In networking it’s a must to learn Router configuration. This guide will help to catch all the important steps to be a professional when dealing with routers. So first what is a router? and what is router configuration means? in this article you will find the steps and commands you will need to configure a router.
What is a Router Role in Networking?
A router is an equipment, similar to a computer. Routers have CPU, Ram, NVRam, Flash memory, IOS (stands for the internetworking operating system), and other components. A Router is responsible for routing, meaning sending packets through different networks. and responsible for choosing the shortest path for delivering data packets through the internet and other Networks.
1. How to configure a Cisco router Paket Tracer simulation tool
We recommend using a Network simulation tool like Packet Tracer. Now let’s start the Router configuration. To Download Packet Tracer you just need to open an account on Cisco Website and Download the free tool to your machine.
2. What are the different modes in Cisco Router Configuration?
firs you need to open a new project in Packet Tracer, or if you’re using a real Router that will be the same.
1- Chose a router
2- open/click on the router and go to CLI.
3- type “no” to end the dialogue.
1. User execution Mode: router>
Called also User mode, like this Router> This is the first mode that appears when configuring a router. this is a limited mode for many monitoring commands.
Router>
2. Privileged mode: router#
You can enter this mode by typing “enable” in the command line, it’s like enabling the router configuration. This mode is special and it can be used for executing and configuring the router. Like saving, viewing configurations.
Router#
3. Global configuration mode: Router(config)#
type ” configure terminal” in the privileged mode. Now you enter the main configuration mode in a router. global mode affects the running configurations in a router. It can be used to set passwords, like encrypted password “Enable secret”, “enable password” and configuring routing, both static and dynamic.
Router(config)#
4. Specific configuration modes: Router(config-if)# / Router(config-router)#
There are many specific modes in a router, like an interface configuration mode, routing mode. and these are modes that allow you to make changes in specific features of a router. like interfaces, subinterfaces, routing, lines, etc.
Router(conifg-if)# Router(config-line)# Router(config-router)#
- To get out of a configuration mode, type exit in the command line.
3. How to change Router Name
The first thing you will need is to change the router name. To do this:
- Go to global configuration mode Router(config)#
- Type: hostname “RouterName”
- Now you will see the name is changed.
4. How to Configure Cisco Router Interfaces
When we say Interfaces we basically mean parts of the router that allow to link different types of cables and networking physical technologies. These can be serial ports, fiber optic ports, console ports, ethernet, etc. So what is the role of the router interface? Well, it’s to separate different networks. and to configure interfaces, you can do it like this:
- Enter the global configuration mode Router(config)#
- Type: int “InterfaceName PortNumer”
- Now you are in the interface configuration mode.
- Type: IP address “Ip Adress” “MaskAdress”
- Type: no shut-down
- type: exit to do the same for other interfaces if needed.
Router(config)# Router(config)# int "InterfaceName PortNumer" Router(config)# IP address "Ip Adress" "AdressMask"
5. How to configure Cisco Router Passwords
This how-to set up all different passwords for different modes in a router. This is an obligatory step to do when you first buy, or for every initial router configuration.
console 0 is the physical console port on the switch/router you plug into by a console cable.
A configuration console cable is a type of cable called also, a Rollover cable. contains an RG45 connector on one side and RS232 on the other side. some modern computers do not come with RS232 ports that why is there are other Adapter cables DB9 to solve this problem. Then you can use software like PuTTY to be able to configure the router.
one thing to encounter is, that setting up passwords is obligatory. because you’ll need them to access the router virtually using SSH protocol.
Setting up User Mode password in Router
– Placer dans le mode de configuration globale Router(config)#
- Go to global config mode.
- type: line console 0
- You will see that you moved to a new specific configuration mode: Router(config-line)#
- Type: password “your password”
- Type: login
Now if you move back t the user mode you will see that you have to use the password.
Encrypt the console password in Cisco Router
One thing to know in mind is that this is not a very secure method to protect router User execution mode, because by default the password it’s not encrypted. Meaning that if someone gets access to your router configuration file he will see in cleartext your password.
It’s possible to change the cleartext password to type 7 encryption. A type 7, encryption method is not powerful as MD5 because it can be decrypted. but anyway it’s better than plain text.
So How Can You Encrypt your password so that anyone will not be able to read it? You can do it like this:
Router(config)# enable secret "YourPassword" Router(config)# show run
Now go to see what changed in your configuration file, using: “show run” command in privileged mode, or you access this also in global conf mode by typing: “do show run”.
Search line con 0 and you will find it encrypted with type 7 encryption.
line con 0 password 7 08701E1D5D4C53
How to configure a password for Cisco Router Privileged mode
The Router privileged mode in a router is a special mode. it allows you to enter a bunch of commands like viewing configuration files and saving changes and so on.
You can set up a privileged mode password like this:
* Method 1 Not Encrypted (enable password):
- Go to global config mode. Router(config)#
- Type: enable password “YourPassword”
- Now you’re Rady to go.
Router(config)# enable password "YourPassword"
This method is not secure, Meaning the password is stored in cleartext. This is not recommended, But you can still encrypt the password using this command.
* Method 2 Encrypted (enable secret):
You can protect a router privileged mode, with a strongly encrypted password by using: enable secret command. This is a more powerful way to secure yourrouter. enable secret enables MD5 hashing algorithm, which makes the password more secure and strong.
MD5 hashing algorithm generates 32 hexadecimal characters. the power here is that Hashing can not be reverted it goes only in one way. MD5 was created by American professor Ron Rivest. Even he commented that Today MD5 it’s not very powerful. compared to other hashing algorithms like SHA256. but it’s still a great option for Routers.
Note: SHA means Secure Hash Algorithm SHA256 gives 64 Hexa Characters. By the way SHA1 it’s not more secure since 2005.
You can enable MD5 encrypted password for Privileged mode in a Router like this:
- Go to global mode: Router(config)#
- Type: Enable secret “YourPassword”
- Now you can view all the running configurations you made like this:
- type: show run, it just an abbreviation for “show running-config”
Router(config)# enable secret "YourPassword" Router(config)# show run
Now you will see something like this in your running conf file:
enable secret 5 “$1$mERr$H7PDxl7VYMqaD3id4jJVK/” means using MD5.
How to Delete enable password in Cisco router configuration:
You can delete the cleartext password (enable password) like this. Go to global configuration mode and type no enable password.
Router(config)# no enable password
How to Encrypt Cisco Router passwords (console mode & enable password):
After setting up your router passwords you can turn in into type 7 encryption
value using this command “service password-encryption”
- Go to your global conf mode: Router(config)#
- taper: service password-encryption
- Take a look at your configuration file. You will find all passwords encrypted.
- If a password was encrypted before the command then it’s not affected.
Router(config)# service password-encryption
Note: type 7 encryption is weak, and it can be decrypted easily you can decrypt it using online tools. but it is still better than cleartext.
Encrypt console mode with MD5 username/password:
Using this command you will enable username and password to console mode in a Cisco Router.
- Enter Global conf mode: Router(config)#
- Type: username “YourUsername” password “YourPassword”
- Type: line console 0
- Type: login local
Router(config)# username "YourUsername" password "YourPassword" Router(config)# line console 0 Router(config)# login local
Now go back to user Mode Router>. You will see that it is required to enter a username and password.
6. How to access Cisco router Remotely Telnet / SSH
Accessing a router in distance / remotely is useful to configure routers anytime, anywhere. But this requires a wired configuration to the router by a console cable in the first use. and from this initial configuration, you can activate the VTY lines (virtual lines for remote access). and the required steps are this:
- First set up a privileged mode password to the router. We recommend using enable secret method. If privileged mode is not set, then enable it like this:
Router(config)# enable secret "YourPassowrd"
Now you can start activating Virtual lines to be able to access your router virtually. but in fact, there is two way to do this. a non-secure way (telnet protocol ), and a secure one (ssh).
Access and configure Cisco router remotely using Telnet protocol
Network, technicians used to use the telnet CLI tool, but nowadays it’s rarely used. which is a CLI tool/Protocol created in 1969, means (Tele Network). telnet used to send command/connect to servers, routers and switches virtually, No cable needed. The Telnet protocol creates a communication path through a virtual terminal connection. uses TCP/IP.
Telnet is not secure it’s a text-oriented tool. It doesn’t encrypt data (uses Clear text). and this is the reason no one uses it these days. simply If someone listening, he can read all the data transferred. Hackers use (Man in The Middle attack) to access transferred data.
Using Telnet protocol to access Cisco router remotely :
First, what are VTY lines mean?. This term stands for “virtual teletype” and they are logical or we can say virtual ports that allow access to many networking devices. and these ports or lines are used with Telnet or SSH access. these ports don’t exist physically in the device.
To activate VTY lines: Write these commands after setting up privileged mode password:
Router(config)# line vty 0 4 Router(config-line)# password "YourPassword" Rouer(config-line)# login
Now if you go to a pc connected to the network with this router, You can access router configuration from a computer that doesn’t actually connect to the router with a console cable.
- Open Command prompt (CMD/terminal) on your PC, and type this command using your router interface IP address :
C:\> telnet "RouterInerfaceIPaddress"
Now you will be asked to enter user mode (console) Password then, the Privileged mode password.
If the Privileged mode password (enable secret “YourPasswdord”) is not set it will require you first to set it.
Note: Telnet protocol is not a practical way to configure a router because telnet uses Clear text data transmission.
So the data sent by telnet it’s not encrypted, that is why we use a more secure protocol called SSH.
Using SSH to access Cisco Router remotely :
SSH protocol is a more efficient way to configure servers and Network devices remotely. SSH means “Secure Shell”. and it is used by every network/server administrator today.
This protocol encrypts data before it sends it to the destination, router, server, etc.
First, you need to create a hostname. SSH uses hostname when generating encrypted data.
Router(config)# hostname "YourHostName"
Now you need to create a domain name for your router. This is something like a domain in the Active Directory in server administration.
Router(config)# ip domain-name "YourDomain.com"
Then you specify the type of encryption, there is RSA and DSA (RSA is better).
