Cisco Router Basic Configuration – We make basic adjustments to the initial setup of Cisco routers. These basic settings are simple and basic settings we made when we included the router in the network.
Cisco Router Basic Configuration
Cisco Router Basic Configuration
In the Cisco Router basic configuration process, if the Cisco router is turned on for the first time, you will be presented with the automatic setup screen. With this automated installation, you can also set the initial configuration of the Cisco router.
But personally, Cisco Router basic configuration with the Cisco CLI is more logical. Although this is a matter of preference, you can do this easily with the Cisco Router Security Manager (SDM).
Before starting the topic, we suggest to you read the topic called the “Cisco Router Modes” to get information.
Basic Cisco Commands
Let’s take a step-by-step look at the commands required for Cisco Router basic configuration.
Changing Cisco Router Hostname
The first step in Cisco Router basic configuration is to change the Cisco Router name. It does with hostname command. Depending on the network topology, you can specify the desired Router name.
R1# configure terminal
Giving Cisco Router Interface Ip Address
The second step in the Cisco Router basic configuration process is to give the Cisco router interface an Ip address. After selecting the interface to be configured, after entering a sub-line with the Enter key, the interface will enter the setting line. This line can also give the IP address using the Ip address command. And we need to use the no shutdown command to enable that interface.
You can browse the topic called the “Giving Cisco Router Ip Address” to give the Ip address to the Cisco Router.
No shutdown command opens the closed interface. If we want to close the interface, we only need to use the shutdown command.
ISTANBUL(config)#interface fastethernet 0/0
ISTANBUL(config-if)#ip address 192.168.8.1 255.255.255.0
Cisco Router Unauthorized Access Blocking and Password Determination
In the process of preventing Cisco Router unauthorized access and setting the Cisco Router password, it is necessary to take some precautions to prevent unauthorized access to the Router. For this measure, firstly, the physical security must be provided. The area in which Cisco routers and servers are hosted must be brought to a secure location. The second step is to specify passwords for malicious people trying to gain access to the router over the network.
The enable password “password” command is used to set the password on the Cisco router.
ISTANBUL(config)#enable password cisco123
After setting the password, share it with authorized people only. With the above commands, we set the password for the Cisco router. This password is used while switching from enable mode to privileged mode when connected to the router interface.
But this command has one security flaw. The password you specify appears as ClearText. The password will appear when you view the running configuration. You can see this in the image below.
In such a case, in the Cisco Router will be one security gap. For example, a staff member who structured the router in the IT department left the room for a minute or two after leaving the job. A malicious person can then log in and see the enable password here using the show running-config command on the router interface.
We have to add another command to overcome this situation.
With the enable password secret command, we can get over the event described above. Although these two commands are similar, their operation is different. When we give the Enable password, it appears as ClearText. But when we use the enable secret “password” command, the the enable password “password” command will automatically to be disabled.
Enable password secret komutu ile yukarıda anlatılan olayın üstesinden gelebiliriz. Bu iki komut birbirine benzemesine rağmen işleyişleri farklıdır. Enable parolasını verdiğimizde cleartext olarak gözükmektedir. However, if we use the enable secret “password” command, the enable password command will automatically be disabled. Our previous password will be disabled.
ISTANBUL(config)#enable secret cisco123456
Password: ⇒ I tried the cisco123 password here and it didn’t work.
Password: ⇒ Here the cisco123456 password was tried and successfully logged in.
To disable the Enable password command;
ISTANBUL(config)#no enable password
We have created a password with the enable secret command, and when we switch from user mode to privileged mode, we can log in with our new password.
The view in the running configuration of the enable secret “password” command is hidden. You can see this in the image below.
You can read “What is GNS3? and What Does GNS3 Do?” to have information about the GNS3 network simulator program…
Cisco Router Unauthorized Access Message
The purpose of adding an unauthorized access message to the Cisco Router, it is to give a message to a user trying to access the Cisco router. This message informs the user that it has unauthorized access and will not interfere with any settings on the router.
The Cisco Router unauthorized access message is generated by the banner motd # command. The # character you see in the command is used to specify the start and end of the message.
ISTANBUL(config)#banner motd # ⇒ # Press the Enter button after adding the # character.
