Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
Cisco DNA Software Subscription Matrix for Switching
Network Essentials Network Advantage Cisco DNA Essentials Cisco DNA Advantage
License type Perpetual license compatible with Cisco DNA Essentials. Cannot be purchased as a standalone license License type Perpetual license compatible with Cisco DNA Advantage. Cannot be purchased as a standalone license 3/5/7 year term subscription Includes Cisco DNA Essentials, 3/5/7 year term subscription
Management options Manual, WebUI Manual, WebUI Automation through Cisco DNA Center including Manual, WebUI Automation through Cisco DNA Center including Manual, WebUI
Network Essentials
License type Perpetual license, one-time purchase
Management options Manual, WebUI
Network Advantage
License type Perpetual license, one-time purchase
Management options Manual, WebUI
Cisco DNA Essentials
License type 3/5/7 year term subscription
Management options Automation through Cisco DNA Center including Manual, WebUI
Cisco DNA Advantage
License type Includes Cisco DNA Essentials, 3/5/7 year term subscription
Management options Automation through Cisco DNA Center including Manual, WebUI
License type Includes Cisco DNA Advantage, 3/5/7 year term subscription
Management options Automation through Cisco DNA Center including Manual, WebUI
Features >

Roll over each feature for more information.

Features >

Roll over each feature for more information.

Support

The Cisco DNA Expansion Pack is a flexible way to purchase Cisco ISE, Cisco DNA Spaces, Secure Network Analytics (Stealthwatch), ThousandEyes and other licenses, appliances, and services in one convenient bundle. Enhance your Cisco networking solutions such as SD-Access, Zero Trust solutions, Encrypted Traffic Analytics (ETA), location analytics, and assurance. You can add the pack to your Cisco DNA software licenses and choose the license count that fits your needs.

For more details, contact a Cisco sales or Cisco registered partner.

* - not supported on all platforms. ** Each Catalyst 9300 or 9400 Cisco DNA Advantage subscription entitles the customer to run the equivalent of one ThousandEyes network or web test every 5 mins from a ThousandEyes enterprise agent (22 units per month), up to a maximum of 110,000 units per month of ThousandEyes test capacity per customer. ThousandEyes Cloud Agent access is not included in the Cisco DNA license entitlement. Test capacity can be increased and Cloud Agents accessed with purchase of additional ThousandEyes Network and Application Synthetics. ***Supported on Network Advantage from Cisco IOS XE Fuji 16.9.7 onwards. Prior to Cisco IOS Fuji XE 16.9.7, Cisco DNA Advantage is also required.

Layer 2, routed access, OSPF, PBR, PIM Stub Multicast, PVLAN, VRRP, PBR, Cisco Discovery Protocol, QoS, FHS, 802.1X, MACsec-128, CoPP, SXP, IP SLA responder, SSO, Stackwise (9300/9200). Limited functionality in Cisco DNA Center cloud.

L3 Routed access (RIP, EIGRP Stub, OSPF (1000 routes)). For Cisco DNA Center Cloud- supported via “CLI” and “CLI Template” functionality.

Model-driven programmability lets you automate configuration and control of your network devices with programmable interfaces. For Cisco DNA Center Cloud- supported via “CLI” and “CLI Template” functionality.

Configure 128-bit MACSEC for authenticating and encrypting packets between MACsec-capable devices.

Manual/CLI or WebUI configuration of SPAN, RSPAN for providing near real-time access to operational statistics. No automation through Cisco DNA Center.

Model-driven telemetry lets you monitor your network by streaming data from network devices, continuously providing near-real-time access to operational statistics.

Help ensure hardware and software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks that compromise software and firmware.

Manually manage software upgrades and control the consistency of image versions through CLI or WebUI. Automation through Cisco DNA Center not supported.

BGP*, OSPF, IS-IS*. For Cisco DNA Center Cloud- supported via “CLI” and “CLI Template” functionality.

VRF*, VXLAN, LISP,* SGT, MPLS*, BGP-EVPN with VXLAN*. For Cisco DNA Center Cloud- supported via “CLI” and “CLI Template” functionality.

Support operational continuity and maintain availability during routine maintenance, and perform disaster recovery. NSF*, GIR*, HSRP, Stackwise Virtual*, ISSU*/eFSU*.

Manual/CLI operations or through WebUI only. Automation through Cisco DNA Center not supported.

Multicast is used between routers so they can track which multicast packets to forward to each other and to their directly connected LANs. RP Discovery*, PIM BI-DIR*.

Configure 256-bit MACSEC* for authenticating and encrypting packets between MACsec-capable devices.

Cisco AVB simplifies digitization of audio and video and offers superior quality of experience with standards like IEEE1588v2 PTPv2, AES67 timing profile

Software services-enabled license portability lets your software licenses stay current through hardware upgrades and replacements at no additional cost.

This next generation in flow technology optimizes the network infrastructure, reducing operating costs and improving capacity planning and security incident detection. (License is required for Manual/CLI, WebUI or automated Cisco DNA Center configuration).

Automate software upgrades and control the consistency of image versions through Cisco DNA Center.

Automate configurations and deployment of networks with Cisco DNA Center.

Gives a high-level overview of the health of every network device/client on the network, wired and wireless, Cisco and Meraki, managed by Cisco DNA Center.

