In this tutorial, you will learn the Basic Cisco Router Configuration Commands. This is a Step by Step command guide which helps you to toggle different Configuration Modes and Basic Router Configurations.
Cisco IOS CLI Access Mode
The trickiest part of learning how to manage Cisco devices is understanding the different configuration modes and how to toggle from one mode to another. Each Cisco device supports several CLI Access modes. There are mainly four modes:
- User EXEC
- Privileged EXEC Mode
- Global Configuration Mode
- ROMMON
The first three CLI access modes apply to IOS, where else the last mode or ROMMON mode is used If your router does not find a valid system image to load when it is booting. In the further sections, we will discuss each mode.
User EXEC Mode
When you first connect to a Cisco router, your initial access to the CLI is via User EXEC mode. User exec mode is a read-only mode with a limited number of commands where you can only look at the device settings, but not modify any settings. If you see a ‘>‘ character after the device name prompt, you are in User EXEC mode.
Router>
The default name of any Cisco router is Router. User EXEC mode is used for basic troubleshooting of Network Problems.
Privilege EXEC Mode
Privilege EXEC mode allows you one step ahead to make changes to the router’s configuration. If you want to make any changes to your Cisco router, first you need to move into Privilege EXEC mode by using enable command. Once you enter privilege exec mode, your prompt changes by having a “#” sign in it.
Step: Type enable in the User EXEC mode and press Enter.
Router>enable
Router#
In Privilege EXEC mode you can execute advanced management and troubleshooting command including all the commands of User EXEC mode. In this mode, you can not change any configuration of the Cisco Router. Although you can use extended ping, traceroute, debug for detailed troubleshooting, etc.
If you wanted to go back to User EXEC mode from Privilege EXEC mode use disable command.
Step: Type disable in the Privilege EXEC mode and press Enter.
Router#disable
Router>
Global Configuration Mode
Global Configuration Mode allows us to make any changes in Cisco Router. All the device configuration-related changes must occur within Configuration mode. To access this mode, first, you have to be in Privilege EXEC mode then only you can use configure terminal command to move into Global Configuration Mode. Once you are in Global Configuration mode, notice that the prompt changed to ‘(config)#‘.
Step: Type configure terminal in the User Privilege EXEC mode and press Enter.
Router>enable
Router#configure terminal
Router(config)#
If you wanted to go back to Privilege EXEC mode from Global Configuration mode use exit command.
Step: Type exit in the Global Configuration EXEC mode and press Enter.
Router(config)#exit
Router#
There are certain configuration commands on the router, to execute them you need to navigate to specific subconfiguration modes. There are:
- Interface Subconfiguration Mode.
- Subinterface Subconfiguration Mode.
- Line Subconfiguration Mode.
- Controller Subconfiguration Mode.
- IP Routing Protocol Subconfiguration Mode.
When we made any changes in subconfigure modes, the command will affect only a specific component of the router. We will discuss more about subconfiguration modes in some other tutorials.
Logging out from Router
To log out from the router use the logout or exit command, either from User EXEC mode or Privilege Mode.
Router#exit or Router#logout
Basic Cisco Router Configuration
So far we have learned the different CLI Access Modes, their purpose, and how to toggle between them. Now in the following section, we will see what are the Basic Cisco Router Configuration steps an administrator should know.
How to change Router Hostname
One of the first configuration tasks most administrators perform is, change the default name of the router. If you are managing a number of devices, renaming the name will be a best practice to identifying them.
To change the default hostname of the router use hostname command in the global configuration mode.
Step: Type hostname then the name you want to assign and press Enter.
Router(config)#hostname Ofbit-R1
Ofbit-R1(config)#
To change the hostname back to the default use no hostname command.
Ofbit-R1(config)#no hostname
Router(config)#
Configure Access Password
As a part of a basic router configuration, this must be the second and most important step. The router is the most critical device on Network. The first and most common way to restricting access to the device is to use some type of user authentication, i.e. configuring a password.
We can configure passwords to restrict access in both the User EXEC and Privilege EXEC mode.
Password Configuration on User EXEC mode
A router can be accessed from multiple lines. To control unauthorized access to User EXEC mode we need to secure line-by-line basis – Console, auxiliary, TTYs, and VTYs.
To Secure the console port, we need to move into Line Subconfiguration mode from where we configure the line password. Use line console 0 command to move into Line Subconfiguration mode.
Router>enable
Router#configure terminal
Router(config)#line console 0
Router(config-line)#
Once you are in Line Subconfiguration mode, to assign the console password, use the password command followed by the password you want to assign.
Router(config-line)#password YourPassword
We have assign the password under line console 0, it will set the User EXEC password for console port only.
Next, we configure the auxiliary port password. An Auxiliary port is typically used as a backup console port or remote access port with a modem attached to it. Not all devices support auxiliary ports. If you have this port, use the line aux 0 command first then use the password command followed by the desired password and hit Enter.
Router>enable Router#configure terminal Router(config)#line aux 0 Router(config-line)#password YourPassword
Now, we will set the telnet password for VTYs. By default, only the first five VTYs are enabled. If any device has more, they must manually be enabled. if you try to log in remotely using telnet and encounter the following message then you have not configured a password on the line yet.
Password required but none set
Since the router supports at least 5 (0-4) VTY sessions. Rather than assigning each of them with different passwords, use the beginning and ending VTY numbers on the same line to select them all while entering in Line Subconfiguration mode.
Router>enable
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#
Now you are in Line Subconfiguration mode, use the password command followed by the desired password that you want to set.
Router(config-line)#password YourPassword
Password Configuration on Privilege EXEC mode
So far we have secure access lines, now we will secure the Privilege EXEC mode with the password. Here we have two options one is using secret and another one is with password parameter.
Router(config)#enable password YourPassword or Router(config)#enable Secret YourSecret
The difference is if you use the secret parameter, it encrypts the privilege EXEC password, where else password parameter does not encrypt the password. If you apply both commands, a password with a secret parameter will take precedence over the password parameter.
Router Interface Configuration
So far we have changed the default hostname and secure the lines. Next, we will configure the Router Interfaces with an IP address. By assigning the IP address to the required port, your router will be able to communicate across the network. To configure an interface, you must first enter to Interface Subconfiguration Mode.
Step: To enter into Interface Subcnfiguration Mode from Global Configuration Mode use interface command followed by type and location (slot#/port#).
Router(config)#interface type slot#/port#
Router(config-if)#
For example, we can use any of the following nomenclatures.
Router(config)#interface fastEthernet 0/0
or
Router(config)#interface fastEthernet0/0
or
Router(config)#interface f 0/0
or
Router(config)#interface f0/0
Once you are in Interface Subcnfiguration Mode the prompt will change from (config)# to (config-if)#.
Based on which model you have, routers will contain any number of interfaces, where each interface being of a different type. Let’s discuss some of the most common different types of interfaces.
Ethernet: It is a 10 Mbps network card, used to connect LAN environment.
Fast Ethernet: It is a 100 Mbps network card, and supports speed settings of 10 or 100 Mbps. Used to connect to a LAN environment.
Gigabit Ethernet: It is a 1000 Mbps network card, and supports speed settings of 10, 100, or 1000 Mbps. Used to connect to a LAN environment or a high-speed Internet connection for home or small office use.
Serial: Used to connect to your WAN environment by connecting to the channel service unit/data service unit (CSU/DSU) or another WAN interface. Alternatively, you can use a back-to-back serial cable to connect one Cisco router directly to another.
Based on the Interfaces available on the router we have to configure them one by one. But, the basic concept in administering the interfaces is the same. Although you might also find some extra options, it depends. For this guide, I will configure the Fast Ethernet port as an example.
Configuring Fast Ethernet Port
As already said, the configuration of Interface can be only done through Interface Subconfiguration Mode.
Router(config)#interface fastEthernet 0/0
Router(config-if)#
Assign IP Address to Fast Ethernet Port
Step: To assign an IP address, type ip address command followed by the IP address and subnet mask.
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Optionally you can add a description, but technically this has no benefit, although this will help anyone while viewing the interface configuration, what the interface is connecting to.
Step: To place a description on the port, use the description command followed by the description you want to give.
Router(config-if)#description Perimeter Router
Assign Speed and Duplexing for Fast Ethernet Interface
Once we assign the IP address to the port, next you can specify the speed of the interface, i.e. 10, 100, or 1000 Mbps and duplex setting, i.e. half-duplex, full-duplex, or auto.
Although manual configuration is no longer required, instead, interface auto-sense these settings while you connect any device to it.
Step: To set the Speed use speed command followed auto parameter.
Router(config-if)#speed auto
Step: To set the Duplex, use the duplex command followed by auto parameter.
Router(config-if)#duplex auto
Configuring Router Serial Ports
Serial ports are used to connect to the WAN network or to connect two routers directly together. The first thing is to assign the IP address.
Step: To assign the IP Address use ip address command followed by WAN IP and Subnet mask.
Router>enable
Router#configure terminal
Router(config)#interface serial 2/0
Router(config-if)#ip address 172.67.157.37 255.255.0.0
Once we have assigned the IP address to the Serial port, it’s time to specify the serial link encapsulation protocol that will carry the data across the link. There are two common serial link encapsulation protocols:
HDLC: The High Data Link Control protocol, Cisco-proprietary protocol, use to connect to another Cisco device.
PPP: The Point-To-Point Protocol, an industry-standard serial link protocol that supports authentication and is used to connect to any equipment that supports PPP.
Step: To assign Encapsulation Protocol we use encapsulation command followed by the protocol name.
Router(config-if)#encapsulation hdlc
Here we use HDLC protocol as at the other end of the serial link we connect another Cisco device. If you are at the data communication equipment (DCE) end of the link, next, we have to specify the clock rate of the link.
Step: To set the Clock Rate, use clock rate command followed by the rate in bits per second.
Router(config-if)#clock rate 64000
While choosing clock rate, we suggest you instead of choosing arbitrary value, use context-help to find out which rates your serial port supports.
Enable Router Interface card
By default interfaces are disabled on Cisco Routers. Once we have done with IP address and other interface configuration, first thing is to enable the card, i.e. Serial port, Fast Ethernet, or any other.
Step: To Enable the Interface use the no shutdown command in the Interface Subconfiguration Mode.
Router>enable
Router#configure terminal
Router(config)#interface f0/0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
This command enables the Fast Ethernet 0/0 port as in the third line we select f0/0 after the interface command. And the last line indicated that the Physical layer is activated. To enable Serial Port, use serial 2/0 in the place of f0/0.
Disable Router Interface card
If any of your unused port is enabled, for security reasons you must disable them.
Step: To Disable the Router interface card, use the shutdown command in the Interface Subconfiguration Mode.
Router>enable
Router#configure terminal
Router(config)#interface f1/0
Router(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
Save the Basic Router Configuration Changes
When we make any changes to the Router configuration, it is stored in Temporary Memory. If you want to retain the changes after a reboot, store the configuration in the startup configuration or you can say in NVRAM. To execute this command navigate to Privilege EXEC mode.
Step: To Save the active configuration to NVRAM, use the copy running-config startup-config command and press Enter. Next, it will ask for a filename for the configuration file. Press Enter.
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
The default name of the Configuration file which IOS looks for during boot is ‘startup-config‘. You must save the most current configuration with this name only. You can use different names for backup configuration files. Use the below command to view the saved configuration in NVRAM.
Router#show startup-config
Alternatively, you can use a write memory command or use the shortcut, just ‘wr’ in Privilege EXEC Mode to save the configuration to NVRAM.
Router#write memory
Building configuration…
[OK]
or
Router#wr
Building configuration…
[OK]
That’s all in this Tutorial. I hope you will find this Basic Cisco Router Configuration – Step by Step Command Guide helpful. If you find I missed something, do let me know in the comment section.
Follow us:
If you like our articles and tutorials, you can follow us on Facebook. Also, join our Official Facebook Group for QnA sessions and Discussions with the worldwide technical community.
