# Cisco

# Routers

Cisco Router setup guides

# Cisco 900 Series ISR Setup Guide (Basic Home or SMB Network)

This guide will help you configure your Cisco 900 Series ISR with the following features:

- **Three VLANs**: Home, Guest, and IoT
- **Firewall Rules**: Optimized for streaming and gaming
- **Traffic Prioritization**: Using Quality of Service (QoS)

### Prerequisites

1. **Cisco 900 Series ISR**: Ensure your router is powered on and connected to your network.
2. **Access to Cisco Command Line Interface (CLI)**: Use a terminal emulator (e.g., PuTTY) to access the router's CLI.
3. **Basic Network Setup**: Have an existing internet connection and basic understanding of Cisco CLI commands.

### Step-by-Step Setup

#### Step 1: Access the Cisco CLI

1. **Connect to the router** using a console cable or via SSH.
2. **Log in** using your admin credentials.

#### Step 2: Configure VLANs

1. **Enter Global Configuration Mode**:
    
    <div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`enableconfigure terminal`</div></div>
2. **Create VLANs** for Home, Guest, and IoT.

**Home VLAN**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-vlan-10-name-h"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`vlan 10 name Home`</div></div>**Guest VLAN**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-vlan-20-name-g"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`vlan 20 name Guest`</div></div>**IoT VLAN**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-vlan-30-name-i"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`vlan 30 name IoT `</div></div>3. **Assign VLANs to Interfaces**: <div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`interface GigabitEthernet0/1switchport mode trunkswitchport trunk allowed vlan 10,20,30`</div></div>

#### Step 3: Configure Sub-Interfaces and Assign IP Addresses

1. **Create sub-interfaces** for each VLAN on the WAN interface.

**Home VLAN**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-interface-giga"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0`</div></div>**Guest VLAN**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-interface-giga-1"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0`</div></div>**IoT VLAN**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-interface-giga-2"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 192.168.30.1 255.255.255.0`</div></div>#### Step 4: Configure DHCP for Each VLAN

1. **Enter DHCP Configuration** for each VLAN.

**Home VLAN DHCP**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-dhcp-pool-h"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip dhcp pool HOME network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 8.8.8.8`</div></div>**Guest VLAN DHCP**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-dhcp-pool-g"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip dhcp pool GUEST network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 dns-server 8.8.8.8`</div></div>**IoT VLAN DHCP**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-dhcp-pool-i"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip dhcp pool IOT network 192.168.30.0 255.255.255.0 default-router 192.168.30.1 dns-server 8.8.8.8`</div></div>#### Step 5: Configure Security and Firewall Rules

1. **Create Access Control Lists (ACLs)** to manage traffic.

**Allow Traffic from Home to Internet**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-access-list"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip access-list extended HOME_TO_INTERNET permit ip 192.168.10.0 0.0.0.255 any`</div></div>**Allow Traffic from Guest to Internet**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-access-list-1"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip access-list extended GUEST_TO_INTERNET permit ip 192.168.20.0 0.0.0.255 any`</div></div>**Allow Traffic from IoT to Internet**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-access-list-2"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip access-list extended IOT_TO_INTERNET permit ip 192.168.30.0 0.0.0.255 any`</div></div>**Deny Traffic Between VLANs**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-ip-access-list-3"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`ip access-list extended DENY_INTERVLAN deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255 `</div></div>2. **Apply ACLs to Interfaces**: <div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`interface GigabitEthernet0/0.10ip access-group HOME_TO_INTERNET inip access-group DENY_INTERVLAN outinterface GigabitEthernet0/0.20ip access-group GUEST_TO_INTERNET inip access-group DENY_INTERVLAN outinterface GigabitEthernet0/0.30ip access-group IOT_TO_INTERNET inip access-group DENY_INTERVLAN out`</div></div>

#### Step 6: Configure Traffic Prioritization (QoS)

1. **Create a QoS Policy** for gaming and streaming.

**Create Class Maps for Gaming and Streaming**

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-class-map-matc"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`class-map match-any STREAMING match protocol http match protocol rtspclass-map match-any GAMING match protocol tcp match protocol udp`</div></div>2. **Create Policy Maps** to apply QoS.

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-policy-map-pri"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`policy-map PRIORITY_POLICY class STREAMING  set dscp af41 class GAMING  set dscp ef`</div></div>3. **Apply the QoS Policy to Interfaces**:

<div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium" id="bkmrk-shell-interface-giga-3"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`interface GigabitEthernet0/0 service-policy output PRIORITY_POLICY`</div></div>#### Step 7: Save Configuration and Test

1. **Save your configuration**:
    
    <div class="dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium"><div class="flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md">shell</div><div class="overflow-y-auto p-4" dir="ltr">`write memory`</div></div>
2. **Test the network**:
    
    
    - Verify that devices on each VLAN receive the correct IP addresses.
    - Test internet connectivity from each VLAN.
    - Monitor QoS to ensure traffic prioritization is functioning correctly.

### Additional Tips

- **Secure Access**: Change default passwords and secure management access using SSH.
- **Regular Backups**: Backup your configuration regularly to prevent data loss.
- **Firmware Updates**: Keep your router's firmware updated for security and performance enhancements.

---

This guide provides a detailed setup for a Cisco 900 Series ISR, allowing you to manage multiple VLANs, optimize traffic for streaming and gaming, and secure your network. Adjust VLAN IDs, IP addresses, and firewall policies as needed to fit your specific requirements.