Cisco router is a device that switches data packets between two different networks.
By default two different
IP network cannot communicate with each other. They need a mediator device that exchanges their
packets. Routers do this job successfully by taking packet from one network and delivering it to another
network. This process is called routing.
Routing is a complex process and need several configurations. Our next articles explain this process in
details with examples. We need to perform some initial configurations on router before it can be used for
routing. In this article we will explain that basic configuration.
We will use Packet Tracer network simulator software for demonstration. It is developed by Cisco System
for the practice of CCNA. You can download Packet Tracer from our site.
Create a network topology as illustrate in following figure
We have created this topology to give you a better overview of commands. You can use single router if you
are unable to replicate this topology in packet tracer. Alternatively you can download this pre-created
topology.
Download practice topology
No matter what you prefer, for reset of this article I assume that you have one router available in workspace
of packet tracer.
Access CLI prompt of router
Cisco IOS supports various command modes, among those followings are the main command modes.
User EXEC Mode
Privileged EXEC Mode
Global Configuration Mode
Interface Configuration Mode
Sub Interface Configuration Mode
Setup Mode
ROM Monitor Mode
You need to execute specific commands to navigate from one mode to another.
Mode
Prompt
Command to enter
Command to exit
User EXEC
Router >
Default mode after
booting. Login with
password, if configured.
Use exit command
Privileged
Router #
Use enable command
Use exit command
�EXEC
Global
Configuration
Interface
Configuration
Sub-Interface
Configuration
Setup
ROMMON
from user exec mode
Router(config)#
Use configure
terminal command from
privileged exec mode
Use exit command
Router(config-if)#
Use interface
type number command
from global
configuration mode
Use exit command
to return in global
configuration mode
Router(config-subif)
Use interface type sub
interface
numbercommand from
global configuration
mode or interface
configure mode
Use exit to return
previous mode.
Use endcommand to
return in privileged
exec mode.
Parameter[Parameter
value]:
Router will
automatically insert in
this mode if running
configuration is not
present
Press CTRL+C to
abort. Type yes to
save configuration,
or no to exit without
saving when asked
in the end of setup.
ROMMON >
Enter reload command
from privileged exec
mode. Press CTRL +
C key combination
during the first 60
seconds of booting
process
Use exit command.
IOS commands are not case sensitive; you can enter them in uppercase, lowercase, or mixed
case.
Password is case sensitive. Make sure you type it in correct case.
In any mode, you can obtain a list of commands available on that mode by entering a question
mark (?).
Standard order of accessing mode is
User Exec mode => Privileged Exec mode => Global Configuration mode => Interface Configuration mode
=> Sub Interface Configuration mode
Router will enter in setup mode only if it fails to load a valid running configuration.
Router will enter in ROMMON mode only if it fails to load a valid IOS image file.
You can manually enter in ROMMON mode for diagnostics purpose.
Enter in global configuration mode to execute following commands.
Change default router name
�By default Router name is configured on routers. We can configure any desired name on
router. hostname command will change the name of router. For example following command will
assign LAB1 name to the router.
Router is a critical device of network. It supports multiple lines for connection. We need to secure each line
[port].
Secure console port
Command
Description
Router(config)#line console 0
Move in console line mode
Router(config-line)#password console
Set console line password to CNN
Router(config-line)#login
Enable password authentication for console line
Secure auxiliary port
Auxiliary port provides remote access to router. You can attach modem in this port. Not all devices support
this port. If your router supports this port use following commands to secure it.
Command
Description
Router(config)#line aux 0
Move into auxiliary line mode
Router(config-line)#password
AUXCNN
Set auxiliary line mode password to
AUXCNN
Router(config-line)#login
Enable auxiliary line mode password
Enable telnet access on cisco router
�Depending on the model number and IOS software version router may supports various number of VTY
connections range from 5 to 1000. VTY is the standard name for telnet and SSH connection. By default
only first five VTYs connections are enabled. But you cannot connect them. When you try to connect them
remotely you will get following message
Password required but none set
This message indicates that password is not set on VTY lines. Password is required to connect VTYs.
Following commands set password to TELCNN on VTYs line.
Command
Description
Router(config)#line vty 0 4
Move into all five VTYs line
Router(config-line)#password TELCNN
Set password to TELCNN on all five lines
Router(config-line)#login
Configure VTYs to accept telnet connection
In above example we set password on all five lines collectively but you can do this separately if you need
different passwords for different lines. Steps will be same.
1.
line vty [line number] command will move into that specific line.
2.
password [password] command will assign the desired password.
3.
login command will enable that line to accept the connection.
