Release Notes for Cisco NCS 540 Series Routers, Cisco IOS XR Release 25.4.1
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Cisco NCS 540 Series Routers, Release 25.4.1
Cisco NCS 540 Series Routers, Release 25.4.1
Cisco IOS XR Release 25.4.1 is a new feature release for Cisco NCS 540 Series routers.
For more details on the Cisco IOS XR release model and associated support, see Software Lifecycle Support Statement - IOS XR.
This section provides a brief description of the new software features introduced in this release.
Table 1. New software features for Cisco NCS 540 Series Routers, Release 25.4.1
| Product impact |
Feature |
Description |
| IP Addresses and Services |
||
| Software Reliability
|
Support for this feature is now extended to these variants: * N540X-16Z4G8Q2C-A/D |
|
| Software Reliability
|
Support for this feature is now extended to these variants: |
|
| Software Reliability
|
Support for this feature is now extended to these variants: |
|
| Interface and Hardware Component |
||
| Software Reliability
|
This feature stabilizes your network performance by allowing you to configure the restore timer per service individually. |
|
| L2VPN |
||
| Ease of Use
|
You can ensure seamless and reliable multicast delivery in residential FTTH networks with IGMP and MLD state synchronization for L3 using EVPN. This feature synchronizes IPv4 IGMP and IPv6 Multicast Listener Discovery (MLD) states across multiple PE devices using L3 sub-interfaces, eliminating the need for complex L2 or IRB configurations. It supports both VRF and global routing table deployments, providing flexibility for various network designs. |
|
| Software Reliability
|
You can configure EVPN IRB over an SRv6 core to provide seamless Layer 2 and Layer 3 connectivity between distributed sites using SRv6 as the transport. |
|
| Licensing |
||
| Licensing Process
|
Smart Licensing Perpetual Mode
|
Smart Licensing Perpetual Mode simplifies licensing operations for customers with full-capacity perpetual licenses that cover the entire chassis or all line cards. These customers do not need to enable Smart Licensing Using Policy or report usage, which reduces administrative overhead across these deployments. |
| MPLS |
||
| Software Reliability
|
This feature allows you to disable IPv4 autoroute announce without turning off autoroute announce entirely. To achieve IPv6-only announcements over MPLS-TE tunnels, use the new exclude-ipv4 option along with the include-ipv6 option in the autoroute announce configuration. |
|
| Modular QoS |
||
| Upgrade
|
Ingress QoS policer scale enhancement
|
Introduced in this release on NCS 540 fixed routers (select variants only*) You can now configure a maximum of 16,000 ingress QoS policers. With more QoS policers, you can apply policies on more ingress L2 sub-interfaces, improving traffic control and service differentiation at scale. This is achieved by reallocating statistics resources from other features, allowing policer statistics to be assigned where scale demands are highest. *This feature is supported on N540-24Q8L2DD-SYS and N540-24Q2C2DD-SYS. |
| Network Synchronization |
||
| Software Reliability
|
Synchronous Ethernet ESMC and SSM on N540X-6Z6G-SYS
|
SyncE provides synchronization signals transmitted over the Ethernet physical layer to downstream devices, while the Synchronization Status Message (SSM) indicates the quality level of the transmitting clock to the neighboring nodes, informing the nodes about the level of the network's reliability. Ethernet Synchronization Message Channel (ESMC) is the logical channel that uses an Ethernet PDU (protocol data unit) to exchange SSM information over the SyncE link. |
| Software Reliability
|
PTP profiles support on N540X-6Z6G-SYS
|
Based on the IEEE 1588-2008 standard, Precision Time Protocol (PTP) is a protocol that defines a method to synchronize clocks in a network for networked measurement and control systems. |
| System Monitoring |
||
| Software reliability
|
