The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco NCS 540 Series Routers, Release 25.2.1
Cisco NCS 540 Series Routers, Release 25.2.1
Cisco IOS XR Release 25.2.1 is a new feature release for Cisco NCS 540 Series routers.
For more details on the Cisco IOS XR release model and associated support, see Software Lifecycle Support Statement - IOS XR.
This section provides a brief description of the new software features introduced in this release.
Table 1. New software features for Cisco NCS 540 Series Routers, Release 25.2.1
Product Impact |
Feature |
Description |
L2VPN |
||
Software Reliability |
Layer 2 Protocol Tunneling now supports EVPN VPWS and EVPN VPLS services.
This capability enhances service flexibility and scalability by allowing seamless integration of Layer 2 protocols over a Layer 3 network. This capability simplifies network operations, improves compatibility, increases security, and optimizes resource utilization, providing a streamlined and efficient networking solution.
|
|
Software Reliability |
Improved scalability and convergence for EVPN single-flow active using ARP pacing |
You now have the ability to converge 8,000 hosts in less than a second, with bidirectional traffic. This feature enables the network to recover quickly from failures or changes in topology, ensuring continuous service and balanced data transmission. This capability is achieved by optimizing the management of MAC and IP routes through ARP pacing. This feature introduces the arp probe pace command.
|
Software Reliability |
Selective Multicast with IGMP Proxy addresses the issue of |
|
Application Hosting |
||
Upgrade |
You can now enable the router to detect DDoS attacks targeting MPLS traffic using DDoS edge protection. The router analyzes MPLS flows to identify malicious traffic patterns, ensuring the availability and performance of services traversing MPLS networks. |
|
Routing |
||
Ease of Setup |
IS-IS static neighbor allows the advertisement of an IS-IS link without forming an actual IS-IS adjacency. This feature is useful when a link is required in the topology for the controller but IS-IS is not actively running on the link. |
|
Software Reliability |
We now allow seamless interoperability between Cisco Smart SFPs and third-party devices that require MAC address validation. This capability is achieved by allowing the configuration of a destination MAC address directly on Cisco Smart SFPs. You can configure a specific destination MAC address on Transparent PDH over Packet (TPoP) and Channelized SDH over Packet (CSoP) Smart SFPs enabling Cisco Smart SFPs to ensure that data packets are successfully accepted by the destination device. By default, the destination MAC address on the Cisco smart SFPs is zero. |
|
System Security |
||
Upgrade |
Reverse Route Injection (RRI) simplifies network management by automatically injecting peer traffic selectors or routes into the routing tables of IPSec peers. This automation removes the need for administrators to manually configure routes. The IPSec ACL specifies the source and destination subnets that require protection by the IPSec tunnel. RRI uses the ACL to identify the routes to inject into the routing table. If an ACL is not configured or does not match the intended traffic, RRI will not inject routes for those subnets, potentially causing communication failures through the IPSec tunnel. |
|
System Setup and Software Installation |
||
Software Reliability |
Hardware MDB profiles for Layer 2 and Layer 3 services overlay scale increased to 32000 |
You can now configure hardware MDB profiles for Layer 2 and Layer 3 services over SRv6 services, enabling you to set overlay scales to 32000 in terms of the number of routers and sessions. |
Segment Routing |
||
Software Reliability |
You can now hardware offload the liveness monitoring in performance measurement to the router hardware, which is the Network Processing Unit (NPU). This feature helps you optimize and scale the measurement operation, helping you meet delay-bound Service Level Agreements (SLAs). Previously, this feature was software driven. Using hardware to offload performance monitoring tasks improves efficiency and reduce the load on the main processor. |
There is no new hardware introduced in this release.
This section provides a brief description of the behavior changes introduced in this release.
● Reintroduce NET_RAW capabilities to application manager containers: The --cap-add=NET_RAW option has been reintroduced to the docker run configuration. This enables application manager containers to use RAW and PACKET sockets.
● Type6 server output enhancements: The show type6 server command now includes two new outputs that provides additional details for enhanced server management and troubleshooting:
◦ Masterkey Length
◦ Masterkey Hash
● gRPC remote-connection disable command: A new command, grpc remote-connection disable, has been introduced. This command allows users to disable TCP connections on the router, providing greater control over network configurations.
● The Cisco-IOS-XR-pmengine-oper.yang data model has been updated to ensure consistency. The naming convention has been standardized by renaming elements such as hour24fec to hour24-fec, minute15pcs to minute15-pcs, and second30pcs to second30-pcs across all layers, including OTN, OTNSEC, PCS, FEC, PRBS, Ether, and GFP. For more details on the sensor paths or the updated 25.2.1 YANG models, refer to the GitHub repository.
There are no open issues in this release.
