Release Notes for Cisco NCS 540 Series Routers, Cisco IOS XR Release 25.2.1

Available Languages

Download Options

  • PDF     (373.5 KB)
    View with Adobe Reader on a variety of devices
Updated:June 17, 2025

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF     (373.5 KB)
    View with Adobe Reader on a variety of devices
Updated:June 17, 2025
 

 

Cisco NCS 540 Series Routers, Release 25.2.1. 3

New software features. 3

New hardware. 4

Changes in behavior 4

Open issues. 5

Known issues. 5

Compatibility. 6

Supported software packages. 6

Related resources. 10

Legal information. 11


 

Cisco NCS 540 Series Routers, Release 25.2.1

Cisco IOS XR Release 25.2.1 is a new feature release for Cisco NCS 540 Series routers.

For more details on the Cisco IOS XR release model and associated support, see Software Lifecycle Support Statement - IOS XR.

New software features

This section provides a brief description of the new software features introduced in this release.

Table 1.             New software features for Cisco NCS 540 Series Routers, Release 25.2.1

Product Impact

Feature

Description

L2VPN

Software Reliability

Layer 2 Protocol Tunneling

Layer 2 Protocol Tunneling now supports EVPN VPWS and EVPN VPLS services.

 

This capability enhances service flexibility and scalability by allowing seamless integration of Layer 2 protocols over a Layer 3 network. This capability simplifies network operations, improves compatibility, increases security, and optimizes resource utilization, providing a streamlined and efficient networking solution.

 

Software Reliability

Improved scalability and convergence for EVPN single-flow active using ARP pacing

You now have the ability to converge 8,000 hosts in less than a second, with bidirectional traffic. This feature enables the network to recover quickly from failures or changes in topology, ensuring continuous service and balanced data transmission.

This capability is achieved by optimizing the management of MAC and IP routes through ARP pacing.

This feature introduces the arp probe pace command.

 

Software Reliability

Selective multicast with IGMP proxy

Selective Multicast with IGMP Proxy addresses the issue of
unnecessary flooding of multicast traffic in EVPN fabrics. It ensures multicast traffic is only forwarded to peers with active receivers, optimizing bandwidth usage.

Application Hosting

Upgrade

Cisco secure DDoS edge protection

You can now enable the router to detect DDoS attacks targeting MPLS traffic using DDoS edge protection. The router analyzes MPLS flows to identify malicious traffic patterns, ensuring the availability and performance of services traversing MPLS networks.

Routing

Ease of Setup

IS-IS static neighbor

IS-IS static neighbor allows the advertisement of an IS-IS link without forming an actual IS-IS adjacency. This feature is useful when a link is required in the topology for the controller but IS-IS is not actively running on the link.

Software Reliability

Cisco Smart SFP destination MAC address

We now allow seamless interoperability between Cisco Smart SFPs and third-party devices that require MAC address validation. This capability is achieved by allowing the configuration of a destination MAC address directly on Cisco Smart SFPs.

You can configure a specific destination MAC address on Transparent PDH over Packet (TPoP) and Channelized SDH over Packet (CSoP) Smart SFPs enabling Cisco Smart SFPs to ensure that data packets are successfully accepted by the destination device.

By default, the destination MAC address on the Cisco smart SFPs is zero.

System Security

Upgrade

IP security for management traffic using RRI

Reverse Route Injection (RRI) simplifies network management by automatically injecting peer traffic selectors or routes into the routing tables of IPSec peers. This automation removes the need for administrators to manually configure routes. The IPSec ACL specifies the source and destination subnets that require protection by the IPSec tunnel. RRI uses the ACL to identify the routes to inject into the routing table.

If an ACL is not configured or does not match the intended traffic, RRI will not inject routes for those subnets, potentially causing communication failures through the IPSec tunnel.

