2

Configuring basic settings on a Cisco Router

Posted on by bl4ckwidow

Introduction

A Router is a network device that receives, inspects and analyzes incoming packets from a source network and then forwards these packets to a different destination network.
You tell a router what to do. Otherwise without doing so, it will not know what to do.

In this lab, we are going to configure the very basic settings on a Cisco Router using the Cisco Internetwork Operating System (IOS) CLI.
This lab is intended for the beginners who wants to begin their networking journey, more so, starting their career with Cisco certifications.
Without further ado, let’s start.

Prerequisites.

  • Packet Tracer or a similar network emulation software such as GNS3 or EVE-NG.

In my lab, I will be using EVE-NG with Cisco IOS dynamips image.
The commands used will not vary from those on Packet Tracer and GNS3.

Add a new Router on your new workspace and power it on.

Before we jump into configurations, Cisco IOS CLI has different command modes. Each mode has access to a different set of IOS commands.
Let’s have a look at them.

  • User Mode (User Exec Mode)
    This is the first mode you log into once you access your router. You can do basic commands such as show system’s status. In this mode, you cannot configure the router, neither can you reload/reboot the router. The below shows the user exec mode;

    Router>
  • Privileged Mode (Privileged Exec Mode) On the user exec mode, you use the command enable to jump into the privileged exec mode. In this mode, you will be able to view system configurations or reload a router and also erase the router’s startup configuration. An enable password/secret can be set to prevent unauthorized access to this mode as well as the global configuration mode. The Privileged Exec mode is identified as below;

    Router>enable
    Router#
  • Global Configuration Mode
    From the Privileged Exec Mode, you use the command configure terminal to jump into the global configuration mode. In this mode, a user can configure the router as well as modify the current system configurations. To exit this mode you can use exit command and it will take you back to the privileged exec mode. You can also use the end command to return straight to the user exec mode. This mode is identified by below;

    Router>enable
    Router#configure terminal
    Router(config)#

Now that you have an understanding of the different configuration modes the Cisco IOS CLI has to offer, lets jump into configuring basic router settings.

Access the router and go straight to the global configuration mode and begin.

Set a hostname for the router

To configure a hostname, we will use the hostname command in the global configuration mode.

Router(config)#
Router(config)#hostname GATEWAY-ROUTER
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#

Disable DNS

Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as though they were hostnames.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#no ip domain-lookup
GATEWAY-ROUTER(config)#

Set minimum password length

Set a minimum password length of your choice.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#securit
GATEWAY-ROUTER(config)#security pass
GATEWAY-ROUTER(config)#security passwords min
GATEWAY-ROUTER(config)#security passwords min-length ?
  <0-16>  Minimum length of all user/enable passwords

GATEWAY-ROUTER(config)#security passwords min-length 8
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#

Assign a secret password

Set a security secret password for your privileged exec mode.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#enable
GATEWAY-ROUTER(config)#enable sec
GATEWAY-ROUTER(config)#enable secret strongpass
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#

Set a console password

Assign strongpass as the console password, establish a timeout, enable login, and add the logging synchronous command. The logging synchronous command synchronizes debug and Cisco IOS software output and prevents these messages from interrupting your keyboard input.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#line console
GATEWAY-ROUTER(config)#line console 0
GATEWAY-ROUTER(config-line)#
GATEWAY-ROUTER(config-line)#
GATEWAY-ROUTER(config-line)#passwo
GATEWAY-ROUTER(config-line)#password strongpass
GATEWAY-ROUTER(config-line)#
GATEWAY-ROUTER(config-line)#exec-time 5 0
GATEWAY-ROUTER(config-line)#
GATEWAY-ROUTER(config-line)#login
GATEWAY-ROUTER(config-line)#
GATEWAY-ROUTER(config-line)#logging
GATEWAY-ROUTER(config-line)#logging sy
GATEWAY-ROUTER(config-line)#logging synchronous
GATEWAY-ROUTER(config-line)#
GATEWAY-ROUTER(config-line)#exit
GATEWAY-ROUTER(config)#

NB The command exec-timeout 5 0 means that the console will timeout after 5 minutes and 0 seconds. You can set your desired exec timeout

Encrypt passwords

Encrypt all clear text passwords/secrets that are configured on the router.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#service password-encryption
GATEWAY-ROUTER(config)#

Create a banner

The banner will be used to warn anyone accessing the router.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#banner
GATEWAY-ROUTER(config)#banner motd c
Enter TEXT message.  End with the character 'c'.
##### UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED ####
c
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#

motd stands for message of the day
You can set different banners on your Cisco Router from the below options;

GATEWAY-ROUTER(config)#banner
GATEWAY-ROUTER(config)#banner ?
  LINE            c banner-text c, where 'c' is a delimiting character
  config-save     Set message for saving configuration
  exec            Set EXEC process creation banner
  incoming        Set incoming terminal line banner
  login           Set login banner
  motd            Set Message of the Day banner
  prompt-timeout  Set Message for login authentication timeout
  slip-ppp        Set Message for SLIP/PPP

GATEWAY-ROUTER(config)#banner

NB Using the ‘?’ after a command will display all the available options that goes with that command. This is a feature within the Cisco IOS CLI

Configure an IP Address

The router needs an ip address for different interfaces. Let’s set the ip address for an interface.
Before you do that, check your interface namings. Use the below command in privileged exec mode;

NB By default, all interfaces of a router are set to down as compared to a switch which will come up automatically on boot.

GATEWAY-ROUTER#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        unassigned      YES NVRAM  administratively down down
FastEthernet1/0        unassigned      YES NVRAM  administratively down down
Ethernet2/0            unassigned      YES NVRAM  administratively down down
Ethernet2/1            unassigned      YES NVRAM  administratively down down
Ethernet2/2            unassigned      YES NVRAM  administratively down down
Ethernet2/3            unassigned      YES NVRAM  administratively down down
Ethernet3/0            unassigned      YES NVRAM  administratively down down
Ethernet3/1            unassigned      YES NVRAM  administratively down down
Ethernet3/2            unassigned      YES NVRAM  administratively down down
Ethernet3/3            unassigned      YES NVRAM  administratively down down
Ethernet3/4            unassigned      YES NVRAM  administratively down down
Ethernet3/5            unassigned      YES NVRAM  administratively down down
Ethernet3/6            unassigned      YES NVRAM  administratively down down
Ethernet3/7            unassigned      YES NVRAM  administratively down down
GATEWAY-ROUTER#

All interfaces are administratively down. Lets configure interface FastEthernet0/0 with an ip address and bring the interface up. We will also give it some description as well as allocate bandwidth to the interface.

GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#interface faste
GATEWAY-ROUTER(config)#interface fastethernet 0/0
GATEWAY-ROUTER(config-if)#
GATEWAY-ROUTER(config-if)#
GATEWAY-ROUTER(config-if)#ip add 10.10.10.1 255.255.255.0
GATEWAY-ROUTER(config-if)#
GATEWAY-ROUTER(config-if)#band
GATEWAY-ROUTER(config-if)#bandwidth 100000
GATEWAY-ROUTER(config-if)#
GATEWAY-ROUTER(config-if)#description LINK TO INSIDE NETWORK
GATEWAY-ROUTER(config-if)#
GATEWAY-ROUTER(config-if)#no shutdown
GATEWAY-ROUTER(config-if)#
GATEWAY-ROUTER(config-if)#exit
GATEWAY-ROUTER(config)#
GATEWAY-ROUTER(config)#
*Apr  2 13:27:04.415: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Apr  2 13:27:05.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
GATEWAY-ROUTER(config)#

Once you have completed the configuration, a message will show up on the console informing us that the interface is up. We can use the command show ip interface brief to show interfaces status again.

GATEWAY-ROUTER#show ip
*Apr  2 13:28:14.195: %SYS-5-CONFIG_I: Configured from console by console
GATEWAY-ROUTER#show ip int brie
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.10.10.1      YES manual up                    up
FastEthernet1/0        unassigned      YES NVRAM  administratively down down
Ethernet2/0            unassigned      YES NVRAM  administratively down down
Ethernet2/1            unassigned      YES NVRAM  administratively down down
Ethernet2/2            unassigned      YES NVRAM  administratively down down
Ethernet2/3            unassigned      YES NVRAM  administratively down down
Ethernet3/0            unassigned      YES NVRAM  administratively down down
Ethernet3/1            unassigned      YES NVRAM  administratively down down
Ethernet3/2            unassigned      YES NVRAM  administratively down down
Ethernet3/3            unassigned      YES NVRAM  administratively down down
Ethernet3/4            unassigned      YES NVRAM  administratively down down
Ethernet3/5            unassigned      YES NVRAM  administratively down down
Ethernet3/6            unassigned      YES NVRAM  administratively down down
Ethernet3/7            unassigned      YES NVRAM  administratively down down
GATEWAY-ROUTER#

From the output our interface is up.

Set the clock

To set the clock issue the below command in privileged exec mode

GATEWAY-ROUTER#
GATEWAY-ROUTER#clock set 14:14:00 2 April 2020
GATEWAY-ROUTER#
GATEWAY-ROUTER#
*Apr  2 14:14:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 13:29:44 UTC Thu Apr 2 2020 to 14:14:00 UTC Thu Apr 2 2020, configured from console by console.
GATEWAY-ROUTER#

Save the configuration

At the moment we have a running configuration. We will save this running configuration and write the changes using the following commands in privileged exec mode;

GATEWAY-ROUTER#
GATEWAY-ROUTER#copy running
GATEWAY-ROUTER#copy running-config st
GATEWAY-ROUTER#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
GATEWAY-ROUTER#write
Building configuration...
[OK]
GATEWAY-ROUTER#

That’s it. We have saved our configurations.

NB Cisco IOS CLI will allow you to use the TAB button to complete a given command.

That is the end of our lab. We have configured basic settings on a cisco router. We will do other configurations such as DHCP, Routing e.t.c in the coming labs.

bl4ckwidow

Co-Founder of Labing Overload. I am a Web Developer/Network Engineer turned CyberSecurity Engineer. FOSS enthusiast. Cisco Technologies enthusiast. Network Penetration Tester.

More Posts

2 Comments

  1. Pingback: Configuring Inter-VLAN Routing - Labing Overload
  2. Pingback: Configuring Basic DHCPv4 server on a Cisco Router - Labing Overload

Leave a Reply

Your email address will not be published. Required fields are marked *