Contact UsGet started

Installing the Cisco CSR 1000v virtual router

Written by
Updated at May 7, 2025

In Yandex Cloud, you can deploy the Cisco Cloud Services Router (CSR) 1000v on a ready-made VM image.

To install the CSR 1000v and configure SSH access to it:

  1. Get your cloud ready.
  2. Create an SSH key pair.
  3. Create a VM with the Cisco Cloud Services Router.
  4. Set the host name for the router.
  5. Create a user with administrator privileges.
  6. Configure authentication using SSH keys.
  7. Check the SSH connection to the router.

If you no longer need the resources you created, delete them.

Getting started

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Alert

When using a Cisco CSR 1000v image without a license, the router throughput is limited to 100 Kbps. To remove this limitation, install a license.

The cost of using a virtual router includes:

Create an SSH key pair

To connect to a VM over SSH, you need a key pair: the public key resides on the VM, and the private one is kept by the user. This method is more secure than connecting with login and password.

Note

SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.

Cisco Cloud Services Router (CSR) 1000v only supports keys generated using the RSA algorithm.

To create a key pair:

  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t rsa -b 2048

    After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. Keys are created in the ~/.ssh directory.

    The public part of the key will be saved in the <key_name>.pub file.

  1. Run cmd.exe or powershell.exe.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t rsa -b 2048

    After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is id_rsa. The keys are created in C:\Users\<username>\.ssh\ or C:\Users\<username>\ depending on the command-line interface.

    The public part of the key will be saved to a file named <key name>.pub.

Create keys using the PuTTY app:

  1. Download and install PuTTY.

  2. Add the folder with PuTTY to the PATH variable:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.

  3. Launch the PuTTYgen app.

  4. Select RSA for the type of pair to generate and set the length to 2048. Click Generate and move the cursor in the field above it until key creation is complete.

    ssh_generate_key

  5. In Key passphrase, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Do not share its key phrase with anyone.

  7. Save the key to a text file. To do this, copy the public key from the text field to a text file named id_rsa.pub. Please note that the key must be written as a single line (no returns or line breaks).

Warning

Save the private key in a secure location, as you will not be able to connect to the VM without it.

Create a VM with the Cisco Cloud Services Router

  1. On the folder page in the management console, click Create resource and select Virtual machine instance.

  2. Under Boot disk image, in the Product search field, enter Cisco CSR and select a Cisco CSR public image.

  3. Under Location, select an availability zone to create your VM in. If you do not know which availability zone you need, leave the default one.

  4. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and the amount of RAM:

    • Platform: Intel Ice Lake
    • vCPU: 2
    • Guaranteed vCPU performance: 100%
    • RAM: 4 GB

  5. Under Network settings:

    • In the Subnet field, select the network and subnet to connect your VM to. If the required network or subnet is not listed, create it.
    • Under Public IP address, keep Auto to assign your VM a random external IP address from the Yandex Cloud pool, or select a static address from the list if you reserved one in advance.

  6. Under Access, select SSH key and specify the VM access credentials:

    • Under Login, enter a username. Do not use root or other names reserved by the OS. To perform operations requiring superuser privileges, use the sudo command.

    • In the SSH key field, select the SSH key saved in your organization user profile.

      If there are no saved SSH keys in your profile, or you want to add a new key:

      • Click Add key.
      • Enter a name for the SSH key.
      • Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
      • Click Add.

      The SSH key will be added to your organization user profile.

      If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.

  7. Under General information, specify the VM name: cisco-router.

  8. Under Additional, disable Access to serial console.

  9. Click Create VM.

It may take a few minutes to create your VM. When the VM status changes to RUNNING, you can use the serial console.

Set the host name for the router

  1. In the management console, select the folder containing your VM.

  2. Select Compute Cloud.

  3. In the VM list, select cisco-router.

  4. Go to the Serial console tab and click Connect.

  5. Wait for the operating system to start up completely.

  6. To switch to privileged mode, run the enable command in the serial console:

    cisco-router.ru-central1.internal>enable

  7. Enter configuration mode and set the host name for the router:

    cisco-router.ru-central1.internal#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
cisco-router.ru-cent(config)#hostname cisco-router

    The router name at the beginning of the command line should change to cisco-router.

Create a user with administrator privileges

Create a user with administrator privileges and password authentication disabled:

In the serial console, run this command:

cisco-router(config)#username test-user privilege 15

Configure authentication using SSH keys

  1. If your public SSH key is longer than 72 characters, split it into chunks of 72 characters each by running this command in your computer terminal:

    fold -bw 72 <public_key_file_path>

    This will output your public SSH key split into chunks, 72 characters in each.

  2. In the serial console, enable access to the VM over SSH:

    cisco-router(config)#aaa new-model
cisco-router(config)#ip ssh server algorithm authentication publickey 
cisco-router(config)#ip ssh pubkey-chain

  3. Create a user named test-user and, in conf-ssh-pubkey-data mode, provide your public SSH key in chunks no longer than 72 characters, beginning with ssh-rsa and ending with the username:

    cisco-router(conf-ssh-pubkey)#username test-user
cisco-router(conf-ssh-pubkey-user)#key-string
cisco-router(conf-ssh-pubkey-data)#<public_key_row>
...
cisco-router(conf-ssh-pubkey-data)#<public_key_row>
cisco-router(conf-ssh-pubkey-data)#exit
cisco-router(conf-ssh-pubkey-user)#exit
cisco-router(conf-ssh-pubkey)#exit
cisco-router(config)#exit

  4. Make sure that the key is added:

    cisco-router#show run | beg ip ssh
ip ssh pubkey-chain
  username test-user
   key-hash ssh-rsa <key_hash> <username_associated_with_this_key>
!
!
...

  5. Compare the SSH key hash on the router with the key hash on your computer:

    ssh-keygen -E md5 -lf <public_key_file_path>

  6. In the serial console, enter the password that enables the privileged mode:

    cisco-router#configure terminal
cisco-router(config)#enable secret <password>

Check the SSH connection to the router

  1. Log in to the router via SSH by running this command in your computer terminal:

    ssh -i <private_key_file_path> test-user@<router_public_IP_address>

    If the configuration is correct, you will log in to the router as test-user. If these actions produce no connection, make sure the router configuration is correct in the serial console, i.e., check whether you ran the aaa new-model command, the key hashes are identical on your computer and the router, and password authorization is disabled for the test user. If still unable to locate the issue, repeat the previous steps.

  2. Enter the enable command and password. If the configuration is correct, you can proceed to configuring the router.

How to delete the resources you created

To stop paying for the resources you created:

  • Delete the VM.
  • Delete the static public IP if you reserved one.
Previous
SGW solution by the Yandex Cloud architect team
Next
Installing the Mikrotik CHR virtual router