Gives a high-level overview of the health of wired network devices/clients on the network, managed by Cisco DNA Center.

Zero-touch provisioning for new device installation of Cisco devices to be provisioned simply by connecting to the network, managed by Cisco DNA Center. Limited functionality in Cisco DNA Center cloud.

This software-defined, controller-less solution enables Bonjour services discovery and advertisement at for local cache discovery and distribution functions between VLANs. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Cisco DNA Center pre-built reports that can be consumed directly or exported to third party tools such as Tableau.

Supports intent-based workflows for simplified wireless deployment and automation, managed by Cisco DNA Center appliance.

Create policies based on business intent for a particular part of the network that are network- and device-specific, adjusted dynamically to guarantee services, managed by Cisco DNA Center.

Gives a high-level overview of the health of every network device/client on the network, wired and wireless, Cisco and Meraki, managed by Cisco DNA Center.

Provides operational status of every network device connected to Cisco DNA Center, with suggested remediation for any communication issues, managed by Cisco DNA Center.

Displays operational status of every client connected to Cisco DNA Center, with suggested remediation for any issues, managed by Cisco DNA Center.

Displays overall health of all applications on the network, with special section for business-relevant application issues and suggested remediation, managed by Cisco DNA Center.

Enables network devices to send near-real-time telemetry information to Cisco DNA Center.

Zero-touch provisioning for new device installation allows off-the-shelf Cisco devices to be provisioned simply by connecting to the network, managed by Cisco DNA Center.

Enables policy-based automation with secure segmentation, complete visibility, and delivery of new services quickly on SD-Access devices, managed by Cisco DNA Center only.

Automated management of SMU/Patches patching by Cisco DNA Center.

Compliance reports managed by Cisco DNA Center.

Display devices and client connectivity from any angle or context, providing for very granular troubleshooting in seconds.

Fabric technology is an integral part of SD-Access. Fabric-enabled wireless is a deployment option, managed by Cisco DNA Center only.

Assign policies to applications based on business relevance and business-critical QoS priority for life-saving devices, for example through Cisco DNA Center.

Allows third-party applications to be hosted in a secure container environment on the switch. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Detect malware within encrypted traffic. License is required for both manual/CLI configuration or automation through Cisco NA Center.

This software-defined, controller-based solution enables Bonjour services discovery and advertisement at scale across multiple domains. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Monitor and re-direct traffic. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Packet capture for analysis. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Gain application visibility and control through Next-Generation Network-Based Application Recognition. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues. Only available on the Catalyst 9000 switches, not on legacy switches.

Packet capture for analysis. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Gain application visibility and control through Next-Generation Network-Based Application Recognition. License is required for both manual/CLI configuration or automation through Cisco DNA Center.

Provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues.

Gain application visibility and control through Next-Generation Network-Based Application Recognition. Does not require Cisco DNA Center. Not supported on Cisco Catalyst 9200 Series switches.

Encrypted Traffic Analytics detects malware within encrypted traffic. Manufacturer user description validates the IoT device, extends trust, and applies policy to the device. Does not require Cisco DNA Center. Not supported on Cisco Catalyst 9200 Series switches.

Gain complete security and threat containment, managed by Cisco DNA Center.

Detect malware within encrypted traffic. License is required for both manual/CLI configuration or automation through Cisco DNA Center. Includes Stealthwatch Flow Rate License, Virtual Stealthwatch Management Console, and Virtual Flow Collectors.

Multi-Cisco DNA Center Management and LAN/Campus Service Automation for Switching Infrastructure

Enables policy-based automation with secure segmentation, complete visibility, and delivery of new services quickly on SD-Access devices, managed by Cisco DNA Center only.

90 days of Cisco TAC support; local business hours, 8x5; Hardware replacement (next business day where available); Warranty duration is lifespan of hardware product; OS software updates and upgrades.

Software Support Service in the subscription software stack includes 24-hour TAC support and software updates and upgrades in Cisco DNA Center.

Automated provisioning of a new Cisco switch using the Zero Touch Provisioning functionality built into the switch.

Deliver superior network and application experience with ThousandEyes, now integrated into Cisco Catalyst 9300 and 9400 series switches.

AI and machine learning technologies are implemented on Cisco DNA Center and in the AI Network Analytics cloud to enhance the insight and remediation capabilities of Cisco DNA Assurance.

Identify and check compliance of endpoints, and use AI/ML techniques to classify them into groups.

Get visual traffic flows between endpoint groups, so you can define the right segmentation policies.

Allows IT to give end-users control of their very own wireless network partition. End-users can then remotely and securely deploy their devices on this network.

EEM is a powerful and flexible subsystem that provides real-time network event detection and onboard automation. It gives you the ability to adapt the behavior of your network devices to align with your business needs.

A flexible framework is provided to integrate third-party application software.

A powerful, end-to-end, indoor location services cloud platform that unlock insights and trends into customer, employee and asset behavior. Available for Cisco Catalyst 9300 and 9400 Series Switches.

A powerful end-to-end, indoor location services cloud platform that extends platform capabilities via integrations and partner applications. Includes Cisco DNA Spaces See. Available for Cisco Catalyst 9300 and 9400 Series Switches.

Smart Net Total Care, 24-hour hardware and network software stack support provided by TAC.