Contact UsGet started

Installing a Cisco CSR 1000v virtual router

Written by
Updated at May 7, 2025

In Yandex Cloud, you can deploy a virtual router called Cisco Cloud Services Router (CSR) 1000v, based on a ready-to-use VM image.

To install the CSR 1000v and configure SSH access to it:

  1. Prepare your cloud.
  2. Create an SSH key pair.
  3. Create a VM with a Cisco Cloud Services Router.
  4. Set the host name for the router.
  5. Create a user with the administrative rights.
  6. Configure authentication using SSH keys.
  7. Check the SSH connection to the router.

If you no longer need the resources you created, delete them.

Before you begin

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Alert

When you use a Cisco CSR 1000v image without a license, the router throughput is limited to 100 Kbps. To remove the limit, install a license.

The cost of using a virtual router includes:

Create an SSH key pair

To connect to a VM over SSH, you need a key pair: the public key resides on the VM, and the private one is kept by the user. This method is more secure than connecting with login and password.

Note

SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.

Cisco Cloud Services Router (CSR) 1000v only supports keys generated using the RSA algorithm.

To create a key pair:

  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t rsa -b 2048

    After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. Keys are created in the ~/.ssh directory.

    The public part of the key will be saved in the <key_name>.pub file.

  1. Run cmd.exe or powershell.exe.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t rsa -b 2048

    After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. The keys are created in C:\Users\<username>\.ssh\ or C:\Users\<username>\ depending on the command-line interface.

    The public part of the key will be saved to a file named <key name>.pub.

Create keys using the PuTTY app:

  1. Download and install PuTTY.

  2. Add the folder with PuTTY to the PATH variable:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.

  3. Launch the PuTTYgen app.

  4. Select RSA for the type of pair to generate and set the length to 2048. Click Generate and move the cursor in the field above it until key creation is complete.

    ssh_generate_key

  5. In Key passphrase, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Do not share its key phrase with anyone.

  7. Save the key to a text file. To do this, copy the public key from the text field to a text file named id_rsa.pub. Please note that the key must be written as a single line (no returns or line breaks).

Warning

Save the private key in a secure location: you won't be able to connect to the VM without it.

Create a VM with a Cisco Cloud Services Router

  1. In the management console, select a folder where you want to create a VM with Cisco Cloud Services Router.
  2. Click Create resource and select Virtual machine.
  3. Enter a name for the VM, like cisco-router.
  4. Select an availability zone to place the VM in. If you don't know which availability zone you need, leave the default.
  5. Under Image/boot disk selection, go to the Cloud Marketplace tab and select the Cisco CSR image.
  6. Under Computing resources:
    • Choose a VM platform.
    • Specify the number of vCPUs and amount of RAM:
      • Platform: Intel Ice Lake.
      • Guaranteed vCPU share: 100%
      • vCPU: 2.
      • RAM: 4 GB.
  7. Under Network settings, select the network and subnet to connect the VM to. If there aren't any networks, create one:

    1. Select Create network.

    2. In the resulting window, enter a network name and folder to host the VM.

    3. (optional) To automatically create subnets, select the Create subnets option.

    4. Click Create.

      Each network must have at least one subnet. If there is no subnet, create one by selecting Add subnet.

  8. Under Public address, keep Auto to assign your VM a random external IP address from the Yandex Cloud pool, or select a static address from the list if you reserved one in advance.
  9. Enter the VM access information:
    • Enter the username in the Login field.
    • In the SSH key field, paste the contents of the previously generated public key file.
  10. Select Grant access to serial console.
  11. Click Create VM.

The VM may take several minutes to create. When the VM status changes to RUNNING, you can use the serial console.

Set the host name for the router

  1. In the management console, select the folder containing your VM.

  2. Select Compute Cloud.

  3. Select cisco-router from the VM list.

  4. Go to the Serial console tab and click Connect.

  5. Wait for the operating system to start up completely.

  6. Run the enable command to switch to privileged mode:

    cisco-router.ru-central1.internal>enable

  7. Enter the configuration mode and set the host name for the router:

    cisco-router.ru-central1.internal#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
cisco-router.ru-cent(config)#hostname cisco-router

    Make sure that the router name in the command line prompt changes to cisco-router.

Create a user with the administrative rights

Create a user with the administrative rights and password authentication disabled:

In the serial console, run the command:

cisco-router(config)#username test-user privilege 15

Configure authentication using SSH keys

  1. If your public SSH key is longer than 72 characters, split the key into chunks, 72 characters each. For this, in your computer terminal, run this command:

    fold -bw 72 <path_to_file_with_public key>

    This will output your public SSH key split into chunks, 72 characters in each.

  2. In the serial console, enable access to the VM over SSH:

    cisco-router(config)#aaa new-model
cisco-router(config)#ip ssh server algorithm authentication publickey
cisco-router(config)#ip ssh pubkey-chain

  3. Create a user named test-user and transmit, in the conf-ssh-pubkey-data mode, your public SSH key in chunks no longer than 72 characters, beginning with ssh-rsa and ending with the username:

    cisco-router(conf-ssh-pubkey)#username test-user
cisco-router(conf-ssh-pubkey-user)#key-string
cisco-router(conf-ssh-pubkey-data)#<public_key_string>
...
cisco-router(conf-ssh-pubkey-data)#<public_key_string>
cisco-router(conf-ssh-pubkey-data)#exit
cisco-router(conf-ssh-pubkey-user)#exit
cisco-router(conf-ssh-pubkey)#exit
cisco-router(config)#exit

  4. Make sure that the key is added:

    cisco-router#show run | beg ip ssh
ip ssh pubkey-chain
  username test-user
   key-hash ssh-rsa <key_hash> <username_assigned_this_key>
!
!
...

  5. Compare the SSH key hash on the router with the key hash on your computer:

    ssh-keygen -E md5 -lf <path_to_file_with_public_key>

  6. In the serial console, enter the password that enables the privileged mode:

    cisco-router#configure terminal
cisco-router(config)#enable secret <password>

Check the SSH connection to the router

  1. Log in to the router via SSH. For this, in your computer terminal, run this command:

    ssh -i <path_to_file_with_private_key> test-user@<public_IP_of_router>

    If everything is configured correctly, you will log in to the router under test-user. If the connection is not established, make sure that the router is configured correctly in the serial console: the aaa new-model command was run, the key hashes are the same on your computer and the router, and password authorization for the test user is disabled. If you can't find the problem, repeat the previous steps.

  2. Enter the enable command and password. If everything is configured correctly, you can configure the router.

How to delete created resources

To stop paying for the resources created:

  • Delete the VM.
  • Delete the static public IP if you reserved one.
Previous
Terraform
Next
Installing a Mikrotik CHR virtual router