Installing a Cisco CSR 1000v virtual router
In Yandex Cloud, you can deploy a virtual router called Cisco Cloud Services Router (CSR) 1000v, based on a ready-made VM image.
To install the CSR 1000v and configure SSH access to it:
- Prepare your cloud.
- Create an SSH key pair.
- Create a VM with a Cisco Cloud Services Router.
- Set the host name for the router.
- Create a user with the administrative rights.
- Configure authentication using SSH keys.
- Check the SSH connection to the router.
If you no longer need the resources you created, delete them.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
Alert
If using a Cisco CSR 1000v image without a license, the router throughput is limited to 100 kbps. To remove this limit, install a license
The cost of using a virtual router includes:
- Fee for a disk and a continuously running VM (see Yandex Compute Cloud pricing).
- Fee for using a dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
Create an SSH key pair
To connect to a VM over SSH, you need a key pair: the public key resides on the VM, and the private one is kept by the user. This method is more secure than connecting with login and password.
Note
SSH connections using a login and password are disabled by default on public Linux images that are provided by Yandex Cloud.
Cisco Cloud Services Router (CSR) 1000v only supports keys generated using the RSA algorithm.
To create a key pair:
-
Open the terminal.
-
Use the
ssh-keygen
command to create a new key:ssh-keygen -t rsa -b 2048
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is
id_rsa
. Keys are created in the~/.ssh
directory.The public part of the key will be saved to the
<key_name>.pub
file.
-
Run
cmd.exe
orpowershell.exe
. -
Use the
ssh-keygen
command to create a new key:ssh-keygen -t rsa -b 2048
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is
id_rsa
. The keys are created inC:\Users\<username>\.ssh\
orC:\Users\<username>\
depending on the command-line interface.The public part of the key will be saved to a file named
<key name>.pub
.
Create keys using the PuTTY app:
-
Download
and install PuTTY. -
Make sure that the directory where you installed PuTTY is included in
PATH
:- Right-click My computer. Click Properties.
- In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
- Under System variables, find
PATH
and click Edit. - In the Variable value field, append the path to the directory where you installed PuTTY.
-
Launch the PuTTYgen app.
-
Select RSA for the type of pair to generate and set the length to 2048. Click Generate and move the cursor in the field above it until key creation is complete.
-
In Key passphrase, enter a strong password. Enter it again in the field below.
-
Click Save private key and save the private key. Do not share its key phrase with anyone.
-
Save the key to a text file. To do this, copy the public key from the text field to a text file with the name
id_rsa.pub
. Please note that the key must be written as a single line (no returns or line breaks).
Warning
Save the private key in a secure location, as you will not be able to connect to the VM without it.
Create a VM with a Cisco Cloud Services Router
-
On the folder page in the management console
, click Create resource and selectVirtual machine instance
. -
Under Boot disk image, in the Product search field, enter
Cisco CSR
and select a Cisco CSR public image. -
Under Location, select an availability zone to create your VM in. If you do not know which availability zone you need, leave the default one.
-
Under Computing resources, navigate to the
Custom
tab and specify the required platform, number of vCPUs, and the amount of RAM:- Platform:
Intel Ice Lake
. - vCPU:
2
. - Guaranteed vCPU performance:
100%
. - RAM:
4 GB
.
- Platform:
-
Under Network settings:
- In the Subnet field, select the network and subnet to connect your VM to. If the required network or subnet is not listed, create it.
- Under Public IP, keep
Auto
to assign your VM a random external IP address from the Yandex Cloud pool or select a static address from the list if you reserved one in advance.
-
Under Access, select SSH key and specify the VM access data:
- Under Login, enter the username. Do not use
root
or other names reserved by the OS. To perform operations requiring superuser permissions, use thesudo
command. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
- Under Login, enter the username. Do not use
-
Under General information, specify the VM name:
cisco-router
. -
Under Additional, disable the
Access to serial console
option. -
Click Create VM.
It may take a few minutes to create the VM. When the VM status changes to RUNNING
, you can use the serial console.
Set the host name for the router
-
In the management console
, select the folder containing your VM. -
Select Compute Cloud.
-
In the VM list, select
cisco-router
. -
Go to the
Serial console tab and click Connect. -
Wait for the operating system to start up completely.
-
To switch to privileged mode, run the
enable
command in the serial console:cisco-router.ru-central1.internal>enable
-
Enter the configuration mode and set the host name for the router:
cisco-router.ru-central1.internal#configure terminal Enter configuration commands, one per line. End with CNTL/Z. cisco-router.ru-cent(config)#hostname cisco-router
The router name at the beginning of the command line should change to
cisco-router
.
Create a user with the administrative rights
Create a user with the administrative rights and password authentication disabled:
In the serial console, run this command:
cisco-router(config)#username test-user privilege 15
Configure authentication using SSH keys
-
If your public SSH key is longer than 72 characters, split it into chunks of 72 characters each by running this command in your computer terminal:
fold -bw 72 <public_key_file_path>
This will output your public SSH key split into chunks, 72 characters in each.
-
In the serial console, enable access to the VM over SSH:
cisco-router(config)#aaa new-model cisco-router(config)#ip ssh server algorithm authentication publickey cisco-router(config)#ip ssh pubkey-chain
-
Create a user named
test-user
and, inconf-ssh-pubkey-data
mode, provide your public SSH key in chunks no longer than 72 characters, beginning withssh-rsa
and ending with the username:cisco-router(conf-ssh-pubkey)#username test-user cisco-router(conf-ssh-pubkey-user)#key-string cisco-router(conf-ssh-pubkey-data)#<public_key_row> ... cisco-router(conf-ssh-pubkey-data)#<public_key_row> cisco-router(conf-ssh-pubkey-data)#exit cisco-router(conf-ssh-pubkey-user)#exit cisco-router(conf-ssh-pubkey)#exit cisco-router(config)#exit
-
Make sure that the key is added:
cisco-router#show run | beg ip ssh ip ssh pubkey-chain username test-user key-hash ssh-rsa <key_hash> <login_associated_with_this_key> ! ! ...
-
Compare the SSH key hash on the router with the key hash on your computer:
ssh-keygen -E md5 -lf <public_key_file_path>
-
In the serial console, enter the password that enables the privileged mode:
cisco-router#configure terminal cisco-router(config)#enable secret <password>
Check the SSH connection to the router
-
Log in to the router via SSH by running this command in your computer terminal:
ssh -i <private_key_file_path> test-user@<router_public_IP_address>
If everything is configured correctly, you will log in to the router as
test-user
. If the connection is not established, make sure that the router is configured correctly in the serial console: theaaa new-model
command was executed, the key hashes are the same on your computer and the router, and password authorization for the test user is disabled. If still unable to locate the issue, repeat the previous steps. -
Enter the
enable
command and password. If everything is configured correctly, you can configure the router.
How to delete the resources you created
To stop paying for the resources you created: