Installing a Cisco CSR 1000v virtual router
In Yandex.Cloud, you can deploy a virtual Cisco Cloud Services Router (CSR) 1000v from a VM image. To install the CSR 1000v and configure SSH access to it:
- Before you start.
- Create a VM with a Cisco Cloud Services Router.
- Set the host name for the router.
- Create a user with administrator rights.
- Configure authentication using SSH keys.
- Check the connection to the router.
If you no longer need the created resources, delete them.
Before you start
- Go to the management console. Then log in to Yandex.Cloud or sign up if don't already have an account.
- On the billing page, make sure you linked a billing account, and it has the
TRIAL_ACTIVEstatus. If you don't have a billing account, create one.
If you have an active billing account, you can create or select a folder to run your VM in from the Yandex.Cloud page.
Required paid resources
When you use a Cisco CSR 1000v image without a license, the router throughput is limited to 100 Kbps. To remove the limit, install a license.
The cost of using a virtual router includes:
- A fee for a disk and continuously running VM (see pricingYandex Compute Cloud).
- A fee for using a public IP address (see Yandex Virtual Private Cloud pricing).
Create a VM with a Cisco Cloud Services Router
- Open your folder and click Create resource. Select Virtual machine.
- Enter a name for the VM, like
- Select the availability zone with a subnet. If you don't know which availability zone you need, leave the default.
- Under Images from Cloud Marketplace, click Select and choose the Cloud Hosted Router image.
- Under Computing resources:
Choose a platform for the VM.
Specify the number of vCPUs and amount of RAM:
- Platform: Intel Cascade Lake.
- Guaranteed vCPU share: 100%.
- vCPU: 2.
- RAM: 4 GB.
- In the Network settings section, choose the required network and subnet and assign a public IP to the VM either by selecting it from the list or automatically. If you don't have a network or subnet, create them on the VM creation screen.
- In the Access field, enter the login and SSH key.
- Set the Grant access to serial console flag.
- Click Create VM.
Creating the VM may take several minutes. When the VM status changes to
RUNNING, you can use the serial console.
Set the host name for the router
Open the page of the
cisco-routerVM in the management console.
Open Serial console and click Connect.
Wait until the OS fully loads.
enablecommand to switch to privileged mode:
Enter configuration mode and set the host name for the router:
cisco-router.ru-central1.internal#configure terminal Enter configuration commands, one per line. End with CNTL/Z. cisco-router.ru-cent(config)#hostname cisco-router
Make sure that the router name in the command line prompt changes to
Create a user with administrator rights
Create a user with administrator rights and password authentication disabled:
cisco-router(config)#username test-user privilege 15
Configure authentication using SSH keys
Enable SSH access to the VM and pass your public key in parts of 32 characters or less, starting with
ssh-rsaand ending with the login.
cisco-router(config)#aaa new-model cisco-router(config)#ip ssh server authenticate user publickey cisco-router(config)#ip ssh pubkey-chain cisco-router(conf-ssh-pubkey)#username test-user cisco-router(conf-ssh-pubkey-user)#key-string cisco-router(conf-ssh-pubkey-data)#<public key string> ... cisco-router(conf-ssh-pubkey-data)#<public key string> exit exit exit exit
Make sure that the key is added:
cisco-router#show run | beg ip ssh ip ssh pubkey-chain username test-user key-hash ssh-rsa <key hash> <login associated with this key> ! ! ...
You can compare the key hash on the router with the key hash on your computer:
$ ssh-keygen -E md5 -lf <path to the file with public key>.pub
Set a password for privileged mode:
cisco-router#configure terminal cisco-router(config)#enable secret <password>
Check the SSH connection to the router
Run the following command on your computer:
$ ssh -i <path to the file with the private key> test-user@<public IP address of the router>
If everything is configured correctly, you will log in to the router under
test-user. If the connection is not established, make sure that the router is configured correctly in the serial console: the
aaa new-modelcommand was run, the key hashes are the same on your computer and the router, and password authorization for the test user is disabled. If you can't find the problem, repeat the previous steps.
enablecommand and password. If everything is configured correctly, you can configure the router.
Delete the created resources
To stop paying for the deployed resources, delete the
cisco-router virtual machine.
If you reserved a public static IP address, delete it.