Create a practice lab as shown in following figure

Access CLI prompt of router

Cisco IOS supports various command modes, among those followings are the main
command modes.

• User EXEC Mode

• Privileged EXEC Mode
• Global Configuration Mode
• Interface Configuration Mode
• Sub Interface Configuration Mode
• Setup Mode
• ROM Monitor Mode

Following table lists essential commands to navigate between different IOS modes.
Mode Prompt Command to enter Command to exit
User EXEC Router > Default mode after booting. Login with password, if Use exit command
configured.
Privileged EXEC Router # Use enable command from user exec mode Use exit command
Global Router(config)# Use configure terminal command from privileged exec Use exit command
Configuration mode
Interface Router(config-if)# Use interface type number command from global Use exit command to re
Configuration configuration mode configuration mode
Sub-Interface Router(config-subif) Use interface type sub interface number command from Use exit to return previo
Configuration global configuration mode or interface configure mode Use end command to re
mode.
Setup Parameter[Parameter Router will automatically insert in this mode if running Press CTRL+C to abort. T
value]: configuration is not present configuration, or no to e
asked in the end of setu
ROMMON ROMMON > Enter reload command from privileged exec mode. Use exit command.
Press CTRL + C key combination during the first 60
seconds of booting process
• IOS commands are not case sensitive; you can enter them in uppercase,
lowercase, or mixed case.
• Password is case sensitive. Make sure you type it in correct case.
• In any mode, you can obtain a list of commands available on that mode by
entering a question mark (?).
• Standard order of accessing mode is
User Exec mode => Privileged Exec mode => Global Configuration mode =>
Interface Configuration mode => Sub Interface Configuration mode
• Router will enter in setup mode only if it fails to load a valid running configuration.
• Router will enter in ROMMON mode only if it fails to load a valid IOS image file.
• You can manually enter in ROMMON mode for diagnostics purpose.

Enter in global configuration mode to execute following commands.

Change default router name

By default Router name is configured on routers. We can configure any desired name on
router. hostname command will change the name of router. For example following
command will assign LAB1 name to the router.
Configure password on cisco router
Router is a critical device of network. It supports multiple lines for connection. We need
to secure each line [port].

Secure console port

Command Description
Router(config)#line console 0 Move in console line mode
Router(config-line)#password console Set console line password to CNN
Router(config-line)#login Enable password authentication for conso
Secure auxiliary port

Auxiliary port provides remote access to router. You can attach modem in this port. Not
all devices support this port. If your router supports this port use following commands to
secure it.

Command Description
Router(config)#line aux 0 Move into auxiliary line mode
Router(config-line)#password AUXCNN Set auxiliary line mode password to AU
Router(config-line)#login Enable auxiliary line mode password
Enable telnet access on cisco router
Depending on the model number and IOS software version router may supports various
number of VTY connections range from 5 to 1000. VTY is the standard name for telnet
and SSH connection. By default only first five VTYs connections are enabled. But you
cannot connect them. When you try to connect them remotely you will get following
message

Password required but none set

This message indicates that password is not set on VTY lines. Password is required to
connect VTYs. Following commands set password to TELCNN on VTYs line.

Command Description
Router(config)#line vty 0 4 Move into all five VTYs line
Router(config-line)#password TELCNN Set password to TELCNN on all five
Router(config-line)#login Configure VTYs to accept telnet conn
In above example we set password on all five lines collectively but you can do this
separately if you need different passwords for different lines. Steps will be same.

• line vty [line number] command will move into that specific line.
• password [password] command will assign the desired password.
• login command will enable that line to accept the connection.

Secure privilege exec mode with password

Along with access lines we can also secure privilege exec mode with password. We have
two commands to configure the password.

• Switch(config)# enable password Privilege_EXEC_password

• Switch(config)# enable secret Privilege_EXEC_password

Both commands will set the password on privilege exec mode. Difference between these
commands is the method of password storage. enable password command will store
password in plain text while enable secret command will store password in encryption
format.