System Setup and Software Installation

Software Reliability

Hardware MDB profiles for Layer 2 and Layer 3 services overlay scale increased to 32000

You can now configure hardware MDB profiles for Layer 2 and Layer 3 services over SRv6 services, enabling you to set overlay scales to 32000 in terms of the number of routers and sessions.

Segment Routing

Software Reliability

Hardware offload of SRv6 liveness monitoring

You can now hardware offload the liveness monitoring in performance measurement to the router hardware, which is the Network Processing Unit (NPU). This feature helps you optimize and scale the measurement operation, helping you meet delay-bound Service Level Agreements (SLAs). Previously, this feature was software driven. Using hardware to offload performance monitoring tasks improves efficiency and reduce the load on the main processor.

New hardware

There is no new hardware introduced in this release.

Changes in behavior

This section provides a brief description of the behavior changes introduced in this release.

●    Reintroduce NET_RAW capabilities to application manager containers: The --cap-add=NET_RAW option has been reintroduced to the docker run configuration. This enables application manager containers to use RAW and PACKET sockets.

●    Type6 server output enhancements: The show type6 server command now includes two new outputs that provides additional details for enhanced server management and troubleshooting:

    Masterkey Length

    Masterkey Hash

●      gRPC remote-connection disable command: A new command, grpc remote-connection disable, has been introduced. This command allows users to disable TCP connections on the router, providing greater control over network configurations.

●      The Cisco-IOS-XR-pmengine-oper.yang data model has been updated to ensure consistency. The naming convention has been standardized by renaming elements such as hour24fec to hour24-fec, minute15pcs to minute15-pcs, and second30pcs to second30-pcs across all layers, including OTN, OTNSEC, PCS, FEC, PRBS, Ether, and GFP. For more details on the sensor paths or the updated 25.2.1 YANG models, refer to the GitHub repository.

Open issues

There are no open issues in this release.

Known issues

●    The statistics collection may time out due to CPU overload during route churn. In such scenarios, statistics collection will resume when the CPU becomes available after the route churn is complete.

●    Autonegotiation is disabled by default on the fixed GigE - 0/0/0/0 - 0/0/0/4 copper ports of N540X-16Z4G8Q2C-A/D and N540X-12Z16G-SYS-A/D router variants. To enable autonegotiation, use the negotiation auto command.

●    If you’re migrating from previous XR versions, then you must enable autonegotiation for fixed copper ports using the negotiation auto command before performing the software upgrade to avoid any links going down.

●    Enabling or disabling frame preemption on the Time Sensitive Networking (TSN) port results in traffic drop for N540-FH-CSR-SYS. The port Twenty Five G0/0/12 is used as the TSN port.

●    Fabric multicast queue stats are not supported in N540X-8Z16G-SYS-A/D, N540X-6Z18G-SYS-A/D, N540-6Z14S-SYS-D, N540-6Z18G-SYS-A/D, and N540X-4Z14G2Q-A/D variants.

●    Unlabeled BGP PIC EDGE for global prefixes is not supported.

●    The interface ports 0/0/0/24 to 0/0/0/31 do not support 1G Copper SFPs on N540-24Z8Q2C-SYS, N540-ACC-SYS, and N540X-ACC-SYS variants. Also, these ports do not support Auto-Negotiation with 1GE optical SFPs and they cannot act as 1GE Synchronous Ethernet sources.

●    The interface ports 0/0/0/20 to 0/0/0/27 do not support 1G Copper SFPs on N540X-16Z4G8Q2C-A, N540X-16Z8Q2C-D, and N540X-16Z4G8Q2C-D variants. Also, these ports do not support Auto-Negotiation with 1GE optical SFPs and they cannot act as 1GE Synchronous Ethernet sources.

●    The 1G ports on the N540-24Q8L2DD-SYS variant do not support Auto-Negotiation with 1GE optical SFPs.

●    Remove the speed settings on the 1G Copper optics when 10M/100M is configured and replaced with 1G SFP optics.

