Installing a Cisco CSR 1000v virtual router
In Yandex Cloud, you can deploy a virtual router called Cisco Cloud Services Router (CSR) 1000v, based on a ready-made VM image.
To install the CSR 1000v and configure SSH access to it:
- Prepare your cloud.
- Create an SSH key pair.
- Create a VM with a Cisco Cloud Services Router.
- Set the host name for the router.
- Create a user with the administrative rights.
- Configure authentication using SSH keys.
- Check the SSH connection to the router.
If you no longer need the resources you created, delete them.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
Alert
If using a Cisco CSR 1000v image without a license, the router throughput is limited to 100 kbps. To remove this limit, install a license
The cost of using a virtual router includes:
- Fee for a disk and a continuously running VM (see Yandex Compute Cloud pricing).
- Fee for using a dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
Create an SSH key pair
To connect to a VM over SSH, you need a key pair: the public key resides on the VM, and the private one is kept by the user. This method is more secure than connecting with login and password.
Note
SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.
Cisco Cloud Services Router (CSR) 1000v only supports keys generated using the RSA algorithm.
To create a key pair:
-
Open the terminal.
-
Use the
ssh-keygen
command to create a new key:ssh-keygen -t rsa -b 2048
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is
id_rsa
. Keys are created in the~/.ssh
directory.The public part of the key will be saved to the
<key_name>.pub
file.
-
Run
cmd.exe
orpowershell.exe
. -
Use the
ssh-keygen
command to create a new key:ssh-keygen -t rsa -b 2048
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is
id_rsa
. The keys are created inC:\Users\<username>\.ssh\
orC:\Users\<username>\
depending on the command-line interface.The public part of the key will be saved to a file named
<key name>.pub
.
Create keys using the PuTTY app:
-
Download
and install PuTTY. -
Make sure that the directory where you installed PuTTY is included in
PATH
:- Right-click My computer. Click Properties.
- In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
- Under System variables, find
PATH
and click Edit. - In the Variable value field, append the path to the directory where you installed PuTTY.
-
Launch the PuTTYgen app.
-
Select RSA for the type of pair to generate and set the length to 2048. Click Generate and move the cursor in the field above it until key creation is complete.
-
In Key passphrase, enter a strong password. Enter it again in the field below.
-
Click Save private key and save the private key. Do not share its key phrase with anyone.
-
Save the key to a text file. To do this, copy the public key from the text field to a text file with the name
id_rsa.pub
. Please note that the key must be written as a single line (no returns or line breaks).
Warning
Save the private key in a secure location, as you will not be able to connect to the VM without it.
Create a VM with a Cisco Cloud Services Router
- In the management console
, select a folder where you want to create a VM with Cisco Cloud Services Router. - Click Create resource and select the Virtual machine instance option.
- Enter a name for the VM, e.g.,
cisco-router
. - Select an availability zone to place your VM in. If you do not know which availability zone you need, leave the default one.
- Under Boot disk image, go to the Marketplace tab and select the Cisco CSR.
- Under Computing resources:
- Choose a VM platform.
- Specify the required number of vCPUs and the amount of RAM:
- Platform:
Intel Ice Lake
- vCPU:
2
- Guaranteed vCPU performance:
100%
- RAM:
4 GB
- Platform:
- Under Network settings, select the network and subnet to connect the VM to. If there are no networks available, create one:
-
Select
Create network. -
In the window that opens, specify the network name and the folder to host the VM.
-
(Optional) To automatically create subnets, select the Create subnets option.
-
Click Create network.
Each network must have at least one subnet. If there is no subnet available, create one by selecting
Create subnet. -
Under Public IP, keep
Auto
to assign your VM a random external IP address from the Yandex Cloud pool, or select a static address from the list if you reserved one in advance.
-
- Under Access, specify the information required to access the instance:
- Enter the username in the Login field.
- In the SSH key field, paste the contents of the previously generated public key file.
- In the Advanced field, select Access to serial console.
- Click Create VM.
It may take a few minutes to create the VM. When the VM status changes to RUNNING
, you can use the serial console.
Set the host name for the router
-
In the management console
, select the folder containing your VM. -
Select Compute Cloud.
-
Select
cisco-router
from the VM list. -
Go to the
Serial console tab and click Connect. -
Wait for the operating system to start up completely.
-
Run the
enable
command to switch to privileged mode:cisco-router.ru-central1.internal>enable
-
Enter the configuration mode and set the host name for the router:
cisco-router.ru-central1.internal#configure terminal Enter configuration commands, one per line. End with CNTL/Z. cisco-router.ru-cent(config)#hostname cisco-router
The router name at the beginning of the command line should change to
cisco-router
.
Create a user with the administrative rights
Create a user with the administrative rights and password authentication disabled:
In the serial console, run this command:
cisco-router(config)#username test-user privilege 15
Configure authentication using SSH keys
-
If your public SSH key is longer than 72 characters, split it into chunks of 72 characters each by running this command in your computer terminal:
fold -bw 72 <path_to_file_with_public_key>
This will output your public SSH key split into chunks, 72 characters in each.
-
In the serial console, enable access to the VM over SSH:
cisco-router(config)#aaa new-model cisco-router(config)#ip ssh server algorithm authentication publickey cisco-router(config)#ip ssh pubkey-chain
-
Create a user named
test-user
and transmit, in theconf-ssh-pubkey-data
mode, your public SSH key in chunks no longer than 72 characters, beginning withssh-rsa
and ending with the username:cisco-router(conf-ssh-pubkey)#username test-user cisco-router(conf-ssh-pubkey-user)#key-string cisco-router(conf-ssh-pubkey-data)#<public_key_string> ... cisco-router(conf-ssh-pubkey-data)#<public_key_string> cisco-router(conf-ssh-pubkey-data)#exit cisco-router(conf-ssh-pubkey-user)#exit cisco-router(conf-ssh-pubkey)#exit cisco-router(config)#exit
-
Make sure that the key is added:
cisco-router#show run | beg ip ssh ip ssh pubkey-chain username test-user key-hash ssh-rsa <key_hash> <username_assigned_this_key> ! ! ...
-
Compare the SSH key hash on the router with the key hash on your computer:
ssh-keygen -E md5 -lf <path_to_file_with_public_key>
-
In the serial console, enter the password that enables the privileged mode:
cisco-router#configure terminal cisco-router(config)#enable secret <password>
Check the SSH connection to the router
-
Log in to the router via SSH by running this command in your computer terminal:
ssh -i <path_to_file_with_private_key> test-user@<router_public_IP_address>
If everything is configured correctly, you will log in to the router under
test-user
. If the connection is not established, make sure that the router is configured correctly in the serial console: theaaa new-model
command was run, the key hashes are the same on your computer and the router, and password authorization for the test user is disabled. If still unable to locate the issue, repeat the previous steps. -
Enter the
enable
command and password. If everything is configured correctly, you can configure the router.
How to delete the resources you created
To stop paying for the resources you created: