Configure Cisco Router Step-by-Step Guide
This tutorial provides step-by-step instructions for configuring a Cisco router. It explains how to secure access, erase the running configuration, enable Telnet or SSH, set the hostname, configure the login banner and time zone, and set up FastEthernet and serial interfaces, and many other essential tasks.
Navigating IOS modes
Cisco IOS supports the following command modes.
- User Exec Mode
- Privilege Exec Mode
- Global Configuration Mode
- Interface Configuration Mode
- Sub Interface Configuration Mode
- Setup Mode
- ROMMON Mode
The following table lists essential commands to navigate between different IOS modes.
| Mode | Prompt | Command to enter | Command to exit |
| User Exec | Router> | Default mode after booting. Log in with a password, if configured. | Use the exit command. |
| Privilege Exec | Router# | Use the enable command from user Exec mode. | Use the exit command. |
| Global configuration | Router(config)# | Use the configure terminal command from Privilege Exec mode. | Use the exit command. |
| Interface Configuration | Router(config-if)# | Use the interface type number command from Global configuration mode. | Use the exit command to return to Global configuration mode. |
| Sub-Interface configuration | Router(config-subif) | Use the interface type sub-interface number command from Global configuration mode or interface configure mode. | Use the exit command to return to the previous mode. Use the end command to return to Privilege Exec mode. |
| Setup | Parameter[Parameter value]: | Router will automatically insert in this mode if the running configuration is not present. | Press CTRL+C to abort. Type 'yes' to save the configuration, or 'no' to exit without saving when asked at the end of setup. |
| ROMMON | ROMMON> | Execute the reload command from Privilege Exec mode. Press CTRL+C during the first 60 seconds of the boot process. | Use the exit command. |
- IOS commands are not case sensitive. You can enter them in uppercase, lowercase, or mixed case.
- Passwords are case sensitive. You must enter them in the correct case.
- In any mode, you can obtain a list of commands available in that mode by entering a question mark (?).
- The router enters setup mode only if a valid running configuration is not present.
- The router enters ROMMON mode only if it fails to load a valid IOS image file.
- If required, you can manually enter ROMMON mode for diagnostic purposes.
The standard order for accessing modes is as follows:
User Exec mode => Privilege Exec mode => Global configuration mode => Interface configuration mode => Sub Interface configuration mode
Essential Global configuration mode commands
Enter global configuration mode to execute these commands.
Changing the default router name
The default router name is Router. The hostname command lets you change this. The following command changes the hostname to LAB1.
Protecting a router from unauthorised access
A router supports multiple management ports. A management port connects the router with a remote device. You can use it to access the router’s CLI prompt. You can categorise management ports into two types: standard and non-standard. A standard port requires physical access to the router. A console port is a physical port. A non-standard port uses a virtual connection. You can access it from any device connected to the router. Routers keep all non-standard ports disabled. To use a non-standard port to access the router, you must first enable it. You can secure each port with a password.
Securing a console port
| Command | Description |
| Router(config)#line console 0 | Enter console line mode |
| Router(config-line)#password console | Set the console line password to CNN |
| Router(config-line)#login | Enable password authentication for the console line |
Securing an auxiliary port
An auxiliary port allows you to remotely access the router via a modem. Not all devices include this port. If available, use the following commands to secure it.
| Command | Description |
| Router(config)#line aux 0 | Enter auxiliary line mode |
| Router(config-line)#password AUXCNN | Set auxiliary line mode password to AUXCNN |
| Router(config-line)#login | Enable auxiliary line mode password |
Enabling and securing VTY lines
VTY lines are not physical ports. They refer to virtual ports that you can access via remote management protocols such as Telnet and SSH. Depending on the model and IOS version, a router may support between 5 and 1000 VTY connections. By default, it keeps only the first five VTY lines enabled. However, you cannot use them to connect to the router until you set a password on them. You can configure a common password for all lines or a separate password for each line. If you access a VTY line without securing it with a password, the router will display the error message.
Password required, but none set.
This message indicates that no password is set on the VTY lines. A password is required for VTY access. The following commands set the password to TELCNN.
| Command | Description |
| Router(config)#line vty 0 4 | Enter all five VTY line configuration mode |
| Router(config-line)#password TELCNN | Set password to TELCNN on all five lines |
| Router(config-line)#login Configure | VTY lines to accept remote connection |
The above configuration enables a common password for all five lines. To use a different password for each line, repeat the above commands for each line.