●    The hw-module profile mfib statistics command is not supported.

Compatibility

Compatibility Matrix for EPNM and Crosswork with Cisco IOS XR Software

The compatibility matrix lists the version of EPNM and Crosswork that are supported with Cisco IOS XR Release in this release.

Table 2.        Compatibility Matrix

System requirements

Use the show hw-module fpd command in EXEC and Admin mode to view the hardware components with their current FPD version and status. The status of the hardware must be CURRENT; Running and Programmed version must be the same. You can also use the show fpd package command in Admin mode to check the fpd versions.

Software Version

To verify the software version running on the router, use show version command in the EXEC mode.

Router# show version

Tue Jun 17 11:17:09.982 IST

Cisco IOS XR Software, Version 25.2.1

Copyright (c) 2013-2025 by Cisco Systems, Inc.

 

Build Information:

 Built By     : swtools

 Built On     : Sun Jun 15 05:08:39 PDT 2025

 Built Host   : iox-lnx-040

 Workspace    : /auto/srcarchive11/prod/25.2.1/ncs540/ws

 Version      : 25.2.1

 Location     : /opt/cisco/XR/packages/

 Label        : 25.2.1

 

cisco NCS-540 () processor

System uptime is 23 hours 46 minutes

Supported software packages

The following tables list the supported base images and optional packages and their corresponding file names.

Visit the Cisco Software Download page to download the Cisco IOS XR software images.

Table 3.        Release 25.2.1 software for N540-24Z8Q2C-SYS, N540-ACC-SYS, and N540X-ACC-SYS

Package

Filename

Description

Base image

IOS XR Base Image

ncs540-mini-x-25.2.1.iso

IOS XR mandatory base image.

USB Boot Package

ncs540-usb_boot-25.2.1.zip

Package required to perform USB Boot.

Includes the same packages as the base image.

Optional packages not included in the base image

IOS XR Manageability

ncs540-mgbl-1.0.0.0-r2521.x86_64.rpm

Supports Extensible Markup Language (XML) Parser, Telemetry, Netconf, gRPC and HTTP server

IOS XR MPLS

ncs540-mpls-1.0.0.0-r2521.x86_64.rpm

ncs540-mpls-te-rsvp-1.0.0.0-r2521.x86_64.rpm

Supports MPLS and MPLS Traffic Engineering (MPLS-TE)

IOS XR Security

ncs540-k9sec-1.0.0.0-r2521.x86_64.rpm

Supports MACsec and 802.1X

IOS XR ISIS

ncs540-isis-1.0.0.0-r2521.x86_64.rpm

Supports ISIS

IOS XR OSPF

ncs540-ospf-1.0.0.0-r2521.x86_64.rpm

Supports OSPF

IOS XR Lawful Intercept

ncs540-li-1.0.0.0-r2521.x86_64.rpm

Supports Lawful Intercept (LI)

IOS XR Multicast

ncs540-mcast-1.0.0.0-r2521.x86_64.rpm

Supports Multicast

IOS XR EIGRP

ncs540-eigrp-1.0.0.0-r2521.x86_64.rpm

Supports EIGRP

IOS XR LI-CTRL

ncs540-lictrl-1.0.0.0-r2521.x86_64.rpm

Supports LI-CTRL

Table 4.        Release 25.2.1 Software for N540-24Q8L2DD-SYS, N540-24Q2C2DD-SYS, N540X-16Z4G8Q2C-A/D, N540-28Z4C-SYS-A/D, N540X-12Z16G-SYS-A/D, N540-12Z20G-SYS-A/D, N540-FH-CSR-SYS, N540X-16Z8Q2C-D, and N540-FH-AGG-SYS

Package

Filename

Description

Base Image

IOS XR Base Image

ncs540l-x64-25.2.1.iso

IOS XR base image with mandatory packages.

The base ISO image also includes the following optional packages:

xr-bgp

xr-cdp

xr-eigrp

xr-ipsla

xr-is-is

xr-k9sec

xr-lictrl

xr-lldp

xr-mcast

xr-mpls-oam

xr-netflow

xr-ospf

xr-perf-meas

xr-perfmgmt

xr-rip

xr-telnet

xr-track

These optional packages are also included in NCS540l-iosxr-25.2.1.tar.

USB Boot Package

ncs540l-usb_boot-25.2.1.zip

Package required to perform USB Boot.

Includes the same packages as the base image.

Optional packages not included in the base image

IOS XR Telnet (xr-telnet)

NCS540l-iosxr-25.2.1.tar

Supports Telnet

IOS XR EIGRP (xr-eigrp)

NCS540l-iosxr-25.2.1.tar

Supports EIGRP

IOS XR CDP (xr-cdp)

NCS540l-iosxr-25.2.1.tar

Supports CDP

IOS XR k9sec (xr-k9sec)

NCS540l-k9sec-rpms.25.2.1.tar

Supports 802.1X

IOS XR RIP (xr-rip)

NCS540l-iosxr-25.2.1.tar

Supports RIP

 

Table 5.        Release 25.2.1 Software for N540X-4Z14G2Q-A/D, N540X-8Z16G-SYS-A/D, N540-6Z14S-SYS-D, N540-6Z18G-SYS-A/D, and N540X-6Z18G-SYS-A/D

Package

Filename

Description

Base image

IOS XR Base Image

ncs540l-aarch64-25.2.1.iso

IOS XR base image with mandatory packages.

The ISO image also includes the following optional packages:

xr-bgp

xr-cdp

xr-eigrp

xr-ipsla

xr-is-is

xr-k9sec

xr-lictrl

xr-lldp

xr-mcast

xr-mpls-oam

xr-ncs540l-mcast

xr-ncs540l-netflow

xr-netflow

xr-ospf

xr-perf-meas

xr-perfmgmt

xr-rip

xr-telnet

xr-track

These optional packages are also included in NCS540l aarch64 iosxr optional rpms-25.2.1.tar.

USB Boot Package

ncs540l-aarch64-usb_boot-25.2.1.zip

Package required to perform USB Boot.

Includes the same packages as the base image.

Optional packages not included in the base image

Package

Filename

Description

IOS XR Telnet (xr-telnet)

NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar

Supports Telnet

IOS XR EIGRP (xr-eigrp)

NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar

Supports EIGRP

IOS XR CDP (xr-cdp)

NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar

Supports CDP

IOS XR k9sec (xr-k9sec)

NCS540l-aarch64-k9sec-rpms.25.2.1.tar

Supports 802.1X

IOS XR RIP (xr-rip)

NCS540l-aarch64-iosxr-optional-rpms-25.2.1.tar

Supports RIP

Related resources

Table 6.        Related resources

Document

Description

Cisco feature finder

An interactive tool that assists in locating features introduced across Cisco IOS XR releases and platforms.

Smart licensing

Information about Smart Licensing Using Policy solutions and their deployment on IOS XR Routers.

Cisco NCS 540 documentation

CCO Documentation for Cisco NCS 540 Series Routers

Transceiver Module Group (TMG) compatibility matrix

Search by product family, product ID, data rate, reach, cable type, or form factor to determine the transceivers that Cisco hardware device supports.

Cisco IOS XR error messages

Search by release number, error strings, or compare release numbers to view a detailed repository of error messages and descriptions.

Cisco IOS XR MIBs 

Select the MIB of your choice from a drop-down to explore an extensive repository of MIB information.

YANG data models

A user-friendly reference designed to easily explore and understand the various data models supported in Cisco IOS XR platforms and releases.

Yang data models in Github

Repository containing the folders with yang data models introduced and enhanced in every IOS XR release.

 

Legal information

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2025 Cisco Systems, Inc. All rights reserved.

 

Learn more