Login banner

We can configure two types of banner on routers; MOTD banner and Exec banner.
banner exec command is not available in packet tracer. You can practice with banner
motd command. Both commands work in same manner. Only the difference between
these commands is the place of display. MOTD banner will display before the login. An
EXEC banner will display after the authentication process and before the exec mode.

Both commands use delimiting character to specify the starting and ending of message.
It means command parser will terminate the message on delimiting character instead of
the Enter key. This feature allows us to span the message in multiple lines.

Configure clock time zone

Router allows us to localize the time zone. Following command will set time zone to +5
hour of EST [Eastern Standard Time].

Router(config)#clock timezone EST 05

Assign hostname to IP Address

Hostname are easy to remember. We can use host name instead of their IP address while
connecting with remote address. Router resolves IP address to hostname in two ways:
static and dynamic.

In static method we have to assign hostname to IP address.

In dynamic method we have to configure an external DNS server and need to configure
its IP address on router.

show hosts command will display the currently configured hosts with their IP addresses.
Following figure illustrate an example of static entry for hostname.
Disable automatic domain lookup

By default routers are configured to resolve every word that is not a command. It will first
look in static DNS table for an entry. If it fails to find an entry in static DNS table, it will try
with DNS server at address 255.255.255.255. If you are not going to use DNS server or
hostname facility, it is better to turn this off. It will save your time because every incorrectly
typed command will cost you a wait of minute or two.

no ip domain-lookup command is used to disable this feature.

Enable logging synchronous

Whenever IOS has any kind of notification, it will display that on command prompt. It fines
until prompt is free. What if you are typing a command and notification line appears in the
middle of the command? This is really annoying. Luckily we can stop this
behavior. logging synchronous command will enable synchronization at command
prompt.
After this if IOS has anything to display it will move prompt and your typed command in
next line. Notification will not insert in the middle of command. If you continue typing, the
command will execute properly, even though it looks wrong at prompt.

Disable auto logout from console line

Cisco IOS has a great security feature to secure the console line. It automatically logs out
ideal connection in 10 minutes. You can disable this feature in lab environment. exec-
timeout 0 0 command will disable this.

Never use this command in real world. It could create security risk to your network.

Configure serial interface in router

Serial interface is used to connect wan network. Following command will configure serial
0/0/0 interface.

Command Description
Router(config)#interface serial 0/0/0 Enter into serial interface 0/0/0 configuration m
Router(config-if)#description Connected to bhilwara Optional command. It set description on interfa
Router(config-if)#ip address 10.0.0.1 255.0.0.0 Assigns address and subnet mask to interface
Router(config-if)#clock rate 64000 DCE side only command. Assigns a clock rate
Router(config-if)#bandwidth 64 DCE side only command. Set bandwidth for th
Router(config-if)#no shutdown Turns interface on
Serial cable is used to connect serial interfaces. One end of serial cable is DCE while
other end is DTE. You only need to provide clock rate and bandwidth in DCE side.

Configure FastEthernet Interface in router

{module in_art_slot_8}
Usually FastEthernet connects local network with router. Following commands will
configure FastEhternet 0/0 interface.

Command
Router(config)#interface fastethernet 0/0
Router(config-if)#description Development department
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Disable router interface
Description
Enter into the FastEthernet 0/0 interfa
This command is optional. It will set d
Assigns address and subnet mask to in
Turns interface on. All interfaces are

By default all interface are administratively down on startup. We should also follow this
rule.

For security reason, we should always disable unused interface on router. shutdown
command is used to disable the interface.

Saving running configuration in cisco router

Router keeps configuration in RAM. All settings that we have made in this article will erase
once the router reboot. To preserve this configuration after reboot we must have to save
this. Following command will save running configuration in NVRAM.

Erasing configuration in cisco router

We have done our practice now make it available for next round of practice. As we know
that routers load configuration file from NVRAM in startup.
At the end of startup it takes configuration file from NVRAM and parse it RAM. We need
to erase this configuration file from NVRAM to remove configuration. Following command
will delete configuration file from NVRAM.