Cisco IOS XR software warns you with a syslog message each time you use an insecure command and repeats the warning every 30 days until you remove the command. This helps you identify potential security risks and suggests safer alternatives to improve your network security. |
|
| System Security |
||
| Software Reliability
|
This feature blocks Netconf requests from specific IP addresses on the SSH port. You can use ACLs to specify which addresses are blocked for Netconf. Blocked IP addresses can still use other SSH services like SCP and SFTP. If your address is blocked, you cannot use Netconf over SSH. After you authenticate over SSH, Netconf requests are denied, but you can use other SSH-based services. |
|
| Ease of Setup |
TLS RFC 5289 compliance for security template framework |
The security template framework is based on RFC 5289, which specifies new cipher suites for the Transport Layer Security (TLS) protocol. This feature supports Common Criteria (CC) mode which is an enhanced security mode that enforces stricter compliance-focused behavior. It enhances TLS security by introducing stronger Elliptic Curve Cryptography (ECC) algorithms. |
| Ease of Setup |
Security template framework for TLS enabled applications |
Security templates reduce misconfiguration risks and operational overhead by centralizing and standardizing security policy configuration for TLS-enabled applications. A security template bundles certificate authentication policy, TLS controls, and compliance mode settings. It acts as a single source of truth that applications reference, avoiding local embedding of security settings. This template defines how certificates are handled and controls various aspects of the TLS handshake. |
| Timing and Synchronization |
||
| Ease of Use
|
Synchronous Ethernet ESMC and SSM on N540-24Q8L2DD-SYS
|
With Enhanced SyncE (eSyncE) and Extended Ethernet Synchronization Message Channel (eESMC) support, the NCS 540 Series Routers are capable of handling the following SyncE clocks on the network: In this release, eSyncE and eESMC are supported on this Cisco NCS 540 router variant: |
| Ease of Use
|
PTP profiles support on N540-24Q8L2DD-SYS
|
Based on the IEEE 1588-2008 standard, Precision Time Protocol (PTP) is a protocol that defines a method to synchronize clocks in a network for networked measurement and control systems. This feature is now extended to N540-24Q8L2DD-SYS. For support for Class C PTP is extended to N540-24Q8L2DD-SYS. |
This section provides a brief description of the new hardware features introduced in this release.
Table 2. New hardware for Cisco NCS 540 Series Routers, Release 25.4.1
| Description |
|
| Cisco N540X-6Z6G-SYS small density router |
The Cisco N540X-6Z6G-SYS small density router supports: ● 6x1G SFP ports SFP ports: The Small Form-factor Pluggable (SFP) port that supports 1 Gpbs data rate. ● 6x1G/10G SFP+ ports SFP ports: The dual rate Small Form-factor Pluggable plus (SFP +) port that supports 1 or 10 Gpbs data rate. |
Changes in behavior
This section provides a brief description of the behavior changes introduced in this release.
● Starting with Release 25.4.1, IOS XR software no longer supports Call Home transport mode for Licensing. Please configure CSLU or Smart Transport to ensure seamless operation of the licensing solution.
● The outgoing-interface leaf of Cisco-IOS-XR-mpls-forwarding-oper has been updated to include the full outgoing interface name instead of the shortened interface name.
● Deprecation and phasing out features with insecure capabilities and its secure alternatives
From Release 25.4.1, Cisco IOS XR software displays warning messages when you configure features or protocols that lack sufficient security, such as those that transmit sensitive data without encryption or use outdated encryption mechanisms. The software also shows warnings when you do not follow security best practices, and it provides suggestions for secure alternatives.
This list may change, but Cisco plans to generate warnings for the following features and protocols from Release 25.4.1. Each Release Notes will describe the exact changes for that version.
