First Published: February 25, 2025

Introduction

This document contains the following information about Cisco Evolved Programmable Network Manager 8.1:

New Functionality Added

This section lists the new features/functionalities delivered in the Cisco EPN Manager 8.1 release.

Device Support

This release introduces support for the following devices and their respective operating system versions:

  • IOS-XR 6.5.35 release on Cisco NCS 4009 devices

  • IOS-XR 6.5.35 release on Cisco NCS 4016 devices

  • IOS-XR 7.11.21 release on Cisco NCS 540 devices

  • IOS-XR 24.3.2 release on Cisco NCS 540 devices

  • IOS-XR 24.4.1 release on Cisco NCS 540 devices

  • IOS-XR 7.11.21 release on Cisco NCS 540L devices

  • IOS-XR 24.3.2 release on Cisco NCS 540L devices

  • IOS-XR 24.4.1 release on Cisco NCS 540L devices

  • IOS-XR 24.3.2 release on Cisco NCS 560 devices

  • IOS-XR 7.11.21 release on Cisco NCS 560 devices

  • IOS-XR 24.4.1 release on Cisco NCS 560 devices

  • IOS-XR 7.11.21 release on Cisco NCS 5500 devices

  • IOS-XR 24.3.2 release on Cisco NCS 5500 devices

  • IOS-XR 24.4.1 release on Cisco NCS 5500 devices

  • IOS-XR 7.11.21 release on Cisco NCS 5700 devices

  • IOS-XR 24.3.2 release on Cisco NCS 5700 devices

  • IOS-XR 24.4.1 release on Cisco NCS 5700 devices

  • IOS-XR 7.11.21 release on Cisco ASR 9000 routers

  • IOS-XR 24.3.2 release on Cisco ASR 9000 routers

  • IOS-XR 24.4.1 release on Cisco ASR 9000 routers

  • IOS-XR 7.11.21 release on Cisco IOS XRv 9000 series routers

  • IOS-XR 24.3.2 release on Cisco IOS XRv 9000 series routers

  • IOS-XR 24.4.1 release on Cisco IOS XRv 9000 series routers

  • IOS-XR 7.11.21 release on Cisco 8000 series devices

  • IOS-XR 24.3.2 release on Cisco 8000 series devices

  • IOS-XR 24.4.1 release on Cisco 8000 series devices

  • IOS-XR 24.1.1 release on Cisco NCS 1014 devices

  • IOS-XR 24.2.11 release on Cisco 8212-48FH-M router

  • IOS-XR 24.3.1 release on Cisco 8711-32FH-M router

  • Chassis view support for Cisco 8212-48FH-M router

  • Chassis view support for Cisco 8711-32FH-M router

  • Chassis view support for Cisco 8804-FC1 fabric card on Cisco 8000 series devices

  • IOS-XR 24.2.11 release on Cisco NCS1K4-2.4T-K9 and Cisco CIM8-C-K9 line cards

  • IOS-XR 24.2.11 release on Cisco NCS1K14-2.4T-X-K9 line card

  • Validation of IOS XE 17.15.2 release on Cisco NCS 4200, Cisco ASR 900, Cisco ASR 920, Cisco ASR 903U, Cisco ASR 902U devices

  • Validation of IOS-XE 17.12.1 release on Cisco ASR 920 devices

  • Validation of IOS-XR 24.1.1 release on Cisco NCS 1014 devices

  • Improved handling of event bursts on Cisco NCS 2000 devices using the TL1 interface

Optical

  • Regen Constraint Display: The REGEN constraint is now displayed as Regen for Media Channel NC SSON and OCHNC WSON circuits. This includes:

    • Nodes in MCH NC SSON circuits with Cisco NCS 1000 and NCS 2000 series devices acting as REGEN nodes.

    • Nodes in OCHNC WSON circuits with Cisco NCS 2000 series devices as REGEN nodes.

