Basic Cisco Router Configuration Step-By-

Step Commands
This post is by no means an exhaustive tutorial about Cisco Routers and how to
configure their numerous features. It is a step-by-step guide for the most

basic configuration commands needed to make the router operational.

When you first power up a new Cisco Router, you have the option of using the “setup”
utility which allows you to create a basic initial configuration.

However, in this post I will show you how to do this basic setup with the Command Line
Interface (CLI).

Mastering the Cisco Router CLI is essential for more complex configuration tasks and it
is the most important knowledge you should acquire if you want to become a Cisco
network administrator.

CLI Configuration Modes

The basic CLI modes that we will be referring below are as following:

Router> <– User EXEC Mode

Router# <– Privileged EXEC mode
Router(config)# <– Global Configuration Mode
Router(config-if)# <– Interface Configuration Mode
Router(config-line)# <– Line Configuration Mode
I assume that you already have some basic knowledge of CLI and how to navigate
between different configuration modes (user mode, privileged exec mode etc), so let’s
get started:

Step-by-Step Configuration of Cisco Routers

Step1: Configure Access Passwords

The first step is to secure your access to the router by configuring a global secret
password and also passwords for Telnet or Console as needed.

Enter into Global Configuration mode from the Privileged EXEC mode:

Router# configure terminal <– Privileged EXEC mode

Router(config)# <– Global Configuration Mode

In Global Configuration Mode you configure parameters that affect the whole router
device. Here we will configure the Enable Secret password that you will be using from
now own to enter into Privileged EXEC Mode from User EXEC Mode.

Router(config)# enable secret “somestrongpassword”

From now on, when you log in from user EXEC mode you will be asked for a password.

It is suggested also to configure a password for the Telnet Lines (VTY lines) which will
secure your access when connecting via Telnet over the network.

Router(config)# line vty 0 4

Router(config-line)# password “strongTelnetPass”
Router(config-line)# login

Some people prefer to create also local user accounts (usernames and passwords) on
the router itself in order to authenticate to the device. Here I’m explaining how to
configure this specific setup.

Step2: Configure a Router Hostname

To differentiate your Router from other devices in the network, you should configure a
Hostname for your device.

Router(config)# hostname My-Router

My-Router(config)#

Notice that your Router prompt changes to the new hostname that you have just set.
Step3: Configure IP addresses for Router Interfaces

This is an essential step in order for your router to be able to forward packets in the
network. The most basic parameter for a Router Interface is the IP address. From
Global Configuration Mode you need to enter into Interface Configuration Mode:

My-Router(config)# interface GigabitEthernet 0/0

My-Router(config-if)# ip address 100.100.100.1 255.255.255.252
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

My-Router(config)# interface GigabitEthernet 0/1

My-Router(config-if)# ip address 192.168.10.1 255.255.255.0
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

MORE READING: Routing Redistribution on Cisco Routers (Cheat Sheet)

Step4: Configure Routing (Static or Dynamic)

The Router’s main purpose is to find the best route path towards a destination network
and forward packets according to the best path.

There are two main ways a router knows where to send packets. The administrator can
assign static routes, or the router can learn routes by using a dynamic routing
protocol.

For simple network topologies, static routing is preferred over dynamic routing. Let’s see
how to configure static routes from Global Configuration Mode.

My-Router(config)# ip route [destination network] [subnet mask] [gateway]

My-Router(config)# ip route 200.200.200.0 255.255.255.0 100.100.100.2

The command above tells the router that network 200.200.200.0/24 is reachable via
gateway address 100.100.100.2.

Another popular static route that we usually configure on Internet Border routers is the
default static route:

My-Router(config)# ip route 0.0.0.0 0.0.0.0 100.100.100.2

The default static route above instructs the router to send ALL packets that the router
does not have a more specific route entry to gateway address 100.100.100.2 (which
might be the ISP gateway address).

Step5: Save your configuration

Save your current running configuration into NVRAM. This will overwrite the startup
configuration.

My-Router(config)# exit
My-Router# copy running-config startup-config

You can display your current configuration to verify your settings as following:

My-Router# show running-config

Step 6 (optional): Configure NAT

This step is optional and is required only if your router acts as Internet border
gateway to provide access to the internal private LAN towards the Internet.

Assume that interface GigabitEthernet 0/0 is the WAN interface (connected to ISP for
Internet access) and interface GigabitEthernet 0/1 is the LAN interface connected to
the internal network.

My-Router# conf term

My-Router(config)# interface GigabitEthernet 0/0
My-Router(config-if)# ip nat outside
My-Router(config-if)# exit

My-Router(config)# interface GigabitEthernet 0/1

My-Router(config-if)# ip nat inside
My-Router(config-if)# exit

The commands above tell the router that traffic entering GigEth 0/1 will be NAT
translated. Also, traffic exiting GigEth 0/0 will also be NAT translated.

Now we need to create an Access List which will identify which specific traffic will be
translated using NAT. Assuming that the internal LAN network is 192.168.10.0/24 :

My-Router(config)# access-list 1 permit 192.168.10.0 0.0.0.255

My-Router(config)# ip nat inside source list 1 interface GigabitEthernet 0/0
overload

The commands above will create a NAT overload (PAT) rule which tells the router to
translate any address identified in Access List 1 to the address assigned to
GigabitEthernet0/0. The overload keyword allows one public address to be shared
among several private internal addresses.

Step 7 (optional): Configure DHCP

A Cisco router can be configured as a DHCP server to assign IP addresses dynamically

to internal hosts. First we need to create a pool of IP addresses that will be used to
assign to clients:

! Configure the DHCP pool to assign addresses to internal hosts

ip dhcp pool lan-pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8

Then, exclude which IP addresses you don’t want to be assigned by the router:

! Do not assign addresses 1 to 50

ip dhcp excluded-address 192.168.10.1 192.168.10.50

MORE READING: Blocking peer-to-peer using Cisco IOS NBAR - Configuration

Example

How to connect to a Router in order to Configure it:

You can connect to a Cisco IOS Router either directly or remotely. For the first time
when the device is not configured yet, you usually connect directly with a console cable
via the CON port.

The console cable connection is also called “out of band” connection method. After you
configure the router and assign IP addresses to its interfaces, you can connect to the
router from the network with an “in-band” connection method using Telnet or SSH. Note
however that Telnet uses clear-text communication whereas SSH uses encrypted
traffic, therefore SSH is preferred.

Router Configuration Modes

After connecting to a Cisco Router (let’s say using a console), you are presented with
the Command Line Interface in which you type and enter configuration commands.

After typing a command, you press enter and the command is automatically active on
the device. For example using the “shutdown” command on an interface, automatically
disables the interface. Now, there are two Router Configuration Modes (or access
modes):

 User EXEC Mode: Allows the administrator to access only limited monitoring
commands. You can not actually make any configurations from this mode. The
command prompt on this mode is “router>”
 Privileged EXEC Mode: Allows the administrator to access all device
commands, such as those used for configuration and management, and can be
password protected to allow only authorized users to access the device at this
“full-access” level. This mode is also called enable mode because you get to it
with the enable command. The command prompt on this mode is “router#”.
From the privileged EXEC mode you can start configuring the device by typing
“configure terminal“

Router Memory Types

A Cisco router has four memory types:

 ROM: This is where the POST script of the router is located. The POST software
(Power On Self Test) is used during startup to perform the initial hardware
checking of the device. The ROM also holds a mini-IOS used for password
recovery.
 RAM: This is where the running configuration is located. After the device boots
up, the IOS software is loaded into RAM. Also, RAM holds routing tables,
network parameters during operation etc. When configuring the router, we
actually change the running-configuration which as we said is stored into RAM
 NVRAM: When we save the running-configuration (using the command “write“) it
is stored into the NVRAM and becomes the startup-configuration. After rebooting
the router, the startup-configuration is loaded from the NVRAM.
 Flash: This is like the hard-disk of a PC. It holds the IOS software image file and
any backup configurations that you might save from time to time.

When you issue the “show running-configuration” command on the router you
instruct the device to display the current running configuration in RAM. When you issue
the “show startup-configuration” command you instruct the router to display the
stored configuration in the NVRAM.

Related Posts