These documents list all features planned for removal, including insecure commands, and provide recommended secure alternatives to help you maintain network security and compliance.
o Feature deprecation phasing out insecure capabilities
o Feature deprecation and removal details
o Feature removal and suggested alternatives
Table 3. Deprecation and phasing out features with insecure capabilities and its secure alternatives
| If you are using the following insecure features… |
Then follow these secure alternatives… |
| HTTP |
Use HTTPS. |
| FTP client |
Use SFTP. |
| IPV4 source route |
There is no alternative. Do not enable IPv4 source routing. |
| Telnet client |
There is no alternative. Do not use Telnet client. |
| Telnet server |
Use SSH. |
| TFTP client |
Use SFTP. |
| TFTP server |
Use SSH. |
| copy ftp |
Use SFTP or SCP. |
| install FTP |
Use SFTP. |
| TCP or UDP small_servers |
There is no alternative. Do not use TCP or UDP small_servers. |
| SSHv1 |
Use ssh server v2. |
| SSH host-key DSA algorithm |
Use ECDSA, ED25519, or RSA and so on. |
| Syslog TLS Version 1.1 (server1) |
Configure TLS Version 1.2 or higher. |
| TLS 1.0 |
Use TLS 1.2 or TLS 1.3. |
| utility mv ftp |
There is no alternative. Do not use utility mv ftp and utility mv tftp. |
| load ftp |
Use scp or sftp. |
| tacacs and radius server with type-7 shared secret |
Use type 6 secret. |
| NTPv2 |
Use NTPv4. |
Table 4. Open issues for Cisco NCS 540 Series Routers, Release 25.4.1
| Bug ID |
Description |
| NTP warning when you enable no authentication or MD5 authentication |
Known issues
● During the software upgrade to 25.4.1, the system may not complete the Auto-FPD upgrade as expected. After the software upgrade, the FPD status shows 'RLOAD REQ', indicating that you must perform an additional reload to activate the updated FPD.
● The statistics collection may time out due to CPU overload during route churn. In such scenarios, statistics collection will resume when the CPU becomes available after the route churn is complete.
● Autonegotiation is disabled by default on the fixed GigE - 0/0/0/0 - 0/0/0/4 copper ports of N540X-16Z4G8Q2C-A/D and N540X-12Z16G-SYS-A/D router variants. To enable autonegotiation, use the negotiation auto command.
● If you’re migrating from previous XR versions, then you must enable autonegotiation for fixed copper ports using the negotiation auto command before performing the software upgrade to avoid any links going down.
● Enabling or disabling frame preemption on the Time Sensitive Networking (TSN) port results in traffic drop for N540-FH-CSR-SYS. The port Twenty Five G0/0/12 is used as the TSN port.
● Fabric multicast queue stats are not supported in N540X-8Z16G-SYS-A/D, N540X-6Z18G-SYS-A/D, N540-6Z14S-SYS-D, N540-6Z18G-SYS-A/D, and N540X-4Z14G2Q-A/D variants.
● Unlabeled BGP PIC EDGE for global prefixes is not supported.
● The interface ports 0/0/0/24 to 0/0/0/31 do not support 1G Copper SFPs on N540-24Z8Q2C-SYS, N540-ACC-SYS, and N540X-ACC-SYS variants. Also, these ports do not support Auto-Negotiation with 1GE optical SFPs and they cannot act as 1GE Synchronous Ethernet sources.
● The interface ports 0/0/0/20 to 0/0/0/27 do not support 1G Copper SFPs on N540X-16Z4G8Q2C-A, N540X-16Z8Q2C-D, and N540X-16Z4G8Q2C-D variants. Also, these ports do not support Auto-Negotiation with 1GE optical SFPs and they cannot act as 1GE Synchronous Ethernet sources.
● The 1G ports on the N540-24Q8L2DD-SYS variant do not support Auto-Negotiation with 1GE optical SFPs.
● Remove the speed settings on the 1G Copper optics when 10M/100M is configured and replaced with 1G SFP optics.
● The hw-module profile mfib statistics command is not supported.
Compatibility Matrix for EPNM and Crosswork with Cisco IOS XR Software
The compatibility matrix lists the version of EPNM and Crosswork that are supported with Cisco IOS XR Release in this release.