● The statistics collection may time out due to CPU overload during route churn. In such scenarios, statistics collection will resume when the CPU becomes available after the route churn is complete.
● Autonegotiation is disabled by default on the fixed GigE - 0/0/0/0 - 0/0/0/4 copper ports of N540X-16Z4G8Q2C-A/D and N540X-12Z16G-SYS-A/D router variants. To enable autonegotiation, use the negotiation auto command.
● If you’re migrating from previous XR versions, then you must enable autonegotiation for fixed copper ports using the negotiation auto command before performing the software upgrade to avoid any links going down.
● Enabling or disabling frame preemption on the Time Sensitive Networking (TSN) port results in traffic drop for N540-FH-CSR-SYS. The port Twenty Five G0/0/12 is used as the TSN port.
● Fabric multicast queue stats are not supported in N540X-8Z16G-SYS-A/D, N540X-6Z18G-SYS-A/D, N540-6Z14S-SYS-D, N540-6Z18G-SYS-A/D, and N540X-4Z14G2Q-A/D variants.
● Unlabeled BGP PIC EDGE for global prefixes is not supported.
● The interface ports 0/0/0/24 to 0/0/0/31 do not support 1G Copper SFPs on N540-24Z8Q2C-SYS, N540-ACC-SYS, and N540X-ACC-SYS variants. Also, these ports do not support Auto-Negotiation with 1GE optical SFPs and they cannot act as 1GE Synchronous Ethernet sources.
● The interface ports 0/0/0/20 to 0/0/0/27 do not support 1G Copper SFPs on N540X-16Z4G8Q2C-A, N540X-16Z8Q2C-D, and N540X-16Z4G8Q2C-D variants. Also, these ports do not support Auto-Negotiation with 1GE optical SFPs and they cannot act as 1GE Synchronous Ethernet sources.
● The 1G ports on the N540-24Q8L2DD-SYS variant do not support Auto-Negotiation with 1GE optical SFPs.
● Remove the speed settings on the 1G Copper optics when 10M/100M is configured and replaced with 1G SFP optics.
● The hw-module profile mfib statistics command is not supported.
Compatibility Matrix for EPNM and Crosswork with Cisco IOS XR Software
The compatibility matrix lists the version of EPNM and Crosswork that are supported with Cisco IOS XR Release in this release.
Table 2. Compatibility Matrix
Cisco IOS XR |
Crosswork |
EPNM |
Release 25.2.1 |
System requirements
Use the show hw-module fpd command in EXEC and Admin mode to view the hardware components with their current FPD version and status. The status of the hardware must be CURRENT; Running and Programmed version must be the same. You can also use the show fpd package command in Admin mode to check the fpd versions.
Software Version
To verify the software version running on the router, use show version command in the EXEC mode.
Router# show version
Tue Jun 17 11:17:09.982 IST
Cisco IOS XR Software, Version 25.2.1
Copyright (c) 2013-2025 by Cisco Systems, Inc.
Build Information:
Built By : swtools
Built On : Sun Jun 15 05:08:39 PDT 2025
Built Host : iox-lnx-040
Workspace : /auto/srcarchive11/prod/25.2.1/ncs540/ws
Version : 25.2.1
Location : /opt/cisco/XR/packages/
Label : 25.2.1
cisco NCS-540 () processor
System uptime is 23 hours 46 minutes
The following tables list the supported base images and optional packages and their corresponding file names.
Visit the Cisco Software Download page to download the Cisco IOS XR software images.
Table 3. Release 25.2.1 software for N540-24Z8Q2C-SYS, N540-ACC-SYS, and N540X-ACC-SYS
Package |
Filename |
Description |
Base image |
||
IOS XR Base Image |
ncs540-mini-x-25.2.1.iso |
IOS XR mandatory base image. |
USB Boot Package |
ncs540-usb_boot-25.2.1.zip |
Package required to perform USB Boot. Includes the same packages as the base image. |
Optional packages not included in the base image |
||
IOS XR Manageability |
ncs540-mgbl-1.0.0.0-r2521.x86_64.rpm |
Supports Extensible Markup Language (XML) Parser, Telemetry, Netconf, gRPC and HTTP server |
IOS XR MPLS |
ncs540-mpls-1.0.0.0-r2521.x86_64.rpm ncs540-mpls-te-rsvp-1.0.0.0-r2521.x86_64.rpm |
Supports MPLS and MPLS Traffic Engineering (MPLS-TE) |
IOS XR Security |
ncs540-k9sec-1.0.0.0-r2521.x86_64.rpm |
Supports MACsec and 802.1X |
IOS XR ISIS |
ncs540-isis-1.0.0.0-r2521.x86_64.rpm |
Supports ISIS |
IOS XR OSPF |
ncs540-ospf-1.0.0.0-r2521.x86_64.rpm |
Supports OSPF |
IOS XR Lawful Intercept |
ncs540-li-1.0.0.0-r2521.x86_64.rpm |
Supports Lawful Intercept (LI) |
IOS XR Multicast |
ncs540-mcast-1.0.0.0-r2521.x86_64.rpm |
Supports Multicast |
IOS XR EIGRP |
ncs540-eigrp-1.0.0.0-r2521.x86_64.rpm |
Supports EIGRP |
IOS XR LI-CTRL |
ncs540-lictrl-1.0.0.0-r2521.x86_64.rpm |
Supports LI-CTRL |
Table 4. Release 25.2.1 Software for N540-24Q8L2DD-SYS, N540-24Q2C2DD-SYS, N540X-16Z4G8Q2C-A/D, N540-28Z4C-SYS-A/D, N540X-12Z16G-SYS-A/D, N540-12Z20G-SYS-A/D, N540-FH-CSR-SYS, N540X-16Z8Q2C-D, and N540-FH-AGG-SYS
Package |
Filename |
Description |
Base Image |
||
IOS XR Base Image |
ncs540l-x64-25.2.1.iso |
IOS XR base image with mandatory packages. The base ISO image also includes the following optional packages: xr-bgp xr-cdp xr-eigrp xr-ipsla xr-is-is xr-k9sec xr-lictrl xr-lldp xr-mcast xr-mpls-oam xr-netflow xr-ospf xr-perf-meas xr-perfmgmt xr-rip xr-telnet xr-track These optional packages are also included in NCS540l-iosxr-25.2.1.tar. |
USB Boot Package |
ncs540l-usb_boot-25.2.1.zip |
Package required to perform USB Boot. Includes the same packages as the base image. |
Optional packages not included in the base image |
||
IOS XR Telnet (xr-telnet) |
NCS540l-iosxr-25.2.1.tar |
Supports Telnet |
IOS XR EIGRP (xr-eigrp) |
NCS540l-iosxr-25.2.1.tar |
Supports EIGRP |
IOS XR CDP (xr-cdp) |
NCS540l-iosxr-25.2.1.tar |
Supports CDP |
IOS XR k9sec (xr-k9sec) |
NCS540l-k9sec-rpms.25.2.1.tar |
Supports 802.1X |
IOS XR RIP (xr-rip) |
NCS540l-iosxr-25.2.1.tar |
Supports RIP |
Table 5. Release 25.2.1 Software for N540X-4Z14G2Q-A/D, N540X-8Z16G-SYS-A/D, N540-6Z14S-SYS-D, N540-6Z18G-SYS-A/D, and N540X-6Z18G-SYS-A/D
Package |
Filename |
Description |
Base image |
||
IOS XR Base Image |
ncs540l-aarch64-25.2.1.iso |
IOS XR base image with mandatory packages. The ISO image also includes the following optional packages: xr-bgp xr-cdp xr-eigrp xr-ipsla xr-is-is xr-k9sec xr-lictrl xr-lldp xr-mcast xr-mpls-oam xr-ncs540l-mcast xr-ncs540l-netflow xr-netflow xr-ospf xr-perf-meas xr-perfmgmt xr-rip xr-telnet xr-track These optional packages are also included in NCS540l aarch64 iosxr optional rpms-25.2.1.tar. |
USB Boot Package |
ncs540l-aarch64-usb_boot-25.2.1.zip |
Package required to perform USB Boot. Includes the same packages as the base image. |
Optional packages not included in the base image |
||
Package |
Filename |
Description |
IOS XR Telnet (xr-telnet) |
NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar |
Supports Telnet |
IOS XR EIGRP (xr-eigrp) |
NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar |
Supports EIGRP |
IOS XR CDP (xr-cdp) |
NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar |
Supports CDP |
IOS XR k9sec (xr-k9sec) |
NCS540l-aarch64-k9sec-rpms.25.2.1.tar |
Supports 802.1X |
IOS XR RIP (xr-rip) |
NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar |
Supports RIP |
Table 6. Related resources
Document |
Description |
An interactive tool that assists in locating features introduced across Cisco IOS XR releases and platforms. |
|
Information about Smart Licensing Using Policy solutions and their deployment on IOS XR Routers. |
|
CCO Documentation for Cisco NCS 540 Series Routers |
|
Search by product family, product ID, data rate, reach, cable type, or form factor to determine the transceivers that Cisco hardware device supports. |
|
Search by release number, error strings, or compare release numbers to view a detailed repository of error messages and descriptions. |
|
Select the MIB of your choice from a drop-down to explore an extensive repository of MIB information. |
|
A user-friendly reference designed to easily explore and understand the various data models supported in Cisco IOS XR platforms and releases. |
|
Repository containing the folders with yang data models introduced and enhanced in every IOS XR release. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.