Cisco
Cisco setup guides and tutorials

Routers
Cisco Router setup guides

Cisco 900 Series ISR Setup Guide (Basic Home or SMB Network)
This guide will help you configure your Cisco 900 Series ISR with the following features: 

 

 Three VLANs : Home, Guest, and IoT 

 Firewall Rules : Optimized for streaming and gaming 

 Traffic Prioritization : Using Quality of Service (QoS) 

 

 Prerequisites 

 

 Cisco 900 Series ISR : Ensure your router is powered on and connected to your network. 

 Access to Cisco Command Line Interface (CLI) : Use a terminal emulator (e.g., PuTTY) to access the router's CLI. 

 Basic Network Setup : Have an existing internet connection and basic understanding of Cisco CLI commands. 

 

 Step-by-Step Setup 

 Step 1: Access the Cisco CLI 

 

 Connect to the router using a console cable or via SSH. 

 Log in using your admin credentials. 

 

 Step 2: Configure VLANs 

 

 

 Enter Global Configuration Mode : 

 

 shell 

 enable

configure terminal

 

 

 

 

 Create VLANs for Home, Guest, and IoT. 

 

 

 Home VLAN 

 

 shell 

 vlan 10

 name Home

 

 

   

 Guest VLAN 

 

 shell 

 vlan 20

 name Guest

 

 

   

 IoT VLAN 

 

 shell 

 vlan 30

 name IoT  

 

   

 

 Assign VLANs to Interfaces :

 

 shell 

 interface GigabitEthernet0/1

switchport mode trunk

switchport trunk allowed vlan 10,20,30

 

 

 

 

 Step 3: Configure Sub-Interfaces and Assign IP Addresses 

 

 Create sub-interfaces for each VLAN on the WAN interface. 

 

 Home VLAN 

 

 shell 

 interface GigabitEthernet0/0.10

 encapsulation dot1Q 10

 ip address 192.168.10.1 255.255.255.0

 

 

   

 Guest VLAN 

 

 shell 

 interface GigabitEthernet0/0.20

 encapsulation dot1Q 20

 ip address 192.168.20.1 255.255.255.0

 

 

   

 IoT VLAN 

 

 shell 

 interface GigabitEthernet0/0.30

 encapsulation dot1Q 30

 ip address 192.168.30.1 255.255.255.0

 

 

 Step 4: Configure DHCP for Each VLAN 

 

 Enter DHCP Configuration for each VLAN. 

 

 Home VLAN DHCP 

 

 shell 

 ip dhcp pool HOME

 network 192.168.10.0 255.255.255.0

 default-router 192.168.10.1

 dns-server 8.8.8.8

 

 

   

 Guest VLAN DHCP 

 

 shell 

 ip dhcp pool GUEST

 network 192.168.20.0 255.255.255.0

 default-router 192.168.20.1

 dns-server 8.8.8.8

 

 

   

 IoT VLAN DHCP 

 

 shell 

 ip dhcp pool IOT

 network 192.168.30.0 255.255.255.0

 default-router 192.168.30.1

 dns-server 8.8.8.8

 

 

 Step 5: Configure Security and Firewall Rules 

 

 Create Access Control Lists (ACLs) to manage traffic. 

 

 Allow Traffic from Home to Internet 

 

 shell 

 ip access-list extended HOME_TO_INTERNET

 permit ip 192.168.10.0 0.0.0.255 any

 

 

   

 Allow Traffic from Guest to Internet 

 

 shell 

 ip access-list extended GUEST_TO_INTERNET

 permit ip 192.168.20.0 0.0.0.255 any

 

 

   

 Allow Traffic from IoT to Internet 

 

 shell 

 ip access-list extended IOT_TO_INTERNET

 permit ip 192.168.30.0 0.0.0.255 any

 

 

   

 Deny Traffic Between VLANs 

 

 shell 

 ip access-list extended DENY_INTERVLAN

 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255

 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255

 deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255

 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255  

 

   

 

 Apply ACLs to Interfaces :

 

 shell 

 interface GigabitEthernet0/0.10

ip access-group HOME_TO_INTERNET in

ip access-group DENY_INTERVLAN out

interface GigabitEthernet0/0.20

ip access-group GUEST_TO_INTERNET in

ip access-group DENY_INTERVLAN out

interface GigabitEthernet0/0.30

ip access-group IOT_TO_INTERNET in

ip access-group DENY_INTERVLAN out

 

 

 

 

 Step 6: Configure Traffic Prioritization (QoS) 

 

 Create a QoS Policy for gaming and streaming. 

 

 Create Class Maps for Gaming and Streaming 

 

 shell 

 class-map match-any STREAMING

 match protocol http

 match protocol rtsp

class-map match-any GAMING

 match protocol tcp

 match protocol udp

 

 

   

 

 Create Policy Maps to apply QoS. 

 

 

 shell 

 policy-map PRIORITY_POLICY

 class STREAMING

 set dscp af41

 class GAMING

 set dscp ef

 

 

   

 

 Apply the QoS Policy to Interfaces : 

 

 

 shell 

 interface GigabitEthernet0/0

 service-policy output PRIORITY_POLICY

 

 

 Step 7: Save Configuration and Test 

 

 

 Save your configuration : 

 

 shell 

 write memory

 

 

 

 

 Test the network : 

 

 Verify that devices on each VLAN receive the correct IP addresses. 

 Test internet connectivity from each VLAN. 

 Monitor QoS to ensure traffic prioritization is functioning correctly. 

 

 

 

 Additional Tips 

 

 Secure Access : Change default passwords and secure management access using SSH. 

 Regular Backups : Backup your configuration regularly to prevent data loss. 

 Firmware Updates : Keep your router's firmware updated for security and performance enhancements. 

 

 

 This guide provides a detailed setup for a Cisco 900 Series ISR, allowing you to manage multiple VLANs, optimize traffic for streaming and gaming, and secure your network. Adjust VLAN IDs, IP addresses, and firewall policies as needed to fit your specific requirements.