Router(config)# crypto key generate rsa
So now it will ask how long the key will be, better to choose 2048.
How many bits in the modulus [512]: 2048
The next step is to specify the SSH version. by choosing ssh version 2 you disable ssh version 1. which is less powerful than ssh version 2.
Router(config)# ip ssh version 2
Now you have to create a user account (username/password). and it is possible to create multiple user accounts.
Router(config)# username "YourUsername" secret "Passwd"
Finally, you have to activate virtual lines VTY. and enable transport through them. and the last command login local.
Router(config)# line vty 0 4 Router(config-line)# transport input ssh Router(config-line)# login local
We use “transport input ssh” to force these virtual ports/ VTY lines to accept only SSH protocol access. and if someone tries to access the router via Telnet it will probably get an error. some message like this will appear to him :
[Connection to 192.168.1.1 closed by foreign host]
Next step: Go to privileged mode and save all these changes. using command “wr”
Router# wr
Now open your connected PC terminal and type this command. “ssh -l hostname ipAddress”. username is the one you set before. followed by your ip interface address.
C:\> ssh -l “YourUsername” “RouterInterfaceIPaddress”
Now if all things are right, it will ask you to enter the password and you’re done.
7. Configure Routing in Cisco Router (Static/Dynamic)
# Routing is the main role of a router, it basically means connecting different networks.
# Routing allows the transmission of data packets around different networks. for example, if you send a message from a network host. routers then will redirect the packets into their destination using a routing protocol.
Static Routing in Cisco Routers :
Static routing means configuring routes of a router manually. In simple words, static routing means adding new networks and their paths (Next Hope) to the routing table. This is a great solution for a small number of networks. Second, it does not consume a lot of router resources (CPU, Memory).
However, it’s not a great solution for a large number of networks. Where dynamic routing works well.
How to configure static routing in a router: CLI Commands
– Go to configuration mode:
– Router(config)# ip route “IpAddress” “MaskAdress” “NextHope”
Router(config)# ip route "IpAddress" MaskAdress" NextHope"
we mean by next hope the gateway that packets should pass through in order to find a way to the destination. Meaning routers send packets between each other until the final router sends them to the destination.
Dynamic routing in Cisco Router :
Dynamic routing means configuring the router to route data packets automatically. In simple words, dynamic routing is giving charge to a router to take decisions on where to packets are sent over networks. so that packets can reach their destination as fast as possible.
How to configure dynamic routing in a router: CLI Commands
- Dynamic routing using: router rip
RIP means “Router Information Protocol” and is a protocol that allows you to configure a router to use dynamic routing. it uses Hop counted as a dynamic value to decide which path is the best path to send packets through.
Hop count shows how many routers are between the data source and destination. so the smaller the number the more data can arrive quickly.
– Go to global configuration mode:
– Router(config)# router rip
– Router(config-router)# network “NetworkAdress”
Add all networks related to that router interface. and make sure to add only the Network part of the address.
Then Do the same to all routers in the network.
Router(config)# router rip Router(config-router)# network "NetworkAddress"
- Dynamic Routing Using Eigrp protocol
Enhanced Interior Gateway Routing Protocol (EIGRP). This is a protocol created by Cisco. and the Goal for EIGRP is to learn the best root for any given subnet within the network. each router sends packets to the nearest neighbors, and so on. Meaning that OSPF (Open Shortest Path First) protocol builds a map of the network so that he can decide the best path. EIGRP simply sends data to the nearest router.
– Go to global configuration mode:
– Router(config)# router eigrp “YourIdNumber”
– Router(config-router)# network “network address” “@Mask”
IdNumber is what’s called an Autonomous system number. and it’s a number that identifies a collection of protocols in a network.
Router(config)# router eigrp 1000 Router(config-router)# network "networkAddress" "MaskAddress"
8. Config Banner (Messages) Commands in Cisco Router
The banner command allows showing a message to the user, like MOTD (which means: Message of the day.) or login message.
MOTD : (Message of the day).
– Go tho global configuration mode: and type:
Router(config)# banner motd “# YourMessage #”
Please make sure to start and end your msg with the same character. By efault we use #.
– Now If you type the command reload in the privileged mode the Router will restart and it will show the msg.
– Router# reload
Then type y and enter to save the changes first. By now if you enter the router you will see your messages pop up in the user Mode.
Router(config)# banner motd #YourMessage# Router# reload
Login Message :
The login message is a message you use to tell unauthorized users to access the router. but first, you have to set a password.
for example, if you enable the console line 0 password then if anyone didn’t have the right password, he will see this message.
– First, go to global configuration mode:
– Router(config)# banner login # YourMessage EX: Access Denied #
Always start and end with the same character, better to use hash #.
– Now you have to set up a password if you didn’t, you can enable one like this:
– Router(config)# line console 0
– Router(config)# password “YourPassword”
– Router(config)# login
Now go back to user mode and you will see the message.
Router(config)# banner login #YourMessage# Router(config)# line console 0 Router(config)# password "YourPassword" Router(config)# login