Basic Cisco Router Configuration Step

June 14, 2019

Different IP networks cannot communicate with each other without a router. Routers do this job successfully by sending a packet from one IP network to another IP network using routing. Before using the router, some basic configuration is required. This article covers the initial router configuration. We will use Cisco Packet Tracer for simulation and configuration. Cisco Packet Tracer is network simulator software that can be downloaded from Cisco Website.

Table of Contents

You can also use network simulator software such as Boson and GNS. You may also use an actual Cisco device in place of simulators. When a new Cisco router boots up for the first time or no configuration is found, it asks the user if they want to run through a list of prompts to configure the router. Most Cisco professionals ignore this initial setup wizard because of the lack of a better word. They also like to configure the router manually. The initial setup mode screen is shown in the figure below. This mode is also known as the setup mode.

When a Cisco router is initially booted, and there is nothing configured, the only thing that is needed to configure the router is a console cable. Once a connection is established, the device can be configured. All initial configurations will be covered next in this article. The first prompt, if the user says “no” to the setup wizard, the user will be a user exec mode prompt, as shown below:

Router>

As we learned in the previous article, Cisco IOS supports various command-line interface modes. The following are the main command modes.

User EXEC Mode
Privileged EXEC Mode
Global Configuration Mode
Interface Configuration Mode
Sub-Interface Configuration Mode
Setup Mode
ROM Monitor Mode

To navigate between these modes, we need to execute specific commands:

A table with three columns and nine rows displaying different modes of a router their corresponding prompts and commands to enter or exit each mode The modes include User Exec Privileged Exec Global Configuration Interface Configuration Sub Interface Setup and ROMMON The table is color coded in blue and white for readability — Router Command Modes and Prompts Table

How to Change Default Hostname

Changing the name of the router differentiates the device from others. By default, the name “Router” is configured on each router. So, we can change the router’s default name and configure any name on the router. To do this, command <hostname name> will be used in global configuration mode, For example, as shown in the figure below:

An image of a command line interface with commands being entered on a router The commands shown are for accessing the routers configuration mode and setting the hostname

Router>: This is the initial prompt in user EXEC mode, where limited commands can be entered.

Router>enable: This command is used to enter privileged EXEC mode, where more advanced commands are available.

Router#config terminal: Enters global configuration mode, allowing changes to the router’s configuration.

Router(config)#hostname shahab: This command changes the router’s hostname from “Router” to “shahab”.

shahab(config)#: The prompt shows the new hostname, confirming the change was successful.

How to configure the Password on Cisco router

Considering the importance of the router, the password is essential for each router in the network. The router supports multiple networks and can connect various lines for management, so we need to secure each management line:

Secure Console Port (line console)

Console and Telnet are the most commonly used line types for Cisco routers. The console line allows a local user to access the router when physically connected to the console port. By default, the console port is not configured with any password, so any user with physical access can connect. A password can be configured on the console line to block this access. To configure a password, the user must access the console line configuration mode using the ‘line console 0‘ command and issue the ‘password password‘ command, as shown below on the Shahab router:

An image showing the command line interface CLI of a router where a console password is being configured for user access — Configuring Console Password on a Router

shahab(config)#: The router is in global configuration mode with the hostname “shahab”.

shahab(config)#line console 0: This command selects the console line (physical terminal connection) for configuration. Console line 0 refers to the primary console.

shahab(config-line)#password cisco: This sets the password for the console access to “cisco”.

shahab(config-line)#: The prompt indicates the current mode is still the console line configuration mode.

How to configure telnet and telnet password

We can access the router using telnet when a router has configured at least one interface and the password for telnet. Depending on the model number and IOS software version, the router may also support various numbers of VTY connections. VTY is the name for telnet and SSH connections. By default, only the first five VTY connections are enabled. But when you try to connect them remotely, you will get the following message: “Password required, but none set.” This message gives a warning that the password is not set on VTY lines.

On most Cisco routers, the VTY lines used for telnet connections are labeled from 0 through 4, for a total of 5 lines. The ‘line vty 0 4‘ command is used to gain access to this mode. The following is the procedure to configure telnet access to the router.

An image showing the command line interface CLI of a router where the virtual terminal lines VTY are being configured with a password for remote access — Configuring VTY Virtual Terminal Line Password on a Router

shahab(config)#: The router is in global configuration mode with the hostname “shahab”.

shahab(config)#line vty 0 4: This command selects the VTY lines (virtual terminal lines) for configuration. VTY lines 0 to 4 allow up to 5 simultaneous Telnet or SSH sessions.

shahab(config-line)#password cisco: This sets the password for the VTY lines to “cisco”, which is required for remote access via Telnet or SSH.

shahab(config-line)#login: This command ensures that the router will prompt for a password when someone tries to log in remotely through the VTY lines.

shahab(config-line)#exit: This exits the VTY line configuration mode and returns to global configuration mode.

shahab(config)#: The prompt indicates that the router is back in global configuration mode.