Table 5. Compatibility Matrix for Cisco NCS 540 Series Routers, Release 25.4.1
| Crosswork |
EPNM |
|
| Release 25.4.1 |
System requirements
Use the show hw-module fpd command in EXEC and Admin mode to view the hardware components with their current FPD version and status. The status of the hardware must be CURRENT; Running and Programmed version must be the same. You can also use the show fpd package command in Admin mode to check the fpd versions.
Software Version
To verify the software version running on the router, use show version command in the EXEC mode.
Router# show version
Thu Dec 18 11:42:00.697 IST
Cisco IOS XR Software, Version 25.4.1
Copyright (c) 2013-2025 by Cisco Systems, Inc.
Build Information:
Built By : swtools
Built On : Mon Dec 15 14:03:47 PST 2025
Built Host : iox-lnx-121
Workspace : /auto/srcarchive12/prod/25.4.1/ncs540/ws
Version : 25.4.1
Location : /opt/cisco/XR/packages/
Label : 25.4.1
cisco NCS-540 () processor
System uptime is 5 minutes
The following tables list the supported base images and optional packages and their corresponding file names.
Visit the Cisco Software Download page to download the Cisco IOS XR software images.
Table 6. Release 25.4.1 software for N540-24Z8Q2C-SYS, N540-ACC-SYS, and N540X-ACC-SYS
| Package |
Filename |
Description |
| Base image |
||
| IOS XR Base Image |
ncs540-mini-x-25.4.1.iso |
IOS XR mandatory base image. |
| USB Boot Package |
ncs540-usb_boot-25.4.1.zip |
Package required to perform USB Boot. Includes the same packages as the base image. |
| Optional packages not included in the base image |
||
| IOS XR Manageability |
ncs540-mgbl-1.0.0.0-r2541.x86_64.rpm |
Supports Extensible Markup Language (XML) Parser, Telemetry, Netconf, gRPC and HTTP server |
| IOS XR MPLS |
ncs540-mpls-1.0.0.0-r2541.x86_64.rpm ncs540-mpls-te-rsvp-1.0.0.0-r2541.x86_64.rpm |
Supports MPLS and MPLS Traffic Engineering (MPLS-TE) |
| IOS XR Security |
ncs540-k9sec-1.0.0.0-r2541.x86_64.rpm |
Supports MACsec and 802.1X |
| IOS XR ISIS |
ncs540-isis-1.0.0.0-r2541.x86_64.rpm |
Supports ISIS |
| IOS XR OSPF |
ncs540-ospf-1.0.0.0-r2541.x86_64.rpm |
Supports OSPF |
| IOS XR Lawful Intercept |
ncs540-li-1.0.0.0-r2541.x86_64.rpm |
Supports Lawful Intercept (LI) |
| IOS XR Multicast |
ncs540-mcast-1.0.0.0-r2541.x86_64.rpm |
Supports Multicast |
| IOS XR EIGRP |
ncs540-eigrp-1.0.0.0-r2541.x86_64.rpm |
Supports EIGRP |
| IOS XR LI-CTRL |
ncs540-lictrl-1.0.0.0-r2541.x86_64.rpm |
Supports LI-CTRL |
Table 7. Release 25.4.1 Software for N540-24Q8L2DD-SYS, N540-24Q2C2DD-SYS, N540X-16Z4G8Q2C-A/D, N540-28Z4C-SYS-A/D, N540X-12Z16G-SYS-A/D, N540-12Z20G-SYS-A/D, N540-FH-CSR-SYS, N540X-16Z8Q2C-D, and N540-FH-AGG-SYS
| Package |
Filename |
Description |
| Base Image |
||
| IOS XR Base Image |
ncs540l-x64-25.4.1.iso |
IOS XR base image with mandatory packages. The base ISO image also includes the following optional packages: xr-bgp xr-cdp xr-eigrp xr-ipsla xr-is-is xr-k9sec xr-lictrl xr-lldp xr-mcast xr-mpls-oam xr-netflow xr-ospf xr-perf-meas xr-perfmgmt xr-rip xr-telnet xr-track These optional packages are also included in NCS540l-iosxr-25.4.1.tar. |
