This blog covers how to install Cisco csr1000v boxes for use with Vagrant. Cisco does not provide a csr1000v Vagrant box so similar to my other post on creating a Vagrant box from the ASAv ova, I will show you how to create a csr1000v Vagrant box. This post assumes that you already have a working Vagrant install.

Code versions used
  • csr1000v - 3.15.00.S.155-2.S
  • Virtual Box - 5.1.26 r117224
  • Vagrant - 1.9.6
  • Ubuntu - 1604


Go to the Cisco software download section and search for csr1000v. When you get to the product page download the .ova file.

A valid service contract is not required to download this image, but you will need a CCO account.

Import OVA

Browse to the location of the .ova file and extract it.

# lcreate directory and extract ova file

mkdir csr1000v
tar -xvf csr1000v-universalk9.03.15.00.S.155-2.S-std.ova -C csr1000v

# output


Remove the .mf files or the VM will fail to boot in Virtualbox.

# Remove .mf files

cd csr1000v
rm -f *.mf

In Virutalbox go to: File > Import Appliance... and browse to the folder from the previous step and import the csr1000v-universalk9.03.15.00.S.155-2.S-std.ovf file.

Edit VM properties
  • CPUs - 2
  • RAM - 4096 MB
  • Network Adapters - 1

Keep the network adapter type as Intel PRO/1000 MT Desktop (82540EM) and select the tick box to reinitialize the MAC addresses.

It is possible to boot the VM with 1 CPU and 2GB of RAM but it will take alot longer to boot.

Once imported, open the virtual machines settings.


For adapter 1 attach the adapter to a network type that will get an IP address you can SSH to. A bridged adapter will get an IP address from my wireless network so I am using that for simplicity.

Keep the Virtualbox adapter type as Intel PRO/1000 MT Desktop (82540EM) otherwise the interface order in the VM will not match the Adapter order in Virtualbox.

Add a serial port but leave it as disconnected.


Connect the ISO image as a CD drive.


Browse to the location of the extracted .ova and select the ISO image.


When attached it looks like this.


Bootstrap Configuration

Boot up the CSR and apply the bootstrap configuration.

# Bootstrap config

conf t
hostname csr
ip domain-name lab.local
crypto key generate rsa modulus 2048
ip ssh version 2
aaa new-model
aaa authentication login default local
aaa authorization exec default local
username vagrant privilege 15 secret vagrant
interface GigabitEthernet1
 description vagrant-management
 ip address dhcp
 no shutdown

Find the IP address assigned via DHCP.

show ip int brie
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1      YES DHCP   up                    up

Login with SSH to configure the vagrant insecure ssh key.

# from bash

ssh vagrant@

Configure the vagrant insecure ssh key.

# vagrant ssh key config

conf t
ip ssh pubkey-chain
  username vagrant
   key-hash ssh-rsa DD3BB82E850406E9ABFFA80AC0046ED6
wr mem

Confirm you can successfully SSH to the device with the Vagrant SSH key.

# from bash

ssh vagrant@ -i ~/.vagrant.d/insecure_private_key

If you can successfully SSH to the device with the SSH key, its time to create the Vagrant box.

Box Install

Poweroff the CSR in Virtualbox and create a Vagrant base box.

vagrant package --base csr1000v

# output

==> csr1000v: Exporting VM...
==> csr1000v: Compressing package to: /home/bradmin/vagrant/boxes/cisco/

# move to base box folder

mv ~/vagrant/boxes/cisco/
cd ~/vagrant/boxes/cisco/

Create a metadata file called csr1000v-03.15.00.json with the following contents.

  "name": "cisco/csr1000v",
  "description": "Cisco CSR1000v",
  "versions": [
      "version": "03.15.00",
      "providers": [
          "name": "virtualbox",
          "url": "file:///home/bradmin/vagrant/boxes/cisco/"

Add the newly created base box to Vagrant.

vagrant box add csr1000v-03.15.00.json

# output

==> box: Loading metadata for box 'csr1000v-03.15.00.json'
    box: URL: file:///home/bradmin/vagrant/boxes/cisco/csr1000v-03.15.00.json
==> box: Adding box 'cisco/csr1000v' (v03.15.00) for provider: virtualbox
    box: Unpacking necessary files from: file:///home/bradmin/vagrant/boxes/cisco/
==> box: Successfully added box 'cisco/csr1000v' (v03.15.00) for 'virtualbox'!

Confirm Vagrant can see the box.

vagrant box list

# output

CumulusCommunity/cumulus-vx          (virtualbox, 3.3.2)
arista/veos                          (virtualbox, 4.18.1F)
centos/7                             (virtualbox, 1705.02)
cisco/asav                           (virtualbox, 9.8.1)
cisco/csr1000v                       (virtualbox, 03.15.00)

debian/jessie64                      (virtualbox, 8.8.1)
juniper/ffp-12.1X47-D15.4            (virtualbox, 0.5.0)
juniper/ffp-12.1X47-D15.4-packetmode (virtualbox, 0.5.0)
juniper/vqfx10k-pfe                  (virtualbox, 0.1.0)
juniper/vqfx10k-re                   (virtualbox, 0.2.0)
ubuntu/xenial64                      (virtualbox, 20170728.0.0)
The original Virtual Machine can now be deleted.

Create a directory for testing the Vagrant environment.

mkdir ~/vagrant/csr-test; cd ~/vagrant/csr-test/

Use this sample Vagrantfile.

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config| = "cisco/csr1000v"

  # Turn off shared folders
  config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true

  # Do not try to insert new SSH key
  config.ssh.insert_key = false

  # Give the VM time to boot as Vagrant cannot tell when it is booted
  config.vm.boot_timeout = 400

  # Additional interfaces "private_network", ip: "", auto_config: false "private_network", ip: "", auto_config: false


Testing Vagrant Box

Lets get building, vagrant up and confirm the CSR box builds correctly.

vagrant up

# output

Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'cisco/csr1000v'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'cisco/csr1000v' is up to date...
==> default: Setting the name of the VM: cisco-test_default_1502597160552_57639
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
    default: Adapter 3: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address:
    default: SSH username: vagrant
    default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: No guest additions were detected on the base box for this VM! Guest
    default: additions are required for forwarded ports, shared folders, host only
    default: networking, and more. If SSH fails on this machine, please install
    default: the guest additions and repackage the box to continue.
    default: This is not an error message; everything may continue to work properly,
    default: in which case you may ignore this message.

Login to device and test.

vagrant ssh

# output

csr#show version
Cisco IOS XE Software, Version 03.15.00.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S, RELEASE SOFTWARE (fc3)
Technical Support:
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Sun 22-Mar-15 01:36 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE


csr uptime is 6 minutes
Uptime for this control processor is 7 minutes
System returned to ROM by reload
System image file is "bootflash:packages.conf"
Last reload reason: <NULL>

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

License Level: ax
License Type: Default. No valid license found.
Next reload license Level: ax

cisco CSR1000V (VXE) processor (revision VXE) with 2067410K/6147K bytes of memory.
Processor board ID 9Q31KM6V7WI
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3988236K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.

Configuration register is 0x2102


When you are done, destroy the box.

 vagrant destroy -f

# output

==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...


If you followed along you should have a shinny csr1000v Vagrant box for labbing and testing. Although Cisco didn't make it easy we did it any way.