The line vty [line number] command will move into that specific line.
The password [password] command will assign the desired password.
The login command will enable that line to accept the connection.
Securing Privilege Exec mode
Along with access lines, you can also secure Privilege Exec mode with a password. You have the following two commands for this.
Switch(config)# enable password Privilege_EXEC_password Switch(config)# enable secret Privilege_EXEC_password
Both commands set a password for Privilege Exec mode. The enable password command stores the password in plain text, while the enable secret command stores it in encrypted format.
Showing a banner
A router supports two types of banners: MOTD and EXEC. The MOTD banner appears before login, while the EXEC banner appears after. The banner exec command sets an EXEC banner. The banner motd command configures a MOTD banner.
Both commands use a delimiting character to mark the start and end of the message. This allows the message to span multiple lines, as the parser ends the message at the delimiter rather than the Enter key.
Setting up a time zone
The clock command configures the router's time zone. The following command sets the time zone to +5 hours from EST (Eastern Standard Time).
Router(config)#clock timezone EST 05
Assigning a hostname to an IP Address
Hostnames are easier to remember than IP addresses and can be used when connecting to remote servers. A router resolves IP addresses to hostnames either statically or dynamically.
In the static method, you manually assign a hostname to an IP address.
In the dynamic method, you configure an external DNS server and its IP address on the router.
The ip host command maps a hostname to an IP address. The show hosts command shows configured hosts and their IP addresses.
Disabling automatic domain lookup
By default, routers attempt to resolve an unrecognised word as a hostname. They first check the static DNS table, then query the DNS server at 255.255.255.255 if no entry is found. If you do not use DNS or hostname resolution, you can disable this feature to avoid delays caused by mistyped commands. The no ip domain-lookup command disables this feature.
Enable logging synchronous
A router displays notifications at the command prompt. If you are typing a command, the notification may interrupt your input. To prevent this, you can use the logging synchronous command. It synchronises notifications with the prompt.
After enabling this feature, the router moves the prompt and your input to the next line when displaying notifications. Notifications will not interrupt your command entry, and commands will execute correctly.
Disabling the auto-logout feature
Routers automatically terminate idle console connections after 10 minutes for security. In a lab environment, you can disable this feature using the exec-timeout 0 0 command.
Configuring a serial interface
A serial interface connects the router to a WAN network. The following commands configure the serial 0/0/0 interface.
| Command | Description |
| Router(config)#interface serial 0/0/0 | Enter interface configuration mode. |
| Router(config-if)#description Connected to Bhilwara | Optional command. Set a locally significant description on the interface. |
| Router(config-if)#ip address 10.0.0.1 255.0.0.0 | Assign the IP address and subnet mask to the interface. |
| Router(config-if)#clock rate 64000 | DCE side only command. Assigns a clock rate for the interface. |
| Router(config-if)#bandwidth 64 | DCE side only command. Set bandwidth for the interface. |
| Router(config-if)#no shutdown | Turns the interface on. |
A serial cable connects two serial interfaces. One end is DCE, and the other is DTE. Configure the clock rate and bandwidth only on the DCE side.
Configuring a FastEthernet Interface
Fast Ethernet typically connects a local network to the router. The following commands configure the Fast Ethernet 0/0 interface.
| Command | Description |
| Router(config)#interface fastethernet 0/0 | Enter interface configuration mode. |
| Router(config-if)#description Development department | Optional command. Set the description on the interface. |
| Router(config-if)#ip address 192.168.0.1 255.255.255.0 | Assign the IP address and subnet mask to the interface. |
| Router(config-if)#no shutdown | Turns the interface on. |
The no shutdown command in interface configuration mode enables the interface. The shutdown command shuts it down.
Saving the running configuration
A router keeps all running configurations in RAM, which is lost after a reboot. To retain it after the reboot, you must save it in NVRAM as the startup configuration. When a router starts, it loads the startup configuration in RAM as the running configuration. The following command copies the running configuration in NVRAM as the startup configuration.
Router#copy running-config startup-config
Erasing startup configuration
Erasing the startup configuration resets the router. The following command deletes the startup configuration.
Router#erase startup-config
Conclusion
This tutorial explained basic router configuration commands through examples. By practising these commands, you can gain the confidence and expertise needed to manage Cisco routers effectively. Mastery of these basic configuration commands provides a strong foundation for more advanced network management and troubleshooting.
By ComputerNetworkingNotes Updated on 2025-12-11