| USB Boot Package |
ncs540l-usb_boot-25.4.1.zip |
Package required to perform USB Boot. Includes the same packages as the base image. |
| Optional packages not included in the base image |
||
| IOS XR Telnet (xr-telnet) |
NCS540l-iosxr-25.4.1.tar |
Supports Telnet |
| IOS XR EIGRP (xr-eigrp) |
NCS540l-iosxr-25.4.1.tar |
Supports EIGRP |
| IOS XR CDP (xr-cdp) |
NCS540l-iosxr-25.4.1.tar |
Supports CDP |
| IOS XR k9sec (xr-k9sec) |
NCS540l-k9sec-rpms.25.4.1.tar |
Supports 802.1X |
| IOS XR RIP (xr-rip) |
NCS540l-iosxr-25.4.1.tar |
Supports RIP |
Table 8. Release 25.4.1 Software for N540X-4Z14G2Q-A/D, N540X-8Z16G-SYS-A/D, N540-6Z14S-SYS-D, N540-6Z18G-SYS-A/D, N540X-6Z18G-SYS-A/D, and N540X-6Z6G-SYS
| Package |
Filename |
Description |
| Base image |
||
| IOS XR Base Image |
ncs540l-aarch64-25.4.1.iso |
IOS XR base image with mandatory packages. The ISO image also includes the following optional packages: xr-bgp xr-cdp xr-eigrp xr-ipsla xr-is-is xr-k9sec xr-lictrl xr-lldp xr-mcast xr-mpls-oam xr-ncs540l-mcast xr-ncs540l-netflow xr-netflow xr-ospf xr-perf-meas xr-perfmgmt xr-rip xr-telnet xr-track These optional packages are also included in NCS540l aarch64 iosxr optional rpms-25.4.1.tar. |
| USB Boot Package |
ncs540l-aarch64-usb_boot-25.4.1.zip |
Package required to perform USB Boot. Includes the same packages as the base image. |
| Optional packages not included in the base image |
||
| Package |
Filename |
Description |
| IOS XR Telnet (xr-telnet) |
NCS540l-aarch64-iosxr-optional-rpms-25.4.1.tar |
Supports Telnet |
| IOS XR EIGRP (xr-eigrp) |
NCS540l-aarch64-iosxr-optional-rpms-25.4.1.tar |
Supports EIGRP |
| IOS XR CDP (xr-cdp) |
NCS540l-aarch64-iosxr-optional-rpms-25.4.1.tar |
Supports CDP |
| IOS XR k9sec (xr-k9sec) |
NCS540l-aarch64-k9sec-rpms.25.4.1.tar |
Supports 802.1X |
| IOS XR RIP (xr-rip) |
NCS540l-aarch64-iosxr-optional-rpms-25.4.1.tar |
Supports RIP |
Table 9. Related resources
| Document |
Description |
| An interactive tool that assists in locating features introduced across Cisco IOS XR releases and platforms. |
|
| Information about Smart Licensing Using Policy solutions and their deployment on IOS XR Routers. |
|
| CCO Documentation for Cisco NCS 540 Series Routers |
|
| Search by product family, product ID, data rate, reach, cable type, or form factor to determine the transceivers that Cisco hardware device supports. |
|
| Search by release number, error strings, or compare release numbers to view a detailed repository of error messages and descriptions. |
|
| Select the MIB of your choice from a drop-down to explore an extensive repository of MIB information. |
|
| A user-friendly reference designed to easily explore and understand the various data models supported in Cisco IOS XR platforms and releases. |
|
| Repository containing the folders with yang data models introduced and enhanced in every IOS XR release. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.