Secure privilege exec mode with password
Along with access lines we can also secure privilege exec mode with password. We have two commands
to configure the password.
1.
Switch(config)# enable password Privilege_EXEC_password
2.
Switch(config)# enable secret Privilege_EXEC_password
Both commands will set the password on privilege exec mode. Difference between these commands is the
method of password [Link] password command will store password in plain text while enable
secret command will store password in encryption format.
Login banner
We can configure two types of banner on routers; MOTD banner and Exec banner.
banner exec command is not available in packet tracer. You can practice with banner motd command.
Both commands work in same manner. Only the difference between these commands is the place of
display. MOTD banner will display before the login. An EXEC banner will display after the authentication
process and before the exec mode.
Both commands use delimiting character to specify the starting and ending of message. It means
command parser will terminate the message on delimiting character instead of the Enter key. This feature
allows us to span the message in multiple lines.
�Configure clock time zone
Router allows us to localize the time zone. Following command will set time zone to +5 hour of EST
[Eastern Standard Time].
Router(config)#clock timezone EST 05
Assign hostname to IP Address
Hostname are easy to remember. We can use host name instead of their IP address while connecting with
remote address. Router resolves IP address to hostname in two ways: static and dynamic.
In static method we have to assign hostname to IP address.
In dynamic method we have to configure an external DNS server and need to configure its IP address on
router.
show hosts command will display the currently configured hosts with their IP addresses. Following figure
illustrate an example of static entry for hostname.
Disable automatic domain lookup
By default routers are configured to resolve every word that is not a command. It will first look in static DNS
table for an entry. If it fails to find an entry in static DNS table, it will try with DNS server at address
[Link]. If you are not going to use DNS server or hostname facility, it is better to turn this off. It
will save your time because every incorrectly typed command will cost you a wait of minute or two.
no ip domain-lookup command is used to disable this feature.
Enable logging synchronous
Whenever IOS has any kind of notification, it will display that on command prompt. It fines until prompt is
free. What if you are typing a command and notification line appears in the middle of the command? This is
really annoying. Luckily we can stop this behavior. logging synchronous command will enable
synchronization at command prompt.
�After this if IOS has anything to display it will move prompt and your typed command in next line.
Notification will not insert in the middle of command. If you continue typing, the command will execute
properly, even though it looks wrong at prompt.
Disable auto logout from console line
Cisco IOS has a great security feature to secure the console line. It automatically logs out ideal connection
in 10 minutes. You can disable this feature in lab environment. exec-timeout 0 0 command will disable this.
Never use this command in real world. It could create security risk to your network.
Configure serial interface in router
Serial interface is used to connect wan network. Following command will configure serial 0/0/0 interface.
Command
Description
Router(config)#interface serial 0/0/0
Enter into serial interface 0/0/0 configuration
mode
Router(config-if)#description
Connected to bhilwara
Optional command. It set description on
interface that is locally significant
Router(config-if)#ip address [Link]
[Link]
Assigns address and subnet mask to interface
Router(config-if)#clock rate 64000
DCE side only command. Assigns a clock rate
for the interface
Router(config-if)#bandwidth 64
DCE side only command. Set bandwidth for
the interface.
Router(config-if)#no shutdown
Turns interface on
Serial cable is used to connect serial interfaces. One end of serial cable is DCE while other end is DTE.
You only need to provide clock rate and bandwidth in DCE side.
Configure FastEthernet Interface in router
Usually FastEthernet connects local network with router. Following commands will configure FastEhternet
0/0 interface.
�Command
Description
Router(config)#interface fastethernet 0/0
Enter into the FastEthernet 0/0 interface.
Router(config-if)#description Development
department
This command is optional. It will set
description on interface.
Router(config-if)#ip address [Link]
[Link]
Assigns address and subnet mask to
interface
Router(config-if)#no shutdown
Turns interface on. All interfaces are set to
off on startup.
Disable router interface
By default all interface are administratively down on startup. We should also follow this rule.
For security reason, we should always disable unused interface on router. shutdown command is used to
disable the interface.
Saving running configuration in cisco router
Router keeps configuration in RAM. All settings that we have made in this article will erase once the router
reboot. To preserve this configuration after reboot we must have to save this. Following command will save
running configuration in NVRAM.
Erasing configuration in cisco router
We have done our practice now make it available for next round of practice. As we know that routers load
configuration file from NVRAM in startup.
At the end of startup it takes configuration file from NVRAM and parse it RAM. We need to erase this
configuration file from NVRAM to remove configuration. Following command will delete configuration file
from NVRAM.