  • Manage Auto Circuit Reconciliation for Optical Circuits: The Auto Circuit Reconciliation feature in Cisco EPN Manager ensures alignment between provisioned service data and discovered network data for optical circuits. Users can configure the feature in the settings page to either view or edit provisioned intent data or discovered device data, but not both simultaneously.

  • Discovery of OCH-CC circuits for Cisco NCS 1004 devices.

  • Provision, manage, and monitor circuits between Cisco NCS 1014 devices with Cisco NCS1K14-2.4T-K9 and Cisco NCS1K14-2.4T-X-K9 line cards, along with a Cisco NCS 2000 device non-SVO topology. You can configure managed links, provision MCH-NC circuits with custom spectrum parameters, and enable automatic discovery of optical circuits (OCH-Trail and OCHCC).

  • Optical Links migration from NICE to SD for scale.

  • Enhanced Related Circuits/VCs Tab for Optical Circuits: For optical circuits, including Media Channels, Carrier Circuits, OCH-Trails, and OCHCC, the Related Circuits/VCs tab now displays detailed information about all associated lower-hierarchical circuits and their interrelationships.

  • Restoration Status Propagation for Media Channel NC SSON: The restoration status of Media Channel NC SSON circuits is now propagated to their carried lower-hierarchical services, including Carrier NC SSON, OCH-Trail, and OCHCC.

Packet

Cisco IOS-XE Support for ACR/DCR and SAToP Framing: Cisco IOS-XE devices running version 17.9.5 or higher now support Adaptive and Differential Clock Recovery (ACR/DCR) and SAToP framing for DS1 and DS3 services over STS1E controllers.

New Operating System Support

This section lists the new OS support provided in the Cisco EPN Manager 8.1 release. For a list of all support information, click the gear icon at the top-right of the web GUI and choose Help > Supported Devices.

Cisco ASR 9000 Series Aggregation Services Routers—New Operating System Support

Device Model Device OS
Cisco ASR 9000 Router IOS-XR 7.11.21
Cisco ASR 9000 Router IOS-XR 24.3.2
Cisco ASR 9000 Router IOS-XR 24.4.1

Cisco 8000 Series Routers—New Operating System Support

Device Model Device OS
Cisco 8000 Router IOS-XR 7.11.21
Cisco 8000 Router IOS-XR 24.3.2
Cisco 8000 Router IOS-XR 24.4.1
Cisco 8212-48FH-M Router IOS-XR 24.2.11
Cisco 8711-32FH-M Router IOS-XR 24.3.1

Cisco Network Convergence System 540L Series Routers—New Operating System Support

Device Model Device OS
Cisco NCS 540L Router IOS-XR 7.11.21
Cisco NCS 540L Router IOS-XR 24.3.2
Cisco NCS 540L Router IOS-XR 24.4.1

Cisco Network Convergence System 5500 Series—New Operating System Support

Device Model Device OS
Cisco NCS 5500 Series IOS-XR 7.11.21
Cisco NCS 5500 Series IOS-XR 24.3.2
Cisco NCS 5500 Series IOS-XR 24.4.1

Cisco Network Convergence System 560 Series Routers—New Operating System Support

Device Model Device OS
Cisco NCS 560 Router IOS-XR 7.11.21
Cisco NCS 560 Router IOS-XR 24.3.2
Cisco NCS 560 Router IOS-XR 24.4.1

Cisco Network Convergence System 5700 Series Routers—New Operating System Support

Device Model Device OS
Cisco NCS 5700 Router IOS-XR 7.11.21
Cisco NCS 5700 Router IOS-XR 24.3.2
Cisco NCS 5700 Router IOS-XR 24.4.1

Cisco Network Convergence System 540 Series Routers—New Operating System Support

Device Model Device OS
Cisco NCS 540 Router IOS-XR 7.11.21
Cisco NCS 540 Router IOS-XR 24.3.2
Cisco NCS 540 Router IOS-XR 24.4.1

Cisco IOS XRv 9000 Series Aggregation Services Router—New Operating System Support

Device Model Device OS
Cisco IOS XRv 9000 Router IOS-XR 7.11.21
Cisco IOS XRv 9000 Router IOS-XR 24.3.2
Cisco IOS XRv 9000 Router IOS-XR 24.4.1

Cisco NCS 1000 Series Routers—New Operating System Support

Device Model Device OS
Cisco NCS 1014 Router IOS-XR 24.1.1

Cisco NCS 4000 Series Routers—New Operating System Support

Device Model Device OS
Cisco NCS 4009 Router IOS-XR 6.5.35
Cisco NCS 4016 Router IOS-XR 6.5.35

Supported Installation/Upgrade Paths

The following table lists the valid paths for installing/upgrading to Cisco EPN Manager 8.1 from previous versions.

Current Cisco EPN Manager Version

Installation Path to Cisco EPN Manager 8.1

Cisco EPN Manager 8.0

 Cisco EPN Manager 8.0 > 8.1

Cisco EPN Manager 7.1.3

 Cisco EPN Manager 7.1.3 > 8.1

See the relevant installation guide for installation prerequisites and procedures for Cisco EPN Manager versions.

Important Notes

Cisco EPN Manager software is distributed with all the components necessary for its optimized and secure operation, including the Red Hat Linux operating system and the Oracle database. All security-related configurations, regression testing, performance, and scalability metrics are based on the set of components and configurations included in the original Cisco EPN Manager software distribution. Cisco provides periodic EPN Manager software updates that can also contain necessary updates to the packages installed on the operating system or to the database.


Note

If any of the following changes are made to the original distributed Cisco EPN Manager software, Cisco will no longer support the operating environment:

  • Configuration changes to the software or operating system, or installation of other components that are not part of the original distribution.

  • Direct installation and application of third-party software on the Red Hat Linux operating system that is embedded within Cisco EPN Manager.

  • Application of updates or patches that are not provided by Cisco to individual Cisco EPN Manager components.

  • Changes to the internal Cisco EPN Manager settings that are not documented as modifiable in the Cisco EPN Manager User and Administrator Guide on Cisco.com, as these changes may weaken security, disable functionality, or degrade scalability and performance.

System Behavior and Functionality Updates

  • Before the release of Cisco EPN Manager 7.1, the column order under Inventory > Other > Circuits/VCs & Network Interfaces, was maintained as stored in the database. However, starting from Cisco EPN Manager 7.1, there has been a change in the storage mechanism for column order. The column order is now stored in the browser session storage instead of the database. As a result, any adjustments made to the column order will only apply to the current session and will not be permanently saved in the database.

Secure User Inputs to Prevent XSS Vulnerabilities

Cross-site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into applications. These scripts can be used to steal information or perform other malicious actions. To safeguard the Cisco EPN Manager, it is crucial to avoid certain patterns in user input fields and POST/PUT payloads.

The following patterns have been identified as vulnerable and are blocked by the Cisco EPN Manager's XSS prevention feature. The Cisco EPN Manager will not execute the command or proceed to the next step if it finds these patterns; therefore, ensure they are not used in user inputs or API calls.

  • src=’…’ (multiline, case insensitive pattern): Avoid using src= followed by any text or newline within single quotes. For example, <img src='malicious_code'>.

  • src=”…” (multiline, case insensitive pattern): Avoid using src= followed by any text or newline within double quotes. For example, <img src="malicious_code">.

  • </script> (case insensitive pattern): Avoid using the closing script tag in any form.

  • <script…> (multiline, case insensitive pattern): Avoid using the opening script tag with any content inside.

  • eval(…) (multiline, case insensitive pattern): Avoid using the eval function in any context. For example, eval('malicious_code').

  • expression(…) (multiline, case insensitive pattern).

  • javascript: (case insensitive pattern): Avoid using javascript: protocol in any field.

  • vbscript: (case insensitive pattern): Avoid using vbscript: protocol.

  • onload…= (multiline, case insensitive pattern): Avoid using event handlers like onload in any of the fields.

  • <…> (multiline, case insensitive pattern).

  • <script…/script> (multiline, case insensitive pattern): Avoid any complete script tags with content.

Limited Scope of Specific Devices

  • The Cisco 8608-SYS and Cisco 8011-2X2XP4L platforms do not support provisioning and related use cases for any technology.

Upgrade Issues

  • FTP and TFTP are disabled by default.

  • Active Threshold Crossing Alarms (TCA) for temperature remain active and are not cleared automatically. Clear these alarms manually.

  • You must resync your devices to view ISIS links.

  • You must resync LDP-enabled devices to view LDP feature-related information.

  • You must recreate the TCAs for inbound/outbound errors and inbound/outbound discards in the Interface Health monitoring policy.

Limitations on Carrier Ethernet Circuit Provisioning

  • Promotion of services using the old probe name format is now supported. These probes are listed in the user interface with the appropriate standard OAM Profile name after promotion.

    • Sample profile: profile PM2_3_8_CoS5_DM type cfm-delay-measurement.

  • While custom profile names are supported in EPN Manager, modifying brownfield services with a different naming format deletes the existing custom profile and adds a new profile with a supported naming format.

  • Inventory models do not correctly display the profiles that are not associated to a service.

  • The validation limit for the number of profiles is 100. If you create a new SLA operation profile after 100 existing profiles, the device generates an error and deployment fails.

TLS 1.2 Required for Secured Channel Communication for HTTPS and TLS

Only Transport Layer Security (TLS) 1.2 is supported for HTTPS and TLS related secured communication, for example, RADIUS EAP-TLS.

Support for TLS 1.0, TLS 1.1, and all versions of SSL has been disabled due to security vulnerabilities.

This means that all peer systems and clients that transact with Cisco EPN Manager using HTTPS/TLS must support TLS 1.2. If they do not support TLS 1.2, you must upgrade these systems. Wherever possible, the Cisco EPN Manager documentation highlights the potentially affected systems. Contact your Cisco representative for support in this regard, if necessary.

Reconciliation Report Limitations

If you have not provided a value for an attribute while provisioning a service, the provisioned value for that attribute is displayed as “Missing” in the reconciliation report. The device may have a default value for this attribute, but Cisco EPN Manager does configure this value.

Limitations on Cisco ME 1200 Devices

The Y.1564 performance test does not work if the source/destination is a Cisco ME 1200 device.

Limitations on Cisco NCS 4200 Devices Running IOS-XE 16.8.1

The following functionalities do not work on Cisco NCS 4200 devices running IOS-XE 16.8.1:

  • Alarm profile

  • Configuration of SONET LOP and CT3 LOP from the GUI

  • Admin shut/no shut functionality on SONET/T1/T3 HOP/LOP

Limitations on Cisco NCS 540 and Cisco NCS 5500 devices

Cisco NCS 540 and Cisco NCS 5500 device series do not support Fault-OAM, Wrap-Protection, and BFD.

Use CLI Templates for Configuring PTP Commands

On ASR920 devices with software version 16.9.1, IEEE 1588-2008 BC/MC license is required to execute the 1588 PTP commands.

Configuration and Inventory Not Supported for PTP Templates

The behavior of modeling the configurations that are pushed through PTP templates may not work as expected because the model may not be in place for all the configurations that are pushed through PTP templates. Configuration/Inventory is not supported for these configurations.

Data Center Device Lifecycle Support Only

Cisco EPN Manager provides essential support for a few selected UCS compute systems, Nexus series devices, and the CSR 1000v devices.

LINK_DOWN alarm on sub interfaces in Gig Port

LINK_DOWN alarms will not be generated when a link is down on sub-interfaces in a Gig Port.