Enter TEXT message. End with the character ‘#’.
***** WARNING ! ***** Unauthorized Access Prohibited ! *********
Once we have created our banner message, we return to the startup screen using the exit command in the Router interface, and the message that we created will appear. This message looks like the one below.
Turning Off Cisco Router CLI Notifications
Turning off Cisco Router CLI notifications is a way to turn off notification messages that prevent you from writing commands on the Router’s CLI screen when you are performing any configuration on the router. For example, if you turn off a FastEthernet interface and turn it on, it will notify you as shown below.
These notifications from the Cisco router cause confusion when making adjustments on the Router. These notifications have no effect on the commands. It only causes complexity.
We use the logging synchronous command to turn off these notifications on the Cisco router. This command may differ in Cisco IOS software. The logging synchronous command is implemented in global configuration mode.
Turning off Cisco Router Domain Finding
If an undesirable command is entered in the Cisco Router domain search termination user mode, the Cisco router tries to resolve it by sending it to the DNS server because it can not resolve this command. However, if there is no DNS server in the network environment, the DNS lookup takes a long time. In this case, it takes the user’s time. This feature can be turned off if not requested.
ISTANBUL(config)#no ip domain-lookup
We recommend to you read the “How to Install GNS3 on Windows 10?” to install the GNS3 network simulator program!
Cisco Router Console Connection
The Cisco Router console connection is typically used when the router is being set up for the first time. A single computer is sufficient for the router console connection. There is a cable between the Cisco equipment to make the Cisco router console connection. This cable is called Rollover cable. One end of the rollover cable has an RJ-45 connection while the other has a DB-9 connection.
This cable allows the Cisco router to connect to the Cisco Router console for the first configuration. The RJ-45 outlet attaches to the Cisco Router’s Console. The DB-9 is usually plugged into the serial port on the back panel of desktop computers. There are 2 types of DB-9 cable called male end and female end.
Rollover cable converters are also available. For example, the DB-9 can be transformed to a USB port and connected the laptop to the Cisco Router console.
After the above steps, let’s make the console connection for the initial configuration of the Cisco router.
ISTANBUL(config)#line console 0
If you want to connect the Cisco router again through the console, you will see the following image.
To enter privileged mode, the password specified in the console connection must be entered.
Cisco Router Telnet Connection
To make a Cisco Router telnet connection, telnet must be enabled by first making a console connection to the Cisco Router. The telnet connection is called VTY. After you enable the Telnet connection, the Cisco router can be connected to the network.
The Telnet connection is configured with the router vty 0 4 command in global configuration mode. 0, 4 represents the connected units. For example, another telnet connection can be made by making line vty 0 5. In a firm, separate connection units can be created and allocated to individual persons.
Cisco Router telnet connection;
ISTANBUL(config)#line vty 0 4
Once the Cisco Router telnet connection setting has been made, let’s make the telnet connection to the Cisco Router from any computer on the network using the Putty program.
After the Putty program is clear, type in the Cisco Router FastEthernet 0/0 IP address and select Telnet from the connection type options directly below. Then click the Open / Open button to connect.
To the Cisco router have done the telnet connection. As you can see there is a message for unauthorized access.Immediately below, it appears that a telnet connection has been made in the section of User Access Verification Access Validation. First, the password for the telnet connection is written. Then the user access mode password specified by the enable secret “password” command is entered.
The following message will appear in the Cisco router CLI interface.
*Mar 1 04:12:11.218: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.8.128)
If you do not know how to add Cisco IOS to the GNS3 program, you can browse the topic “Adding Cisco IOS to GNS3“
Cisco Router Password Encryption
The process of Cisco Router passwords encryption is to prevent viewing in the running-config all the configured passwords. We can do this with a single command. We can apply this command in global configuration mode by typing service password-encryption.
Cisco Router password encryption;
For example, we configured telnet above. When we look at the working configuration, we see our passwords. This is a false operation and also a security gap.
By encrypting passwords we have turned this security gap off.
Cisco Router Basic Configuration ⇒ Video
We have talked about the Cisco Router Basic Configuration process. These settings are available in more advanced settings with the default settings. Cisco Router basic configuration commands are the same as all router configuration commands. There are only minor changes due to the Cisco IOS versions.