Cisco IOS Router Basic Configuration

In this lesson, you will learn how to create a basic configuration for a Cisco IOS router. If you are completely new to the Cisco CLI, you might want to look at our Introduction to Cisco IOS CLI lesson first.

Integrated Services Routers

Most networking vendors, including Cisco have different router models. Cisco offers routers for small branch offices with only a few users, up to very large routers that are used in data centers.

If you are new to networking, you will probably start with some of the smaller routers. Cisco has the integrated services routers which are routers but these devices also offer some other services like wireless or Voice over IP.

Here’s a picture of the 1800, 2800 and 3800 series Cisco routers:

cisco integrated services routers

These routers are not the newest models but are still very popular and used often in home labs. Here’s a closer look of one of the 2800 series routers:

cisco isr router 2800 back

Above you can see:

  • 1x USB port.
  • 2x FastEthernet interfaces.
  • 1x console port.
  • 1x AUX port.
  • 1x Flash memory slot.
  • 4x WIC slots.

These WIC slots can be used to add certain cards. For example, DSL modems, serial interfaces, wireless access points and so on. Here’s an example of a WIC module for a serial interface:

We will be using this serial interface in our example.

Configuration

Let’s see if we can configure a 2800 router. First we will connect our blue Cisco console cable to our router and start Putty so that we can connect to the router:

putty serial console options

Make sure you select “Serial line” and set the speed at 9600. The COM port might be different for you, especially if you are using a USB to Serial adapter. Make sure to check this number in the Windows device manager.

First Boot

Once you are connected to the console port and switch on the power, you will see something like this:

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.

Initializing memory for ECC
...
c2811 platform with 786432 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC enabled


Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xcb80

program load complete, entry point: 0x8000f000, size: 0x40c7678

When the router starts, it first initializes ROMMON. This is a bit similar to the BIOS of a computer. It allows the router to perform some basic functions like loading the IOS operating system, which occurs next:

Self decompressing the image : ############################################################################################################################################################################################################################################################################################################################################################################################################################# [OK]

Once the operating system is decompressed, you will be greeted with Cisco’s copyright information:

Smart Init is disabled. IOMEM set to: 5  

Using iomem percentage: 5

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 24-Mar-15 09:00 by prod_rel_team


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

And you will see some basic information about the router:

Installed image archive
Cisco 2811 (revision 1.0) with 747520K/38912K bytes of memory.
Processor board ID FTX1145A0XN
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
3906504K bytes of ATA CompactFlash (Read/Write)

Above we can see that this is a Cisco 2811 router which has 2 FastEthernet interfaces and 2 Serial interfaces. It also tells us how much RAM this router has and how big the compact flash memory is.

Finally, the router asks us if we want to start the initial configuration dialog:

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no 

Let’s enter no and continue. We will configure everything ourselves.

The system configuration message above will only appear if your router has no startup configuration.

The final message is:

Press RETURN to get started!

At the bottom of the console, you will see this line:

Router>

This means we are in user mode.

Erase Startup Configuration

The first thing we’ll do, just to be sure is remove the startup configuration so that we can start with a clean slate.

Let’s enter enable mode:

Router>enable
If your router asks you for a password and you have no idea what it is, you will have to perform a password recovery.

Let’s erase the startup configuration:

Router#erase startup-config 
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete

And reload the router so that we start with a blank configuration:

Router#reload

System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]

It might take a few minutes for the router to reload. Once it’s ready, head back to privileged mode by typing enable and we will continue.

Interfaces

Routers have an IP address on each interface that they have. Let’s say that we want to configure for the following scenario:

h1 r1 leased line

Above you can see that R1 is connected to H1 on its FastEthernet 0/0 interface, it should use IP address 192.168.1.254 and the subnet mask is 255.255.255.0 (/24). It’s also connected to a leased line using its Serial 0/0/0 interface.

Here’s how you can see all interfaces on our router:

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
Serial0/0/0                unassigned      YES unset  administratively down down    
Serial0/1/0                unassigned      YES unset  administratively down down

Above you can see the four interfaces that this router has. It also tells us:

  • IP-Address: if the interface has an IP address or not.
  • OK: whether the interface is performing correctly or not.
  • Method: how the IP address is configured. For example, we can configure an IP address manually or through DHCP.
  • Status: this tells us if the interface is active or not.
  • Protocol: this tells us if the protocol that the interface is using is working or not.
All router interfaces are disabled by default. Administratively down means that the interface has a shutdown command.