Cisco EPN Manager Bugs

Resolved Bugs

The table below lists all the bugs that were resolved in the Cisco EPN Manager 8.1 release.

For more information about the resolved bugs, go to the Bug Search Tool.

Bugs Description
CSCwi39744 EPNM7.1.1GA I167: Nessus Basic Network Scan Detects Vulnerabilities
CSCwj76669 EPNM 7.1 : scheduled report is unable to be saved if the browser language setting is Japanese
CSCwk66072

In Reports Time conversion doesn't happen properly
CSCwk84368

Cisco Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

CSCwm40213

EPNM 7.1.3 - Bulk import fails when the device password has special characters.

CSCwm40404

Missing links in EPNM MLT display for ODU UNI circuits

CSCwm47748

[EPNM8.1GA-Scale] when failback is triggered, the Report files are not transfered to Primary server.

CSCwm55544

Source Routing Process not auto-filled if selecting device by double click for MPLS TE tunnel prov

CSCwm55872

Device in CWW or CF sync state is stuck in sync queue and subsequent sync or device delete not work

CSCwm67326

EPNM Y.1731 two-way Delay Bin Statistics portlet shows wrong info for fraction of ms bin data

CSCwm77165

Software Activation job stuck in IN_PROGRESS, reboot command not sent from EPNM for ASR 920-12SZ-IM

CSCwm82415

Failback process is failing with remove HA and db reset in primary

CSCwm87606

EPN - fault - fault is being processed on standby node

CSCwm98300

EPNM 7.1.1: Incorrect display of FAN operational status on C8300

CSCwm98431

Epnm opticaltransport intf 360 view not showing OTDR option in Action tab intermittently

CSCwm99493

EPNM 7.1: template deployment with port group selection not working

CSCwn32745

Ports are missing for new provisioning when we delete and re-add device

CSCwn34537

EPNM 7.1.1 - Upgraded IOS version is not reflecting correctly for catalyst 3650 devices

CSCwn36101

Change Audit Notification over TLS fails

CSCwn39571

EPNM 7.1.1 : the inventory sync is completed with warnings - feature-l3vpn-mpbgp failing

CSCwn49040

EPNM 7.1.1 RestConf Inventory API does not fetch Power module serial No. details for Catalyst 3650

CSCwn51909

L3VPN circuit endpoints are not updated when IPFlowPoint EPs exceed 1000

CSCwn58016

EPNM 7.1.3: Rest /userTacacsRest/getUsers endpoint accessible for monitoring user

CSCwn81459

EPNM 7.1.3 - TEMPERATURE alarm is not added to notification policies

CSCwn83974

EPNM8.0 not processing the stats of IPSLAY.1731 collected from NCS540 device through cli

CSCwn87605

EPNM not purging CliTemplateDeployIOSDevices job history according to configured retention

CSCwo02943

customer TasteOS security scan reported CVE-2023-37920 and CVE-2018-12699

CSCwj96202

Configuration Archive Collection Time is shown as “NaN-undefined-0NaN NaN:NaN:NaN AM GNN”

CSCwk28019

EPN - fault nbi - non ip address text in cenAlarmManagedObjectAddress

CSCwk46291

EPN - UI - Idle timeout behaves inconsistently

CSCwk70612

Error message on 'ncs ha authkey' is misleading

CSCwm10694

EPNM 7.1 : Removing the Customize Data tab for SFP Port and Module Details
CSCwm33084

EPNM 6.1.2.2 Radius server request/response do not have message authenticator Id
CSCwm47906

Remove Performance-Graph redirect link for interfaces from chassis-view

CSCwm67184

EPN - OTDR - OTDR Import fails

CSCwm71810

NCS2k devices added via auto-discovery has incomplete inventory details

CSCwm78753

While giving '&' and '<' characters for L3VPN BGP service provisioning password we are getting error

CSCwm85259

Widget screen of ?Show Config Versions? time is shown as ?NaN-undefined-0NaN NaN:NaN:NaN AM GNN?