How to secure the privileged EXEC mode and encrypt all passwords

We can secure the privileged EXEC mode using the “enable password “command. The Enable Secret command secures the user in privileged mode with the encrypted password. And using the help of “service password-encryption”, we can encrypt all saved password in the configuration file. The method to secure privileged EXEC mode is the following:

An image showing the command line interface CLI of a network device where the enable password enable secret and password encryption service are being configured — Configuring Enable Password and Secret on a Cisco Router

shahab(config)#: The device is in global configuration mode with the hostname “shahab”.

shahab(config)# enable password cisco: This sets the enable password to “cisco”, which is required to access privileged EXEC mode.

shahab(config)# enable secret cisco1: This sets the enable secret to “cisco1”, providing an additional layer of security.

shahab(config)# service password-encryption: This command enables the encryption of passwords in the configuration file.

shahab(config)#: The prompt indicates that the device is back in global configuration mode.

How to Configure Login Banner

We can configure two banners on Cisco routers: “MOTD” and “Exec.” The banner exec command is not available in the packet tracer, so we can practice only with the banner MOTD command. Both commands work similarly; only the place of a display differs between them. An EXEC banner will display after login, and a MOTD banner will display before login. The following is the procedure for configuring the MOTD banner.

An image showing the command line interface CLI of a network device where a banner message of the day MOTD is being configured to display a warning against unauthorized access — Configuring a Banner Message on a Cisco Router

shahab(config)#: The device is in global configuration mode with the hostname “shahab”.

shahab(config)# banner motd #: This command configures the day banner message of the day (MOTD).

Enter TEXT message. End with the character '#'. Warning: Unauthorized access is prohibited! #: This sets the banner message to display a warning against unauthorized access.

shahab(config)#: The prompt indicates that the device is back in global configuration mode.

How to enable DNS lookup

We can configure a DNS server for our router; the image below illustrates the configuration steps.

A image showing the command line interface CLI of a router where the IP name server is being configured — Configuring IP Name Server on a Router

shahab(config)#: The router is in user EXEC mode with the hostname “shahab”.

shahab#config terminal: This command enters the global configuration mode, as indicated by the prompt changing to shahab(config)#.

shahab(config)#ip name-server 192.168.10.254: This sets the IP name-server address to 192.168.10.254, which is used for DNS resolution.

shahab(config)#exit: This exits the global configuration mode and returns to user EXEC mode.

shahab#: The prompt indicates that the router is now back in user EXEC mode.

%SYS-5-CONFIG_I: Configured from console by console: This system message confirms that the configuration changes have been successfully made from the console.

How to turn off the automatic name resolution

The router is set by default to try to resolve any word not listed in the command to a DNS server at address limited broadcast Address 255.255.255.255. Sometimes, it takes longer when we type some wrong words. We can turn this off by using the following command:

An image showing the command line interface CLI of a router where the DNS lookup is being disabled — Disabling DNS Lookup on a Router

shahab#: The router is in user EXEC mode with the hostname “shahab”.

shahab#config terminal: This command enters the global configuration mode, as indicated by the prompt changing to shahab(config)#.

shahab(config)#no ip domain-lookup: This command disables the router’s DNS lookup feature, preventing the router from attempting to translate unfamiliar command inputs into domain names.

shahab(config)#exit: This exits the global configuration mode and returns to user EXEC mode.

shahab#: The prompt indicates that the router is now back in user EXEC mode.

%SYS-5-CONFIG_I: Configured from console by console: This system message confirms that the configuration changes have been successfully made from the console.

How to assign a Local Name to an IP address

We can assign a local name to an IP address. Usually, the hostname is assigned to the IP address. Once completed, we can use the configured hostname for telnet or ping.

A computer terminal screen showing the execution of network configuration commands — Assign a Local Name to an IP address

shahab# This is the command prompt indicating the device’s hostname (shahab) and that it is in privileged EXEC mode.

shahab#configure terminal This command enters global configuration mode, allowing you to change the device’s configuration.

Enter configuration commands, one per line. End with CNTL/Z. This message indicates that you are now in configuration mode and can enter configuration commands.

shahab(config)#ip host shahab 192.168.1.1 This command assigns the IP address 192.168.1.1 to the host named. shahab.

shahab(config)#exit This command exits the configuration mode and returns to the privileged EXEC mode.

%SYS-5-CONFIG_I: Configured from console by console This system message confirms that the configuration changes were made from the console.

How to Save the Router Configuration

We can save the Router Configuration from user-privileged mode, and we can also save it from global configuration mode, as shown in the figure below:

Apply the same command with “do” and follow the same command in global configuration mode to save the configuration. For example, do write or do copy running-config startup-config as shown in the figure above.

Computer terminal showing network configuration commands and responses — Saving Configuration after doing some changes

Click to Read FAQs – Basic Cisco Router Configuration Step

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.