways a router knows where to send packets. The administrator can assign static routes, or the router can learn routes by using a dynamic routing protocol.

For simple network topologies, static routing is preferred over dynamic routing. Let’s see how to configure static routes from Global Configuration Mode.

My-Router(config)#  ip route [destination network] [subnet mask] [gateway]

My-Router(config)#  ip route 200.200.200.0 255.255.255.0 100.100.100.2

The command above tells the router that network 200.200.200.0/24 is reachable via gateway address 100.100.100.2.

Another popular static route that we usually configure on Internet Border routers is the default static route:

My-Router(config)#  ip route 0.0.0.0 0.0.0.0 100.100.100.2

The default static route above instructs the router to send ALL packets that the router does not have a more specific route entry to gateway address 100.100.100.2 (which might be the ISP gateway address).

Step5: Save your configuration

Save your current running configuration into NVRAM. This will overwrite the startup configuration.

My-Router(config)# exit
My-Router# copy running-config startup-config

You can display your current configuration to verify your settings as following:

My-Router# show running-config

Step 6 (optional): Configure NAT

This step is optional and is required only if your router acts as Internet border gateway to provide access to the internal private LAN towards the Internet. 

Assume that interface GigabitEthernet 0/0 is the WAN interface (connected to ISP for Internet access) and interface GigabitEthernet 0/1  is the LAN interface connected to the internal network.

My-Router# conf term
My-Router(config)# interface GigabitEthernet 0/0
My-Router(config-if)# ip nat outside
My-Router(config-if)# exit

My-Router(config)# interface GigabitEthernet 0/1
My-Router(config-if)# ip nat inside
My-Router(config-if)# exit

The commands above tell the router that traffic entering GigEth 0/1 will be NAT translated. Also, traffic exiting GigEth 0/0 will also be NAT translated.

Now we need to create an Access List which will identify which specific traffic will be translated using NAT. Assuming that the internal LAN network is 192.168.10.0/24 :

My-Router(config)# access-list 1 permit 192.168.10.0 0.0.0.255
My-Router(config)# ip nat inside source list 1 interface GigabitEthernet 0/0 overload

The commands above will create a NAT overload (PAT) rule which tells the router to translate any address identified in Access List 1 to the address assigned to GigabitEthernet0/0. The overload keyword allows one public address to be shared among several private internal addresses.

Step 7 (optional): Configure DHCP

A Cisco router can be configured as a DHCP server to assign IP addresses dynamically to internal hosts. First we need to create a pool of IP addresses that will be used to assign to clients:

! Configure the DHCP pool to assign addresses to internal hosts
ip dhcp pool lan-pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8

Then, exclude which IP addresses you don’t want to be assigned by the router:

MORE READING:  DoS Protection on Cisco 7600 Routers and IP Networks

! Do not assign addresses 1 to 50
ip dhcp excluded-address 192.168.10.1 192.168.10.50

How to connect to a Router in order to Configure it:

You can connect to a Cisco IOS Router either directly or remotely. For the first time when the device is not configured yet, you usually connect directly with a console cable via the CON port. 

The console cable connection is also called “out of band” connection method. After you configure the router and assign IP addresses to its interfaces, you can connect to the router from the network with an “in-band” connection method using Telnet or SSH. Note however that Telnet uses clear-text communication whereas SSH uses encrypted traffic, therefore SSH is preferred

Router Configuration Modes

After connecting to a Cisco Router (let’s say using a console), you are presented with the Command Line Interface in which you type and enter configuration commands.