CSCwn03675

Evaluate EPNM for Chained Privilege Escalation 3

CSCwn42617

ping/trace for EVC PW/CFM OAM and Unidirect TE Tunnel OAM should not check for device ip as IPV6

CSCwn64375

OCH-Trail trunk interfaces speed (If Speed) attribute value is unavailable in UI interface 360 view

CSCwn72171

BEMS01794183 RESTCONF API: Network Resource OAM YANG model prefix statement conflict

CSCwm28590

Unable to export all entries in Deleted Circuits/VCs list

CSCwm65731

EPN - restconf help - typos and error for OTDR Scan restconf

CSCwm74913

Device Console terminal box not get enlarged when we expand it

CSCwn99922

EPN - docs - HA is not removed if down > 6 hrs
CSCvy22968

Unexpected time zone abbreviation 'BST' instead of 'BRT' in several GUI pages
CSCwm95606

Evaluate EPNM for Chained privilege escalation
CSCvv61928

A99-32X100GE-X-SE line card Issue
CSCwk74601

3rd party SFP related data not included in Link Optical SFP report

Closed Bugs

The table below lists all the bugs that were closed in the Cisco EPN Manager 8.1 release.

Click the identifier link to view the impact and workaround for the bug in the Bug Search Tool. Use this tool to track the status of the bugs.

Bugs Description
CSCwm99756 For OCHCC 1+1 Protection circuit in MLT view Working and Protection missing (Active)
CSCwn20705

Mgmt Interface status is not shown in Chassis-View for Saturn device

CSCwn20709 Mgmt Interface status is not shown in Chassis-View for Slugger device
CSCwn80047 EPNM_8.1:BdirectionalTE Traceroute getting pop error:Failed to run the Traceroute command on Tunnel9
CSCwm30544 HA intergration failed with an error
CSCwn11259 While prov Optical service from EPNM UI label is limited to 14 char but device(NCS2K) allows 32 char
CSCwn80996 EPNM_8.1:Tunnels Traceroute results visual data device details not properly visible cosmetic issue

Open Bugs

The table below lists all the bugs that are open in the Cisco EPN Manager 8.1 release.

Click the identifier link to view the impact and workaround for the bug in the Bug Search Tool. Use this tool to track the status of the bugs.

Bugs Description
CSCwo06126 Alarm and Events - Events- Tab- UI page consumes all available client device memory (RAM)
CSCwo12603 NBI delete failing when the tunnel has explicit path configuration
CSCwo08196 Eline circuit with dot1q Extended VLAN List with untagged configuration not parsed correctly by EPNM

Get Information about Cisco EPN Manager Bugs

Use the Bug Search tool (BST) to get the latest information about Cisco EPN Manager bugs. BST allows partners and customers to search for software bugs based on product, release, and keyword, and it aggregates key data such as bug details, product, and version.

Cisco EPN Manager bugs may be caused by defects in a device's platform or operating system. In such cases, the Cisco EPN Manager bug will be resolved when the hardware/operating system bug is resolved.

Procedure

Step 1

Log into the Bug Search Tool.

Step 2

To list all bugs for this version, click the Select from list hyperlink that is next to the Product field and select the product.

  1. Choose Cloud and Systems Management > Routing and Switching Management > Cisco Evolved Programmable Network (EPN) Manager and then select the required product version.

  2. When the results are displayed, use the filter and sort tools to find bugs according to their status, severity, how recently they were modified, if any support cases are associated with them, and so forth.

You can also search using bug IDs or keywords. For more information, click Help at the top right of the Bug Search page.

Related Documentation

For a list of all documentation available for Cisco EPN Manager 8.1, see the Cisco Evolved Programmable Network Manager 8.1 Documentation.

Accessibility Features

For a list of accessibility features in Cisco EPN Manager 8.1, contact accessibility@cisco.com.

All product documents are accessible. If you would like to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.