We can also take a closer look at any of these interfaces like this:

Router#show interfaces FastEthernet 0/0
FastEthernet0/0 is administratively down, line protocol is down 
  Hardware is MV96340 Ethernet, address is 001d.a18b.36d0 (bia 001d.a18b.36d0)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     29 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Above we can see that the FastEthernet 0/0 interface is currently not in use. Let’s see if we can configure this interface.

First, open the configuration mode:

Router#configure terminal 

Now go to the interface, add an IP address and enable it:

Router(config)#interface FastEthernet 0/0
Router(config-if)#ip address 192.168.1.254 255.255.255.0
Router(config-if)#no shutdown

This interface is now active.

We also have a serial interface. As explained in the introduction to WANs lesson, a serial interface might require a clock rate. If you connect two routers back-to-back with serial links then the DCE side requires a clock rate. Let’s see if this is the case:

Router#show controllers Serial 0/0/0
CD2430 Slot 1, Port 0, Controller 0, Channel 0, Revision 19
Channel mode is synchronous serial 
idb 0x498B25D8, buffer size 1524, V.35 DCE cable

Above you can see that this router is the DCE so we will have to set a clock rate.

Router(config)#interface Serial0/0/0
Router(config-if)#clock rate 12800

We can use the same command to verify that the clock rate has been configured:

Router#show controllers Serial 0/0/0
CD2430 Slot 1, Port 0, Controller 0, Channel 0, Revision 19
Channel mode is synchronous serial 
idb 0x498B25D8, buffer size 1524, V.35 DCE cable, clockrate 128000

Now we can continue by setting an IP address and enabling the interface:

Router(config)#interface Serial 0/0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 192.168.12.1 255.255.255.0

Our router should now have two active interfaces. Let’s verify that:

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.254   YES manual up                    up      
FastEthernet0/1            unassigned      YES unset  administratively down down    
Serial0/0/0                192.168.12.1    YES manual up                    up      
Serial0/1/0                unassigned      YES unset  administratively down down

An alternative command that gives you a similar result is the show protocols command:

Router#show protocols
Global values:
  Internet Protocol routing is enabled
FastEthernet0/0 is up, line protocol is up
  Internet address is 192.168.1.254/24
FastEthernet0/1 is administratively down, line protocol is down
Serial0/0/0 is up, line protocol is up
  Internet address is 192.168.12.1/24
Serial0/1/0 is administratively down, line protocol is down

This router now has two active interfaces with IP addresses. In other lessons, we’ll look at how it can route packets from one interface to another.

Conclusion

You have now learned what the boot process of a Cisco IOS router looks like and how to erase the startup configuration so that you can start with a blank configuration. We have also seen how to check what interfaces this router has, and how to configure IP addresses on each interface. You have also seen how you can check if your serial interface is the DCE or DTE side and how to set a clock rate.

Forum Replies

  1. Thank you Rene I understand the concept of “login” and “login local” but my question about password encryption let me explain to you my question in another way:
    login local refers to a local database on the router or switch with usernames / passwords as you said but the password possible to be encrypted or not if I configure it in plain text how can I change it to encrypted Text or vice versa ,
    this is my question?

    *when I try to change it this message appears to me :

    SW3(config)#us hussein pa 121212
    ERROR: Can not have both a user password and a user secret.
    ... Continue reading in our forum

  2. Hi Hussein,

    Now I understand your question :slight_smile:

    There are two methods:

    1. username hussein password cisco123

    If you do it like this, then it will be saved in the configuration in clear text.

    1. username hussein secret cisco123

    If you use “secret” then it will create a MD5 hash of your password.

    You can’t have a “password” and “secret” at the same time for one user account so you are getting this error because you probably already configured a secret for your username. Remove it first and then you can set a password.

    It’s also possible to encrypt all plaintext passwor

    ... Continue reading in our forum

  3. We will need more information. What IP are you trying to reach on the switch? Is this IP an SVI or assigned to a physical interface? What IP are you making the connection from? What are the details of your access-list 23? Have you tried making your connection on the same subnet as the IP to which you are trying to connect? When say it is refusing the connection, is the port open, but actively rejecting your attempt, or you get no response at all? If you are using SSH, I assume you have done a crypto key generate rsa?

28 more replies! Ask a question or join the discussion by visiting our Community Forum