Cisco Basic Configuration Step by Step

The basic CLI modes that we will be referring to below are as follows:

Cisco IOS supports various command modes, among those followings are the main command modes.

  • User EXEC Mode
  • Privileged EXEC Mode
  • Global Configuration Mode
  • Interface Configuration Mode
  • Sub Interface Configuration Mode
  • Setup Mode
  • ROM Monitor Mode

Router>  <– User EXEC Mode
Router#  <– Privileged EXEC mode
Router(config)#  <– Global Configuration Mode
Router(config-if)# <– Interface Configuration Mode
Router(config-line)# <– Line Configuration Mode

Login banner

Router(config)#banner motd #Enter TEXT message.  End with the character '#'.
#Authorized users only, violaters will be shot on sight! #

Enable Secret Password:

Router# configure terminal  <– Privileged EXEC mode
Router(config)#  <– Global Configuration Mode

Router(config)# enable password“somestrongpassword”

Router(config)#  enable secret “somestrongpassword”

From now on, when you log in from user EXEC mode you will be asked for a password.

Both commands will set the password on privilege exec mode. The difference between these commands is the method of password storage. enable password command will store the password in plain text while enable secret command will store the password in encryption format.

Make sure the password-encryption service is turned on, which will encrypt the password, and when you do “sh run”, you’ll see only the encrypted password and not a clear-text password.

# service password-encryption

Configuration Modes :

line [ aux | console | tty | vty ] line-number

Example:Router(config)# line console 0

Enters line configuration mode, and specifies the type of line.

Enable Telnet Line Password

It is suggested also to configure a password for the Telnet Lines (VTY lines) which will secure your access when connecting via Telnet over the network.

Router(config)#  line vty 0 4
Router(config-line)# password “strongTelnetPass” 
Router(config-line)# login

Enable Console Port 

Router(config)#line console 0

Router(config-line)#password “strongConsolePass


Secure auxiliary port

Router(config)#line aux 0

Router(config-line)#password “strongAuxPass


Now we can generate the RSA key pair:

The switch or router should have RSA keys that it will use during the SSH process. So, generate these using the crypto command as shown below.

myswitch(config)# crypto key generate rsa
 The name for the keys will be:
 Choose the size of the key modulus in the range of 360 to 2048 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 1024
 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]


Router(config)#  hostname My-Router

Configure IPV4 addresses for Router Interfaces

My-Router(config)# interface GigabitEthernet 0/0
My-Router(config-if)# ip address
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

My-Router(config)# interface GigabitEthernet 0/1
My-Router(config-if)# ip address
My-Router(config-if)# no shutdown
My-Router(config-if)# exit

Configure IPV6 addresses for Router Interfaces

Pv6 Address Type Preferred Format Compressed Format
Unicast 2001:0:0:0:DB8:800:200C:417A 2001::DB8:800:200C:417A
Multicast FF01:0:0:0:0:0:0:101 FF01::101
Loopback 0:0:0:0:0:0:0:1 ::1
Unspecified 0:0:0:0:0:0:0:0 ::

The loopback address listed in the table above may be used by a node to send an IPv6 packet to itself. The loopback address in IPv6 functions the same as the loopback address in IPv4 (

Device(config)# interface gigabitethernet 0/0/0

Device(config-if)# ipv6 address FE80::260:3EFF:FE11:6770 link-local


R1(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64

Device(config-if)# ipv6 enable

Device(config)# ipv6 unicast-routing  !Enables the forwarding of IPv6 unicast datagrams.

Configure serial interface in the router

Router(config)#interface serial 0/0/0

Router(config-if)#description Connected to WAN Link

Router(config-if)#ip address

Router(config-if)#clock rate 64000  :DCE side only command. Assigns a clock rate for the interface

Router(config-if)#bandwidth 64

Router(config-if)#no shutdown

Disable automatic domain-lookup

By default, routers are configured to resolve every word that is not a command. It will first look in the static DNS table for an entry. If it fails to find an entry in the static DNS table, it will try with DNS server at address If you are not going to use a DNS server or hostname facility, it is better to turn this off. It will save you time because every incorrectly typed command will cost you a wait of a minute or two.

no ip domain-lookup : command is used to disable this feature.

Enable logging synchronous

Cisco IOS has a great security feature to secure the console line. It automatically logs out the ideal connection in 10 minutes.

You can disable this feature in the lab environment. exec-timeout 0 0 commands will disable this.

Saving Configuration

Router # copy running-config startup-config

You can display your current configuration to verify your settings as follows:

Router # show running-config

Erasing configuration in cisco router

Router # erase startup-config

Backing up router configuration to TFTP:

Router #enable
Router #copy running-config tftp
Address or name of remote host []?
Destination filename [PeteRouter-confg]? PeteRouter_Backup
7400 bytes copied in 0.548 secs (13504 bytes/sec)