After typing a command, you press enter and the command is automatically active on the device. For example using the “shutdown” command on an interface, automatically disables the interface. Now, there are two Router Configuration Modes (or access modes):

  • User EXEC Mode: Allows the administrator to access only limited monitoring commands. You can not actually make any configurations from this mode. The command prompt on this mode is “router>”
  • Privileged EXEC Mode: Allows the administrator to access all device commands, such as those used for configuration and management, and can be password protected to allow only authorized users to access the device at this “full-access” level. This mode is also called enable mode because you get to it with the enable command. The command prompt on this mode is “router#”. From the privileged EXEC mode you can start configuring the device by typing “configure terminal

Router Memory Types

A Cisco router has four memory types:

  • ROM: This is where the POST script of the router is located. The POST software (Power On Self Test) is used during startup to perform the initial hardware checking of the device. The ROM also holds a mini-IOS used for password recovery.
  • RAM: This is where the running configuration is located. After the device boots up, the IOS software is loaded into RAM. Also, RAM holds routing tables, network parameters during operation etc. When configuring the router, we actually change the running-configuration which as we said is stored into RAM
  • NVRAM: When we save the running-configuration (using the command “write“) it is stored into the NVRAM and becomes the startup-configuration. After rebooting the router, the startup-configuration is loaded from the NVRAM.
  • Flash: This is like the hard-disk of a PC. It holds the IOS software image file and any backup configurations that you might save from time to time.

When you issue the “show running-configuration” command on the router you instruct the device to display the current running configuration in RAM. When you issue the “show startup-configuration” command you instruct the router to display the stored configuration in the NVRAM.

Related Posts

Filed Under: Cisco Routers

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. reet says

    i’m glad 2 get all these commands.i’m v much new to this subject.i’ll try all thses to learn working on a router.

  4. balachander says

    thankx for the info… It would be better if you can add snapshots for each configuration..

  5. Stephen says

    I follwed it up to here and then get an error? What am I doing wrong?

    test(config)#interface serial 1/1
    ^
    % Invalid input detected at ‘^’ marker.

    test(config)# interface fastethernet 0/1
    ^
    % Invalid input detected at ‘^’ marker.

    test(config)# ip address 100.100.100.1 255.255.255.252
    ^
    % Invalid input detected at ‘^’ marker.

  6. Blog Admin says

    Stephen,

    The configuration shown above is just an example. It was taken from a router which had serial interface etc. Your own configuration depends on the type of router you have, what interfaces are installed on the specific device etc. Do a “show run” to see the interface types you have on your own device.

  7. Yinka says

    My router is Cisco ASA 5505 ROUTER. I am having problem with it when i plugged multiple devices (e.g PCs)to the inside interface ethernet ports. One device will connect and reach the internet but others will connect and not browse. All the inside interface ports works fine when i plugged when pc to it at a time

  12. Rachy says

    thank so very much, if the public ip from ISP is on vlan, must i configure the same vlan ID on the client side.

  13. Harris Andrea says

    Not necessary. Vlans have local significance.

    You can ofcourse use the same vlan ID if you want on the client side just for consistency reasons.

  17. Harris Andrea says

    You need to prepare for CCNA and then take the official exam. Right now, there is only a single CCNA exam with code 200-301

  18. Rich says

    Hi,

    I have a question regrading Cisco Routers and Switches.

    What some of most important security-related configuration items of CISCO routers and Switches.

    Also I’m having trouble understanding what TSNA is and what is does. If any could provide me with some explanation that would be great.

    Thank you

  21. EIHeducation says

    I loved reading your blog post about configuring a Cisco Router. I think it was a great way to show how configuring a router is actually easy and a lot more in-depth than I thought. I also liked that you mentioned that you could also do this with the setup utility as well.

    Please check out my LAB Configurations and guide me if I’m doing wrong?

    Here is the link: https://eiheducation.in/ccna-practical/

  22. bantayehu says

    it is very interesting configuration. I am try to configure my router but the internet is not working. What should I do boss?

  24. henry says

    good day sir,plis can your firm send resources material on basic ip configuration,switch configuration and other network resouces to my to my mail? i need al this materail..
    thanks

  26. Harris Andrea says

    yeah it means you don’t have gigabethernet on your router. Run a “show run” first to see how your router’s interfaces are named.

  27. Victor says

    Thank you for well explained configuration. Kindly help with commànd to block some websites.

  29. Harris Andrea says

    Victor, for blocking websites in general, you need a web filtering solution. A router is not ideal for blocking websites.
    The only exception is when the website you want to block has a fixed public IP (which is not usually the case as most serious websites are behind a CDN). If the website has fixed public IP, then you can block it with an Access List.

    Harris

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx